@ophan/core 0.0.1

package/dist/schemas.d.ts

@@ -0,0 +1,100 @@
+import { z } from "zod";
+export declare const AnalysisType: z.ZodEnum<{
+    documentation: "documentation";
+    security: "security";
+}>;
+export type AnalysisType = z.infer<typeof AnalysisType>;
+export declare const KNOWN_DATA_TAGS: readonly ["user_input", "pii", "credentials", "database", "external_api", "file_system", "config", "internal"];
+export type KnownDataTag = (typeof KNOWN_DATA_TAGS)[number];
+export declare const KNOWN_SECURITY_FLAGS: readonly ["sql_injection", "xss", "hardcoded_secret", "unsanitized_input", "path_traversal", "prototype_pollution", "command_injection", "pickle_deserialization", "eval_exec", "insecure_subprocess"];
+export type KnownSecurityFlag = (typeof KNOWN_SECURITY_FLAGS)[number];
+export declare const ParamSchema: z.ZodObject<{
+    name: z.ZodString;
+    type: z.ZodString;
+    description: z.ZodString;
+}, z.core.$strip>;
+export type Param = z.infer<typeof ParamSchema>;
+export declare const ReturnsSchema: z.ZodObject<{
+    type: z.ZodString;
+    description: z.ZodString;
+}, z.core.$strip>;
+export type Returns = z.infer<typeof ReturnsSchema>;
+/** Documentation analysis: description, parameters, return type */
+export declare const DocumentationAnalysis: z.ZodObject<{
+    description: z.ZodString;
+    params: z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        type: z.ZodString;
+        description: z.ZodString;
+    }, z.core.$strip>>;
+    returns: z.ZodObject<{
+        type: z.ZodString;
+        description: z.ZodString;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type DocumentationAnalysis = z.infer<typeof DocumentationAnalysis>;
+/**
+ * Security analysis: data flow tags and security vulnerability flags.
+ * Both fields use z.string() arrays (not enums) — open with known values.
+ * Unknown values from Claude are preserved, not rejected.
+ */
+export declare const SecurityAnalysis: z.ZodObject<{
+    dataTags: z.ZodArray<z.ZodString>;
+    securityFlags: z.ZodArray<z.ZodString>;
+}, z.core.$strip>;
+export type SecurityAnalysis = z.infer<typeof SecurityAnalysis>;
+export declare const TypedAnalysis: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    analysisType: z.ZodLiteral<"documentation">;
+    data: z.ZodObject<{
+        description: z.ZodString;
+        params: z.ZodArray<z.ZodObject<{
+            name: z.ZodString;
+            type: z.ZodString;
+            description: z.ZodString;
+        }, z.core.$strip>>;
+        returns: z.ZodObject<{
+            type: z.ZodString;
+            description: z.ZodString;
+        }, z.core.$strip>;
+    }, z.core.$strip>;
+}, z.core.$strip>, z.ZodObject<{
+    analysisType: z.ZodLiteral<"security">;
+    data: z.ZodObject<{
+        dataTags: z.ZodArray<z.ZodString>;
+        securityFlags: z.ZodArray<z.ZodString>;
+    }, z.core.$strip>;
+}, z.core.$strip>], "analysisType">;
+export type TypedAnalysis = z.infer<typeof TypedAnalysis>;
+/**
+ * Validates the raw JSON response from Claude's analysis.
+ * The prompt returns a flat object per function with all fields combined.
+ * We validate here, then split into separate analysis type rows on storage.
+ *
+ * Uses .catch() defaults so partial/malformed responses degrade gracefully
+ * instead of rejecting entire batches.
+ */
+export declare const ClaudeAnalysisResponse: z.ZodObject<{
+    name: z.ZodString;
+    description: z.ZodCatch<z.ZodString>;
+    params: z.ZodCatch<z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        type: z.ZodString;
+        description: z.ZodString;
+    }, z.core.$strip>>>;
+    returns: z.ZodCatch<z.ZodObject<{
+        type: z.ZodString;
+        description: z.ZodString;
+    }, z.core.$strip>>;
+    dataTags: z.ZodCatch<z.ZodArray<z.ZodString>>;
+    securityFlags: z.ZodCatch<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+export type ClaudeAnalysisResponse = z.infer<typeof ClaudeAnalysisResponse>;
+/**
+ * Each analysis type has an independent schema version.
+ * Bump when the JSON shape changes. Old rows remain readable.
+ * Stored alongside each row for forward-compatibility.
+ */
+export declare const SCHEMA_VERSIONS: Record<AnalysisType, number>;
+export declare const SECURITY_FLAG_LABELS: Record<string, string>;
+export declare const DATA_TAG_LABELS: Record<string, string>;
+//# sourceMappingURL=schemas.d.ts.map

package/dist/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../src/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,eAAO,MAAM,YAAY;;;EAAwC,CAAC;AAClE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAaxD,eAAO,MAAM,eAAe,gHASlB,CAAC;AACX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5D,eAAO,MAAM,oBAAoB,wMAWvB,CAAC;AACX,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAC;AAItE,eAAO,MAAM,WAAW;;;;iBAItB,CAAC;AACH,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEhD,eAAO,MAAM,aAAa;;;iBAGxB,CAAC;AACH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD,mEAAmE;AACnE,eAAO,MAAM,qBAAqB;;;;;;;;;;;iBAIhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E;;;;GAIG;AACH,eAAO,MAAM,gBAAgB;;;iBAG3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAIhE,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;mCASxB,CAAC;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAI1D;;;;;;;GAOG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;iBAOjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAI5E;;;;GAIG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAGxD,CAAC;AAQF,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAWvD,CAAC;AAEF,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CASlD,CAAC"}

package/dist/schemas.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DATA_TAG_LABELS = exports.SECURITY_FLAG_LABELS = exports.SCHEMA_VERSIONS = exports.ClaudeAnalysisResponse = exports.TypedAnalysis = exports.SecurityAnalysis = exports.DocumentationAnalysis = exports.ReturnsSchema = exports.ParamSchema = exports.KNOWN_SECURITY_FLAGS = exports.KNOWN_DATA_TAGS = exports.AnalysisType = void 0;
+const zod_1 = require("zod");
+// ============ ANALYSIS TYPE ENUM ============
+exports.AnalysisType = zod_1.z.enum(["documentation", "security"]);
+// ============ KNOWN VALUE SETS ============
+//
+// These are the values we prompt Claude for and have display labels for.
+// They are NOT used for validation — all schemas accept arbitrary strings.
+// This "open with known values" design means:
+//   - Claude can return new flags/tags we haven't seen before
+//   - Unknown values are stored, synced, and displayed (using the raw string as fallback label)
+//   - No data is ever silently dropped due to enum mismatch
+//   - New known values are added here + in LABELS maps when we want display names
+//   - UI code uses LABELS maps for display, falling back to raw string for unknown values
+exports.KNOWN_DATA_TAGS = [
+    "user_input",
+    "pii",
+    "credentials",
+    "database",
+    "external_api",
+    "file_system",
+    "config",
+    "internal",
+];
+exports.KNOWN_SECURITY_FLAGS = [
+    "sql_injection",
+    "xss",
+    "hardcoded_secret",
+    "unsanitized_input",
+    "path_traversal",
+    "prototype_pollution",
+    "command_injection",
+    "pickle_deserialization",
+    "eval_exec",
+    "insecure_subprocess",
+];
+// ============ ANALYSIS PAYLOADS ============
+exports.ParamSchema = zod_1.z.object({
+    name: zod_1.z.string(),
+    type: zod_1.z.string(),
+    description: zod_1.z.string(),
+});
+exports.ReturnsSchema = zod_1.z.object({
+    type: zod_1.z.string(),
+    description: zod_1.z.string(),
+});
+/** Documentation analysis: description, parameters, return type */
+exports.DocumentationAnalysis = zod_1.z.object({
+    description: zod_1.z.string(),
+    params: zod_1.z.array(exports.ParamSchema),
+    returns: exports.ReturnsSchema,
+});
+/**
+ * Security analysis: data flow tags and security vulnerability flags.
+ * Both fields use z.string() arrays (not enums) — open with known values.
+ * Unknown values from Claude are preserved, not rejected.
+ */
+exports.SecurityAnalysis = zod_1.z.object({
+    dataTags: zod_1.z.array(zod_1.z.string()),
+    securityFlags: zod_1.z.array(zod_1.z.string()),
+});
+// ============ DISCRIMINATED UNION ============
+exports.TypedAnalysis = zod_1.z.discriminatedUnion("analysisType", [
+    zod_1.z.object({
+        analysisType: zod_1.z.literal("documentation"),
+        data: exports.DocumentationAnalysis,
+    }),
+    zod_1.z.object({
+        analysisType: zod_1.z.literal("security"),
+        data: exports.SecurityAnalysis,
+    }),
+]);
+// ============ CLAUDE RESPONSE VALIDATOR ============
+/**
+ * Validates the raw JSON response from Claude's analysis.
+ * The prompt returns a flat object per function with all fields combined.
+ * We validate here, then split into separate analysis type rows on storage.
+ *
+ * Uses .catch() defaults so partial/malformed responses degrade gracefully
+ * instead of rejecting entire batches.
+ */
+exports.ClaudeAnalysisResponse = zod_1.z.object({
+    name: zod_1.z.string(),
+    description: zod_1.z.string().catch(""),
+    params: zod_1.z.array(exports.ParamSchema).catch([]),
+    returns: exports.ReturnsSchema.catch({ type: "unknown", description: "" }),
+    dataTags: zod_1.z.array(zod_1.z.string()).catch([]),
+    securityFlags: zod_1.z.array(zod_1.z.string()).catch([]),
+});
+// ============ SCHEMA VERSIONS ============
+/**
+ * Each analysis type has an independent schema version.
+ * Bump when the JSON shape changes. Old rows remain readable.
+ * Stored alongside each row for forward-compatibility.
+ */
+exports.SCHEMA_VERSIONS = {
+    documentation: 1,
+    security: 1,
+};
+// ============ DISPLAY LABELS ============
+//
+// Label maps for known values. UI code should use these for display,
+// falling back to the raw string for unknown values:
+//   SECURITY_FLAG_LABELS[flag] ?? flag
+exports.SECURITY_FLAG_LABELS = {
+    sql_injection: "SQL Injection",
+    xss: "XSS",
+    hardcoded_secret: "Hardcoded Secret",
+    unsanitized_input: "Unsanitized Input",
+    path_traversal: "Path Traversal",
+    prototype_pollution: "Prototype Pollution",
+    command_injection: "Command Injection",
+    pickle_deserialization: "Pickle Deserialization",
+    eval_exec: "Eval/Exec",
+    insecure_subprocess: "Insecure Subprocess",
+};
+exports.DATA_TAG_LABELS = {
+    user_input: "User Input",
+    pii: "PII",
+    credentials: "Credentials",
+    database: "Database",
+    external_api: "External API",
+    file_system: "File System",
+    config: "Config",
+    internal: "Internal",
+};

package/dist/shared.d.ts

@@ -0,0 +1,12 @@
+export interface FunctionInfo {
+    name: string;
+    filePath: string;
+    startLine: number;
+    endLine: number;
+    sourceCode: string;
+    contentHash: string;
+    language: string;
+    entityType: string;
+}
+export declare function computeHash(str: string): string;
+//# sourceMappingURL=shared.d.ts.map

package/dist/shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../src/shared.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE/C"}

package/dist/shared.js

@@ -0,0 +1,10 @@
+"use strict";
+// Shared types and utilities used by both the parser modules and the main analysis engine.
+// This file exists to avoid circular dependencies between index.ts and parsers/.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeHash = computeHash;
+const crypto_1 = require("crypto");
+// ============ UTILITIES ============
+function computeHash(str) {
+    return (0, crypto_1.createHash)("sha256").update(str).digest("hex");
+}

package/dist/test-utils.d.ts

@@ -0,0 +1,46 @@
+import Database from "better-sqlite3";
+/**
+ * Creates an in-memory SQLite database with the current ophan schema.
+ * Use for merge, import, GC, and findMissingHashes tests.
+ */
+export declare function createTestDb(): Database.Database;
+/**
+ * Creates an in-memory DB with the OLD (pre-analysis-type) schema.
+ * Used to test migrateToAnalysisTypes().
+ */
+export declare function createLegacyTestDb(): Database.Database;
+/** Returns JSON string for a documentation analysis payload. */
+export declare function makeDocAnalysisJson(overrides?: Partial<{
+    description: string;
+    params: {
+        name: string;
+        type: string;
+        description: string;
+    }[];
+    returns: {
+        type: string;
+        description: string;
+    };
+}>): string;
+/** Returns JSON string for a security analysis payload. */
+export declare function makeSecAnalysisJson(overrides?: Partial<{
+    dataTags: string[];
+    securityFlags: string[];
+}>): string;
+/** Inserts a matched pair of documentation + security rows for a content_hash. */
+export declare function insertAnalysisPair(db: Database.Database, contentHash: string, options?: {
+    language?: string;
+    entityType?: string;
+    syncedAt?: number | null;
+    lastSeenAt?: number;
+    createdAt?: number;
+    doc?: Parameters<typeof makeDocAnalysisJson>[0];
+    sec?: Parameters<typeof makeSecAnalysisJson>[0];
+}): void;
+/** Inserts a file_functions row. */
+export declare function insertFileFunction(db: Database.Database, filePath: string, functionName: string, contentHash: string, options?: {
+    mtime?: number;
+    language?: string;
+    entityType?: string;
+}): void;
+//# sourceMappingURL=test-utils.d.ts.map

package/dist/test-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-utils.d.ts","sourceRoot":"","sources":["../src/test-utils.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAEtC;;;GAGG;AACH,wBAAgB,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAsDhD;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,QAAQ,CAAC,QAAQ,CA2CtD;AAED,gEAAgE;AAChE,wBAAgB,mBAAmB,CACjC,SAAS,GAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC9D,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;CAChD,CAAM,GACN,MAAM,CAQR;AAED,2DAA2D;AAC3D,wBAAgB,mBAAmB,CACjC,SAAS,GAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB,CAAM,GACN,MAAM,CAKR;AAED,kFAAkF;AAClF,wBAAgB,kBAAkB,CAChC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;IACP,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,GAAG,CAAC,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;CAC5C,GACL,IAAI,CAmCN;AAED,oCAAoC;AACpC,wBAAgB,kBAAkB,CAChC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;IACP,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CAChB,GACL,IAAI,CAYN"}

package/dist/test-utils.js

@@ -0,0 +1,141 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTestDb = createTestDb;
+exports.createLegacyTestDb = createLegacyTestDb;
+exports.makeDocAnalysisJson = makeDocAnalysisJson;
+exports.makeSecAnalysisJson = makeSecAnalysisJson;
+exports.insertAnalysisPair = insertAnalysisPair;
+exports.insertFileFunction = insertFileFunction;
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+/**
+ * Creates an in-memory SQLite database with the current ophan schema.
+ * Use for merge, import, GC, and findMissingHashes tests.
+ */
+function createTestDb() {
+    const db = new better_sqlite3_1.default(":memory:");
+    db.exec(`
+    CREATE TABLE function_analysis (
+      content_hash TEXT NOT NULL,
+      analysis_type TEXT NOT NULL,
+      analysis JSON NOT NULL,
+      model_version TEXT NOT NULL,
+      schema_version INTEGER NOT NULL DEFAULT 1,
+      created_at INTEGER NOT NULL,
+      last_seen_at INTEGER NOT NULL,
+      language TEXT NOT NULL DEFAULT 'typescript',
+      entity_type TEXT NOT NULL DEFAULT 'function',
+      synced_at INTEGER,
+      PRIMARY KEY (content_hash, analysis_type)
+    )
+  `);
+    db.exec(`
+    CREATE TABLE file_functions (
+      file_path TEXT NOT NULL,
+      function_name TEXT NOT NULL,
+      content_hash TEXT NOT NULL,
+      file_mtime INTEGER NOT NULL,
+      language TEXT NOT NULL DEFAULT 'typescript',
+      entity_type TEXT NOT NULL DEFAULT 'function'
+    )
+  `);
+    db.exec(`
+    CREATE TABLE function_gc (
+      content_hash TEXT NOT NULL,
+      analysis_type TEXT,
+      gc_at INTEGER NOT NULL,
+      synced_at INTEGER
+    )
+  `);
+    db.exec(`
+    CREATE TABLE sync_meta (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL
+    )
+  `);
+    db.exec("CREATE INDEX idx_file_functions_path ON file_functions(file_path)");
+    db.exec("CREATE INDEX idx_file_functions_hash ON file_functions(content_hash)");
+    return db;
+}
+/**
+ * Creates an in-memory DB with the OLD (pre-analysis-type) schema.
+ * Used to test migrateToAnalysisTypes().
+ */
+function createLegacyTestDb() {
+    const db = new better_sqlite3_1.default(":memory:");
+    db.exec(`
+    CREATE TABLE function_analysis (
+      content_hash TEXT PRIMARY KEY,
+      analysis JSON NOT NULL,
+      model_version TEXT NOT NULL,
+      created_at INTEGER NOT NULL,
+      last_seen_at INTEGER NOT NULL,
+      language TEXT,
+      entity_type TEXT,
+      synced_at INTEGER
+    )
+  `);
+    db.exec(`
+    CREATE TABLE file_functions (
+      file_path TEXT NOT NULL,
+      function_name TEXT NOT NULL,
+      content_hash TEXT NOT NULL,
+      file_mtime INTEGER NOT NULL,
+      language TEXT NOT NULL DEFAULT 'typescript',
+      entity_type TEXT NOT NULL DEFAULT 'function'
+    )
+  `);
+    db.exec(`
+    CREATE TABLE function_gc (
+      content_hash TEXT NOT NULL,
+      gc_at INTEGER NOT NULL,
+      synced_at INTEGER
+    )
+  `);
+    db.exec(`
+    CREATE TABLE sync_meta (
+      key TEXT PRIMARY KEY,
+      value TEXT NOT NULL
+    )
+  `);
+    return db;
+}
+/** Returns JSON string for a documentation analysis payload. */
+function makeDocAnalysisJson(overrides = {}) {
+    return JSON.stringify({
+        description: overrides.description ?? "Test function description",
+        params: overrides.params ?? [
+            { name: "x", type: "number", description: "input" },
+        ],
+        returns: overrides.returns ?? { type: "number", description: "output" },
+    });
+}
+/** Returns JSON string for a security analysis payload. */
+function makeSecAnalysisJson(overrides = {}) {
+    return JSON.stringify({
+        dataTags: overrides.dataTags ?? ["internal"],
+        securityFlags: overrides.securityFlags ?? [],
+    });
+}
+/** Inserts a matched pair of documentation + security rows for a content_hash. */
+function insertAnalysisPair(db, contentHash, options = {}) {
+    const now = Math.floor(Date.now() / 1000);
+    const language = options.language ?? "typescript";
+    const entityType = options.entityType ?? "function";
+    const createdAt = options.createdAt ?? now;
+    const lastSeenAt = options.lastSeenAt ?? now;
+    const syncedAt = options.syncedAt ?? null;
+    db.prepare(`INSERT INTO function_analysis
+    (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type, synced_at)
+    VALUES (?, 'documentation', ?, 'test-model', 1, ?, ?, ?, ?, ?)`).run(contentHash, makeDocAnalysisJson(options.doc), createdAt, lastSeenAt, language, entityType, syncedAt);
+    db.prepare(`INSERT INTO function_analysis
+    (content_hash, analysis_type, analysis, model_version, schema_version, created_at, last_seen_at, language, entity_type, synced_at)
+    VALUES (?, 'security', ?, 'test-model', 1, ?, ?, ?, ?, ?)`).run(contentHash, makeSecAnalysisJson(options.sec), createdAt, lastSeenAt, language, entityType, syncedAt);
+}
+/** Inserts a file_functions row. */
+function insertFileFunction(db, filePath, functionName, contentHash, options = {}) {
+    db.prepare(`INSERT INTO file_functions (file_path, function_name, content_hash, file_mtime, language, entity_type)
+    VALUES (?, ?, ?, ?, ?, ?)`).run(filePath, functionName, contentHash, options.mtime ?? Date.now(), options.language ?? "typescript", options.entityType ?? "function");
+}

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@ophan/core",
+  "version": "0.0.1",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "exports": {
+    ".": "./src/index.ts",
+    "./schemas": "./src/schemas.ts",
+    "./test-utils": "./src/test-utils.ts"
+  },
+  "files": ["dist"],
+  "publishConfig": {
+    "main": "./dist/index.js",
+    "types": "./dist/index.d.ts",
+    "exports": {
+      ".": "./dist/index.js",
+      "./schemas": "./dist/schemas.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run"
+  },
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.71.2",
+    "better-sqlite3": "^12.5.0",
+    "glob": "^13.0.0",
+    "p-retry": "^7.1.1",
+    "typescript": "^5.9.3",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/node": "^25.0.3",
+    "vitest": "^3.0.5"
+  }
+}