@mneme-ai/xray 2.163.0 → 2.173.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clone.d.ts +2 -7
- package/dist/clone.d.ts.map +1 -1
- package/dist/clone.js +15 -2
- package/dist/clone.js.map +1 -1
- package/dist/engine.js +2 -2
- package/dist/engine.js.map +1 -1
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/server.d.ts +2 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +98 -1
- package/dist/server.js.map +1 -1
- package/dist/track.d.ts +59 -0
- package/dist/track.d.ts.map +1 -0
- package/dist/track.js +182 -0
- package/dist/track.js.map +1 -0
- package/dist/tracker_server.d.ts +94 -0
- package/dist/tracker_server.d.ts.map +1 -0
- package/dist/tracker_server.js +235 -0
- package/dist/tracker_server.js.map +1 -0
- package/dist/triage.d.ts +66 -0
- package/dist/triage.d.ts.map +1 -0
- package/dist/triage.js +171 -0
- package/dist/triage.js.map +1 -0
- package/dist/types.d.ts +4 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/public/card.js +40 -4
- package/public/index.html +235 -19
- package/public/local-scan.js +104 -0
- package/public/report.html +14 -2
package/dist/triage.js
ADDED
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
const RANK = { critical: 0, warn: 1, info: 2, clear: 3 };
|
|
2
|
+
const n = (x) => (Number.isFinite(Number(x)) ? Number(x) : 0);
|
|
3
|
+
/** Classify the 8 signals into attention/clear with provenance. Pure + total. */
|
|
4
|
+
export function triageReport(report) {
|
|
5
|
+
const items = [];
|
|
6
|
+
const push = (signal, severity, finding, provenance) => items.push({ signal, severity, finding, provenance });
|
|
7
|
+
try {
|
|
8
|
+
const r = report ?? {};
|
|
9
|
+
// SECRETS — a BLOCK leak is critical; pattern matches are a review flag.
|
|
10
|
+
const sec = r.secrets;
|
|
11
|
+
if (sec && n(sec.filesScanned) > 0) {
|
|
12
|
+
if (sec.worstVerdict === "BLOCK")
|
|
13
|
+
push("Secrets", "critical", `${n(sec.totalFindings)} high-confidence credential leak(s) in production code`, `secrets battery · ${n(sec.filesScanned)} files · first hit ${sec.hits?.[0] ? `${sec.hits[0].file}:${sec.hits[0].line}` : "n/a"}`);
|
|
14
|
+
else if (n(sec.totalFindings) > 0)
|
|
15
|
+
push("Secrets", "warn", `${n(sec.totalFindings)} credential-pattern match(es) to review`, `secrets battery · ${n(sec.filesScanned)} files · regex match, value never stored`);
|
|
16
|
+
else
|
|
17
|
+
push("Secrets", "clear", `no credential patterns in production code`, `secrets battery · ${n(sec.filesScanned)} files scanned`);
|
|
18
|
+
}
|
|
19
|
+
// SECURITY — destructive build/CI commands + doc prompt-injection.
|
|
20
|
+
const su = r.security;
|
|
21
|
+
if (su && (n(su.commandsScanned) > 0 || n(su.injectionFindings) > 0)) {
|
|
22
|
+
if ((su.destructive?.length ?? 0) > 0)
|
|
23
|
+
push("Security", "critical", `${su.destructive.length} destructive build/CI command(s)`, `CERBERUS · e.g. ${su.destructive[0].where} · signals: ${(su.destructive[0].signals || []).join(",") || "destructive"}`);
|
|
24
|
+
else if (n(su.injectionFindings) > 0)
|
|
25
|
+
push("Security", "warn", `${n(su.injectionFindings)} possible prompt-injection in docs`, `FIREWALL · ${(su.injectionWhere || [])[0] ?? "doc"}`);
|
|
26
|
+
else
|
|
27
|
+
push("Security", "clear", `${n(su.commandsScanned)} build/CI commands checked — none destructive`, `CERBERUS · ${n(su.commandsScanned)} commands`);
|
|
28
|
+
}
|
|
29
|
+
// DEPS — dying deps + copyleft license risk.
|
|
30
|
+
const dep = r.deps;
|
|
31
|
+
if (dep && n(dep.total) > 0) {
|
|
32
|
+
const dying = n(dep.byBand?.moribund) + n(dep.byBand?.dead);
|
|
33
|
+
const copyleft = n(dep.licenses?.["strong-copyleft"]) + n(dep.licenses?.["weak-copyleft"]);
|
|
34
|
+
if (dying > 0)
|
|
35
|
+
push("Dependencies", dying >= 3 ? "critical" : "warn", `${dying} of ${n(dep.total)} deps dying`, `deps battery · npm metadata · e.g. ${dep.atRisk?.[0] ? `${dep.atRisk[0].name}→${dep.atRisk[0].successor ?? "?"}` : "n/a"}`);
|
|
36
|
+
else if (copyleft > 0)
|
|
37
|
+
push("Dependencies", "warn", `${copyleft} copyleft-licensed dep(s) — review for commercial use`, `deps battery · ${dep.licenseFlags?.[0] ? `${dep.licenseFlags[0].name}:${dep.licenseFlags[0].license}` : "license scan"}`);
|
|
38
|
+
else
|
|
39
|
+
push("Dependencies", "clear", `${n(dep.total)} deps, none dying`, `deps battery · npm metadata`);
|
|
40
|
+
}
|
|
41
|
+
// BUS FACTOR — key-person risk.
|
|
42
|
+
const bf = r.busFactor;
|
|
43
|
+
if (bf && n(bf.authors) > 0) {
|
|
44
|
+
if (n(bf.busFactor) <= 1)
|
|
45
|
+
push("Bus factor", "warn", `bus factor 1 — one person holds ${n(bf.topContributorShare)}% of commits`, `git authorship · ${n(bf.singleOwnerFilePct)}% files single-owner`);
|
|
46
|
+
else if (n(bf.singleOwnerFilePct) >= 60)
|
|
47
|
+
push("Bus factor", "info", `${n(bf.singleOwnerFilePct)}% of files single-owner`, `git authorship · bus factor ${n(bf.busFactor)}`);
|
|
48
|
+
else
|
|
49
|
+
push("Bus factor", "clear", `bus factor ${n(bf.busFactor)} — knowledge spread`, `git authorship`);
|
|
50
|
+
}
|
|
51
|
+
// AGE / VITALITY.
|
|
52
|
+
const age = r.age;
|
|
53
|
+
if (age && n(age.totalCommits) > 0) {
|
|
54
|
+
if (age.vitality === "archived")
|
|
55
|
+
push("Vitality", "critical", `archived — no longer maintained`, `git history · last commit ${age.lastCommitAt}`);
|
|
56
|
+
else if (age.vitality === "dormant")
|
|
57
|
+
push("Vitality", "warn", `dormant — ${age.lifespan} old, stalled`, `git history · last commit ${age.lastCommitAt}`);
|
|
58
|
+
else if (age.vitality === "slowing")
|
|
59
|
+
push("Vitality", "info", `slowing — activity declining`, `git history · ${n(age.totalCommits)} commits`);
|
|
60
|
+
else
|
|
61
|
+
push("Vitality", "clear", `active · ${age.lifespan} old · ${n(age.totalCommits)} commits`, `git history`);
|
|
62
|
+
}
|
|
63
|
+
// COMPLEXITY — large symbols (refactor targets).
|
|
64
|
+
const cx = r.complexity;
|
|
65
|
+
if (cx && n(cx.filesAnalysed) > 0) {
|
|
66
|
+
const huge = (cx.hotspots || []).filter((h) => n(h.bodyLines) >= 150).length;
|
|
67
|
+
if (huge > 0)
|
|
68
|
+
push("Complexity", "info", `${huge} very large symbol(s) (≥150 lines)`, `AST outline · largest ${cx.hotspots?.[0] ? `${cx.hotspots[0].bodyLines}L in ${cx.hotspots[0].file}` : ""}`);
|
|
69
|
+
else
|
|
70
|
+
push("Complexity", "clear", `${n(cx.totalSymbols)} symbols, none oversized`, `AST outline · ${n(cx.filesAnalysed)} files`);
|
|
71
|
+
}
|
|
72
|
+
// HOTSPOTS — refactor-ROI (informational guidance).
|
|
73
|
+
const hs = r.hotspots;
|
|
74
|
+
if (hs && (hs.hotspots?.length ?? 0) > 0) {
|
|
75
|
+
const h = hs.hotspots[0];
|
|
76
|
+
push("Hotspots", "info", `refactor first: ${h.file} (${n(h.changes)}× · ${n(h.loc)}L)`, `churn×size · last ${n(hs.windowDays)}d${h.expert ? ` · ask ${h.expert}` : ""}`);
|
|
77
|
+
}
|
|
78
|
+
// COUPLING — hidden cross-directory coupling (informational).
|
|
79
|
+
const cp = r.coupling;
|
|
80
|
+
if (cp && (cp.pairs?.length ?? 0) > 0) {
|
|
81
|
+
const p = cp.pairs[0];
|
|
82
|
+
if (p.hidden)
|
|
83
|
+
push("Coupling", "info", `hidden cross-dir coupling: ${p.a} ⇄ ${p.b}`, `co-change · ${Math.round(n(p.confidence) * 100)}% over ${n(cp.windowDays)}d`);
|
|
84
|
+
else
|
|
85
|
+
push("Coupling", "clear", `${cp.pairs.length} coupled pair(s), none hidden`, `co-change analysis`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
catch {
|
|
89
|
+
/* total — partial report still yields whatever was classified */
|
|
90
|
+
}
|
|
91
|
+
const attention = items.filter((i) => i.severity !== "clear").sort((a, b) => RANK[a.severity] - RANK[b.severity]);
|
|
92
|
+
const clear = items.filter((i) => i.severity === "clear");
|
|
93
|
+
const total = items.length || 1;
|
|
94
|
+
const withProv = attention.filter((i) => i.provenance && i.provenance.length > 0).length;
|
|
95
|
+
return {
|
|
96
|
+
grade: report?.summary?.grade ?? "F",
|
|
97
|
+
headline: report?.summary?.headline ?? "",
|
|
98
|
+
attention,
|
|
99
|
+
clear,
|
|
100
|
+
metrics: {
|
|
101
|
+
totalSignals: items.length,
|
|
102
|
+
surfaced: attention.length,
|
|
103
|
+
collapsed: clear.length,
|
|
104
|
+
noiseReductionPct: Math.round((clear.length / total) * 1000) / 10,
|
|
105
|
+
provenanceCoverage: attention.length === 0 ? 100 : Math.round((withProv / attention.length) * 100),
|
|
106
|
+
worstSeverity: attention[0]?.severity ?? "clear",
|
|
107
|
+
},
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
/** Build a synthetic report whose WORST signal (a secret leak) is NOT first in the
|
|
111
|
+
* raw block order, so triage's re-prioritisation is measurable. Pure. */
|
|
112
|
+
function fixtureReport() {
|
|
113
|
+
const empty = { note: "" };
|
|
114
|
+
return {
|
|
115
|
+
v: 1,
|
|
116
|
+
subject: { kind: "git-url", ref: "x", repoName: "demo", commitHash: "abc" },
|
|
117
|
+
generatedAt: "2026-01-01T00:00:00.000Z",
|
|
118
|
+
summary: { headline: "Mixed", grade: "D", signalsRun: 8, bullets: [] },
|
|
119
|
+
// clear signals first (so raw order buries the critical secret)
|
|
120
|
+
deps: { total: 10, byBand: { thriving: 8, healthy: 2, watch: 0, moribund: 0, dead: 0 }, atRisk: [], licenses: { permissive: 10, "weak-copyleft": 0, "strong-copyleft": 0, unknown: 0 }, licenseFlags: [], partial: false, ...empty },
|
|
121
|
+
secrets: { filesScanned: 120, totalFindings: 2, excludedTestHits: 0, byKind: { aws_key: 2 }, hits: [{ kind: "aws_key", file: "src/cfg.ts", line: 9 }], worstVerdict: "BLOCK", ...empty },
|
|
122
|
+
busFactor: { authors: 5, singleOwnerFilePct: 20, fragileFiles: [], topContributorShare: 30, busFactor: 3, ...empty },
|
|
123
|
+
age: { bornAt: "", lastCommitAt: "", lifespan: "2y", lifespanDays: 730, totalCommits: 500, totalAuthors: 5, dormant: false, vitality: "active", ...empty },
|
|
124
|
+
complexity: { filesAnalysed: 50, totalSymbols: 400, hotspots: [], maxDepth: 4, ...empty },
|
|
125
|
+
hotspots: { windowDays: 365, filesConsidered: 50, hotspots: [], trend: [], ...empty },
|
|
126
|
+
coupling: { windowDays: 365, pairs: [], ...empty },
|
|
127
|
+
security: { commandsScanned: 12, writeCount: 3, destructive: [], injectionFindings: 0, injectionWhere: [], ...empty },
|
|
128
|
+
fingerprint: "deadbeef",
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
export function triageGauntlet() {
|
|
132
|
+
const checks = [];
|
|
133
|
+
const report = fixtureReport();
|
|
134
|
+
const view = triageReport(report);
|
|
135
|
+
// RAW order = the order signals appear in the report blocks (deps, secrets, …).
|
|
136
|
+
// The worst signal (secrets BLOCK = critical) is the 2nd block, and many "clear"
|
|
137
|
+
// signals precede/surround it → in a flat raw list it is NOT first.
|
|
138
|
+
const rawOrder = ["Dependencies", "Secrets", "Bus factor", "Vitality", "Complexity", "Hotspots", "Coupling", "Security"];
|
|
139
|
+
const rawWorstIndex = rawOrder.indexOf("Secrets"); // 1 (not surfaced first)
|
|
140
|
+
const triageWorstIndex = view.attention.findIndex((i) => i.signal === "Secrets"); // 0
|
|
141
|
+
// 1) triage surfaces the critical signal FIRST (raw does not)
|
|
142
|
+
checks.push({ name: "critical surfaced first (raw buries it)", pass: triageWorstIndex === 0 && rawWorstIndex > 0, detail: `triage idx=${triageWorstIndex} vs raw idx=${rawWorstIndex}` });
|
|
143
|
+
// 2) worst severity is critical (the secret BLOCK)
|
|
144
|
+
checks.push({ name: "worst signal classified critical", pass: view.metrics.worstSeverity === "critical", detail: view.metrics.worstSeverity });
|
|
145
|
+
// 3) attention is severity-ranked
|
|
146
|
+
const ranks = view.attention.map((i) => RANK[i.severity]);
|
|
147
|
+
checks.push({ name: "attention severity-ranked", pass: ranks.every((v, i) => i === 0 || v >= ranks[i - 1]), detail: view.attention.map((i) => i.severity).join(">") });
|
|
148
|
+
// 4) 100% provenance coverage (every attention line traceable)
|
|
149
|
+
checks.push({ name: "100% provenance coverage", pass: view.metrics.provenanceCoverage === 100, detail: `${view.metrics.provenanceCoverage}%` });
|
|
150
|
+
// 5) noise reduction > 0 (clear signals collapsed)
|
|
151
|
+
checks.push({ name: "noise reduced (clear collapsed)", pass: view.metrics.collapsed > 0 && view.metrics.noiseReductionPct > 0, detail: `${view.metrics.collapsed} collapsed (${view.metrics.noiseReductionPct}%)` });
|
|
152
|
+
// 6) deterministic
|
|
153
|
+
checks.push({ name: "deterministic", pass: JSON.stringify(triageReport(report)) === JSON.stringify(view), detail: "same report → same view" });
|
|
154
|
+
// 7) total — garbage never throws
|
|
155
|
+
let total = true;
|
|
156
|
+
try {
|
|
157
|
+
triageReport(null);
|
|
158
|
+
triageReport({});
|
|
159
|
+
}
|
|
160
|
+
catch {
|
|
161
|
+
total = false;
|
|
162
|
+
}
|
|
163
|
+
checks.push({ name: "total (never throws)", pass: total, detail: "missing/partial report degraded" });
|
|
164
|
+
const pass = checks.every((c) => c.pass);
|
|
165
|
+
return {
|
|
166
|
+
score: pass ? 100 : 0,
|
|
167
|
+
ab: { rawWorstIndex, triageWorstIndex, noiseReductionPct: view.metrics.noiseReductionPct, provenanceCoverage: view.metrics.provenanceCoverage },
|
|
168
|
+
checks,
|
|
169
|
+
};
|
|
170
|
+
}
|
|
171
|
+
//# sourceMappingURL=triage.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"triage.js","sourceRoot":"","sources":["../src/triage.ts"],"names":[],"mappings":"AAkDA,MAAM,IAAI,GAAmC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;AACzF,MAAM,CAAC,GAAG,CAAC,CAAU,EAAU,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAE/E,iFAAiF;AACjF,MAAM,UAAU,YAAY,CAAC,MAAkB;IAC7C,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,CAAC,MAAc,EAAE,QAAwB,EAAE,OAAe,EAAE,UAAkB,EAAE,EAAE,CAC7F,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,IAAK,EAAiB,CAAC;QAEvC,yEAAyE;QACzE,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC;QACtB,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,GAAG,CAAC,YAAY,KAAK,OAAO;gBAAE,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,wDAAwD,EAAE,qBAAqB,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,sBAAsB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;iBAC7Q,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC;gBAAE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,yCAAyC,EAAE,qBAAqB,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,0CAA0C,CAAC,CAAC;;gBAC5M,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,2CAA2C,EAAE,qBAAqB,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;QACvI,CAAC;QAED,mEAAmE;QACnE,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QACtB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrE,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;gBAAE,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,WAAY,CAAC,MAAM,kCAAkC,EAAE,mBAAmB,EAAE,CAAC,WAAY,CAAC,CAAC,CAAE,CAAC,KAAK,eAAe,CAAC,EAAE,CAAC,WAAY,CAAC,CAAC,CAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,aAAa,EAAE,CAAC,CAAC;iBACzP,IAAI,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,CAAC;gBAAE,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,iBAAiB,CAAC,oCAAoC,EAAE,cAAc,CAAC,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;;gBACjL,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,+CAA+C,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAC1J,CAAC;QAED,6CAA6C;QAC7C,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC;YAC3F,IAAI,KAAK,GAAG,CAAC;gBAAE,IAAI,CAAC,cAAc,EAAE,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,EAAE,sCAAsC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;iBACxO,IAAI,QAAQ,GAAG,CAAC;gBAAE,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,GAAG,QAAQ,uDAAuD,EAAE,kBAAkB,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;;gBAC9O,IAAI,CAAC,cAAc,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,6BAA6B,CAAC,CAAC;QACxG,CAAC;QAED,gCAAgC;QAChC,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC;QACvB,IAAI,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC;gBAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,mCAAmC,CAAC,CAAC,EAAE,CAAC,mBAAmB,CAAC,cAAc,EAAE,oBAAoB,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,CAAC;iBAChM,IAAI,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,EAAE;gBAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,yBAAyB,EAAE,+BAA+B,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;;gBACvK,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,gBAAgB,CAAC,CAAC;QACzG,CAAC;QAED,kBAAkB;QAClB,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;QAClB,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,GAAG,CAAC,QAAQ,KAAK,UAAU;gBAAE,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,iCAAiC,EAAE,6BAA6B,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;iBAC7I,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS;gBAAE,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,aAAa,GAAG,CAAC,QAAQ,eAAe,EAAE,6BAA6B,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;iBACpJ,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS;gBAAE,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,8BAA8B,EAAE,iBAAiB,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;;gBACzI,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,YAAY,GAAG,CAAC,QAAQ,UAAU,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QACjH,CAAC;QAED,iDAAiD;QACjD,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,CAAC;QACxB,IAAI,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAC,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC;YAC7E,IAAI,IAAI,GAAG,CAAC;gBAAE,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,oCAAoC,EAAE,yBAAyB,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;;gBAC9L,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,0BAA0B,EAAE,iBAAiB,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAClI,CAAC;QAED,oDAAoD;QACpD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QACtB,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,GAAG,EAAE,CAAC,QAAS,CAAC,CAAC,CAAE,CAAC;YAC3B,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3K,CAAC;QAED,8DAA8D;QAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC;QACtB,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,GAAG,EAAE,CAAC,KAAM,CAAC,CAAC,CAAE,CAAC;YACxB,IAAI,CAAC,CAAC,MAAM;gBAAE,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,8BAA8B,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,eAAe,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;;gBAC/J,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,KAAM,CAAC,MAAM,+BAA+B,EAAE,oBAAoB,CAAC,CAAC;QAC3G,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;IACnE,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClH,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IAChC,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;IAEzF,OAAO;QACL,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,GAAG;QACpC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,IAAI,EAAE;QACzC,SAAS;QACT,KAAK;QACL,OAAO,EAAE;YACP,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ,EAAE,SAAS,CAAC,MAAM;YAC1B,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE;YACjE,kBAAkB,EAAE,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;YAClG,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,OAAO;SACjD;KACF,CAAC;AACJ,CAAC;AAiBD;0EAC0E;AAC1E,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC3B,OAAO;QACL,CAAC,EAAE,CAAC;QACJ,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE;QAC3E,WAAW,EAAE,0BAA0B;QACvC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE;QACtE,gEAAgE;QAChE,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,iBAAiB,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE;QACpO,OAAO,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,KAAK,EAAE;QACxL,SAAS,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,kBAAkB,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,mBAAmB,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE;QACpH,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE;QAC1J,UAAU,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE;QACzF,QAAQ,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,KAAK,EAAE;QACrF,QAAQ,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,KAAK,EAAE;QAClD,QAAQ,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,iBAAiB,EAAE,CAAC,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,KAAK,EAAE;QACrH,WAAW,EAAE,UAAU;KACxB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,MAAM,MAAM,GAA2D,EAAE,CAAC;IAC1E,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAElC,gFAAgF;IAChF,iFAAiF;IACjF,oEAAoE;IACpE,MAAM,QAAQ,GAAG,CAAC,cAAc,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IACzH,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,yBAAyB;IAC5E,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI;IAEtF,8DAA8D;IAC9D,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,yCAAyC,EAAE,IAAI,EAAE,gBAAgB,KAAK,CAAC,IAAI,aAAa,GAAG,CAAC,EAAE,MAAM,EAAE,cAAc,gBAAgB,eAAe,aAAa,EAAE,EAAE,CAAC,CAAC;IAC1L,mDAAmD;IACnD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kCAAkC,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAC/I,kCAAkC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1D,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,2BAA2B,EAAE,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACxK,+DAA+D;IAC/D,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,0BAA0B,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,kBAAkB,KAAK,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,GAAG,EAAE,CAAC,CAAC;IAChJ,mDAAmD;IACnD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iCAAiC,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,eAAe,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IACrN,mBAAmB;IACnB,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAC/I,kCAAkC;IAClC,IAAI,KAAK,GAAG,IAAI,CAAC;IACjB,IAAI,CAAC;QAAC,YAAY,CAAC,IAA6B,CAAC,CAAC;QAAC,YAAY,CAAC,EAAgB,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,KAAK,GAAG,KAAK,CAAC;IAAC,CAAC;IAC7G,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC,CAAC;IAEtG,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACrB,EAAE,EAAE,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;QAC/I,MAAM;KACP,CAAC;AACJ,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -20,6 +20,8 @@ export interface XRaySubject {
|
|
|
20
20
|
repoName: string;
|
|
21
21
|
/** HEAD commit the report was computed at (provenance). */
|
|
22
22
|
commitHash: string;
|
|
23
|
+
/** Branch analysed, when a specific one was requested (else default branch). */
|
|
24
|
+
branch?: string;
|
|
23
25
|
}
|
|
24
26
|
/** Dependency mortality + license/supply-chain risk. */
|
|
25
27
|
export interface DepsBlock {
|
|
@@ -183,6 +185,8 @@ export interface XRayInput {
|
|
|
183
185
|
repoPath?: string;
|
|
184
186
|
/** Public git URL — shallow-cloned to a temp dir, analysed, then deleted. */
|
|
185
187
|
gitUrl?: string;
|
|
188
|
+
/** Branch to analyse/track (default: the repo's default branch). */
|
|
189
|
+
branch?: string;
|
|
186
190
|
/** Override "now" for deterministic tests. */
|
|
187
191
|
now?: number;
|
|
188
192
|
/** Max files to scan for secrets/complexity (perf bound; logged when hit). */
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEhD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,SAAS,GAAG,YAAY,CAAC;IAC/B,mFAAmF;IACnF,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,UAAU,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEhD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,SAAS,GAAG,YAAY,CAAC;IAC/B,mFAAmF;IACnF,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wDAAwD;AACxD,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,UAAU,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/E,kGAAkG;IAClG,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACjG,8DAA8D;IAC9D,QAAQ,EAAE,MAAM,CAAC,YAAY,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,EAAE,MAAM,CAAC,CAAC;IACzF,6EAA6E;IAC7E,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,sFAAsF;IACtF,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wEAAwE;AACxE,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,4FAA4F;IAC5F,KAAK,EAAE,KAAK,CAAC;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC/F,IAAI,EAAE,MAAM,CAAC;CACd;AAED,8FAA8F;AAC9F,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,aAAa,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,4EAA4E;IAC5E,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC1D,YAAY,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,gEAAgE;AAChE,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,wFAAwF;IACxF,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sDAAsD;IACtD,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/E,0DAA0D;IAC1D,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uCAAuC;AACvC,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IACxD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxF,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;iFAEiF;AACjF,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAChH,wEAAwE;IACxE,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qFAAqF;AACrF,MAAM,WAAW,aAAa;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,6EAA6E;IAC7E,WAAW,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC1E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,6DAA6D;IAC7D,UAAU,EAAE,MAAM,CAAC;IACnB,6DAA6D;IAC7D,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,CAAC,EAAE,CAAC,CAAC;IACL,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,YAAY,CAAC;IACtB,SAAS,EAAE,cAAc,CAAC;IAC1B,GAAG,EAAE,QAAQ,CAAC;IACd,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,iFAAiF;IACjF,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,mEAAmE;AACnE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mneme-ai/xray",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.173.0",
|
|
4
4
|
"description": "Mneme Repo X-Ray — a signed, raw-free, deterministic X-Ray of any repo. Every number is reproducible from git/AST/metadata and sealed with an offline-verifiable NOTARY receipt. No source code ever leaves the machine; no LLM guesses anything.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"mneme"
|
|
48
48
|
],
|
|
49
49
|
"dependencies": {
|
|
50
|
-
"@mneme-ai/core": "
|
|
50
|
+
"@mneme-ai/core": "2.173.0",
|
|
51
51
|
"@resvg/resvg-js": "^2.6.2"
|
|
52
52
|
},
|
|
53
53
|
"engines": {
|
package/public/card.js
CHANGED
|
@@ -24,11 +24,40 @@
|
|
|
24
24
|
};
|
|
25
25
|
const kcell = (label) => `<div class="k">${label}${INFO[label] ? `<span class="kdesc">${INFO[label]}</span>` : ""}</div>`;
|
|
26
26
|
|
|
27
|
+
// TRIAGE — curate the 8 signals into attention(critical/warn/info) vs clear,
|
|
28
|
+
// each with PROVENANCE. Mirrors packages/xray/src/triage.ts (the tested source
|
|
29
|
+
// of truth + its A/B gauntlet); kept compact for the browser. 100% traceable.
|
|
30
|
+
function triageOf(r) {
|
|
31
|
+
const num = (x) => (Number.isFinite(Number(x)) ? Number(x) : 0);
|
|
32
|
+
const A = [];
|
|
33
|
+
const sec = r.secrets || {}, su = r.security || {}, dep = r.deps || {}, bf = r.busFactor || {}, age = r.age || {}, cx = r.complexity || {}, hs = r.hotspots || {}, cp = r.coupling || {};
|
|
34
|
+
if (num(sec.filesScanned) > 0) {
|
|
35
|
+
if (sec.worstVerdict === "BLOCK") A.push({ s: "Secrets", sev: "critical", f: `${num(sec.totalFindings)} credential leak(s) in production code`, p: `secrets · ${num(sec.filesScanned)} files · ${sec.hits && sec.hits[0] ? sec.hits[0].file + ":" + sec.hits[0].line : "—"}` });
|
|
36
|
+
else if (num(sec.totalFindings) > 0) A.push({ s: "Secrets", sev: "warn", f: `${num(sec.totalFindings)} credential-pattern match(es) to review`, p: `secrets · ${num(sec.filesScanned)} files · value never stored` });
|
|
37
|
+
}
|
|
38
|
+
if ((su.destructive || []).length > 0) A.push({ s: "Security", sev: "critical", f: `${su.destructive.length} destructive build/CI command(s)`, p: `CERBERUS · ${su.destructive[0].where}` });
|
|
39
|
+
else if (num(su.injectionFindings) > 0) A.push({ s: "Security", sev: "warn", f: `${num(su.injectionFindings)} possible prompt-injection in docs`, p: `FIREWALL · ${(su.injectionWhere || [])[0] || "doc"}` });
|
|
40
|
+
const dying = num((dep.byBand || {}).moribund) + num((dep.byBand || {}).dead);
|
|
41
|
+
const copyleft = num((dep.licenses || {})["strong-copyleft"]) + num((dep.licenses || {})["weak-copyleft"]);
|
|
42
|
+
if (dying > 0) A.push({ s: "Dependencies", sev: dying >= 3 ? "critical" : "warn", f: `${dying} of ${num(dep.total)} deps dying`, p: `deps · ${dep.atRisk && dep.atRisk[0] ? dep.atRisk[0].name + "→" + (dep.atRisk[0].successor || "?") : "npm metadata"}` });
|
|
43
|
+
else if (copyleft > 0) A.push({ s: "Dependencies", sev: "warn", f: `${copyleft} copyleft dep(s) — review for commercial use`, p: `deps · ${dep.licenseFlags && dep.licenseFlags[0] ? dep.licenseFlags[0].name + ":" + dep.licenseFlags[0].license : "license scan"}` });
|
|
44
|
+
if (num(bf.authors) > 0 && num(bf.busFactor) <= 1) A.push({ s: "Bus factor", sev: "warn", f: `bus factor 1 — one person holds ${num(bf.topContributorShare)}% of commits`, p: `git authorship · ${num(bf.singleOwnerFilePct)}% files single-owner` });
|
|
45
|
+
if (age.vitality === "archived") A.push({ s: "Vitality", sev: "critical", f: `archived — no longer maintained`, p: `git history · last ${age.lastCommitAt || "?"}` });
|
|
46
|
+
else if (age.vitality === "dormant") A.push({ s: "Vitality", sev: "warn", f: `dormant — ${age.lifespan || ""} old, stalled`, p: `git history · last ${age.lastCommitAt || "?"}` });
|
|
47
|
+
if ((cx.hotspots || []).filter((h) => num(h.bodyLines) >= 150).length > 0) A.push({ s: "Complexity", sev: "info", f: `large symbol(s) ≥150 lines`, p: `AST · ${cx.hotspots[0] ? cx.hotspots[0].bodyLines + "L " + cx.hotspots[0].file : ""}` });
|
|
48
|
+
if ((hs.hotspots || []).length > 0) { const h = hs.hotspots[0]; A.push({ s: "Hotspots", sev: "info", f: `refactor first: ${h.file}`, p: `churn×size · ${num(h.changes)}× · ${num(h.loc)}L${h.expert ? " · ask " + h.expert : ""}` }); }
|
|
49
|
+
if ((cp.pairs || []).some((p) => p.hidden)) { const p = cp.pairs.find((x) => x.hidden); A.push({ s: "Coupling", sev: "info", f: `hidden cross-dir coupling: ${p.a} ⇄ ${p.b}`, p: `co-change · ${Math.round(num(p.confidence) * 100)}%` }); }
|
|
50
|
+
const rank = { critical: 0, warn: 1, info: 2 };
|
|
51
|
+
A.sort((a, b) => rank[a.sev] - rank[b.sev]);
|
|
52
|
+
return A;
|
|
53
|
+
}
|
|
54
|
+
|
|
27
55
|
function xrayCardHTML(signed, opts) {
|
|
28
56
|
opts = opts || {};
|
|
29
57
|
const r = signed.report, s = r.summary;
|
|
30
58
|
const dep = r.deps, sec = r.secrets, bf = r.busFactor, age = r.age, cx = r.complexity;
|
|
31
59
|
const verified = signed.receipt ? '<span class="verified"><span class="dot"></span>Ed25519 — verifies offline</span>' : "unsigned";
|
|
60
|
+
const tri = triageOf(r);
|
|
32
61
|
|
|
33
62
|
const depChips = (dep.atRisk || []).slice(0, 6).map((d) =>
|
|
34
63
|
`<span class="chip ${d.band === "dead" ? "bad" : "warn"}">${esc(d.name)} · ${d.band}${d.successor ? ` → ${esc(d.successor)}` : ""}</span>`).join("") || `<span class="chip">none dying</span>`;
|
|
@@ -53,13 +82,20 @@
|
|
|
53
82
|
<div class="card">
|
|
54
83
|
<div class="top">
|
|
55
84
|
<div class="grade ${gC(s.grade)}">${esc(s.grade)}</div>
|
|
56
|
-
<div><div class="repo">${esc(r.subject.repoName)}</div>
|
|
85
|
+
<div><div class="repo">${esc(r.subject.repoName)}${r.subject.branch ? ` <span class="repobr">@ ${esc(r.subject.branch)}</span>` : ""}</div>
|
|
86
|
+
${r.subject.kind === "git-url" ? `<a class="repourl" href="${esc(r.subject.ref)}" target="_blank" rel="noopener">${esc(r.subject.ref)} ↗</a>` : `<div class="repourl">${esc(r.subject.ref)}</div>`}
|
|
57
87
|
<div class="head">${esc(s.headline)} · ${s.signalsRun} signals · @ ${esc(String(r.subject.commitHash).slice(0, 10))}</div></div>
|
|
58
88
|
</div>
|
|
59
|
-
<div class="
|
|
60
|
-
<span class="
|
|
61
|
-
<span class="
|
|
89
|
+
<div class="membrane">
|
|
90
|
+
<div class="mp"><span class="mpk">① CAPABILITY</span><span class="mpv">${s.signalsRun} deterministic signals · ${(sec.filesScanned || 0).toLocaleString()} files scanned</span></div>
|
|
91
|
+
<div class="mp"><span class="mpk">② ATTENTION</span><span class="mpv">${tri.length ? `${tri.length} signal(s) need attention` : `all signals clear`}</span></div>
|
|
92
|
+
<div class="mp"><span class="mpk">③ HALLUCINATION</span><span class="mpv"><span class="hdot"></span><b>0</b> — every number from real git/code${verified ? ", signed" : ""}</span></div>
|
|
62
93
|
</div>
|
|
94
|
+
<div class="trustbar"><span class="htext"><b>Every figure is computed from git, code & package metadata — not one guessed by an AI.</b> Re-run this commit → identical numbers${verified ? ` · <b>signed</b>, verifies offline with the embedded public key` : ""}.</span></div>
|
|
95
|
+
${tri.length ? `<div class="triage">
|
|
96
|
+
<div class="triage-h">🔺 Needs attention (${tri.length}) <span class="triage-sub">— curated & severity-ranked; every line is traceable to its source</span></div>
|
|
97
|
+
${tri.map((t) => `<div class="ti ${t.sev}"><span class="ti-sev">${t.sev}</span><div class="ti-body"><div class="ti-f"><b>${esc(t.s)}</b> — ${esc(t.f)}</div><div class="ti-p">↳ ${esc(t.p)}</div></div></div>`).join("")}
|
|
98
|
+
</div>` : `<div class="triage clearall">✓ No critical or warning signals — all ${s.signalsRun} checks clear.</div>`}
|
|
63
99
|
<div class="rows">
|
|
64
100
|
<div class="row">${kcell("Dependencies")}<div class="v"><span class="big">${dep.total}</span> total · ${dep.byBand.dead + dep.byBand.moribund} dying · ${(lic["strong-copyleft"] + lic["weak-copyleft"])} copyleft<div class="chips">${depChips}${licChips}</div></div></div>
|
|
65
101
|
<div class="row">${kcell("Secrets")}<div class="v"><span class="big">${sec.totalFindings}</span> in production code · ${sec.filesScanned} files${sec.excludedTestHits ? ` · <span class="muted">+${sec.excludedTestHits} in tests/docs (excluded)</span>` : ""}<div class="chips">${secChips}</div></div></div>
|