@komatikai/trailhead 4.4.4 → 4.5.1

package/dist/shared/release-ready.js

@@ -1,97 +0,0 @@
-/**
- * Composite release readiness decision (ADR-006).
- */
-export function computeReleaseReady(input) {
-    const reasons = [];
-    if (input.gateMode === "risk-only") {
-        if (input.gateDecision === "block") {
-            reasons.push("Risk/policy gate decision is BLOCK");
-        }
-        else if (input.gateDecision === "warn") {
-            reasons.push("Risk/policy gate decision is WARN (non-blocking in risk-only mode)");
-        }
-        return {
-            releaseReady: input.gateDecision !== "block",
-            reasons,
-        };
-    }
-    if (input.ciSummary) {
-        if (!input.ciSummary.allRequiredPassed) {
-            const failed = input.ciSummary.checks.filter((c) => c.required &&
-                (c.status === "fail" || c.status === "missing" || c.status === "stale"));
-            for (const check of failed) {
-                reasons.push(`Required CI check "${check.name}" is ${check.status.toUpperCase()}`);
-            }
-        }
-        if (input.ciSummary.pendingCount > 0) {
-            reasons.push(`${input.ciSummary.pendingCount} required CI check(s) still pending`);
-        }
-    }
-    if (input.gateDecision === "block") {
-        reasons.push("Risk/policy gate decision is BLOCK");
-    }
-    if (input.riskScore > input.riskThreshold) {
-        reasons.push(`Risk score ${input.riskScore} exceeds threshold ${input.riskThreshold}`);
-    }
-    if (input.freezeActive) {
-        reasons.push(`Release freeze active${input.freezeMessage ? `: ${input.freezeMessage}` : ""}`);
-    }
-    if (input.healthChecksConfigured && input.healthScore < 50) {
-        reasons.push(`Health score ${input.healthScore} below minimum (50)`);
-    }
-    if (input.requireSecurityClear && input.securityBlocked) {
-        reasons.push("Security gate requires clearance — blocking alerts present");
-    }
-    const blockingFindings = (input.policyFindings ?? []).filter((f) => /blocking|requires|exceeds|configured to block/i.test(f));
-    if (blockingFindings.length > 0 && input.gateDecision === "block") {
-        for (const finding of blockingFindings.slice(0, 3)) {
-            if (!reasons.includes(finding))
-                reasons.push(finding);
-        }
-    }
-    const releaseReady = reasons.length === 0;
-    return { releaseReady, reasons };
-}
-export function applyReleaseReadyToEvaluation(evaluation, result, gateMode) {
-    return {
-        ...evaluation,
-        releaseReady: result.releaseReady,
-        releaseReadyReasons: result.reasons.length > 0 ? result.reasons : undefined,
-        gateMode,
-    };
-}
-export function checkConclusionForEvaluation(evaluation) {
-    const mode = evaluation.gateMode ?? "risk-only";
-    if (mode === "advisory") {
-        return "neutral";
-    }
-    if (mode === "release-ready") {
-        return evaluation.releaseReady ? "success" : "failure";
-    }
-    switch (evaluation.gateDecision) {
-        case "allow":
-            return "success";
-        case "warn":
-            return "neutral";
-        case "block":
-            return "failure";
-        default: {
-            const _exhaustive = evaluation.gateDecision;
-            return "failure";
-        }
-    }
-}
-export function shouldBlockMerge(evaluation) {
-    const mode = evaluation.gateMode ?? "risk-only";
-    if (mode === "advisory")
-        return false;
-    if (mode === "release-ready")
-        return evaluation.releaseReady === false;
-    return evaluation.gateDecision === "block";
-}
-export function resolveCheckName(gateMode, configuredName) {
-    if (gateMode === "risk-only")
-        return "Trailhead";
-    return configuredName ?? "Trailhead — Release Ready";
-}
-//# sourceMappingURL=release-ready.js.map

package/dist/shared/release-ready.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"release-ready.js","sourceRoot":"","sources":["../../src/shared/release-ready.ts"],"names":[],"mappings":"AAsBA;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAwB;IAC1D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,IAAI,KAAK,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QACnC,IAAI,KAAK,CAAC,YAAY,KAAK,OAAO,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QACrD,CAAC;aAAM,IAAI,KAAK,CAAC,YAAY,KAAK,MAAM,EAAE,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QACrF,CAAC;QACD,OAAO;YACL,YAAY,EAAE,KAAK,CAAC,YAAY,KAAK,OAAO;YAC5C,OAAO;SACR,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAC1C,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAC1E,CAAC;YACF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,IAAI,CACV,sBAAsB,KAAK,CAAC,IAAI,QAAQ,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,KAAK,CAAC,SAAS,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,YAAY,qCAAqC,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,YAAY,KAAK,OAAO,EAAE,CAAC;QACnC,OAAO,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,aAAa,EAAE,CAAC;QAC1C,OAAO,CAAC,IAAI,CACV,cAAc,KAAK,CAAC,SAAS,sBAAsB,KAAK,CAAC,aAAa,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,IAAI,CACV,wBAAwB,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAChF,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,sBAAsB,IAAI,KAAK,CAAC,WAAW,GAAG,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,WAAW,qBAAqB,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,KAAK,CAAC,oBAAoB,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,KAAK,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACjE,gDAAgD,CAAC,IAAI,CAAC,CAAC,CAAC,CACzD,CAAC;IACF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,YAAY,KAAK,OAAO,EAAE,CAAC;QAClE,KAAK,MAAM,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;IAE1C,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,UAA0B,EAC1B,MAA0B,EAC1B,QAAkB;IAElB,OAAO;QACL,GAAG,UAAU;QACb,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,mBAAmB,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAC3E,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,UAA0B;IAE1B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,IAAI,WAAW,CAAC;IAEhD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;QAC7B,OAAO,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IACzD,CAAC;IAED,QAAQ,UAAU,CAAC,YAAY,EAAE,CAAC;QAChC,KAAK,OAAO;YACV,OAAO,SAAS,CAAC;QACnB,KAAK,MAAM;YACT,OAAO,SAAS,CAAC;QACnB,KAAK,OAAO;YACV,OAAO,SAAS,CAAC;QACnB,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,WAAW,GAAU,UAAU,CAAC,YAAY,CAAC;YACnD,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,UAA0B;IACzD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,IAAI,WAAW,CAAC;IAEhD,IAAI,IAAI,KAAK,UAAU;QAAE,OAAO,KAAK,CAAC;IACtC,IAAI,IAAI,KAAK,eAAe;QAAE,OAAO,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC;IACvE,OAAO,UAAU,CAAC,YAAY,KAAK,OAAO,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAkB,EAAE,cAAuB;IAC1E,IAAI,QAAQ,KAAK,WAAW;QAAE,OAAO,WAAW,CAAC;IACjD,OAAO,cAAc,IAAI,2BAA2B,CAAC;AACvD,CAAC"}

package/dist/shared/submission-checks/detectors.d.ts

@@ -1,23 +0,0 @@
-import type { SubmissionCheckResult } from "../types.js";
-import type { SubmissionCheckContext } from "./types.js";
-export declare const OLD_NAME_PATTERNS: Array<{
-    oldName: string;
-    newName: string;
-    pattern: RegExp;
-}>;
-export declare function detectMockPlaceholder(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectSecrets(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectDestructiveSql(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectArtifactIntegrity(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectContextFreshness(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectPathFormat(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectHardcodedEnv(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectLargeFile(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectImportResolution(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectRlsNewTables(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectAuthRouteAuth(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectExternalPackageDeps(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectSqlSyntaxBasic(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectSyntaxValidity(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function detectSoulIntegrity(ctx: SubmissionCheckContext): SubmissionCheckResult | null;
-export declare function runAllDetectors(ctx: SubmissionCheckContext): SubmissionCheckResult[];

package/dist/shared/submission-checks/detectors.js

@@ -1,547 +0,0 @@
-// Gate 1 detectors — ported from komatik-agents agent-gate-checks (patch/content based).
-import { addedLines, extensionOf, extractAllImports, fileContent, isStaleArchivedPath, isTestPath, lineCountFromPatch, linesForFreshnessScan, normalizePath, scanAddedContent, } from "./helpers.js";
-import { runPhase0Detectors } from "./phase0-detectors.js";
-import { validateFileSyntax } from "./syntax-validity.js";
-export const OLD_NAME_PATTERNS = [
-    { oldName: "DeployGuard", newName: "Trailhead", pattern: /\bDeployGuard\b/g },
-    { oldName: "Daydream Studio", newName: "Sundog", pattern: /\bDaydream Studio\b/g },
-    {
-        oldName: "Storyboard Studio",
-        newName: "Kindling",
-        pattern: /\bStoryboard Studio\b/g,
-    },
-    { oldName: "Cognitive Debt", newName: "Drift", pattern: /\bCognitive Debt\b/g },
-    { oldName: "cognitive-debt", newName: "Drift", pattern: /\bcognitive-debt\b/g },
-];
-const SLUG_ONLY_PATTERNS = [
-    /\bcognitive-debt\b/,
-    /\bstoryboard-studio\b/,
-    /\bdaydream-studio\b/,
-    /\bshadow-ai-governance\b/,
-];
-const MOCK_PATTERNS = [
-    /\bTODO\s*\(\s*mock\s*\)/i,
-    /\bFIXME\s*\(\s*mock\s*\)/i,
-    /\bMOCK_[A-Z0-9_]+\b/,
-    /\bfakeImplementation\b/,
-    /\bstubResponse\s*\(/i,
-    /\b(?:generate|create|build|get)(?:Mock|Fake|Dummy|Sample)\w*/g,
-    /\b(?:mockData|fakeData|sampleData|dummyData|testData)\b/g,
-    /\bTODO:\s*implement\b/gi,
-    /\bFIXME\b/g,
-    /\bIn production,\s*use\b/i,
-    /\bplaceholder\b/gi,
-    /\blorem ipsum\b/gi,
-];
-const SECRET_PATTERNS = [
-    { name: "AWS access key", pattern: /\bAKIA[0-9A-Z]{16}\b/g },
-    { name: "GitHub token", pattern: /\bgh[pousr]_[A-Za-z0-9_]{20,}\b/g },
-    { name: "Stripe live key", pattern: /\bsk_live_[A-Za-z0-9]{10,}\b/g },
-    { name: "Stripe test key", pattern: /\bsk_test_[A-Za-z0-9]{10,}\b/g },
-    { name: "Private key block", pattern: /-----BEGIN [A-Z ]+PRIVATE KEY-----/g },
-    {
-        name: "Generic API key assignment",
-        pattern: /api[_-]?key\s*[:=]\s*['"][A-Za-z0-9_-]{32,}['"]/gi,
-    },
-];
-const HARDCODED_ENV_PATTERNS = [
-    { name: "localhost with port", pattern: /(?:['"`])localhost:\d{2,5}(?:['"`])/g },
-    {
-        name: "hardcoded private IP",
-        pattern: /(?:['"`])(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3})(?::\d+)?(?:['"`])/g,
-    },
-];
-const NODE_BUILTINS = new Set([
-    "assert",
-    "async_hooks",
-    "buffer",
-    "child_process",
-    "cluster",
-    "console",
-    "constants",
-    "crypto",
-    "dgram",
-    "dns",
-    "events",
-    "fs",
-    "http",
-    "http2",
-    "https",
-    "module",
-    "net",
-    "os",
-    "path",
-    "process",
-    "stream",
-    "url",
-    "util",
-    "zlib",
-]);
-function result(partial) {
-    return { autofix_eligible: false, ...partial };
-}
-export function detectMockPlaceholder(ctx) {
-    const hits = scanAddedContent(ctx.files, (line, filename) => {
-        if (isTestPath(filename))
-            return false;
-        if (/\.(md|txt)$/i.test(filename))
-            return false;
-        return MOCK_PATTERNS.some((re) => {
-            re.lastIndex = 0;
-            return re.test(line);
-        });
-    });
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "mock_placeholder",
-        severity: "blocking",
-        title: "Mock placeholder in production path",
-        detail: `Found mock/TODO placeholder patterns in ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Remove mock placeholders and implement real behavior.",
-    });
-}
-export function detectSecrets(ctx) {
-    const hits = scanAddedContent(ctx.files, (line) => SECRET_PATTERNS.some((entry) => {
-        entry.pattern.lastIndex = 0;
-        return entry.pattern.test(line);
-    }));
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "secrets",
-        severity: "blocking",
-        title: "Potential secret in diff",
-        detail: `Added lines match secret patterns in ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Remove secrets; use environment variables or a secret manager.",
-    });
-}
-export function detectDestructiveSql(ctx) {
-    const sqlFiles = ctx.files.filter((f) => extensionOf(f.filename) === ".sql");
-    const hits = scanAddedContent(sqlFiles, (line) => /\b(DROP\s+TABLE|TRUNCATE|DELETE\s+FROM(?![^\n]*\bWHERE\b))/i.test(line));
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "destructive_sql",
-        severity: "blocking",
-        title: "Destructive SQL in migration",
-        detail: `Added SQL contains destructive statements in ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Use additive migrations; avoid DROP/TRUNCATE without human approval.",
-    });
-}
-export function detectArtifactIntegrity(ctx) {
-    const referenced = new Set();
-    const pathRefPattern = /(?:^|\s|['"`])([\w@./-]+\.(?:ts|tsx|js|jsx|md|sql|yml|yaml|json))(?:['"`]|\s|:)/g;
-    for (const file of ctx.files) {
-        for (const line of addedLines(file.patch)) {
-            if (!/(?:import|from|require|see|fix|update)\s/i.test(line))
-                continue;
-            for (const match of line.matchAll(pathRefPattern)) {
-                const candidate = match[1]?.replace(/^\.\//, "");
-                if (!candidate || candidate.includes("*"))
-                    continue;
-                if (!ctx.prPaths.has(candidate) && !candidate.startsWith("node:")) {
-                    referenced.add(candidate);
-                }
-            }
-        }
-    }
-    if (referenced.size === 0)
-        return null;
-    const missing = [...referenced].slice(0, 8);
-    return result({
-        code: "artifact_integrity",
-        severity: "blocking",
-        title: "Referenced files missing from PR",
-        detail: `Added lines reference paths not in this PR: ${missing.join(", ")}${referenced.size > 8 ? "…" : ""}.`,
-        files: missing,
-        suggested_action: "Include referenced files or fix hallucinated paths.",
-    });
-}
-function isNamingAllowlisted(filename, line, allowlist = {}) {
-    const trimmed = line.trim();
-    const path = normalizePath(filename);
-    const ext = extensionOf(filename);
-    const skipExtensions = allowlist.skip_extensions ?? [".sql"];
-    const skipPathPatterns = allowlist.skip_path_patterns ?? ["migrations/", "schema/"];
-    const skipCommentMarkers = allowlist.skip_comment_markers ?? [
-        "historical:",
-        "migration:",
-        "deprecated:",
-    ];
-    if (allowlist.skip_in_imports !== false &&
-        /^import\s|^from\s|require\(/.test(trimmed)) {
-        return true;
-    }
-    if (skipExtensions.includes(ext))
-        return true;
-    if (skipPathPatterns.some((pattern) => path.includes(pattern)))
-        return true;
-    if (skipCommentMarkers.some((marker) => trimmed.toLowerCase().includes(marker.toLowerCase()))) {
-        return true;
-    }
-    if (/\/memory\//.test(path))
-        return true;
-    if (/RESEARCH\.md$|BRAND\.md$|CHANGELOG\.md$/.test(path))
-        return true;
-    if (/^\[.*\]\(.*\)/.test(trimmed) || /\]\(http/.test(trimmed))
-        return true;
-    if (SLUG_ONLY_PATTERNS.some((p) => p.test(trimmed)) &&
-        !/[A-Z]/.test(trimmed.match(/(?:cognitive-debt|storyboard-studio|daydream-studio|shadow-ai-governance)/)?.[0] ?? "")) {
-        return true;
-    }
-    if (/["'`/]/.test(trimmed)) {
-        const inStringOrPath = /["'`/][^"'`]*(?:deployguard|storyboard-studio|daydream-studio|cognitive-debt|shadow-ai-governance|komatik-yggdrasil)[^"'`]*["'`/]/i;
-        if (inStringOrPath.test(trimmed))
-            return true;
-    }
-    return false;
-}
-export function detectContextFreshness(ctx) {
-    if (!ctx.komatikInstance && ctx.staleTerms.length === 0)
-        return null;
-    const hits = [];
-    for (const file of ctx.files) {
-        if (isStaleArchivedPath(file.filename, ctx.pathIgnorePatterns))
-            continue;
-        for (const line of linesForFreshnessScan(file)) {
-            if (isNamingAllowlisted(file.filename, line, ctx.namingAllowlist))
-                continue;
-            for (const term of ctx.staleTerms) {
-                if (line.toLowerCase().includes(term.toLowerCase()))
-                    hits.push(file.filename);
-            }
-            if (ctx.komatikInstance) {
-                for (const entry of OLD_NAME_PATTERNS) {
-                    entry.pattern.lastIndex = 0;
-                    if (entry.pattern.test(line))
-                        hits.push(file.filename);
-                }
-            }
-        }
-    }
-    const unique = [...new Set(hits)];
-    if (unique.length === 0)
-        return null;
-    return result({
-        code: "context_freshness",
-        severity: "warn",
-        title: "Stale naming or deprecated terms",
-        detail: `Added lines reference deprecated terms in ${unique.join(", ")}.`,
-        files: unique,
-        suggested_action: "Update naming to current product vocabulary (see BRAND.md).",
-        autofix_eligible: true,
-    });
-}
-export function detectPathFormat(ctx) {
-    if (!ctx.komatikInstance)
-        return null;
-    const hits = ctx.files
-        .map((f) => normalizePath(f.filename))
-        .filter((name) => /^komatik-agents\/agents\//.test(name) ||
-        /\/agents\/agents\//.test(name) ||
-        (!/^agents\/[a-z][a-z0-9-]*\/suggestions\//.test(name) &&
-            /\/suggestions\//.test(name) &&
-            !name.startsWith("agents/")));
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "path_format",
-        severity: "warn",
-        title: "Suspicious agent suggestion path",
-        detail: `Paths should match agents/<id>/suggestions/<project>/… — found: ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Use canonical agent suggestion paths without repo prefix.",
-    });
-}
-export function detectHardcodedEnv(ctx) {
-    const hits = scanAddedContent(ctx.files, (line, filename) => {
-        if (/\.(md|txt)$/i.test(filename))
-            return false;
-        if (/^\s*\/\/|^\s*\*|^\s*#/.test(line))
-            return false;
-        return HARDCODED_ENV_PATTERNS.some((entry) => {
-            entry.pattern.lastIndex = 0;
-            return entry.pattern.test(line);
-        });
-    });
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "hardcoded_env",
-        severity: "blocking",
-        title: "Hardcoded environment value",
-        detail: `Added lines contain hardcoded localhost/IP patterns in ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Use environment variables or configuration instead of hardcoded hosts.",
-    });
-}
-export function detectLargeFile(ctx) {
-    const hits = ctx.files
-        .filter((file) => {
-        const lines = typeof file.content === "string"
-            ? file.content.split("\n").length
-            : lineCountFromPatch(file.patch);
-        return lines > ctx.maxFileLines;
-    })
-        .map((f) => f.filename);
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "large_file",
-        severity: "warn",
-        title: "Large file in PR",
-        detail: `Files exceed ${ctx.maxFileLines} lines: ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Split large changes into smaller PRs.",
-    });
-}
-function extractRelativeImports(content) {
-    const imports = [];
-    const patterns = [
-        /\bimport\s+(?:type\s+)?(?:[^'"]+\s+from\s+)?['"](\.\.?[^'"]+)['"]/g,
-        /\brequire\(\s*['"](\.\.?[^'"]+)['"]\s*\)/g,
-    ];
-    for (const pattern of patterns) {
-        for (const match of content.matchAll(pattern)) {
-            if (match[1])
-                imports.push(match[1]);
-        }
-    }
-    return imports;
-}
-function resolveRelativeImport(fromFile, specifier, prPaths) {
-    const clean = specifier.split("?")[0].split("#")[0];
-    const baseDir = normalizePath(fromFile).split("/").slice(0, -1);
-    const segments = clean.replace(/^\.\//, "").split("/");
-    for (const segment of segments) {
-        if (segment === "..")
-            baseDir.pop();
-        else if (segment !== ".")
-            baseDir.push(segment);
-    }
-    const resolved = baseDir.join("/");
-    const candidates = [
-        resolved,
-        `${resolved}.ts`,
-        `${resolved}.tsx`,
-        `${resolved}.js`,
-        `${resolved}.jsx`,
-        `${resolved}/index.ts`,
-        `${resolved}/index.js`,
-    ];
-    return candidates.some((c) => prPaths.has(c));
-}
-export function detectImportResolution(ctx) {
-    const codeExts = new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"]);
-    const hits = [];
-    for (const file of ctx.files) {
-        if (!codeExts.has(extensionOf(file.filename)))
-            continue;
-        const content = fileContent(file);
-        for (const specifier of extractRelativeImports(content)) {
-            if (!resolveRelativeImport(file.filename, specifier, ctx.prPaths)) {
-                hits.push(file.filename);
-                break;
-            }
-        }
-    }
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "import_resolution",
-        severity: "blocking",
-        title: "Unresolved relative import",
-        detail: `Relative imports could not be resolved within this PR: ${[...new Set(hits)].join(", ")}.`,
-        files: [...new Set(hits)],
-        suggested_action: "Add missing files to the PR or fix import paths.",
-    });
-}
-export function detectRlsNewTables(ctx) {
-    const sqlFiles = ctx.files.filter((f) => extensionOf(f.filename) === ".sql");
-    const corpus = sqlFiles.map((f) => fileContent(f)).join("\n");
-    const hits = [];
-    const createTable = /\bCREATE\s+(?!TEMP(?:ORARY)?\s+)TABLE\s+(?:IF\s+NOT\s+EXISTS\s+)?((?:"?[A-Za-z_][\w$]*"?\.)?"?[A-Za-z_][\w$]*"?)/gi;
-    for (const file of sqlFiles) {
-        const content = fileContent(file);
-        for (const match of content.matchAll(createTable)) {
-            const table = match[1]?.replace(/"/g, "") ?? "";
-            const pattern = new RegExp(`ALTER\\s+TABLE\\s+(?:ONLY\\s+)?["']?${table.split(".").pop()}["']?\\s+ENABLE\\s+ROW\\s+LEVEL\\s+SECURITY`, "i");
-            if (!pattern.test(corpus))
-                hits.push(file.filename);
-        }
-    }
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "rls_new_tables",
-        severity: "blocking",
-        title: "New table missing RLS",
-        detail: `CREATE TABLE without ENABLE ROW LEVEL SECURITY in ${[...new Set(hits)].join(", ")}.`,
-        files: [...new Set(hits)],
-        suggested_action: "Add ALTER TABLE ... ENABLE ROW LEVEL SECURITY for every new table.",
-    });
-}
-function isRouteAllowlisted(path, allowlist) {
-    return allowlist.some((entry) => path.includes(entry.replace(/^\//, "")));
-}
-export function detectAuthRouteAuth(ctx) {
-    const routePattern = /(?:^|\/)(?:app\/api\/.+\/route|pages\/api\/.+)\.(?:ts|tsx|js|jsx)$/;
-    const authPattern = /\b(getUser|getSession|getServerSession|auth|requireAuth|withAuth)\s*\(/;
-    const hits = [];
-    for (const file of ctx.files) {
-        const normalized = normalizePath(file.filename);
-        if (!routePattern.test(normalized))
-            continue;
-        if (isRouteAllowlisted(normalized, ctx.authRouteAllowlist))
-            continue;
-        if (!authPattern.test(fileContent(file)))
-            hits.push(normalized);
-    }
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "auth_route_auth",
-        severity: "blocking",
-        title: "API route missing auth check",
-        detail: `Routes appear to lack session/user verification: ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Verify authenticated user before handling the request.",
-    });
-}
-function packageNameFromSpecifier(specifier) {
-    if (specifier.startsWith("@"))
-        return specifier.split("/").slice(0, 2).join("/");
-    return specifier.split("/")[0];
-}
-function isNodeBuiltin(specifier) {
-    const bare = specifier.startsWith("node:") ? specifier.slice(5) : specifier;
-    return NODE_BUILTINS.has(bare.split("/")[0]);
-}
-export function detectExternalPackageDeps(ctx) {
-    if (ctx.declaredPackages.size === 0)
-        return null;
-    const codeExts = new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"]);
-    const hits = [];
-    for (const file of ctx.files) {
-        if (!codeExts.has(extensionOf(file.filename)))
-            continue;
-        for (const imp of extractAllImports(fileContent(file))) {
-            const specifier = imp.specifier;
-            if (specifier.startsWith(".") || specifier.startsWith("/"))
-                continue;
-            if (specifier.startsWith("@/") || specifier.startsWith("~/"))
-                continue;
-            if (specifier.startsWith("http:") || specifier.startsWith("https:"))
-                continue;
-            if (isNodeBuiltin(specifier))
-                continue;
-            const pkg = packageNameFromSpecifier(specifier);
-            if (!ctx.declaredPackages.has(pkg))
-                hits.push(`${file.filename} → ${pkg}`);
-        }
-    }
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "external_package_deps",
-        severity: "warn",
-        title: "Undeclared package import",
-        detail: hits.slice(0, 6).join("; "),
-        files: [...new Set(hits.map((h) => h.split(" → ")[0]))],
-        suggested_action: "Add the package to package.json or remove the import.",
-    });
-}
-function stripSqlComments(content) {
-    return content.replace(/--[^\n]*/g, "").replace(/\/\*[\s\S]*?\*\//g, "");
-}
-function countPlpgsqlBlockBegins(sql) {
-    const re = /\bBEGIN\b(?!\s+(?:TRANSACTION|WORK)\b)/gi;
-    return (sql.match(re) || []).length;
-}
-function countPlpgsqlBlockEnds(sql) {
-    const re = /\bEND\s*(?!IF\b|LOOP\b|CASE\b)\s*(?:;|\$\$)/gi;
-    return (sql.match(re) || []).length;
-}
-export function detectSqlSyntaxBasic(ctx) {
-    const hits = [];
-    for (const file of ctx.files.filter((f) => extensionOf(f.filename) === ".sql")) {
-        const stripped = stripSqlComments(fileContent(file));
-        const beginCount = countPlpgsqlBlockBegins(stripped);
-        const endCount = countPlpgsqlBlockEnds(stripped);
-        if (beginCount > 0 && beginCount > endCount)
-            hits.push(file.filename);
-    }
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "sql_syntax_basic",
-        severity: "warn",
-        title: "SQL block balance issue",
-        detail: `Possible unclosed BEGIN block in ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Verify PL/pgSQL block structure before merging.",
-    });
-}
-export function detectSyntaxValidity(ctx) {
-    const errors = [];
-    for (const file of ctx.files) {
-        // Real parsers need the whole file — skip patch-only inputs (PR diff fragments).
-        if (typeof file.content !== "string")
-            continue;
-        const message = validateFileSyntax(file.filename, file.content);
-        if (message)
-            errors.push(`${file.filename}: ${message}`);
-    }
-    if (errors.length === 0)
-        return null;
-    return result({
-        code: "syntax_validity",
-        severity: "blocking",
-        title: "Syntax error in submitted file",
-        detail: errors.slice(0, 12).join("; "),
-        files: errors.map((e) => e.split(": ")[0] ?? e),
-        suggested_action: "Fix the parse error before submitting.",
-    });
-}
-export function detectSoulIntegrity(ctx) {
-    if (!ctx.komatikInstance)
-        return null;
-    const hits = ctx.files
-        .map((f) => normalizePath(f.filename))
-        .filter((name) => /^agents\/[a-z][a-z0-9-]*\/SOUL\.md$/.test(name));
-    if (hits.length === 0)
-        return null;
-    return result({
-        code: "soul_integrity",
-        severity: "blocking",
-        title: "Agent SOUL.md modified",
-        detail: `SOUL changes require human review: ${hits.join(", ")}.`,
-        files: hits,
-        suggested_action: "Revert SOUL.md changes or request explicit human approval.",
-    });
-}
-export function runAllDetectors(ctx) {
-    const gate1 = [
-        detectMockPlaceholder(ctx),
-        detectSecrets(ctx),
-        detectDestructiveSql(ctx),
-        detectSyntaxValidity(ctx),
-        detectImportResolution(ctx),
-        detectRlsNewTables(ctx),
-        detectAuthRouteAuth(ctx),
-        detectHardcodedEnv(ctx),
-        detectExternalPackageDeps(ctx),
-        detectSqlSyntaxBasic(ctx),
-        detectLargeFile(ctx),
-        detectArtifactIntegrity(ctx),
-        detectContextFreshness(ctx),
-        detectSoulIntegrity(ctx),
-        detectPathFormat(ctx),
-    ].filter((check) => check !== null);
-    return [...gate1, ...runPhase0Detectors(ctx)];
-}
-//# sourceMappingURL=detectors.js.map