@lbroth/rothunter 1.0.0-rc.1

package/dist/extraction/llm-confirmer.js

@@ -0,0 +1,118 @@
+import { z } from 'zod';
+import { createDefaultLlmClient } from '../adapters/llm.js';
+import { parseLlmJsonResponse } from '../utils/llm-json.js';
+import { logger } from '../utils/logger.js';
+const ConfirmationSchema = z.object({
+    same_concept: z.boolean(),
+    confidence: z.number().min(0).max(1),
+    reason: z.string(),
+});
+// Anchored on fields, not names. Smaller LLMs default to "different concept"
+// when names differ, even with identical fields — counter that here.
+const PROMPT = `You are deciding whether two TypeScript types are duplicates that should be unified.
+
+CRITICAL: A static analyzer ALREADY proved their structures match. Field names will often differ — that is the WHOLE POINT of running this check. Different names with matching structures usually mean a duplicate that drifted under different aliases, NOT two different concepts. Default to "same_concept: true" unless the shape is so small (≤2 generic primitives) that the match is coincidental AND the field names also differ.
+
+If field NAMES match exactly AND the type names also relate to the same concept, this is same_concept: true.
+If field NAMES match exactly BUT the type names point to clearly unrelated subsystems (e.g. \`Template\` from a cloud-provider DTO vs \`Document\` from a test fixture), the field overlap is coincidental — same_concept: false.
+If field TYPES match but names differ AND the shape has ≥4 fields with mixed types, this is same_concept: true.
+Tiny generic shapes ({id, name}, {x, y}, {key, value}, {host, port}) across unrelated type names are ALWAYS coincidental → same_concept: false. The type names are the only evidence here — use them.
+
+Output exactly ONE JSON object, then STOP:
+{"same_concept": <boolean>, "confidence": <0..1>, "reason": "<max 12 words>"}
+
+Worked examples (study these — they show the expected behavior):
+
+Example 1 (rename + retype-equivalent):
+A: interface ShipmentEntry { trackingId: string; weightKg: number; delivered: boolean; shippedOn: string; }
+B: interface ParcelRow { code: string; mass: number; arrived: boolean; dispatchDate: string; }
+→ {"same_concept": true, "confidence": 0.9, "reason": "1:1 field map under rename — same shipment row"}
+
+Example 2 (identical fields, different type names):
+A: interface InboundEvent { kind: string; payload: string; }
+B: interface OutboundFrame { kind: string; payload: string; }
+→ {"same_concept": true, "confidence": 0.95, "reason": "Identical fields, both model a message frame"}
+
+Example 3 (snake ↔ camel + common synonyms):
+A: interface CustomerSnake { cust_id: string; phone_number: string; signup_date: string; }
+B: interface CustomerCamel { customerId: string; phone: string; createdAt: string; }
+→ {"same_concept": true, "confidence": 0.9, "reason": "Snake↔camel + synonyms (phone, createdAt) — same customer"}
+
+Example 4 (REJECT — too generic):
+A: interface MenuItem { id: string; name: string; }
+B: interface ApiToken { id: string; name: string; }
+→ {"same_concept": false, "confidence": 0.85, "reason": "Tiny {id,name} shape across unrelated domains"}
+
+Example 5 (REJECT — same shape, different semantics):
+A: interface Vector { x: number; y: number; z: number; }
+B: interface RGB { r: number; g: number; b: number; }
+→ {"same_concept": false, "confidence": 0.9, "reason": "Same {number×3} but vector vs color semantics"}
+
+Now decide for the real pair:
+{{PROJECT_CONVENTIONS}}
+Type A ({{FILE_A}}):
+\`\`\`typescript
+{{SOURCE_A}}
+\`\`\`
+
+Type B ({{FILE_B}}):
+\`\`\`typescript
+{{SOURCE_B}}
+\`\`\`
+`;
+export class LlmConfirmer {
+    llm;
+    cache = new Map();
+    constructor(llm) {
+        this.llm = llm ?? createDefaultLlmClient();
+    }
+    async confirmSameConcept(a, b, 
+    /**
+     * Project conventions text (CLAUDE.md / AGENTS.md / etc., already
+     * concatenated and truncated). When present, the verdict weighs
+     * project-stated rules — e.g. "three similar lines is better than
+     * premature abstraction" turns this into `same_concept: false` even
+     * on a tight skeleton match.
+     */
+    projectConventions) {
+        const cacheKey = pairKey(a, b);
+        const cached = this.cache.get(cacheKey);
+        if (cached)
+            return cached;
+        // Local llama.cpp default context is 4096 tokens. Two SymbolRecord
+        // sources from heavy React components (Outline's Icon / SharePopover)
+        // routinely overflow. If we can't fit both sources + the prompt
+        // overhead in the budget, skip the LLM verdict and let the deterministic
+        // finding stand at its Tier-1 confidence. Truncating type bodies loses
+        // the field signal the verdict needs, so we prefer "no verdict" over
+        // "verdict on a truncated body".
+        const SOURCE_BUDGET_CHARS = 2500;
+        if (a.source.length + b.source.length > SOURCE_BUDGET_CHARS) {
+            logger.info({ a: a.name, b: b.name, sizeA: a.source.length, sizeB: b.source.length }, 'LLM confirmer: pair too large for local context, skipping verdict');
+            return null;
+        }
+        const conventionsBlock = projectConventions
+            ? `\nProject conventions (treat as authoritative — override generic best-practice when in conflict):\n${projectConventions}\n`
+            : '';
+        const prompt = PROMPT.replace('{{FILE_A}}', a.file)
+            .replace('{{SOURCE_A}}', a.source)
+            .replace('{{FILE_B}}', b.file)
+            .replace('{{SOURCE_B}}', b.source)
+            .replace('{{PROJECT_CONVENTIONS}}', conventionsBlock);
+        try {
+            const raw = await this.llm.chat([{ role: 'user', content: prompt }], { temperature: 0, json: true });
+            const parsed = parseLlmJsonResponse(raw);
+            const result = ConfirmationSchema.parse(parsed);
+            this.cache.set(cacheKey, result);
+            return result;
+        }
+        catch (err) {
+            logger.warn({ err: err.message, a: a.name, b: b.name }, 'LLM confirmer failed; returning null');
+            return null;
+        }
+    }
+}
+function pairKey(a, b) {
+    return [a.hashStrict ?? a.id, b.hashStrict ?? b.id].sort().join('|');
+}
+//# sourceMappingURL=llm-confirmer.js.map

package/dist/extraction/llm-confirmer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-confirmer.js","sourceRoot":"","sources":["../../src/extraction/llm-confirmer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAG5C,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE;IACzB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAIH,6EAA6E;AAC7E,qEAAqE;AACrE,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDd,CAAC;AAEF,MAAM,OAAO,YAAY;IACf,GAAG,CAAY;IACf,KAAK,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEtD,YAAY,GAAe;QACzB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,CAAe,EACf,CAAe;IACf;;;;;;OAMG;IACH,kBAA2B;QAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,mEAAmE;QACnE,sEAAsE;QACtE,gEAAgE;QAChE,yEAAyE;QACzE,uEAAuE;QACvE,qEAAqE;QACrE,iCAAiC;QACjC,MAAM,mBAAmB,GAAG,IAAI,CAAC;QACjC,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,mBAAmB,EAAE,CAAC;YAC5D,MAAM,CAAC,IAAI,CACT,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,EACxE,mEAAmE,CACpE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,gBAAgB,GAAG,kBAAkB;YACzC,CAAC,CAAC,sGAAsG,kBAAkB,IAAI;YAC9H,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC;aAChD,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC;aACjC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC;aAC7B,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,MAAM,CAAC;aACjC,OAAO,CAAC,yBAAyB,EAAE,gBAAgB,CAAC,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,CAC7B,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EACnC,EAAE,WAAW,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAC/B,CAAC;YACF,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAChD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACjC,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,EACrD,sCAAsC,CACvC,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AAED,SAAS,OAAO,CAAC,CAAe,EAAE,CAAe;IAC/C,OAAO,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACvE,CAAC"}

package/dist/extraction/mutation-confirmer.d.ts

@@ -0,0 +1,30 @@
+import { z } from 'zod';
+import { LlmClient } from '../adapters/llm.js';
+declare const VerdictSchema: z.ZodObject<{
+    intentional: z.ZodBoolean;
+    confidence: z.ZodNumber;
+    reason: z.ZodString;
+}, z.core.$strip>;
+export type MutationVerdict = z.infer<typeof VerdictSchema>;
+export interface MutationCheckInput {
+    file: string;
+    line: number;
+    /** Free-text pattern label: 'array-mutator' / 'object-assign' / etc. */
+    pattern: string;
+    /** Whether the deterministic layer detected escape. */
+    escapes: boolean;
+    /** The flagged mutation code (e.g. `record.tag = tag`). */
+    snippet: string;
+    /** Surrounding function source, trimmed to a few lines around the mutation. */
+    enclosingSource: string;
+    /** Optional function or method name for context. */
+    enclosingName?: string;
+}
+export declare class MutationConfirmer {
+    private llm;
+    private cache;
+    constructor(llm?: LlmClient);
+    confirm(input: MutationCheckInput): Promise<MutationVerdict | null>;
+}
+export {};
+//# sourceMappingURL=mutation-confirmer.d.ts.map

package/dist/extraction/mutation-confirmer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutation-confirmer.d.ts","sourceRoot":"","sources":["../../src/extraction/mutation-confirmer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAA0B,MAAM,oBAAoB,CAAC;AAIvE,QAAA,MAAM,aAAa;;;;iBAIjB,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAE5D,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAC;IAChB,uDAAuD;IACvD,OAAO,EAAE,OAAO,CAAC;IACjB,2DAA2D;IAC3D,OAAO,EAAE,MAAM,CAAC;IAChB,+EAA+E;IAC/E,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA0BD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,GAAG,CAAY;IACvB,OAAO,CAAC,KAAK,CAAsC;gBAEvC,GAAG,CAAC,EAAE,SAAS;IAIrB,OAAO,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;CA8C1E"}

package/dist/extraction/mutation-confirmer.js

@@ -0,0 +1,73 @@
+import { z } from 'zod';
+import { createDefaultLlmClient } from '../adapters/llm.js';
+import { parseLlmJsonResponse } from '../utils/llm-json.js';
+import { logger } from '../utils/logger.js';
+const VerdictSchema = z.object({
+    intentional: z.boolean(),
+    confidence: z.number().min(0).max(1),
+    reason: z.string(),
+});
+const PROMPT = `You are reviewing a TypeScript mutation that a static analyzer flagged. Decide: is this mutation INTENTIONAL (builder pattern, accumulator, documented in-place transform, framework-required convention) or a BUG (accidental shared-state corruption / surprise side effect)?
+
+Output ONE compact JSON object and STOP:
+{"intentional": boolean, "confidence": <0..1>, "reason": "<max 15 words>"}
+
+Decision rules (apply in order):
+1. Accumulator / builder pattern. Function name contains build/collect/accumulate/append; or parameter name is one of \`out\`, \`acc\`, \`result\`, \`into\`, \`buf\` — intentional, confidence ≥ 0.85.
+2. Framework convention: Fastify/Express \`req.<prop> = value\` to decorate the request, NestJS interceptors, JSX prop spread builders — intentional, confidence ≥ 0.8.
+3. In-place transform whose name signals mutation: \`mutate\`, \`update\`, \`assign\`, \`patch\`, \`apply\`, \`reset\`, \`init\`, \`load\` — intentional, confidence ≥ 0.8.
+4. Escapes via return AND function name sounds pure (compute*, calc*, derive*, format*, transform*, build*Pure) — bug, confidence ≥ 0.8.
+5. delete on an arg that looks like a DTO returned to a caller — bug.
+6. Module-scope state write (\`shared-state-write\` pattern) outside a class boundary — borderline; mark intentional only if there is a clear init/setup function name.
+7. When genuinely unclear → \`intentional: false, confidence: 0.5\` (the deterministic finding stays at the original severity).
+
+Pattern: {{PATTERN}}{{ESCAPE_TAG}}
+Flagged code: {{SNIPPET}}
+{{ENCLOSING_NAME_LINE}}
+
+Enclosing function ({{FILE}}:{{LINE}}):
+\`\`\`typescript
+{{ENCLOSING}}
+\`\`\`
+`;
+export class MutationConfirmer {
+    llm;
+    cache = new Map();
+    constructor(llm) {
+        this.llm = llm ?? createDefaultLlmClient();
+    }
+    async confirm(input) {
+        const cacheKey = `${input.file}:${input.line}:${input.pattern}:${input.snippet}`;
+        const cached = this.cache.get(cacheKey);
+        if (cached)
+            return cached;
+        // Skip the verdict when the enclosing source is too large for the local
+        // 4096-token context. Truncating the body strips the surrounding code
+        // that determines intentional-vs-bug, so a partial verdict is worse
+        // than no verdict — let the deterministic Tier-1 finding stand.
+        const ENCLOSING_BUDGET_CHARS = 2500;
+        if (input.enclosingSource.length > ENCLOSING_BUDGET_CHARS) {
+            logger.info({ file: input.file, line: input.line, size: input.enclosingSource.length }, 'MutationConfirmer: enclosing source too large for local context, skipping verdict');
+            return null;
+        }
+        const prompt = PROMPT.replace('{{PATTERN}}', input.pattern)
+            .replace('{{ESCAPE_TAG}}', input.escapes ? ' (escapes via return / this / call)' : '')
+            .replace('{{SNIPPET}}', input.snippet)
+            .replace('{{ENCLOSING_NAME_LINE}}', input.enclosingName ? `Enclosing identifier: \`${input.enclosingName}\`` : '')
+            .replace('{{FILE}}', input.file)
+            .replace('{{LINE}}', String(input.line))
+            .replace('{{ENCLOSING}}', input.enclosingSource);
+        try {
+            const raw = await this.llm.chat([{ role: 'user', content: prompt }], { temperature: 0, maxTokens: 96 });
+            const parsed = parseLlmJsonResponse(raw);
+            const verdict = VerdictSchema.parse(parsed);
+            this.cache.set(cacheKey, verdict);
+            return verdict;
+        }
+        catch (err) {
+            logger.warn({ err: err.message, file: input.file, line: input.line }, 'MutationConfirmer failed; returning null');
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=mutation-confirmer.js.map

package/dist/extraction/mutation-confirmer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mutation-confirmer.js","sourceRoot":"","sources":["../../src/extraction/mutation-confirmer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;IACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAmBH,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;CAsBd,CAAC;AAEF,MAAM,OAAO,iBAAiB;IACpB,GAAG,CAAY;IACf,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAEnD,YAAY,GAAe;QACzB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAyB;QACrC,MAAM,QAAQ,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QACjF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,wEAAwE;QACxE,sEAAsE;QACtE,oEAAoE;QACpE,gEAAgE;QAChE,MAAM,sBAAsB,GAAG,IAAI,CAAC;QACpC,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;YAC1D,MAAM,CAAC,IAAI,CACT,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,EAC1E,mFAAmF,CACpF,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC;aACxD,OAAO,CAAC,gBAAgB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,EAAE,CAAC;aACrF,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC;aACrC,OAAO,CACN,yBAAyB,EACzB,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,2BAA2B,KAAK,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9E;aACA,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC;aAC/B,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aACvC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,CAC7B,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EACnC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAClC,CAAC;YACF,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClC,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,EACnE,0CAA0C,CAC3C,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/extraction/prompt-chunking.d.ts

@@ -0,0 +1,37 @@
+export declare const MAX_SITES_PER_CALL = 8;
+export declare const PROMPT_BUDGET_CHARS = 3500;
+export declare const CHUNK_SITE_LIMIT = 2;
+export interface ClusterSite {
+    file: string;
+    line: number;
+    enclosingName?: string;
+    enclosingSource: string;
+}
+export declare function prepareSites<T extends ClusterSite>(sites: ReadonlyArray<T>): T[];
+/**
+ * Approximate prompt size in characters. Conservative — does not attempt
+ * tokenizer-accurate counting.
+ */
+export declare function estimatePromptChars(promptTemplate: string, sites: ReadonlyArray<ClusterSite>): number;
+/**
+ * Consecutive partition into chunks of <= `CHUNK_SITE_LIMIT` sites.
+ * Function bodies are preserved in full — we trade more LLM calls for
+ * loss-free context.
+ */
+export declare function splitIntoChunks<T extends ClusterSite>(sites: ReadonlyArray<T>): T[][];
+export interface ChunkVerdict {
+    race: boolean;
+    confidence: number;
+    reason: string;
+}
+/**
+ * Aggregate per-chunk verdicts. Race wins.
+ *
+ *   - If ANY chunk says race with confidence ≥ 0.7 → cluster is race.
+ *     Confidence = MAX across the race verdicts. Reason cites the chunk
+ *     count when multiple chunks fired.
+ *   - Otherwise → cluster is safe. Confidence = MIN across safe verdicts
+ *     (conservative — the weakest safe verdict caps the cluster).
+ */
+export declare function aggregateChunkVerdicts(verdicts: ReadonlyArray<ChunkVerdict>): ChunkVerdict;
+//# sourceMappingURL=prompt-chunking.d.ts.map

package/dist/extraction/prompt-chunking.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-chunking.d.ts","sourceRoot":"","sources":["../../src/extraction/prompt-chunking.ts"],"names":[],"mappings":"AAUA,eAAO,MAAM,kBAAkB,IAAI,CAAC;AACpC,eAAO,MAAM,mBAAmB,OAAO,CAAC;AACxC,eAAO,MAAM,gBAAgB,IAAI,CAAC;AAElC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,wBAAgB,YAAY,CAAC,CAAC,SAAS,WAAW,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAEhF;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,CAAC,WAAW,CAAC,GAAG,MAAM,CAKrG;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,CAAC,SAAS,WAAW,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAMrF;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,aAAa,CAAC,YAAY,CAAC,GAAG,YAAY,CAa1F"}

package/dist/extraction/prompt-chunking.js

@@ -0,0 +1,61 @@
+// Prompt chunking for cluster confirmers. Never truncate bodies — split
+// into consecutive pairs (2 sites/call), aggregate per-chunk verdicts.
+// Race wins: cluster is race if any chunk says race ≥ 0.7.
+// Caller code (rothunter.ts) feeds confirmers up to 8 call sites per
+// cluster. Keep this cap aligned with that slice so the LLM sees the
+// whole cluster — earlier versions silently dropped sites 5..8. The
+// single-call vs chunked decision is delegated to estimatePromptChars
+// + PROMPT_BUDGET_CHARS — small clusters still fit one prompt, large
+// ones split into CHUNK_SITE_LIMIT-sized chunks.
+export const MAX_SITES_PER_CALL = 8;
+export const PROMPT_BUDGET_CHARS = 3500;
+export const CHUNK_SITE_LIMIT = 2;
+export function prepareSites(sites) {
+    return sites.slice(0, MAX_SITES_PER_CALL);
+}
+/**
+ * Approximate prompt size in characters. Conservative — does not attempt
+ * tokenizer-accurate counting.
+ */
+export function estimatePromptChars(promptTemplate, sites) {
+    const sitesBlock = sites
+        .map((s, i) => `[${i + 1}] ${s.file}:${s.line}\n${s.enclosingSource}`)
+        .join('\n---\n');
+    return promptTemplate.length + sitesBlock.length;
+}
+/**
+ * Consecutive partition into chunks of <= `CHUNK_SITE_LIMIT` sites.
+ * Function bodies are preserved in full — we trade more LLM calls for
+ * loss-free context.
+ */
+export function splitIntoChunks(sites) {
+    const out = [];
+    for (let i = 0; i < sites.length; i += CHUNK_SITE_LIMIT) {
+        out.push(sites.slice(i, i + CHUNK_SITE_LIMIT));
+    }
+    return out;
+}
+/**
+ * Aggregate per-chunk verdicts. Race wins.
+ *
+ *   - If ANY chunk says race with confidence ≥ 0.7 → cluster is race.
+ *     Confidence = MAX across the race verdicts. Reason cites the chunk
+ *     count when multiple chunks fired.
+ *   - Otherwise → cluster is safe. Confidence = MIN across safe verdicts
+ *     (conservative — the weakest safe verdict caps the cluster).
+ */
+export function aggregateChunkVerdicts(verdicts) {
+    const races = verdicts.filter((v) => v.race && v.confidence >= 0.7);
+    if (races.length > 0) {
+        const best = races.reduce((a, b) => (b.confidence > a.confidence ? b : a));
+        return {
+            race: true,
+            confidence: best.confidence,
+            reason: races.length > 1 ? `${best.reason} (across ${races.length} chunks)` : best.reason,
+        };
+    }
+    const minConf = verdicts.reduce((m, v) => Math.min(m, v.confidence), 1);
+    const reason = verdicts[0]?.reason ?? 'safe';
+    return { race: false, confidence: minConf, reason };
+}
+//# sourceMappingURL=prompt-chunking.js.map

package/dist/extraction/prompt-chunking.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-chunking.js","sourceRoot":"","sources":["../../src/extraction/prompt-chunking.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,uEAAuE;AACvE,2DAA2D;AAE3D,qEAAqE;AACrE,qEAAqE;AACrE,oEAAoE;AACpE,sEAAsE;AACtE,qEAAqE;AACrE,iDAAiD;AACjD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC;AACpC,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,CAAC;AACxC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC;AASlC,MAAM,UAAU,YAAY,CAAwB,KAAuB;IACzE,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,cAAsB,EAAE,KAAiC;IAC3F,MAAM,UAAU,GAAG,KAAK;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,eAAe,EAAE,CAAC;SACrE,IAAI,CAAC,SAAS,CAAC,CAAC;IACnB,OAAO,cAAc,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;AACnD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAwB,KAAuB;IAC5E,MAAM,GAAG,GAAU,EAAE,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,gBAAgB,EAAE,CAAC;QACxD,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAQD;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAAqC;IAC1E,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;IACpE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3E,OAAO;YACL,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,YAAY,KAAK,CAAC,MAAM,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;SAC1F,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,MAAM,CAAC;IAC7C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AACtD,CAAC"}

package/dist/extraction/race-confirmer.d.ts

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+import { LlmClient } from '../adapters/llm.js';
+declare const VerdictSchema: z.ZodObject<{
+    race: z.ZodBoolean;
+    confidence: z.ZodNumber;
+    reason: z.ZodString;
+}, z.core.$strip>;
+export type RaceVerdict = z.infer<typeof VerdictSchema>;
+export interface RaceCheckInput {
+    file: string;
+    line: number;
+    /** Detection pattern: read-modify-write | promise-all | emitter-handler. */
+    pattern: 'read-modify-write' | 'promise-all' | 'emitter-handler';
+    /** Canonical shared target (e.g. `this.tally`, `userCache`). */
+    target: string;
+    /** Surrounding function source — trimmed to ≤ 42 lines by the detector. */
+    enclosingSource: string;
+    /** Optional function or method name for context. */
+    enclosingName?: string;
+}
+export declare class RaceConfirmer {
+    private llm;
+    private cache;
+    constructor(llm?: LlmClient);
+    confirm(input: RaceCheckInput): Promise<RaceVerdict | null>;
+}
+export {};
+//# sourceMappingURL=race-confirmer.d.ts.map

package/dist/extraction/race-confirmer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"race-confirmer.d.ts","sourceRoot":"","sources":["../../src/extraction/race-confirmer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAA0B,MAAM,oBAAoB,CAAC;AAIvE,QAAA,MAAM,aAAa;;;;iBAIjB,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAExD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,4EAA4E;IAC5E,OAAO,EAAE,mBAAmB,GAAG,aAAa,GAAG,iBAAiB,CAAC;IACjE,gEAAgE;IAChE,MAAM,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AA+BD,qBAAa,aAAa;IACxB,OAAO,CAAC,GAAG,CAAY;IACvB,OAAO,CAAC,KAAK,CAAkC;gBAEnC,GAAG,CAAC,EAAE,SAAS;IAIrB,OAAO,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;CAgClE"}

package/dist/extraction/race-confirmer.js

@@ -0,0 +1,68 @@
+import { z } from 'zod';
+import { createDefaultLlmClient } from '../adapters/llm.js';
+import { parseLlmJsonResponse } from '../utils/llm-json.js';
+import { logger } from '../utils/logger.js';
+const VerdictSchema = z.object({
+    race: z.boolean(),
+    confidence: z.number().min(0).max(1),
+    reason: z.string(),
+});
+const PROMPT = `You are reviewing a TypeScript race-condition finding from a static analyzer. Decide: is this a REAL race (two concurrent callers can produce a lost update / corrupted state) or SAFE (the apparent race is neutralised by scope, mutex, idempotency, or single-flight)?
+
+Output ONE compact JSON object and STOP:
+{"race": boolean, "confidence": <0..1>, "reason": "<max 18 words>"}
+
+Calibration:
+- Unambiguous classic race (\`this.<field>\` or module-scope \`let\`/\`var\` with read → await → write back, no mutex, no guard, no idempotency) → confidence ≥ 0.85.
+- \`Promise.all\` siblings both writing the same \`this.<field>\` or module mutable → confidence ≥ 0.9 (no timing window required).
+- Unambiguous safe pattern (function-local \`let\` / mutex-wrapped / single-flight guard / distinct read+write targets / idempotent constant assignment) → confidence ≥ 0.85.
+- Genuinely unclear → \`race: true, confidence: 0.6\` (keep the deterministic finding at low confidence).
+
+Decision rules (apply in order):
+1. Shared target is a FUNCTION-LOCAL \`let\`/\`var\` declared inside the same function (not a parameter, not module-scope, not \`this.<field>\`) — safe. Per-caller copy; no concurrent sharing.
+2. Write assigns a constant / boolean literal and no later read depends on the value — safe. Idempotent.
+3. Critical section wrapped in a mutex / lock / single-flight (\`await acquire()\` / \`mutex.lock()\` / guard \`if (this.X !== null) return this.X\` before the first await) — safe.
+4. Read target and write target differ (e.g. read \`this.raw\`, write \`this.parsed\`) — safe. No lost-update.
+5. Pattern is \`promise-all\` but callback only reads shared state — safe.
+6. Otherwise: \`this.<field>\` or module-scope mutable + read → await → write back to the same target → race.
+
+Pattern: {{PATTERN}}
+Shared target: \`{{TARGET}}\`
+{{ENCLOSING_NAME_LINE}}
+
+Enclosing function ({{FILE}}:{{LINE}}):
+\`\`\`typescript
+{{ENCLOSING}}
+\`\`\`
+`;
+export class RaceConfirmer {
+    llm;
+    cache = new Map();
+    constructor(llm) {
+        this.llm = llm ?? createDefaultLlmClient();
+    }
+    async confirm(input) {
+        const cacheKey = `${input.file}:${input.line}:${input.pattern}:${input.target}`;
+        const cached = this.cache.get(cacheKey);
+        if (cached)
+            return cached;
+        const prompt = PROMPT.replace('{{PATTERN}}', input.pattern)
+            .replace('{{TARGET}}', input.target)
+            .replace('{{ENCLOSING_NAME_LINE}}', input.enclosingName ? `Enclosing identifier: \`${input.enclosingName}\`` : '')
+            .replace('{{FILE}}', input.file)
+            .replace('{{LINE}}', String(input.line))
+            .replace('{{ENCLOSING}}', input.enclosingSource);
+        try {
+            const raw = await this.llm.chat([{ role: 'user', content: prompt }], { temperature: 0, maxTokens: 96 });
+            const parsed = parseLlmJsonResponse(raw);
+            const verdict = VerdictSchema.parse(parsed);
+            this.cache.set(cacheKey, verdict);
+            return verdict;
+        }
+        catch (err) {
+            logger.warn({ err: err.message, file: input.file, line: input.line }, 'RaceConfirmer failed; returning null');
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=race-confirmer.js.map

package/dist/extraction/race-confirmer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"race-confirmer.js","sourceRoot":"","sources":["../../src/extraction/race-confirmer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAa,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAiBH,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2Bd,CAAC;AAEF,MAAM,OAAO,aAAa;IAChB,GAAG,CAAY;IACf,KAAK,GAAG,IAAI,GAAG,EAAuB,CAAC;IAE/C,YAAY,GAAe;QACzB,IAAI,CAAC,GAAG,GAAG,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,KAAqB;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAChF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC;aACxD,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC;aACnC,OAAO,CACN,yBAAyB,EACzB,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,2BAA2B,KAAK,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9E;aACA,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC;aAC/B,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aACvC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,CAC7B,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EACnC,EAAE,WAAW,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,CAClC,CAAC;YACF,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClC,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,EACnE,sCAAsC,CACvC,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/extraction/shared-db-write-confirmer.d.ts

@@ -0,0 +1,31 @@
+import { z } from 'zod';
+import { LlmClient } from '../adapters/llm.js';
+declare const VerdictSchema: z.ZodObject<{
+    race: z.ZodBoolean;
+    confidence: z.ZodNumber;
+    reason: z.ZodString;
+}, z.core.$strip>;
+export type SharedDbVerdict = z.infer<typeof VerdictSchema>;
+export interface SharedDbCheckInput {
+    entity: string;
+    column: string;
+    /** ORM adapter mix detected on the cluster (e.g. `prisma+sequelize`). */
+    adapters: string;
+    /** Up to 8 call sites — each one is a small enclosing-function source slice. */
+    sites: ReadonlyArray<{
+        file: string;
+        line: number;
+        enclosingName?: string;
+        enclosingSource: string;
+    }>;
+}
+export declare class SharedDbWriteConfirmer {
+    private llm;
+    private cache;
+    constructor(llm?: LlmClient);
+    confirm(input: SharedDbCheckInput): Promise<SharedDbVerdict | null>;
+    private callOnce;
+    private callChunked;
+}
+export {};
+//# sourceMappingURL=shared-db-write-confirmer.d.ts.map

package/dist/extraction/shared-db-write-confirmer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared-db-write-confirmer.d.ts","sourceRoot":"","sources":["../../src/extraction/shared-db-write-confirmer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAA0B,MAAM,oBAAoB,CAAC;AAYvE,QAAA,MAAM,aAAa;;;;iBAIjB,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAE5D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,yEAAyE;IACzE,QAAQ,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,KAAK,EAAE,aAAa,CAAC;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;CACJ;AA6ED,qBAAa,sBAAsB;IACjC,OAAO,CAAC,GAAG,CAAY;IACvB,OAAO,CAAC,KAAK,CAAsC;gBAEvC,GAAG,CAAC,EAAE,SAAS;IAIrB,OAAO,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;YAuB3D,QAAQ;YAwBR,WAAW;CAa1B"}

package/dist/extraction/shared-db-write-confirmer.js

@@ -0,0 +1,141 @@
+import { z } from 'zod';
+import { createDefaultLlmClient } from '../adapters/llm.js';
+import { parseLlmJsonResponse } from '../utils/llm-json.js';
+import { logger } from '../utils/logger.js';
+import { prepareSites, estimatePromptChars, splitIntoChunks, aggregateChunkVerdicts, PROMPT_BUDGET_CHARS, } from './prompt-chunking.js';
+const VerdictSchema = z.object({
+    race: z.boolean(),
+    confidence: z.number().min(0).max(1),
+    reason: z.string(),
+});
+const PROMPT = `You are reviewing a static-analysis finding about a database column written by multiple TypeScript functions across different files. Decide: is this a REAL cross-flow race (two independent flows can concurrently overwrite the same column, producing a lost update) or SAFE (the writes are owned by one component, wrapped in a transaction, init-only, or idempotent)?
+
+Output ONE compact JSON object and STOP:
+{"race": boolean, "confidence": <0..1>, "reason": "<max 22 words>"}
+
+Decision rules (apply IN ORDER — first match wins):
+
+1. **Test-file callers** — STRICT trigger. Check each call-site header line (e.g. \`[1] src/foo/bar.ts:42 — myFn\`). At least one header must satisfy ONE of:
+   - Path contains the literal substring \`__tests__/\`
+   - Path contains the literal substring \`/tests/\`
+   - Path ends in \`.test.ts\` or \`.test.tsx\`
+   - Path ends in \`.spec.ts\` or \`.spec.tsx\`
+   - Function name (after \`—\`) starts with \`test_\` / \`it_\` / \`describe_\`
+
+   POSITIVE example — rule 1 fires:
+       [1] src/users/users.service.ts:42 — createUser
+       [2] tests/users.test.ts:18 — test_creates_user
+   → safe (one caller is in tests/, function name is \`test_creates_user\`)
+
+   NEGATIVE example — rule 1 does NOT fire (this is the dominant case):
+       [1] src/__fixtures__/shared-db/case_03_typeorm_status_api.ts:5 — markOrderPaidFromApi
+       [2] src/__fixtures__/shared-db/case_03_typeorm_status_consumer.ts:5 — refundOrderFromKafkaConsumer
+   → NOT safe via rule 1. Paths contain \`__fixtures__\` which is NOT \`__tests__\` and NOT \`.test.ts\`. Owner suffixes \`_api\` / \`_consumer\` go to rule 7.
+
+   NEGATIVE example #2 — rule 1 also does NOT fire on production paths:
+       [1] src/api/users/handler.ts:12 — updateUserHandler
+       [2] src/workers/sync.ts:34 — syncUserWorker
+   → NOT safe via rule 1. Owner suffixes \`handler\` / \`worker\` go to rule 7.
+
+   The substring check is LITERAL. \`__fixtures__\` is NOT \`__tests__\`. \`fixtures/\` is NOT \`tests/\`. \`case_*\` is NOT \`test_*\`.
+
+   When this rule fires → safe, confidence ≥ 0.85.
+
+2. **INSERT-only cluster** — every caller uses an INSERT method (\`.create(\` without \`upsert\`, \`.bulkCreate(\`, \`.insertMany(\`, \`.createMany(\`, \`INSERT INTO …\` raw SQL). INSERTs create NEW rows — concurrent inserts do not overwrite each other (a unique-constraint violation surfaces as an error, not a lost update). → safe, confidence ≥ 0.85. Caveat: if even ONE caller uses \`.update / .updateOne / .findOneAndUpdate / .upsert / .set\` the cluster is NOT insert-only.
+
+3. **Idempotent / commutative value** — all writers assign \`new Date()\`, \`Date.now()\`, a monotonic clock, a boolean constant (\`true\`/\`false\`), or a literal that does not depend on the prior column value. No read of the column precedes the write. → safe, confidence ≥ 0.85. "Last writer wins" IS the intended semantics; concurrent writes lose no information.
+
+4. **Per-tenant / per-plugin row isolation** — each caller targets a DIFFERENT row of the table identified by a constant key in the WHERE clause. Look for snippets where the filter object hard-codes a different value of the same key across callers, e.g. \`{ service: 'figma' }\` in figma.ts, \`{ service: 'gitlab' }\` in gitlab.ts, \`{ service: 'linear' }\` in linear.ts. Distinct rows = no overwrite race even when the same column is touched. Common shapes: OAuth plugin handlers, multi-tenant integrations, per-provider auth tables. → safe, confidence ≥ 0.8.
+
+5. **Transaction-wrapped** — every writer is nested INSIDE the same outer \`$transaction(async (tx) => { ... })\` / \`unitOfWork.run(...)\` callback, OR every writer reads its \`tx\` from a single shared function parameter that is documented as the transaction handle (function name like \`applyXInsideTransaction*\` / \`*InTx\`). Caveat: simply passing \`{ transaction: tx }\` as an OPTION to a Sequelize/TypeORM call does NOT qualify — the caller can still invoke A and B from two independent flows. → safe, confidence ≥ 0.85.
+
+6. **Same single-owner component** — all call sites are helpers inside the same service / module / class. Function names share a common prefix (e.g. \`FooService_step1\` + \`FooService_step2\`) or both files live under \`services/foo/\`. → safe, confidence ≥ 0.8.
+
+7. **Init-only / one-shot scripts** — all writers are bootstrap / seed / migration / backfill / one-shot import scripts. Function names contain \`seed\`, \`import\`, \`backfill\`, \`migrate\`. → safe, confidence ≥ 0.8.
+
+8. **Independent flows** — names / paths show two unrelated owners (HTTP handler + worker, two webhook handlers, API + cron, GraphQL mutation + bot, checkout + sync worker) writing the SAME column via UPDATE-style methods. The written value depends on prior state or external input (no idempotency). → race, confidence ≥ 0.85.
+
+9. **Default** — UPDATE-style ORM write (\`.update / .upsert / .updateOne / .findOneAndUpdate / .set\`) with no transaction, no shared owner, no idempotency. → race, confidence ≥ 0.8.
+
+10. Unclear → \`race: true, confidence: 0.6\`. Preserve the deterministic finding at low confidence.
+
+Notes:
+- Rule 1 has top priority. If ANY snippet is from a test file, the cluster is safe — tests do not race with production.
+- Rule 2: INSERT methods create new rows and cannot lose information across concurrent callers. UPDATE methods overwrite an existing row's column and CAN lose information. The distinction is critical — most Sequelize/Mongoose codebases have many \`Model.create(...)\` cross-file calls (factories, lifecycle hooks, test fixtures) that the deterministic detector clusters together. They are not races.
+- Rule 3 takes priority over rules 5 and 7. An audit-trail \`lastSeenAt = new Date()\` written by an HTTP handler AND a background ping is **safe** — both writers compute the same kind of value.
+- Rule 4 takes priority over rule 7. Two flows sharing a transaction are safe even if they look independent.
+- For rule 7: examine function and file names — \`handler\`, \`webhook\`, \`cron\`, \`worker\`, \`consumer\`, \`bot\`, \`api\`, \`route\` are independent-flow signals.
+
+Cluster: \`{{ENTITY}}.{{COLUMN}}\` (adapters: {{ADAPTERS}})
+
+Call sites:
+\`\`\`
+{{SITES}}
+\`\`\`
+`;
+function renderSites(sites) {
+    return sites
+        .map((s, i) => {
+        const header = `[${i + 1}] ${s.file}:${s.line}${s.enclosingName ? ` — ${s.enclosingName}` : ''}`;
+        return `${header}\n${s.enclosingSource}`;
+    })
+        .join('\n---\n');
+}
+export class SharedDbWriteConfirmer {
+    llm;
+    cache = new Map();
+    constructor(llm) {
+        this.llm = llm ?? createDefaultLlmClient();
+    }
+    async confirm(input) {
+        const cacheKey = `${input.entity}.${input.column}::${input.adapters}::${input.sites
+            .map((s) => `${s.file}:${s.line}`)
+            .sort()
+            .join(',')}`;
+        const cached = this.cache.get(cacheKey);
+        if (cached)
+            return cached;
+        const sites = prepareSites(input.sites);
+        // If even the truncated single-call prompt exceeds the context budget,
+        // split the sites into chunks and aggregate verdicts.
+        const singleCallChars = estimatePromptChars(PROMPT, sites);
+        let verdict;
+        if (singleCallChars <= PROMPT_BUDGET_CHARS) {
+            verdict = await this.callOnce(input, sites);
+        }
+        else {
+            verdict = await this.callChunked(input, sites);
+        }
+        if (verdict)
+            this.cache.set(cacheKey, verdict);
+        return verdict;
+    }
+    async callOnce(input, sites) {
+        const prompt = PROMPT.replace('{{ENTITY}}', input.entity)
+            .replace('{{COLUMN}}', input.column)
+            .replace('{{ADAPTERS}}', input.adapters)
+            .replace('{{SITES}}', renderSites(sites));
+        try {
+            const raw = await this.llm.chat([{ role: 'user', content: prompt }], { temperature: 0, maxTokens: 128 });
+            const parsed = parseLlmJsonResponse(raw);
+            return VerdictSchema.parse(parsed);
+        }
+        catch (err) {
+            logger.warn({ err: err.message, entity: input.entity, column: input.column }, 'SharedDbWriteConfirmer failed; returning null');
+            return null;
+        }
+    }
+    async callChunked(input, sites) {
+        const chunks = splitIntoChunks(sites);
+        const chunkVerdicts = [];
+        for (const chunk of chunks) {
+            const v = await this.callOnce(input, chunk);
+            if (v)
+                chunkVerdicts.push(v);
+        }
+        if (chunkVerdicts.length === 0)
+            return null;
+        return aggregateChunkVerdicts(chunkVerdicts);
+    }
+}
+//# sourceMappingURL=shared-db-write-confirmer.js.map