npm - @feiyoug/skill-lab - Versions diffs - 0.0.0 → 0.0.2 - Mend

@feiyoug/skill-lab 0.0.0 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (465) hide show

package/README.md +73 -0
package/esm/analyzer/astgrep/client.d.ts +20 -8
package/esm/analyzer/astgrep/client.d.ts.map +1 -1
package/esm/analyzer/astgrep/client.js +58 -31
package/esm/analyzer/config/default.d.ts +8 -0
package/esm/analyzer/config/default.d.ts.map +1 -0
package/esm/analyzer/config/default.js +91 -0
package/esm/analyzer/config/helpers.d.ts +8 -0
package/esm/analyzer/config/helpers.d.ts.map +1 -0
package/esm/analyzer/config/helpers.js +72 -0
package/esm/analyzer/config/mod.d.ts +4 -0
package/esm/analyzer/config/mod.d.ts.map +1 -0
package/esm/analyzer/config/mod.js +3 -0
package/esm/analyzer/config/types.d.ts +58 -0
package/esm/analyzer/config/types.d.ts.map +1 -0
package/esm/analyzer/{config.js → config/types.js} +0 -28
package/esm/analyzer/logging.d.ts +3 -0
package/esm/analyzer/logging.d.ts.map +1 -0
package/esm/analyzer/logging.js +6 -0
package/esm/analyzer/mod.d.ts +12 -5
package/esm/analyzer/mod.d.ts.map +1 -1
package/esm/analyzer/mod.js +25 -12
package/esm/analyzer/result.d.ts +35 -0
package/esm/analyzer/result.d.ts.map +1 -0
package/esm/analyzer/result.js +311 -0
package/esm/analyzer/rules/bash/commands/mod.d.ts +1 -0
package/esm/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
package/esm/analyzer/rules/bash/commands/mod.js +3 -0
package/esm/analyzer/rules/bash/commands/pip.d.ts +3 -0
package/esm/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
package/esm/analyzer/rules/bash/commands/pip.js +14 -0
package/esm/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
package/esm/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/bash/extractFileRefs.js +2 -2
package/esm/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
package/esm/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
package/esm/analyzer/rules/bash/inline-command-classifier.js +4 -4
package/esm/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
package/esm/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/javascript/extractFileRefs.js +3 -4
package/esm/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
package/esm/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
package/esm/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/markdown/extractFileRefs.js +2 -0
package/esm/analyzer/rules/python/extractFileRefs.d.ts +1 -1
package/esm/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
package/esm/analyzer/rules/python/extractFileRefs.js +2 -2
package/esm/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
package/esm/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
package/esm/analyzer/steps/001-discovery/discover-files.js +18 -2
package/esm/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
package/esm/analyzer/steps/001-discovery/mod.js +39 -9
package/esm/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
package/esm/analyzer/steps/002-permissions/mod.js +156 -73
package/esm/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
package/esm/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
package/esm/analyzer/steps/002-permissions/scan-file.js +40 -5
package/esm/analyzer/steps/002-permissions/seed-frontmatter.js +2 -2
package/esm/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
package/esm/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
package/esm/analyzer/steps/003-risks/dep-risks.js +74 -0
package/esm/analyzer/steps/003-risks/helpers.d.ts +1 -0
package/esm/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/helpers.js +1 -0
package/esm/analyzer/steps/003-risks/mod.d.ts +3 -2
package/esm/analyzer/steps/003-risks/mod.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/mod.js +41 -4
package/esm/analyzer/steps/003-risks/policy.d.ts +7 -0
package/esm/analyzer/steps/003-risks/policy.d.ts.map +1 -0
package/esm/analyzer/steps/003-risks/policy.js +23 -0
package/esm/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
package/esm/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/rule-mapped.js +83 -2
package/esm/analyzer/steps/003-risks/scoring.d.ts +9 -1
package/esm/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
package/esm/analyzer/steps/003-risks/scoring.js +55 -42
package/esm/analyzer/treesitter/client.d.ts +31 -0
package/esm/analyzer/treesitter/client.d.ts.map +1 -0
package/esm/analyzer/{treesiter → treesitter}/client.js +43 -39
package/esm/analyzer/treesitter/registry.d.ts +73 -0
package/esm/analyzer/treesitter/registry.d.ts.map +1 -0
package/esm/analyzer/treesitter/registry.js +165 -0
package/esm/analyzer/types.d.ts +14 -28
package/esm/analyzer/types.d.ts.map +1 -1
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +3 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +297 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +268 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
package/esm/deps/jsr.io/@deno-library/progress/1.5.1/time.js +45 -0
package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
package/esm/deps/jsr.io/@std/fmt/1.0.3/colors.js +903 -0
package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
package/esm/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
package/esm/deps/jsr.io/@std/io/0.225.0/types.js +15 -0
package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
package/esm/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
package/esm/deps/jsr.io/@std/io/0.225.0/write_all.js +61 -0
package/esm/shared/deep_merge.d.ts +12 -0
package/esm/shared/deep_merge.d.ts.map +1 -0
package/esm/shared/deep_merge.js +49 -0
package/esm/shared/mod.d.ts +1 -0
package/esm/shared/mod.d.ts.map +1 -1
package/esm/shared/mod.js +1 -0
package/esm/shared/types/filetypes.d.ts +2 -2
package/esm/shared/types/filetypes.d.ts.map +1 -1
package/esm/shared/types/permissions.d.ts +1 -1
package/esm/shared/types/permissions.d.ts.map +1 -1
package/esm/shared/types/risks.d.ts +4 -1
package/esm/shared/types/risks.d.ts.map +1 -1
package/esm/skillreader/types.d.ts +2 -2
package/esm/skillreader/types.d.ts.map +1 -1
package/esm/skillreader/types.js +2 -2
package/package.json +1 -1
package/script/analyzer/astgrep/client.d.ts +20 -8
package/script/analyzer/astgrep/client.d.ts.map +1 -1
package/script/analyzer/astgrep/client.js +58 -64
package/script/analyzer/config/default.d.ts +8 -0
package/script/analyzer/config/default.d.ts.map +1 -0
package/script/analyzer/config/default.js +94 -0
package/script/analyzer/config/helpers.d.ts +8 -0
package/script/analyzer/config/helpers.d.ts.map +1 -0
package/script/analyzer/config/helpers.js +76 -0
package/script/analyzer/config/mod.d.ts +4 -0
package/script/analyzer/config/mod.d.ts.map +1 -0
package/script/analyzer/config/mod.js +21 -0
package/script/analyzer/config/types.d.ts +58 -0
package/script/analyzer/config/types.d.ts.map +1 -0
package/script/analyzer/{config.js → config/types.js} +1 -29
package/script/analyzer/logging.d.ts +3 -0
package/script/analyzer/logging.d.ts.map +1 -0
package/script/analyzer/logging.js +9 -0
package/script/analyzer/mod.d.ts +12 -5
package/script/analyzer/mod.d.ts.map +1 -1
package/script/analyzer/mod.js +35 -20
package/script/analyzer/result.d.ts +35 -0
package/script/analyzer/result.d.ts.map +1 -0
package/script/analyzer/result.js +315 -0
package/script/analyzer/rules/bash/commands/mod.d.ts +1 -0
package/script/analyzer/rules/bash/commands/mod.d.ts.map +1 -1
package/script/analyzer/rules/bash/commands/mod.js +3 -0
package/script/analyzer/rules/bash/commands/pip.d.ts +3 -0
package/script/analyzer/rules/bash/commands/pip.d.ts.map +1 -0
package/script/analyzer/rules/bash/commands/pip.js +17 -0
package/script/analyzer/rules/bash/extractFileRefs.d.ts +1 -1
package/script/analyzer/rules/bash/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/bash/extractFileRefs.js +2 -2
package/script/analyzer/rules/bash/inline-command-classifier.d.ts +1 -1
package/script/analyzer/rules/bash/inline-command-classifier.d.ts.map +1 -1
package/script/analyzer/rules/bash/inline-command-classifier.js +4 -4
package/script/analyzer/rules/javascript/extractFileRefs.d.ts +3 -4
package/script/analyzer/rules/javascript/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/javascript/extractFileRefs.js +3 -4
package/script/analyzer/rules/markdown/extractCodeBlocks.d.ts.map +1 -1
package/script/analyzer/rules/markdown/extractCodeBlocks.js +6 -3
package/script/analyzer/rules/markdown/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/markdown/extractFileRefs.js +2 -0
package/script/analyzer/rules/python/extractFileRefs.d.ts +1 -1
package/script/analyzer/rules/python/extractFileRefs.d.ts.map +1 -1
package/script/analyzer/rules/python/extractFileRefs.js +2 -2
package/script/analyzer/steps/001-discovery/discover-files.d.ts +4 -0
package/script/analyzer/steps/001-discovery/discover-files.d.ts.map +1 -1
package/script/analyzer/steps/001-discovery/discover-files.js +18 -2
package/script/analyzer/steps/001-discovery/mod.d.ts.map +1 -1
package/script/analyzer/steps/001-discovery/mod.js +77 -11
package/script/analyzer/steps/002-permissions/mod.d.ts.map +1 -1
package/script/analyzer/steps/002-permissions/mod.js +194 -75
package/script/analyzer/steps/002-permissions/scan-file.d.ts +1 -1
package/script/analyzer/steps/002-permissions/scan-file.d.ts.map +1 -1
package/script/analyzer/steps/002-permissions/scan-file.js +40 -5
package/script/analyzer/steps/002-permissions/seed-frontmatter.js +3 -3
package/script/analyzer/steps/003-risks/dep-risks.d.ts +3 -0
package/script/analyzer/steps/003-risks/dep-risks.d.ts.map +1 -0
package/script/analyzer/steps/003-risks/dep-risks.js +77 -0
package/script/analyzer/steps/003-risks/helpers.d.ts +1 -0
package/script/analyzer/steps/003-risks/helpers.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/helpers.js +1 -0
package/script/analyzer/steps/003-risks/mod.d.ts +3 -2
package/script/analyzer/steps/003-risks/mod.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/mod.js +77 -4
package/script/analyzer/steps/003-risks/policy.d.ts +7 -0
package/script/analyzer/steps/003-risks/policy.d.ts.map +1 -0
package/script/analyzer/steps/003-risks/policy.js +29 -0
package/script/analyzer/steps/003-risks/rule-mapped.d.ts +2 -2
package/script/analyzer/steps/003-risks/rule-mapped.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/rule-mapped.js +83 -2
package/script/analyzer/steps/003-risks/scoring.d.ts +9 -1
package/script/analyzer/steps/003-risks/scoring.d.ts.map +1 -1
package/script/analyzer/steps/003-risks/scoring.js +55 -42
package/script/analyzer/treesitter/client.d.ts +31 -0
package/script/analyzer/treesitter/client.d.ts.map +1 -0
package/script/analyzer/treesitter/client.js +136 -0
package/script/analyzer/treesitter/registry.d.ts +73 -0
package/script/analyzer/treesitter/registry.d.ts.map +1 -0
package/script/analyzer/treesitter/registry.js +206 -0
package/script/analyzer/types.d.ts +14 -28
package/script/analyzer/types.d.ts.map +1 -1
package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts +3 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/deps.js +10 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts +93 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/mod.js +334 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts +84 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/multi.js +305 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts +18 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.d.ts.map +1 -0
package/script/deps/jsr.io/@deno-library/progress/1.5.1/time.js +48 -0
package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts +700 -0
package/script/deps/jsr.io/@std/fmt/1.0.3/colors.d.ts.map +1 -0
package/script/deps/jsr.io/@std/fmt/1.0.3/colors.js +986 -0
package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts +146 -0
package/script/deps/jsr.io/@std/io/0.225.0/types.d.ts.map +1 -0
package/script/deps/jsr.io/@std/io/0.225.0/types.js +18 -0
package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts +51 -0
package/script/deps/jsr.io/@std/io/0.225.0/write_all.d.ts.map +1 -0
package/script/deps/jsr.io/@std/io/0.225.0/write_all.js +65 -0
package/script/shared/deep_merge.d.ts +12 -0
package/script/shared/deep_merge.d.ts.map +1 -0
package/script/shared/deep_merge.js +53 -0
package/script/shared/mod.d.ts +1 -0
package/script/shared/mod.d.ts.map +1 -1
package/script/shared/mod.js +1 -0
package/script/shared/types/filetypes.d.ts +2 -2
package/script/shared/types/filetypes.d.ts.map +1 -1
package/script/shared/types/permissions.d.ts +1 -1
package/script/shared/types/permissions.d.ts.map +1 -1
package/script/shared/types/risks.d.ts +4 -1
package/script/shared/types/risks.d.ts.map +1 -1
package/script/skillreader/types.d.ts +2 -2
package/script/skillreader/types.d.ts.map +1 -1
package/script/skillreader/types.js +2 -2
package/src/_dnt.polyfills.ts +27 -0
package/src/_dnt.shims.ts +64 -0
package/src/analyzer/astgrep/client.ts +184 -0
package/src/analyzer/astgrep/mod.ts +2 -0
package/src/analyzer/config/default.ts +98 -0
package/src/analyzer/config/helpers.ts +107 -0
package/src/analyzer/config/mod.ts +3 -0
package/src/analyzer/config/types.ts +103 -0
package/src/analyzer/logging.ts +8 -0
package/src/analyzer/mod.ts +118 -0
package/src/analyzer/result.ts +393 -0
package/src/analyzer/rules/bash/astTypes.ts +5 -0
package/src/analyzer/rules/bash/commands/bd.ts +23 -0
package/src/analyzer/rules/bash/commands/cron.ts +21 -0
package/src/analyzer/rules/bash/commands/docker.ts +37 -0
package/src/analyzer/rules/bash/commands/eval.ts +52 -0
package/src/analyzer/rules/bash/commands/generic.ts +16 -0
package/src/analyzer/rules/bash/commands/gh.ts +21 -0
package/src/analyzer/rules/bash/commands/git.ts +28 -0
package/src/analyzer/rules/bash/commands/mod.ts +38 -0
package/src/analyzer/rules/bash/commands/node.ts +64 -0
package/src/analyzer/rules/bash/commands/openspec.ts +16 -0
package/src/analyzer/rules/bash/commands/pip.ts +16 -0
package/src/analyzer/rules/bash/commands/sudo.ts +21 -0
package/src/analyzer/rules/bash/destructive.ts +28 -0
package/src/analyzer/rules/bash/extractFileRefs.ts +101 -0
package/src/analyzer/rules/bash/filesystem.ts +50 -0
package/src/analyzer/rules/bash/injection.ts +21 -0
package/src/analyzer/rules/bash/inline-command-classifier.ts +94 -0
package/src/analyzer/rules/bash/mod.ts +23 -0
package/src/analyzer/rules/bash/network.ts +64 -0
package/src/analyzer/rules/bash/secret-detection.ts +43 -0
package/src/analyzer/rules/javascript/astTypes.ts +8 -0
package/src/analyzer/rules/javascript/extractFileRefs.ts +131 -0
package/src/analyzer/rules/javascript/filesystem.ts +28 -0
package/src/analyzer/rules/javascript/injection.ts +21 -0
package/src/analyzer/rules/javascript/mod.ts +26 -0
package/src/analyzer/rules/javascript/network.ts +27 -0
package/src/analyzer/rules/javascript/secret-detection.ts +68 -0
package/src/analyzer/rules/javascript/subprocess.ts +16 -0
package/src/analyzer/rules/markdown/astTypes.ts +35 -0
package/src/analyzer/rules/markdown/extractCodeBlocks.ts +101 -0
package/src/analyzer/rules/markdown/extractFileRefs.ts +179 -0
package/src/analyzer/rules/markdown/mod.ts +12 -0
package/src/analyzer/rules/mod.ts +77 -0
package/src/analyzer/rules/python/astTypes.ts +9 -0
package/src/analyzer/rules/python/extractFileRefs.ts +92 -0
package/src/analyzer/rules/python/mod.ts +15 -0
package/src/analyzer/rules/python/network.ts +26 -0
package/src/analyzer/rules/python/secret-detection.ts +30 -0
package/src/analyzer/rules/shared/file-refs.ts +38 -0
package/src/analyzer/rules/shared/network-evaluators.ts +107 -0
package/src/analyzer/rules/shared/prompt-injection.ts +48 -0
package/src/analyzer/rules/shared/secret-evaluators.ts +13 -0
package/src/analyzer/rules/text/mod.ts +12 -0
package/src/analyzer/rules/typescript/mod.ts +7 -0
package/src/analyzer/steps/001-discovery/discover-files.ts +211 -0
package/src/analyzer/steps/001-discovery/filter-files.ts +72 -0
package/src/analyzer/steps/001-discovery/mod.ts +103 -0
package/src/analyzer/steps/002-permissions/mod.ts +329 -0
package/src/analyzer/steps/002-permissions/scan-file.ts +258 -0
package/src/analyzer/steps/002-permissions/seed-frontmatter.ts +66 -0
package/src/analyzer/steps/002-permissions/synthesize.ts +42 -0
package/src/analyzer/steps/003-risks/dep-risks.ts +89 -0
package/src/analyzer/steps/003-risks/helpers.ts +41 -0
package/src/analyzer/steps/003-risks/mod.ts +86 -0
package/src/analyzer/steps/003-risks/policy.ts +38 -0
package/src/analyzer/steps/003-risks/rule-mapped.ts +206 -0
package/src/analyzer/steps/003-risks/scoring.ts +117 -0
package/src/analyzer/steps/mod.ts +3 -0
package/src/analyzer/treesitter/client.ts +120 -0
package/src/analyzer/treesitter/registry.ts +198 -0
package/src/analyzer/types.ts +78 -0
package/src/analyzer/utils/code-block-path.ts +33 -0
package/src/analyzer/utils/id-generator.ts +59 -0
package/src/analyzer/utils/secret-validator.ts +29 -0
package/src/analyzer/utils/url-parser.ts +25 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/deps.ts +3 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/mod.ts +265 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/multi.ts +250 -0
package/src/deps/jsr.io/@deno-library/progress/1.5.1/time.ts +69 -0
package/src/deps/jsr.io/@std/fmt/1.0.3/colors.ts +1004 -0
package/src/deps/jsr.io/@std/internal/1.0.12/_os.ts +15 -0
package/src/deps/jsr.io/@std/internal/1.0.12/os.ts +7 -0
package/src/deps/jsr.io/@std/io/0.225.0/types.ts +157 -0
package/src/deps/jsr.io/@std/io/0.225.0/write_all.ts +65 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/assert_path.ts +10 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/basename.ts +53 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/common.ts +26 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/constants.ts +49 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/dirname.ts +9 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/format.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/from_file_url.ts +12 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/glob_to_reg_exp.ts +295 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize.ts +9 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/normalize_string.ts +74 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/relative.ts +10 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/strip_trailing_separators.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/_common/to_file_url.ts +17 -0
package/src/deps/jsr.io/@std/path/1.1.4/basename.ts +37 -0
package/src/deps/jsr.io/@std/path/1.1.4/common.ts +35 -0
package/src/deps/jsr.io/@std/path/1.1.4/constants.ts +18 -0
package/src/deps/jsr.io/@std/path/1.1.4/dirname.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/extname.ts +29 -0
package/src/deps/jsr.io/@std/path/1.1.4/format.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/from_file_url.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/glob_to_regexp.ts +94 -0
package/src/deps/jsr.io/@std/path/1.1.4/is_absolute.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/is_glob.ts +49 -0
package/src/deps/jsr.io/@std/path/1.1.4/join.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/join_globs.ts +42 -0
package/src/deps/jsr.io/@std/path/1.1.4/mod.ts +217 -0
package/src/deps/jsr.io/@std/path/1.1.4/normalize.ts +33 -0
package/src/deps/jsr.io/@std/path/1.1.4/normalize_glob.ts +45 -0
package/src/deps/jsr.io/@std/path/1.1.4/parse.ts +44 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/_util.ts +10 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/basename.ts +62 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/constants.ts +15 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/dirname.ts +72 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/extname.ts +96 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/format.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/from_file_url.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/glob_to_regexp.ts +94 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/is_absolute.ts +25 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/join.ts +46 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/join_globs.ts +45 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize.ts +63 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/normalize_glob.ts +43 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/parse.ts +121 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/relative.ts +103 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/resolve.ts +71 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/to_file_url.ts +32 -0
package/src/deps/jsr.io/@std/path/1.1.4/posix/to_namespaced_path.ts +21 -0
package/src/deps/jsr.io/@std/path/1.1.4/relative.ts +32 -0
package/src/deps/jsr.io/@std/path/1.1.4/resolve.ts +32 -0
package/src/deps/jsr.io/@std/path/1.1.4/to_file_url.ts +30 -0
package/src/deps/jsr.io/@std/path/1.1.4/to_namespaced_path.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/types.ts +40 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/_util.ts +28 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/basename.ts +54 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/constants.ts +15 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/dirname.ts +118 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/extname.ts +90 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/format.ts +31 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/from_file_url.ts +34 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/glob_to_regexp.ts +92 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/is_absolute.ts +40 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/join.ts +78 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/join_globs.ts +46 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize.ts +136 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/normalize_glob.ts +43 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/parse.ts +184 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/relative.ts +128 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/resolve.ts +178 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/to_file_url.ts +38 -0
package/src/deps/jsr.io/@std/path/1.1.4/windows/to_namespaced_path.ts +60 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_chars.ts +55 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_dumper_state.ts +841 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_loader_state.ts +1780 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_schema.ts +183 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/binary.ts +127 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/bool.ts +37 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/float.ts +112 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/int.ts +174 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/map.ts +17 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/merge.ts +13 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/nil.ts +27 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/omap.ts +30 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/pairs.ts +22 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/regexp.ts +33 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/seq.ts +13 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/set.ts +17 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/str.ts +12 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/timestamp.ts +101 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type/undefined.ts +23 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_type.ts +49 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/_utils.ts +16 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/mod.ts +54 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/parse.ts +128 -0
package/src/deps/jsr.io/@std/yaml/1.0.11/stringify.ts +118 -0
package/src/shared/deep_merge.ts +73 -0
package/src/shared/mod.ts +2 -0
package/src/shared/types/filetypes.ts +101 -0
package/src/shared/types/findings.ts +7 -0
package/src/shared/types/mod.ts +6 -0
package/src/shared/types/permissions.ts +17 -0
package/src/shared/types/references.ts +62 -0
package/src/shared/types/risks.ts +72 -0
package/src/shared/types/syntaxNode.ts +7 -0
package/src/skillreader/cloudStorage/mod.ts +170 -0
package/src/skillreader/factory.ts +71 -0
package/src/skillreader/fs/git.ts +153 -0
package/src/skillreader/fs/mod.ts +84 -0
package/src/skillreader/github/base.ts +162 -0
package/src/skillreader/github/githubApi.ts +40 -0
package/src/skillreader/github/githubRaw.ts +24 -0
package/src/skillreader/github/mod.ts +45 -0
package/src/skillreader/github/utils.ts +40 -0
package/src/skillreader/manifest.ts +67 -0
package/src/skillreader/mod.ts +26 -0
package/src/skillreader/types.ts +150 -0
package/src/skillreader/utils/frontmatter-parser.ts +72 -0
package/src/skillreader/utils/http-range.ts +38 -0
package/src/skillreader/utils/mod.ts +12 -0
package/esm/analyzer/astgrep/registry.d.ts +0 -18
package/esm/analyzer/astgrep/registry.d.ts.map +0 -1
package/esm/analyzer/astgrep/registry.js +0 -71
package/esm/analyzer/config.d.ts +0 -27
package/esm/analyzer/config.d.ts.map +0 -1
package/esm/analyzer/steps/003-risks/output.d.ts +0 -3
package/esm/analyzer/steps/003-risks/output.d.ts.map +0 -1
package/esm/analyzer/steps/003-risks/output.js +0 -16
package/esm/analyzer/treesiter/client.d.ts +0 -26
package/esm/analyzer/treesiter/client.d.ts.map +0 -1
package/script/analyzer/astgrep/registry.d.ts +0 -18
package/script/analyzer/astgrep/registry.d.ts.map +0 -1
package/script/analyzer/astgrep/registry.js +0 -109
package/script/analyzer/config.d.ts +0 -27
package/script/analyzer/config.d.ts.map +0 -1
package/script/analyzer/steps/003-risks/output.d.ts +0 -3
package/script/analyzer/steps/003-risks/output.d.ts.map +0 -1
package/script/analyzer/steps/003-risks/output.js +0 -19
package/script/analyzer/treesiter/client.d.ts +0 -26
package/script/analyzer/treesiter/client.d.ts.map +0 -1
package/script/analyzer/treesiter/client.js +0 -165

package/src/analyzer/treesitter/client.ts ADDED Viewed

@@ -0,0 +1,120 @@
+import { Language, Parser, Query, Tree } from "web-tree-sitter";
+import { ensureGrammar } from "./registry.js";
+import type { TreesitterGrammar } from "./registry.js";
+import type { AnalyzerLogger } from "../types.js";
+import { NO_OP_LOGGER } from "../logging.js";
+export class TreesitterClient {
+    private PARSER_BY_GRAMMAR: Partial<Record<TreesitterGrammar, Parser>> = {};
+    private LANG_BY_GRAMMAR: Partial<Record<TreesitterGrammar, Language>> = {};
+    private QUERY_CACHE = new Map<string, Query>();
+    private ROOT_NODE_CACHE_BY_CONTENT: Partial<
+        // cache by length then hash
+        Record<TreesitterGrammar, Map<number, Map<number, Tree>>>
+    > = {};
+    /** Parser.init() is idempotent but we avoid re-calling it. */
+    private parserInitialized: boolean = false;
+    constructor(
+        private readonly logger: AnalyzerLogger = NO_OP_LOGGER,
+        private readonly showProgressBar: boolean = false,
+    ) {}
+    private async ensureParserInit() {
+        if (this.parserInitialized) return;
+        await Parser.init();
+        this.parserInitialized = true;
+    }
+    public async getParser(grammar: TreesitterGrammar): Promise<Parser> {
+        if (this.PARSER_BY_GRAMMAR[grammar]) {
+            return this.PARSER_BY_GRAMMAR[grammar]!;
+        }
+        await this.ensureParserInit();
+        let lang = this.LANG_BY_GRAMMAR[grammar];
+        if (!lang) {
+            const wasmPath = await ensureGrammar(grammar, {
+                logger: this.logger,
+                showProgressBar: this.showProgressBar,
+            });
+            lang = await Language.load(wasmPath);
+            this.LANG_BY_GRAMMAR[grammar] = lang;
+        }
+        const parser = new Parser();
+        parser.setLanguage(lang);
+        this.PARSER_BY_GRAMMAR[grammar] = parser;
+        return parser;
+    }
+    /**
+     * Creates (and caches) a tree-sitter Query for the given grammar and S-expression query string.
+     */
+    public async createQuery(grammar: TreesitterGrammar, queryString: string): Promise<Query> {
+        const cacheKey = `${grammar}:${queryString}`;
+        if (this.QUERY_CACHE.has(cacheKey)) {
+            return this.QUERY_CACHE.get(cacheKey)!;
+        }
+        await this.getParser(grammar); // ensures LANG_BY_GRAMMAR[grammar] is populated
+        const lang = this.LANG_BY_GRAMMAR[grammar]!;
+        const query = new Query(lang, queryString);
+        this.QUERY_CACHE.set(cacheKey, query);
+        return query;
+    }
+    /**
+     * Parses content into a tree-sitter Tree with memoization.
+     *
+     * Cache key strategy:
+     * - first level: content length
+     * - second level: fast non-cryptographic hash of content
+     */
+    public async parse(grammar: TreesitterGrammar, content: string): Promise<Tree> {
+        const treeCacheByLen = this.getTreeCache(grammar);
+        const len = content.length;
+        const treeCacheByHash = treeCacheByLen.get(len);
+        if (treeCacheByHash) {
+            const hash = this.hashContent(content);
+            const cached = treeCacheByHash.get(hash);
+            if (cached) return cached;
+        }
+        const parser = await this.getParser(grammar);
+        const tree = parser.parse(content);
+        if (!tree) {
+            throw new Error(`Failed to parse ${grammar} content`);
+        }
+        const hash = this.hashContent(content);
+        const bucket = treeCacheByLen.get(len) ?? new Map<number, Tree>();
+        bucket.set(hash, tree);
+        treeCacheByLen.set(len, bucket);
+        return tree;
+    }
+    private getTreeCache(grammar: TreesitterGrammar): Map<number, Map<number, Tree>> {
+        if (!this.ROOT_NODE_CACHE_BY_CONTENT[grammar]) {
+            this.ROOT_NODE_CACHE_BY_CONTENT[grammar] = new Map<
+                number,
+                Map<number, Tree>
+            >();
+        }
+        return this.ROOT_NODE_CACHE_BY_CONTENT[grammar]!;
+    }
+    private hashContent(content: string): number {
+        // FNV-1a 32-bit (fast, non-cryptographic)
+        let hash = 0x811c9dc5;
+        for (let i = 0; i < content.length; i++) {
+            hash ^= content.charCodeAt(i);
+            hash = Math.imul(hash, 0x01000193);
+        }
+        return hash >>> 0;
+    }
+}

package/src/analyzer/treesitter/registry.ts ADDED Viewed

@@ -0,0 +1,198 @@
+/**
+ * Shared grammar registry for web-tree-sitter WASM grammars.
+ *
+ * Used by both AstGrepClient and TreesitterClient. Grammar .wasm files are
+ * downloaded from GitHub Releases on first use and cached locally following
+ * the XDG cache directory convention.
+ *
+ * Cache location (in priority order):
+ *   1. $SKILL_LAB_CACHE_DIR
+ *   2. $XDG_CACHE_HOME/skill-lab
+ *   3. ~/.cache/skill-lab  (Linux/macOS)
+ *      %LOCALAPPDATA%\skill-lab\Cache  (Windows)
+ */
+import * as dntShim from "../../_dnt.shims.js";
+import { join } from "../../deps/jsr.io/@std/path/1.1.4/mod.js";
+import type { AnalyzerLogger } from "../types.js";
+import ProgressBar from "../../deps/jsr.io/@deno-library/progress/1.5.1/mod.js";
+const TREESITTER_GRAMMER_SUBDIR = "treesitter/grammars";
+const ANSI_CLEAR_LINE = "\r\x1b[K";
+const ENCODER = new TextEncoder();
+export type GrammarSpec = {
+    /** Local filename used in the cache directory. */
+    filename: string;
+    /** Exact, version-pinned URL to download the grammar .wasm from. */
+    url: string;
+};
+/**
+ * Grammar specifications. All URLs are exact version-pinned to ensure
+ * ABI compatibility with web-tree-sitter@0.25.4.
+ *
+ * Grammar .wasm files are compiled by the tree-sitter CLI against a specific
+ * WASM ABI. Mixing grammar versions with a different web-tree-sitter version
+ * causes silent parse failures, so both must be pinned together.
+ */
+export const GRAMMAR_SPECS = {
+    bash: {
+        filename: "bash.wasm",
+        url: "https://github.com/tree-sitter/tree-sitter-bash/releases/download/v0.25.1/tree-sitter-bash.wasm",
+    },
+    javascript: {
+        filename: "javascript.wasm",
+        url: "https://github.com/tree-sitter/tree-sitter-javascript/releases/download/v0.25.0/tree-sitter-javascript.wasm",
+    },
+    python: {
+        filename: "python.wasm",
+        url: "https://github.com/tree-sitter/tree-sitter-python/releases/download/v0.25.0/tree-sitter-python.wasm",
+    },
+    typescript: {
+        filename: "typescript.wasm",
+        url: "https://github.com/tree-sitter/tree-sitter-typescript/releases/download/v0.23.2/tree-sitter-typescript.wasm",
+    },
+    tsx: {
+        filename: "tsx.wasm",
+        url: "https://github.com/tree-sitter/tree-sitter-typescript/releases/download/v0.23.2/tree-sitter-tsx.wasm",
+    },
+    markdown: {
+        filename: "markdown.wasm",
+        url: "https://github.com/tree-sitter-grammars/tree-sitter-markdown/releases/download/v0.5.2/tree-sitter-markdown.wasm",
+    },
+    "markdown-inline": {
+        filename: "markdown_inline.wasm",
+        url: "https://github.com/tree-sitter-grammars/tree-sitter-markdown/releases/download/v0.5.2/tree-sitter-markdown_inline.wasm",
+    },
+} satisfies Record<string, GrammarSpec>;
+/** Available languages for tree-sitter grammars. */
+export type TreesitterGrammar = keyof typeof GRAMMAR_SPECS;
+/**
+ * Returns the skill-lab cache directory, following XDG conventions.
+ *
+ * Priority:
+ *   1. $SKILL_LAB_CACHE_DIR — explicit override
+ *   2. $XDG_CACHE_HOME/skill-lab — if XDG_CACHE_HOME is set
+ *   3. Platform default:
+ *        Linux/macOS: ~/.cache/skill-lab
+ *        Windows:     %LOCALAPPDATA%\skill-lab\Cache
+ */
+export function getCacheDir(): string {
+    const explicit = dntShim.Deno.env.get("SKILL_LAB_CACHE_DIR");
+    if (explicit) return explicit;
+    const xdgCache = dntShim.Deno.env.get("XDG_CACHE_HOME");
+    if (xdgCache) return join(xdgCache, "skill-lab");
+    if (dntShim.Deno.build.os === "windows") {
+        const localAppData = dntShim.Deno.env.get("LOCALAPPDATA");
+        if (localAppData) return join(localAppData, "skill-lab", "Cache");
+        const userProfile = dntShim.Deno.env.get("USERPROFILE") ?? "~";
+        return join(userProfile, "AppData", "Local", "skill-lab", "Cache");
+    }
+    const home = dntShim.Deno.env.get("HOME") ?? "~";
+    return join(home, ".cache", "skill-lab");
+}
+/**
+ * Ensures a grammar .wasm file is present in the local cache.
+ *
+ * On first call for a given language, downloads the file from the pinned URL
+ * in GRAMMAR_SPECS. Subsequent calls return immediately from cache.
+ *
+ * @param lang - Language key (e.g. "bash", "typescript", "markdown-inline")
+ * @param opts.logger - Optional logger for download events
+ * @returns Absolute path to the cached .wasm file
+ */
+export async function ensureGrammar(
+    lang: string,
+    opts?: {
+        logger?: AnalyzerLogger;
+        showProgressBar?: boolean;
+    },
+): Promise<string> {
+    if (!(lang in GRAMMAR_SPECS)) {
+        throw new Error(
+            `No grammar spec for language: "${lang}". Available: ${
+                Object.keys(GRAMMAR_SPECS).join(", ")
+            }`,
+        );
+    }
+    const spec = GRAMMAR_SPECS[lang as TreesitterGrammar];
+    const cacheDir = join(getCacheDir(), TREESITTER_GRAMMER_SUBDIR);
+    const cachedPath = join(cacheDir, spec.filename);
+    // Return immediately if already cached
+    try {
+        const stat = await dntShim.Deno.stat(cachedPath);
+        if (stat.isFile) return cachedPath;
+    } catch {
+        // Not cached yet — fall through to download
+    }
+    // Download and write to cache
+    await dntShim.Deno.mkdir(cacheDir, { recursive: true });
+    if (dntShim.Deno.stderr.isTerminal()) {
+        dntShim.Deno.stderr.writeSync(ENCODER.encode(ANSI_CLEAR_LINE));
+    }
+    const resp = await fetch(spec.url);
+    if (!resp.ok) {
+        throw new Error(
+            `Failed to download grammar ${spec.filename}: HTTP ${resp.status} from ${spec.url}`,
+        );
+    }
+    const shouldRenderProgress = (opts?.showProgressBar ?? false) && dntShim.Deno.stdout.isTerminal();
+    const contentLenHeader = resp.headers.get("content-length")!;
+    const contentLen = parseInt(contentLenHeader);
+    const scanBar = shouldRenderProgress
+        ? new ProgressBar({
+            total: contentLen,
+            clear: true,
+            output: dntShim.Deno.stderr,
+            complete: "=",
+            incomplete: "-",
+            display: `Installing ${lang} grammar [:bar] :percent ETA :eta`,
+        })
+        : null;
+    let bytes: Uint8Array;
+    try {
+        if (!resp.body) {
+            bytes = new Uint8Array(await resp.arrayBuffer());
+        } else {
+            const reader = resp.body.getReader();
+            const chunks: Uint8Array[] = [];
+            let received = 0;
+            while (true) {
+                const { value, done } = await reader.read();
+                if (done) break;
+                if (!value) continue;
+                chunks.push(value);
+                received += value.byteLength;
+                scanBar?.render(received);
+            }
+            bytes = new Uint8Array(received);
+            let offset = 0;
+            for (const chunk of chunks) {
+                bytes.set(chunk, offset);
+                offset += chunk.byteLength;
+            }
+        }
+    } finally {
+        scanBar?.end();
+    }
+    await dntShim.Deno.writeFile(cachedPath, bytes);
+    return cachedPath;
+}

package/src/analyzer/types.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import type { SkillFile, SkillReader } from "../skillreader/mod.js";
+import type {
+    FileRefDiscoveryMethod,
+    FileReference,
+    FileType,
+    Finding,
+    Frontmatter,
+    Permission,
+    Reference,
+    ReferenceType,
+    Risk,
+} from "../shared/mod.js";
+import { AstGrepClient } from "./astgrep/client.js";
+import { TreesitterClient } from "./treesitter/client.js";
+import type { AnalyzerConfig, ScanConfig } from "./config/mod.js";
+export type { AnalyzerConfig, ScanConfig };
+export type AnalyzerLogger = {
+    debug: (template: string, props?: Record<string, unknown>) => void;
+    info: (template: string, props?: Record<string, unknown>) => void;
+    warn: (template: string, props?: Record<string, unknown>) => void;
+    error: (template: string, props?: Record<string, unknown>) => void;
+};
+export type AnalyzerState = {
+    skillId: string;
+    skillVersionId: string;
+    files: SkillFile[];
+    frontmatter: Frontmatter;
+    scanQueue: FileReference[];
+    permissions: Permission[];
+    findings: Finding[];
+    risks: Risk[];
+    warnings: string[];
+    metadata: {
+        scannedFiles: Set<string>;
+        skippedFiles: Array<{ path: string; reason: string; referenceBy?: Reference }>;
+        rulesUsed: string[];
+        config: ScanConfig;
+    };
+};
+export type AnalyzerContext = {
+    skillReader: SkillReader;
+    treesitterClient: TreesitterClient;
+    astgrepClient: AstGrepClient;
+    logger?: AnalyzerLogger;
+    showProgressBar?: boolean;
+    /** Resolved (defaults-merged) user config. */
+    config: AnalyzerConfig;
+};
+/** A file path or package reference discovered in source content. */
+export type FileRefDiscovery = {
+    path: string;
+    line: number;
+    via: FileRefDiscoveryMethod;
+};
+export type CodeBlock = {
+    language: FileType;
+    content: string;
+    startLine: number;
+    endLine: number;
+    type: ReferenceType;
+};
+export type FileTypeConfig = {
+    extractCodeBlocks?: (
+        context: AnalyzerContext,
+        content: string,
+    ) => Promise<CodeBlock[]>;
+    extractFileRefs?: (
+        context: AnalyzerContext,
+        content: string,
+    ) => FileRefDiscovery[] | Promise<FileRefDiscovery[]>;
+    defaultLanguage: FileType | null;
+};

package/src/analyzer/utils/code-block-path.ts ADDED Viewed

@@ -0,0 +1,33 @@
+export type DecodedCodeBlockPath = {
+    parentPath: string;
+    startLine: number;
+    endLine: number;
+};
+export function encodeCodeBlockPath(
+    parentPath: string,
+    startLine: number,
+    endLine: number,
+): string {
+    return `${parentPath}:${startLine}-${endLine}`;
+}
+export function decodeCodeBlockPath(path: string): DecodedCodeBlockPath | null {
+    const match = path.match(/^(.+):(\d+)-(\d+)$/);
+    if (!match) return null;
+    const startLine = Number(match[2]);
+    const endLine = Number(match[3]);
+    if (!Number.isFinite(startLine) || !Number.isFinite(endLine)) return null;
+    if (startLine <= 0 || endLine < startLine) return null;
+    return {
+        parentPath: match[1],
+        startLine,
+        endLine,
+    };
+}
+export function isCodeBlockPath(path: string): boolean {
+    return decodeCodeBlockPath(path) !== null;
+}

package/src/analyzer/utils/id-generator.ts ADDED Viewed

@@ -0,0 +1,59 @@
+export function generatePermissionId(
+    tool: string,
+    args: string[] = ["*"],
+    metadata?: Record<string, unknown>,
+): string {
+    const normalizedArgs = args.length > 0 ? args : ["*"];
+    const base = sanitize(`${tool}-${normalizedArgs.join("-")}`);
+    const normalizedMetadata = filterMetadataForHash(metadata ?? {});
+    const shouldHash = normalizedArgs.length > 1 || Object.keys(normalizedMetadata).length > 0;
+    if (!shouldHash) return base;
+    const hashInput = stableStringify({ args: normalizedArgs, metadata: normalizedMetadata });
+    return `${base}-${shortHash(hashInput)}`;
+}
+export function generateRiskId(type: string, index: number): string {
+    return sanitize(`risk-${type}-${index + 1}`);
+}
+function sanitize(value: string): string {
+    return value
+        .toLowerCase()
+        .replace(/[^a-z0-9.*-]+/g, "-")
+        .replace(/-+/g, "-")
+        .replace(/^-|-$/g, "");
+}
+function filterMetadataForHash(metadata: Record<string, unknown>): Record<string, unknown> {
+    const result: Record<string, unknown> = {};
+    for (const [key, value] of Object.entries(metadata)) {
+        if (key === "pattern") continue;
+        if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+function stableStringify(value: unknown): string {
+    if (Array.isArray(value)) {
+        return `[${value.map((item) => stableStringify(item)).join(",")}]`;
+    }
+    if (value && typeof value === "object") {
+        const entries = Object.entries(value as Record<string, unknown>)
+            .sort(([a], [b]) => a.localeCompare(b))
+            .map(([key, item]) => `${key}:${stableStringify(item)}`);
+        return `{${entries.join(",")}}`;
+    }
+    return JSON.stringify(value);
+}
+function shortHash(input: string): string {
+    let hash = 0;
+    for (let i = 0; i < input.length; i += 1) {
+        hash = (hash * 31 + input.charCodeAt(i)) | 0;
+    }
+    return Math.abs(hash).toString(36).padStart(6, "0").slice(0, 6);
+}

package/src/analyzer/utils/secret-validator.ts ADDED Viewed

@@ -0,0 +1,29 @@
+const SECRET_KEYWORDS = [
+    "token",
+    "key",
+    "secret",
+    "password",
+    "pwd",
+    "pass",
+    "credential",
+    "cred",
+    "auth",
+    "api",
+    "apikey",
+    "bearer",
+    "oauth",
+    "jwt",
+    "session",
+    "private",
+];
+export function isSecretLikeName(value: unknown): boolean {
+    if (typeof value !== "string") return false;
+    const normalized = value.toLowerCase();
+    return SECRET_KEYWORDS.some((keyword) => normalized.includes(keyword));
+}
+export function normalizeKeyCandidate(value: unknown): string {
+    if (typeof value !== "string") return "";
+    return value.replace(/[;,)]+$/, "").trim();
+}

package/src/analyzer/utils/url-parser.ts ADDED Viewed

@@ -0,0 +1,25 @@
+export function parseUrlFromUnknown(
+    input: string,
+): { host: string; protocol: string; raw: string } | null {
+    if (!input) return null;
+    const cleaned = input.trim().replace(/^['"`]|['"`]$/g, "");
+    const withProtocol = /^https?:\/\//i.test(cleaned) ? cleaned : `https://${cleaned}`;
+    try {
+        const url = new URL(withProtocol);
+        return {
+            host: url.hostname,
+            protocol: url.protocol.replace(":", ""),
+            raw: cleaned,
+        };
+    } catch {
+        return null;
+    }
+}
+export function classifyDestination(host: string): "loopback" | "internal" | "external" {
+    if (["localhost", "127.0.0.1", "::1"].includes(host)) return "loopback";
+    if (host.endsWith(".local")) return "internal";
+    if (/^10\.|^192\.168\.|^172\.(1[6-9]|2[0-9]|3[01])\./.test(host)) return "internal";
+    return "external";
+}

package/src/deps/jsr.io/@deno-library/progress/1.5.1/deps.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { bgGreen, bgWhite, stripAnsiCode } from "../../../@std/fmt/1.0.3/colors.js";
+export { writeAll } from "../../../@std/io/0.225.0/write_all.js";
+// export type { Writer } from "jsr:@std/io@0.225.0/types";