@mmnto/totem 1.15.1 → 1.15.3

package/dist/regex-safety/evaluator.js

@@ -0,0 +1,314 @@
+/**
+ * Persistent-worker regex evaluator with per-batch timeout (mmnto-ai/totem#1641).
+ *
+ * Spawns one Node worker thread on construction, serializes batches onto
+ * it, and enforces a main-thread timeout. If a pattern catastrophic-
+ * backtracks inside the worker, the main-thread timer fires, calls
+ * `worker.terminate()`, and respawns a fresh worker for the next batch.
+ * Every evaluation resolves with one of three outcomes — `ok` (matched
+ * indices + elapsed + softWarning flag), `timeout` (the worker was
+ * terminated), or `error` (the pattern was syntactically invalid; the
+ * worker is still alive). The caller decides strict vs lenient handling.
+ *
+ * Invariants:
+ * - At most one `Worker` alive per evaluator instance.
+ * - `pending` never holds stale entries past a batch's terminal state.
+ * - Batches are serialized (one in-flight at a time) — no multiplexing.
+ * - Telemetry is emitted on every terminal outcome via the
+ *   `onTelemetry` callback the caller supplies; if absent, telemetry
+ *   is silently dropped (safe — the evaluator itself never fails on
+ *   telemetry-sink failure).
+ */
+import * as crypto from 'node:crypto';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { Worker } from 'node:worker_threads';
+import { TotemError } from '../errors.js';
+const DEFAULT_CONFIG = {
+    timeoutMs: 100,
+    softWarningMs: 50,
+};
+function resolveWorkerPath() {
+    // In the built bundle, this module compiles to dist/regex-safety/evaluator.js
+    // sitting next to dist/regex-safety/worker.js — the relative lookup
+    // resolves directly. In vitest/dev the current module is the .ts source
+    // file under src/regex-safety/ with no sibling worker.js; fall back to
+    // the built dist path so tests can exercise the real worker without
+    // requiring a loader shim.
+    const here = fileURLToPath(import.meta.url);
+    const dir = path.dirname(here);
+    const siblingJs = path.join(dir, 'worker.js');
+    if (fs.existsSync(siblingJs))
+        return siblingJs;
+    const distFallback = path.resolve(dir, '..', '..', 'dist', 'regex-safety', 'worker.js');
+    if (fs.existsSync(distFallback))
+        return distFallback;
+    // Last resort: return the expected sibling path. Worker() will throw
+    // a descriptive MODULE_NOT_FOUND the caller can surface.
+    return siblingJs;
+}
+export class RegexEvaluator {
+    worker = null;
+    pending = new Map();
+    config;
+    onTelemetry;
+    queue = Promise.resolve();
+    disposed = false;
+    /**
+     * Coalesces concurrent respawn requests (mmnto-ai/totem#1641 Shield review
+     * round-1). Without this, a timeout event firing at roughly the same
+     * moment as a worker `error` event can call `spawnWorker()` twice,
+     * leaking a thread. `evaluate()` also awaits this promise before
+     * `postMessage` so a batch scheduled during a respawn waits for the
+     * new worker instead of silently dropping against a null handle.
+     */
+    respawnPromise = null;
+    /**
+     * Worker-online gate (mmnto-ai/totem#1641, CI round-1 fix). The Node
+     * `Worker` constructor returns before the thread is actually running
+     * (thread-spawn takes ~30-50ms). If `evaluate()` starts its timeout
+     * timer before the worker is online, a slow CI box can trip a
+     * spurious timeout on the first batch. Gate postMessage on this
+     * promise so cold-start cost never counts against the budget.
+     */
+    workerReady = Promise.resolve();
+    /**
+     * Consecutive-respawn counter (Shield review round-1). If the worker
+     * keeps dying at spawn time (missing worker.js, syntax error in the
+     * worker script, etc.), unbounded respawn becomes a CPU-pegging loop.
+     * The counter increments on each respawn, resets on every successful
+     * evaluation, and flips `permanentlyFailed` once the budget is spent.
+     */
+    consecutiveRespawns = 0;
+    permanentlyFailed = false;
+    static MAX_CONSECUTIVE_RESPAWNS = 3;
+    constructor(config = {}, onTelemetry) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this.onTelemetry = onTelemetry;
+        this.spawnWorker();
+    }
+    async evaluate(input) {
+        if (this.disposed) {
+            throw new TotemError('CHECK_FAILED', 'RegexEvaluator has been disposed', 'Construct a new RegexEvaluator before calling evaluate(). The dispose() method releases the worker and marks the instance unusable (mmnto-ai/totem#1641).');
+        }
+        if (this.permanentlyFailed) {
+            throw new TotemError('CHECK_FAILED', `RegexEvaluator exhausted ${RegexEvaluator.MAX_CONSECUTIVE_RESPAWNS} consecutive respawn attempts without a successful evaluation`, 'The regex worker script likely failed to initialize (missing worker.js, syntax error in the worker module, or a Node version that cannot load it). Inspect the worker script at packages/core/src/regex-safety/worker.ts and rebuild @mmnto/totem.');
+        }
+        // Serialize: the next batch waits for the current one to finish.
+        // Single-worker invariant — no batch multiplexing.
+        const previous = this.queue;
+        let release;
+        const gate = new Promise((resolve) => {
+            release = resolve;
+        });
+        this.queue = previous.then(() => gate);
+        await previous;
+        // Wait for any in-flight respawn so postMessage does not race a
+        // null `this.worker` handle (Shield review round-1 race fix).
+        if (this.respawnPromise) {
+            await this.respawnPromise;
+        }
+        // Wait for the worker thread to finish spawning before posting.
+        // Cold-start (thread spawn + module load) is ~30-50ms and must not
+        // count against the batch timeout budget, otherwise a slow CI box
+        // trips a spurious timeout on the first batch (CI round-1 fix).
+        await this.workerReady;
+        try {
+            return await this.evaluateOnce(input);
+        }
+        finally {
+            release();
+        }
+    }
+    async dispose() {
+        this.disposed = true;
+        await this.queue;
+        if (this.worker) {
+            await this.worker.terminate();
+            this.worker = null;
+        }
+        for (const entry of this.pending.values()) {
+            clearTimeout(entry.timer);
+        }
+        this.pending.clear();
+    }
+    evaluateOnce(input) {
+        return new Promise((resolve) => {
+            const id = crypto.randomBytes(8).toString('hex');
+            const startedAt = Date.now();
+            const inputSize = input.lines.reduce((acc, line) => acc + line.length, 0);
+            const timer = setTimeout(() => {
+                const entry = this.pending.get(id);
+                if (!entry)
+                    return;
+                this.pending.delete(id);
+                const elapsedMs = Date.now() - startedAt;
+                this.emitTelemetry({
+                    ruleHash: entry.ruleHash,
+                    redactedPath: entry.redactedPath,
+                    matchedInputSize: entry.inputSize,
+                    elapsedTimeMs: elapsedMs,
+                    timeoutTriggered: true,
+                    softWarningTriggered: false,
+                });
+                // Terminate worker — the regex is hung on a line we can't interrupt.
+                // Await respawn before resolving so the next queued evaluate() does
+                // not race a not-yet-spawned worker and get a second timeout.
+                void this.respawnWorker().finally(() => {
+                    entry.resolve({ kind: 'timeout', elapsedMs });
+                });
+            }, this.config.timeoutMs);
+            this.pending.set(id, {
+                resolve,
+                timer,
+                ruleHash: input.ruleHash,
+                startedAt,
+                inputSize,
+                redactedPath: input.redactedPath ?? '<unknown>',
+            });
+            const request = {
+                id,
+                pattern: input.pattern,
+                flags: input.flags,
+                lines: input.lines,
+            };
+            this.worker?.postMessage(request);
+        });
+    }
+    spawnWorker() {
+        const worker = new Worker(resolveWorkerPath());
+        this.worker = worker;
+        this.workerReady = new Promise((resolve) => {
+            worker.once('online', () => resolve());
+        });
+        worker.on('message', (response) => this.handleMessage(response));
+        worker.on('error', () => {
+            // Worker crashed outside of a normal message flow (e.g., an
+            // internal error). The queued-evaluate lock only releases when
+            // the in-flight promise resolves, so we must await respawn before
+            // resolving pending entries — otherwise the next evaluate() races
+            // a null `this.worker` and postMessage silently drops (spurious
+            // timeout on the next batch). Same invariant the timeout path
+            // already relies on (see evaluateOnce timer callback above).
+            void this.respawnWorker().finally(() => {
+                this.rejectAllPendingAsCrash();
+            });
+        });
+        worker.on('exit', (code) => {
+            // GCA PR #1644 round-1 — handle unexpected worker exits (OOM kill,
+            // internal Node crash) that do not surface through the `error`
+            // event. Skip respawn on graceful exit (code 0) and on explicit
+            // dispose (terminate() drives exit with non-zero, but we only
+            // spin up the respawn after checking the flag). Skip if this
+            // handle is no longer the active worker — `respawnWorker` calls
+            // `terminate()` on the prior worker before setting a new one, and
+            // the exit event for the old handle fires after the field has
+            // moved on; respawning again would leak a thread.
+            if (this.disposed)
+                return;
+            if (code === 0)
+                return;
+            if (this.worker !== worker)
+                return;
+            void this.respawnWorker().finally(() => {
+                this.rejectAllPendingAsCrash();
+            });
+        });
+    }
+    async respawnWorker() {
+        // Coalesce concurrent respawn calls (Shield review round-1). If two
+        // events (timeout + error) both request a respawn, they share the
+        // same in-flight promise instead of spawning two workers.
+        if (this.respawnPromise)
+            return this.respawnPromise;
+        if (this.disposed)
+            return;
+        this.respawnPromise = (async () => {
+            try {
+                this.consecutiveRespawns += 1;
+                if (this.consecutiveRespawns > RegexEvaluator.MAX_CONSECUTIVE_RESPAWNS) {
+                    this.permanentlyFailed = true;
+                    this.rejectAllPendingAsCrash();
+                    return;
+                }
+                const old = this.worker;
+                this.worker = null;
+                if (old) {
+                    try {
+                        await old.terminate(); // totem-context: intentional best-effort cleanup — terminate() on an already-dead or still-initializing worker can throw, no recovery path at this layer; the new worker spawn is the load-bearing step.
+                    }
+                    catch {
+                        // No-op (see totem-context on the terminate() call above).
+                    }
+                }
+                if (this.disposed)
+                    return;
+                this.spawnWorker();
+            }
+            finally {
+                this.respawnPromise = null;
+            }
+        })();
+        return this.respawnPromise;
+    }
+    handleMessage(response) {
+        const entry = this.pending.get(response.id);
+        if (!entry)
+            return;
+        this.pending.delete(response.id);
+        clearTimeout(entry.timer);
+        // Any successful round-trip resets the respawn-failure counter.
+        // Persistent spawn failures only matter when they fire back-to-back
+        // with no intervening successful evaluation (Shield review round-1).
+        this.consecutiveRespawns = 0;
+        const elapsedMs = Date.now() - entry.startedAt;
+        const softWarningTriggered = elapsedMs >= this.config.softWarningMs;
+        this.emitTelemetry({
+            ruleHash: entry.ruleHash,
+            redactedPath: entry.redactedPath,
+            matchedInputSize: entry.inputSize,
+            elapsedTimeMs: elapsedMs,
+            timeoutTriggered: false,
+            softWarningTriggered: response.kind === 'ok' ? softWarningTriggered : false,
+        });
+        if (response.kind === 'ok') {
+            entry.resolve({
+                kind: 'ok',
+                matchedIndices: response.matchedIndices,
+                elapsedMs,
+                softWarningTriggered,
+            });
+        }
+        else {
+            entry.resolve({ kind: 'error', message: response.message, elapsedMs });
+        }
+    }
+    rejectAllPendingAsCrash() {
+        for (const [id, entry] of this.pending.entries()) {
+            clearTimeout(entry.timer);
+            const elapsedMs = Date.now() - entry.startedAt;
+            this.emitTelemetry({
+                ruleHash: entry.ruleHash,
+                redactedPath: entry.redactedPath,
+                matchedInputSize: entry.inputSize,
+                elapsedTimeMs: elapsedMs,
+                timeoutTriggered: true,
+                softWarningTriggered: false,
+            });
+            entry.resolve({ kind: 'timeout', elapsedMs });
+            this.pending.delete(id);
+        }
+    }
+    emitTelemetry(record) {
+        if (!this.onTelemetry)
+            return;
+        try {
+            this.onTelemetry(record); // totem-context: intentional best-effort telemetry — the evaluator's correctness contract is regex matches, not telemetry delivery; sink failures (bad callback, disk full, permission error) must not interfere with match results.
+        }
+        catch {
+            // No-op (see totem-context on the onTelemetry call above).
+        }
+    }
+}
+//# sourceMappingURL=evaluator.js.map

package/dist/regex-safety/evaluator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../../src/regex-safety/evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAuB1C,MAAM,cAAc,GAAyB;IAC3C,SAAS,EAAE,GAAG;IACd,aAAa,EAAE,EAAE;CAClB,CAAC;AAWF,SAAS,iBAAiB;IACxB,8EAA8E;IAC9E,oEAAoE;IACpE,wEAAwE;IACxE,uEAAuE;IACvE,oEAAoE;IACpE,2BAA2B;IAC3B,MAAM,IAAI,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAC9C,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;IACxF,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,YAAY,CAAC;IACrD,qEAAqE;IACrE,yDAAyD;IACzD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,OAAO,cAAc;IACjB,MAAM,GAAkB,IAAI,CAAC;IACpB,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC1C,MAAM,CAAuB;IAC7B,WAAW,CAAiD;IACrE,KAAK,GAAkB,OAAO,CAAC,OAAO,EAAE,CAAC;IACzC,QAAQ,GAAG,KAAK,CAAC;IACzB;;;;;;;OAOG;IACK,cAAc,GAAyB,IAAI,CAAC;IACpD;;;;;;;OAOG;IACK,WAAW,GAAkB,OAAO,CAAC,OAAO,EAAE,CAAC;IACvD;;;;;;OAMG;IACK,mBAAmB,GAAG,CAAC,CAAC;IACxB,iBAAiB,GAAG,KAAK,CAAC;IAC1B,MAAM,CAAU,wBAAwB,GAAG,CAAC,CAAC;IAErD,YACE,SAAwC,EAAE,EAC1C,WAA8C;QAE9C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,WAAW,EAAE,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAgD;QAC7D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,UAAU,CAClB,cAAc,EACd,kCAAkC,EAClC,2JAA2J,CAC5J,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,IAAI,UAAU,CAClB,cAAc,EACd,4BAA4B,cAAc,CAAC,wBAAwB,+DAA+D,EAClI,oPAAoP,CACrP,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,mDAAmD;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC;QAC5B,IAAI,OAAoB,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YACzC,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,QAAQ,CAAC;QAEf,gEAAgE;QAChE,8DAA8D;QAC9D,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,cAAc,CAAC;QAC5B,CAAC;QAED,gEAAgE;QAChE,mEAAmE;QACnE,kEAAkE;QAClE,gEAAgE;QAChE,MAAM,IAAI,CAAC,WAAW,CAAC;QAEvB,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC;gBAAS,CAAC;YACT,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,MAAM,IAAI,CAAC,KAAK,CAAC;QACjB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,YAAY,CAAC,KAAgD;QACnE,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;YAC7C,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAE1E,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACnC,IAAI,CAAC,KAAK;oBAAE,OAAO;gBACnB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAExB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;gBACzC,IAAI,CAAC,aAAa,CAAC;oBACjB,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,YAAY,EAAE,KAAK,CAAC,YAAY;oBAChC,gBAAgB,EAAE,KAAK,CAAC,SAAS;oBACjC,aAAa,EAAE,SAAS;oBACxB,gBAAgB,EAAE,IAAI;oBACtB,oBAAoB,EAAE,KAAK;iBAC5B,CAAC,CAAC;gBAEH,qEAAqE;gBACrE,oEAAoE;gBACpE,8DAA8D;gBAC9D,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;oBACrC,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;gBAChD,CAAC,CAAC,CAAC;YACL,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAE1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;gBACnB,OAAO;gBACP,KAAK;gBACL,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,SAAS;gBACT,SAAS;gBACT,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW;aAChD,CAAC,CAAC;YAEH,MAAM,OAAO,GAAoB;gBAC/B,EAAE;gBACF,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,KAAK,EAAE,KAAK,CAAC,KAAK;aACnB,CAAC;YACF,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW;QACjB,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAC/C,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,QAA0B,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACtB,4DAA4D;YAC5D,+DAA+D;YAC/D,kEAAkE;YAClE,kEAAkE;YAClE,gEAAgE;YAChE,8DAA8D;YAC9D,6DAA6D;YAC7D,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;gBACrC,IAAI,CAAC,uBAAuB,EAAE,CAAC;YACjC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,mEAAmE;YACnE,+DAA+D;YAC/D,gEAAgE;YAChE,8DAA8D;YAC9D,6DAA6D;YAC7D,gEAAgE;YAChE,kEAAkE;YAClE,8DAA8D;YAC9D,kDAAkD;YAClD,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO;YAC1B,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO;YACvB,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM;gBAAE,OAAO;YACnC,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;gBACrC,IAAI,CAAC,uBAAuB,EAAE,CAAC;YACjC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,oEAAoE;QACpE,kEAAkE;QAClE,0DAA0D;QAC1D,IAAI,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,IAAI,EAAE;YAChC,IAAI,CAAC;gBACH,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAC;gBAC9B,IAAI,IAAI,CAAC,mBAAmB,GAAG,cAAc,CAAC,wBAAwB,EAAE,CAAC;oBACvE,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;oBAC9B,IAAI,CAAC,uBAAuB,EAAE,CAAC;oBAC/B,OAAO;gBACT,CAAC;gBAED,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC;gBACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;gBACnB,IAAI,GAAG,EAAE,CAAC;oBACR,IAAI,CAAC;wBACH,MAAM,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,yMAAyM;oBAClO,CAAC;oBAAC,MAAM,CAAC;wBACP,2DAA2D;oBAC7D,CAAC;gBACH,CAAC;gBACD,IAAI,IAAI,CAAC,QAAQ;oBAAE,OAAO;gBAC1B,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;YAC7B,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QACL,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAEO,aAAa,CAAC,QAA0B;QAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK;YAAE,OAAO;QACnB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACjC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,gEAAgE;QAChE,oEAAoE;QACpE,qEAAqE;QACrE,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,CAAC;QAC/C,MAAM,oBAAoB,GAAG,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAEpE,IAAI,CAAC,aAAa,CAAC;YACjB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,gBAAgB,EAAE,KAAK,CAAC,SAAS;YACjC,aAAa,EAAE,SAAS;YACxB,gBAAgB,EAAE,KAAK;YACvB,oBAAoB,EAAE,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,KAAK;SAC5E,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC3B,KAAK,CAAC,OAAO,CAAC;gBACZ,IAAI,EAAE,IAAI;gBACV,cAAc,EAAE,QAAQ,CAAC,cAAc;gBACvC,SAAS;gBACT,oBAAoB;aACrB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAEO,uBAAuB;QAC7B,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACjD,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,CAAC;YAC/C,IAAI,CAAC,aAAa,CAAC;gBACjB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,gBAAgB,EAAE,KAAK,CAAC,SAAS;gBACjC,aAAa,EAAE,SAAS;gBACxB,gBAAgB,EAAE,IAAI;gBACtB,oBAAoB,EAAE,KAAK;aAC5B,CAAC,CAAC;YACH,KAAK,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;YAC9C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,MAAsB;QAC1C,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO;QAC9B,IAAI,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,qOAAqO;QACjQ,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC"}

package/dist/regex-safety/evaluator.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=evaluator.test.d.ts.map

package/dist/regex-safety/evaluator.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.test.d.ts","sourceRoot":"","sources":["../../src/regex-safety/evaluator.test.ts"],"names":[],"mappings":""}

package/dist/regex-safety/evaluator.test.js

@@ -0,0 +1,224 @@
+import { describe, expect, it } from 'vitest';
+import { RegexEvaluator } from './evaluator.js';
+describe('RegexEvaluator — happy path', () => {
+    it('returns matched line indices for a simple pattern', async () => {
+        const evaluator = new RegexEvaluator();
+        try {
+            const result = await evaluator.evaluate({
+                ruleHash: 'h1',
+                pattern: 'console\\.log',
+                flags: '',
+                lines: ['console.log("a")', 'logger.info("b")', 'console.log("c")'],
+            });
+            expect(result.kind).toBe('ok');
+            if (result.kind === 'ok') {
+                expect(result.matchedIndices).toEqual([0, 2]);
+                expect(result.elapsedMs).toBeGreaterThanOrEqual(0);
+            }
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+    it('returns an empty match list when no line matches', async () => {
+        const evaluator = new RegexEvaluator();
+        try {
+            const result = await evaluator.evaluate({
+                ruleHash: 'h2',
+                pattern: 'xyz\\d+',
+                flags: '',
+                lines: ['foo', 'bar', 'baz'],
+            });
+            expect(result.kind).toBe('ok');
+            if (result.kind === 'ok') {
+                expect(result.matchedIndices).toEqual([]);
+            }
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+});
+describe('RegexEvaluator — timeout', () => {
+    it('aborts catastrophic backtracking within the configured timeout', async () => {
+        const evaluator = new RegexEvaluator({ timeoutMs: 150, softWarningMs: 50 });
+        try {
+            const start = Date.now();
+            const result = await evaluator.evaluate({
+                ruleHash: 'redos',
+                pattern: '(a+)+b',
+                flags: '',
+                lines: ['a'.repeat(50000) + 'c'],
+            });
+            const elapsed = Date.now() - start;
+            expect(result.kind).toBe('timeout');
+            // Main thread must return in roughly the budget; allow generous
+            // tolerance for worker respawn and test runner overhead.
+            expect(elapsed).toBeLessThan(2000);
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+    it('respawns the worker after a timeout and accepts subsequent evaluations', async () => {
+        const evaluator = new RegexEvaluator({ timeoutMs: 150, softWarningMs: 50 });
+        try {
+            const bad = await evaluator.evaluate({
+                ruleHash: 'redos',
+                pattern: '(a+)+b',
+                flags: '',
+                lines: ['a'.repeat(50000) + 'c'],
+            });
+            expect(bad.kind).toBe('timeout');
+            // After respawn, a normal evaluation must succeed.
+            const good = await evaluator.evaluate({
+                ruleHash: 'after-redos',
+                pattern: 'foo',
+                flags: '',
+                lines: ['foo', 'bar'],
+            });
+            expect(good.kind).toBe('ok');
+            if (good.kind === 'ok') {
+                expect(good.matchedIndices).toEqual([0]);
+            }
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+    it('emits softWarningTriggered for evaluations between softWarningMs and timeoutMs', async () => {
+        // Simulate a slow-but-not-pathological pattern by using a moderately
+        // backtracking regex with bounded input. Actual wall-clock depends
+        // on the host, so we pick a pattern that reliably falls in the
+        // soft-warning window and adjust thresholds low enough to trip it.
+        const evaluator = new RegexEvaluator({ timeoutMs: 500, softWarningMs: 1 });
+        try {
+            const result = await evaluator.evaluate({
+                ruleHash: 'slow',
+                pattern: 'foo',
+                flags: '',
+                // Many lines guarantee the total evaluation takes > 1ms.
+                lines: new Array(1000).fill('foo'),
+            });
+            expect(result.kind).toBe('ok');
+            if (result.kind === 'ok') {
+                // With softWarningMs = 1 and 1000 lines, elapsed should exceed 1ms
+                // on any reasonable host and softWarning should trip.
+                expect(result.softWarningTriggered).toBe(true);
+            }
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+});
+describe('RegexEvaluator — error cases', () => {
+    it('reports an invalid regex as an error (no worker termination)', async () => {
+        const evaluator = new RegexEvaluator();
+        try {
+            const result = await evaluator.evaluate({
+                ruleHash: 'bad-pattern',
+                pattern: '(unclosed',
+                flags: '',
+                lines: ['anything'],
+            });
+            expect(result.kind).toBe('error');
+            if (result.kind === 'error') {
+                expect(result.message.toLowerCase()).toMatch(/invalid|syntax|unterminated/);
+            }
+            // Worker should still be alive for the next evaluation.
+            const next = await evaluator.evaluate({
+                ruleHash: 'after-bad',
+                pattern: 'foo',
+                flags: '',
+                lines: ['foo'],
+            });
+            expect(next.kind).toBe('ok');
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+});
+describe('RegexEvaluator — worker exit recovery (mmnto-ai/totem#1641 GCA round-1)', () => {
+    it('respawns after an unexpected non-zero exit and accepts subsequent evaluations', async () => {
+        // Opt into the worker's test-only crash hook; child worker threads
+        // inherit the parent process env so the gate fires inside the
+        // worker. Restored in the `finally` block after dispose.
+        const prior = process.env.TOTEM_TEST_WORKER_CRASH_HOOK;
+        process.env.TOTEM_TEST_WORKER_CRASH_HOOK = '1';
+        const evaluator = new RegexEvaluator({ timeoutMs: 2000, softWarningMs: 100 });
+        try {
+            // Fire a crash-signal batch. The worker's test-only hook calls
+            // process.exit(1), which surfaces to the evaluator as an `exit`
+            // event with a non-zero code (no `error` event fires on OOM /
+            // internal crash paths). The exit handler respawns the worker
+            // and calls rejectAllPendingAsCrash(), which resolves the batch
+            // as a timeout before the main-thread timer fires. The test
+            // asserts that a follow-up evaluate() against the fresh worker
+            // succeeds — the exit handler is the only path that would have
+            // triggered the respawn on an exit-without-error crash.
+            const crashBatch = evaluator.evaluate({
+                ruleHash: 'crash',
+                pattern: '__TOTEM_TEST_CRASH__',
+                flags: '',
+                lines: ['trigger'],
+            });
+            await crashBatch;
+            // After the exit handler respawns, a normal evaluate must succeed.
+            const next = await evaluator.evaluate({
+                ruleHash: 'after-crash',
+                pattern: 'foo',
+                flags: '',
+                lines: ['foo', 'bar'],
+            });
+            expect(next.kind).toBe('ok');
+            if (next.kind === 'ok') {
+                expect(next.matchedIndices).toEqual([0]);
+            }
+        }
+        finally {
+            await evaluator.dispose();
+            if (prior === undefined) {
+                delete process.env.TOTEM_TEST_WORKER_CRASH_HOOK;
+            }
+            else {
+                process.env.TOTEM_TEST_WORKER_CRASH_HOOK = prior;
+            }
+        }
+    });
+});
+describe('RegexEvaluator — serialization', () => {
+    it('serializes concurrent evaluate() calls onto the single worker', async () => {
+        // Two in-flight evaluations must queue, not overlap. The second
+        // evaluation does not start until the first resolves. This protects
+        // the single-worker invariant (no multiplexing of batches onto one
+        // worker message round-trip).
+        const evaluator = new RegexEvaluator();
+        try {
+            const a = evaluator.evaluate({
+                ruleHash: 'concurrent-a',
+                pattern: 'foo',
+                flags: '',
+                lines: ['foo', 'bar'],
+            });
+            const b = evaluator.evaluate({
+                ruleHash: 'concurrent-b',
+                pattern: 'bar',
+                flags: '',
+                lines: ['foo', 'bar'],
+            });
+            const [resA, resB] = await Promise.all([a, b]);
+            expect(resA.kind).toBe('ok');
+            expect(resB.kind).toBe('ok');
+            if (resA.kind === 'ok')
+                expect(resA.matchedIndices).toEqual([0]);
+            if (resB.kind === 'ok')
+                expect(resB.matchedIndices).toEqual([1]);
+        }
+        finally {
+            await evaluator.dispose();
+        }
+    });
+});
+//# sourceMappingURL=evaluator.test.js.map

package/dist/regex-safety/evaluator.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluator.test.js","sourceRoot":"","sources":["../../src/regex-safety/evaluator.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACtC,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,eAAe;gBACxB,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,CAAC;aACpE,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACzB,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC9C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACtC,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;aAC7B,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACzB,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACtC,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;aACjC,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACpC,gEAAgE;YAChE,yDAAyD;YACzD,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACnC,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;aACjC,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAEjC,mDAAmD;YACnD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACpC,QAAQ,EAAE,aAAa;gBACvB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;aACtB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gFAAgF,EAAE,KAAK,IAAI,EAAE;QAC9F,qEAAqE;QACrE,mEAAmE;QACnE,+DAA+D;QAC/D,mEAAmE;QACnE,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACtC,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE;gBACT,yDAAyD;gBACzD,KAAK,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;aACnC,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACzB,mEAAmE;gBACnE,sDAAsD;gBACtD,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACtC,QAAQ,EAAE,aAAa;gBACvB,OAAO,EAAE,WAAW;gBACpB,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,UAAU,CAAC;aACpB,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC5B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;YAC9E,CAAC;YAED,wDAAwD;YACxD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACpC,QAAQ,EAAE,WAAW;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,KAAK,CAAC;aACf,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yEAAyE,EAAE,GAAG,EAAE;IACvF,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,mEAAmE;QACnE,8DAA8D;QAC9D,yDAAyD;QACzD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,GAAG,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9E,IAAI,CAAC;YACH,+DAA+D;YAC/D,gEAAgE;YAChE,8DAA8D;YAC9D,8DAA8D;YAC9D,gEAAgE;YAChE,4DAA4D;YAC5D,+DAA+D;YAC/D,+DAA+D;YAC/D,wDAAwD;YACxD,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC;gBACpC,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,sBAAsB;gBAC/B,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB,CAAC,CAAC;YACH,MAAM,UAAU,CAAC;YAEjB,mEAAmE;YACnE,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC;gBACpC,QAAQ,EAAE,aAAa;gBACvB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;aACtB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,KAAK,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,gEAAgE;QAChE,oEAAoE;QACpE,mEAAmE;QACnE,8BAA8B;QAC9B,MAAM,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC;gBAC3B,QAAQ,EAAE,cAAc;gBACxB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;aACtB,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC;gBAC3B,QAAQ,EAAE,cAAc;gBACxB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,EAAE;gBACT,KAAK,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;aACtB,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACjE,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC;gBAAS,CAAC;YACT,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/regex-safety/telemetry.d.ts

@@ -0,0 +1,50 @@
+import { z } from 'zod';
+/**
+ * One record per rule-batch evaluation emitted by `RegexEvaluator` to the
+ * Totem telemetry sink (mmnto-ai/totem#1641). Crosses the disk /
+ * observability boundary, so validated with Zod rather than a plain TS
+ * interface: malformed telemetry should fail loud at write rather than
+ * silently polluting the sink that downstream tooling will parse.
+ *
+ * Path-redaction discipline lives in `redactPath` below; raw absolute
+ * paths only appear when the operator opts in via `--telemetry-full-paths`
+ * (the evaluator passes the redacted or raw path to this schema; the
+ * schema itself does not enforce which variant is recorded).
+ */
+export declare const RegexTelemetrySchema: z.ZodObject<{
+    ruleHash: z.ZodString;
+    redactedPath: z.ZodString;
+    matchedInputSize: z.ZodNumber;
+    elapsedTimeMs: z.ZodNumber;
+    timeoutTriggered: z.ZodBoolean;
+    softWarningTriggered: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    ruleHash: string;
+    redactedPath: string;
+    matchedInputSize: number;
+    elapsedTimeMs: number;
+    timeoutTriggered: boolean;
+    softWarningTriggered: boolean;
+}, {
+    ruleHash: string;
+    redactedPath: string;
+    matchedInputSize: number;
+    elapsedTimeMs: number;
+    timeoutTriggered: boolean;
+    softWarningTriggered: boolean;
+}>;
+export type RegexTelemetry = z.infer<typeof RegexTelemetrySchema>;
+/**
+ * Normalize a file path into a redaction-safe form for telemetry.
+ *
+ * Paths inside the repo root are returned as repo-relative; paths outside
+ * the repo root collapse to `<extern:<sha256-12>>` so `/tmp/foo`,
+ * `C:\Users\alice\secret.ts`, or a sibling-repo path cannot leak into the
+ * telemetry sink unintentionally. The extern hash is stable so deduping
+ * and pattern-spotting still work across runs.
+ *
+ * Callers that want raw absolute paths must opt in explicitly at the
+ * evaluator layer (e.g., `--telemetry-full-paths`) and bypass this helper.
+ */
+export declare function redactPath(absOrRelPath: string, repoRoot: string): string;
+//# sourceMappingURL=telemetry.d.ts.map

package/dist/regex-safety/telemetry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/regex-safety/telemetry.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;EAO/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAElE;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAiBzE"}