@gulu9527/code-trust 0.3.0 → 0.3.1

package/dist/index.d.ts

@@ -14,9 +14,30 @@ interface Issue {
     suggestion?: string;
     codeSnippet?: string;
 }
+type IssueLifecycleStatus = 'new' | 'existing';
 interface ReportIssue extends Issue {
     fingerprint: string;
     fingerprintVersion: string;
+    lifecycle?: IssueLifecycleStatus;
+}
+interface FixedIssue {
+    ruleId: string;
+    severity: Severity;
+    category: RuleCategory;
+    file: string;
+    startLine: number;
+    endLine: number;
+    message: string;
+    fingerprint: string;
+    fingerprintVersion?: string;
+}
+interface LifecycleSummary {
+    newIssues: number;
+    existingIssues: number;
+    fixedIssues: number;
+    baselineUsed: boolean;
+    baselineCommit?: string;
+    baselineTimestamp?: string;
 }
 interface DimensionScore {
     score: number;
@@ -70,6 +91,8 @@ interface TrustReport {
         coverage: DimensionScore;
     };
     issues: ReportIssue[];
+    lifecycle?: LifecycleSummary;
+    fixedIssues?: FixedIssue[];
 }
 interface DiffFile {
     filePath: string;
@@ -91,6 +114,7 @@ interface ScanOptions {
     diff?: string;
     files?: string[];
     minScore?: number;
+    baseline?: string;
     format?: 'terminal' | 'json' | 'html';
 }
 
@@ -134,6 +158,11 @@ declare class ScanEngine {
     constructor(config: CodeTrustConfig, workDir?: string);
     scan(options: ScanOptions): Promise<TrustReport>;
     private scanFile;
+    private createSkippedResult;
+    private createErrorResult;
+    private readFileContent;
+    private extractAddedLines;
+    private runStructureAnalysis;
     private getScanCandidates;
     private getScanMode;
     private getDiffFiles;
@@ -142,6 +171,15 @@ declare class ScanEngine {
     private isTsJsFile;
     private attachFingerprints;
     private normalizeRelativePath;
+    private loadBaseline;
+    private parseBaselineIssues;
+    private parseBaselineIssue;
+    private isValidBaselineIssue;
+    private attachLifecycle;
+    private getFixedIssues;
+    private buildLifecycleSummary;
+    private isSeverity;
+    private isRuleCategory;
     private groupByDimension;
 }
 
@@ -196,6 +234,11 @@ declare class DiffParser {
     getStagedFiles(): Promise<DiffFile[]>;
     getDiffFromRef(ref: string): Promise<DiffFile[]>;
     getChangedFiles(): Promise<DiffFile[]>;
+    /**
+     * Merge two sets of diff files, deduplicating by file path.
+     * When a file appears in both, merge their hunks and combine stats.
+     */
+    private mergeDiffFiles;
     getLastCommitDiff(): Promise<DiffFile[]>;
     getCurrentCommitHash(): Promise<string | undefined>;
     getFileContent(filePath: string): Promise<string | undefined>;

package/dist/index.js

@@ -7,33 +7,64 @@ import { fileURLToPath } from "url";
 
 // src/parsers/diff.ts
 import simpleGit from "simple-git";
+var GIT_DIFF_UNIFIED = "--unified=3";
+var SHORT_HASH_LENGTH = 7;
 var DiffParser = class {
   git;
   constructor(workDir) {
     this.git = simpleGit(workDir);
   }
   async getStagedFiles() {
-    const diffDetail = await this.git.diff(["--cached", "--unified=3"]);
+    const diffDetail = await this.git.diff(["--cached", GIT_DIFF_UNIFIED]);
     return this.parseDiffOutput(diffDetail);
   }
   async getDiffFromRef(ref) {
-    const diffDetail = await this.git.diff([ref, "--unified=3"]);
+    const diffDetail = await this.git.diff([ref, GIT_DIFF_UNIFIED]);
     return this.parseDiffOutput(diffDetail);
   }
   async getChangedFiles() {
-    const diffDetail = await this.git.diff(["--unified=3"]);
-    const stagedDetail = await this.git.diff(["--cached", "--unified=3"]);
-    const allDiff = diffDetail + "\n" + stagedDetail;
-    return this.parseDiffOutput(allDiff);
+    const diffDetail = await this.git.diff([GIT_DIFF_UNIFIED]);
+    const stagedDetail = await this.git.diff(["--cached", GIT_DIFF_UNIFIED]);
+    const unstagedFiles = this.parseDiffOutput(diffDetail);
+    const stagedFiles = this.parseDiffOutput(stagedDetail);
+    return this.mergeDiffFiles(unstagedFiles, stagedFiles);
+  }
+  /**
+   * Merge two sets of diff files, deduplicating by file path.
+   * When a file appears in both, merge their hunks and combine stats.
+   */
+  mergeDiffFiles(unstaged, staged) {
+    const fileMap = /* @__PURE__ */ new Map();
+    for (const file of unstaged) {
+      fileMap.set(file.filePath, file);
+    }
+    for (const file of staged) {
+      const existing = fileMap.get(file.filePath);
+      if (existing) {
+        fileMap.set(file.filePath, {
+          ...existing,
+          // Combine additions/deletions
+          additions: existing.additions + file.additions,
+          deletions: existing.deletions + file.deletions,
+          // Merge hunks (preserve order: staged first, then unstaged)
+          hunks: [...file.hunks, ...existing.hunks],
+          // Status: if either is 'added', treat as added; otherwise keep modified
+          status: existing.status === "added" || file.status === "added" ? "added" : "modified"
+        });
+      } else {
+        fileMap.set(file.filePath, file);
+      }
+    }
+    return Array.from(fileMap.values());
   }
   async getLastCommitDiff() {
-    const diffDetail = await this.git.diff(["HEAD~1", "HEAD", "--unified=3"]);
+    const diffDetail = await this.git.diff(["HEAD~1", "HEAD", GIT_DIFF_UNIFIED]);
     return this.parseDiffOutput(diffDetail);
   }
   async getCurrentCommitHash() {
     try {
       const hash = await this.git.revparse(["HEAD"]);
-      return hash.trim().slice(0, 7);
+      return hash.trim().slice(0, SHORT_HASH_LENGTH);
     } catch {
       return void 0;
     }
@@ -660,6 +691,9 @@ function analyzeFunctionNode(node) {
 function calculateCyclomaticComplexity(root) {
   let complexity = 1;
   walkAST(root, (n) => {
+    if (n.type === AST_NODE_TYPES.FunctionDeclaration || n.type === AST_NODE_TYPES.FunctionExpression || n.type === AST_NODE_TYPES.ArrowFunctionExpression || n.type === AST_NODE_TYPES.MethodDefinition) {
+      return false;
+    }
     switch (n.type) {
       case AST_NODE_TYPES.IfStatement:
       case AST_NODE_TYPES.ConditionalExpression:
@@ -688,6 +722,9 @@ function calculateCognitiveComplexity(root) {
   const depthMap = /* @__PURE__ */ new WeakMap();
   depthMap.set(root, 0);
   walkAST(root, (n, parent) => {
+    if (n.type === AST_NODE_TYPES.FunctionDeclaration || n.type === AST_NODE_TYPES.FunctionExpression || n.type === AST_NODE_TYPES.ArrowFunctionExpression || n.type === AST_NODE_TYPES.MethodDefinition) {
+      return false;
+    }
     const parentDepth = parent ? depthMap.get(parent) ?? 0 : 0;
     const isNesting = isNestingNode(n);
     const depth = isNesting ? parentDepth + 1 : parentDepth;
@@ -706,6 +743,9 @@ function calculateMaxNestingDepth(root) {
   const depthMap = /* @__PURE__ */ new WeakMap();
   depthMap.set(root, 0);
   walkAST(root, (n, parent) => {
+    if (n.type === AST_NODE_TYPES.FunctionDeclaration || n.type === AST_NODE_TYPES.FunctionExpression || n.type === AST_NODE_TYPES.ArrowFunctionExpression || n.type === AST_NODE_TYPES.MethodDefinition) {
+      return false;
+    }
     const parentDepth = parent ? depthMap.get(parent) ?? 0 : 0;
     const isNesting = n.type === AST_NODE_TYPES.IfStatement || n.type === AST_NODE_TYPES.ForStatement || n.type === AST_NODE_TYPES.ForInStatement || n.type === AST_NODE_TYPES.ForOfStatement || n.type === AST_NODE_TYPES.WhileStatement || n.type === AST_NODE_TYPES.DoWhileStatement || n.type === AST_NODE_TYPES.SwitchStatement || n.type === AST_NODE_TYPES.TryStatement;
     const currentDepth = isNesting ? parentDepth + 1 : parentDepth;
@@ -887,14 +927,19 @@ function stringifyCondition(node) {
     case AST_NODE_TYPES.Literal:
       return String(node.value);
     case AST_NODE_TYPES.BinaryExpression:
+      return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
     case AST_NODE_TYPES.LogicalExpression:
       return `${stringifyCondition(node.left)} ${node.operator} ${stringifyCondition(node.right)}`;
     case AST_NODE_TYPES.UnaryExpression:
       return `${node.operator}${stringifyCondition(node.argument)}`;
     case AST_NODE_TYPES.MemberExpression:
       return `${stringifyCondition(node.object)}.${stringifyCondition(node.property)}`;
-    case AST_NODE_TYPES.CallExpression:
-      return `${stringifyCondition(node.callee)}(...)`;
+    case AST_NODE_TYPES.CallExpression: {
+      const args = node.arguments.map((arg) => stringifyCondition(arg)).join(", ");
+      return `${stringifyCondition(node.callee)}(${args})`;
+    }
+    case AST_NODE_TYPES.ConditionalExpression:
+      return `${stringifyCondition(node.test)} ? ${stringifyCondition(node.consequent)} : ${stringifyCondition(node.alternate)}`;
     default:
       return `[${node.type}]`;
   }
@@ -1055,9 +1100,11 @@ var securityRules = [
       const issues = [];
       const lines = context.fileContent.split("\n");
       for (let i = 0; i < lines.length; i++) {
-        const trimmed = lines[i].trim();
+        const line = lines[i];
+        const trimmed = line.trim();
         if (trimmed.startsWith("//") || trimmed.startsWith("*")) continue;
-        if (/\.(innerHTML|outerHTML)\s*=/.test(lines[i]) || /dangerouslySetInnerHTML/.test(lines[i])) {
+        const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "").replace(/\/[^/]+\/[dgimsuvy]*/g, '""');
+        if (/\.(innerHTML|outerHTML)\s*=/.test(cleaned) || /dangerouslySetInnerHTML/.test(cleaned)) {
           issues.push({
             ruleId: "security/dangerous-html",
             severity: "medium",
@@ -1585,6 +1632,9 @@ var missingAwaitRule = {
       const body = getFunctionBody(node);
       if (!body) return;
       walkAST(body, (inner, parent) => {
+        if (inner.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+          return;
+        }
         if (inner !== body && isAsyncFunction(inner)) return false;
         if (inner.type !== AST_NODE_TYPES.CallExpression) return;
         if (parent?.type === AST_NODE_TYPES.AwaitExpression) return;
@@ -1594,6 +1644,9 @@ var missingAwaitRule = {
         if (parent?.type === AST_NODE_TYPES.AssignmentExpression) return;
         if (parent?.type === AST_NODE_TYPES.ArrayExpression) return;
         if (parent?.type === AST_NODE_TYPES.CallExpression && parent !== inner) return;
+        if (parent?.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+          return;
+        }
         const callName = getCallName(inner);
         if (!callName) return;
         if (!asyncFuncNames.has(callName)) return;
@@ -1805,9 +1858,28 @@ var typeCoercionRule = {
 var ALLOWED_NUMBERS = /* @__PURE__ */ new Set([
   -1,
   0,
+  0.1,
+  0.1,
+  0.15,
+  0.2,
+  0.2,
+  0.25,
+  0.3,
+  0.3,
+  0.5,
   1,
   2,
+  3,
+  4,
+  5,
   10,
+  15,
+  20,
+  30,
+  40,
+  50,
+  70,
+  90,
   100
 ]);
 var magicNumberRule = {
@@ -1836,6 +1908,7 @@ var magicNumberRule = {
       if (/^\s*(export\s+)?enum\s/.test(line)) continue;
       if (trimmed.startsWith("import ")) continue;
       if (/^\s*return\s+[0-9]+\s*;?\s*$/.test(line)) continue;
+      if (/^\s*['"]?[-\w]+['"]?\s*:\s*-?\d+\.?\d*(?:e[+-]?\d+)?\s*,?\s*$/.test(trimmed)) continue;
       const cleaned = line.replace(/(['"`])(?:(?!\1|\\).|\\.)*\1/g, '""').replace(/\/\/.*$/, "");
       const numRegex = /(?<![.\w])(-?\d+\.?\d*(?:e[+-]?\d+)?)\b/gi;
       let match;
@@ -1932,6 +2005,17 @@ var nestedTernaryRule = {
 // src/rules/builtin/duplicate-string.ts
 var MIN_STRING_LENGTH = 6;
 var MIN_OCCURRENCES = 3;
+var IGNORED_LITERALS = /* @__PURE__ */ new Set([
+  "high",
+  "medium",
+  "low",
+  "info",
+  "logic",
+  "security",
+  "structure",
+  "style",
+  "coverage"
+]);
 var duplicateStringRule = {
   id: "logic/duplicate-string",
   category: "logic",
@@ -1962,6 +2046,7 @@ var duplicateStringRule = {
       while ((match = stringRegex.exec(cleaned)) !== null) {
         const value = match[2];
         if (value.length < MIN_STRING_LENGTH) continue;
+        if (IGNORED_LITERALS.has(value)) continue;
         if (value.includes("${")) continue;
         if (value.startsWith("http") || value.startsWith("/")) continue;
         if (value.startsWith("test") || value.startsWith("mock")) continue;
@@ -2231,13 +2316,28 @@ var promiseVoidRule = {
       /^save/,
       /^load/,
       /^send/,
-      /^delete/,
       /^update/,
       /^create/,
       /^connect/,
       /^disconnect/,
       /^init/
     ];
+    const syncMethods = [
+      "delete",
+      // Map.delete(), Set.delete(), Object.delete() are synchronous
+      "has",
+      // Map.has(), Set.has() are synchronous
+      "get",
+      // Map.get() is synchronous
+      "set",
+      // Map.set() is synchronous (though some consider it potentially async)
+      "keys",
+      // Object.keys() is synchronous
+      "values",
+      // Object.values() is synchronous
+      "entries"
+      // Object.entries() is synchronous
+    ];
     walkAST(ast, (node) => {
       if (node.type !== AST_NODE_TYPES.ExpressionStatement) return;
       const expr = node.expression;
@@ -2248,6 +2348,7 @@ var promiseVoidRule = {
       const isKnownAsync = asyncFnNames.has(fnName);
       const matchesPattern = commonAsyncPatterns.some((p) => p.test(fnName));
       const endsWithAsync = fnName.endsWith("Async") || fnName.endsWith("async");
+      if (syncMethods.includes(fnName)) return;
       if (!isKnownAsync && !matchesPattern && !endsWithAsync) return;
       const line = node.loc?.start.line ?? 0;
       if (line === 0) return;
@@ -2999,7 +3100,11 @@ var ScanEngine = class {
       }
     }
     const issuesWithFingerprints = this.attachFingerprints(allIssues);
-    const dimensions = this.groupByDimension(issuesWithFingerprints);
+    const baseline = await this.loadBaseline(options.baseline);
+    const issuesWithLifecycle = this.attachLifecycle(issuesWithFingerprints, baseline);
+    const fixedIssues = this.getFixedIssues(issuesWithLifecycle, baseline);
+    const lifecycle = this.buildLifecycleSummary(issuesWithLifecycle, fixedIssues, baseline);
+    const dimensions = this.groupByDimension(issuesWithLifecycle);
     const overallScore = calculateOverallScore(dimensions, this.config.weights);
     const grade = getGrade(overallScore);
     const commitHash = await this.diffParser.getCurrentCommitHash();
@@ -3013,7 +3118,7 @@ var ScanEngine = class {
         score: overallScore,
         grade,
         filesScanned,
-        issuesFound: issuesWithFingerprints.length
+        issuesFound: issuesWithLifecycle.length
       },
       toolHealth: {
         rulesExecuted,
@@ -3026,70 +3131,75 @@ var ScanEngine = class {
         ruleFailures
       },
       dimensions,
-      issues: issuesWithFingerprints.sort((a, b) => {
+      issues: issuesWithLifecycle.sort((a, b) => {
         const severityOrder = { high: 0, medium: 1, low: 2, info: 3 };
         return severityOrder[a.severity] - severityOrder[b.severity];
-      })
+      }),
+      lifecycle,
+      fixedIssues
     };
   }
   async scanFile(diffFile) {
     if (diffFile.status === "deleted") {
-      return {
-        issues: [],
-        ruleFailures: [],
-        rulesExecuted: 0,
-        rulesFailed: 0,
-        scanErrors: [
-          {
-            type: "deleted-file",
-            file: diffFile.filePath,
-            message: `Skipped deleted file: ${diffFile.filePath}`
-          }
-        ],
-        scanned: false
-      };
+      return this.createSkippedResult(diffFile, "deleted-file", `Skipped deleted file: ${diffFile.filePath}`);
     }
     if (!this.isTsJsFile(diffFile.filePath)) {
-      return {
-        issues: [],
-        ruleFailures: [],
-        rulesExecuted: 0,
-        rulesFailed: 0,
-        scanErrors: [
-          {
-            type: "unsupported-file-type",
-            file: diffFile.filePath,
-            message: `Skipped unsupported file type: ${diffFile.filePath}`
-          }
-        ],
-        scanned: false
-      };
+      return this.createSkippedResult(diffFile, "unsupported-file-type", `Skipped unsupported file type: ${diffFile.filePath}`);
+    }
+    const fileContent = await this.readFileContent(diffFile);
+    if (!fileContent) {
+      return this.createErrorResult(diffFile, "missing-file-content", `Unable to read file content for ${diffFile.filePath}`);
     }
+    const addedLines = this.extractAddedLines(diffFile);
+    const ruleResult = this.ruleEngine.runWithDiagnostics({
+      filePath: diffFile.filePath,
+      fileContent,
+      addedLines
+    });
+    const issues = [...ruleResult.issues];
+    issues.push(...this.runStructureAnalysis(fileContent, diffFile.filePath));
+    issues.push(...analyzeStyle(fileContent, diffFile.filePath).issues);
+    issues.push(...analyzeCoverage(fileContent, diffFile.filePath).issues);
+    return {
+      issues,
+      ruleFailures: ruleResult.ruleFailures,
+      rulesExecuted: ruleResult.rulesExecuted,
+      rulesFailed: ruleResult.rulesFailed,
+      scanErrors: [],
+      scanned: true
+    };
+  }
+  createSkippedResult(diffFile, type, message) {
+    return {
+      issues: [],
+      ruleFailures: [],
+      rulesExecuted: 0,
+      rulesFailed: 0,
+      scanErrors: [{ type, file: diffFile.filePath, message }],
+      scanned: false
+    };
+  }
+  createErrorResult(diffFile, type, message) {
+    return {
+      issues: [],
+      ruleFailures: [],
+      rulesExecuted: 0,
+      rulesFailed: 0,
+      scanErrors: [{ type, file: diffFile.filePath, message }],
+      scanned: false
+    };
+  }
+  async readFileContent(diffFile) {
     const filePath = resolve2(diffFile.filePath);
-    let fileContent;
     try {
-      fileContent = await readFile(filePath, "utf-8");
+      return await readFile(filePath, "utf-8");
     } catch {
       const content = await this.diffParser.getFileContent(diffFile.filePath);
-      if (!content) {
-        return {
-          issues: [],
-          ruleFailures: [],
-          rulesExecuted: 0,
-          rulesFailed: 0,
-          scanErrors: [
-            {
-              type: "missing-file-content",
-              file: diffFile.filePath,
-              message: `Unable to read file content for ${diffFile.filePath}`
-            }
-          ],
-          scanned: false
-        };
-      }
-      fileContent = content;
+      return content ?? null;
     }
-    const addedLines = diffFile.hunks.flatMap((hunk) => {
+  }
+  extractAddedLines(diffFile) {
+    return diffFile.hunks.flatMap((hunk) => {
       const lines = hunk.content.split("\n");
       const result = [];
       let currentLine = hunk.newStart;
@@ -3104,32 +3214,15 @@ var ScanEngine = class {
       }
       return result;
     });
-    const ruleResult = this.ruleEngine.runWithDiagnostics({
-      filePath: diffFile.filePath,
-      fileContent,
-      addedLines
-    });
-    const issues = [...ruleResult.issues];
-    const structureResult = analyzeStructure(fileContent, diffFile.filePath, {
+  }
+  runStructureAnalysis(fileContent, filePath) {
+    return analyzeStructure(fileContent, filePath, {
       maxCyclomaticComplexity: this.config.thresholds["max-cyclomatic-complexity"],
       maxCognitiveComplexity: this.config.thresholds["max-cognitive-complexity"],
       maxFunctionLength: this.config.thresholds["max-function-length"],
       maxNestingDepth: this.config.thresholds["max-nesting-depth"],
       maxParamCount: this.config.thresholds["max-params"]
-    });
-    issues.push(...structureResult.issues);
-    const styleResult = analyzeStyle(fileContent, diffFile.filePath);
-    issues.push(...styleResult.issues);
-    const coverageResult = analyzeCoverage(fileContent, diffFile.filePath);
-    issues.push(...coverageResult.issues);
-    return {
-      issues,
-      ruleFailures: ruleResult.ruleFailures,
-      rulesExecuted: ruleResult.rulesExecuted,
-      rulesFailed: ruleResult.rulesFailed,
-      scanErrors: [],
-      scanned: true
-    };
+    }).issues;
   }
   async getScanCandidates(options) {
     const scanMode = this.getScanMode(options);
@@ -3170,7 +3263,7 @@ var ScanEngine = class {
     }
     return "changed";
   }
-  async getDiffFiles(options) {
+  getDiffFiles(options) {
     if (options.staged) {
       return this.diffParser.getStagedFiles();
     }
@@ -3251,6 +3344,96 @@ var ScanEngine = class {
     const relativePath = relative(process.cwd(), absolutePath) || filePath;
     return relativePath.split(sep).join("/");
   }
+  async loadBaseline(baselinePath) {
+    if (!baselinePath) {
+      return void 0;
+    }
+    const baselineContent = await readFile(resolve2(baselinePath), "utf-8");
+    const parsed = JSON.parse(baselineContent);
+    const issues = this.parseBaselineIssues(parsed.issues);
+    return {
+      issues,
+      fingerprintSet: new Set(issues.map((issue) => issue.fingerprint)),
+      commit: typeof parsed.commit === "string" ? parsed.commit : void 0,
+      timestamp: typeof parsed.timestamp === "string" ? parsed.timestamp : void 0
+    };
+  }
+  parseBaselineIssues(input) {
+    if (!Array.isArray(input)) {
+      return [];
+    }
+    return input.flatMap((item) => {
+      const issue = this.parseBaselineIssue(item);
+      return issue ? [issue] : [];
+    });
+  }
+  parseBaselineIssue(input) {
+    if (!input || typeof input !== "object") {
+      return void 0;
+    }
+    const issue = input;
+    if (!this.isValidBaselineIssue(issue)) {
+      return void 0;
+    }
+    return {
+      ruleId: issue.ruleId,
+      severity: issue.severity,
+      category: issue.category,
+      file: issue.file,
+      startLine: issue.startLine,
+      endLine: issue.endLine,
+      message: issue.message,
+      fingerprint: issue.fingerprint,
+      fingerprintVersion: typeof issue.fingerprintVersion === "string" ? issue.fingerprintVersion : void 0
+    };
+  }
+  isValidBaselineIssue(issue) {
+    return typeof issue.ruleId === "string" && this.isSeverity(issue.severity) && this.isRuleCategory(issue.category) && typeof issue.file === "string" && typeof issue.startLine === "number" && typeof issue.endLine === "number" && typeof issue.message === "string" && typeof issue.fingerprint === "string";
+  }
+  attachLifecycle(issues, baseline) {
+    if (!baseline) {
+      return issues;
+    }
+    return issues.map((issue) => ({
+      ...issue,
+      lifecycle: baseline.fingerprintSet.has(issue.fingerprint) ? "existing" : "new"
+    }));
+  }
+  getFixedIssues(issues, baseline) {
+    if (!baseline) {
+      return [];
+    }
+    const currentFingerprints = new Set(issues.map((issue) => issue.fingerprint));
+    return baseline.issues.filter((issue) => !currentFingerprints.has(issue.fingerprint));
+  }
+  buildLifecycleSummary(issues, fixedIssues, baseline) {
+    if (!baseline) {
+      return void 0;
+    }
+    let newIssues = 0;
+    let existingIssues = 0;
+    for (const issue of issues) {
+      if (issue.lifecycle === "existing") {
+        existingIssues++;
+      } else {
+        newIssues++;
+      }
+    }
+    return {
+      newIssues,
+      existingIssues,
+      fixedIssues: fixedIssues.length,
+      baselineUsed: true,
+      baselineCommit: baseline.commit,
+      baselineTimestamp: baseline.timestamp
+    };
+  }
+  isSeverity(value) {
+    return value === "high" || value === "medium" || value === "low" || value === "info";
+  }
+  isRuleCategory(value) {
+    return ["security", "logic", "structure", "style", "coverage"].includes(value);
+  }
   groupByDimension(issues) {
     const categories = [
       "security",