@lbroth/rothunter 1.0.0-rc.1

package/dist/utils/gitignore.js

@@ -0,0 +1,122 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import ignore from 'ignore';
+/**
+ * Load every `.gitignore` reachable from `workspaceRoot` AND the
+ * workspace-root `.rothunterignore` (gitignore-syntax extension, only
+ * for rothunter). Returns a unified matcher.
+ *
+ * The matcher answers "is this workspace-relative path ignored?" — used
+ * by the parser + by any detector that walks the filesystem on its own.
+ *
+ * Rules:
+ *   - Top-level `.gitignore` always loads (when present).
+ *   - Nested `.gitignore`s load too, prefixed with their relative dir so
+ *     a pattern like `dist/` inside `packages/foo/.gitignore` matches
+ *     `packages/foo/dist/...` and not the root `dist/`.
+ *   - `.rothunterignore` at the workspace root loads with the same
+ *     syntax — use this for files that ARE in git but should be hidden
+ *     from rothunter (fixtures, vendored SDKs, generated test data).
+ *   - `node_modules/` and `.git/` are always ignored regardless of
+ *     what the operator's files say — the cost of scanning them is
+ *     prohibitive on every repo and never produces useful findings.
+ *
+ * Always returns a non-null matcher; the always-on rules (`node_modules`
+ * + `.git`) ensure callers get sensible defaults even when no ignore
+ * file exists.
+ */
+export function loadGitignore(workspaceRoot) {
+    const ig = ignore();
+    // Always-on baseline. node_modules is the single biggest perf win;
+    // .git is opaque to detectors anyway. These are baked in so that a
+    // workspace without any .gitignore still scans something sensible.
+    ig.add(['.git', 'node_modules']);
+    const scan = (dir, relPrefix) => {
+        const gitignorePath = path.join(dir, '.gitignore');
+        if (fs.existsSync(gitignorePath)) {
+            try {
+                const raw = fs.readFileSync(gitignorePath, 'utf-8');
+                const patterns = raw
+                    .split('\n')
+                    .map((l) => l.trimEnd())
+                    .filter((l) => l.length > 0 && !l.startsWith('#'));
+                if (relPrefix === '') {
+                    ig.add(patterns);
+                }
+                else {
+                    // Nested .gitignore — scope every pattern to the containing dir
+                    // unless the pattern is anchored (starts with `/`) or negated
+                    // (`!`), in which case the `ignore` library's standard semantics
+                    // around relative roots take over.
+                    const scoped = patterns.map((p) => {
+                        const neg = p.startsWith('!');
+                        const body = neg ? p.slice(1) : p;
+                        const anchored = body.startsWith('/');
+                        const cleanBody = anchored ? body.slice(1) : body;
+                        const scopedBody = path.posix.join(relPrefix, cleanBody);
+                        return (neg ? '!' : '') + scopedBody;
+                    });
+                    ig.add(scoped);
+                }
+            }
+            catch {
+                // Unreadable — silently skip. Better to scan more files than to
+                // crash the whole pipeline on a permissions error.
+            }
+        }
+        // Recurse into immediate sub-directories. Cap depth to avoid
+        // pathological monorepos eating O(n) syscalls per scan; the gitignore
+        // files we care about live within a handful of levels of the root.
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (!entry.isDirectory())
+                continue;
+            if (entry.name === '.git' || entry.name === 'node_modules')
+                continue;
+            if (entry.name.startsWith('.') && entry.name !== '.rothunter')
+                continue;
+            const childDir = path.join(dir, entry.name);
+            const childRel = relPrefix === '' ? entry.name : path.posix.join(relPrefix, entry.name);
+            // Already-ignored directories don't need their nested .gitignores
+            // — git doesn't recurse past an ignored dir, neither should we.
+            if (ig.ignores(childRel + '/'))
+                continue;
+            scan(childDir, childRel);
+        }
+    };
+    scan(workspaceRoot, '');
+    // Layer `.rothunterignore` on top — rothunter-only path patterns
+    // using identical gitignore syntax. Used to hide fixtures, vendored
+    // code, and generated artifacts from scans without touching the
+    // operator's git rules.
+    const rhPath = path.join(workspaceRoot, '.rothunterignore');
+    if (fs.existsSync(rhPath)) {
+        try {
+            const raw = fs.readFileSync(rhPath, 'utf-8');
+            const patterns = raw
+                .split('\n')
+                .map((l) => l.trimEnd())
+                .filter((l) => l.length > 0 && !l.startsWith('#'));
+            if (patterns.length > 0)
+                ig.add(patterns);
+        }
+        catch {
+            // Unreadable — silently skip.
+        }
+    }
+    return ig;
+}
+/**
+ * Filter a workspace-relative path list through the gitignore matcher,
+ * preserving order.
+ */
+export function filterGitignored(matcher, files) {
+    return files.filter((f) => !matcher.ignores(f.replace(/\\/g, '/')));
+}
+//# sourceMappingURL=gitignore.js.map

package/dist/utils/gitignore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gitignore.js","sourceRoot":"","sources":["../../src/utils/gitignore.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,MAAuB,MAAM,QAAQ,CAAC;AAE7C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IAEpB,mEAAmE;IACnE,mEAAmE;IACnE,mEAAmE;IACnE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;IAEjC,MAAM,IAAI,GAAG,CAAC,GAAW,EAAE,SAAiB,EAAQ,EAAE;QACpD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACnD,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;gBACpD,MAAM,QAAQ,GAAG,GAAG;qBACjB,KAAK,CAAC,IAAI,CAAC;qBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;qBACvB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;gBACrD,IAAI,SAAS,KAAK,EAAE,EAAE,CAAC;oBACrB,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACnB,CAAC;qBAAM,CAAC;oBACN,gEAAgE;oBAChE,8DAA8D;oBAC9D,iEAAiE;oBACjE,mCAAmC;oBACnC,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;wBAChC,MAAM,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;wBAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;wBAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;wBACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;wBAClD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;wBACzD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;oBACvC,CAAC,CAAC,CAAC;oBACH,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;gBAChE,mDAAmD;YACrD,CAAC;QACH,CAAC;QAED,6DAA6D;QAC7D,sEAAsE;QACtE,mEAAmE;QACnE,IAAI,OAAoB,CAAC;QACzB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc;gBAAE,SAAS;YACrE,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY;gBAAE,SAAS;YACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,QAAQ,GAAG,SAAS,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACxF,kEAAkE;YAClE,gEAAgE;YAChE,IAAI,EAAE,CAAC,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;gBAAE,SAAS;YACzC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAExB,iEAAiE;IACjE,oEAAoE;IACpE,gEAAgE;IAChE,wBAAwB;IACxB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;IAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,GAAG;iBACjB,KAAK,CAAC,IAAI,CAAC;iBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;iBACvB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;YACrD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;gBAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe,EAAE,KAA4B;IAC5E,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC"}

package/dist/utils/hash.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Stable, short SHA-256 prefix used as a fingerprint suffix across
+ * every detector. Centralised here so the algorithm + truncation
+ * length live in ONE place — bumping from 16 to 24 hex chars only
+ * requires this file, not every detector.
+ *
+ * 16 hex chars = 64 bits of entropy → negligible collision risk for
+ * scan-sized populations (thousands of findings per scan).
+ */
+export declare function stableHash(input: string, length?: number): string;
+//# sourceMappingURL=hash.d.ts.map

package/dist/utils/hash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/utils/hash.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,SAAK,GAAG,MAAM,CAE7D"}

package/dist/utils/hash.js

@@ -0,0 +1,14 @@
+import * as crypto from 'node:crypto';
+/**
+ * Stable, short SHA-256 prefix used as a fingerprint suffix across
+ * every detector. Centralised here so the algorithm + truncation
+ * length live in ONE place — bumping from 16 to 24 hex chars only
+ * requires this file, not every detector.
+ *
+ * 16 hex chars = 64 bits of entropy → negligible collision risk for
+ * scan-sized populations (thousands of findings per scan).
+ */
+export function stableHash(input, length = 16) {
+    return crypto.createHash('sha256').update(input).digest('hex').slice(0, length);
+}
+//# sourceMappingURL=hash.js.map

package/dist/utils/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/utils/hash.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa,EAAE,MAAM,GAAG,EAAE;IACnD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AAClF,CAAC"}

package/dist/utils/ignore-annotation.d.ts

@@ -0,0 +1,28 @@
+/**
+ * In-source suppression pragma — operators (and agents under operator
+ * supervision) can add a `// rothunter:ignore-<detectorId>` comment
+ * above a flagged line to silence the detector for that specific
+ * location. `// rothunter:ignore-all` silences every detector.
+ *
+ * Persistent + co-located with the code being suppressed — survives
+ * re-scans automatically. The convention mirrors
+ * `// eslint-disable-next-line <rule>`.
+ *
+ * Required shape (single line above target):
+ *
+ *   // rothunter:ignore-<detectorId>
+ *   // reason: <one short sentence explaining why this is intentional>
+ *
+ * Detectors call `hasIgnoreAnnotation(rawSource, line, detectorId)`
+ * BEFORE emitting a finding. The matcher walks the previous 5
+ * non-blank lines looking for the pragma — captures both styles:
+ *
+ *   // rothunter:ignore-silent-catch        ← matches detectorId
+ *   // rothunter:ignore-all                 ← global ignore
+ *
+ * Strict matching: only line-comment `//` syntax (not block comments).
+ * Block comments confuse the regex on multi-line files; agents should
+ * stick to single-line line comments.
+ */
+export declare function hasIgnoreAnnotation(rawSource: string, targetLine: number, detectorId: string): boolean;
+//# sourceMappingURL=ignore-annotation.d.ts.map

package/dist/utils/ignore-annotation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ignore-annotation.d.ts","sourceRoot":"","sources":["../../src/utils/ignore-annotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAeT"}

package/dist/utils/ignore-annotation.js

@@ -0,0 +1,46 @@
+/**
+ * In-source suppression pragma — operators (and agents under operator
+ * supervision) can add a `// rothunter:ignore-<detectorId>` comment
+ * above a flagged line to silence the detector for that specific
+ * location. `// rothunter:ignore-all` silences every detector.
+ *
+ * Persistent + co-located with the code being suppressed — survives
+ * re-scans automatically. The convention mirrors
+ * `// eslint-disable-next-line <rule>`.
+ *
+ * Required shape (single line above target):
+ *
+ *   // rothunter:ignore-<detectorId>
+ *   // reason: <one short sentence explaining why this is intentional>
+ *
+ * Detectors call `hasIgnoreAnnotation(rawSource, line, detectorId)`
+ * BEFORE emitting a finding. The matcher walks the previous 5
+ * non-blank lines looking for the pragma — captures both styles:
+ *
+ *   // rothunter:ignore-silent-catch        ← matches detectorId
+ *   // rothunter:ignore-all                 ← global ignore
+ *
+ * Strict matching: only line-comment `//` syntax (not block comments).
+ * Block comments confuse the regex on multi-line files; agents should
+ * stick to single-line line comments.
+ */
+export function hasIgnoreAnnotation(rawSource, targetLine, detectorId) {
+    if (!rawSource || targetLine < 1)
+        return false;
+    const lines = rawSource.split(/\r?\n/);
+    const start = Math.max(0, targetLine - 1 - 5);
+    const end = Math.min(lines.length, targetLine - 1);
+    const allTag = 'rothunter:ignore-all';
+    const detTag = `rothunter:ignore-${detectorId}`;
+    for (let i = start; i < end; i++) {
+        const line = lines[i] ?? '';
+        if (!line.includes('rothunter:ignore'))
+            continue;
+        // Cheap substring matches — avoid false positives from
+        // `rothunter:ignore-races-something` matching `ignore-race`.
+        if (line.includes(allTag) || line.includes(detTag))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=ignore-annotation.js.map

package/dist/utils/ignore-annotation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ignore-annotation.js","sourceRoot":"","sources":["../../src/utils/ignore-annotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,MAAM,UAAU,mBAAmB,CACjC,SAAiB,EACjB,UAAkB,EAClB,UAAkB;IAElB,IAAI,CAAC,SAAS,IAAI,UAAU,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,sBAAsB,CAAC;IACtC,MAAM,MAAM,GAAG,oBAAoB,UAAU,EAAE,CAAC;IAChD,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAAE,SAAS;QACjD,uDAAuD;QACvD,6DAA6D;QAC7D,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;IAClE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/utils/llm-json.d.ts

@@ -0,0 +1,2 @@
+export declare function parseLlmJsonResponse(raw: string): unknown;
+//# sourceMappingURL=llm-json.d.ts.map

package/dist/utils/llm-json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-json.d.ts","sourceRoot":"","sources":["../../src/utils/llm-json.ts"],"names":[],"mappings":"AAAA,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAWzD"}

package/dist/utils/llm-json.js

@@ -0,0 +1,53 @@
+export function parseLlmJsonResponse(raw) {
+    const cleaned = stripCodeFence(raw).trim();
+    if (!cleaned)
+        throw new Error('Empty LLM response');
+    try {
+        return JSON.parse(cleaned);
+    }
+    catch {
+        const extracted = extractFirstJsonObject(cleaned);
+        if (extracted)
+            return JSON.parse(extracted);
+        throw new Error(`LLM response is not valid JSON: ${cleaned.slice(0, 200)}`);
+    }
+}
+function stripCodeFence(s) {
+    const fence = /^```(?:json)?\s*([\s\S]*?)\s*```$/i;
+    const m = s.trim().match(fence);
+    return m?.[1] ?? s;
+}
+function extractFirstJsonObject(s) {
+    const start = s.indexOf('{');
+    if (start < 0)
+        return null;
+    let depth = 0;
+    let inString = false;
+    let escape = false;
+    for (let i = start; i < s.length; i++) {
+        const ch = s[i];
+        if (escape) {
+            escape = false;
+            continue;
+        }
+        if (ch === '\\') {
+            escape = true;
+            continue;
+        }
+        if (ch === '"') {
+            inString = !inString;
+            continue;
+        }
+        if (inString)
+            continue;
+        if (ch === '{')
+            depth++;
+        else if (ch === '}') {
+            depth--;
+            if (depth === 0)
+                return s.slice(start, i + 1);
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=llm-json.js.map

package/dist/utils/llm-json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-json.js","sourceRoot":"","sources":["../../src/utils/llm-json.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAEpD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,SAAS,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,SAAS;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,mCAAmC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,KAAK,GAAG,oCAAoC,CAAC;IACnD,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,sBAAsB,CAAC,CAAS;IACvC,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAChB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,KAAK,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YAChB,MAAM,GAAG,IAAI,CAAC;YACd,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,SAAS;QACX,CAAC;QACD,IAAI,QAAQ;YAAE,SAAS;QACvB,IAAI,EAAE,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACnB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACpB,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,KAAK,CAAC;gBAAE,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/utils/logger.d.ts

@@ -0,0 +1,3 @@
+import pino from 'pino';
+export declare const logger: pino.Logger<never, boolean>;
+//# sourceMappingURL=logger.d.ts.map

package/dist/utils/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAIxB,eAAO,MAAM,MAAM,6BAAkB,CAAC"}

package/dist/utils/logger.js

@@ -0,0 +1,4 @@
+import pino from 'pino';
+const level = process.env.ROTHUNTER_LOG_LEVEL ?? process.env.LOG_LEVEL ?? 'info';
+export const logger = pino({ level });
+//# sourceMappingURL=logger.js.map

package/dist/utils/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC;AAEjF,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC"}

package/dist/utils/project-conventions.d.ts

@@ -0,0 +1,2 @@
+export declare function readProjectConventions(workspaceRoot: string, evidenceFile?: string): string | undefined;
+//# sourceMappingURL=project-conventions.d.ts.map

package/dist/utils/project-conventions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-conventions.d.ts","sourceRoot":"","sources":["../../src/utils/project-conventions.ts"],"names":[],"mappings":"AAqDA,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,MAAM,EACrB,YAAY,CAAC,EAAE,MAAM,GACpB,MAAM,GAAG,SAAS,CAyCpB"}

package/dist/utils/project-conventions.js

@@ -0,0 +1,108 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+/**
+ * Read every project-conventions file in scope and return their
+ * concatenated body truncated to a prompt budget. Walks upward from
+ * the evidence file's directory so nested package rules layer over
+ * the workspace default. Cached per-path so a 100-finding scan reads
+ * each file once.
+ *
+ * Why this exists: detectors flag patterns ("duplicate-function",
+ * "long-function", "long-file", …) that are intentional in some
+ * codebases (Commander.js idiom, linear request handlers, recognizer
+ * tables). Encoding every project rule into the detector is impossible
+ * — but the project usually writes those rules in a conventions file
+ * (CLAUDE.md, AGENTS.md, .cursorrules, copilot-instructions.md, …).
+ * Feeding them into the LLM verdict makes triage project-aware without
+ * touching detector logic.
+ *
+ * Returns `undefined` when no recognised conventions file is found.
+ */
+const cache = new Map();
+const MAX_LEN = 6000;
+/**
+ * Filenames (relative to each directory we visit) that count as
+ * "project conventions". Ordered roughly by community adoption.
+ * Tools-specific files (`.cursorrules`, `.windsurfrules`) are kept in
+ * the same list because rules written for one agent usually apply to
+ * any agent — they describe project shape, not tool quirks.
+ */
+const CONVENTION_FILENAMES = [
+    'CLAUDE.md',
+    'AGENTS.md',
+    'AGENT.md',
+    'GEMINI.md',
+    'CODEX.md',
+    '.codex.md',
+    'COPILOT.md',
+    'AI.md',
+    'AI_GUIDELINES.md',
+    'AI_RULES.md',
+    '.cursorrules',
+    '.cursor/rules',
+    '.windsurfrules',
+    '.github/copilot-instructions.md',
+    '.continue/rules.md',
+    'CONVENTIONS.md',
+    'CODESTYLE.md',
+    'STYLEGUIDE.md',
+    'CONTRIBUTING.md',
+];
+export function readProjectConventions(workspaceRoot, evidenceFile) {
+    const dirs = [];
+    // Walk upward from the evidence file's directory to the workspace
+    // root, deepest first. Within each directory we read every matching
+    // conventions file. Nested rules appear before workspace defaults
+    // in the joined output so the LLM sees them as the more specific
+    // override.
+    if (evidenceFile) {
+        const wsAbs = path.resolve(workspaceRoot);
+        let dir = path.dirname(path.resolve(workspaceRoot, evidenceFile));
+        while (true) {
+            dirs.push(dir);
+            if (path.resolve(dir) === wsAbs)
+                break;
+            const parent = path.dirname(dir);
+            if (parent === dir)
+                break;
+            dir = parent;
+        }
+    }
+    else {
+        dirs.push(workspaceRoot);
+    }
+    const parts = [];
+    let budget = MAX_LEN;
+    for (const dir of dirs) {
+        for (const name of CONVENTION_FILENAMES) {
+            if (budget <= 0)
+                break;
+            const candidate = path.join(dir, name);
+            let body = cache.get(candidate);
+            if (body === undefined && !cache.has(candidate)) {
+                body = readFileSafe(candidate);
+                cache.set(candidate, body);
+            }
+            if (!body)
+                continue;
+            const wsRel = path.relative(workspaceRoot, candidate) || name;
+            const slice = body.length > budget ? body.slice(0, budget) + '\n…(truncated)' : body;
+            parts.push(`# ${wsRel}\n${slice}`);
+            budget -= slice.length + wsRel.length + 4;
+        }
+        if (budget <= 0)
+            break;
+    }
+    if (parts.length === 0)
+        return undefined;
+    return parts.join('\n\n---\n\n');
+}
+function readFileSafe(p) {
+    try {
+        return fs.readFileSync(p, 'utf-8');
+    }
+    catch {
+        return undefined;
+    }
+}
+//# sourceMappingURL=project-conventions.js.map

package/dist/utils/project-conventions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-conventions.js","sourceRoot":"","sources":["../../src/utils/project-conventions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,KAAK,GAAG,IAAI,GAAG,EAA8B,CAAC;AACpD,MAAM,OAAO,GAAG,IAAI,CAAC;AAErB;;;;;;GAMG;AACH,MAAM,oBAAoB,GAAa;IACrC,WAAW;IACX,WAAW;IACX,UAAU;IACV,WAAW;IACX,UAAU;IACV,WAAW;IACX,YAAY;IACZ,OAAO;IACP,kBAAkB;IAClB,aAAa;IACb,cAAc;IACd,eAAe;IACf,gBAAgB;IAChB,iCAAiC;IACjC,oBAAoB;IACpB,gBAAgB;IAChB,cAAc;IACd,eAAe;IACf,iBAAiB;CAClB,CAAC;AAEF,MAAM,UAAU,sBAAsB,CACpC,aAAqB,EACrB,YAAqB;IAErB,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,kEAAkE;IAClE,oEAAoE;IACpE,kEAAkE;IAClE,iEAAiE;IACjE,YAAY;IACZ,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,IAAI,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACf,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK;gBAAE,MAAM;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,MAAM,KAAK,GAAG;gBAAE,MAAM;YAC1B,GAAG,GAAG,MAAM,CAAC;QACf,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;IACD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,MAAM,GAAG,OAAO,CAAC;IACrB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;YACxC,IAAI,MAAM,IAAI,CAAC;gBAAE,MAAM;YACvB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACvC,IAAI,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBAChD,IAAI,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;gBAC/B,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC7B,CAAC;YACD,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC;YAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;YACrF,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,KAAK,KAAK,EAAE,CAAC,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,MAAM,IAAI,CAAC;YAAE,MAAM;IACzB,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/utils/regex.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Escape every regex metacharacter in `s` so it can be embedded as a
+ * literal inside a new RegExp. Centralised because four detectors
+ * shipped their own copy of the same one-liner — when a future bug
+ * (e.g. forgetting to escape `-` inside character classes) needs a
+ * fix, doing it here propagates everywhere.
+ */
+export declare function escapeForRegex(s: string): string;
+//# sourceMappingURL=regex.d.ts.map

package/dist/utils/regex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"regex.d.ts","sourceRoot":"","sources":["../../src/utils/regex.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEhD"}

package/dist/utils/regex.js

@@ -0,0 +1,11 @@
+/**
+ * Escape every regex metacharacter in `s` so it can be embedded as a
+ * literal inside a new RegExp. Centralised because four detectors
+ * shipped their own copy of the same one-liner — when a future bug
+ * (e.g. forgetting to escape `-` inside character classes) needs a
+ * fix, doing it here propagates everywhere.
+ */
+export function escapeForRegex(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+//# sourceMappingURL=regex.js.map

package/dist/utils/regex.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"regex.js","sourceRoot":"","sources":["../../src/utils/regex.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC"}

package/dist/utils/snippet.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Snippet trimmers shared across the detectors. The cluster confirmers
+ * (api-race, shared-db-write, race-condition, …) embed `enclosingSource`
+ * blobs in each evidence note — those blobs eat the LLM prompt budget
+ * quickly when they're long real-world functions. We collapse + cap them
+ * here so every detector applies the same prompt-shape.
+ */
+/**
+ * Collapse whitespace + truncate a single-line snippet. Used for
+ * preview strings in finding titles + evidence rows.
+ */
+export declare function trimSnippet(text: string, maxChars?: number): string;
+/**
+ * Preserve the first/last lines of a long function body, ellipsise the
+ * middle. Used for the LLM prompt's `enclosingSource` block — gives the
+ * model enough context to see the signature + final return without
+ * blowing the token budget on a 200-line method.
+ */
+export declare function trimEnclosingSource(full: string, headLines?: number): string;
+//# sourceMappingURL=snippet.d.ts.map

package/dist/utils/snippet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"snippet.d.ts","sourceRoot":"","sources":["../../src/utils/snippet.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,SAAM,GAAG,MAAM,CAGhE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,SAAK,GAAG,MAAM,CAIxE"}

package/dist/utils/snippet.js

@@ -0,0 +1,28 @@
+/**
+ * Snippet trimmers shared across the detectors. The cluster confirmers
+ * (api-race, shared-db-write, race-condition, …) embed `enclosingSource`
+ * blobs in each evidence note — those blobs eat the LLM prompt budget
+ * quickly when they're long real-world functions. We collapse + cap them
+ * here so every detector applies the same prompt-shape.
+ */
+/**
+ * Collapse whitespace + truncate a single-line snippet. Used for
+ * preview strings in finding titles + evidence rows.
+ */
+export function trimSnippet(text, maxChars = 160) {
+    const collapsed = text.replace(/\s+/g, ' ').trim();
+    return collapsed.length > maxChars ? collapsed.slice(0, maxChars - 3) + '...' : collapsed;
+}
+/**
+ * Preserve the first/last lines of a long function body, ellipsise the
+ * middle. Used for the LLM prompt's `enclosingSource` block — gives the
+ * model enough context to see the signature + final return without
+ * blowing the token budget on a 200-line method.
+ */
+export function trimEnclosingSource(full, headLines = 40) {
+    const lines = full.split(/\r?\n/);
+    if (lines.length <= headLines + 2)
+        return full;
+    return [...lines.slice(0, headLines), '  // ...', lines[lines.length - 1] ?? ''].join('\n');
+}
+//# sourceMappingURL=snippet.js.map

package/dist/utils/snippet.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"snippet.js","sourceRoot":"","sources":["../../src/utils/snippet.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,QAAQ,GAAG,GAAG;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACnD,OAAO,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5F,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY,EAAE,SAAS,GAAG,EAAE;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9F,CAAC"}

package/dist/utils/source-reader.d.ts

@@ -0,0 +1,19 @@
+import type { Project } from 'ts-morph';
+/**
+ * Build a fast workspace-relative source reader. File-walking detectors
+ * (magic-numbers, console-log-prod, silent-catch, skip-tests, bad-config,
+ * long-file, mutable-globals, …) used to readFileSync every
+ * candidate file independently — the orchestrator already parsed those
+ * same files into a shared ts-morph Project, so the disk I/O was pure
+ * duplication. When a Project is passed, this reader serves text from
+ * ts-morph's in-memory SourceFile cache; otherwise it falls back to
+ * direct readFileSync so detectors keep working in their own tests
+ * (where there is no shared Project to inject).
+ *
+ * Returns `null` on read failure (missing file, encoding error, etc.) —
+ * callers should `continue` past missing files, same as the previous
+ * readFileSync/try-catch shape.
+ */
+export type SourceReader = (rel: string) => string | null;
+export declare function makeSourceReader(workspaceRoot: string, project?: Project): SourceReader;
+//# sourceMappingURL=source-reader.d.ts.map

package/dist/utils/source-reader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"source-reader.d.ts","sourceRoot":"","sources":["../../src/utils/source-reader.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,UAAU,CAAC;AAExC;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;AAE1D,wBAAgB,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,YAAY,CAWvF"}

package/dist/utils/source-reader.js

@@ -0,0 +1,32 @@
+import * as path from 'node:path';
+import { readFileSync } from 'node:fs';
+export function makeSourceReader(workspaceRoot, project) {
+    if (project) {
+        const byRel = new Map();
+        for (const sf of project.getSourceFiles()) {
+            const rel = path.relative(workspaceRoot, sf.getFilePath());
+            // Use POSIX separator so reads work the same across platforms.
+            byRel.set(rel.split(path.sep).join('/'), sf.getFullText());
+        }
+        return (rel) => byRel.get(rel.split(path.sep).join('/')) ?? readFromDisk(workspaceRoot, rel);
+    }
+    return (rel) => readFromDisk(workspaceRoot, rel);
+}
+function readFromDisk(workspaceRoot, rel) {
+    try {
+        const root = path.resolve(workspaceRoot);
+        const resolved = path.resolve(root, rel);
+        // Refuse anything that escapes the workspace root via `..` /
+        // absolute / symlink before it reaches `readFileSync`. Callers
+        // are internal today, but a defensive guard here keeps any
+        // future detector or test fixture from punching through.
+        if (resolved !== root && !resolved.startsWith(root + path.sep)) {
+            return null;
+        }
+        return readFileSync(resolved, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=source-reader.js.map

package/dist/utils/source-reader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"source-reader.js","sourceRoot":"","sources":["../../src/utils/source-reader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAoBvC,MAAM,UAAU,gBAAgB,CAAC,aAAqB,EAAE,OAAiB;IACvE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;QACxC,KAAK,MAAM,EAAE,IAAI,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;YAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAC3D,+DAA+D;YAC/D,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAC/F,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,YAAY,CAAC,aAAqB,EAAE,GAAW;IACtD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACzC,6DAA6D;QAC7D,+DAA+D;QAC/D,2DAA2D;QAC3D,yDAAyD;QACzD,IAAI,QAAQ,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}