@neurcode-ai/cli 0.9.4 → 0.9.6

package/dist/utils/plan-cache.js

@@ -0,0 +1,227 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeIntent = normalizeIntent;
+exports.getPlanCachePath = getPlanCachePath;
+exports.computePlanCacheKey = computePlanCacheKey;
+exports.getGitRepoFingerprint = getGitRepoFingerprint;
+exports.getFilesystemFingerprintFromTree = getFilesystemFingerprintFromTree;
+exports.readCachedPlan = readCachedPlan;
+exports.writeCachedPlan = writeCachedPlan;
+exports.findSimilarCachedPlans = findSimilarCachedPlans;
+const child_process_1 = require("child_process");
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const secret_masking_1 = require("./secret-masking");
+const CACHE_SCHEMA_VERSION = 1;
+const CACHE_FILE_NAME = 'plan-cache.json';
+const MAX_ENTRIES = 50;
+function sha256Hex(input) {
+    return (0, crypto_1.createHash)('sha256').update(input).digest('hex');
+}
+function normalizeIntent(intent) {
+    return intent
+        .trim()
+        .replace(/\s+/g, ' ')
+        .toLowerCase();
+}
+function getPlanCachePath(cwd) {
+    return (0, path_1.join)(cwd, '.neurcode', CACHE_FILE_NAME);
+}
+function ensureNeurcodeDir(cwd) {
+    const dir = (0, path_1.join)(cwd, '.neurcode');
+    if (!(0, fs_1.existsSync)(dir)) {
+        (0, fs_1.mkdirSync)(dir, { recursive: true });
+    }
+}
+function safeReadCacheFile(cachePath) {
+    if (!(0, fs_1.existsSync)(cachePath)) {
+        return { schemaVersion: CACHE_SCHEMA_VERSION, entries: {} };
+    }
+    try {
+        const raw = (0, fs_1.readFileSync)(cachePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed.schemaVersion !== CACHE_SCHEMA_VERSION || !parsed.entries || typeof parsed.entries !== 'object') {
+            throw new Error('Invalid cache schema');
+        }
+        const cache = parsed;
+        // Best-effort: avoid persisting secrets in cached intents (older caches may include them).
+        // This does not affect cache keys (they remain stable), it only sanitizes the stored intent text.
+        try {
+            for (const entry of Object.values(cache.entries)) {
+                if (!entry?.input?.intent)
+                    continue;
+                entry.input.intent = (0, secret_masking_1.maskSecretsInText)(entry.input.intent).masked;
+            }
+        }
+        catch {
+            // ignore
+        }
+        return cache;
+    }
+    catch {
+        // Preserve the corrupted file for debugging, but do not block the command.
+        try {
+            const corruptPath = cachePath.replace(/\.json$/, `.corrupt-${Date.now()}.json`);
+            (0, fs_1.renameSync)(cachePath, corruptPath);
+        }
+        catch {
+            // ignore
+        }
+        return { schemaVersion: CACHE_SCHEMA_VERSION, entries: {} };
+    }
+}
+function atomicWrite(cachePath, data) {
+    const tmpPath = `${cachePath}.tmp`;
+    (0, fs_1.writeFileSync)(tmpPath, data, 'utf-8');
+    (0, fs_1.renameSync)(tmpPath, cachePath);
+}
+function prune(cache) {
+    const keys = Object.keys(cache.entries);
+    if (keys.length <= MAX_ENTRIES)
+        return;
+    const sorted = keys
+        .map((k) => cache.entries[k])
+        .filter(Boolean)
+        .sort((a, b) => {
+        const aTime = Date.parse(a.lastUsedAt) || 0;
+        const bTime = Date.parse(b.lastUsedAt) || 0;
+        return aTime - bTime;
+    });
+    const toRemove = sorted.slice(0, Math.max(0, sorted.length - MAX_ENTRIES));
+    for (const entry of toRemove) {
+        delete cache.entries[entry.key];
+    }
+}
+function computePlanCacheKey(input) {
+    const safeIntent = (0, secret_masking_1.maskSecretsInText)(input.intent).masked;
+    // Use an explicit, stable string rather than JSON.stringify of arbitrary objects.
+    const payload = [
+        `v=${input.schemaVersion}`,
+        `apiUrl=${input.apiUrl}`,
+        `orgId=${input.orgId}`,
+        `projectId=${input.projectId}`,
+        `intent=${safeIntent}`,
+        `ticketRef=${input.ticketRef || ''}`,
+        `contextHash=${input.contextHash || ''}`,
+        `repo.kind=${input.repo.kind}`,
+        input.repo.kind === 'git'
+            ? `repo.headSha=${input.repo.headSha};repo.headTreeSha=${input.repo.headTreeSha};repo.statusHash=${input.repo.statusHash}`
+            : `repo.fileTreeHash=${input.repo.fileTreeHash}`,
+    ].join('\n');
+    return sha256Hex(payload);
+}
+function getGitRepoFingerprint(cwd) {
+    try {
+        const inside = (0, child_process_1.execSync)('git rev-parse --is-inside-work-tree', { cwd, encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] })
+            .trim()
+            .toLowerCase();
+        if (inside !== 'true')
+            return null;
+        const headSha = (0, child_process_1.execSync)('git rev-parse HEAD', { cwd, encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] }).trim();
+        const headTreeSha = (0, child_process_1.execSync)('git rev-parse HEAD^{tree}', { cwd, encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] }).trim();
+        const status = (0, child_process_1.execSync)('git status --porcelain', { cwd, encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] });
+        const statusHash = sha256Hex(status);
+        return { kind: 'git', headSha, headTreeSha, statusHash };
+    }
+    catch {
+        return null;
+    }
+}
+function getFilesystemFingerprintFromTree(fileTree) {
+    // Normalize ordering so the hash is stable even if scanning order changes.
+    const normalized = [...fileTree].sort().join('\n');
+    return { kind: 'filesystem', fileTreeHash: sha256Hex(normalized) };
+}
+function readCachedPlan(cwd, key) {
+    try {
+        const cachePath = getPlanCachePath(cwd);
+        const cache = safeReadCacheFile(cachePath);
+        const entry = cache.entries[key];
+        if (!entry)
+            return null;
+        // Update LRU metadata.
+        const now = new Date().toISOString();
+        entry.lastUsedAt = now;
+        entry.useCount = (entry.useCount || 0) + 1;
+        cache.entries[key] = entry;
+        prune(cache);
+        atomicWrite(cachePath, JSON.stringify(cache, null, 2) + '\n');
+        return entry;
+    }
+    catch {
+        return null;
+    }
+}
+function writeCachedPlan(cwd, entry) {
+    try {
+        ensureNeurcodeDir(cwd);
+        const cachePath = getPlanCachePath(cwd);
+        const cache = safeReadCacheFile(cachePath);
+        const now = new Date().toISOString();
+        const existing = cache.entries[entry.key];
+        const next = {
+            ...entry,
+            createdAt: existing?.createdAt || now,
+            lastUsedAt: now,
+            useCount: (existing?.useCount || 0) + 1,
+        };
+        // Best-effort: do not persist secrets in the on-disk cache.
+        try {
+            if (next.input?.intent) {
+                next.input.intent = (0, secret_masking_1.maskSecretsInText)(next.input.intent).masked;
+            }
+        }
+        catch {
+            // ignore
+        }
+        cache.entries[entry.key] = next;
+        prune(cache);
+        atomicWrite(cachePath, JSON.stringify(cache, null, 2) + '\n');
+    }
+    catch {
+        // Cache failures should never block plan generation.
+    }
+}
+function tokenize(text) {
+    return text
+        .toLowerCase()
+        .replace(/[^\w\s]/g, ' ')
+        .split(/\s+/)
+        .filter((t) => t.length >= 3);
+}
+function jaccard(a, b) {
+    if (a.size === 0 || b.size === 0)
+        return 0;
+    let inter = 0;
+    for (const x of a) {
+        if (b.has(x))
+            inter++;
+    }
+    const union = a.size + b.size - inter;
+    return union === 0 ? 0 : inter / union;
+}
+function findSimilarCachedPlans(cwd, filter, intent, k = 3) {
+    try {
+        const cachePath = getPlanCachePath(cwd);
+        const cache = safeReadCacheFile(cachePath);
+        const entries = Object.values(cache.entries);
+        const queryTokens = new Set(tokenize(intent));
+        const scored = entries
+            .filter((e) => e.input.orgId === filter.orgId && e.input.projectId === filter.projectId)
+            .map((e) => {
+            const eTokens = new Set(tokenize(e.input.intent));
+            const score = jaccard(queryTokens, eTokens);
+            return { entry: e, score };
+        })
+            .filter((s) => s.score > 0)
+            .sort((a, b) => b.score - a.score)
+            .slice(0, k)
+            .map((s) => s.entry);
+        return scored;
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=plan-cache.js.map

package/dist/utils/plan-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plan-cache.js","sourceRoot":"","sources":["../../src/utils/plan-cache.ts"],"names":[],"mappings":";;AAwDA,0CAKC;AAED,4CAEC;AAyED,kDAkBC;AAED,sDAgBC;AAED,4EAIC;AAED,wCAmBC;AAED,0CA8BC;AAoBD,wDA4BC;AAzRD,iDAAyC;AACzC,mCAAoC;AACpC,2BAAoF;AACpF,+BAA4B;AAE5B,qDAAqD;AA2CrD,MAAM,oBAAoB,GAAG,CAAU,CAAC;AACxC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AAC1C,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,SAAgB,eAAe,CAAC,MAAc;IAC5C,OAAO,MAAM;SACV,IAAI,EAAE;SACN,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,WAAW,EAAE,CAAC;AACnB,CAAC;AAED,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,OAAO,IAAA,WAAI,EAAC,GAAG,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,GAAG,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACnC,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC,EAAE,CAAC;QACrB,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,IAAI,CAAC,IAAA,eAAU,EAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA6B,CAAC;QAE3D,IAAI,MAAM,CAAC,aAAa,KAAK,oBAAoB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC3G,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,KAAK,GAAG,MAAyB,CAAC;QAExC,2FAA2F;QAC3F,kGAAkG;QAClG,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM;oBAAE,SAAS;gBACpC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,IAAA,kCAAiB,EAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;YACpE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,YAAY,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAChF,IAAA,eAAU,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB,EAAE,IAAY;IAClD,MAAM,OAAO,GAAG,GAAG,SAAS,MAAM,CAAC;IACnC,IAAA,kBAAa,EAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACtC,IAAA,eAAU,EAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,KAAK,CAAC,KAAsB;IACnC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,IAAI,WAAW;QAAE,OAAO;IAEvC,MAAM,MAAM,GAAG,IAAI;SAChB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SAC5B,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,KAAK,GAAG,KAAK,CAAC;IACvB,CAAC,CAAC,CAAC;IAEL,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC;IAC3E,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,KAA0B;IAC5D,MAAM,UAAU,GAAG,IAAA,kCAAiB,EAAC,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC1D,kFAAkF;IAClF,MAAM,OAAO,GAAG;QACd,KAAK,KAAK,CAAC,aAAa,EAAE;QAC1B,UAAU,KAAK,CAAC,MAAM,EAAE;QACxB,SAAS,KAAK,CAAC,KAAK,EAAE;QACtB,aAAa,KAAK,CAAC,SAAS,EAAE;QAC9B,UAAU,UAAU,EAAE;QACtB,aAAa,KAAK,CAAC,SAAS,IAAI,EAAE,EAAE;QACpC,eAAe,KAAK,CAAC,WAAW,IAAI,EAAE,EAAE;QACxC,aAAa,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;QAC9B,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK;YACvB,CAAC,CAAC,gBAAgB,KAAK,CAAC,IAAI,CAAC,OAAO,qBAAqB,KAAK,CAAC,IAAI,CAAC,WAAW,oBAAoB,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE;YAC1H,CAAC,CAAC,qBAAqB,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE;KACnD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,qCAAqC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;aAC5H,IAAI,EAAE;aACN,WAAW,EAAE,CAAC;QACjB,IAAI,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,OAAO,GAAG,IAAA,wBAAQ,EAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvH,MAAM,WAAW,GAAG,IAAA,wBAAQ,EAAC,2BAA2B,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAClI,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;QACnH,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAErC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,gCAAgC,CAAC,QAAkB;IACjE,2EAA2E;IAC3E,MAAM,UAAU,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;AACrE,CAAC;AAED,SAAgB,cAAc,CAAC,GAAW,EAAE,GAAW;IACrD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,uBAAuB;QACvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;QACvB,KAAK,CAAC,QAAQ,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,KAAK,CAAC,KAAK,CAAC,CAAC;QACb,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAE9D,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAAC,GAAW,EAAE,KAAuE;IAClH,IAAI,CAAC;QACH,iBAAiB,CAAC,GAAG,CAAC,CAAC;QACvB,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE3C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAsB;YAC9B,GAAG,KAAK;YACR,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,GAAG;YACrC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC;SACxC,CAAC;QAEF,4DAA4D;QAC5D,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;gBACvB,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAA,kCAAiB,EAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;YAClE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QAChC,KAAK,CAAC,KAAK,CAAC,CAAC;QACb,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;IACvD,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY;IAC5B,OAAO,IAAI;SACR,WAAW,EAAE;SACb,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC;SACxB,KAAK,CAAC,KAAK,CAAC;SACZ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,OAAO,CAAC,CAAc,EAAE,CAAc;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAClB,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,KAAK,EAAE,CAAC;IACxB,CAAC;IACD,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC;IACtC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,CAAC;AACzC,CAAC;AAED,SAAgB,sBAAsB,CACpC,GAAW,EACX,MAA4C,EAC5C,MAAc,EACd,IAAY,CAAC;IAEb,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE7C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,SAAS,KAAK,MAAM,CAAC,SAAS,CAAC;aACvF,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACT,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YAC5C,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC;QAC7B,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;aAC1B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;aACjC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;aACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEvB,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/utils/secret-masking.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Lightweight secret masking for local persistence (cache/memory files).
+ *
+ * This intentionally avoids importing the full SecurityGuard (ts-morph heavy),
+ * while still masking the most common secret patterns that users may paste into
+ * CLI intents or context files.
+ */
+export declare function maskSecretsInText(text: string): {
+    masked: string;
+    changed: boolean;
+};
+//# sourceMappingURL=secret-masking.d.ts.map

package/dist/utils/secret-masking.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-masking.d.ts","sourceRoot":"","sources":["../../src/utils/secret-masking.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAyCpF"}

package/dist/utils/secret-masking.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.maskSecretsInText = maskSecretsInText;
+const REDACTION_PLACEHOLDER = '[REDACTED_BY_NEURCODE]';
+/**
+ * Lightweight secret masking for local persistence (cache/memory files).
+ *
+ * This intentionally avoids importing the full SecurityGuard (ts-morph heavy),
+ * while still masking the most common secret patterns that users may paste into
+ * CLI intents or context files.
+ */
+function maskSecretsInText(text) {
+    if (!text)
+        return { masked: text, changed: false };
+    let masked = text;
+    const before = masked;
+    // Direct token patterns
+    masked = masked.replace(/\bAKIA[0-9A-Z]{16}\b/gi, REDACTION_PLACEHOLDER); // AWS access key id
+    masked = masked.replace(/\b(ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,}\b/gi, REDACTION_PLACEHOLDER); // GitHub tokens
+    // JWTs (common shape)
+    masked = masked.replace(/\beyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}\b/g, REDACTION_PLACEHOLDER);
+    // Connection strings / URLs with credentials
+    masked = masked.replace(/\b((?:postgresql?|mysql|mongodb(?:\+srv)?|redis):\/\/)([^\s]+)/gi, `$1${REDACTION_PLACEHOLDER}`);
+    // sshpass password inline
+    masked = masked.replace(/\b(sshpass\s+-p\s+)(['"])([^'"]+)\2/gi, `$1$2${REDACTION_PLACEHOLDER}$2`);
+    // bearer/token/apikey style assignments (keep the left side; redact the value)
+    masked = masked.replace(/\b((?:bearer|token|apikey)\s*[:=]\s*['"]?)([a-zA-Z0-9_\-]{32,})(['"]?)/gi, `$1${REDACTION_PLACEHOLDER}$3`);
+    // generic secret-like assignments (keep the left side; redact the value)
+    masked = masked.replace(/\b((?:password|secret|key|api[_-]?key|private[_-]?key|access[_-]?token|auth[_-]?token)\s*[:=]\s*['"]?)([a-zA-Z0-9_\-+/=]{20,})(['"]?)/gi, `$1${REDACTION_PLACEHOLDER}$3`);
+    // PEM private keys (multi-line)
+    masked = masked.replace(/-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g, REDACTION_PLACEHOLDER);
+    return { masked, changed: masked !== before };
+}
+//# sourceMappingURL=secret-masking.js.map

package/dist/utils/secret-masking.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-masking.js","sourceRoot":"","sources":["../../src/utils/secret-masking.ts"],"names":[],"mappings":";;AASA,8CAyCC;AAlDD,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAEvD;;;;;;GAMG;AACH,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAEnD,IAAI,MAAM,GAAG,IAAI,CAAC;IAClB,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,wBAAwB;IACxB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,wBAAwB,EAAE,qBAAqB,CAAC,CAAC,CAAC,oBAAoB;IAC9F,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,8CAA8C,EAAE,qBAAqB,CAAC,CAAC,CAAC,gBAAgB;IAEhH,sBAAsB;IACtB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,oEAAoE,EAAE,qBAAqB,CAAC,CAAC;IAErH,6CAA6C;IAC7C,MAAM,GAAG,MAAM,CAAC,OAAO,CACrB,kEAAkE,EAClE,KAAK,qBAAqB,EAAE,CAC7B,CAAC;IAEF,0BAA0B;IAC1B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,uCAAuC,EAAE,OAAO,qBAAqB,IAAI,CAAC,CAAC;IAEnG,+EAA+E;IAC/E,MAAM,GAAG,MAAM,CAAC,OAAO,CACrB,0EAA0E,EAC1E,KAAK,qBAAqB,IAAI,CAC/B,CAAC;IAEF,yEAAyE;IACzE,MAAM,GAAG,MAAM,CAAC,OAAO,CACrB,yIAAyI,EACzI,KAAK,qBAAqB,IAAI,CAC/B,CAAC;IAEF,gCAAgC;IAChC,MAAM,GAAG,MAAM,CAAC,OAAO,CACrB,6EAA6E,EAC7E,qBAAqB,CACtB,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;AAChD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neurcode-ai/cli",
-  "version": "0.9.4",
+  "version": "0.9.6",
   "description": "Neurcode CLI - AI code governance and diff analysis",
   "bin": {
     "neurcode": "./dist/index.js"
@@ -61,4 +61,4 @@
     "@types/uuid": "^9.0.8",
     "typescript": "^5.3.0"
   }
-}
+}