@kernlang/review 3.3.8 → 3.4.0

package/dist/suppression/apply-suppression.js.map

@@ -1 +1 @@
-{"version":3,"file":"apply-suppression.js","sourceRoot":"","sources":["../../src/suppression/apply-suppression.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAG1E,SAAS,YAAY,CAAC,OAAsB,EAAE,SAA+B;IAC3E,qBAAqB;IACrB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9D,wDAAwD;IACxD,IAAI,SAAS,CAAC,IAAI,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAExC,kBAAkB;IAClB,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAE9D,kDAAkD;IAClD,IAAI,SAAS,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAE3C,6DAA6D;IAC7D,OAAO,OAAO,CAAC,WAAW,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAyB,EACzB,MAAc,EACd,QAAgB,EAChB,MAAqB,EACrB,SAAqB,KAAK;IAE1B,sCAAsC;IACtC,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAErF,gCAAgC;IAChC,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;IAEpE,6DAA6D;IAC7D,IAAI,gBAAwC,CAAC;IAC7C,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,gBAAgB,GAAG,EAAE,CAAC;IACxB,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,0CAA0C;QAC1C,gBAAgB,GAAG,aAAa,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAE9D,sDAAsD;IACtD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAwB,CAAC;IAE1D,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QACjF,IAAI,iBAAiB,EAAE,CAAC;YACtB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACzC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnF,wDAAwD;IACxD,MAAM,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC;IAClC,iHAAiH;IACjH,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,2BAA2B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,0BAA0B;gBAClF,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,SAAS,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC;oBAC7B,QAAQ,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC;oBAC3B,MAAM,EAAE,CAAC;iBACV;gBACD,WAAW,EAAE,UAAU,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,WAAW,CAAC;QACrC,UAAU;QACV,UAAU,EAAE,aAAa;QACzB,gBAAgB;KACjB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"apply-suppression.js","sourceRoot":"","sources":["../../src/suppression/apply-suppression.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAG1E,SAAS,YAAY,CAAC,OAAsB,EAAE,SAA+B;IAC3E,qBAAqB;IACrB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9D,wDAAwD;IACxD,IAAI,SAAS,CAAC,IAAI,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAExC,kBAAkB;IAClB,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAE9D,kDAAkD;IAClD,IAAI,SAAS,CAAC,IAAI,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAE3C,6DAA6D;IAC7D,OAAO,OAAO,CAAC,WAAW,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAyB,EACzB,MAAc,EACd,QAAgB,EAChB,MAAqB,EACrB,SAAqB,KAAK;IAE1B,sCAAsC;IACtC,MAAM,EAAE,UAAU,EAAE,gBAAgB,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAErF,gCAAgC;IAChC,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;IAEpE,6DAA6D;IAC7D,IAAI,gBAAwC,CAAC;IAC7C,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,gBAAgB,GAAG,EAAE,CAAC;IACxB,CAAC;SAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,0CAA0C;QAC1C,gBAAgB,GAAG,aAAa,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,gBAAgB,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAG,gBAAgB,EAAE,GAAG,aAAa,CAAC,CAAC;IAE9D,sDAAsD;IACtD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAwB,CAAC;IAE1D,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QACjF,IAAI,iBAAiB,EAAE,CAAC;YACtB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACzC,IAAI,iBAAiB,CAAC,MAAM;gBAAE,OAAO,CAAC,iBAAiB,GAAG,iBAAiB,CAAC,MAAM,CAAC;YACnF,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnF,wDAAwD;IACxD,MAAM,WAAW,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC;IAClC,iHAAiH;IACjH,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;YACjC,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,oBAAoB;gBAC5B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,2BAA2B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,0BAA0B;gBAClF,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,SAAS,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC;oBAC7B,QAAQ,EAAE,CAAC;oBACX,OAAO,EAAE,CAAC,CAAC,WAAW,IAAI,CAAC;oBAC3B,MAAM,EAAE,CAAC;iBACV;gBACD,WAAW,EAAE,UAAU,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,WAAW,CAAC;QACrC,UAAU;QACV,UAAU,EAAE,aAAa;QACzB,gBAAgB;KACjB,CAAC;AACJ,CAAC"}

package/dist/suppression/parse-directives.d.ts

@@ -2,13 +2,21 @@
  * Parse kern-ignore directives from source text.
  *
  * Supported syntax:
- *   // kern-ignore <rule-id>[, <rule-id>...]       — suppress on same or next non-comment line
- *   // kern-ignore-file <rule-id>[, <rule-id>...]   — suppress for entire file (first 5 lines)
- *   # kern-ignore <rule-id>[, <rule-id>...]         — Python variant
- *   # kern-ignore-file <rule-id>[, <rule-id>...]    — Python variant
+ *   // kern-ignore <rule-id>[, <rule-id>...]                            — same or next non-comment line
+ *   // kern-ignore <rule-id>[, ...] [reason: false-positive]            — with closed-enum reason
+ *   // kern-ignore-file <rule-id>[, <rule-id>...] [reason: wont-fix]    — entire file (first 5 lines)
+ *   # kern-ignore <rule-id>[, <rule-id>...] [reason: intentional]       — Python variant
+ *
+ * Reasons: false-positive | wont-fix | intentional | not-applicable.
+ * Anything outside that closed set produces a warning and the directive
+ * still suppresses (without a reason). Free text is never honored —
+ * parser rejects it to defend against JSON/SARIF injection.
+ *
+ * Comment lines longer than MAX_DIRECTIVE_LINE_LEN are skipped entirely
+ * (ReDoS guard for the directive regex).
  */
 import type { ReviewFinding } from '../types.js';
-import type { SuppressionDirective } from './types.js';
+import { type SuppressionDirective } from './types.js';
 export declare function isConceptRule(ruleId: string): boolean;
 /**
  * Parse all suppression directives from source text.

package/dist/suppression/parse-directives.js

@@ -2,12 +2,23 @@
  * Parse kern-ignore directives from source text.
  *
  * Supported syntax:
- *   // kern-ignore <rule-id>[, <rule-id>...]       — suppress on same or next non-comment line
- *   // kern-ignore-file <rule-id>[, <rule-id>...]   — suppress for entire file (first 5 lines)
- *   # kern-ignore <rule-id>[, <rule-id>...]         — Python variant
- *   # kern-ignore-file <rule-id>[, <rule-id>...]    — Python variant
+ *   // kern-ignore <rule-id>[, <rule-id>...]                            — same or next non-comment line
+ *   // kern-ignore <rule-id>[, ...] [reason: false-positive]            — with closed-enum reason
+ *   // kern-ignore-file <rule-id>[, <rule-id>...] [reason: wont-fix]    — entire file (first 5 lines)
+ *   # kern-ignore <rule-id>[, <rule-id>...] [reason: intentional]       — Python variant
+ *
+ * Reasons: false-positive | wont-fix | intentional | not-applicable.
+ * Anything outside that closed set produces a warning and the directive
+ * still suppresses (without a reason). Free text is never honored —
+ * parser rejects it to defend against JSON/SARIF injection.
+ *
+ * Comment lines longer than MAX_DIRECTIVE_LINE_LEN are skipped entirely
+ * (ReDoS guard for the directive regex).
  */
 import { createFingerprint } from '../types.js';
+import { SUPPRESSION_REASONS } from './types.js';
+/** ReDoS guard — discard absurdly long comment lines before regex matches them. */
+const MAX_DIRECTIVE_LINE_LEN = 4096;
 /** Known concept rule IDs — these only support file-level suppression */
 const CONCEPT_RULE_IDS = new Set([
     'unguarded-effect',
@@ -16,10 +27,20 @@ const CONCEPT_RULE_IDS = new Set([
     'boundary-mutation',
     'illegal-dependency',
 ]);
-/** Matches: // kern-ignore[-file] rule1, rule2 */
-const TS_DIRECTIVE = /\/\/\s*kern-ignore(?:-(file))?\s+([\w-][\w,-\s]*)/;
-/** Matches: # kern-ignore[-file] rule1, rule2 */
-const PY_DIRECTIVE = /#\s*kern-ignore(?:-(file))?\s+([\w-][\w,-\s]*)/;
+/**
+ * Matches the rule-list portion of a directive — bounded character classes
+ * keep the regex linear so a malformed directive can't DoS the parser.
+ *
+ * Group 1: 'file' if `-file`, else undefined.
+ * Group 2: rule IDs (comma-separated word list).
+ */
+const TS_DIRECTIVE = /\/\/\s*kern-ignore(?:-(file))?\s+([\w-][\w,\-\s]*)/;
+const PY_DIRECTIVE = /#\s*kern-ignore(?:-(file))?\s+([\w-][\w,\-\s]*)/;
+/**
+ * Matches an optional `[reason: <token>]` suffix on a directive line.
+ * Token is captured as-is and validated against the closed enum.
+ */
+const REASON_SUFFIX = /\[\s*reason\s*:\s*([\w-]+)\s*\]/;
 /** Matches bare: // kern-ignore (no rule IDs) */
 const TS_BARE = /\/\/\s*kern-ignore\s*$/;
 const PY_BARE = /#\s*kern-ignore\s*$/;
@@ -43,6 +64,9 @@ export function parseDirectives(source, filePath) {
     for (let i = 0; i < lines.length; i++) {
         const line = lines[i];
         const lineNum = i + 1;
+        // ReDoS guard: skip absurdly long comment lines before regexes touch them.
+        if (line.length > MAX_DIRECTIVE_LINE_LEN)
+            continue;
         // Check for bare kern-ignore (no rule ID) — emit warning
         if (barePattern.test(line)) {
             warnings.push({
@@ -101,6 +125,8 @@ export function parseDirectives(source, filePath) {
                 ruleIds.push(...nonConcept);
             }
         }
+        // Parse optional `[reason: <enum>]` suffix once, used for either type.
+        const reason = parseReasonOrWarn(line, filePath, lineNum, warnings);
         if (isFileLevel) {
             directives.push({
                 type: 'file',
@@ -108,6 +134,7 @@ export function parseDirectives(source, filePath) {
                 file: filePath,
                 source: 'inline',
                 commentLine: lineNum,
+                ...(reason ? { reason } : {}),
             });
         }
         else {
@@ -142,11 +169,38 @@ export function parseDirectives(source, filePath) {
                 line: targetLine,
                 source: 'inline',
                 commentLine: lineNum,
+                ...(reason ? { reason } : {}),
             });
         }
     }
     return { directives, warnings };
 }
+/**
+ * Extract the closed-enum reason from a directive line. If a reason suffix is
+ * present but the value is not in SUPPRESSION_REASONS, push a warning and
+ * return undefined — the directive still suppresses, but no telemetry credit
+ * is awarded for an unknown reason. Defends against free-text values landing
+ * in JSON/SARIF output.
+ */
+function parseReasonOrWarn(line, filePath, lineNum, warnings) {
+    const m = REASON_SUFFIX.exec(line);
+    if (!m)
+        return undefined;
+    const candidate = m[1];
+    if (SUPPRESSION_REASONS.includes(candidate)) {
+        return candidate;
+    }
+    warnings.push({
+        source: 'kern',
+        ruleId: 'kern-ignore-reason',
+        severity: 'warning',
+        category: 'style',
+        message: `Unknown suppression reason '${candidate}' — must be one of ${SUPPRESSION_REASONS.join(', ')}`,
+        primarySpan: { file: filePath, startLine: lineNum, startCol: 1, endLine: lineNum, endCol: line.length },
+        fingerprint: createFingerprint('kern-ignore-reason', lineNum, 1),
+    });
+    return undefined;
+}
 /**
  * Create config-level suppression directives from disabledRules.
  * These apply to all files (file field is '*').

package/dist/suppression/parse-directives.js.map

@@ -1 +1 @@
-{"version":3,"file":"parse-directives.js","sourceRoot":"","sources":["../../src/suppression/parse-directives.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,yEAAyE;AACzE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,kBAAkB;IAClB,oBAAoB;IACpB,eAAe;IACf,mBAAmB;IACnB,oBAAoB;CACrB,CAAC,CAAC;AAEH,kDAAkD;AAClD,MAAM,YAAY,GAAG,mDAAmD,CAAC;AACzE,iDAAiD;AACjD,MAAM,YAAY,GAAG,gDAAgD,CAAC;AACtE,iDAAiD;AACjD,MAAM,OAAO,GAAG,wBAAwB,CAAC;AACzC,MAAM,OAAO,GAAG,qBAAqB,CAAC;AAEtC,MAAM,UAAU,aAAa,CAAC,MAAc;IAC1C,OAAO,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAc,EACd,QAAgB;IAEhB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;IAChE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IACjD,MAAM,aAAa,GAAG,QAAQ;QAC5B,CAAC,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QACpD,CAAC,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAExD,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,yDAAyD;QACzD,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,4EAA4E;gBACrF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;gBACvG,WAAW,EAAE,iBAAiB,CAAC,kBAAkB,EAAE,OAAO,EAAE,CAAC,CAAC;aAC/D,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;aACrB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,yDAAyD;QACzD,IAAI,WAAW,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,sBAAsB;gBAC9B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,gFAAgF,OAAO,GAAG;gBACnG,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;gBACvG,WAAW,EAAE,iBAAiB,CAAC,sBAAsB,EAAE,OAAO,EAAE,CAAC,CAAC;aACnE,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACnD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,YAAY,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,gBAAgB,YAAY,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,+BAA+B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,kCAAkC;oBAC/N,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;oBACvG,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,EAAE,OAAO,EAAE,CAAC,CAAC;iBAClE,CAAC,CAAC;gBACH,+CAA+C;gBAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBACtC,2CAA2C;gBAC3C,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,MAAM;gBACZ,OAAO;gBACP,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,kEAAkE;YAClE,kFAAkF;YAClF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,aAAa,GAAG,QAAQ;gBAC5B,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;gBAC/D,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAE7B,IAAI,UAAkB,CAAC;YACvB,IAAI,aAAa,EAAE,CAAC;gBAClB,wCAAwC;gBACxC,UAAU,GAAG,OAAO,CAAC,CAAC,WAAW;gBACjC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBACjC,IAAI,QAAQ,KAAK,EAAE;wBAAE,SAAS;oBAC9B,IAAI,aAAa,CAAC,QAAQ,CAAC;wBAAE,SAAS;oBACtC,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;oBACnB,MAAM;gBACR,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,2DAA2D;gBAC3D,UAAU,GAAG,OAAO,CAAC;YACvB,CAAC;YAED,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,MAAM;gBACZ,OAAO;gBACP,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,OAAO;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,aAAuB;IACtD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,OAAO;QACL;YACE,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,aAAa;YACtB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,QAAQ;SACjB;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"parse-directives.js","sourceRoot":"","sources":["../../src/suppression/parse-directives.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAqD,MAAM,YAAY,CAAC;AAEpG,mFAAmF;AACnF,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC,yEAAyE;AACzE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,kBAAkB;IAClB,oBAAoB;IACpB,eAAe;IACf,mBAAmB;IACnB,oBAAoB;CACrB,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,YAAY,GAAG,oDAAoD,CAAC;AAC1E,MAAM,YAAY,GAAG,iDAAiD,CAAC;AACvE;;;GAGG;AACH,MAAM,aAAa,GAAG,iCAAiC,CAAC;AACxD,iDAAiD;AACjD,MAAM,OAAO,GAAG,wBAAwB,CAAC;AACzC,MAAM,OAAO,GAAG,qBAAqB,CAAC;AAEtC,MAAM,UAAU,aAAa,CAAC,MAAc;IAC1C,OAAO,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAc,EACd,QAAgB;IAEhB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,gBAAgB,GAAG,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;IAChE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;IACjD,MAAM,aAAa,GAAG,QAAQ;QAC5B,CAAC,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QACpD,CAAC,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAExD,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,MAAM,GAAG,sBAAsB;YAAE,SAAS;QAEnD,yDAAyD;QACzD,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,kBAAkB;gBAC1B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,4EAA4E;gBACrF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;gBACvG,WAAW,EAAE,iBAAiB,CAAC,kBAAkB,EAAE,OAAO,EAAE,CAAC,CAAC;aAC/D,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;aACrB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,CAAC;QAEnB,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,yDAAyD;QACzD,IAAI,WAAW,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,sBAAsB;gBAC9B,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,gFAAgF,OAAO,GAAG;gBACnG,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;gBACvG,WAAW,EAAE,iBAAiB,CAAC,sBAAsB,EAAE,OAAO,EAAE,CAAC,CAAC;aACnE,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,+EAA+E;QAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACnD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,YAAY,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,gBAAgB,YAAY,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,+BAA+B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,kCAAkC;oBAC/N,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;oBACvG,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,EAAE,OAAO,EAAE,CAAC,CAAC;iBAClE,CAAC,CAAC;gBACH,+CAA+C;gBAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBACtC,2CAA2C;gBAC3C,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;gBACnB,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEpE,IAAI,WAAW,EAAE,CAAC;YAChB,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,MAAM;gBACZ,OAAO;gBACP,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,OAAO;gBACpB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC9B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,kEAAkE;YAClE,kFAAkF;YAClF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,aAAa,GAAG,QAAQ;gBAC5B,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;gBAC/D,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAE7B,IAAI,UAAkB,CAAC;YACvB,IAAI,aAAa,EAAE,CAAC;gBAClB,wCAAwC;gBACxC,UAAU,GAAG,OAAO,CAAC,CAAC,WAAW;gBACjC,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBACjC,IAAI,QAAQ,KAAK,EAAE;wBAAE,SAAS;oBAC9B,IAAI,aAAa,CAAC,QAAQ,CAAC;wBAAE,SAAS;oBACtC,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;oBACnB,MAAM;gBACR,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,2DAA2D;gBAC3D,UAAU,GAAG,OAAO,CAAC;YACvB,CAAC;YAED,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,MAAM;gBACZ,OAAO;gBACP,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,QAAQ;gBAChB,WAAW,EAAE,OAAO;gBACpB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAED;;;;;;GAMG;AACH,SAAS,iBAAiB,CACxB,IAAY,EACZ,QAAgB,EAChB,OAAe,EACf,QAAyB;IAEzB,MAAM,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACzB,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACvB,IAAK,mBAAyC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACnE,OAAO,SAA8B,CAAC;IACxC,CAAC;IACD,QAAQ,CAAC,IAAI,CAAC;QACZ,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,oBAAoB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,+BAA+B,SAAS,sBAAsB,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACvG,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;QACvG,WAAW,EAAE,iBAAiB,CAAC,oBAAoB,EAAE,OAAO,EAAE,CAAC,CAAC;KACjE,CAAC,CAAC;IACH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,aAAuB;IACtD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,OAAO;QACL;YACE,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,aAAa;YACtB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,QAAQ;SACjB;KACF,CAAC;AACJ,CAAC"}

package/dist/suppression/types.d.ts

@@ -2,6 +2,13 @@
  * Types for the review suppression system.
  */
 import type { ReviewFinding } from '../types.js';
+/**
+ * Closed enum for why a suppression was added. Free-text would be a JSON/SARIF
+ * injection sink (red-team finding) and impossible to aggregate. Anything not
+ * in this set is rejected at parse time with a warning.
+ */
+export type SuppressionReason = 'false-positive' | 'wont-fix' | 'intentional' | 'not-applicable';
+export declare const SUPPRESSION_REASONS: readonly SuppressionReason[];
 /** A parsed suppression directive from source comments or config */
 export interface SuppressionDirective {
     /** 'line' = suppress on a specific line, 'file' = suppress entire file */
@@ -16,6 +23,8 @@ export interface SuppressionDirective {
     source: 'inline' | 'config';
     /** The raw line number where the comment was found (for unused-directive warnings) */
     commentLine?: number;
+    /** Why this rule was suppressed. Closed enum; free text is rejected. */
+    reason?: SuppressionReason;
 }
 /** Result of applying suppression to a set of findings */
 export interface SuppressionResult {

package/dist/suppression/types.js

@@ -1,5 +1,10 @@
 /**
  * Types for the review suppression system.
  */
-export {};
+export const SUPPRESSION_REASONS = [
+    'false-positive',
+    'wont-fix',
+    'intentional',
+    'not-applicable',
+];
 //# sourceMappingURL=types.js.map

package/dist/suppression/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/suppression/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/suppression/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAWH,MAAM,CAAC,MAAM,mBAAmB,GAAiC;IAC/D,gBAAgB;IAChB,UAAU;IACV,aAAa;IACb,gBAAgB;CACjB,CAAC"}

package/dist/taint-crossfile.js

@@ -106,9 +106,10 @@ export function buildImportMap(inferredPerFile, graphImports) {
 export function buildExportMapFromGraph(project, graph) {
     const exportMap = new Map();
     for (const gf of graph.files) {
-        if (!supportsTsMorphGraphFile(gf.path))
+        if (!supportsTsMorphGraphFile(gf.canonicalPath))
             continue;
-        const sf = project.getSourceFile(gf.path);
+        // Use canonical for the ts-morph lookup — cgProject is keyed canonical.
+        const sf = project.getSourceFile(gf.canonicalPath);
         if (!sf)
             continue;
         for (const [exportName, decls] of sf.getExportedDeclarations()) {
@@ -129,9 +130,13 @@ export function buildExportMapFromGraph(project, graph) {
                     }));
                     sinks.push(...findTaintedSinks(code, dummyTaint));
                 }
-                const key = `${gf.path}::${exportName}`;
+                // Keys use canonicalPath so callers building keys from a callGraph
+                // function (which has fn.filePath = canonical) match. filePath on
+                // the value side stays canonical for the same reason; reporters
+                // map back to display via the canonicalToDisplay map in index.ts.
+                const key = `${gf.canonicalPath}::${exportName}`;
                 exportMap.set(key, {
-                    filePath: gf.path,
+                    filePath: gf.canonicalPath,
                     fnName: exportName,
                     params,
                     hasSink: sinks.length > 0,
@@ -152,9 +157,9 @@ export function buildExportMapFromGraph(project, graph) {
 export function buildImportMapFromGraph(project, graph) {
     const importMap = new Map();
     for (const gf of graph.files) {
-        if (!supportsTsMorphGraphFile(gf.path))
+        if (!supportsTsMorphGraphFile(gf.canonicalPath))
             continue;
-        const sf = project.getSourceFile(gf.path);
+        const sf = project.getSourceFile(gf.canonicalPath);
         if (!sf)
             continue;
         for (const imp of sf.getImportDeclarations()) {
@@ -167,14 +172,16 @@ export function buildImportMapFromGraph(project, graph) {
             }
             if (!target)
                 continue;
+            // ts-morph returns canonical here because cgProject was seeded
+            // canonical — no extra canonicalisation needed for symmetry.
             const targetPath = target.getFilePath();
             for (const named of imp.getNamedImports()) {
                 const localName = named.getAliasNode()?.getText() ?? named.getName();
-                importMap.set(`${gf.path}::${localName}`, targetPath);
+                importMap.set(`${gf.canonicalPath}::${localName}`, targetPath);
             }
             const def = imp.getDefaultImport();
             if (def)
-                importMap.set(`${gf.path}::${def.getText()}`, targetPath);
+                importMap.set(`${gf.canonicalPath}::${def.getText()}`, targetPath);
         }
     }
     return importMap;

package/dist/taint-crossfile.js.map

@@ -1 +1 @@
-{"version":3,"file":"taint-crossfile.js","sourceRoot":"","sources":["../src/taint-crossfile.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAIxH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1G,SAAS,wBAAwB,CAAC,QAAgB;IAChD,OAAO,yBAAyB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,4EAA4E;AAE5E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,eAA2C;IACxE,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEtB,2EAA2E;YAC3E,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;YACpD,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE,CAAC;YACtD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,MAAM,IAAI,GAAI,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAEpD,sDAAsD;YACtD,MAAM,KAAK,GAAgB,EAAE,CAAC;YAC9B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,UAAU,GAAkB,EAAE,CAAC;gBACrC,wDAAwD;gBACxD,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBACnB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,CAAC;gBACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,MAAM,EAAE,EAAE;gBACtC,QAAQ;gBACR,MAAM;gBACN,MAAM;gBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;gBACzB,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,eAA2C,EAC3C,YAAmC;IAEnC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YACvC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,MAAM,KAAK,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,KAAgB,IAAI,EAAE,CAAC;YACpD,MAAM,aAAa,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAkB,IAAI,EAAE,CAAC;YAE9D,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,mDAAmD;YACnD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9C,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CACpE,CAAC;YACF,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,8CAA8C;YAC9C,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBACzD,IAAI,IAAI;wBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAkB;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;gBAC3C,IAAI,CAAC,SAAS;oBAAE,SAAS;gBAEzB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC;gBACnC,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEnB,MAAM,KAAK,GAAgB,EAAE,CAAC;gBAC9B,IAAI,IAAI,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,MAAM,UAAU,GAAkB,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAC1D,IAAI;wBACJ,MAAM,EAAE,SAAS,IAAI,EAAE;qBACxB,CAAC,CAAC,CAAC;oBACJ,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;gBAED,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACxC,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE;oBACjB,QAAQ,EAAE,EAAE,CAAC,IAAI;oBACjB,MAAM,EAAE,UAAU;oBAClB,MAAM;oBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;oBACzB,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAkB;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7C,IAAI,MAA8B,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,CAAC,4BAA4B,EAAE,IAAI,SAAS,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YAExC,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;gBAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBACrE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,SAAS,EAAE,EAAE,UAAU,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,GAAG,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACnC,IAAI,GAAG;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgB,EAAE,KAAkB;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7C,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;gBACnC,IAAI,CAAC,KAAK;oBAAE,SAAS,CAAC,+CAA+C;gBACrE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;gBACrC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,SAAS,EAAE,EAAE,YAAY,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4EAA4E;AAC5E,SAAS,kBAAkB,CAAC,IAA6B;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAEhC,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAA8C,CAAC;QAC1D,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,EAAE;iBACP,aAAa,EAAE;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,IAAI,CAAC,GAAG,CAAC;YACZ,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;SAC5B,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAA8C,CAAC;QAC1D,MAAM,IAAI,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,KAAK,oBAAoB;YAAE,OAAO,SAAS,CAAC;QACxF,MAAM,EAAE,GAAG,IAAgF,CAAC;QAC5F,OAAO;YACL,MAAM,EAAE,EAAE;iBACP,aAAa,EAAE;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,IAAI,CAAC,GAAG,CAAC;YACZ,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,eAA2C,EAC3C,YAAmC,EACnC,KAAmB;IAEnB,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEhE,wEAAwE;IACxE,6EAA6E;IAC7E,qEAAqE;IACrE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,uEAAuE;IACvE,8EAA8E;IAC9E,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;YACtC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7D,KAAK,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;YAC7C,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,qDAAqD;IACrD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,MAAM,UAAU,GAAgC,EAAE,CAAC;IACnD,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,SAAS;YACzC,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjD,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,EAAE;gBAAE,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,MAAM,aAAa,GAAG,CAAC,IAMtB,EAAE,EAAE;QACH,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,OAAO;QAElB,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEvC,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7D,MAAM,SAAS,GAAG,eAAe,CAAC;QAClC,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEpD,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,0EAA0E;YAC1E,+CAA+C;YAC/C,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,IAAI,QAAQ,CAAC;YAC1E,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,YAAY,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,QAAQ,EAAE,OAAO;gBAAE,SAAS;YAEjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACxD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,MAAM,WAAW,GAAa,EAAE,CAAC;YACjC,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC;YACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEvC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,eAAe,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;YACrD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5C,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CACxE,CAAC;YACF,IAAI,YAAY;gBAAE,SAAS;YAE3B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAClC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrE,IAAI,CAAC,MAAM;oBAAE,SAAS;gBACtB,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,SAAS;oBACrB,UAAU,EAAE,YAAY;oBACxB,QAAQ,EAAE,YAAY;oBACtB,WAAW;oBACX,YAAY,EAAE,IAAI;oBAClB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,qBAAqB;IACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,aAAa,CAAC;gBACZ,QAAQ;gBACR,MAAM,EAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,WAAW;gBACrD,SAAS,EAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE;gBACjD,IAAI,EAAG,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE;gBAC5C,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,0BAA0B;IACjE,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI;gBAAE,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,KAAK,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAAE,SAAS;YAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,GAAG;oBAAE,SAAS;gBACnB,aAAa,CAAC;oBACZ,QAAQ;oBACR,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,GAAG,CAAC,MAAM;oBACrB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,SAAS,EAAE,IAAI,CAAC,kBAAkB,EAAE;iBACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
+{"version":3,"file":"taint-crossfile.js","sourceRoot":"","sources":["../src/taint-crossfile.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAIxH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1G,SAAS,wBAAwB,CAAC,QAAgB;IAChD,OAAO,yBAAyB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,4EAA4E;AAE5E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,eAA2C;IACxE,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEtB,2EAA2E;YAC3E,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;YACpD,IAAI,CAAC,UAAU;gBAAE,SAAS;YAE1B,MAAM,MAAM,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE,CAAC;YACtD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,MAAM,IAAI,GAAI,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAEpD,sDAAsD;YACtD,MAAM,KAAK,GAAgB,EAAE,CAAC;YAC9B,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,UAAU,GAAkB,EAAE,CAAC;gBACrC,wDAAwD;gBACxD,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBACnB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,CAAC;gBACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,MAAM,EAAE,EAAE;gBACtC,QAAQ;gBACR,MAAM;gBACN,MAAM;gBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;gBACzB,KAAK;aACN,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,eAA2C,EAC3C,YAAmC;IAEnC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,MAAM,eAAe,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YACvC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,MAAM,KAAK,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,KAAgB,IAAI,EAAE,CAAC;YACpD,MAAM,aAAa,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAkB,IAAI,EAAE,CAAC;YAE9D,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,mDAAmD;YACnD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9C,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,CACpE,CAAC;YACF,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,8CAA8C;YAC9C,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBACzD,IAAI,IAAI;wBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,aAAa,EAAE,EAAE,YAAY,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAkB;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4B,CAAC;IAEtD,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,aAAa,CAAC;YAAE,SAAS;QAC1D,wEAAwE;QACxE,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;QACnD,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;gBAC3C,IAAI,CAAC,SAAS;oBAAE,SAAS;gBAEzB,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,SAAS,CAAC;gBACnC,MAAM,UAAU,GAAG,MAAM;qBACtB,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;qBAC1C,MAAM,CAAC,OAAO,CAAC,CAAC;gBAEnB,MAAM,KAAK,GAAgB,EAAE,CAAC;gBAC9B,IAAI,IAAI,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClC,MAAM,UAAU,GAAkB,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;wBAC1D,IAAI;wBACJ,MAAM,EAAE,SAAS,IAAI,EAAE;qBACxB,CAAC,CAAC,CAAC;oBACJ,KAAK,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpD,CAAC;gBAED,mEAAmE;gBACnE,kEAAkE;gBAClE,gEAAgE;gBAChE,kEAAkE;gBAClE,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;gBACjD,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE;oBACjB,QAAQ,EAAE,EAAE,CAAC,aAAa;oBAC1B,MAAM,EAAE,UAAU;oBAClB,MAAM;oBACN,OAAO,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;oBACzB,KAAK;iBACN,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAgB,EAAE,KAAkB;IAC1E,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,aAAa,CAAC;YAAE,SAAS;QAC1D,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;QACnD,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7C,IAAI,MAA8B,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,CAAC,4BAA4B,EAAE,IAAI,SAAS,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,+DAA+D;YAC/D,6DAA6D;YAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;YAExC,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;gBAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBACrE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,aAAa,KAAK,SAAS,EAAE,EAAE,UAAU,CAAC,CAAC;YACjE,CAAC;YACD,MAAM,GAAG,GAAG,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACnC,IAAI,GAAG;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,aAAa,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgB,EAAE,KAAkB;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;YAAE,SAAS;QACjD,MAAM,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,EAAE;YAAE,SAAS;QAElB,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7C,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC;gBACnC,IAAI,CAAC,KAAK;oBAAE,SAAS,CAAC,+CAA+C;gBACrE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;gBACrC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,KAAK,SAAS,EAAE,EAAE,YAAY,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,4EAA4E;AAC5E,SAAS,kBAAkB,CAAC,IAA6B;IACvD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAEhC,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAA8C,CAAC;QAC1D,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,EAAE;iBACP,aAAa,EAAE;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,IAAI,CAAC,GAAG,CAAC;YACZ,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;SAC5B,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAA8C,CAAC;QAC1D,MAAM,IAAI,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,QAAQ,KAAK,eAAe,IAAI,QAAQ,KAAK,oBAAoB;YAAE,OAAO,SAAS,CAAC;QACxF,MAAM,EAAE,GAAG,IAAgF,CAAC;QAC5F,OAAO;YACL,MAAM,EAAE,EAAE;iBACP,aAAa,EAAE;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,IAAI,CAAC,GAAG,CAAC;YACZ,IAAI,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,eAA2C,EAC3C,YAAmC,EACnC,KAAmB;IAEnB,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;IAEhE,wEAAwE;IACxE,6EAA6E;IAC7E,qEAAqE;IACrE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,uEAAuE;IACvE,8EAA8E;IAC9E,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;YACtC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7D,KAAK,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;YAC7C,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,qDAAqD;IACrD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACtD,MAAM,UAAU,GAAgC,EAAE,CAAC;IACnD,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACnB,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,SAAS;YACzC,IAAI,CAAC,wBAAwB,CAAC,EAAE,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjD,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,EAAE;gBAAE,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAA2B,EAAE,CAAC;IAE3C,MAAM,aAAa,GAAG,CAAC,IAMtB,EAAE,EAAE;QACH,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,OAAO;QAElB,MAAM,aAAa,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAEvC,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAE7D,MAAM,SAAS,GAAG,eAAe,CAAC;QAClC,IAAI,SAAS,CAAC;QACd,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEpD,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,0EAA0E;YAC1E,+CAA+C;YAC/C,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,QAAQ,EAAE,CAAC,IAAI,QAAQ,CAAC;YAC1E,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,YAAY,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,QAAQ,EAAE,OAAO;gBAAE,SAAS;YAEjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACxD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,MAAM,WAAW,GAAa,EAAE,CAAC;YACjC,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1E,CAAC;YACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEvC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,eAAe,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;YACrD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAC5C,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CACxE,CAAC;YACF,IAAI,YAAY;gBAAE,SAAS;YAE3B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAClC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrE,IAAI,CAAC,MAAM;oBAAE,SAAS;gBACtB,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,SAAS;oBACrB,UAAU,EAAE,YAAY;oBACxB,QAAQ,EAAE,YAAY;oBACtB,WAAW;oBACX,YAAY,EAAE,IAAI;oBAClB,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,qBAAqB;IACrB,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YACnE,aAAa,CAAC;gBACZ,QAAQ;gBACR,MAAM,EAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,WAAW;gBACrD,SAAS,EAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAiB,IAAI,EAAE;gBACjD,IAAI,EAAG,OAAO,EAAE,KAAK,EAAE,IAAe,IAAI,EAAE;gBAC5C,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC,CAAC,0BAA0B;IACjE,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,eAAe,EAAE,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,SAAS;YACnC,MAAM,IAAI,GAAI,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,IAAe,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI;gBAAE,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IACD,KAAK,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC/D,IAAI,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAAE,SAAS;YAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,CAAC,GAAG;oBAAE,SAAS;gBACnB,aAAa,CAAC;oBACZ,QAAQ;oBACR,MAAM,EAAE,UAAU;oBAClB,SAAS,EAAE,GAAG,CAAC,MAAM;oBACrB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,SAAS,EAAE,IAAI,CAAC,kBAAkB,EAAE;iBACrC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/telemetry.d.ts

@@ -0,0 +1,126 @@
+import type { CalibrationStage, ReviewFinding, ReviewPolicy, ReviewReport } from './types.js';
+export interface ReviewTelemetryRule {
+    ruleId: string;
+    findings: number;
+    suppressed: number;
+    errors: number;
+    warnings: number;
+    notes: number;
+    rootCauses: number;
+    precision?: string;
+    lifecycle?: string;
+    ciDefault?: string;
+    /** Suppressions tagged `[reason: false-positive]`. */
+    suppressedAsFalsePositive?: number;
+    /** Suppressions tagged `[reason: wont-fix]`. */
+    suppressedAsWontFix?: number;
+    /** Suppressions tagged `[reason: intentional]`. */
+    suppressedAsIntentional?: number;
+    /** Suppressions tagged `[reason: not-applicable]`. */
+    suppressedAsNotApplicable?: number;
+    /**
+     * FP rate estimate: suppressedAsFalsePositive / (findings + suppressedAsFalsePositive).
+     * Trustworthy only when the directive corpus is honest — Phase 3 audit-policy
+     * spike alert is the safety mechanism against mass-poison campaigns.
+     */
+    fpRateEstimate?: number;
+}
+export interface ReviewTelemetryFinding {
+    file: string;
+    ruleId: string;
+    severity: ReviewFinding['severity'];
+    confidence?: number;
+    rootCauseKey?: string;
+    /** Calibration chain — emitted only under `audit` policy. */
+    calibrationTrail?: CalibrationStage[];
+}
+export interface ReviewTelemetrySnapshot {
+    schemaVersion: 1;
+    generatedAt: string;
+    policy: ReviewPolicy;
+    files: number;
+    findings: {
+        total: number;
+        errors: number;
+        warnings: number;
+        notes: number;
+    };
+    suppressed: {
+        total: number;
+    };
+    rootCauses: number;
+    health: {
+        status: 'ok' | 'degraded' | 'partial';
+        errors: number;
+        fallbacks: number;
+        skipped: number;
+    };
+    rules: ReviewTelemetryRule[];
+    performance?: {
+        durationMs?: number;
+    };
+    findingRows?: ReviewTelemetryFinding[];
+}
+export interface ReviewTelemetryOptions {
+    policy?: ReviewPolicy;
+    generatedAt?: string;
+    durationMs?: number;
+    includeFindings?: boolean;
+    /**
+     * When true, replace `file` paths in findingRows with a stable SHA-256 hash
+     * (first 16 hex chars). Set this on emission to a hosted telemetry sink so
+     * private package names and `/Users/<name>/...` paths do not leak across
+     * tenancy boundaries (Phase 1 red-team finding).
+     */
+    redactPaths?: boolean;
+}
+export interface WriteReviewTelemetryOptions extends ReviewTelemetryOptions {
+    outputPath?: string;
+    append?: boolean;
+}
+export interface WriteReviewTelemetryResult {
+    outputPath: string;
+    snapshot: ReviewTelemetrySnapshot;
+}
+export interface ReviewTelemetryRuleSummary extends ReviewTelemetryRule {
+    runs: number;
+    suppressionRate: number;
+    averageFindingsPerRun: number;
+}
+export interface ReviewTelemetrySummary {
+    runs: number;
+    firstRun?: string;
+    lastRun?: string;
+    files: number;
+    findings: {
+        total: number;
+        errors: number;
+        warnings: number;
+        notes: number;
+    };
+    suppressed: {
+        total: number;
+    };
+    rootCauses: number;
+    health: {
+        partial: number;
+        degraded: number;
+        ok: number;
+        errors: number;
+        fallbacks: number;
+        skipped: number;
+    };
+    performance: {
+        averageDurationMs?: number;
+        maxDurationMs?: number;
+    };
+    rules: ReviewTelemetryRuleSummary[];
+    noisyRules: ReviewTelemetryRuleSummary[];
+    promotionCandidates: ReviewTelemetryRuleSummary[];
+}
+export declare function buildReviewTelemetry(reports: readonly ReviewReport[], options?: ReviewTelemetryOptions): ReviewTelemetrySnapshot;
+export declare function writeReviewTelemetrySnapshot(reports: readonly ReviewReport[], options?: WriteReviewTelemetryOptions): WriteReviewTelemetryResult;
+export declare function parseReviewTelemetryJsonl(source: string): ReviewTelemetrySnapshot[];
+export declare function readReviewTelemetrySnapshots(path: string): ReviewTelemetrySnapshot[];
+export declare function summarizeReviewTelemetry(snapshots: readonly ReviewTelemetrySnapshot[]): ReviewTelemetrySummary;
+export declare function formatReviewTelemetrySummary(summary: ReviewTelemetrySummary): string;