@hookwarden/engine 0.0.1 → 0.1.0

package/dist/parsers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/parsers/index.ts"],"names":[],"mappings":"AAAA,uFAAuF;AACvF,OAAO,EAAuD,SAAS,EAAE,MAAM,YAAY,CAAC;AAC5F,OAAO,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EAAyB,WAAW,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAEL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC"}

package/dist/parsers/literals.d.ts

@@ -0,0 +1,4 @@
+import type { File } from "@babel/types";
+import type { LiteralSpan } from "../redaction/structural.js";
+export declare function extractBabelLiterals(ast: File | null): ReadonlyArray<LiteralSpan>;
+//# sourceMappingURL=literals.d.ts.map

package/dist/parsers/literals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"literals.d.ts","sourceRoot":"","sources":["../../src/parsers/literals.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAa9D,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,GAAG,aAAa,CAAC,WAAW,CAAC,CA0BjF"}

package/dist/parsers/literals.js

@@ -0,0 +1,37 @@
+// Walks a Babel File and extracts every literal span the redactor needs.
+// Pure traversal: depth-first via the shared walkUntypedAst helper. No @babel/traverse dep.
+import { walkUntypedAst } from "./walk.js";
+function pushSpan(out, kind, node, value) {
+    if (typeof node.start !== "number" || typeof node.end !== "number")
+        return;
+    out.push({ kind, start: node.start, end: node.end, value });
+}
+export function extractBabelLiterals(ast) {
+    if (ast === null)
+        return [];
+    const out = [];
+    walkUntypedAst(ast, (node) => {
+        switch (node.type) {
+            case "StringLiteral":
+                pushSpan(out, "string", node, node.value);
+                return;
+            case "NumericLiteral":
+            case "BigIntLiteral":
+                pushSpan(out, "number", node, String(node.value));
+                return;
+            case "TemplateLiteral":
+                // Whole template captured as one span so substitution values cannot survive redaction.
+                pushSpan(out, "template", node, "<TEMPLATE>");
+                return;
+            case "RegExpLiteral":
+                pushSpan(out, "regex", node, node.pattern);
+                return;
+            default:
+                return;
+        }
+    });
+    // Stable order: ascending by start.
+    out.sort((a, b) => a.start - b.start);
+    return out;
+}
+//# sourceMappingURL=literals.js.map

package/dist/parsers/literals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"literals.js","sourceRoot":"","sources":["../../src/parsers/literals.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,4FAA4F;AAI5F,OAAO,EAAqB,cAAc,EAAE,MAAM,WAAW,CAAC;AAE9D,SAAS,QAAQ,CACf,GAAkB,EAClB,IAAyB,EACzB,IAAkB,EAClB,KAAa;IAEb,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO;IAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAAgB;IACnD,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,cAAc,CAAC,GAA8B,EAAE,CAAC,IAAI,EAAE,EAAE;QACtD,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,eAAe;gBAClB,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAG,IAAqC,CAAC,KAAK,CAAC,CAAC;gBAC5E,OAAO;YACT,KAAK,gBAAgB,CAAC;YACtB,KAAK,eAAe;gBAClB,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAE,IAAsC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrF,OAAO;YACT,KAAK,iBAAiB;gBACpB,uFAAuF;gBACvF,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;gBAC9C,OAAO;YACT,KAAK,eAAe;gBAClB,QAAQ,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAG,IAAuC,CAAC,OAAO,CAAC,CAAC;gBAC/E,OAAO;YACT;gBACE,OAAO;QACX,CAAC;IACH,CAAC,CAAC,CAAC;IACH,oCAAoC;IACpC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/parsers/python-literals.d.ts

@@ -0,0 +1,5 @@
+import type { Node, Tree } from "web-tree-sitter";
+import type { LiteralSpan } from "../redaction/structural.js";
+export declare function extractPythonLiterals(tree: Tree | null): ReadonlyArray<LiteralSpan>;
+export type { Node as TreeSitterNode };
+//# sourceMappingURL=python-literals.d.ts.map

package/dist/parsers/python-literals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"python-literals.d.ts","sourceRoot":"","sources":["../../src/parsers/python-literals.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAO9D,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,GAAG,aAAa,CAAC,WAAW,CAAC,CAsCnF;AAkBD,YAAY,EAAE,IAAI,IAAI,cAAc,EAAE,CAAC"}

package/dist/parsers/python-literals.js

@@ -0,0 +1,62 @@
+// Walks a tree-sitter-python tree and emits LiteralSpan[] for the redactor (D-39).
+// Pure: in-memory tree traversal only — engine purity gate (D-01) bans any I/O imports.
+// tree-sitter-python literal node types we care about. (Confirmed against tree-sitter-python's
+// `node-types.json`; if a grammar bump renames any of these, update this list.)
+const STRING_NODES = ["string"];
+const NUMBER_NODES = ["integer", "float"];
+export function extractPythonLiterals(tree) {
+    if (tree === null)
+        return [];
+    const out = [];
+    const root = tree.rootNode;
+    for (const node of root.descendantsOfType([...STRING_NODES, ...NUMBER_NODES])) {
+        if (NUMBER_NODES.includes(node.type)) {
+            out.push({
+                kind: "number",
+                start: node.startIndex,
+                end: node.endIndex,
+                value: node.text,
+            });
+            continue;
+        }
+        // String literal. Detect f-string by looking for an `interpolation` named descendant.
+        // (Some grammar versions use `string_interpolation`; treat both as template.)
+        const isTemplate = node.descendantsOfType(["interpolation", "string_interpolation"]).length > 0;
+        if (isTemplate) {
+            out.push({
+                kind: "template",
+                start: node.startIndex,
+                end: node.endIndex,
+                value: "<TEMPLATE>",
+            });
+            continue;
+        }
+        // Plain string literal. The `text` field includes the quote characters and any prefix
+        // (b, r, u). Strip prefix + quotes to get the inner value for length-aware redaction.
+        const innerValue = stripPythonQuotes(node.text);
+        out.push({
+            kind: "string",
+            start: node.startIndex,
+            end: node.endIndex,
+            value: innerValue,
+        });
+    }
+    out.sort((a, b) => a.start - b.start);
+    return out;
+}
+function stripPythonQuotes(raw) {
+    // Strip any prefix character (b, r, u, B, R, U, plus combos like rb, fr).
+    let i = 0;
+    while (i < raw.length && /[bBrRuUfF]/.test(raw[i] ?? ""))
+        i++;
+    const quoted = raw.slice(i);
+    // Triple-quoted ('''x''' or """x""") and single-quoted ('x' or "x").
+    if (quoted.startsWith('"""') || quoted.startsWith("'''")) {
+        return quoted.slice(3, quoted.length - 3);
+    }
+    if (quoted.startsWith('"') || quoted.startsWith("'")) {
+        return quoted.slice(1, quoted.length - 1);
+    }
+    return quoted;
+}
+//# sourceMappingURL=python-literals.js.map

package/dist/parsers/python-literals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"python-literals.js","sourceRoot":"","sources":["../../src/parsers/python-literals.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,wFAAwF;AAKxF,+FAA+F;AAC/F,gFAAgF;AAChF,MAAM,YAAY,GAAG,CAAC,QAAQ,CAAU,CAAC;AACzC,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,OAAO,CAAU,CAAC;AAEnD,MAAM,UAAU,qBAAqB,CAAC,IAAiB;IACrD,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,YAAY,EAAE,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC;QAC9E,IAAK,YAAkC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5D,GAAG,CAAC,IAAI,CAAC;gBACP,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,IAAI,CAAC,UAAU;gBACtB,GAAG,EAAE,IAAI,CAAC,QAAQ;gBAClB,KAAK,EAAE,IAAI,CAAC,IAAI;aACjB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,sFAAsF;QACtF,8EAA8E;QAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAChG,IAAI,UAAU,EAAE,CAAC;YACf,GAAG,CAAC,IAAI,CAAC;gBACP,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,IAAI,CAAC,UAAU;gBACtB,GAAG,EAAE,IAAI,CAAC,QAAQ;gBAClB,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,sFAAsF;QACtF,sFAAsF;QACtF,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,IAAI,CAAC,UAAU;YACtB,GAAG,EAAE,IAAI,CAAC,QAAQ;YAClB,KAAK,EAAE,UAAU;SAClB,CAAC,CAAC;IACL,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IACtC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,0EAA0E;IAC1E,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAAE,CAAC,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,qEAAqE;IACrE,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/parsers/python-loader.d.ts

@@ -0,0 +1,9 @@
+import { Parser } from "web-tree-sitter";
+export interface PythonRuntime {
+    readonly parser: Parser;
+}
+export interface InitPythonRuntimeInput {
+    readonly wasmBytes: Uint8Array;
+}
+export declare function initPythonRuntime(input: InitPythonRuntimeInput): Promise<PythonRuntime>;
+//# sourceMappingURL=python-loader.d.ts.map

package/dist/parsers/python-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"python-loader.d.ts","sourceRoot":"","sources":["../../src/parsers/python-loader.ts"],"names":[],"mappings":"AAIA,OAAO,EAAY,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEnD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,sBAAsB;IAErC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;CAChC;AAID,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,sBAAsB,GAAG,OAAO,CAAC,aAAa,CAAC,CAS7F"}

package/dist/parsers/python-loader.js

@@ -0,0 +1,16 @@
+// Caller-supplied init for the tree-sitter-python WASM runtime.
+// D-01 engine purity: this module never opens the .wasm file. The CLI runner reads
+// it from disk (or fetch in a future browser playground build) and passes the bytes.
+import { Language, Parser } from "web-tree-sitter";
+let parserInited = false;
+export async function initPythonRuntime(input) {
+    if (!parserInited) {
+        await Parser.init();
+        parserInited = true;
+    }
+    const language = await Language.load(input.wasmBytes);
+    const parser = new Parser();
+    parser.setLanguage(language);
+    return { parser };
+}
+//# sourceMappingURL=python-loader.js.map

package/dist/parsers/python-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"python-loader.js","sourceRoot":"","sources":["../../src/parsers/python-loader.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,mFAAmF;AACnF,qFAAqF;AAErF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAWnD,IAAI,YAAY,GAAG,KAAK,CAAC;AAEzB,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,KAA6B;IACnE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC7B,OAAO,EAAE,MAAM,EAAE,CAAC;AACpB,CAAC"}

package/dist/parsers/python.d.ts

@@ -0,0 +1,8 @@
+import type { ParsedFile } from "../types/project-model.js";
+import type { PythonRuntime } from "./python-loader.js";
+export interface ParsePythonInput {
+    readonly file_path: string;
+    readonly source_text: string;
+}
+export declare function parsePython(input: ParsePythonInput, runtime: PythonRuntime): Promise<ParsedFile>;
+//# sourceMappingURL=python.d.ts.map

package/dist/parsers/python.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../src/parsers/python.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAc,UAAU,EAAoB,MAAM,2BAA2B,CAAC;AAC1F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,wBAAsB,WAAW,CAC/B,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,UAAU,CAAC,CA2BrB"}

package/dist/parsers/python.js

@@ -0,0 +1,125 @@
+// Python parser adapter (ENGINE-02). web-tree-sitter (WASM) + tree-sitter-python.
+// D-27 all-or-nothing: any ERROR or MISSING node in the parse output triggers a ParseErrorRecord.
+// PITFALLS #6: tree-sitter-python decorator-grammar gaps surface here as parse errors,
+// NOT as silently-skipped files. The all-or-nothing policy is the user-visible signal.
+export async function parsePython(input, runtime) {
+    const { file_path, source_text } = input;
+    // tree-sitter never throws on parse — it always returns a tree (possibly null on OOM).
+    // Errors surface as ERROR / MISSING nodes inside the tree.
+    const tree = runtime.parser.parse(source_text);
+    let parseError = null;
+    if (tree === null) {
+        parseError = {
+            message: "tree-sitter-python: parser returned null tree",
+            location: { line: 1, col: 1 },
+            source: "tree-sitter",
+        };
+    }
+    else {
+        parseError = findFirstError(tree.rootNode);
+    }
+    const cleanTree = parseError === null ? tree : null;
+    const imports = cleanTree === null ? [] : extractImports(cleanTree.rootNode, file_path);
+    return {
+        file_path,
+        language: "python",
+        dialect: "tree-sitter-python",
+        source_text,
+        raw_ast: cleanTree, // D-27: null on error
+        imports,
+        parse_error: parseError,
+    };
+}
+function findFirstError(root) {
+    // DFS from rootNode; stop at first ERROR or MISSING node.
+    const stack = [root];
+    while (stack.length > 0) {
+        const node = stack.pop();
+        if (!node)
+            break;
+        if (node.type === "ERROR" || node.isMissing) {
+            return {
+                message: node.isMissing
+                    ? `tree-sitter-python: missing token (${node.type})`
+                    : `tree-sitter-python: ERROR node at ${node.startPosition.row + 1}:${node.startPosition.column + 1}`,
+                location: { line: node.startPosition.row + 1, col: node.startPosition.column + 1 },
+                source: "tree-sitter",
+            };
+        }
+        if (!node.hasError)
+            continue; // entire subtree is clean; skip
+        for (const child of node.namedChildren) {
+            if (child !== null)
+                stack.push(child);
+        }
+    }
+    return null;
+}
+function extractImports(root, fromFile) {
+    const out = [];
+    // tree-sitter-python distinguishes:
+    //   import_statement       → `import a`, `import a as b`, `import a, c`
+    //   import_from_statement  → `from a import b`, `from a import b as c`, `from a import (b, c)`
+    for (const node of root.descendantsOfType(["import_statement", "import_from_statement"])) {
+        if (node.type === "import_statement") {
+            // Children include dotted_name | aliased_import nodes.
+            for (const child of node.namedChildren) {
+                if (child === null)
+                    continue;
+                if (child.type === "dotted_name") {
+                    out.push({
+                        from_file: fromFile,
+                        to_module: child.text,
+                        imported_names: [{ local: child.text, source: "default" }],
+                        is_default: true,
+                    });
+                }
+                else if (child.type === "aliased_import") {
+                    const name = child.childForFieldName("name")?.text ?? "";
+                    const alias = child.childForFieldName("alias")?.text ?? name;
+                    out.push({
+                        from_file: fromFile,
+                        to_module: name,
+                        imported_names: [{ local: alias, source: "default" }],
+                        is_default: true,
+                    });
+                }
+            }
+        }
+        else {
+            // import_from_statement. The module_name field child is itself a dotted_name, so identifying
+            // imported-name children requires comparing byte offsets — tree-sitter returns fresh node
+            // objects on each accessor, so reference equality is not reliable.
+            const moduleNode = node.childForFieldName("module_name");
+            const moduleName = moduleNode?.text ?? "";
+            const moduleStart = moduleNode?.startIndex ?? -1;
+            const moduleEnd = moduleNode?.endIndex ?? -1;
+            const names = [];
+            for (const child of node.namedChildren) {
+                if (child === null)
+                    continue;
+                // Skip the module_name child by byte-offset match.
+                if (child.startIndex === moduleStart && child.endIndex === moduleEnd)
+                    continue;
+                if (child.type === "dotted_name") {
+                    names.push({ local: child.text, source: child.text });
+                }
+                else if (child.type === "aliased_import") {
+                    const src = child.childForFieldName("name")?.text ?? "";
+                    const alias = child.childForFieldName("alias")?.text ?? src;
+                    names.push({ local: alias, source: src });
+                }
+            }
+            if (moduleName !== "") {
+                out.push({
+                    from_file: fromFile,
+                    to_module: moduleName,
+                    imported_names: names,
+                    is_default: false,
+                });
+            }
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=python.js.map

package/dist/parsers/python.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"python.js","sourceRoot":"","sources":["../../src/parsers/python.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,kGAAkG;AAClG,uFAAuF;AACvF,uFAAuF;AAWvF,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,KAAuB,EACvB,OAAsB;IAEtB,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC;IACzC,uFAAuF;IACvF,2DAA2D;IAC3D,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/C,IAAI,UAAU,GAA4B,IAAI,CAAC;IAC/C,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,UAAU,GAAG;YACX,OAAO,EAAE,+CAA+C;YACxD,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;YAC7B,MAAM,EAAE,aAAa;SACtB,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IACD,MAAM,SAAS,GAAgB,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACjE,MAAM,OAAO,GACX,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1E,OAAO;QACL,SAAS;QACT,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,oBAAoB;QAC7B,WAAW;QACX,OAAO,EAAE,SAAS,EAAE,sBAAsB;QAC1C,OAAO;QACP,WAAW,EAAE,UAAU;KACxB,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAU;IAChC,0DAA0D;IAC1D,MAAM,KAAK,GAAW,CAAC,IAAI,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,MAAM;QACjB,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5C,OAAO;gBACL,OAAO,EAAE,IAAI,CAAC,SAAS;oBACrB,CAAC,CAAC,sCAAsC,IAAI,CAAC,IAAI,GAAG;oBACpD,CAAC,CAAC,qCAAqC,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;gBACtG,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;gBAClF,MAAM,EAAE,aAAa;aACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,SAAS,CAAC,gCAAgC;QAC9D,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvC,IAAI,KAAK,KAAK,IAAI;gBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,IAAU,EAAE,QAAgB;IAClD,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,oCAAoC;IACpC,wEAAwE;IACxE,+FAA+F;IAC/F,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,kBAAkB,EAAE,uBAAuB,CAAC,CAAC,EAAE,CAAC;QACzF,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACrC,uDAAuD;YACvD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvC,IAAI,KAAK,KAAK,IAAI;oBAAE,SAAS;gBAC7B,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACjC,GAAG,CAAC,IAAI,CAAC;wBACP,SAAS,EAAE,QAAQ;wBACnB,SAAS,EAAE,KAAK,CAAC,IAAI;wBACrB,cAAc,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;wBAC1D,UAAU,EAAE,IAAI;qBACjB,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;oBACzD,MAAM,KAAK,GAAG,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC;oBAC7D,GAAG,CAAC,IAAI,CAAC;wBACP,SAAS,EAAE,QAAQ;wBACnB,SAAS,EAAE,IAAI;wBACf,cAAc,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;wBACrD,UAAU,EAAE,IAAI;qBACjB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,6FAA6F;YAC7F,0FAA0F;YAC1F,mEAAmE;YACnE,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;YACzD,MAAM,UAAU,GAAG,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC;YAC1C,MAAM,WAAW,GAAG,UAAU,EAAE,UAAU,IAAI,CAAC,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,UAAU,EAAE,QAAQ,IAAI,CAAC,CAAC,CAAC;YAC7C,MAAM,KAAK,GAA6C,EAAE,CAAC;YAC3D,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvC,IAAI,KAAK,KAAK,IAAI;oBAAE,SAAS;gBAC7B,mDAAmD;gBACnD,IAAI,KAAK,CAAC,UAAU,KAAK,WAAW,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS;oBAAE,SAAS;gBAC/E,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACjC,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBACxD,CAAC;qBAAM,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;oBACxD,MAAM,KAAK,GAAG,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,IAAI,IAAI,GAAG,CAAC;oBAC5D,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;YACD,IAAI,UAAU,KAAK,EAAE,EAAE,CAAC;gBACtB,GAAG,CAAC,IAAI,CAAC;oBACP,SAAS,EAAE,QAAQ;oBACnB,SAAS,EAAE,UAAU;oBACrB,cAAc,EAAE,KAAK;oBACrB,UAAU,EAAE,KAAK;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/parsers/walk.d.ts

@@ -0,0 +1,15 @@
+import type { Node } from "@babel/types";
+/**
+ * Walk a Babel AST depth-first, invoking `visitor` on every node.
+ *
+ * The visitor cannot stop traversal — call sites that need early-exit semantics
+ * collect into an output array and inspect it after the walk completes.
+ */
+export declare function walkBabelAst(root: Node, visitor: (node: Node) => void): void;
+export interface MaybeAstNode {
+    readonly type?: string;
+    readonly start?: number | null;
+    readonly end?: number | null;
+}
+export declare function walkUntypedAst(root: MaybeAstNode | null | undefined, visitor: (node: MaybeAstNode) => void): void;
+//# sourceMappingURL=walk.d.ts.map

package/dist/parsers/walk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"walk.d.ts","sourceRoot":"","sources":["../../src/parsers/walk.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AAMzC;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,KAAK,IAAI,GAAG,IAAI,CAoB5E;AAMD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,wBAAgB,cAAc,CAC5B,IAAI,EAAE,YAAY,GAAG,IAAI,GAAG,SAAS,EACrC,OAAO,EAAE,CAAC,IAAI,EAAE,YAAY,KAAK,IAAI,GACpC,IAAI,CAqBN"}

package/dist/parsers/walk.js

@@ -0,0 +1,66 @@
+// Canonical iterative AST walkers. Engine has multiple readers (literal extraction, catalog
+// detection, future reachability + middleware extraction in Plan 06b, evaluator dispatch in
+// Plan 02-08) — all use the same depth-first walk.
+//
+// Iterative (not recursive) so deeply-nested ASTs cannot exhaust the JS stack — a real concern
+// for adversarial source. Bounded by the parser's source-size cap (Phase 8 worker concern).
+// Keys we never recurse into. `loc` is metadata; `start`/`end` are byte offsets;
+// `range` is a tuple alias for start/end; `type` is the node discriminator itself.
+const SKIP_KEYS = new Set(["loc", "type", "start", "end", "range"]);
+/**
+ * Walk a Babel AST depth-first, invoking `visitor` on every node.
+ *
+ * The visitor cannot stop traversal — call sites that need early-exit semantics
+ * collect into an output array and inspect it after the walk completes.
+ */
+export function walkBabelAst(root, visitor) {
+    const stack = [root];
+    while (stack.length > 0) {
+        const node = stack.pop();
+        if (!node)
+            break;
+        visitor(node);
+        for (const key of Object.keys(node)) {
+            if (SKIP_KEYS.has(key))
+                continue;
+            const value = node[key];
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === "object" && "type" in item) {
+                        stack.push(item);
+                    }
+                }
+            }
+            else if (value && typeof value === "object" && "type" in value) {
+                stack.push(value);
+            }
+        }
+    }
+}
+export function walkUntypedAst(root, visitor) {
+    if (!root || typeof root.type !== "string")
+        return;
+    const stack = [root];
+    while (stack.length > 0) {
+        const node = stack.pop();
+        if (!node)
+            break;
+        visitor(node);
+        for (const key of Object.keys(node)) {
+            if (SKIP_KEYS.has(key))
+                continue;
+            const value = node[key];
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === "object" && "type" in item) {
+                        stack.push(item);
+                    }
+                }
+            }
+            else if (value && typeof value === "object" && "type" in value) {
+                stack.push(value);
+            }
+        }
+    }
+}
+//# sourceMappingURL=walk.js.map

package/dist/parsers/walk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"walk.js","sourceRoot":"","sources":["../../src/parsers/walk.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,4FAA4F;AAC5F,mDAAmD;AACnD,EAAE;AACF,+FAA+F;AAC/F,4FAA4F;AAI5F,iFAAiF;AACjF,mFAAmF;AACnF,MAAM,SAAS,GAAwB,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAEzF;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,IAAU,EAAE,OAA6B;IACpE,MAAM,KAAK,GAAW,CAAC,IAAI,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,MAAM;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC;QACd,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACjC,MAAM,KAAK,GAAI,IAA2C,CAAC,GAAG,CAAC,CAAC;YAChE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAK,IAAe,EAAE,CAAC;wBACnE,KAAK,CAAC,IAAI,CAAC,IAAY,CAAC,CAAC;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAK,KAAgB,EAAE,CAAC;gBAC7E,KAAK,CAAC,IAAI,CAAC,KAAa,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAYD,MAAM,UAAU,cAAc,CAC5B,IAAqC,EACrC,OAAqC;IAErC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO;IACnD,MAAM,KAAK,GAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,MAAM;QACjB,OAAO,CAAC,IAAI,CAAC,CAAC;QACd,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACjC,MAAM,KAAK,GAAI,IAA2C,CAAC,GAAG,CAAC,CAAC;YAChE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAK,IAAe,EAAE,CAAC;wBACnE,KAAK,CAAC,IAAI,CAAC,IAAoB,CAAC,CAAC;oBACnC,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAK,KAAgB,EAAE,CAAC;gBAC7E,KAAK,CAAC,IAAI,CAAC,KAAqB,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/redaction/index.d.ts

@@ -0,0 +1,3 @@
+export type { LiteralKind, LiteralSpan, RedactionInput } from "./structural.js";
+export { redactSnippet } from "./structural.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/redaction/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/redaction/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/redaction/index.js

@@ -0,0 +1,2 @@
+export { redactSnippet } from "./structural.js";
+//# sourceMappingURL=index.js.map

package/dist/redaction/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/redaction/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/redaction/structural.d.ts

@@ -0,0 +1,14 @@
+export type LiteralKind = "string" | "number" | "template" | "regex" | "secret";
+export interface LiteralSpan {
+    readonly kind: LiteralKind;
+    readonly start: number;
+    readonly end: number;
+    readonly value: string;
+}
+export interface RedactionInput {
+    readonly source_text: string;
+    readonly literals: ReadonlyArray<LiteralSpan>;
+    readonly secret_literal_prefixes?: ReadonlyArray<string>;
+}
+export declare function redactSnippet(input: RedactionInput): string;
+//# sourceMappingURL=structural.d.ts.map

package/dist/redaction/structural.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"structural.d.ts","sourceRoot":"","sources":["../../src/redaction/structural.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,QAAQ,GACR,UAAU,GACV,OAAO,GACP,QAAQ,CAAC;AAEb,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;IAG9C,QAAQ,CAAC,uBAAuB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC1D;AAuBD,wBAAgB,aAAa,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,CAQ3D"}

package/dist/redaction/structural.js

@@ -0,0 +1,37 @@
+// D-39: structural snippet redaction. Literals → typed placeholders; identifiers preserved.
+// Browser-safe: pure string transformation, no Node built-ins.
+// Property-tested: every string literal becomes <STRING:N>; every identifier is unchanged.
+// Sort spans descending by start so we can splice without shifting indices.
+function sortSpans(spans) {
+    return [...spans].sort((a, b) => b.start - a.start);
+}
+function placeholderFor(span, secretPrefixes) {
+    if (span.kind === "secret")
+        return "<SECRET_LITERAL>";
+    if (span.kind === "string") {
+        for (const prefix of secretPrefixes) {
+            if (span.value.startsWith(prefix))
+                return "<SECRET_LITERAL>";
+        }
+        return `<STRING:${span.value.length}>`;
+    }
+    if (span.kind === "number")
+        return "<NUMBER>";
+    if (span.kind === "template")
+        return "<TEMPLATE>";
+    if (span.kind === "regex")
+        return "<REGEX>";
+    // Exhaustiveness: every LiteralKind covered above.
+    const _exhaustive = span.kind;
+    return `<UNKNOWN:${_exhaustive}>`;
+}
+export function redactSnippet(input) {
+    const secretPrefixes = input.secret_literal_prefixes ?? [];
+    let out = input.source_text;
+    for (const span of sortSpans(input.literals)) {
+        const placeholder = placeholderFor(span, secretPrefixes);
+        out = out.slice(0, span.start) + placeholder + out.slice(span.end);
+    }
+    return out;
+}
+//# sourceMappingURL=structural.js.map

package/dist/redaction/structural.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"structural.js","sourceRoot":"","sources":["../../src/redaction/structural.ts"],"names":[],"mappings":"AAAA,4FAA4F;AAC5F,+DAA+D;AAC/D,2FAA2F;AAwB3F,4EAA4E;AAC5E,SAAS,SAAS,CAAC,KAAiC;IAClD,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,cAAc,CAAC,IAAiB,EAAE,cAAqC;IAC9E,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,kBAAkB,CAAC;IACtD,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,kBAAkB,CAAC;QAC/D,CAAC;QACD,OAAO,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,UAAU,CAAC;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,YAAY,CAAC;IAClD,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IAC5C,mDAAmD;IACnD,MAAM,WAAW,GAAU,IAAI,CAAC,IAAI,CAAC;IACrC,OAAO,YAAY,WAAqB,GAAG,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAqB;IACjD,MAAM,cAAc,GAAG,KAAK,CAAC,uBAAuB,IAAI,EAAE,CAAC;IAC3D,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7C,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QACzD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/types/config.d.ts

@@ -0,0 +1,7 @@
+export interface Config {
+    readonly reachability_max_depth: number;
+    readonly scanned_at: string;
+    readonly engine_commit_sha: string | null;
+    readonly total_files_count: number;
+}
+//# sourceMappingURL=config.d.ts.map

package/dist/types/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,MAAM;IAErB,QAAQ,CAAC,sBAAsB,EAAE,MAAM,CAAC;IAExC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACpC"}

package/dist/types/config.js

@@ -0,0 +1,6 @@
+// D-01: Engine is pure — caller supplies wall clock and git context, engine never reads them.
+// D-34: reachability_max_depth bounds handler reachability walk (default 3 hops).
+// D-38: engine_commit_sha and total_files_count flow through Config into ScanMetadata.
+// ENGINE-06: bounded reachability depth keeps the 30s/50KLOC perf budget achievable.
+export {};
+//# sourceMappingURL=config.js.map

package/dist/types/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA,8FAA8F;AAC9F,kFAAkF;AAClF,uFAAuF;AACvF,qFAAqF"}

package/dist/types/finding.d.ts

@@ -0,0 +1,32 @@
+export type Severity = "critical" | "high" | "medium" | "low" | "info";
+export type SuppressionSource = "inline" | "ignore" | "baseline";
+export interface SuppressedPayload {
+    readonly source: SuppressionSource;
+    readonly pattern?: string;
+    readonly comment?: string;
+    readonly baselined_at?: string;
+}
+export type Verdict = "verified" | "not-verified" | "manual-review";
+export type FindingId = string;
+export interface SourceLocation {
+    readonly line: number;
+    readonly col: number;
+    readonly end_line: number;
+    readonly end_col: number;
+}
+export interface Finding {
+    readonly id: FindingId;
+    readonly rule_id: string;
+    readonly provider: string;
+    readonly severity: Severity;
+    readonly state: Verdict;
+    readonly file_path: string;
+    readonly location: SourceLocation;
+    readonly snippet: string;
+    readonly handler_id: string | null;
+    readonly primary_location_line_hash: string;
+    readonly message: string;
+    readonly metadata: Readonly<Record<string, string | number | boolean | null>>;
+    readonly suppressed?: SuppressedPayload | null;
+}
+//# sourceMappingURL=finding.d.ts.map

package/dist/types/finding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding.d.ts","sourceRoot":"","sources":["../../src/types/finding.ts"],"names":[],"mappings":"AAWA,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAIvE,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEjE,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,iBAAiB,CAAC;IACnC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAGD,MAAM,MAAM,OAAO,GAAG,UAAU,GAAG,cAAc,GAAG,eAAe,CAAC;AAGpE,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAE/B,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,0BAA0B,EAAE,MAAM,CAAC;IAC5C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC;IAC9E,QAAQ,CAAC,UAAU,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAC;CAChD"}

package/dist/types/finding.js

@@ -0,0 +1,12 @@
+// D-29: Verdict three-state output.
+// D-30: FindingId is a stable composite hash string.
+// D-37: Composite stable id is sha256 hex from WebCrypto.
+// D-39: snippet is the structurally redacted slice.
+// D-63: Suppressed findings stay in findings[] with a payload describing the source.
+//       Engine emits suppressed = null/undefined; the CLI Phase 4 suppression annotator
+//       populates non-null values. The field is optional so existing engine emit sites
+//       compile unchanged.
+// ENGINE-04: Finding carries fingerprint, file path, line:col, severity, provider,
+//            three-state state field, and redacted snippet.
+export {};
+//# sourceMappingURL=finding.js.map

package/dist/types/finding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding.js","sourceRoot":"","sources":["../../src/types/finding.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,qDAAqD;AACrD,0DAA0D;AAC1D,oDAAoD;AACpD,qFAAqF;AACrF,wFAAwF;AACxF,uFAAuF;AACvF,2BAA2B;AAC3B,mFAAmF;AACnF,4DAA4D"}

package/dist/types/handler.d.ts

@@ -0,0 +1,39 @@
+import type { FindingId, SourceLocation, Verdict } from "./finding.ts";
+export type Framework = "express" | "hono" | "fastify" | "nextjs" | "flask" | "fastapi" | "django";
+export type WebhookEvidenceKind = "path_pattern_match" | "signature_header_read" | "sdk_import" | "sdk_verify_call" | "body_as_bytes_or_buffer" | "secret_env_var_reference" | "secret_literal_match";
+export interface WebhookEvidence {
+    readonly kind: WebhookEvidenceKind;
+    readonly provider: string;
+    readonly location: SourceLocation;
+    readonly detail: string;
+}
+export interface ResolvedMiddleware {
+    readonly name: string;
+    readonly import_source: string | null;
+    readonly position: number;
+    readonly location: SourceLocation;
+}
+export interface ReachableSymbol {
+    readonly qualified_name: string;
+    readonly import_source: string | null;
+    readonly hops: number;
+    readonly via: string;
+}
+export interface WebhookHandler {
+    readonly id: string;
+    readonly framework: Framework;
+    readonly framework_version: string | null;
+    readonly route_pattern: string;
+    readonly http_methods: ReadonlyArray<string>;
+    readonly file_path: string;
+    readonly location: SourceLocation;
+    readonly handler_function_name: string | null;
+    readonly provider: string;
+    readonly verification_state: Verdict;
+    readonly evidence: ReadonlyArray<WebhookEvidence>;
+    readonly middleware_chain: ReadonlyArray<ResolvedMiddleware>;
+    readonly reachable_symbols: ReadonlyArray<ReachableSymbol>;
+    readonly findings_ref: ReadonlyArray<FindingId>;
+    readonly redacted_snippet: string;
+}
+//# sourceMappingURL=handler.d.ts.map

package/dist/types/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../src/types/handler.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvE,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,CAAC;AAGnG,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,uBAAuB,GACvB,YAAY,GACZ,iBAAiB,GACjB,yBAAyB,GACzB,0BAA0B,GAC1B,sBAAsB,CAAC;AAE3B,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;CACnC;AAGD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAGD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;IACrC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAClD,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,kBAAkB,CAAC,CAAC;IAC7D,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC;IAC3D,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IAChD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC"}

package/dist/types/handler.js

@@ -0,0 +1,7 @@
+// D-32: WebhookEvidence multi-signal model — engine computes, rules query thresholds.
+// D-34: ReachableSymbol bounded-depth reachability set per WebhookHandler.
+// D-36: WebhookHandler shape — every field used by Phase 3 CLI inventory + Phase 8 SaaS dashboard.
+// D-37: WebhookHandler.id derivation locked.
+// D-39: redacted_snippet is structurally redacted.
+export {};
+//# sourceMappingURL=handler.js.map