@galileodev/verify 0.1.0

package/dist/utils/secret-strip.js

@@ -0,0 +1,34 @@
+const PATTERNS = [
+    { regex: /sk-[a-zA-Z0-9_-]{20,}/g, label: 'api_key' },
+    { regex: /AKIA[A-Z0-9]{16}/g, label: 'aws_key' },
+    { regex: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |DSA )?PRIVATE KEY-----/g, label: 'private_key' },
+    { regex: /Bearer [A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, label: 'bearer_token' },
+];
+export function stripSecrets(content, mode = 'remediation') {
+    let stripped = content;
+    const restorationMap = {};
+    let counter = 0;
+    let hasRedactions = false;
+    for (const pattern of PATTERNS) {
+        // Create a fresh regex each call to avoid lastIndex issues
+        const re = new RegExp(pattern.regex.source, pattern.regex.flags);
+        stripped = stripped.replace(re, (match) => {
+            hasRedactions = true;
+            // Use counter-indexed placeholders so multiple secrets of the same type
+            // get unique keys in the restoration map
+            const placeholder = `[REDACTED:${pattern.label}:${counter++}]`;
+            if (mode === 'context') {
+                restorationMap[placeholder] = match;
+            }
+            return placeholder;
+        });
+    }
+    if (!hasRedactions) {
+        return { stripped: content };
+    }
+    if (mode === 'context' && Object.keys(restorationMap).length > 0) {
+        return { stripped, restorationMap };
+    }
+    return { stripped };
+}
+//# sourceMappingURL=secret-strip.js.map

package/dist/utils/secret-strip.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-strip.js","sourceRoot":"","sources":["../../src/utils/secret-strip.ts"],"names":[],"mappings":"AAKA,MAAM,QAAQ,GAAoB;IAChC,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,SAAS,EAAE;IACrD,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,EAAE,SAAS,EAAE;IAChD,EAAE,KAAK,EAAE,mGAAmG,EAAE,KAAK,EAAE,aAAa,EAAE;IACpI,EAAE,KAAK,EAAE,wDAAwD,EAAE,KAAK,EAAE,cAAc,EAAE;CAC3F,CAAC;AAOF,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,OAAkC,aAAa;IAE/C,IAAI,QAAQ,GAAG,OAAO,CAAC;IACvB,MAAM,cAAc,GAA2B,EAAE,CAAC;IAClD,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,2DAA2D;QAC3D,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACjE,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,EAAE;YACxC,aAAa,GAAG,IAAI,CAAC;YACrB,wEAAwE;YACxE,yCAAyC;YACzC,MAAM,WAAW,GAAG,aAAa,OAAO,CAAC,KAAK,IAAI,OAAO,EAAE,GAAG,CAAC;YAC/D,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;YACtC,CAAC;YACD,OAAO,WAAW,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjE,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;IACtC,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}

package/dist/verifier/plugins/eslint.d.ts

@@ -0,0 +1,9 @@
+import type { VerifierPlugin, VerifyTarget, VerificationFinding } from '../../types.js';
+export declare class EslintVerifier implements VerifierPlugin {
+    readonly id = "eslint";
+    readonly name = "ESLint";
+    available(): Promise<boolean>;
+    run(target: VerifyTarget): Promise<VerificationFinding[]>;
+    parseOutput(output: string, workingDir?: string): VerificationFinding[];
+}
+//# sourceMappingURL=eslint.d.ts.map

package/dist/verifier/plugins/eslint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eslint.d.ts","sourceRoot":"","sources":["../../../src/verifier/plugins/eslint.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAexF,qBAAa,cAAe,YAAW,cAAc;IACnD,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,IAAI,YAAY;IAEnB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAS7B,GAAG,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAgB/D,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,mBAAmB,EAAE;CA+BxE"}

package/dist/verifier/plugins/eslint.js

@@ -0,0 +1,59 @@
+import { execSync } from 'node:child_process';
+import { relative, isAbsolute } from 'node:path';
+export class EslintVerifier {
+    id = 'eslint';
+    name = 'ESLint';
+    async available() {
+        try {
+            execSync('npx eslint --version', { stdio: 'ignore' });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async run(target) {
+        const args = ['eslint', '--format', 'json'];
+        if (target.files && target.files.length > 0) {
+            args.push(...target.files);
+        }
+        else {
+            args.push('.');
+        }
+        const result = await target.sandbox.exec('npx', args, {
+            workingDir: target.workingDir,
+            timeoutMs: 60000,
+        });
+        return this.parseOutput(result.stdout, target.workingDir);
+    }
+    parseOutput(output, workingDir) {
+        const findings = [];
+        let results;
+        try {
+            results = JSON.parse(output);
+        }
+        catch {
+            return [];
+        }
+        for (const file of results) {
+            // Normalize absolute paths to relative
+            let filePath = file.filePath;
+            if (workingDir && isAbsolute(filePath)) {
+                filePath = relative(workingDir, filePath);
+            }
+            for (const msg of file.messages) {
+                findings.push({
+                    verifierId: 'eslint',
+                    severity: msg.severity === 2 ? 'error' : 'warning',
+                    ruleId: msg.ruleId ?? 'unknown',
+                    message: msg.message,
+                    file: filePath,
+                    line: msg.line,
+                    column: msg.column,
+                });
+            }
+        }
+        return findings;
+    }
+}
+//# sourceMappingURL=eslint.js.map

package/dist/verifier/plugins/eslint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eslint.js","sourceRoot":"","sources":["../../../src/verifier/plugins/eslint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAgBjD,MAAM,OAAO,cAAc;IAChB,EAAE,GAAG,QAAQ,CAAC;IACd,IAAI,GAAG,QAAQ,CAAC;IAEzB,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,QAAQ,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAoB;QAC5B,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE;YACpD,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;IAC5D,CAAC;IAED,WAAW,CAAC,MAAc,EAAE,UAAmB;QAC7C,MAAM,QAAQ,GAA0B,EAAE,CAAC;QAC3C,IAAI,OAA2B,CAAC;QAChC,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,uCAAuC;YACvC,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC7B,IAAI,UAAU,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvC,QAAQ,GAAG,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAC5C,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAChC,QAAQ,CAAC,IAAI,CAAC;oBACZ,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAClD,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,SAAS;oBAC/B,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,GAAG,CAAC,MAAM;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/verifier/plugins/semgrep.d.ts

@@ -0,0 +1,9 @@
+import type { VerifierPlugin, VerifyTarget, VerificationFinding } from '../../types.js';
+export declare class SemgrepVerifier implements VerifierPlugin {
+    readonly id = "semgrep";
+    readonly name = "Semgrep";
+    available(): Promise<boolean>;
+    run(target: VerifyTarget): Promise<VerificationFinding[]>;
+    parseOutput(output: string): VerificationFinding[];
+}
+//# sourceMappingURL=semgrep.d.ts.map

package/dist/verifier/plugins/semgrep.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/verifier/plugins/semgrep.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAaxF,qBAAa,eAAgB,YAAW,cAAc;IACpD,QAAQ,CAAC,EAAE,aAAa;IACxB,QAAQ,CAAC,IAAI,aAAa;IAEpB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAS7B,GAAG,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAgB/D,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAkBnD"}

package/dist/verifier/plugins/semgrep.js

@@ -0,0 +1,46 @@
+import { execSync } from 'node:child_process';
+export class SemgrepVerifier {
+    id = 'semgrep';
+    name = 'Semgrep';
+    async available() {
+        try {
+            execSync('semgrep --version', { stdio: 'ignore' });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async run(target) {
+        const args = ['--json', '--config', 'auto'];
+        if (target.files && target.files.length > 0) {
+            for (const file of target.files) {
+                args.push('--include', file);
+            }
+        }
+        const result = await target.sandbox.exec('semgrep', args, {
+            workingDir: target.workingDir,
+            timeoutMs: 120000,
+        });
+        return this.parseOutput(result.stdout);
+    }
+    parseOutput(output) {
+        let parsed;
+        try {
+            parsed = JSON.parse(output);
+        }
+        catch {
+            return [];
+        }
+        return parsed.results.map((r) => ({
+            verifierId: 'semgrep',
+            severity: r.extra.severity.toLowerCase() === 'error' ? 'error' : 'warning',
+            ruleId: r.check_id,
+            message: r.extra.message,
+            file: r.path,
+            line: r.start.line,
+            column: r.start.col,
+        }));
+    }
+}
+//# sourceMappingURL=semgrep.js.map

package/dist/verifier/plugins/semgrep.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"semgrep.js","sourceRoot":"","sources":["../../../src/verifier/plugins/semgrep.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAc9C,MAAM,OAAO,eAAe;IACjB,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,SAAS,CAAC;IAE1B,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,QAAQ,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAoB;QAC5B,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAC5C,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE;YACxD,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,IAAI,MAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,OAAgB,CAAC,CAAC,CAAC,SAAkB;YAC5F,MAAM,EAAE,CAAC,CAAC,QAAQ;YAClB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;YACxB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI;YAClB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG;SACpB,CAAC,CAAC,CAAC;IACN,CAAC;CACF"}

package/dist/verifier/plugins/test-runner.d.ts

@@ -0,0 +1,11 @@
+import type { VerifierPlugin, VerifyTarget, VerificationFinding } from '../../types.js';
+export declare class TestRunnerVerifier implements VerifierPlugin {
+    private readonly command;
+    readonly id = "vitest";
+    readonly name = "Test Runner";
+    constructor(command?: string);
+    available(): Promise<boolean>;
+    run(target: VerifyTarget): Promise<VerificationFinding[]>;
+    parseOutput(output: string): VerificationFinding[];
+}
+//# sourceMappingURL=test-runner.d.ts.map

package/dist/verifier/plugins/test-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-runner.d.ts","sourceRoot":"","sources":["../../../src/verifier/plugins/test-runner.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAExF,qBAAa,kBAAmB,YAAW,cAAc;IAI3C,OAAO,CAAC,QAAQ,CAAC,OAAO;IAHpC,QAAQ,CAAC,EAAE,YAAY;IACvB,QAAQ,CAAC,IAAI,iBAAiB;gBAED,OAAO,GAAE,MAAyB;IAEzD,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAS7B,GAAG,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAW/D,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAmBnD"}

package/dist/verifier/plugins/test-runner.js

@@ -0,0 +1,46 @@
+import { execSync } from 'node:child_process';
+export class TestRunnerVerifier {
+    command;
+    id = 'vitest';
+    name = 'Test Runner';
+    constructor(command = 'npx vitest run') {
+        this.command = command;
+    }
+    async available() {
+        try {
+            execSync('npx vitest --version', { stdio: 'ignore' });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async run(target) {
+        const [cmd, ...args] = this.command.split(' ');
+        const result = await target.sandbox.exec(cmd, args, {
+            workingDir: target.workingDir,
+            timeoutMs: 120000,
+        });
+        if (result.exitCode === 0)
+            return [];
+        return this.parseOutput(result.stdout + result.stderr);
+    }
+    parseOutput(output) {
+        const findings = [];
+        const pattern = /FAIL\s+(.+?)(?:\s+>.*?)?\n[\s\S]*?❯\s+(.+?):(\d+)(?::(\d+))?/g;
+        let match;
+        while ((match = pattern.exec(output)) !== null) {
+            findings.push({
+                verifierId: 'vitest',
+                severity: 'error',
+                ruleId: 'test-failure',
+                message: `Test failed in ${match[1].trim()}`,
+                file: match[2],
+                line: parseInt(match[3], 10),
+                column: match[4] ? parseInt(match[4], 10) : undefined,
+            });
+        }
+        return findings;
+    }
+}
+//# sourceMappingURL=test-runner.js.map

package/dist/verifier/plugins/test-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-runner.js","sourceRoot":"","sources":["../../../src/verifier/plugins/test-runner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAG9C,MAAM,OAAO,kBAAkB;IAIA;IAHpB,EAAE,GAAG,QAAQ,CAAC;IACd,IAAI,GAAG,aAAa,CAAC;IAE9B,YAA6B,UAAkB,gBAAgB;QAAlC,YAAO,GAAP,OAAO,CAA2B;IAAG,CAAC;IAEnE,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,QAAQ,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAoB;QAC5B,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE;YAClD,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM;SAClB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,MAAM,QAAQ,GAA0B,EAAE,CAAC;QAC3C,MAAM,OAAO,GAAG,+DAA+D,CAAC;QAEhF,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,QAAQ;gBACpB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,cAAc;gBACtB,OAAO,EAAE,kBAAkB,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC5C,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5B,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;aACtD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/verifier/plugins/tsc.d.ts

@@ -0,0 +1,9 @@
+import type { VerifierPlugin, VerifyTarget, VerificationFinding } from '../../types.js';
+export declare class TscVerifier implements VerifierPlugin {
+    readonly id = "tsc";
+    readonly name = "TypeScript Compiler";
+    available(): Promise<boolean>;
+    run(target: VerifyTarget): Promise<VerificationFinding[]>;
+    parseOutput(output: string): VerificationFinding[];
+}
+//# sourceMappingURL=tsc.d.ts.map

package/dist/verifier/plugins/tsc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tsc.d.ts","sourceRoot":"","sources":["../../../src/verifier/plugins/tsc.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAExF,qBAAa,WAAY,YAAW,cAAc;IAChD,QAAQ,CAAC,EAAE,SAAS;IACpB,QAAQ,CAAC,IAAI,yBAAyB;IAEhC,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC;IAS7B,GAAG,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAU/D,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAmBnD"}

package/dist/verifier/plugins/tsc.js

@@ -0,0 +1,41 @@
+import { execSync } from 'node:child_process';
+export class TscVerifier {
+    id = 'tsc';
+    name = 'TypeScript Compiler';
+    async available() {
+        try {
+            execSync('npx tsc --version', { stdio: 'ignore' });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async run(target) {
+        const result = await target.sandbox.exec('npx', ['tsc', '--noEmit', '--pretty', 'false'], {
+            workingDir: target.workingDir,
+            timeoutMs: 30000,
+        });
+        if (result.exitCode === 0)
+            return [];
+        return this.parseOutput(result.stdout + result.stderr);
+    }
+    parseOutput(output) {
+        const findings = [];
+        const pattern = /^(.+?)\((\d+),(\d+)\):\s+error\s+(TS\d+):\s+(.+)$/gm;
+        let match;
+        while ((match = pattern.exec(output)) !== null) {
+            findings.push({
+                verifierId: 'tsc',
+                severity: 'error',
+                ruleId: match[4],
+                message: match[5],
+                file: match[1],
+                line: parseInt(match[2], 10),
+                column: parseInt(match[3], 10),
+            });
+        }
+        return findings;
+    }
+}
+//# sourceMappingURL=tsc.js.map

package/dist/verifier/plugins/tsc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tsc.js","sourceRoot":"","sources":["../../../src/verifier/plugins/tsc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAG9C,MAAM,OAAO,WAAW;IACb,EAAE,GAAG,KAAK,CAAC;IACX,IAAI,GAAG,qBAAqB,CAAC;IAEtC,KAAK,CAAC,SAAS;QACb,IAAI,CAAC;YACH,QAAQ,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,MAAoB;QAC5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE;YACxF,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAED,WAAW,CAAC,MAAc;QACxB,MAAM,QAAQ,GAA0B,EAAE,CAAC;QAC3C,MAAM,OAAO,GAAG,qDAAqD,CAAC;QAEtE,IAAI,KAA6B,CAAC;QAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;gBAChB,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;gBACjB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC5B,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/verifier/runner.d.ts

@@ -0,0 +1,14 @@
+import type { VerifierPlugin, VerifyTarget, VerificationReport, VerificationFinding } from '../types.js';
+interface RunnerOptions {
+    failFast?: boolean;
+}
+export declare class VerifierRunner {
+    private plugins;
+    private readonly failFast;
+    constructor(options?: RunnerOptions);
+    register(plugin: VerifierPlugin): void;
+    runAll(target: VerifyTarget): Promise<VerificationReport>;
+    runSingle(pluginId: string, target: VerifyTarget): Promise<VerificationFinding[]>;
+}
+export {};
+//# sourceMappingURL=runner.d.ts.map

package/dist/verifier/runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../src/verifier/runner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAEzG,UAAU,aAAa;IACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAwB;IACvC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAU;gBAEvB,OAAO,CAAC,EAAE,aAAa;IAInC,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAIhC,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC;IA8BzD,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;CAOxF"}

package/dist/verifier/runner.js

@@ -0,0 +1,45 @@
+export class VerifierRunner {
+    plugins = [];
+    failFast;
+    constructor(options) {
+        this.failFast = options?.failFast ?? false;
+    }
+    register(plugin) {
+        this.plugins.push(plugin);
+    }
+    async runAll(target) {
+        const start = Date.now();
+        const allFindings = [];
+        for (const plugin of this.plugins) {
+            const isAvailable = await plugin.available();
+            if (!isAvailable)
+                continue;
+            const findings = await plugin.run(target);
+            allFindings.push(...findings);
+            if (this.failFast && findings.some((f) => f.severity === 'error')) {
+                break;
+            }
+        }
+        const summary = {
+            errors: allFindings.filter((f) => f.severity === 'error').length,
+            warnings: allFindings.filter((f) => f.severity === 'warning').length,
+            info: allFindings.filter((f) => f.severity === 'info').length,
+        };
+        return {
+            passed: summary.errors === 0,
+            findings: allFindings,
+            summary,
+            duration: Date.now() - start,
+        };
+    }
+    async runSingle(pluginId, target) {
+        const plugin = this.plugins.find((p) => p.id === pluginId);
+        if (!plugin)
+            return [];
+        const isAvailable = await plugin.available();
+        if (!isAvailable)
+            return [];
+        return plugin.run(target);
+    }
+}
+//# sourceMappingURL=runner.js.map

package/dist/verifier/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../src/verifier/runner.ts"],"names":[],"mappings":"AAMA,MAAM,OAAO,cAAc;IACjB,OAAO,GAAqB,EAAE,CAAC;IACtB,QAAQ,CAAU;IAEnC,YAAY,OAAuB;QACjC,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,KAAK,CAAC;IAC7C,CAAC;IAED,QAAQ,CAAC,MAAsB;QAC7B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAoB;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,WAAW,GAA0B,EAAE,CAAC;QAE9C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;YAC7C,IAAI,CAAC,WAAW;gBAAE,SAAS;YAE3B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,WAAW,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YAE9B,IAAI,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,EAAE,CAAC;gBAClE,MAAM;YACR,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM;YAChE,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM;YACpE,IAAI,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;SAC9D,CAAC;QAEF,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC5B,QAAQ,EAAE,WAAW;YACrB,OAAO;YACP,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,MAAoB;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;QAC7C,IAAI,CAAC,WAAW;YAAE,OAAO,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;CACF"}

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "@galileodev/verify",
+  "version": "0.1.0",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": ["dist"],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "@galileodev/core": "*",
+    "zod": "^3.24.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0"
+  }
+}