npm - @probelabs/visor - Versions diffs - 0.1.69 → 0.1.71 - Mend

@probelabs/visor 0.1.69 → 0.1.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/README.md +124 -30
package/dist/check-execution-engine.d.ts +13 -0
package/dist/check-execution-engine.d.ts.map +1 -1
package/dist/cli-main.d.ts.map +1 -1
package/dist/config.d.ts.map +1 -1
package/dist/failure-condition-evaluator.d.ts +1 -1
package/dist/failure-condition-evaluator.d.ts.map +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +570 -35
package/dist/providers/command-check-provider.d.ts +1 -1
package/dist/providers/command-check-provider.d.ts.map +1 -1
package/dist/sdk/check-execution-engine-TBF6LPYH.mjs +9 -0
package/dist/sdk/check-execution-engine-TBF6LPYH.mjs.map +1 -0
package/dist/sdk/chunk-745RDQD3.mjs +8299 -0
package/dist/sdk/chunk-745RDQD3.mjs.map +1 -0
package/dist/sdk/chunk-FIL2OGF6.mjs +68 -0
package/dist/sdk/chunk-FIL2OGF6.mjs.map +1 -0
package/dist/sdk/chunk-U5D2LY66.mjs +245 -0
package/dist/sdk/chunk-U5D2LY66.mjs.map +1 -0
package/dist/sdk/chunk-WMJKH4XE.mjs +34 -0
package/dist/sdk/chunk-WMJKH4XE.mjs.map +1 -0
package/dist/sdk/config-merger-TWUBWFC2.mjs +8 -0
package/dist/sdk/config-merger-TWUBWFC2.mjs.map +1 -0
package/dist/sdk/liquid-extensions-KDECAJTV.mjs +12 -0
package/dist/sdk/liquid-extensions-KDECAJTV.mjs.map +1 -0
package/dist/sdk/sdk.d.mts +568 -0
package/dist/sdk/sdk.d.ts +568 -0
package/dist/sdk/sdk.js +9825 -0
package/dist/sdk/sdk.js.map +1 -0
package/dist/sdk/sdk.mjs +1006 -0
package/dist/sdk/sdk.mjs.map +1 -0
package/dist/sdk.d.ts +28 -0
package/dist/sdk.d.ts.map +1 -0
package/dist/types/config.d.ts +63 -0
package/dist/types/config.d.ts.map +1 -1
package/package.json +20 -3

package/dist/sdk/sdk.mjs ADDED Viewed

@@ -0,0 +1,1006 @@
+import {
+  CheckExecutionEngine
+} from "./chunk-745RDQD3.mjs";
+import "./chunk-FIL2OGF6.mjs";
+import {
+  ConfigMerger
+} from "./chunk-U5D2LY66.mjs";
+import {
+  __require
+} from "./chunk-WMJKH4XE.mjs";
+// src/config.ts
+import * as yaml2 from "js-yaml";
+import * as fs2 from "fs";
+import * as path2 from "path";
+import simpleGit from "simple-git";
+// src/utils/config-loader.ts
+import * as fs from "fs";
+import * as path from "path";
+import * as yaml from "js-yaml";
+var ConfigLoader = class {
+  constructor(options = {}) {
+    this.options = options;
+    this.options = {
+      allowRemote: true,
+      cacheTTL: 5 * 60 * 1e3,
+      // 5 minutes
+      timeout: 30 * 1e3,
+      // 30 seconds
+      maxDepth: 10,
+      allowedRemotePatterns: [],
+      // Empty by default for security
+      projectRoot: this.findProjectRoot(),
+      ...options
+    };
+  }
+  cache = /* @__PURE__ */ new Map();
+  loadedConfigs = /* @__PURE__ */ new Set();
+  /**
+   * Determine the source type from a string
+   */
+  getSourceType(source) {
+    if (source === "default") {
+      return "default" /* DEFAULT */;
+    }
+    if (source.startsWith("http://") || source.startsWith("https://")) {
+      return "remote" /* REMOTE */;
+    }
+    return "local" /* LOCAL */;
+  }
+  /**
+   * Fetch configuration from any source
+   */
+  async fetchConfig(source, currentDepth = 0) {
+    if (currentDepth >= (this.options.maxDepth || 10)) {
+      throw new Error(
+        `Maximum extends depth (${this.options.maxDepth}) exceeded. Check for circular dependencies.`
+      );
+    }
+    const normalizedSource = this.normalizeSource(source);
+    if (this.loadedConfigs.has(normalizedSource)) {
+      throw new Error(
+        `Circular dependency detected: ${normalizedSource} is already in the extends chain`
+      );
+    }
+    const sourceType = this.getSourceType(source);
+    try {
+      this.loadedConfigs.add(normalizedSource);
+      switch (sourceType) {
+        case "default" /* DEFAULT */:
+          return await this.fetchDefaultConfig();
+        case "remote" /* REMOTE */:
+          if (!this.options.allowRemote) {
+            throw new Error(
+              "Remote extends are disabled. Enable with --allow-remote-extends or remove VISOR_NO_REMOTE_EXTENDS environment variable."
+            );
+          }
+          return await this.fetchRemoteConfig(source);
+        case "local" /* LOCAL */:
+          return await this.fetchLocalConfig(source);
+        default:
+          throw new Error(`Unknown configuration source: ${source}`);
+      }
+    } finally {
+      this.loadedConfigs.delete(normalizedSource);
+    }
+  }
+  /**
+   * Normalize source path/URL for comparison
+   */
+  normalizeSource(source) {
+    const sourceType = this.getSourceType(source);
+    switch (sourceType) {
+      case "default" /* DEFAULT */:
+        return "default";
+      case "remote" /* REMOTE */:
+        return source.toLowerCase();
+      case "local" /* LOCAL */:
+        const basePath = this.options.baseDir || process.cwd();
+        return path.resolve(basePath, source);
+      default:
+        return source;
+    }
+  }
+  /**
+   * Load configuration from local file system
+   */
+  async fetchLocalConfig(filePath) {
+    const basePath = this.options.baseDir || process.cwd();
+    const resolvedPath = path.resolve(basePath, filePath);
+    this.validateLocalPath(resolvedPath);
+    if (!fs.existsSync(resolvedPath)) {
+      throw new Error(`Configuration file not found: ${resolvedPath}`);
+    }
+    try {
+      const content = fs.readFileSync(resolvedPath, "utf8");
+      const config = yaml.load(content);
+      if (!config || typeof config !== "object") {
+        throw new Error(`Invalid YAML in configuration file: ${resolvedPath}`);
+      }
+      const previousBaseDir = this.options.baseDir;
+      this.options.baseDir = path.dirname(resolvedPath);
+      try {
+        if (config.extends) {
+          const processedConfig = await this.processExtends(config);
+          return processedConfig;
+        }
+        return config;
+      } finally {
+        this.options.baseDir = previousBaseDir;
+      }
+    } catch (error) {
+      if (error instanceof Error) {
+        throw new Error(`Failed to load configuration from ${resolvedPath}: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+  /**
+   * Fetch configuration from remote URL
+   */
+  async fetchRemoteConfig(url) {
+    if (!url.startsWith("http://") && !url.startsWith("https://")) {
+      throw new Error(`Invalid URL: ${url}. Only HTTP and HTTPS protocols are supported.`);
+    }
+    this.validateRemoteURL(url);
+    const cacheEntry = this.cache.get(url);
+    if (cacheEntry && Date.now() - cacheEntry.timestamp < cacheEntry.ttl) {
+      const outputFormat2 = process.env.VISOR_OUTPUT_FORMAT;
+      const logFn2 = outputFormat2 === "json" || outputFormat2 === "sarif" ? console.error : console.log;
+      logFn2(`\u{1F4E6} Using cached configuration from: ${url}`);
+      return cacheEntry.config;
+    }
+    const outputFormat = process.env.VISOR_OUTPUT_FORMAT;
+    const logFn = outputFormat === "json" || outputFormat === "sarif" ? console.error : console.log;
+    logFn(`\u2B07\uFE0F  Fetching remote configuration from: ${url}`);
+    const controller = new AbortController();
+    const timeoutMs = this.options.timeout ?? 3e4;
+    const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+      const response = await fetch(url, {
+        signal: controller.signal,
+        headers: {
+          "User-Agent": "Visor/1.0"
+        }
+      });
+      if (!response.ok) {
+        throw new Error(`Failed to fetch config: ${response.status} ${response.statusText}`);
+      }
+      const content = await response.text();
+      const config = yaml.load(content);
+      if (!config || typeof config !== "object") {
+        throw new Error(`Invalid YAML in remote configuration: ${url}`);
+      }
+      this.cache.set(url, {
+        config,
+        timestamp: Date.now(),
+        ttl: this.options.cacheTTL || 5 * 60 * 1e3
+      });
+      if (config.extends) {
+        return await this.processExtends(config);
+      }
+      return config;
+    } catch (error) {
+      if (error instanceof Error) {
+        if (error.name === "AbortError") {
+          throw new Error(`Timeout fetching configuration from ${url} (${timeoutMs}ms)`);
+        }
+        throw new Error(`Failed to fetch remote configuration from ${url}: ${error.message}`);
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Load bundled default configuration
+   */
+  async fetchDefaultConfig() {
+    const possiblePaths = [
+      // When running as GitHub Action (bundled in dist/)
+      path.join(__dirname, "defaults", ".visor.yaml"),
+      // When running from source
+      path.join(__dirname, "..", "..", "defaults", ".visor.yaml"),
+      // Try via package root
+      this.findPackageRoot() ? path.join(this.findPackageRoot(), "defaults", ".visor.yaml") : "",
+      // GitHub Action environment variable
+      process.env.GITHUB_ACTION_PATH ? path.join(process.env.GITHUB_ACTION_PATH, "defaults", ".visor.yaml") : "",
+      process.env.GITHUB_ACTION_PATH ? path.join(process.env.GITHUB_ACTION_PATH, "dist", "defaults", ".visor.yaml") : ""
+    ].filter((p) => p);
+    let defaultConfigPath;
+    for (const possiblePath of possiblePaths) {
+      if (fs.existsSync(possiblePath)) {
+        defaultConfigPath = possiblePath;
+        break;
+      }
+    }
+    if (defaultConfigPath && fs.existsSync(defaultConfigPath)) {
+      console.error(`\u{1F4E6} Loading bundled default configuration from ${defaultConfigPath}`);
+      const content = fs.readFileSync(defaultConfigPath, "utf8");
+      const config = yaml.load(content);
+      if (!config || typeof config !== "object") {
+        throw new Error("Invalid default configuration");
+      }
+      if (config.extends) {
+        return await this.processExtends(config);
+      }
+      return config;
+    }
+    console.warn("\u26A0\uFE0F  Bundled default configuration not found, using minimal defaults");
+    return {
+      version: "1.0",
+      checks: {},
+      output: {
+        pr_comment: {
+          format: "markdown",
+          group_by: "check",
+          collapse: true
+        }
+      }
+    };
+  }
+  /**
+   * Process extends directive in a configuration
+   */
+  async processExtends(config) {
+    if (!config.extends) {
+      return config;
+    }
+    const extends_ = Array.isArray(config.extends) ? config.extends : [config.extends];
+    const { extends: _extendsField, ...configWithoutExtends } = config;
+    const parentConfigs = [];
+    for (const source of extends_) {
+      const parentConfig = await this.fetchConfig(source, this.loadedConfigs.size);
+      parentConfigs.push(parentConfig);
+    }
+    const { ConfigMerger: ConfigMerger2 } = await import("./config-merger-TWUBWFC2.mjs");
+    const merger = new ConfigMerger2();
+    let mergedParents = {};
+    for (const parentConfig of parentConfigs) {
+      mergedParents = merger.merge(mergedParents, parentConfig);
+    }
+    return merger.merge(mergedParents, configWithoutExtends);
+  }
+  /**
+   * Find project root directory (for security validation)
+   */
+  findProjectRoot() {
+    try {
+      const { execSync } = __require("child_process");
+      const gitRoot = execSync("git rev-parse --show-toplevel", { encoding: "utf8" }).trim();
+      if (gitRoot) return gitRoot;
+    } catch {
+    }
+    const packageRoot = this.findPackageRoot();
+    if (packageRoot) return packageRoot;
+    return process.cwd();
+  }
+  /**
+   * Validate remote URL against allowlist
+   */
+  validateRemoteURL(url) {
+    const allowedPatterns = this.options.allowedRemotePatterns || [];
+    if (allowedPatterns.length === 0) {
+      return;
+    }
+    const isAllowed = allowedPatterns.some((pattern) => url.startsWith(pattern));
+    if (!isAllowed) {
+      throw new Error(
+        `Security error: URL ${url} is not in the allowed list. Allowed patterns: ${allowedPatterns.join(", ")}`
+      );
+    }
+  }
+  /**
+   * Validate local path against traversal attacks
+   */
+  validateLocalPath(resolvedPath) {
+    const projectRoot = this.options.projectRoot || process.cwd();
+    const normalizedPath = path.normalize(resolvedPath);
+    const normalizedRoot = path.normalize(projectRoot);
+    if (!normalizedPath.startsWith(normalizedRoot)) {
+      throw new Error(
+        `Security error: Path traversal detected. Cannot access files outside project root: ${projectRoot}`
+      );
+    }
+    const sensitivePatterns = [
+      "/etc/passwd",
+      "/etc/shadow",
+      "/.ssh/",
+      "/.aws/",
+      "/.env",
+      "/private/"
+    ];
+    const lowerPath = normalizedPath.toLowerCase();
+    for (const pattern of sensitivePatterns) {
+      if (lowerPath.includes(pattern)) {
+        throw new Error(`Security error: Cannot access potentially sensitive file: ${pattern}`);
+      }
+    }
+  }
+  /**
+   * Find package root directory
+   */
+  findPackageRoot() {
+    let currentDir = __dirname;
+    const root = path.parse(currentDir).root;
+    while (currentDir !== root) {
+      const packageJsonPath = path.join(currentDir, "package.json");
+      if (fs.existsSync(packageJsonPath)) {
+        try {
+          const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
+          if (packageJson.name === "@probelabs/visor") {
+            return currentDir;
+          }
+        } catch {
+        }
+      }
+      currentDir = path.dirname(currentDir);
+    }
+    return null;
+  }
+  /**
+   * Clear the configuration cache
+   */
+  clearCache() {
+    this.cache.clear();
+  }
+  /**
+   * Reset the loaded configs tracking (for testing)
+   */
+  reset() {
+    this.loadedConfigs.clear();
+    this.clearCache();
+  }
+};
+// src/config.ts
+var ConfigManager = class {
+  validCheckTypes = [
+    "ai",
+    "claude-code",
+    "command",
+    "http",
+    "http_input",
+    "http_client",
+    "noop",
+    "log"
+  ];
+  validEventTriggers = [
+    "pr_opened",
+    "pr_updated",
+    "pr_closed",
+    "issue_opened",
+    "issue_comment",
+    "manual",
+    "schedule",
+    "webhook_received"
+  ];
+  validOutputFormats = ["table", "json", "markdown", "sarif"];
+  validGroupByOptions = ["check", "file", "severity"];
+  /**
+   * Load configuration from a file
+   */
+  async loadConfig(configPath, options = {}) {
+    const { validate = true, mergeDefaults = true, allowedRemotePatterns } = options;
+    try {
+      if (!fs2.existsSync(configPath)) {
+        throw new Error(`Configuration file not found: ${configPath}`);
+      }
+      const configContent = fs2.readFileSync(configPath, "utf8");
+      let parsedConfig;
+      try {
+        parsedConfig = yaml2.load(configContent);
+      } catch (yamlError) {
+        const errorMessage = yamlError instanceof Error ? yamlError.message : String(yamlError);
+        throw new Error(`Invalid YAML syntax in ${configPath}: ${errorMessage}`);
+      }
+      if (!parsedConfig || typeof parsedConfig !== "object") {
+        throw new Error("Configuration file must contain a valid YAML object");
+      }
+      if (parsedConfig.extends) {
+        const loaderOptions = {
+          baseDir: path2.dirname(configPath),
+          allowRemote: this.isRemoteExtendsAllowed(),
+          maxDepth: 10,
+          allowedRemotePatterns
+        };
+        const loader = new ConfigLoader(loaderOptions);
+        const merger = new ConfigMerger();
+        const extends_ = Array.isArray(parsedConfig.extends) ? parsedConfig.extends : [parsedConfig.extends];
+        const { extends: _extendsField, ...configWithoutExtends } = parsedConfig;
+        let mergedConfig = {};
+        for (const source of extends_) {
+          console.log(`\u{1F4E6} Extending from: ${source}`);
+          const parentConfig = await loader.fetchConfig(source);
+          mergedConfig = merger.merge(mergedConfig, parentConfig);
+        }
+        parsedConfig = merger.merge(mergedConfig, configWithoutExtends);
+        parsedConfig = merger.removeDisabledChecks(parsedConfig);
+      }
+      if (validate) {
+        this.validateConfig(parsedConfig);
+      }
+      let finalConfig = parsedConfig;
+      if (mergeDefaults) {
+        finalConfig = this.mergeWithDefaults(parsedConfig);
+      }
+      return finalConfig;
+    } catch (error) {
+      if (error instanceof Error) {
+        if (error.message.includes("not found") || error.message.includes("Invalid YAML") || error.message.includes("extends") || error.message.includes("EACCES") || error.message.includes("EISDIR")) {
+          throw error;
+        }
+        if (error.message.includes("ENOENT")) {
+          throw new Error(`Configuration file not found: ${configPath}`);
+        }
+        if (error.message.includes("EPERM")) {
+          throw new Error(`Permission denied reading configuration file: ${configPath}`);
+        }
+        throw new Error(`Failed to read configuration file ${configPath}: ${error.message}`);
+      }
+      throw error;
+    }
+  }
+  /**
+   * Find and load configuration from default locations
+   */
+  async findAndLoadConfig(options = {}) {
+    const gitRoot = await this.findGitRepositoryRoot();
+    const searchDirs = [gitRoot, process.cwd()].filter(Boolean);
+    for (const baseDir of searchDirs) {
+      const possiblePaths = [path2.join(baseDir, ".visor.yaml"), path2.join(baseDir, ".visor.yml")];
+      for (const configPath of possiblePaths) {
+        if (fs2.existsSync(configPath)) {
+          return this.loadConfig(configPath, options);
+        }
+      }
+    }
+    const bundledConfig = this.loadBundledDefaultConfig();
+    if (bundledConfig) {
+      return bundledConfig;
+    }
+    return this.getDefaultConfig();
+  }
+  /**
+   * Find the git repository root directory
+   */
+  async findGitRepositoryRoot() {
+    try {
+      const git = simpleGit();
+      const isRepo = await git.checkIsRepo();
+      if (!isRepo) {
+        return null;
+      }
+      const rootDir = await git.revparse(["--show-toplevel"]);
+      return rootDir.trim();
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Get default configuration
+   */
+  async getDefaultConfig() {
+    return {
+      version: "1.0",
+      checks: {},
+      max_parallelism: 3,
+      output: {
+        pr_comment: {
+          format: "markdown",
+          group_by: "check",
+          collapse: true
+        }
+      }
+    };
+  }
+  /**
+   * Load bundled default configuration from the package
+   */
+  loadBundledDefaultConfig() {
+    try {
+      const possiblePaths = [];
+      if (typeof __dirname !== "undefined") {
+        possiblePaths.push(
+          path2.join(__dirname, "defaults", ".visor.yaml"),
+          path2.join(__dirname, "..", "defaults", ".visor.yaml")
+        );
+      }
+      const pkgRoot = this.findPackageRoot();
+      if (pkgRoot) {
+        possiblePaths.push(path2.join(pkgRoot, "defaults", ".visor.yaml"));
+      }
+      if (process.env.GITHUB_ACTION_PATH) {
+        possiblePaths.push(
+          path2.join(process.env.GITHUB_ACTION_PATH, "defaults", ".visor.yaml"),
+          path2.join(process.env.GITHUB_ACTION_PATH, "dist", "defaults", ".visor.yaml")
+        );
+      }
+      let bundledConfigPath;
+      for (const possiblePath of possiblePaths) {
+        if (fs2.existsSync(possiblePath)) {
+          bundledConfigPath = possiblePath;
+          break;
+        }
+      }
+      if (bundledConfigPath && fs2.existsSync(bundledConfigPath)) {
+        console.error(`\u{1F4E6} Loading bundled default configuration from ${bundledConfigPath}`);
+        const configContent = fs2.readFileSync(bundledConfigPath, "utf8");
+        const parsedConfig = yaml2.load(configContent);
+        if (!parsedConfig || typeof parsedConfig !== "object") {
+          return null;
+        }
+        this.validateConfig(parsedConfig);
+        return this.mergeWithDefaults(parsedConfig);
+      }
+    } catch (error) {
+      console.warn(
+        "Failed to load bundled default config:",
+        error instanceof Error ? error.message : String(error)
+      );
+    }
+    return null;
+  }
+  /**
+   * Find the root directory of the Visor package
+   */
+  findPackageRoot() {
+    let currentDir = __dirname;
+    while (currentDir !== path2.dirname(currentDir)) {
+      const packageJsonPath = path2.join(currentDir, "package.json");
+      if (fs2.existsSync(packageJsonPath)) {
+        try {
+          const packageJson = JSON.parse(fs2.readFileSync(packageJsonPath, "utf8"));
+          if (packageJson.name === "@probelabs/visor") {
+            return currentDir;
+          }
+        } catch {
+        }
+      }
+      currentDir = path2.dirname(currentDir);
+    }
+    return null;
+  }
+  /**
+   * Merge configuration with CLI options
+   */
+  mergeWithCliOptions(config, cliOptions) {
+    const mergedConfig = { ...config };
+    if (cliOptions.maxParallelism !== void 0) {
+      mergedConfig.max_parallelism = cliOptions.maxParallelism;
+    }
+    if (cliOptions.failFast !== void 0) {
+      mergedConfig.fail_fast = cliOptions.failFast;
+    }
+    return {
+      config: mergedConfig,
+      cliChecks: cliOptions.checks || [],
+      cliOutput: cliOptions.output || "table"
+    };
+  }
+  /**
+   * Load configuration with environment variable overrides
+   */
+  async loadConfigWithEnvOverrides() {
+    const environmentOverrides = {};
+    if (process.env.VISOR_CONFIG_PATH) {
+      environmentOverrides.configPath = process.env.VISOR_CONFIG_PATH;
+    }
+    if (process.env.VISOR_OUTPUT_FORMAT) {
+      environmentOverrides.outputFormat = process.env.VISOR_OUTPUT_FORMAT;
+    }
+    let config;
+    if (environmentOverrides.configPath) {
+      try {
+        config = await this.loadConfig(environmentOverrides.configPath);
+      } catch {
+        config = await this.findAndLoadConfig();
+      }
+    } else {
+      config = await this.findAndLoadConfig();
+    }
+    return { config, environmentOverrides };
+  }
+  /**
+   * Validate configuration against schema
+   */
+  validateConfig(config) {
+    const errors = [];
+    if (!config.version) {
+      errors.push({
+        field: "version",
+        message: "Missing required field: version"
+      });
+    }
+    if (!config.checks) {
+      errors.push({
+        field: "checks",
+        message: "Missing required field: checks"
+      });
+    } else {
+      for (const [checkName, checkConfig] of Object.entries(config.checks)) {
+        if (!checkConfig.type) {
+          checkConfig.type = "ai";
+        }
+        this.validateCheckConfig(checkName, checkConfig, errors);
+      }
+    }
+    if (config.output) {
+      this.validateOutputConfig(config.output, errors);
+    }
+    if (config.http_server) {
+      this.validateHttpServerConfig(
+        config.http_server,
+        errors
+      );
+    }
+    if (config.max_parallelism !== void 0) {
+      if (typeof config.max_parallelism !== "number" || config.max_parallelism < 1 || !Number.isInteger(config.max_parallelism)) {
+        errors.push({
+          field: "max_parallelism",
+          message: "max_parallelism must be a positive integer (minimum 1)",
+          value: config.max_parallelism
+        });
+      }
+    }
+    if (config.tag_filter) {
+      this.validateTagFilter(config.tag_filter, errors);
+    }
+    if (errors.length > 0) {
+      throw new Error(errors[0].message);
+    }
+  }
+  /**
+   * Validate individual check configuration
+   */
+  validateCheckConfig(checkName, checkConfig, errors) {
+    if (!checkConfig.type) {
+      checkConfig.type = "ai";
+    }
+    if (!this.validCheckTypes.includes(checkConfig.type)) {
+      errors.push({
+        field: `checks.${checkName}.type`,
+        message: `Invalid check type "${checkConfig.type}". Must be: ${this.validCheckTypes.join(", ")}`,
+        value: checkConfig.type
+      });
+    }
+    if (checkConfig.type === "ai" && !checkConfig.prompt) {
+      errors.push({
+        field: `checks.${checkName}.prompt`,
+        message: `Invalid check configuration for "${checkName}": missing prompt (required for AI checks)`
+      });
+    }
+    if (checkConfig.type === "command" && !checkConfig.exec) {
+      errors.push({
+        field: `checks.${checkName}.exec`,
+        message: `Invalid check configuration for "${checkName}": missing exec field (required for command checks)`
+      });
+    }
+    if (checkConfig.type === "http") {
+      if (!checkConfig.url) {
+        errors.push({
+          field: `checks.${checkName}.url`,
+          message: `Invalid check configuration for "${checkName}": missing url field (required for http checks)`
+        });
+      }
+      if (!checkConfig.body) {
+        errors.push({
+          field: `checks.${checkName}.body`,
+          message: `Invalid check configuration for "${checkName}": missing body field (required for http checks)`
+        });
+      }
+    }
+    if (checkConfig.type === "http_input" && !checkConfig.endpoint) {
+      errors.push({
+        field: `checks.${checkName}.endpoint`,
+        message: `Invalid check configuration for "${checkName}": missing endpoint field (required for http_input checks)`
+      });
+    }
+    if (checkConfig.type === "http_client" && !checkConfig.url) {
+      errors.push({
+        field: `checks.${checkName}.url`,
+        message: `Invalid check configuration for "${checkName}": missing url field (required for http_client checks)`
+      });
+    }
+    if (checkConfig.schedule) {
+      const cronParts = checkConfig.schedule.split(" ");
+      if (cronParts.length < 5 || cronParts.length > 6) {
+        errors.push({
+          field: `checks.${checkName}.schedule`,
+          message: `Invalid cron expression for "${checkName}": ${checkConfig.schedule}`,
+          value: checkConfig.schedule
+        });
+      }
+    }
+    if (checkConfig.on) {
+      if (!Array.isArray(checkConfig.on)) {
+        errors.push({
+          field: `checks.${checkName}.on`,
+          message: `Invalid check configuration for "${checkName}": 'on' field must be an array`
+        });
+      } else {
+        for (const event of checkConfig.on) {
+          if (!this.validEventTriggers.includes(event)) {
+            errors.push({
+              field: `checks.${checkName}.on`,
+              message: `Invalid event "${event}". Must be one of: ${this.validEventTriggers.join(", ")}`,
+              value: event
+            });
+          }
+        }
+      }
+    }
+    if (checkConfig.reuse_ai_session !== void 0) {
+      if (typeof checkConfig.reuse_ai_session !== "boolean") {
+        errors.push({
+          field: `checks.${checkName}.reuse_ai_session`,
+          message: `Invalid reuse_ai_session value for "${checkName}": must be boolean`,
+          value: checkConfig.reuse_ai_session
+        });
+      } else if (checkConfig.reuse_ai_session === true) {
+        if (!checkConfig.depends_on || !Array.isArray(checkConfig.depends_on) || checkConfig.depends_on.length === 0) {
+          errors.push({
+            field: `checks.${checkName}.reuse_ai_session`,
+            message: `Check "${checkName}" has reuse_ai_session=true but missing or empty depends_on. Session reuse requires dependency on another check.`,
+            value: checkConfig.reuse_ai_session
+          });
+        }
+      }
+    }
+    if (checkConfig.tags !== void 0) {
+      if (!Array.isArray(checkConfig.tags)) {
+        errors.push({
+          field: `checks.${checkName}.tags`,
+          message: `Invalid tags value for "${checkName}": must be an array of strings`,
+          value: checkConfig.tags
+        });
+      } else {
+        const validTagPattern = /^[a-zA-Z0-9][a-zA-Z0-9-_]*$/;
+        checkConfig.tags.forEach((tag, index) => {
+          if (typeof tag !== "string") {
+            errors.push({
+              field: `checks.${checkName}.tags[${index}]`,
+              message: `Invalid tag at index ${index} for "${checkName}": must be a string`,
+              value: tag
+            });
+          } else if (!validTagPattern.test(tag)) {
+            errors.push({
+              field: `checks.${checkName}.tags[${index}]`,
+              message: `Invalid tag "${tag}" for "${checkName}": tags must be alphanumeric with hyphens or underscores (start with alphanumeric)`,
+              value: tag
+            });
+          }
+        });
+      }
+    }
+  }
+  /**
+   * Validate tag filter configuration
+   */
+  validateTagFilter(tagFilter, errors) {
+    const validTagPattern = /^[a-zA-Z0-9][a-zA-Z0-9-_]*$/;
+    if (tagFilter.include !== void 0) {
+      if (!Array.isArray(tagFilter.include)) {
+        errors.push({
+          field: "tag_filter.include",
+          message: "tag_filter.include must be an array of strings",
+          value: tagFilter.include
+        });
+      } else {
+        tagFilter.include.forEach((tag, index) => {
+          if (typeof tag !== "string") {
+            errors.push({
+              field: `tag_filter.include[${index}]`,
+              message: `Invalid tag at index ${index}: must be a string`,
+              value: tag
+            });
+          } else if (!validTagPattern.test(tag)) {
+            errors.push({
+              field: `tag_filter.include[${index}]`,
+              message: `Invalid tag "${tag}": tags must be alphanumeric with hyphens or underscores`,
+              value: tag
+            });
+          }
+        });
+      }
+    }
+    if (tagFilter.exclude !== void 0) {
+      if (!Array.isArray(tagFilter.exclude)) {
+        errors.push({
+          field: "tag_filter.exclude",
+          message: "tag_filter.exclude must be an array of strings",
+          value: tagFilter.exclude
+        });
+      } else {
+        tagFilter.exclude.forEach((tag, index) => {
+          if (typeof tag !== "string") {
+            errors.push({
+              field: `tag_filter.exclude[${index}]`,
+              message: `Invalid tag at index ${index}: must be a string`,
+              value: tag
+            });
+          } else if (!validTagPattern.test(tag)) {
+            errors.push({
+              field: `tag_filter.exclude[${index}]`,
+              message: `Invalid tag "${tag}": tags must be alphanumeric with hyphens or underscores`,
+              value: tag
+            });
+          }
+        });
+      }
+    }
+  }
+  /**
+   * Validate HTTP server configuration
+   */
+  validateHttpServerConfig(httpServerConfig, errors) {
+    if (typeof httpServerConfig.enabled !== "boolean") {
+      errors.push({
+        field: "http_server.enabled",
+        message: "http_server.enabled must be a boolean",
+        value: httpServerConfig.enabled
+      });
+    }
+    if (httpServerConfig.enabled === true) {
+      if (typeof httpServerConfig.port !== "number" || httpServerConfig.port < 1 || httpServerConfig.port > 65535) {
+        errors.push({
+          field: "http_server.port",
+          message: "http_server.port must be a number between 1 and 65535",
+          value: httpServerConfig.port
+        });
+      }
+      if (httpServerConfig.auth) {
+        const auth = httpServerConfig.auth;
+        const validAuthTypes = ["bearer_token", "hmac", "basic", "none"];
+        if (!auth.type || !validAuthTypes.includes(auth.type)) {
+          errors.push({
+            field: "http_server.auth.type",
+            message: `Invalid auth type. Must be one of: ${validAuthTypes.join(", ")}`,
+            value: auth.type
+          });
+        }
+      }
+      if (httpServerConfig.tls && typeof httpServerConfig.tls === "object") {
+        const tls = httpServerConfig.tls;
+        if (tls.enabled === true) {
+          if (!tls.cert) {
+            errors.push({
+              field: "http_server.tls.cert",
+              message: "TLS certificate is required when TLS is enabled"
+            });
+          }
+          if (!tls.key) {
+            errors.push({
+              field: "http_server.tls.key",
+              message: "TLS key is required when TLS is enabled"
+            });
+          }
+        }
+      }
+      if (httpServerConfig.endpoints && Array.isArray(httpServerConfig.endpoints)) {
+        for (let i = 0; i < httpServerConfig.endpoints.length; i++) {
+          const endpoint = httpServerConfig.endpoints[i];
+          if (!endpoint.path || typeof endpoint.path !== "string") {
+            errors.push({
+              field: `http_server.endpoints[${i}].path`,
+              message: "Endpoint path must be a string",
+              value: endpoint.path
+            });
+          }
+        }
+      }
+    }
+  }
+  /**
+   * Validate output configuration
+   */
+  validateOutputConfig(outputConfig, errors) {
+    if (outputConfig.pr_comment) {
+      const prComment = outputConfig.pr_comment;
+      if (typeof prComment.format === "string" && !this.validOutputFormats.includes(prComment.format)) {
+        errors.push({
+          field: "output.pr_comment.format",
+          message: `Invalid output format "${prComment.format}". Must be one of: ${this.validOutputFormats.join(", ")}`,
+          value: prComment.format
+        });
+      }
+      if (typeof prComment.group_by === "string" && !this.validGroupByOptions.includes(prComment.group_by)) {
+        errors.push({
+          field: "output.pr_comment.group_by",
+          message: `Invalid group_by option "${prComment.group_by}". Must be one of: ${this.validGroupByOptions.join(", ")}`,
+          value: prComment.group_by
+        });
+      }
+    }
+  }
+  /**
+   * Check if remote extends are allowed
+   */
+  isRemoteExtendsAllowed() {
+    if (process.env.VISOR_NO_REMOTE_EXTENDS === "true" || process.env.VISOR_NO_REMOTE_EXTENDS === "1") {
+      return false;
+    }
+    return true;
+  }
+  /**
+   * Merge configuration with default values
+   */
+  mergeWithDefaults(config) {
+    const defaultConfig = {
+      version: "1.0",
+      checks: {},
+      max_parallelism: 3,
+      output: {
+        pr_comment: {
+          format: "markdown",
+          group_by: "check",
+          collapse: true
+        }
+      }
+    };
+    const merged = { ...defaultConfig, ...config };
+    if (merged.output) {
+      merged.output.pr_comment = {
+        ...defaultConfig.output.pr_comment,
+        ...merged.output.pr_comment
+      };
+    } else {
+      merged.output = defaultConfig.output;
+    }
+    return merged;
+  }
+};
+// src/sdk.ts
+async function loadConfig(configPath) {
+  const cm = new ConfigManager();
+  if (configPath) return cm.loadConfig(configPath);
+  return cm.findAndLoadConfig();
+}
+function resolveChecks(checkIds, config) {
+  if (!config?.checks) return Array.from(new Set(checkIds));
+  const resolved = /* @__PURE__ */ new Set();
+  const visiting = /* @__PURE__ */ new Set();
+  const result = [];
+  const dfs = (id, stack = []) => {
+    if (resolved.has(id)) return;
+    if (visiting.has(id)) {
+      const cycle = [...stack, id].join(" -> ");
+      throw new Error(`Circular dependency detected involving check: ${id} (path: ${cycle})`);
+    }
+    visiting.add(id);
+    const deps = config.checks[id]?.depends_on || [];
+    for (const d of deps) dfs(d, [...stack, id]);
+    if (!result.includes(id)) result.push(id);
+    visiting.delete(id);
+    resolved.add(id);
+  };
+  for (const id of checkIds) dfs(id);
+  return result;
+}
+async function runChecks(opts = {}) {
+  const cm = new ConfigManager();
+  const config = opts.config ? opts.config : opts.configPath ? await cm.loadConfig(opts.configPath) : await cm.findAndLoadConfig();
+  const checks = opts.checks && opts.checks.length > 0 ? resolveChecks(opts.checks, config) : Object.keys(config.checks || {});
+  const engine = new CheckExecutionEngine(opts.cwd);
+  const result = await engine.executeChecks({
+    checks,
+    workingDirectory: opts.cwd,
+    timeout: opts.timeoutMs,
+    maxParallelism: opts.maxParallelism,
+    failFast: opts.failFast,
+    outputFormat: opts.output?.format,
+    config,
+    debug: opts.debug,
+    tagFilter: opts.tagFilter
+  });
+  return result;
+}
+export {
+  loadConfig,
+  resolveChecks,
+  runChecks
+};
+//# sourceMappingURL=sdk.mjs.map