@oscharko-dev/keiko-local-knowledge 0.2.0

package/dist/parsers/xlsx-parser.js

@@ -0,0 +1,425 @@
+import { Buffer } from "node:buffer";
+import yauzl from "yauzl";
+import { decodeXmlEntities, diagnostic, emptyResult, objectLimitDiagnostic, oversizeDiagnostic, shouldStop, } from "./_internal.js";
+const PARSER_ID = "xlsx";
+const PARSER_VERSION = "1";
+const DEPENDENCY_VERSIONS = Object.freeze([
+    Object.freeze({ packageName: "yauzl", version: "3.4.0" }),
+]);
+const XLSX_MEDIA = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
+const MAX_XML_INFLATED_BYTES = 32 * 1024 * 1024;
+const MAX_XML_INFLATE_RATIO = 100;
+const SHEET_ENTRY_PREFIX = "xl/worksheets/";
+function isXlsx(input) {
+    const ext = input.extension.toLowerCase();
+    const media = input.mediaType.toLowerCase();
+    return ext === "xlsx" || media === XLSX_MEDIA;
+}
+function cancelled(capability, input, options) {
+    return emptyResult(capability, input.documentId, options, [
+        diagnostic("PARSER_CANCELLED", "caller aborted parser", input.documentId, "info"),
+    ]);
+}
+function syncFallback(capability) {
+    return (input, options) => emptyResult(capability, input.documentId, options, [
+        diagnostic("UNSUPPORTED_FORMAT", "xlsx parser requires async caller; use parseAsync via discovery", input.documentId, "info"),
+    ], [{ kind: "unsupported-media", documentId: input.documentId, reason: "xlsx-async-required" }]);
+}
+function toError(error, fallback) {
+    return error instanceof Error ? error : new Error(fallback);
+}
+function closeZipQuietly(zip) {
+    try {
+        zip.close();
+    }
+    catch {
+        // Close failures are non-fatal during parser cleanup.
+    }
+}
+function openZip(bytes) {
+    return new Promise((resolve, reject) => {
+        yauzl.fromBuffer(Buffer.from(bytes), { lazyEntries: true, decodeStrings: true }, (error, zip) => {
+            if (error !== null) {
+                reject(toError(error, "failed to open xlsx zip"));
+                return;
+            }
+            resolve(zip);
+        });
+    });
+}
+function maxInflatedEntryBytes(maxInputBytes) {
+    const inputCap = Math.max(1, Math.floor(maxInputBytes));
+    return Math.min(MAX_XML_INFLATED_BYTES, inputCap * 10);
+}
+function isRelevantEntry(name) {
+    return (name === "xl/workbook.xml" ||
+        name === "xl/_rels/workbook.xml.rels" ||
+        name === "xl/sharedStrings.xml" ||
+        (name.startsWith(SHEET_ENTRY_PREFIX) && name.endsWith(".xml")));
+}
+function assertEntryWithinLimits(entry, maxInflatedBytes) {
+    if (entry.uncompressedSize > maxInflatedBytes) {
+        throw new Error("xlsx xml inflated size exceeds parser limit");
+    }
+    if (entry.compressedSize > 0 &&
+        entry.uncompressedSize / entry.compressedSize > MAX_XML_INFLATE_RATIO) {
+        throw new Error("xlsx xml compression ratio exceeds parser limit");
+    }
+}
+function destroyStream(readStream, error) {
+    const destroy = readStream.destroy;
+    if (typeof destroy === "function") {
+        destroy.call(readStream, error);
+    }
+}
+function readEntryText(zip, entry, maxInflatedBytes) {
+    assertEntryWithinLimits(entry, maxInflatedBytes);
+    return new Promise((resolve, reject) => {
+        zip.openReadStream(entry, (error, stream) => {
+            if (error !== null) {
+                reject(toError(error, "failed to open xlsx entry stream"));
+                return;
+            }
+            const readStream = stream;
+            const chunks = [];
+            let inflatedBytes = 0;
+            let settled = false;
+            const rejectOnce = (streamError) => {
+                if (settled)
+                    return;
+                settled = true;
+                reject(streamError);
+                destroyStream(readStream, streamError);
+            };
+            readStream.on("data", (chunk) => {
+                if (settled)
+                    return;
+                inflatedBytes += chunk.byteLength;
+                if (inflatedBytes > maxInflatedBytes) {
+                    rejectOnce(new Error("xlsx xml inflated stream exceeds parser limit"));
+                    return;
+                }
+                chunks.push(chunk);
+            });
+            readStream.on("end", () => {
+                if (settled)
+                    return;
+                settled = true;
+                resolve(Buffer.concat(chunks).toString("utf8"));
+            });
+            readStream.on("error", (streamError) => {
+                rejectOnce(streamError);
+            });
+        });
+    });
+}
+function removeZipEntryListeners(zip, listeners) {
+    zip.removeListener("entry", listeners.onEntry);
+    zip.removeListener("end", listeners.onEnd);
+    zip.removeListener("error", listeners.onError);
+}
+function readRelevantEntries(zip, maxInflatedBytes) {
+    return new Promise((resolve, reject) => {
+        const entries = [];
+        let settled = false;
+        const resolveOnce = () => {
+            if (settled)
+                return;
+            settled = true;
+            removeZipEntryListeners(zip, { onEntry, onEnd, onError });
+            resolve(entries);
+        };
+        const rejectOnce = (error) => {
+            if (settled)
+                return;
+            settled = true;
+            removeZipEntryListeners(zip, { onEntry, onEnd, onError });
+            reject(error);
+        };
+        const onEnd = () => {
+            resolveOnce();
+        };
+        const onError = (error) => {
+            rejectOnce(toError(error, "failed to read xlsx zip"));
+        };
+        const handleEntry = async (entry) => {
+            if (!isRelevantEntry(entry.fileName)) {
+                zip.readEntry();
+                return;
+            }
+            try {
+                const xml = await readEntryText(zip, entry, maxInflatedBytes);
+                entries.push({ name: entry.fileName, xml });
+                zip.readEntry();
+            }
+            catch (error) {
+                rejectOnce(toError(error, "failed to read xlsx entry"));
+            }
+        };
+        const onEntry = (entry) => {
+            void handleEntry(entry);
+        };
+        zip.on("entry", onEntry);
+        zip.on("end", onEnd);
+        zip.on("error", onError);
+        zip.readEntry();
+    });
+}
+// GRD-027: delegate to the shared decoder so cell text resolves numeric character references
+// (smart quotes, accents) instead of surfacing literal `’`.
+function decodeXml(value) {
+    return decodeXmlEntities(value);
+}
+function attribute(tag, name) {
+    const pattern = new RegExp(`(?:^|\\s)${name}="([^"]*)"`, "u");
+    const match = pattern.exec(tag);
+    return match?.[1] === undefined ? undefined : decodeXml(match[1]);
+}
+function xmlTextContent(value) {
+    let out = "";
+    let inTag = false;
+    for (const char of value) {
+        if (char === "<") {
+            inTag = true;
+            continue;
+        }
+        if (inTag) {
+            if (char === ">")
+                inTag = false;
+            continue;
+        }
+        out += char;
+    }
+    return decodeXml(out);
+}
+function parseSharedStrings(xml, input, options) {
+    const strings = [];
+    const diagnostics = [];
+    const startedAt = options.now();
+    const itemPattern = /<si\b[\s\S]*?<\/si>/gi;
+    let match;
+    while ((match = itemPattern.exec(xml)) !== null) {
+        const limit = shouldStop(startedAt, options, strings.length);
+        if (limit.stop && limit.code !== undefined && limit.message !== undefined) {
+            diagnostics.push(diagnostic(limit.code, limit.message, input.documentId, "info"));
+            break;
+        }
+        if (strings.length >= options.maxObjectsPerDocument) {
+            diagnostics.push(objectLimitDiagnostic(input.documentId, options.maxObjectsPerDocument));
+            break;
+        }
+        const itemXml = match[0];
+        const parts = [...itemXml.matchAll(/<t\b[^>]*>([\s\S]*?)<\/t>/gi)].map((part) => decodeXml(part[1] ?? ""));
+        strings.push(parts.length > 0 ? parts.join("") : xmlTextContent(itemXml));
+    }
+    return { strings, diagnostics };
+}
+function parseRelationships(xml) {
+    const rels = new Map();
+    for (const match of xml.matchAll(/<Relationship\b[^>]*>/gi)) {
+        const tag = match[0];
+        const id = attribute(tag, "Id");
+        const target = attribute(tag, "Target");
+        if (id === undefined || target === undefined)
+            continue;
+        rels.set(id, target.startsWith("/") ? target.slice(1) : `xl/${target.replace(/^\.\//u, "")}`);
+    }
+    return rels;
+}
+function parseWorkbookSheets(workbookXml, relsXml, worksheetEntries) {
+    const rels = relsXml === undefined ? new Map() : parseRelationships(relsXml);
+    const sheets = [];
+    if (workbookXml !== undefined) {
+        for (const match of workbookXml.matchAll(/<sheet\b[^>]*>/gi)) {
+            const tag = match[0];
+            const name = attribute(tag, "name") ?? "Sheet";
+            const relId = attribute(tag, "r:id");
+            const entryName = relId === undefined ? undefined : rels.get(relId);
+            if (entryName !== undefined)
+                sheets.push({ name, entryName });
+        }
+    }
+    if (sheets.length > 0)
+        return sheets;
+    return worksheetEntries
+        .map((entry, index) => ({ name: `Sheet${String(index + 1)}`, entryName: entry.name }))
+        .sort((a, b) => a.entryName.localeCompare(b.entryName));
+}
+function columnName(ref, fallbackIndex) {
+    if (ref !== undefined) {
+        const match = /^([A-Z]+)/iu.exec(ref);
+        if (match?.[1] !== undefined)
+            return match[1].toUpperCase();
+    }
+    let n = fallbackIndex + 1;
+    let out = "";
+    while (n > 0) {
+        const rem = (n - 1) % 26;
+        out = String.fromCharCode(65 + rem) + out;
+        n = Math.floor((n - 1) / 26);
+    }
+    return out;
+}
+function rowNumber(rowTag, fallback) {
+    const raw = attribute(rowTag, "r");
+    if (raw === undefined)
+        return fallback;
+    const parsed = Number.parseInt(raw, 10);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+function inlineStringValue(cellXml) {
+    const inline = /<is\b[\s\S]*?<\/is>/iu.exec(cellXml)?.[0];
+    if (inline === undefined)
+        return "";
+    return [...inline.matchAll(/<t\b[^>]*>([\s\S]*?)<\/t>/gi)]
+        .map((part) => decodeXml(part[1] ?? ""))
+        .join("");
+}
+function rawCellValue(type, raw, sharedStrings) {
+    const decoded = decodeXml(raw);
+    if (type !== "s")
+        return decoded;
+    const index = Number.parseInt(decoded, 10);
+    return Number.isFinite(index) ? (sharedStrings[index] ?? "") : "";
+}
+function formulaCellValue(cellXml) {
+    const formula = /<f\b[^>]*>([\s\S]*?)<\/f>/iu.exec(cellXml)?.[1];
+    return formula === undefined ? "" : `=${decodeXml(formula)}`;
+}
+function cellValue(cellXml, sharedStrings) {
+    const tag = /^<c\b[^>]*>/iu.exec(cellXml)?.[0] ?? "";
+    const type = attribute(tag, "t");
+    if (type === "inlineStr")
+        return inlineStringValue(cellXml);
+    const raw = /<v\b[^>]*>([\s\S]*?)<\/v>/iu.exec(cellXml)?.[1];
+    if (raw !== undefined)
+        return rawCellValue(type, raw, sharedStrings);
+    return formulaCellValue(cellXml);
+}
+function projectSheetRows(sheetName, xml, sharedStrings) {
+    const rows = [];
+    let fallbackRow = 1;
+    for (const rowMatch of xml.matchAll(/<row\b[^>]*>[\s\S]*?<\/row>/gi)) {
+        const rowXml = rowMatch[0];
+        const rowTag = /^<row\b[^>]*>/iu.exec(rowXml)?.[0] ?? "";
+        const number = rowNumber(rowTag, fallbackRow);
+        fallbackRow = number + 1;
+        const cells = [];
+        let fallbackCol = 0;
+        for (const cellMatch of rowXml.matchAll(/<c\b[^>]*>[\s\S]*?<\/c>/gi)) {
+            const cellXml = cellMatch[0];
+            const cellTag = /^<c\b[^>]*>/iu.exec(cellXml)?.[0] ?? "";
+            const value = cellValue(cellXml, sharedStrings).trim();
+            if (value.length === 0) {
+                fallbackCol += 1;
+                continue;
+            }
+            cells.push({ column: columnName(attribute(cellTag, "r"), fallbackCol), value });
+            fallbackCol += 1;
+        }
+        if (cells.length === 0)
+            continue;
+        rows.push({
+            sheetName,
+            rowNumber: number,
+            text: `${sheetName}!${String(number)}: ${cells
+                .map((cell) => `${cell.column}=${cell.value}`)
+                .join(" | ")}\n`,
+        });
+    }
+    return rows;
+}
+function emitUnits(rows, input, options) {
+    const units = [];
+    const diagnostics = [];
+    const parts = [];
+    let offset = 0;
+    const startedAt = options.now();
+    for (const row of rows) {
+        const limit = shouldStop(startedAt, options, units.length);
+        if (limit.stop && limit.code !== undefined && limit.message !== undefined) {
+            diagnostics.push(diagnostic(limit.code, limit.message, input.documentId, "info"));
+            break;
+        }
+        const start = offset;
+        parts.push(row.text);
+        offset += row.text.length;
+        units.push({
+            kind: "csv-row",
+            documentId: input.documentId,
+            tableName: row.sheetName,
+            rowIndex: Math.max(0, row.rowNumber - 1),
+            characterStart: start,
+            characterEnd: offset,
+        });
+    }
+    return { units, diagnostics, normalizedText: parts.join("") };
+}
+function parseWorkbook(entries, input, options) {
+    const byName = new Map(entries.map((entry) => [entry.name, entry.xml]));
+    const shared = byName.get("xl/sharedStrings.xml");
+    const sharedResult = shared === undefined
+        ? { strings: [], diagnostics: [] }
+        : parseSharedStrings(shared, input, options);
+    if (sharedResult.diagnostics.some((entry) => entry.severity === "error")) {
+        return emptyResult(xlsxParser.capability, input.documentId, options, sharedResult.diagnostics);
+    }
+    const worksheetEntries = entries.filter((entry) => entry.name.startsWith(SHEET_ENTRY_PREFIX));
+    const workbookSheets = parseWorkbookSheets(byName.get("xl/workbook.xml"), byName.get("xl/_rels/workbook.xml.rels"), worksheetEntries);
+    const rows = [];
+    for (const sheet of workbookSheets) {
+        const xml = byName.get(sheet.entryName);
+        if (xml === undefined)
+            continue;
+        rows.push(...projectSheetRows(sheet.name, xml, sharedResult.strings));
+        if (rows.length > options.maxObjectsPerDocument) {
+            return emptyResult(xlsxParser.capability, input.documentId, options, [
+                objectLimitDiagnostic(input.documentId, options.maxObjectsPerDocument),
+            ]);
+        }
+    }
+    const emitted = emitUnits(rows, input, options);
+    return {
+        ...emptyResult(xlsxParser.capability, input.documentId, options, [...sharedResult.diagnostics, ...emitted.diagnostics], emitted.units),
+        normalizedText: emitted.normalizedText,
+    };
+}
+export const xlsxParser = Object.freeze({
+    capability: Object.freeze({
+        parserId: PARSER_ID,
+        parserVersion: PARSER_VERSION,
+        dependencyVersions: DEPENDENCY_VERSIONS,
+        matches: (input) => isXlsx(input),
+    }),
+    parse: syncFallback({
+        parserId: PARSER_ID,
+        parserVersion: PARSER_VERSION,
+        dependencyVersions: DEPENDENCY_VERSIONS,
+        matches: (input) => isXlsx(input),
+    }),
+    parseAsync: async (input, options) => {
+        if (input.bytes.byteLength > options.maxBytes) {
+            return emptyResult(xlsxParser.capability, input.documentId, options, [
+                oversizeDiagnostic(input.documentId, input.bytes.byteLength, options.maxBytes),
+            ]);
+        }
+        if (options.signal?.aborted === true) {
+            return cancelled(xlsxParser.capability, input, options);
+        }
+        try {
+            const zip = await openZip(input.bytes);
+            try {
+                const entries = await readRelevantEntries(zip, maxInflatedEntryBytes(options.maxBytes));
+                return parseWorkbook(entries, input, options);
+            }
+            finally {
+                closeZipQuietly(zip);
+            }
+        }
+        catch {
+            return emptyResult(xlsxParser.capability, input.documentId, options, [
+                diagnostic("MALFORMED_INPUT", "xlsx parser rejected malformed or unsupported workbook", input.documentId, "error"),
+            ]);
+        }
+    },
+});

package/dist/privacy/audit-emitter.d.ts

@@ -0,0 +1,5 @@
+import type { KnowledgeStore } from "../store.js";
+import type { AuditEventSink, CapsuleAuditEvent } from "./types.js";
+export declare function emitCapsuleAuditEvent(event: CapsuleAuditEvent, sink: AuditEventSink): void;
+export declare function createSqliteAuditSink(store: KnowledgeStore): AuditEventSink;
+//# sourceMappingURL=audit-emitter.d.ts.map

package/dist/privacy/audit-emitter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-emitter.d.ts","sourceRoot":"","sources":["../../src/privacy/audit-emitter.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,KAAK,EACV,cAAc,EACd,iBAAiB,EAGlB,MAAM,YAAY,CAAC;AAcpB,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,cAAc,GAAG,IAAI,CAE1F;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,cAAc,GAAG,cAAc,CAgB3E"}

package/dist/privacy/audit-emitter.js

@@ -0,0 +1,93 @@
+// emitCapsuleAuditEvent — pure forwarder onto an `AuditEventSink`. The shape lets a caller
+// compose the default node-sqlite sink (writes the schema-compatible event kinds to
+// `capsule_membership_changes`) with any number of additional sinks (external evidence
+// ledger, in-memory test capture, future sibling-table writer) by constructing their own
+// `AuditEventSink` and chaining the calls.
+//
+// The default sink writes every metadata-only event to `capsule_audit_events` and also
+// mirrors the source membership variants into the narrower `capsule_membership_changes`
+// table that #263 already introduced for composition history.
+import { createHash, randomUUID } from "node:crypto";
+const INSERT_MEMBERSHIP_SQL = "INSERT INTO capsule_membership_changes (id, capsule_id, change_kind, source_id, details_json, occurred_at) VALUES (:id, :capsule_id, :change_kind, :source_id, :details_json, :occurred_at)";
+const INSERT_AUDIT_SQL = "INSERT INTO capsule_audit_events (id, capsule_id, kind, source_id, job_id, error_code, processed_documents, failed_documents, deleted_vector_count, deleted_extracted_text_count, details_json, occurred_at) VALUES (:id, :capsule_id, :kind, :source_id, :job_id, :error_code, :processed_documents, :failed_documents, :deleted_vector_count, :deleted_extracted_text_count, :details_json, :occurred_at)";
+export function emitCapsuleAuditEvent(event, sink) {
+    sink.emit(event);
+}
+export function createSqliteAuditSink(store) {
+    const insertAudit = store._internal.db.prepare(INSERT_AUDIT_SQL);
+    const insertMembership = store._internal.db.prepare(INSERT_MEMBERSHIP_SQL);
+    return {
+        emit: (event) => {
+            insertAuditEventRow(insertAudit, event);
+            if (event.kind === "source-added") {
+                insertMembershipRow(insertMembership, event, "add-source");
+                return;
+            }
+            if (event.kind === "source-removed") {
+                insertMembershipRow(insertMembership, event, "remove-source");
+                return;
+            }
+        },
+    };
+}
+function insertAuditEventRow(statement, event) {
+    statement.run({
+        id: randomUUID(),
+        capsule_id: event.capsuleId,
+        kind: event.kind,
+        source_id: "sourceId" in event ? event.sourceId : null,
+        job_id: "jobId" in event ? event.jobId : null,
+        error_code: "errorCode" in event ? event.errorCode : null,
+        processed_documents: "processedDocuments" in event ? event.processedDocuments : null,
+        failed_documents: "failedDocuments" in event ? event.failedDocuments : null,
+        deleted_vector_count: "deletedVectorCount" in event ? event.deletedVectorCount : null,
+        deleted_extracted_text_count: "deletedExtractedTextCount" in event ? event.deletedExtractedTextCount : null,
+        details_json: buildAuditDetailsJson(event),
+        occurred_at: event.occurredAt,
+    });
+}
+function redactChunkIds(chunkIds) {
+    return chunkIds.map((chunkId) => createHash("sha256").update(chunkId).digest("hex").slice(0, 16));
+}
+function buildAuditDetails(event) {
+    if (event.kind === "indexing-job-started" ||
+        event.kind === "indexing-job-completed" ||
+        event.kind === "indexing-job-failed" ||
+        event.kind === "retention-applied") {
+        return {
+            sourceIds: [...event.sourceIds],
+        };
+    }
+    if (event.kind === "retrieval-performed") {
+        return {
+            sourceIds: [...event.sourceIds],
+            chunkIds: redactChunkIds(event.chunkIds),
+            referenceCount: event.referenceCount,
+            noEvidence: event.noEvidence,
+        };
+    }
+    if (event.kind === "answer-context-assembled" || event.kind === "model-context-sent") {
+        return {
+            sourceIds: [...event.sourceIds],
+            chunkIds: redactChunkIds(event.chunkIds),
+            referenceCount: event.referenceCount,
+            citationCount: event.citationCount,
+            ...("modelId" in event ? { modelId: event.modelId } : {}),
+        };
+    }
+    return null;
+}
+function buildAuditDetailsJson(event) {
+    const details = buildAuditDetails(event);
+    return details === null ? null : JSON.stringify(details);
+}
+function insertMembershipRow(statement, event, changeKind) {
+    statement.run({
+        id: randomUUID(),
+        capsule_id: event.capsuleId,
+        change_kind: changeKind,
+        source_id: event.sourceId,
+        details_json: null,
+        occurred_at: event.occurredAt,
+    });
+}

package/dist/privacy/diagnostic-redactor.d.ts

@@ -0,0 +1,2 @@
+export declare function redactDiagnosticMessage(message: string, homePrefix: string): string;
+//# sourceMappingURL=diagnostic-redactor.d.ts.map

package/dist/privacy/diagnostic-redactor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diagnostic-redactor.d.ts","sourceRoot":"","sources":["../../src/privacy/diagnostic-redactor.ts"],"names":[],"mappings":"AAsCA,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAcnF"}

package/dist/privacy/diagnostic-redactor.js

@@ -0,0 +1,153 @@
+// redactDiagnosticMessage — privacy-aware redactor for parser diagnostic messages before
+// they reach a `parser_diagnostics` row. Defense-in-depth around the existing #265
+// `redactPathInDiagnostic` helper: that helper is path-shaped (it home-rewrites a full
+// path string), but a diagnostic message often embeds a path inside prose
+// ("failed to parse /Users/foo/secret.pdf at offset 42"). This module:
+//
+//   1. Replaces any in-message occurrence of `homePrefix` with `~` so the raw home path
+//      cannot leak even when wrapped in surrounding text.
+//   2. Defers to `redactPathInDiagnostic` for control-char stripping, NUL truncation, and
+//      drive-letter masking. That helper's tests in keiko-contracts already pin each step.
+//   3. Hard-caps the output at 1024 chars (structural backstop in case a misbehaving parser
+//      hands us 5 KB of raw extracted text in the message field — the parser SHOULD cap
+//      already, but we cannot trust an unbounded message into the audit ledger).
+//
+// The cap is plain slice (no trailing ellipsis) so the result length is `<= 1024`, not the
+// `<= 1025` you would get from "…"-suffix on a 1024-char prefix.
+import { redactPathInDiagnostic } from "@oscharko-dev/keiko-contracts";
+const HARD_CAP_CHARS = 1024;
+const PATH_BREAK_CHARS = new Set([" ", "\n", "\r", "\t", '"', "'", "<", ">", "|"]);
+const PATH_BOUNDARY_CHARS = new Set([
+    " ",
+    "\n",
+    "\r",
+    "\t",
+    '"',
+    "'",
+    "(",
+    "[",
+    "{",
+    ",",
+    ";",
+    ":",
+    "=",
+]);
+const TRAILING_PUNCTUATION = new Set([".", ",", ";", ":", "!", "?", ")", "]"]);
+export function redactDiagnosticMessage(message, homePrefix) {
+    if (typeof message !== "string")
+        return "";
+    // Step 1: strip control characters / NUL-truncate / drive-mask via the contracts helper.
+    // Passing the message as a "path" is safe — the helper only TRANSFORMS substrings it
+    // recognises and otherwise returns the input unchanged.
+    const sanitised = redactPathInDiagnostic(message, { homePrefix });
+    // Step 2: rewrite any in-prose occurrence of the home prefix. The contracts helper only
+    // home-rewrites when the prefix matches at offset 0; embedded paths slip through, so we
+    // additionally redact path-shaped prose tokens.
+    const normalisedPrefix = stripTrailingSlash(toForwardSlash(homePrefix));
+    const homeRewritten = redactPathCandidates(sanitised, normalisedPrefix);
+    // Step 3: hard cap. `slice` is O(n) and yields exactly HARD_CAP_CHARS chars on long input.
+    if (homeRewritten.length <= HARD_CAP_CHARS)
+        return homeRewritten;
+    return homeRewritten.slice(0, HARD_CAP_CHARS);
+}
+function redactPathCandidates(message, homePrefix) {
+    const parts = [];
+    let index = 0;
+    while (index < message.length) {
+        const start = pathCandidateStart(message, index);
+        if (start === -1) {
+            parts.push(message.slice(index));
+            break;
+        }
+        parts.push(message.slice(index, start));
+        const end = pathCandidateEnd(message, start);
+        const raw = message.slice(start, end);
+        parts.push(redactCandidate(raw, homePrefix));
+        index = end;
+    }
+    return parts.join("");
+}
+function pathCandidateStart(message, from) {
+    for (let index = from; index < message.length; index += 1) {
+        const current = message[index];
+        const next = message[index + 1];
+        if (current === "/" && hasPathBoundary(message, index))
+            return index;
+        if (current === "\\" && next === "\\" && hasPathBoundary(message, index))
+            return index;
+        if (isDriveLetterPrefix(current, next, message[index + 2]) && hasPathBoundary(message, index)) {
+            return index;
+        }
+    }
+    return -1;
+}
+function pathCandidateEnd(message, start) {
+    let end = start;
+    while (end < message.length) {
+        const current = message[end];
+        if (current !== undefined && PATH_BREAK_CHARS.has(current))
+            break;
+        end += 1;
+    }
+    while (end > start) {
+        const trailing = message[end - 1];
+        if (trailing === undefined || !TRAILING_PUNCTUATION.has(trailing))
+            break;
+        end -= 1;
+    }
+    return end;
+}
+function redactCandidate(candidate, homePrefix) {
+    const normalised = toForwardSlash(candidate);
+    const leadingSlash = normalised.startsWith("//");
+    const homeRedacted = homePrefix.length > 0 && isPrefixedPath(normalised, homePrefix)
+        ? `~${normalised.slice(homePrefix.length)}`
+        : normalised;
+    if (homeRedacted.startsWith("~")) {
+        return homeRedacted;
+    }
+    if (leadingSlash) {
+        return `<unc>/${basenameOf(normalised)}`;
+    }
+    if (/^[A-Za-z]:\//.test(normalised)) {
+        return `<drive>/${basenameOf(normalised)}`;
+    }
+    if (normalised.startsWith("/")) {
+        return `<path>/${basenameOf(normalised)}`;
+    }
+    return normalised;
+}
+function toForwardSlash(value) {
+    return value.replace(/\\/g, "/");
+}
+function basenameOf(value) {
+    const trimmed = stripTrailingSlash(value);
+    const lastSlash = trimmed.lastIndexOf("/");
+    return lastSlash === -1 ? trimmed : trimmed.slice(lastSlash + 1);
+}
+function isDriveLetterPrefix(current, next, afterColon) {
+    return (current !== undefined &&
+        next === ":" &&
+        afterColon !== undefined &&
+        ((current >= "A" && current <= "Z") || (current >= "a" && current <= "z")) &&
+        (afterColon === "/" || afterColon === "\\"));
+}
+function isPrefixedPath(value, prefix) {
+    if (!value.startsWith(prefix))
+        return false;
+    const next = value[prefix.length];
+    return next === undefined || next === "/";
+}
+function hasPathBoundary(message, index) {
+    if (index === 0)
+        return true;
+    const previous = message[index - 1];
+    return previous !== undefined && PATH_BOUNDARY_CHARS.has(previous);
+}
+function stripTrailingSlash(value) {
+    let end = value.length;
+    while (end > 0 && value.charCodeAt(end - 1) === 47) {
+        end -= 1;
+    }
+    return end === value.length ? value : value.slice(0, end);
+}