@hiro-c/agent-gate 1.0.0

package/dist/deterministic/engine.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runDeterministicRules = runDeterministicRules;
+function runDeterministicRules(toolName, toolInput, rules, ctx) {
+    for (const rule of rules) {
+        const verdict = rule.check(toolName, toolInput, ctx);
+        if (verdict.kind === 'block') {
+            return { kind: 'block', reason: verdict.reason, ruleId: rule.id };
+        }
+    }
+    return { kind: 'allow' };
+}

package/dist/deterministic/factories.d.ts

@@ -0,0 +1,20 @@
+import { DeterministicRule } from './types';
+export interface ForbidCommandPatternOptions {
+    id: string;
+    match: RegExp;
+    reason: string;
+}
+export declare function forbidCommandPattern(opts: ForbidCommandPatternOptions): DeterministicRule;
+export interface ForbidContentPatternOptions {
+    id: string;
+    match: RegExp;
+    reason: string;
+}
+export declare function forbidContentPattern(opts: ForbidContentPatternOptions): DeterministicRule;
+export interface ForbidFilePathPatternOptions {
+    id: string;
+    match: RegExp;
+    reason: string;
+}
+export declare function forbidFilePathPattern(opts: ForbidFilePathPatternOptions): DeterministicRule;
+//# sourceMappingURL=factories.d.ts.map

package/dist/deterministic/factories.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factories.d.ts","sourceRoot":"","sources":["../../src/deterministic/factories.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,SAAS,CAAA;AAIxD,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;CACf;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,2BAA2B,GAChC,iBAAiB,CAWnB;AAED,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;CACf;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,2BAA2B,GAChC,iBAAiB,CAkBnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;CACf;AAED,wBAAgB,qBAAqB,CACnC,IAAI,EAAE,4BAA4B,GACjC,iBAAiB,CAWnB"}

package/dist/deterministic/factories.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.forbidCommandPattern = forbidCommandPattern;
+exports.forbidContentPattern = forbidContentPattern;
+exports.forbidFilePathPattern = forbidFilePathPattern;
+const WRITE_TOOLS = new Set(['Write', 'Edit', 'MultiEdit', 'NotebookEdit']);
+function forbidCommandPattern(opts) {
+    return {
+        id: opts.id,
+        check(toolName, toolInput) {
+            if (toolName !== 'Bash')
+                return { kind: 'allow' };
+            const command = toolInput.command;
+            if (typeof command !== 'string')
+                return { kind: 'allow' };
+            if (!opts.match.test(command))
+                return { kind: 'allow' };
+            return { kind: 'block', reason: opts.reason };
+        },
+    };
+}
+function forbidContentPattern(opts) {
+    return {
+        id: opts.id,
+        check(toolName, toolInput) {
+            if (!WRITE_TOOLS.has(toolName))
+                return { kind: 'allow' };
+            const candidates = [
+                toolInput.content,
+                toolInput.new_string,
+                toolInput.new_content,
+            ];
+            for (const c of candidates) {
+                if (typeof c === 'string' && opts.match.test(c)) {
+                    return { kind: 'block', reason: opts.reason };
+                }
+            }
+            return { kind: 'allow' };
+        },
+    };
+}
+function forbidFilePathPattern(opts) {
+    return {
+        id: opts.id,
+        check(toolName, toolInput) {
+            if (!WRITE_TOOLS.has(toolName))
+                return { kind: 'allow' };
+            const filePath = toolInput.file_path;
+            if (typeof filePath !== 'string')
+                return { kind: 'allow' };
+            if (!opts.match.test(filePath))
+                return { kind: 'allow' };
+            return { kind: 'block', reason: opts.reason };
+        },
+    };
+}

package/dist/deterministic/rules/preventBashSecretWrite.d.ts

@@ -0,0 +1,3 @@
+import { DeterministicRule } from '../types';
+export declare const preventBashSecretWrite: DeterministicRule;
+//# sourceMappingURL=preventBashSecretWrite.d.ts.map

package/dist/deterministic/rules/preventBashSecretWrite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preventBashSecretWrite.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventBashSecretWrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AAwDzD,eAAO,MAAM,sBAAsB,EAAE,iBAkBpC,CAAA"}

package/dist/deterministic/rules/preventBashSecretWrite.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.preventBashSecretWrite = void 0;
+const TEMPLATE_SUFFIXES = ['.example', '.sample', '.template', '.dist'];
+function basename(path) {
+    const cleaned = path.replace(/[\s'"]+$/, '');
+    const idx = cleaned.lastIndexOf('/');
+    return idx >= 0 ? cleaned.slice(idx + 1) : cleaned;
+}
+function isTemplate(path) {
+    return TEMPLATE_SUFFIXES.some((s) => path.endsWith(s));
+}
+function isSecretTargetPath(rawPath) {
+    const cleaned = rawPath.replace(/^['"]|['"]$/g, '').trim();
+    if (isTemplate(cleaned))
+        return false;
+    const name = basename(cleaned);
+    if (name === '.env' || name.startsWith('.env.'))
+        return true;
+    if (cleaned.includes('/.ssh/'))
+        return true;
+    if (/\/\.aws\/(credentials|config)$/.test(cleaned))
+        return true;
+    if (/\.(pem|key)$/.test(name))
+        return true;
+    if (/^id_(rsa|ed25519|ecdsa|dsa)$/.test(name))
+        return true;
+    if (name === '.netrc')
+        return true;
+    return false;
+}
+/**
+ * Extracts files that the command writes to via redirect (>, >>) or `tee`.
+ * Conservative: matches the next non-flag token after the operator/word.
+ */
+function extractWriteTargets(command) {
+    const targets = [];
+    // Redirect operators: >, >>, &>, &>>, 1>, 2> etc.
+    const redirectRe = /[12&]?>>?\s*([^\s;|&<>]+)/g;
+    for (const m of command.matchAll(redirectRe)) {
+        if (m[1])
+            targets.push(m[1]);
+    }
+    // tee [-a] FILE [FILE ...]
+    const teeRe = /\btee\b(?:\s+-[A-Za-z]+)*\s+([^\s;|&<>]+(?:\s+[^\s;|&<>]+)*)/g;
+    for (const m of command.matchAll(teeRe)) {
+        if (m[1]) {
+            for (const f of m[1].split(/\s+/)) {
+                if (f && !f.startsWith('-'))
+                    targets.push(f);
+            }
+        }
+    }
+    return targets;
+}
+exports.preventBashSecretWrite = {
+    id: 'prevent-bash-secret-write',
+    check(toolName, toolInput) {
+        if (toolName !== 'Bash')
+            return { kind: 'allow' };
+        const command = toolInput.command;
+        if (typeof command !== 'string')
+            return { kind: 'allow' };
+        const targets = extractWriteTargets(command);
+        for (const target of targets) {
+            if (isSecretTargetPath(target)) {
+                return {
+                    kind: 'block',
+                    reason: `Refusing to write to a likely secret/credential file via shell redirect: ${target}. If this is intentional, run the command manually outside of the agent.`,
+                };
+            }
+        }
+        return { kind: 'allow' };
+    },
+};

package/dist/deterministic/rules/preventForcePushMain.d.ts

@@ -0,0 +1,7 @@
+import { DeterministicRule } from '../types';
+export interface PreventForcePushMainOptions {
+    protectedBranches?: string[];
+}
+export declare function preventForcePushMainWith(opts?: PreventForcePushMainOptions): DeterministicRule;
+export declare const preventForcePushMain: DeterministicRule;
+//# sourceMappingURL=preventForcePushMain.d.ts.map

package/dist/deterministic/rules/preventForcePushMain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preventForcePushMain.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventForcePushMain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AA0DzD,MAAM,WAAW,2BAA2B;IAC1C,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC7B;AAED,wBAAgB,wBAAwB,CACtC,IAAI,CAAC,EAAE,2BAA2B,GACjC,iBAAiB,CA2BnB;AAED,eAAO,MAAM,oBAAoB,EAAE,iBAA8C,CAAA"}

package/dist/deterministic/rules/preventForcePushMain.js

@@ -0,0 +1,85 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.preventForcePushMain = void 0;
+exports.preventForcePushMainWith = preventForcePushMainWith;
+const DEFAULT_PROTECTED_BRANCHES = [
+    'main',
+    'master',
+    'develop',
+    'development',
+    'production',
+    'prod',
+    'release',
+    'stable',
+];
+function isGitPush(tokens) {
+    const gitIdx = tokens.indexOf('git');
+    if (gitIdx === -1)
+        return false;
+    return tokens[gitIdx + 1] === 'push';
+}
+function hasForceFlag(tokens) {
+    for (const token of tokens) {
+        if (token === '--force-with-lease')
+            continue;
+        if (token.startsWith('--force-with-lease='))
+            continue;
+        if (token === '--force' || token === '-f')
+            return true;
+    }
+    return false;
+}
+function targetsProtectedBranch(tokens, protectedSet) {
+    for (const token of tokens) {
+        if (token.startsWith('+')) {
+            const branch = token.slice(1).split(':').pop() ?? '';
+            if (protectedSet.has(branch))
+                return true;
+        }
+        if (protectedSet.has(token))
+            return true;
+        if (token.includes(':')) {
+            const dest = token.split(':').pop() ?? '';
+            if (protectedSet.has(dest))
+                return true;
+        }
+    }
+    return false;
+}
+function hasPlusPrefixedProtected(tokens, protectedSet) {
+    for (const token of tokens) {
+        if (!token.startsWith('+'))
+            continue;
+        const branch = token.slice(1).split(':').pop() ?? '';
+        if (protectedSet.has(branch))
+            return true;
+    }
+    return false;
+}
+function preventForcePushMainWith(opts) {
+    const protectedSet = new Set(opts?.protectedBranches ?? DEFAULT_PROTECTED_BRANCHES);
+    return {
+        id: 'prevent-force-push-main',
+        check(toolName, toolInput) {
+            if (toolName !== 'Bash')
+                return { kind: 'allow' };
+            const command = toolInput.command;
+            if (typeof command !== 'string')
+                return { kind: 'allow' };
+            const tokens = command.trim().split(/\s+/);
+            if (!isGitPush(tokens))
+                return { kind: 'allow' };
+            const force = hasForceFlag(tokens);
+            const plusForce = hasPlusPrefixedProtected(tokens, protectedSet);
+            if (!force && !plusForce)
+                return { kind: 'allow' };
+            if (!targetsProtectedBranch(tokens, protectedSet))
+                return { kind: 'allow' };
+            return {
+                kind: 'block',
+                reason: 'Force push to a protected branch is blocked. Use --force-with-lease if you really need to overwrite history, or push to a feature branch instead.',
+            };
+        },
+    };
+}
+exports.preventForcePushMain = preventForcePushMainWith();

package/dist/deterministic/rules/preventRmRfRoot.d.ts

@@ -0,0 +1,3 @@
+import { DeterministicRule } from '../types';
+export declare const preventRmRfRoot: DeterministicRule;
+//# sourceMappingURL=preventRmRfRoot.d.ts.map

package/dist/deterministic/rules/preventRmRfRoot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preventRmRfRoot.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventRmRfRoot.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AA+CzD,eAAO,MAAM,eAAe,EAAE,iBAmB7B,CAAA"}

package/dist/deterministic/rules/preventRmRfRoot.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.preventRmRfRoot = void 0;
+const CATASTROPHIC_TARGETS = new Set([
+    '/',
+    '$HOME',
+    '${HOME}',
+    '"$HOME"',
+    "'$HOME'",
+    '~',
+    '~/',
+    '/etc',
+    '/usr',
+    '/var',
+    '/bin',
+    '/sbin',
+    '/boot',
+    '/lib',
+    '/lib64',
+    '/opt',
+    '/Users',
+    '/home',
+    '/root',
+    '/private',
+    '/System',
+    '/Library',
+    '/Applications',
+]);
+function stripSudoPrefix(command) {
+    return command.replace(/^\s*sudo(\s+-[A-Za-z]+)*\s+/, '');
+}
+function isRecursiveForceRm(command) {
+    const trimmed = stripSudoPrefix(command).trim();
+    if (!/^rm\b/.test(trimmed))
+        return false;
+    const padded = ' ' + trimmed + ' ';
+    if (/\s--recursive\b/.test(padded))
+        return true;
+    // Short flag form: any flag cluster containing r/R (case-insensitive)
+    return /\s-[A-Za-z]*[rR][A-Za-z]*\s/.test(padded);
+}
+function extractTargets(command) {
+    const trimmed = stripSudoPrefix(command).trim();
+    const tokens = trimmed.split(/\s+/);
+    return tokens.slice(1).filter((t) => !t.startsWith('-'));
+}
+exports.preventRmRfRoot = {
+    id: 'prevent-rm-rf-root',
+    check(toolName, toolInput) {
+        if (toolName !== 'Bash')
+            return { kind: 'allow' };
+        const command = toolInput.command;
+        if (typeof command !== 'string')
+            return { kind: 'allow' };
+        if (!isRecursiveForceRm(command))
+            return { kind: 'allow' };
+        const targets = extractTargets(command);
+        for (const target of targets) {
+            if (CATASTROPHIC_TARGETS.has(target)) {
+                return {
+                    kind: 'block',
+                    reason: `Refusing to run recursive rm on a catastrophic path: ${target}. If this is genuinely intended, run the command manually outside of the agent.`,
+                };
+            }
+        }
+        return { kind: 'allow' };
+    },
+};

package/dist/deterministic/rules/preventSecretFileWrite.d.ts

@@ -0,0 +1,7 @@
+import { DeterministicRule } from '../types';
+export interface PreventSecretFileWriteOptions {
+    extraSecretPathPrefixes?: string[];
+}
+export declare function preventSecretFileWriteWith(opts?: PreventSecretFileWriteOptions): DeterministicRule;
+export declare const preventSecretFileWrite: DeterministicRule;
+//# sourceMappingURL=preventSecretFileWrite.d.ts.map

package/dist/deterministic/rules/preventSecretFileWrite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preventSecretFileWrite.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventSecretFileWrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AA8BzD,MAAM,WAAW,6BAA6B;IAC5C,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAA;CACnC;AAED,wBAAgB,0BAA0B,CACxC,IAAI,CAAC,EAAE,6BAA6B,GACnC,iBAAiB,CAoBnB;AAED,eAAO,MAAM,sBAAsB,EAAE,iBACP,CAAA"}

package/dist/deterministic/rules/preventSecretFileWrite.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.preventSecretFileWrite = void 0;
+exports.preventSecretFileWriteWith = preventSecretFileWriteWith;
+const TOOLS_THAT_WRITE = new Set(['Write', 'Edit', 'MultiEdit', 'NotebookEdit']);
+const TEMPLATE_SUFFIXES = ['.example', '.sample', '.template', '.dist'];
+function basename(path) {
+    const idx = path.lastIndexOf('/');
+    return idx >= 0 ? path.slice(idx + 1) : path;
+}
+function isTemplate(filePath) {
+    return TEMPLATE_SUFFIXES.some((suffix) => filePath.endsWith(suffix));
+}
+function isBuiltInSecretPath(filePath) {
+    if (isTemplate(filePath))
+        return false;
+    const name = basename(filePath);
+    if (name === '.env' || name.startsWith('.env.'))
+        return true;
+    if (filePath.includes('/.ssh/'))
+        return true;
+    if (/\/\.aws\/(credentials|config)$/.test(filePath))
+        return true;
+    if (/\.(pem|key)$/.test(name))
+        return true;
+    if (/^id_(rsa|ed25519|ecdsa|dsa)$/.test(name))
+        return true;
+    if (name === '.netrc')
+        return true;
+    return false;
+}
+function preventSecretFileWriteWith(opts) {
+    const extras = opts?.extraSecretPathPrefixes ?? [];
+    return {
+        id: 'prevent-secret-file-write',
+        check(toolName, toolInput) {
+            if (!TOOLS_THAT_WRITE.has(toolName))
+                return { kind: 'allow' };
+            const filePath = toolInput.file_path;
+            if (typeof filePath !== 'string')
+                return { kind: 'allow' };
+            if (isTemplate(filePath))
+                return { kind: 'allow' };
+            const builtIn = isBuiltInSecretPath(filePath);
+            const extra = extras.some((prefix) => filePath.includes(prefix));
+            if (!builtIn && !extra)
+                return { kind: 'allow' };
+            return {
+                kind: 'block',
+                reason: `Refusing to write to a likely secret/credential file: ${filePath}. If this is intentional, edit the file outside of the agent.`,
+            };
+        },
+    };
+}
+exports.preventSecretFileWrite = preventSecretFileWriteWith();

package/dist/deterministic/rules/preventSystemPathWrite.d.ts

@@ -0,0 +1,3 @@
+import { DeterministicRule } from '../types';
+export declare const preventSystemPathWrite: DeterministicRule;
+//# sourceMappingURL=preventSystemPathWrite.d.ts.map

package/dist/deterministic/rules/preventSystemPathWrite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preventSystemPathWrite.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventSystemPathWrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AAwBzD,eAAO,MAAM,sBAAsB,EAAE,iBAapC,CAAA"}

package/dist/deterministic/rules/preventSystemPathWrite.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.preventSystemPathWrite = void 0;
+const TOOLS_THAT_WRITE = new Set(['Write', 'Edit', 'MultiEdit', 'NotebookEdit']);
+const SYSTEM_PREFIXES = [
+    '/etc/',
+    '/usr/',
+    '/var/',
+    '/bin/',
+    '/sbin/',
+    '/boot/',
+    '/lib/',
+    '/lib64/',
+    '/opt/',
+    '/System/',
+    '/Library/',
+    '/private/etc/',
+    '/private/var/',
+];
+function startsWithSystemPath(filePath) {
+    return SYSTEM_PREFIXES.some((prefix) => filePath.startsWith(prefix));
+}
+exports.preventSystemPathWrite = {
+    id: 'prevent-system-path-write',
+    check(toolName, toolInput) {
+        if (!TOOLS_THAT_WRITE.has(toolName))
+            return { kind: 'allow' };
+        const filePath = toolInput.file_path;
+        if (typeof filePath !== 'string')
+            return { kind: 'allow' };
+        if (!startsWithSystemPath(filePath))
+            return { kind: 'allow' };
+        return {
+            kind: 'block',
+            reason: `Refusing to modify a system path: ${filePath}. Operations against /etc, /usr, /System, /Library and similar locations belong outside of the agent.`,
+        };
+    },
+};

package/dist/deterministic/types.d.ts

@@ -0,0 +1,20 @@
+import { SessionContext } from '../contracts/types/SessionContext';
+export type RuleVerdict = {
+    kind: 'allow';
+} | {
+    kind: 'block';
+    reason: string;
+};
+export interface DeterministicRule {
+    id: string;
+    /**
+     * Decide whether to block this tool operation.
+     *
+     * @param toolName - normalized tool name (e.g. "Bash", "Edit", "Write").
+     * @param toolInput - normalized tool input fields.
+     * @param ctx - optional session context with history and project paths.
+     *   Existing rules ignore this argument; new rules can read it.
+     */
+    check(toolName: string, toolInput: Record<string, unknown>, ctx?: SessionContext): RuleVerdict;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/deterministic/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/deterministic/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAA;AAElE,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,GACjB;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAErC,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAA;IACV;;;;;;;OAOG;IACH,KAAK,CACH,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,GAAG,CAAC,EAAE,cAAc,GACnB,WAAW,CAAA;CACf"}

package/dist/deterministic/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/doctor/findings.d.ts

@@ -0,0 +1,15 @@
+import { RuleSourceKind } from '../contracts/types/RuleSource';
+export type Severity = 'info' | 'warning' | 'error';
+export type FindingCode = 'empty-file' | 'ambiguous-modifier' | 'no-concrete-rules';
+export interface Finding {
+    ruleSourcePath: string;
+    ruleSourceKind: RuleSourceKind;
+    severity: Severity;
+    code: FindingCode;
+    message: string;
+    /** 1-indexed line number when the finding is line-specific. */
+    line?: number;
+    /** Small excerpt of the offending text for human review. */
+    excerpt?: string;
+}
+//# sourceMappingURL=findings.d.ts.map

package/dist/doctor/findings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../src/doctor/findings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAA;AAE9D,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,SAAS,GAAG,OAAO,CAAA;AAEnD,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,oBAAoB,GACpB,mBAAmB,CAAA;AAEvB,MAAM,WAAW,OAAO;IACtB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,cAAc,CAAA;IAC9B,QAAQ,EAAE,QAAQ,CAAA;IAClB,IAAI,EAAE,WAAW,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,+DAA+D;IAC/D,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,4DAA4D;IAC5D,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB"}

package/dist/doctor/findings.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/doctor/formatFindings.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from './findings';
+export declare function formatFindings(findings: Finding[]): string;
+//# sourceMappingURL=formatFindings.d.ts.map

package/dist/doctor/formatFindings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"formatFindings.d.ts","sourceRoot":"","sources":["../../src/doctor/formatFindings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAiBpC,wBAAgB,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAuB1D"}

package/dist/doctor/formatFindings.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatFindings = formatFindings;
+const SEVERITY_LABEL = {
+    info: 'info',
+    warning: 'warning',
+    error: 'error',
+};
+function groupByPath(findings) {
+    const out = {};
+    for (const f of findings) {
+        if (!out[f.ruleSourcePath])
+            out[f.ruleSourcePath] = [];
+        out[f.ruleSourcePath].push(f);
+    }
+    return out;
+}
+function formatFindings(findings) {
+    if (findings.length === 0) {
+        return 'No issues found. 0 findings.';
+    }
+    const lines = [];
+    const grouped = groupByPath(findings);
+    for (const path of Object.keys(grouped).sort()) {
+        lines.push(path);
+        for (const f of grouped[path]) {
+            const loc = f.line !== undefined ? ` (line ${f.line})` : '';
+            const excerpt = f.excerpt !== undefined && f.excerpt.length > 0
+                ? `\n      > ${f.excerpt}`
+                : '';
+            lines.push(`  [${SEVERITY_LABEL[f.severity]}] ${f.code}${loc}: ${f.message}${excerpt}`);
+        }
+        lines.push('');
+    }
+    lines.push(`${findings.length} finding${findings.length === 1 ? '' : 's'}.`);
+    return lines.join('\n');
+}

package/dist/doctor/lintRuleSources.d.ts

@@ -0,0 +1,4 @@
+import { RuleSource } from '../contracts/types/RuleSource';
+import { Finding } from './findings';
+export declare function lintRuleSources(sources: RuleSource[]): Finding[];
+//# sourceMappingURL=lintRuleSources.d.ts.map

package/dist/doctor/lintRuleSources.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lintRuleSources.d.ts","sourceRoot":"","sources":["../../src/doctor/lintRuleSources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAwDpC,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAyChE"}