@oscharko-dev/keiko 0.1.0-beta.0

package/dist/workflows/bug-investigation/context.d.ts

@@ -0,0 +1,7 @@
+import { type ContextPack, type WorkspaceInfo } from "../../workspace/index.js";
+import { type WorkspaceFs } from "../../workspace/fs.js";
+import type { BugWorkflowLimits, FailureEvidence } from "./types.js";
+export interface BugContextDeps {
+    readonly fs?: WorkspaceFs | undefined;
+}
+export declare function buildBugContext(workspace: WorkspaceInfo, description: string | undefined, evidence: FailureEvidence, limits: BugWorkflowLimits, deps?: BugContextDeps): ContextPack;

package/dist/workflows/bug-investigation/context.js

@@ -0,0 +1,119 @@
+// Context assembly for the investigation call (ADR-0009 D8). Delegates to #5 buildContextPack so
+// the implicated source, nearby tests, manifests/config, and type definitions are selected, ranked,
+// and excerpted under a byte budget — every excerpt already redacted by #5 at the IO boundary. The
+// failure-frame files and developer-provided targetFiles are folded into the lexical `task` hint so
+// the Wave-1 lexical strategy ranks them up (the #5 ContextRequest is reused unchanged; we do not
+// add a new "seed files" field to #5). Pure except for the WorkspaceFs seam threaded into #5.
+import { buildContextPack, DEFAULT_DISCOVERY_OPTIONS, lexicalRetrievalStrategy, SELECTION_REASON_PRIORITY, } from "../../workspace/index.js";
+import { nodeWorkspaceFs } from "../../workspace/fs.js";
+// The lexical task hint: the bug description (or a generic fallback) plus the implicated file paths
+// so the lexical ranker pulls those files into the pack. Deduped; bounded by the frame cap upstream.
+function taskHint(description, evidence) {
+    const base = description !== undefined && description.trim().length > 0
+        ? description.trim()
+        : "investigate failing test and locate the root cause";
+    const files = Array.from(new Set(evidence.frames.map((frame) => frame.file)));
+    return files.length === 0 ? base : `${base} ${files.join(" ")}`;
+}
+function toPosix(path) {
+    return path.split("\\").join("/");
+}
+function basename(path) {
+    const normalized = toPosix(path);
+    const idx = normalized.lastIndexOf("/");
+    return idx === -1 ? normalized : normalized.slice(idx + 1);
+}
+function stem(path) {
+    const base = basename(path);
+    const idx = base.lastIndexOf(".");
+    return idx <= 0 ? base : base.slice(0, idx);
+}
+function testStem(path) {
+    const parts = stem(path).split(".");
+    const marker = parts.findIndex((part) => part === "test" || part === "spec");
+    return marker === -1 ? parts.join(".") : parts.slice(0, marker).join(".");
+}
+function underDir(path, dir) {
+    const normalized = toPosix(dir);
+    return path === normalized || path.startsWith(`${normalized}/`);
+}
+function toWorkspaceRelative(path, workspace) {
+    const normalized = toPosix(path);
+    const root = toPosix(workspace.root);
+    return normalized.startsWith(`${root}/`) ? normalized.slice(root.length + 1) : normalized;
+}
+function buildEvidenceIndex(evidence, workspace) {
+    const paths = new Set(evidence.frames.map((frame) => toWorkspaceRelative(frame.file, workspace)));
+    return { paths, stems: new Set([...paths].map(stem)) };
+}
+function isEvidenceTarget(path, evidence) {
+    return evidence.paths.has(toPosix(path));
+}
+function isTestCandidate(path, workspace, selectionReason) {
+    return (selectionReason === "test" ||
+        workspace.testDirs.some((testDir) => underDir(path, testDir)) ||
+        stem(path)
+            .split(".")
+            .some((part) => part === "test" || part === "spec"));
+}
+function isNearbyEvidenceTest(path, workspace, evidence, selectionReason) {
+    if (!isTestCandidate(path, workspace, selectionReason)) {
+        return false;
+    }
+    const candidateStem = testStem(path);
+    return evidence.stems.has(candidateStem);
+}
+function priorityIndex(reason) {
+    return SELECTION_REASON_PRIORITY.indexOf(reason);
+}
+function evidencePriority(ranked, workspace, evidence) {
+    const path = toPosix(ranked.file.relativePath);
+    if (isEvidenceTarget(path, evidence)) {
+        return 0;
+    }
+    if (isNearbyEvidenceTest(path, workspace, evidence, ranked.selectionReason)) {
+        return 1;
+    }
+    return 2;
+}
+function isSupportContext(ranked) {
+    return ranked.selectionReason === "manifest" || ranked.selectionReason === "config";
+}
+function focusedContext(ranked, workspace, evidence) {
+    const focused = ranked.filter((item) => evidencePriority(item, workspace, evidence) < 2 || isSupportContext(item));
+    return focused.length === 0 ? ranked : focused;
+}
+function createBugRetrievalStrategy(workspace, evidence) {
+    const index = buildEvidenceIndex(evidence, workspace);
+    return {
+        rank: (files, task) => {
+            const ranked = focusedContext(lexicalRetrievalStrategy.rank(files, task), workspace, index);
+            return [...ranked].sort((a, b) => {
+                const byEvidence = evidencePriority(a, workspace, index) - evidencePriority(b, workspace, index);
+                if (byEvidence !== 0) {
+                    return byEvidence;
+                }
+                const byReason = priorityIndex(a.selectionReason) - priorityIndex(b.selectionReason);
+                if (byReason !== 0) {
+                    return byReason;
+                }
+                return a.file.relativePath.localeCompare(b.file.relativePath);
+            });
+        },
+    };
+}
+export function buildBugContext(workspace, description, evidence, limits, deps = {}) {
+    const request = {
+        task: taskHint(description, evidence),
+        budgetBytes: limits.contextBudgetBytes,
+        maxBytesPerFile: limits.maxBytesPerFile,
+        discovery: DEFAULT_DISCOVERY_OPTIONS,
+    };
+    // buildContextPack defaults to the lexical strategy, but ContextPackDeps requires the field; pass
+    // the #5 barrel default explicitly so we hand a complete deps object without reaching past #5.
+    const packDeps = {
+        fs: deps.fs ?? nodeWorkspaceFs,
+        strategy: createBugRetrievalStrategy(workspace, evidence),
+    };
+    return buildContextPack(workspace, request, packDeps);
+}

package/dist/workflows/bug-investigation/descriptor.d.ts

@@ -0,0 +1,3 @@
+import { type BugWorkflowLimits } from "./types.js";
+import type { WorkflowDescriptor } from "../descriptor.js";
+export declare const BUG_INVESTIGATION_WORKFLOW_DESCRIPTOR: WorkflowDescriptor<BugWorkflowLimits>;

package/dist/workflows/bug-investigation/descriptor.js

@@ -0,0 +1,46 @@
+// The static UI workflow descriptor (ADR-0009 D12). Issue #13 reads this to render the
+// bug-investigation workflow UI without knowing the implementation. Frozen and JSON-serializable.
+// Imports the shared WorkflowDescriptor base from ../descriptor.js (NOT from the unit-test
+// workflow) so the two sibling workflows do not depend on each other. preferredCostClass is "high"
+// because root-cause analysis benefits from a stronger model than test generation.
+import { DEFAULT_BUG_WORKFLOW_LIMITS } from "./types.js";
+export const BUG_INVESTIGATION_WORKFLOW_DESCRIPTOR = {
+    workflowId: "bug-investigation",
+    name: "Bug Investigation and Regression Test",
+    description: "Investigates a bounded bug report (description, failing output, stack trace, and/or " +
+        "suspected files), proposes a root-cause hypothesis with a minimal fix and a regression " +
+        "test, and separates verified facts from model hypotheses. Dry-run by default; pass " +
+        "apply:true to write the fix and run verification. When evidence is insufficient it returns " +
+        "a scoped investigation report with no patch rather than an invented fix.",
+    inputs: [
+        {
+            name: "report",
+            type: "object",
+            required: true,
+            description: "Bug report: { description?, failingOutput?, stackTrace?, targetFiles? } — at least one present",
+        },
+        {
+            name: "apply",
+            type: "boolean",
+            required: false,
+            description: "Write the fix to disk and run verification",
+            defaultValue: false,
+        },
+        {
+            name: "modelId",
+            type: "string",
+            required: true,
+            description: "Model ID registered in gateway config",
+        },
+        {
+            name: "limits",
+            type: "object",
+            required: false,
+            description: "Partial<BugWorkflowLimits> overrides (incl. the bug-fix change budget)",
+        },
+    ],
+    defaultLimits: DEFAULT_BUG_WORKFLOW_LIMITS,
+    modelSelectionOptions: { arbitrary: true, preferredCostClass: "high" },
+    supportsDryRun: true,
+    supportsApply: true,
+};

package/dist/workflows/bug-investigation/emit.d.ts

@@ -0,0 +1,12 @@
+import type { BugReportInput } from "./types.js";
+import type { BugInvestigationEvent, BugWorkflowEventSink } from "./events.js";
+export declare function computeBugFingerprint(report: BugReportInput, modelId: string): string;
+type EnvelopeFields = "schemaVersion" | "runId" | "fingerprint" | "seq" | "ts";
+export type BugEventBody = {
+    [E in BugInvestigationEvent as E["type"]]: Omit<E, EnvelopeFields>;
+}[BugInvestigationEvent["type"]];
+export interface BugEventEmitter {
+    readonly emit: (body: BugEventBody) => void;
+}
+export declare function createBugEventEmitter(sink: BugWorkflowEventSink, runId: string, fingerprint: string, now: () => number): BugEventEmitter;
+export {};

package/dist/workflows/bug-investigation/emit.js

@@ -0,0 +1,35 @@
+// Event emission helper for the bug-investigation workflow (ADR-0009 D5). Owns the monotonic seq
+// counter and stamps every event with the shared envelope ({ schemaVersion, runId, fingerprint,
+// seq, ts }). The fingerprint is SHA-256(workflowId + canonical(report) + modelId) truncated to 16
+// hex chars — the same shape as the harness fingerprinter — reusing `canonicalise` from the harness
+// barrel so two structurally equal reports fingerprint identically regardless of key order.
+// Sensitive fields are redacted by the CALLER before handing the event here.
+import { createHash } from "node:crypto";
+import { canonicalise } from "../../harness/index.js";
+const FINGERPRINT_HEX_CHARS = 16;
+export function computeBugFingerprint(report, modelId) {
+    const canonical = canonicalise({ workflowId: "bug-investigation", report, modelId });
+    return createHash("sha256")
+        .update(canonical, "utf8")
+        .digest("hex")
+        .slice(0, FINGERPRINT_HEX_CHARS);
+}
+export function createBugEventEmitter(sink, runId, fingerprint, now) {
+    let seq = 0;
+    return {
+        emit: (body) => {
+            seq += 1;
+            // The body is a complete discriminated-union member minus the envelope; re-attaching the
+            // envelope yields a valid BugInvestigationEvent. The cast is over the union, not a widening.
+            const event = {
+                schemaVersion: "1",
+                runId,
+                fingerprint,
+                seq,
+                ts: now(),
+                ...body,
+            };
+            sink.emit(event);
+        },
+    };
+}

package/dist/workflows/bug-investigation/events.d.ts

@@ -0,0 +1,81 @@
+import type { VerificationStatus } from "../../verification/index.js";
+import type { BugWorkflowLimits, BugWorkflowStatus } from "./types.js";
+interface BaseBugEvent {
+    readonly schemaVersion: "1";
+    readonly runId: string;
+    readonly fingerprint: string;
+    readonly seq: number;
+    readonly ts: number;
+}
+export interface BugInvestigationStartedEvent extends BaseBugEvent {
+    readonly type: "bug:started";
+    readonly workflowId: "bug-investigation";
+    readonly modelId: string;
+    readonly applyEnabled: boolean;
+    readonly limits: BugWorkflowLimits;
+}
+export interface FailureParsedEvent extends BaseBugEvent {
+    readonly type: "bug:failure:parsed";
+    readonly frameCount: number;
+    readonly messageCount: number;
+}
+export interface BugContextSelectedEvent extends BaseBugEvent {
+    readonly type: "bug:context:selected";
+    readonly entryCount: number;
+    readonly usedBytes: number;
+    readonly budgetBytes: number;
+    readonly droppedForBudget: number;
+}
+export interface BugModelCallStartedEvent extends BaseBugEvent {
+    readonly type: "bug:model:call:started";
+    readonly attempt: number;
+    readonly contextBytes: number;
+}
+export interface BugModelCallCompletedEvent extends BaseBugEvent {
+    readonly type: "bug:model:call:completed";
+    readonly attempt: number;
+    readonly finishReason: string;
+    readonly promptTokens: number;
+    readonly completionTokens: number;
+    readonly latencyMs: number;
+}
+export interface RootCauseProposedEvent extends BaseBugEvent {
+    readonly type: "bug:rootcause:proposed";
+    readonly hasPatch: boolean;
+    readonly confidence?: "low" | "medium" | "high" | undefined;
+}
+export interface BugPatchValidatedEvent extends BaseBugEvent {
+    readonly type: "bug:patch:validated";
+    readonly ok: boolean;
+    readonly patchBytes: number;
+    readonly filesChanged: number;
+    readonly rejectionCode?: string | undefined;
+}
+export interface BugPatchAppliedEvent extends BaseBugEvent {
+    readonly type: "bug:patch:applied";
+    readonly changedFiles: number;
+    readonly created: number;
+    readonly deleted: number;
+}
+export interface BugVerificationResultEvent extends BaseBugEvent {
+    readonly type: "bug:verification:result";
+    readonly overallStatus: VerificationStatus;
+    readonly stepCount: number;
+    readonly passedCount: number;
+    readonly durationMs: number;
+}
+export interface BugInvestigationCompletedEvent extends BaseBugEvent {
+    readonly type: "bug:completed";
+    readonly status: BugWorkflowStatus;
+    readonly durationMs: number;
+}
+export interface BugInvestigationFailedEvent extends BaseBugEvent {
+    readonly type: "bug:failed";
+    readonly errorCode: string;
+    readonly message: string;
+}
+export type BugInvestigationEvent = BugInvestigationStartedEvent | FailureParsedEvent | BugContextSelectedEvent | BugModelCallStartedEvent | BugModelCallCompletedEvent | RootCauseProposedEvent | BugPatchValidatedEvent | BugPatchAppliedEvent | BugVerificationResultEvent | BugInvestigationCompletedEvent | BugInvestigationFailedEvent;
+export interface BugWorkflowEventSink {
+    readonly emit: (event: BugInvestigationEvent) => void;
+}
+export {};

package/dist/workflows/bug-investigation/events.js

@@ -0,0 +1,9 @@
+// The BugInvestigationEvent discriminated union and its BugWorkflowEventSink (ADR-0009 D5). The
+// envelope reuses the harness BaseEvent field shape ({ schemaVersion, runId, fingerprint, seq,
+// ts }) by STRUCTURAL convention — NOT a TypeScript import — so the #10 audit ledger and #13 UI can
+// narrow these events with the same envelope logic they apply to HarnessEvent. This union is
+// SEPARATE from both HarnessEvent and the unit-test WorkflowEvent. Every member name is DISTINCT
+// from the unit-test workflow's (ADR-0009 D5) so the package-root re-export does not collide. No
+// runtime logic lives here. Members carry COUNTS/FLAGS only — never prose, diff, or raw paths;
+// the one SENSITIVE field (failure message) is redacted before emit.
+export {};

package/dist/workflows/bug-investigation/failure-parse.d.ts

@@ -0,0 +1,3 @@
+import type { BugReportInput, FailureEvidence } from "./types.js";
+export declare const MAX_FRAMES = 25;
+export declare function parseFailureEvidence(report: BugReportInput): FailureEvidence;

package/dist/workflows/bug-investigation/failure-parse.js

@@ -0,0 +1,154 @@
+// Failure-output parsing (ADR-0009 D7, NEW seam). Extracts candidate source frames and short
+// error/assertion messages from a bug report's failingOutput + stackTrace, and merges the
+// developer-provided targetFiles as line-less seed frames. The extracted frames are VERIFIED FACTS
+// (what the tool parsed, not a model claim) and seed both context selection (D8) and the report.
+//
+// SECURITY (CodeQL js/polynomial-redos, steering note F): failure output is attacker-influenceable
+// (a failing test can print arbitrary text), so this parser uses ONLY bounded, line-oriented string
+// ops — split('\n'), indexOf/lastIndexOf, slice, a right-split on ':', and an all-digit check. The
+// single regex used (ALL_DIGITS) is a bounded character class with NO nested quantifiers and NO
+// `.*` alternation, so there is no super-linear backtracking surface. Line count and per-line work
+// are both capped. Pure: no IO, no clock, no RNG.
+// Caps that bound total work regardless of input size.
+const MAX_LINES_SCANNED = 2_000;
+export const MAX_FRAMES = 25;
+const MAX_MESSAGES = 10;
+const MAX_MESSAGE_LENGTH = 200;
+const ALL_DIGITS = /^[0-9]+$/;
+const FILE_URL_PREFIX = "file://";
+const MESSAGE_MARKERS = [
+    "assertionerror",
+    "error:",
+    "expected",
+    "typeerror",
+    "referenceerror",
+    "✕",
+    "×",
+    "fail",
+    "●",
+];
+function toPosix(value) {
+    return value.split("\\").join("/");
+}
+// Parses a numeric line number from a token, or undefined when the token is not all-digits.
+function toLine(token) {
+    if (token === undefined || token.length === 0 || !ALL_DIGITS.test(token)) {
+        return undefined;
+    }
+    return Number(token);
+}
+// Strips a leading `file://` URL prefix from a location token. `file:///repo/x.ts` -> `/repo/x.ts`.
+function stripFileUrl(location) {
+    if (!location.startsWith(FILE_URL_PREFIX)) {
+        return location;
+    }
+    const afterScheme = location.slice(FILE_URL_PREFIX.length);
+    // file:///path keeps the leading slash of the absolute path; file://host/path is not expected
+    // from runtimes here, so we keep everything after the scheme verbatim.
+    return afterScheme;
+}
+// Peels `:line:col` off the END of a location token using a right-split, returning the file path
+// and the numeric line (when present). `src/x.ts:3:10` -> { file: "src/x.ts", line: 3 }. A token
+// with no numeric `:line` segment yields no frame.
+function peelLocation(rawLocation) {
+    const location = stripFileUrl(rawLocation.trim());
+    const lastColon = location.lastIndexOf(":");
+    if (lastColon <= 0) {
+        return undefined;
+    }
+    const beforeCol = location.slice(0, lastColon);
+    const lineColon = beforeCol.lastIndexOf(":");
+    // Case `file:line:col`: peel col then line.
+    const lineToken = lineColon <= 0 ? undefined : beforeCol.slice(lineColon + 1);
+    const line = toLine(lineToken);
+    if (line !== undefined) {
+        const file = toPosix(beforeCol.slice(0, lineColon));
+        return file.length === 0 ? undefined : { file, line };
+    }
+    // Case `file:line` (no col): the token after the last colon is the line.
+    const lineOnly = toLine(location.slice(lastColon + 1));
+    if (lineOnly !== undefined) {
+        const file = toPosix(beforeCol);
+        return file.length === 0 ? undefined : { file, line: lineOnly };
+    }
+    return undefined;
+}
+// Extracts the location token from a stack-frame line. Handles `at fn (loc)`, `at loc`, and a bare
+// `loc` line, all via plain indexOf/slice (no regex).
+function locationToken(line) {
+    const trimmed = line.trim();
+    const open = trimmed.lastIndexOf("(");
+    if (open !== -1) {
+        const close = trimmed.indexOf(")", open + 1);
+        if (close !== -1) {
+            return trimmed.slice(open + 1, close);
+        }
+    }
+    const at = "at ";
+    if (trimmed.startsWith(at)) {
+        return trimmed.slice(at.length).trim();
+    }
+    return trimmed;
+}
+function isMessageLine(lower) {
+    return MESSAGE_MARKERS.some((marker) => lower.includes(marker));
+}
+function pushFrame(acc, frame) {
+    const key = `${frame.file}:${frame.line === undefined ? "" : String(frame.line)}`;
+    if (acc.seen.has(key) || acc.frames.length >= MAX_FRAMES) {
+        return;
+    }
+    acc.seen.add(key);
+    acc.frames.push(frame);
+}
+function pushMessage(acc, line) {
+    if (acc.messages.length >= MAX_MESSAGES) {
+        return;
+    }
+    acc.messages.push(line.trim().slice(0, MAX_MESSAGE_LENGTH));
+}
+function scanLine(acc, line) {
+    const token = locationToken(line);
+    const frame = token === undefined ? undefined : peelLocation(token);
+    if (frame !== undefined) {
+        pushFrame(acc, frame);
+    }
+    if (isMessageLine(line.toLowerCase())) {
+        pushMessage(acc, line);
+    }
+}
+function scanText(acc, text) {
+    if (text === undefined) {
+        return;
+    }
+    let start = 0;
+    let scanned = 0;
+    while (scanned < MAX_LINES_SCANNED && start <= text.length) {
+        const newline = text.indexOf("\n", start);
+        const end = newline === -1 ? text.length : newline;
+        scanLine(acc, text.slice(start, end));
+        scanned += 1;
+        if (newline === -1) {
+            break;
+        }
+        start = newline + 1;
+    }
+}
+function mergeTargetFiles(acc, targetFiles) {
+    if (targetFiles === undefined) {
+        return;
+    }
+    for (const raw of targetFiles) {
+        const file = toPosix(raw.trim());
+        if (file.length > 0) {
+            pushFrame(acc, { file, line: undefined });
+        }
+    }
+}
+export function parseFailureEvidence(report) {
+    const acc = { frames: [], messages: [], seen: new Set() };
+    scanText(acc, report.failingOutput);
+    scanText(acc, report.stackTrace);
+    mergeTargetFiles(acc, report.targetFiles);
+    return { frames: acc.frames, messages: acc.messages };
+}

package/dist/workflows/bug-investigation/guard.d.ts

@@ -0,0 +1,2 @@
+export declare function isSensitivePath(relPath: string): boolean;
+export declare function isElevatedReviewPath(relPath: string): boolean;

package/dist/workflows/bug-investigation/guard.js

@@ -0,0 +1,69 @@
+// The bug-fix scope guard's path predicates (ADR-0009 D6). A bug fix legitimately edits production
+// source, so #8's test-files-only guard does NOT apply. Instead this module provides two pure
+// predicates that bound prompt-injection blast radius WITHOUT modifying #6:
+//   - isSensitivePath: reject traversal/absolute (fail-closed), .github/, .husky/, and lockfiles —
+//     paths #6's deny-list does NOT cover but that a prompt-injected "fix" must never touch.
+//   - isElevatedReviewPath: manifest/config edits are ALLOWED but surfaced for elevated review.
+// The change-budget half of D6 is enforced via the #6 PatchLimits override seam (in model-loop.ts).
+//
+// SECURITY (CodeQL js/polynomial-redos): ALL checks use plain string ops (split, startsWith,
+// equality, toLowerCase) — ZERO regex — so there is no ReDoS surface. Checks 2-4 are case-
+// insensitive (matching #6 isDenied) so a case-only variant cannot bypass the guard on
+// case-insensitive filesystems (macOS/Windows); the traversal check is case-invariant by nature.
+const LOCKFILE_BASENAMES = [
+    "package-lock.json",
+    "npm-shrinkwrap.json",
+    "yarn.lock",
+    "pnpm-lock.yaml",
+];
+const SENSITIVE_DIRS = [".github", ".husky"];
+function toPosix(relPath) {
+    return relPath.split("\\").join("/");
+}
+// Copies #8's isTraversal logic EXACTLY: an absolute leading slash or any `..` segment can resolve
+// to a file OUTSIDE the apparent location after #6 resolveWithinWorkspace collapses it. Rejected
+// fail-closed BEFORE the case-folded checks so the guarded path matches what #6 would write.
+function isTraversal(posixPath) {
+    return posixPath.startsWith("/") || posixPath.split("/").includes("..");
+}
+function basename(posixPath) {
+    const slash = posixPath.lastIndexOf("/");
+    return slash === -1 ? posixPath : posixPath.slice(slash + 1);
+}
+function underSensitiveDir(lower) {
+    return SENSITIVE_DIRS.some((dir) => lower === dir || lower.startsWith(`${dir}/`));
+}
+// Drops `.` and empty ("//") segments so the guard sees the SAME form #6 resolveWithinWorkspace
+// collapses to. Without this, `./.husky/pre-commit` and `.//.github/x` slip past the dir/basename
+// checks (they don't literally start with `.github/`/`.husky/`) yet #6 writes the real protected
+// file (security fix C1). Run only AFTER isTraversal has fail-closed `..`/leading-`/` on the raw
+// path. Pure string ops — no regex.
+function normalizePosix(posixPath) {
+    return posixPath
+        .split("/")
+        .filter((segment) => segment !== "" && segment !== ".")
+        .join("/");
+}
+// The sensitive-path guard (D6 bound 2). Returns true when the path must be rejected as
+// out-of-scope. Manifest/config edits are NOT sensitive (see isElevatedReviewPath).
+export function isSensitivePath(relPath) {
+    const posixPath = toPosix(relPath);
+    if (isTraversal(posixPath)) {
+        return true;
+    }
+    const lower = normalizePosix(posixPath).toLowerCase();
+    if (underSensitiveDir(lower)) {
+        return true;
+    }
+    return LOCKFILE_BASENAMES.includes(basename(lower));
+}
+// Manifest/config edits a fix may legitimately need. ALLOWED, but flagged so the report surfaces
+// them as an elevated-review item. A pure basename predicate (case-insensitive). Normalizes `./`
+// and `//` segments first so a `./package.json` form is flagged identically to `package.json`.
+export function isElevatedReviewPath(relPath) {
+    const base = basename(normalizePosix(toPosix(relPath)).toLowerCase());
+    if (base === "package.json") {
+        return true;
+    }
+    return base.startsWith("tsconfig") && base.endsWith(".json");
+}

package/dist/workflows/bug-investigation/index.d.ts

@@ -0,0 +1,7 @@
+export { investigateBug } from "./workflow.js";
+export { assembleBugReport, renderBugMarkdownReport, type BugReportParts } from "./report.js";
+export { BUG_INVESTIGATION_WORKFLOW_DESCRIPTOR } from "./descriptor.js";
+export { isSensitivePath, isElevatedReviewPath } from "./guard.js";
+export { parseFailureEvidence, MAX_FRAMES } from "./failure-parse.js";
+export { DEFAULT_BUG_WORKFLOW_LIMITS, type BugInvestigationInput, type BugInvestigationDeps, type BugInvestigationReport, type BugReportInput, type BugWorkflowLimits, type BugWorkflowStatus, type ChangedFile, type FailureEvidence, type FailureFrame, type Hypothesis, type ParsedBugOutput, type VerifiedFindings, } from "./types.js";
+export type { BugContextSelectedEvent, BugInvestigationCompletedEvent, BugInvestigationEvent, BugInvestigationFailedEvent, BugInvestigationStartedEvent, BugModelCallCompletedEvent, BugModelCallStartedEvent, BugPatchAppliedEvent, BugPatchValidatedEvent, BugVerificationResultEvent, BugWorkflowEventSink, FailureParsedEvent, RootCauseProposedEvent, } from "./events.js";

package/dist/workflows/bug-investigation/index.js

@@ -0,0 +1,13 @@
+// Public barrel for the bug-investigation workflow (ADR-0009 D1). Re-exports the single entry
+// (investigateBug), the static UI descriptor, the Markdown renderer, the BugInvestigationEvent
+// family, and all public types. Internal pipeline modules (internal, model-loop, verify-stage,
+// stages, emit, parse, context, prompt) are NOT re-exported — they are implementation detail. The
+// shared WorkflowDescriptor/WorkflowInputSpec types are intentionally NOT re-exported here (the top
+// workflows barrel exposes them exactly once from ./descriptor.js, ADR-0009 D12). Explicit named
+// re-exports, `type` keyword for type-only, double quotes, `.js`.
+export { investigateBug } from "./workflow.js";
+export { assembleBugReport, renderBugMarkdownReport } from "./report.js";
+export { BUG_INVESTIGATION_WORKFLOW_DESCRIPTOR } from "./descriptor.js";
+export { isSensitivePath, isElevatedReviewPath } from "./guard.js";
+export { parseFailureEvidence, MAX_FRAMES } from "./failure-parse.js";
+export { DEFAULT_BUG_WORKFLOW_LIMITS, } from "./types.js";

package/dist/workflows/bug-investigation/internal.d.ts

@@ -0,0 +1,37 @@
+import type { PatchLimits, PatchValidation } from "../../tools/index.js";
+import { type BugEventEmitter } from "./emit.js";
+import { type BugInvestigationDeps, type BugInvestigationInput, type BugWorkflowLimits, type Hypothesis } from "./types.js";
+import type { BugWorkflowEventSink } from "./events.js";
+export declare const NO_OP_SINK: BugWorkflowEventSink;
+export interface BugWorkflowProgress {
+    modelCallCount: number;
+    patchRetryCount: number;
+}
+export interface BugRunState {
+    readonly input: BugInvestigationInput;
+    readonly deps: BugInvestigationDeps;
+    readonly limits: BugWorkflowLimits;
+    readonly signal: AbortSignal;
+    readonly now: () => number;
+    readonly emitter: BugEventEmitter;
+    readonly startedAt: number;
+    readonly progress: BugWorkflowProgress;
+}
+export interface AcceptedBugPatch {
+    readonly diff: string;
+    readonly validation: PatchValidation;
+    readonly hypothesis: Hypothesis;
+}
+export interface BugModelLoopResult {
+    readonly accepted: AcceptedBugPatch | undefined;
+    readonly investigationOnly: Hypothesis | undefined;
+    readonly modelCallCount: number;
+    readonly patchRetryCount: number;
+    readonly lastRejectionCode: string | undefined;
+}
+export declare const EMPTY_BUG_LOOP: BugModelLoopResult;
+export declare function resolveBugLimits(input: BugInvestigationInput): BugWorkflowLimits;
+export declare function patchLimitsFrom(limits: BugWorkflowLimits): PatchLimits;
+export declare function buildBugRunState(input: BugInvestigationInput, deps: BugInvestigationDeps, fingerprint: string): BugRunState;
+export declare function nextActionsFor(applied: boolean, files: readonly string[], elevated: readonly string[]): readonly string[];
+export declare function investigationNextActions(): readonly string[];