@lyse-labs/lyse 0.1.0-alpha.2

package/dist/reliability/confidence/bundled-manifest.d.ts

@@ -0,0 +1,2 @@
+import type { ConfidenceManifest } from "../types.js";
+export declare const BUNDLED_MANIFEST: ConfidenceManifest;

package/dist/reliability/confidence/bundled-manifest.js

@@ -0,0 +1,8 @@
+export const BUNDLED_MANIFEST = {
+    version: "scoring-v1",
+    generatedAt: "2026-05-22T00:00:00Z",
+    validFrom: "2026-05-22T00:00:00Z",
+    validUntil: "2026-12-31T23:59:59Z",
+    subAxes: {},
+};
+//# sourceMappingURL=bundled-manifest.js.map

package/dist/reliability/confidence/bundled-manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bundled-manifest.js","sourceRoot":"","sources":["../../../src/reliability/confidence/bundled-manifest.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAuB;IAClD,OAAO,EAAE,YAAY;IACrB,WAAW,EAAE,sBAAsB;IACnC,SAAS,EAAE,sBAAsB;IACjC,UAAU,EAAE,sBAAsB;IAClC,OAAO,EAAE,EAAE;CACZ,CAAC"}

package/dist/reliability/confidence/index.d.ts

@@ -0,0 +1,3 @@
+export { loadManifest } from "./manifest-loader.js";
+export type { LoadManifestOpts } from "./manifest-loader.js";
+export { BUNDLED_MANIFEST } from "./bundled-manifest.js";

package/dist/reliability/confidence/index.js

@@ -0,0 +1,3 @@
+export { loadManifest } from "./manifest-loader.js";
+export { BUNDLED_MANIFEST } from "./bundled-manifest.js";
+//# sourceMappingURL=index.js.map

package/dist/reliability/confidence/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/reliability/confidence/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/reliability/confidence/manifest-loader.d.ts

@@ -0,0 +1,8 @@
+import type { ConfidenceManifest } from "../types.js";
+export interface LoadManifestOpts {
+    url: string;
+    fallback: ConfidenceManifest;
+    pinnedDate?: string;
+    cacheDir?: string;
+}
+export declare function loadManifest(opts: LoadManifestOpts): Promise<ConfidenceManifest>;

package/dist/reliability/confidence/manifest-loader.js

@@ -0,0 +1,53 @@
+import { mkdir, readFile, stat, writeFile } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, resolve } from "node:path";
+const TTL_MS = 7 * 24 * 60 * 60 * 1000;
+const FETCH_TIMEOUT_MS = 3000;
+// Honors LYSE_CACHE_DIR env override for CI / testing; defaults to ~/.cache/lyse.
+function resolveCacheFile(cacheDir) {
+    const dir = cacheDir ?? process.env["LYSE_CACHE_DIR"] ?? resolve(homedir(), ".cache", "lyse");
+    return resolve(dir, "manifest.json");
+}
+async function readFreshCache(cacheFile) {
+    if (!existsSync(cacheFile))
+        return null;
+    try {
+        const s = await stat(cacheFile);
+        if (Date.now() - s.mtimeMs >= TTL_MS)
+            return null;
+        const raw = await readFile(cacheFile, "utf8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+async function writeCache(cacheFile, manifest) {
+    try {
+        await mkdir(dirname(cacheFile), { recursive: true });
+        await writeFile(cacheFile, JSON.stringify(manifest), "utf8");
+    }
+    catch {
+        // Read-only filesystem must not break the loader.
+    }
+}
+export async function loadManifest(opts) {
+    const cacheFile = resolveCacheFile(opts.cacheDir);
+    const cached = await readFreshCache(cacheFile);
+    if (cached)
+        return cached;
+    try {
+        const url = opts.pinnedDate ? `${opts.url}?pinned=${opts.pinnedDate}` : opts.url;
+        const res = await fetch(url, { signal: AbortSignal.timeout(FETCH_TIMEOUT_MS) });
+        if (!res.ok)
+            throw new Error(`HTTP ${res.status}`);
+        const manifest = (await res.json());
+        await writeCache(cacheFile, manifest);
+        return manifest;
+    }
+    catch {
+        return opts.fallback;
+    }
+}
+//# sourceMappingURL=manifest-loader.js.map

package/dist/reliability/confidence/manifest-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-loader.js","sourceRoot":"","sources":["../../../src/reliability/confidence/manifest-loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAG7C,MAAM,MAAM,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAS9B,kFAAkF;AAClF,SAAS,gBAAgB,CAAC,QAAiB;IACzC,MAAM,GAAG,GAAG,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9F,OAAO,OAAO,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,OAAO,IAAI,MAAM;YAAE,OAAO,IAAI,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,SAAiB,EAAE,QAA4B;IACvE,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,kDAAkD;IACpD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAsB;IACvD,MAAM,SAAS,GAAG,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAElD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,CAAC;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QACjF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QAC1D,MAAM,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACtC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;AACH,CAAC"}

package/dist/reliability/feedback/__tests__/interactive.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/reliability/feedback/__tests__/interactive.test.js

@@ -0,0 +1,85 @@
+import { describe, expect, it, vi, beforeEach, afterEach } from "vitest";
+import { fetchBucketSalt, getFeedbackEndpoint, getSaltUrl, getSubAxisForRule, runInteractiveFeedback, } from "../interactive.js";
+describe("getSubAxisForRule", () => {
+    it("maps known rule IDs to seeded sub-axes", () => {
+        expect(getSubAxisForRule("tokens/no-hardcoded-color")).toBe("tokens.color");
+        expect(getSubAxisForRule("tokens/no-hardcoded-spacing")).toBe("tokens.spacing");
+        expect(getSubAxisForRule("a11y/essentials")).toBe("a11y.essentials");
+        expect(getSubAxisForRule("components/no-native-shadows")).toBe("components.native-shadows");
+    });
+    it("returns 'unmapped' for unknown rule IDs", () => {
+        expect(getSubAxisForRule("definitely/not-a-rule")).toBe("unmapped");
+    });
+});
+describe("endpoint / salt URL env overrides", () => {
+    const origEndpoint = process.env["LYSE_FEEDBACK_ENDPOINT"];
+    const origSalt = process.env["LYSE_FEEDBACK_SALT_URL"];
+    afterEach(() => {
+        if (origEndpoint === undefined)
+            delete process.env["LYSE_FEEDBACK_ENDPOINT"];
+        else
+            process.env["LYSE_FEEDBACK_ENDPOINT"] = origEndpoint;
+        if (origSalt === undefined)
+            delete process.env["LYSE_FEEDBACK_SALT_URL"];
+        else
+            process.env["LYSE_FEEDBACK_SALT_URL"] = origSalt;
+    });
+    it("returns production endpoint by default", () => {
+        delete process.env["LYSE_FEEDBACK_ENDPOINT"];
+        expect(getFeedbackEndpoint()).toBe("https://api.getlyse.com/v1/feedback");
+    });
+    it("honors LYSE_FEEDBACK_ENDPOINT override", () => {
+        process.env["LYSE_FEEDBACK_ENDPOINT"] = "http://staging.test/v1/feedback";
+        expect(getFeedbackEndpoint()).toBe("http://staging.test/v1/feedback");
+    });
+    it("returns production salt URL by default", () => {
+        delete process.env["LYSE_FEEDBACK_SALT_URL"];
+        expect(getSaltUrl()).toBe("https://api.getlyse.com/v1/bucket-salt");
+    });
+    it("honors LYSE_FEEDBACK_SALT_URL override", () => {
+        process.env["LYSE_FEEDBACK_SALT_URL"] = "http://staging.test/v1/bucket-salt";
+        expect(getSaltUrl()).toBe("http://staging.test/v1/bucket-salt");
+    });
+});
+describe("fetchBucketSalt", () => {
+    let fetchMock;
+    beforeEach(() => {
+        fetchMock = vi.fn();
+        vi.stubGlobal("fetch", fetchMock);
+    });
+    afterEach(() => {
+        vi.unstubAllGlobals();
+    });
+    it("returns raw string body when not JSON", async () => {
+        fetchMock.mockResolvedValueOnce(new Response("salt-2026-05-22"));
+        const s = await fetchBucketSalt("http://test/salt");
+        expect(s).toBe("salt-2026-05-22");
+    });
+    it("extracts .salt from JSON body", async () => {
+        fetchMock.mockResolvedValueOnce(new Response(JSON.stringify({ salt: "abc-123" })));
+        const s = await fetchBucketSalt("http://test/salt");
+        expect(s).toBe("abc-123");
+    });
+    it("returns null on non-2xx", async () => {
+        fetchMock.mockResolvedValueOnce(new Response(null, { status: 500 }));
+        const s = await fetchBucketSalt("http://test/salt");
+        expect(s).toBeNull();
+    });
+    it("returns null on network error", async () => {
+        fetchMock.mockRejectedValueOnce(new Error("ENETDOWN"));
+        const s = await fetchBucketSalt("http://test/salt");
+        expect(s).toBeNull();
+    });
+    it("returns null on empty body", async () => {
+        fetchMock.mockResolvedValueOnce(new Response(""));
+        const s = await fetchBucketSalt("http://test/salt");
+        expect(s).toBeNull();
+    });
+});
+describe("runInteractiveFeedback (empty short-circuit)", () => {
+    it("returns immediately when there are no findings", async () => {
+        const r = await runInteractiveFeedback({ findings: [], repoRoot: process.cwd() });
+        expect(r).toEqual({ sent: 0, skipped: 0, aborted: false });
+    });
+});
+//# sourceMappingURL=interactive.test.js.map

package/dist/reliability/feedback/__tests__/interactive.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive.test.js","sourceRoot":"","sources":["../../../../src/reliability/feedback/__tests__/interactive.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,UAAU,EACV,iBAAiB,EACjB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,iBAAiB,CAAC,2BAA2B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5E,MAAM,CAAC,iBAAiB,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAChF,MAAM,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACrE,MAAM,CAAC,iBAAiB,CAAC,8BAA8B,CAAC,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC9F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAEvD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,YAAY,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;;YACxE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,YAAY,CAAC;QAC1D,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;;YACpE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,QAAQ,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,CAAC,mBAAmB,EAAE,CAAC,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,iCAAiC,CAAC;QAC1E,MAAM,CAAC,mBAAmB,EAAE,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,oCAAoC,CAAC;QAC7E,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAI,SAAmC,CAAC;IAExC,UAAU,CAAC,GAAG,EAAE;QACd,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACpB,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,SAAS,CAAC,qBAAqB,CAAC,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,MAAM,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,SAAS,CAAC,qBAAqB,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QACnF,MAAM,CAAC,GAAG,MAAM,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,SAAS,CAAC,qBAAqB,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,MAAM,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,SAAS,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACvD,MAAM,CAAC,GAAG,MAAM,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,SAAS,CAAC,qBAAqB,CAAC,IAAI,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,MAAM,eAAe,CAAC,kBAAkB,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8CAA8C,EAAE,GAAG,EAAE;IAC5D,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,CAAC,GAAG,MAAM,sBAAsB,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/reliability/feedback/__tests__/repo-bucket.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/reliability/feedback/__tests__/repo-bucket.test.js

@@ -0,0 +1,18 @@
+import { describe, expect, it } from "vitest";
+import { computeRepoBucket } from "../repo-bucket.js";
+describe("repo_bucket HMAC", () => {
+    it("normalizes URL (case, trailing .git)", () => {
+        const a = computeRepoBucket("https://github.com/FOO/bar.git", "salt-2026-05-30");
+        const b = computeRepoBucket("https://GITHUB.COM/foo/bar", "salt-2026-05-30");
+        expect(a).toBe(b);
+    });
+    it("changes when salt rotates", () => {
+        const a = computeRepoBucket("https://github.com/foo/bar.git", "salt-A");
+        const b = computeRepoBucket("https://github.com/foo/bar.git", "salt-B");
+        expect(a).not.toBe(b);
+    });
+    it("returns 16-hex prefix", () => {
+        expect(computeRepoBucket("https://github.com/foo/bar.git", "s")).toMatch(/^[0-9a-f]{16}$/);
+    });
+});
+//# sourceMappingURL=repo-bucket.test.js.map

package/dist/reliability/feedback/__tests__/repo-bucket.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo-bucket.test.js","sourceRoot":"","sources":["../../../../src/reliability/feedback/__tests__/repo-bucket.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,iBAAiB,CAAC,gCAAgC,EAAE,iBAAiB,CAAC,CAAC;QACjF,MAAM,CAAC,GAAG,iBAAiB,CAAC,4BAA4B,EAAE,iBAAiB,CAAC,CAAC;QAC7E,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,CAAC,GAAG,iBAAiB,CAAC,gCAAgC,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,CAAC,GAAG,iBAAiB,CAAC,gCAAgC,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,CAAC,iBAAiB,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7F,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/reliability/feedback/__tests__/sender.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/reliability/feedback/__tests__/sender.test.js

@@ -0,0 +1,101 @@
+import { describe, expect, it, vi, beforeEach, afterEach } from "vitest";
+import { sendFeedback } from "../sender.js";
+import { __setCacheForTest, resetConsentCache } from "../../../telemetry/consent.js";
+function enableConsent() {
+    __setCacheForTest({ accepted: true, initialised: true });
+}
+describe("sendFeedback", () => {
+    let fetchMock;
+    beforeEach(() => {
+        __setCacheForTest({ accepted: false, initialised: true });
+        fetchMock = vi.fn(async () => new Response(null, { status: 204 }));
+        vi.stubGlobal("fetch", fetchMock);
+    });
+    afterEach(() => {
+        resetConsentCache();
+        vi.unstubAllGlobals();
+    });
+    it("does NOT fetch when consent is absent", async () => {
+        const r = await sendFeedback({
+            endpoint: "http://example.test/v1/feedback",
+            finding: { ruleId: "x", subAxisId: "tokens.color" },
+            verdict: "valid",
+            remoteUrl: "https://github.com/foo/bar.git",
+            salt: "s",
+        });
+        expect(fetchMock).not.toHaveBeenCalled();
+        expect(r.ok).toBe(false);
+    });
+    it("does NOT fetch when consent.accepted=false", async () => {
+        __setCacheForTest({ accepted: false, initialised: true });
+        const r = await sendFeedback({
+            endpoint: "http://example.test/v1/feedback",
+            finding: { ruleId: "x", subAxisId: "tokens.color" },
+            verdict: "valid",
+            remoteUrl: "https://github.com/foo/bar.git",
+            salt: "s",
+        });
+        expect(fetchMock).not.toHaveBeenCalled();
+        expect(r.ok).toBe(false);
+    });
+    it("posts JSON payload with HMACed repoBucket when consent is accepted", async () => {
+        enableConsent();
+        await sendFeedback({
+            endpoint: "http://example.test/v1/feedback",
+            finding: { ruleId: "tokens/no-hardcoded-color", subAxisId: "tokens.color" },
+            verdict: "valid",
+            remoteUrl: "https://github.com/foo/bar.git",
+            salt: "s-2026-05-22",
+        });
+        expect(fetchMock).toHaveBeenCalledTimes(1);
+        const [url, init] = fetchMock.mock.calls[0];
+        expect(url).toBe("http://example.test/v1/feedback");
+        expect(init.method).toBe("POST");
+        const body = JSON.parse(init.body);
+        expect(body.ruleId).toBe("tokens/no-hardcoded-color");
+        expect(body.subAxisId).toBe("tokens.color");
+        expect(body.verdict).toBe("valid");
+        expect(body.signed).toBe(false);
+        expect(body.repoBucket).toMatch(/^[0-9a-f]{16}$/);
+    });
+    it("payload contains ONLY the 5 allowed fields (no PII leak)", async () => {
+        enableConsent();
+        await sendFeedback({
+            endpoint: "http://example.test/v1/feedback",
+            finding: { ruleId: "r", subAxisId: "a.b" },
+            verdict: "invalid",
+            remoteUrl: "https://github.com/foo/secret-repo.git",
+            salt: "s",
+        });
+        const [, init] = fetchMock.mock.calls[0];
+        const body = JSON.parse(init.body);
+        expect(Object.keys(body).sort()).toEqual(["repoBucket", "ruleId", "signed", "subAxisId", "verdict"]);
+        expect(JSON.stringify(body)).not.toContain("secret-repo");
+        expect(JSON.stringify(body)).not.toContain("github.com");
+    });
+    it("returns ok=false on network failure (silent)", async () => {
+        enableConsent();
+        fetchMock.mockRejectedValueOnce(new Error("connection refused"));
+        const r = await sendFeedback({
+            endpoint: "http://invalid/v1/feedback",
+            finding: { ruleId: "x", subAxisId: "tokens.color" },
+            verdict: "valid",
+            remoteUrl: "https://github.com/foo/bar.git",
+            salt: "s",
+        });
+        expect(r.ok).toBe(false);
+    });
+    it("returns ok=false when server returns non-2xx", async () => {
+        enableConsent();
+        fetchMock.mockResolvedValueOnce(new Response(null, { status: 500 }));
+        const r = await sendFeedback({
+            endpoint: "http://example.test/v1/feedback",
+            finding: { ruleId: "x", subAxisId: "tokens.color" },
+            verdict: "valid",
+            remoteUrl: "https://github.com/foo/bar.git",
+            salt: "s",
+        });
+        expect(r.ok).toBe(false);
+    });
+});
+//# sourceMappingURL=sender.test.js.map

package/dist/reliability/feedback/__tests__/sender.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sender.test.js","sourceRoot":"","sources":["../../../../src/reliability/feedback/__tests__/sender.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAErF,SAAS,aAAa;IACpB,iBAAiB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAI,SAAmC,CAAC;IAExC,UAAU,CAAC,GAAG,EAAE;QACd,iBAAiB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACnE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,iBAAiB,EAAE,CAAC;QACpB,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC;YAC3B,QAAQ,EAAE,iCAAiC;YAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE;YACnD,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,gCAAgC;YAC3C,IAAI,EAAE,GAAG;SACV,CAAC,CAAC;QACH,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,iBAAiB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC;YAC3B,QAAQ,EAAE,iCAAiC;YAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE;YACnD,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,gCAAgC;YAC3C,IAAI,EAAE,GAAG;SACV,CAAC,CAAC;QACH,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,aAAa,EAAE,CAAC;QAChB,MAAM,YAAY,CAAC;YACjB,QAAQ,EAAE,iCAAiC;YAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,2BAA2B,EAAE,SAAS,EAAE,cAAc,EAAE;YAC3E,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,gCAAgC;YAC3C,IAAI,EAAE,cAAc;SACrB,CAAC,CAAC;QACH,MAAM,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;QAC7C,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACpD,MAAM,CAAE,IAAoB,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAE,IAAoB,CAAC,IAAc,CAAC,CAAC;QAC9D,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,aAAa,EAAE,CAAC;QAChB,MAAM,YAAY,CAAC;YACjB,QAAQ,EAAE,iCAAiC;YAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE;YAC1C,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,wCAAwC;YACnD,IAAI,EAAE,GAAG;SACV,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAE,IAAoB,CAAC,IAAc,CAAC,CAAC;QAC9D,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QACrG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,aAAa,EAAE,CAAC;QAChB,SAAS,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC;YAC3B,QAAQ,EAAE,4BAA4B;YACtC,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE;YACnD,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,gCAAgC;YAC3C,IAAI,EAAE,GAAG;SACV,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,aAAa,EAAE,CAAC;QAChB,SAAS,CAAC,qBAAqB,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC;YAC3B,QAAQ,EAAE,iCAAiC;YAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE;YACnD,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,gCAAgC;YAC3C,IAAI,EAAE,GAAG;SACV,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/reliability/feedback/interactive.d.ts

@@ -0,0 +1,20 @@
+import type { Finding } from "../../types.js";
+export interface InteractiveFeedbackResult {
+    sent: number;
+    skipped: number;
+    aborted: boolean;
+}
+export declare function getSubAxisForRule(ruleId: string): string;
+export declare function getFeedbackEndpoint(): string;
+export declare function getSaltUrl(): string;
+export declare function fetchBucketSalt(url: string, timeoutMs?: number): Promise<string | null>;
+export declare function getRemoteOriginUrl(repoRoot: string): string | null;
+export interface RunInteractiveFeedbackOpts {
+    findings: Finding[];
+    repoRoot: string;
+    endpoint?: string;
+    saltUrl?: string;
+    saltOverride?: string;
+    remoteUrlOverride?: string;
+}
+export declare function runInteractiveFeedback(opts: RunInteractiveFeedbackOpts): Promise<InteractiveFeedbackResult>;

package/dist/reliability/feedback/interactive.js

@@ -0,0 +1,150 @@
+import { execSync } from "node:child_process";
+import prompts from "prompts";
+import { SUB_AXES } from "../catalogue/sub-axes.js";
+import { sendFeedback } from "./sender.js";
+import { telemetryEnabled } from "../../telemetry/index.js";
+const DEFAULT_FEEDBACK_ENDPOINT = "https://api.getlyse.com/v1/feedback";
+const DEFAULT_SALT_URL = "https://api.getlyse.com/v1/bucket-salt";
+const SALT_FETCH_TIMEOUT_MS = 3000;
+// Build a ruleId → subAxisId lookup from the seeded catalogue.
+// Rules without a sub-axis mapping are reported with subAxisId="unmapped"
+// so the worker can still aggregate them under a tracking bucket.
+const RULE_TO_SUB_AXIS = (() => {
+    const m = new Map();
+    for (const sa of SUB_AXES) {
+        for (const r of sa.ruleIds)
+            m.set(r, sa.id);
+    }
+    return m;
+})();
+export function getSubAxisForRule(ruleId) {
+    return RULE_TO_SUB_AXIS.get(ruleId) ?? "unmapped";
+}
+export function getFeedbackEndpoint() {
+    const override = process.env["LYSE_FEEDBACK_ENDPOINT"];
+    return override && override.length > 0 ? override : DEFAULT_FEEDBACK_ENDPOINT;
+}
+export function getSaltUrl() {
+    const override = process.env["LYSE_FEEDBACK_SALT_URL"];
+    return override && override.length > 0 ? override : DEFAULT_SALT_URL;
+}
+export async function fetchBucketSalt(url, timeoutMs = SALT_FETCH_TIMEOUT_MS) {
+    try {
+        const res = await fetch(url, { signal: AbortSignal.timeout(timeoutMs) });
+        if (!res.ok)
+            return null;
+        const txt = (await res.text()).trim();
+        if (txt.length === 0)
+            return null;
+        try {
+            const parsed = JSON.parse(txt);
+            if (typeof parsed === "string")
+                return parsed;
+            if (parsed && typeof parsed.salt === "string")
+                return parsed.salt;
+        }
+        catch {
+            // Not JSON — treat as raw salt string.
+        }
+        return txt;
+    }
+    catch {
+        return null;
+    }
+}
+export function getRemoteOriginUrl(repoRoot) {
+    try {
+        const out = execSync("git config --get remote.origin.url", {
+            cwd: repoRoot,
+            encoding: "utf8",
+            stdio: ["ignore", "pipe", "ignore"],
+            timeout: 5000,
+        }).trim();
+        return out.length > 0 ? out : null;
+    }
+    catch {
+        return null;
+    }
+}
+// Runs an interactive y/n/?/s/q prompt for each finding. Sends a privacy-clean
+// telemetry event per verdict when consent has been accepted; otherwise the
+// prompts run but no network requests are made (still useful for local triage).
+export async function runInteractiveFeedback(opts) {
+    const findings = opts.findings;
+    if (findings.length === 0)
+        return { sent: 0, skipped: 0, aborted: false };
+    const endpoint = opts.endpoint ?? getFeedbackEndpoint();
+    const telemetryOn = telemetryEnabled();
+    let salt = opts.saltOverride ?? null;
+    let remoteUrl = opts.remoteUrlOverride ?? null;
+    if (telemetryOn) {
+        if (!remoteUrl)
+            remoteUrl = getRemoteOriginUrl(opts.repoRoot);
+        if (!salt)
+            salt = await fetchBucketSalt(opts.saltUrl ?? getSaltUrl());
+        if (!salt || !remoteUrl) {
+            process.stdout.write("[telemetry: salt unavailable; feedback disabled this session]\n");
+        }
+    }
+    const canSend = telemetryOn && !!salt && !!remoteUrl;
+    process.stdout.write(`\nInteractive review: ${findings.length} finding${findings.length === 1 ? "" : "s"}.\n`);
+    process.stdout.write("  y=valid · n=invalid · ?=not sure · s=skip · q=quit\n");
+    let sent = 0;
+    let skipped = 0;
+    let aborted = false;
+    for (let i = 0; i < findings.length; i++) {
+        const f = findings[i];
+        process.stdout.write(`\n[${i + 1}/${findings.length}] ${f.location.file}:${f.location.line}  ${f.severity}  ${f.ruleId}\n`);
+        if (f.message)
+            process.stdout.write(`  ${f.message}\n`);
+        const r = await prompts({
+            type: "select",
+            name: "v",
+            message: "Is this a real issue?",
+            choices: [
+                { title: "y · valid (real issue)", value: "valid" },
+                { title: "n · invalid (false positive)", value: "invalid" },
+                { title: "? · not sure (skip)", value: "unsure" },
+                { title: "s · skip silently", value: "skipped" },
+                { title: "q · quit interactive mode", value: "quit" },
+            ],
+            initial: 0,
+        });
+        const verdict = r.v;
+        if (verdict === undefined || verdict === "quit") {
+            aborted = true;
+            break;
+        }
+        if (verdict === "unsure" || verdict === "skipped") {
+            skipped++;
+            continue;
+        }
+        if (!canSend) {
+            skipped++;
+            continue;
+        }
+        const subAxisId = getSubAxisForRule(f.ruleId);
+        const res = await sendFeedback({
+            endpoint,
+            finding: { ruleId: f.ruleId, subAxisId },
+            verdict: verdict,
+            remoteUrl: remoteUrl,
+            salt: salt,
+        });
+        if (res.ok)
+            sent++;
+        else
+            skipped++;
+    }
+    if (canSend) {
+        process.stdout.write(`\nFeedback session: ${sent} sent, ${skipped} skipped.\n`);
+    }
+    else if (telemetryOn) {
+        process.stdout.write(`\nFeedback session: ${skipped} reviewed locally (telemetry disabled).\n`);
+    }
+    else {
+        process.stdout.write(`\nFeedback session: ${skipped} reviewed locally (run \`lyse telemetry on\` to share anonymized verdicts).\n`);
+    }
+    return { sent, skipped, aborted };
+}
+//# sourceMappingURL=interactive.js.map

package/dist/reliability/feedback/interactive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive.js","sourceRoot":"","sources":["../../../src/reliability/feedback/interactive.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,YAAY,EAAwB,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE5D,MAAM,yBAAyB,GAAG,qCAAqC,CAAC;AACxE,MAAM,gBAAgB,GAAG,wCAAwC,CAAC;AAClE,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAQnC,+DAA+D;AAC/D,0EAA0E;AAC1E,kEAAkE;AAClE,MAAM,gBAAgB,GAAwB,CAAC,GAAG,EAAE;IAClD,MAAM,CAAC,GAAG,IAAI,GAAG,EAAkB,CAAC;IACpC,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO;YAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC,EAAE,CAAC;AAEL,MAAM,UAAU,iBAAiB,CAAC,MAAc;IAC9C,OAAO,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACvD,OAAO,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,yBAAyB,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACvD,OAAO,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,GAAW,EAAE,YAAoB,qBAAqB;IAC1F,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAuB,CAAC;YACrD,IAAI,OAAO,MAAM,KAAK,QAAQ;gBAAE,OAAO,MAAM,CAAC;YAC9C,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,MAAM,CAAC,IAAI,CAAC;QACpE,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,QAAQ,CAAC,oCAAoC,EAAE;YACzD,GAAG,EAAE,QAAQ;YACb,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;YACnC,OAAO,EAAE,IAAI;SACd,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAcD,+EAA+E;AAC/E,4EAA4E;AAC5E,gFAAgF;AAChF,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,IAAgC;IAC3E,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC/B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAE1E,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,mBAAmB,EAAE,CAAC;IACxD,MAAM,WAAW,GAAG,gBAAgB,EAAE,CAAC;IAEvC,IAAI,IAAI,GAAkB,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC;IACpD,IAAI,SAAS,GAAkB,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC;IAE9D,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,CAAC,SAAS;YAAE,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,IAAI,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QAC1F,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,WAAW,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,SAAS,CAAC;IAErD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,WAAW,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAC/G,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAE/E,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAC;QACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,MAAM,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,MAAM,IAAI,CACtG,CAAC;QACF,IAAI,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC;QAExD,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC;YACtB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,uBAAuB;YAChC,OAAO,EAAE;gBACP,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK,EAAE,OAAO,EAAE;gBACnD,EAAE,KAAK,EAAE,8BAA8B,EAAE,KAAK,EAAE,SAAS,EAAE;gBAC3D,EAAE,KAAK,EAAE,qBAAqB,EAAE,KAAK,EAAE,QAAQ,EAAE;gBACjD,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,EAAE,SAAS,EAAE;gBAChD,EAAE,KAAK,EAAE,2BAA2B,EAAE,KAAK,EAAE,MAAM,EAAE;aACtD;YACD,OAAO,EAAE,CAAC;SACX,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,CAAC,CAAC,CAA8B,CAAC;QAEjD,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YAChD,OAAO,GAAG,IAAI,CAAC;YACf,MAAM;QACR,CAAC;QACD,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAClD,OAAO,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QAED,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC;YAC7B,QAAQ;YACR,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE;YACxC,OAAO,EAAE,OAA0B;YACnC,SAAS,EAAE,SAAU;YACrB,IAAI,EAAE,IAAK;SACZ,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,EAAE;YAAE,IAAI,EAAE,CAAC;;YACd,OAAO,EAAE,CAAC;IACjB,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,IAAI,UAAU,OAAO,aAAa,CAAC,CAAC;IAClF,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,OAAO,2CAA2C,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,OAAO,+EAA+E,CAAC,CAAC;IACtI,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AACpC,CAAC"}

package/dist/reliability/feedback/repo-bucket.d.ts

@@ -0,0 +1,2 @@
+export declare function normalizeRemoteUrl(url: string): string;
+export declare function computeRepoBucket(remoteUrl: string, salt: string): string;

package/dist/reliability/feedback/repo-bucket.js

@@ -0,0 +1,9 @@
+import { createHmac } from "node:crypto";
+export function normalizeRemoteUrl(url) {
+    return url.toLowerCase().replace(/\.git$/, "").replace(/\/+$/, "");
+}
+export function computeRepoBucket(remoteUrl, salt) {
+    const normalized = normalizeRemoteUrl(remoteUrl);
+    return createHmac("sha256", salt).update(normalized).digest("hex").slice(0, 16);
+}
+//# sourceMappingURL=repo-bucket.js.map

package/dist/reliability/feedback/repo-bucket.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo-bucket.js","sourceRoot":"","sources":["../../../src/reliability/feedback/repo-bucket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,SAAiB,EAAE,IAAY;IAC/D,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACjD,OAAO,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClF,CAAC"}

package/dist/reliability/feedback/sender.d.ts

@@ -0,0 +1,16 @@
+export type FeedbackVerdict = "valid" | "invalid" | "skipped";
+export interface FeedbackFinding {
+    ruleId: string;
+    subAxisId: string;
+}
+export interface SendFeedbackArgs {
+    endpoint: string;
+    finding: FeedbackFinding;
+    verdict: FeedbackVerdict;
+    remoteUrl: string;
+    salt: string;
+    timeoutMs?: number;
+}
+export declare function sendFeedback(args: SendFeedbackArgs): Promise<{
+    ok: boolean;
+}>;

package/dist/reliability/feedback/sender.js

@@ -0,0 +1,28 @@
+import { computeRepoBucket } from "./repo-bucket.js";
+import { telemetryEnabled } from "../../telemetry/index.js";
+// Opt-in only: returns ok=false (without fetching) unless the user has accepted
+// telemetry consent (~/.lyse/consent.json). Anything else disables the sender.
+export async function sendFeedback(args) {
+    if (!telemetryEnabled())
+        return { ok: false };
+    const repoBucket = computeRepoBucket(args.remoteUrl, args.salt);
+    try {
+        const res = await fetch(args.endpoint, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                ruleId: args.finding.ruleId,
+                subAxisId: args.finding.subAxisId,
+                repoBucket,
+                verdict: args.verdict,
+                signed: false,
+            }),
+            signal: AbortSignal.timeout(args.timeoutMs ?? 2000),
+        });
+        return { ok: res.ok };
+    }
+    catch {
+        return { ok: false };
+    }
+}
+//# sourceMappingURL=sender.js.map

package/dist/reliability/feedback/sender.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sender.js","sourceRoot":"","sources":["../../../src/reliability/feedback/sender.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAkB5D,gFAAgF;AAChF,+EAA+E;AAC/E,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAsB;IACvD,IAAI,CAAC,gBAAgB,EAAE;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IAC9C,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;gBAC3B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;gBACjC,UAAU;gBACV,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,KAAK;aACd,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC;SACpD,CAAC,CAAC;QACH,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACvB,CAAC;AACH,CAAC"}

package/dist/reliability/index.d.ts

@@ -0,0 +1 @@
+export type { ScoringVersion, SubAxisStatus, SubAxisId, SubAxisRecord, ConfidenceManifest, Finding, } from "./types.js";

package/dist/reliability/index.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.js.map

package/dist/reliability/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/reliability/index.ts"],"names":[],"mappings":""}

package/dist/reliability/llm-eval/__tests__/budget.test.d.ts

@@ -0,0 +1 @@
+export {};