@pugi/cli 0.1.0-beta.7 → 0.1.0-beta.87

package/dist/core/evaluation/golden-dataset.js

@@ -0,0 +1,293 @@
+/**
+ * Golden dataset primitive — pugi-eval-v1 foundation (task).
+ *
+ * Formalizes a frozen set of representative CLI tasks that we replay
+ * against the agent loop to detect quality regressions. This module is
+ * the pure data layer:
+ *
+ *  1. `GoldenTask` — typed contract for one evaluation case (id, query,
+ *     expected file touches, expected output substrings, exit-code
+ *     gate, soft budgets, tags).
+ *  2. `loadGoldenDataset(path)` — reads a JSON file from disk, asserts
+ *     it is a non-empty array, and runs `validateGoldenTask` on every
+ *     element. Throws on the first malformed entry so the eval harness
+ *     cannot silently drop a task.
+ *  3. `validateGoldenTask(raw)` — schema validator. Enforces kebab-case
+ *     ids, non-empty query, optional arrays whose elements are
+ *     well-formed, and rejects parent-traversal `..` segments inside
+ *     `expectedFiles`. Throws `TypeError` with a specific field message.
+ *  4. `diffAgainstBaseline(current, baseline)` — turns two `TaskResult`
+ *     maps into a `DriftReport` that lists regressed / improved / new /
+ *     removed tasks. A regression is a task that PASSED in baseline and
+ *     FAILED in current; an improvement is the inverse. The report is
+ *     what the future CI gate consumes — a positive `regressed.length`
+ *     blocks the merge.
+ *
+ * Out of scope here: actually running tasks against the engine. The
+ * follow-up `runOfflineEval()` consumer reads a dataset via
+ * `loadGoldenDataset`, executes each task through `pugi code/explain/
+ * plan/fix/build`, collects pass/fail/latency/tokens into a
+ * `TaskResult[]`, and feeds the previous run's results into
+ * `diffAgainstBaseline` for the drift gate.
+ *
+ * Pure functions only. No file I/O beyond `fs/promises.readFile` inside
+ * `loadGoldenDataset` so the module composes cleanly with in-memory test
+ * fixtures and engine-side consumers that already hold dataset bytes.
+ */
+import { readFile } from 'node:fs/promises';
+const ID_PATTERN = /^[a-z][a-z0-9-]*$/;
+/**
+ * Validate one raw value as a `GoldenTask`. Throws `TypeError` with a
+ * field-specific message on any violation. Returns the typed task on
+ * success.
+ *
+ * The validator is intentionally hand-rolled — the shape is small, and
+ * adding zod here would obscure the per-field error contract that the
+ * eval harness logs at load time.
+ */
+export function validateGoldenTask(raw) {
+    if (typeof raw !== 'object' || raw === null || Array.isArray(raw)) {
+        throw new TypeError('golden task must be a JSON object');
+    }
+    const r = raw;
+    // id — required, kebab-case.
+    if (typeof r.id !== 'string' || r.id.length === 0) {
+        throw new TypeError('golden task: `id` required (non-empty string)');
+    }
+    if (!ID_PATTERN.test(r.id)) {
+        throw new TypeError(`golden task ${JSON.stringify(r.id)}: \`id\` must match ${ID_PATTERN.source} (kebab-case, leading letter)`);
+    }
+    const id = r.id;
+    // query — required.
+    if (typeof r.query !== 'string' || r.query.length === 0) {
+        throw new TypeError(`golden task ${id}: \`query\` required (non-empty string)`);
+    }
+    const query = r.query;
+    // expectedFiles — optional, when present must be non-empty array of
+    // relative paths without traversal.
+    let expectedFiles;
+    if (r.expectedFiles !== undefined) {
+        if (!Array.isArray(r.expectedFiles)) {
+            throw new TypeError(`golden task ${id}: \`expectedFiles\` must be an array`);
+        }
+        if (r.expectedFiles.length === 0) {
+            throw new TypeError(`golden task ${id}: \`expectedFiles\` must be non-empty (omit field instead of passing [])`);
+        }
+        expectedFiles = r.expectedFiles.map((entry, idx) => {
+            if (typeof entry !== 'string' || entry.length === 0) {
+                throw new TypeError(`golden task ${id}: \`expectedFiles[${idx}]\` must be a non-empty string`);
+            }
+            if (entry.startsWith('/')) {
+                throw new TypeError(`golden task ${id}: \`expectedFiles[${idx}]\` must be relative (no leading /)`);
+            }
+            const segments = entry.split('/');
+            if (segments.some((s) => s === '..')) {
+                throw new TypeError(`golden task ${id}: \`expectedFiles[${idx}]\` contains \`..\` traversal`);
+            }
+            return entry;
+        });
+    }
+    // expectedSubstrings — optional array of non-empty strings.
+    let expectedSubstrings;
+    if (r.expectedSubstrings !== undefined) {
+        if (!Array.isArray(r.expectedSubstrings)) {
+            throw new TypeError(`golden task ${id}: \`expectedSubstrings\` must be an array`);
+        }
+        if (r.expectedSubstrings.length === 0) {
+            throw new TypeError(`golden task ${id}: \`expectedSubstrings\` must be non-empty (omit field instead of passing [])`);
+        }
+        expectedSubstrings = r.expectedSubstrings.map((entry, idx) => {
+            if (typeof entry !== 'string' || entry.length === 0) {
+                throw new TypeError(`golden task ${id}: \`expectedSubstrings[${idx}]\` must be a non-empty string`);
+            }
+            return entry;
+        });
+    }
+    // expectedExitCode — optional integer.
+    let expectedExitCode;
+    if (r.expectedExitCode !== undefined) {
+        if (typeof r.expectedExitCode !== 'number' ||
+            !Number.isInteger(r.expectedExitCode)) {
+            throw new TypeError(`golden task ${id}: \`expectedExitCode\` must be an integer`);
+        }
+        expectedExitCode = r.expectedExitCode;
+    }
+    // maxTokens — optional positive integer.
+    let maxTokens;
+    if (r.maxTokens !== undefined) {
+        if (typeof r.maxTokens !== 'number' ||
+            !Number.isInteger(r.maxTokens) ||
+            r.maxTokens <= 0) {
+            throw new TypeError(`golden task ${id}: \`maxTokens\` must be a positive integer`);
+        }
+        maxTokens = r.maxTokens;
+    }
+    // maxLatencyMs — optional positive integer.
+    let maxLatencyMs;
+    if (r.maxLatencyMs !== undefined) {
+        if (typeof r.maxLatencyMs !== 'number' ||
+            !Number.isInteger(r.maxLatencyMs) ||
+            r.maxLatencyMs <= 0) {
+            throw new TypeError(`golden task ${id}: \`maxLatencyMs\` must be a positive integer`);
+        }
+        maxLatencyMs = r.maxLatencyMs;
+    }
+    // tags — optional array of non-empty strings.
+    let tags;
+    if (r.tags !== undefined) {
+        if (!Array.isArray(r.tags)) {
+            throw new TypeError(`golden task ${id}: \`tags\` must be an array`);
+        }
+        tags = r.tags.map((entry, idx) => {
+            if (typeof entry !== 'string' || entry.length === 0) {
+                throw new TypeError(`golden task ${id}: \`tags[${idx}]\` must be a non-empty string`);
+            }
+            return entry;
+        });
+    }
+    const task = { id, query };
+    if (expectedFiles !== undefined)
+        task.expectedFiles = expectedFiles;
+    if (expectedSubstrings !== undefined)
+        task.expectedSubstrings = expectedSubstrings;
+    if (expectedExitCode !== undefined)
+        task.expectedExitCode = expectedExitCode;
+    if (maxTokens !== undefined)
+        task.maxTokens = maxTokens;
+    if (maxLatencyMs !== undefined)
+        task.maxLatencyMs = maxLatencyMs;
+    if (tags !== undefined)
+        task.tags = tags;
+    return task;
+}
+/**
+ * Load and validate a golden dataset JSON file. The file must parse as
+ * a JSON array of objects, each one a valid `GoldenTask`. Duplicate
+ * ids are rejected — drift comparisons key by id and a duplicate would
+ * silently mask one row.
+ */
+export async function loadGoldenDataset(filePath) {
+    let raw;
+    try {
+        raw = await readFile(filePath, 'utf8');
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        throw new TypeError(`golden dataset: cannot read ${filePath}: ${message}`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        throw new TypeError(`golden dataset ${filePath}: invalid JSON (${message})`);
+    }
+    if (!Array.isArray(parsed)) {
+        throw new TypeError(`golden dataset ${filePath}: top-level value must be a JSON array`);
+    }
+    const tasks = [];
+    const seen = new Set();
+    for (let i = 0; i < parsed.length; i += 1) {
+        let task;
+        try {
+            task = validateGoldenTask(parsed[i]);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            throw new TypeError(`golden dataset ${filePath}: entry [${i}]: ${message}`);
+        }
+        if (seen.has(task.id)) {
+            throw new TypeError(`golden dataset ${filePath}: duplicate task id ${JSON.stringify(task.id)} at entry [${i}]`);
+        }
+        seen.add(task.id);
+        tasks.push(task);
+    }
+    return tasks;
+}
+/**
+ * Compare a current run against a baseline run and return a drift
+ * report. Pure function — no I/O, no clock, deterministic ordering
+ * (regressed/improved sorted by id).
+ *
+ * Either input may be empty. An empty baseline produces an
+ * all-newTasks report without crashing — useful for the very first
+ * eval run when no previous artifact exists yet.
+ */
+export function diffAgainstBaseline(currentResults, baselineResults, options) {
+    const includeReason = options?.includeReason ?? true;
+    const currentById = new Map();
+    for (const r of currentResults) {
+        if (typeof r.id !== 'string' || r.id.length === 0)
+            continue;
+        currentById.set(r.id, r);
+    }
+    const baselineById = new Map();
+    for (const r of baselineResults) {
+        if (typeof r.id !== 'string' || r.id.length === 0)
+            continue;
+        baselineById.set(r.id, r);
+    }
+    const regressed = [];
+    const improved = [];
+    const newTasks = [];
+    const removedTasks = [];
+    for (const [id, currentRow] of currentById) {
+        const baselineRow = baselineById.get(id);
+        if (!baselineRow) {
+            newTasks.push(id);
+            continue;
+        }
+        if (baselineRow.passed && !currentRow.passed) {
+            const diff = {
+                id,
+                baselinePassed: true,
+                currentPassed: false,
+            };
+            if (includeReason && currentRow.reason !== undefined) {
+                diff.reason = currentRow.reason;
+            }
+            regressed.push(diff);
+        }
+        else if (!baselineRow.passed && currentRow.passed) {
+            const diff = {
+                id,
+                baselinePassed: false,
+                currentPassed: true,
+            };
+            if (includeReason && currentRow.reason !== undefined) {
+                diff.reason = currentRow.reason;
+            }
+            improved.push(diff);
+        }
+    }
+    for (const id of baselineById.keys()) {
+        if (!currentById.has(id)) {
+            removedTasks.push(id);
+        }
+    }
+    regressed.sort((a, b) => a.id.localeCompare(b.id));
+    improved.sort((a, b) => a.id.localeCompare(b.id));
+    newTasks.sort();
+    removedTasks.sort();
+    let passedNow = 0;
+    for (const r of currentById.values()) {
+        if (r.passed)
+            passedNow += 1;
+    }
+    let passedBaseline = 0;
+    for (const r of baselineById.values()) {
+        if (r.passed)
+            passedBaseline += 1;
+    }
+    return {
+        totalTasks: currentById.size,
+        passedNow,
+        passedBaseline,
+        regressed,
+        improved,
+        newTasks,
+        removedTasks,
+    };
+}
+//# sourceMappingURL=golden-dataset.js.map

package/dist/core/feedback/queue.js

@@ -0,0 +1,177 @@
+/**
+ * Local feedback queue — .
+ *
+ * `pugi feedback` POSTs collected operator feedback to the admin-api
+ * `/api/pugi/feedback` route. When that round-trip fails (endpoint
+ * missing, network down, server 5xx), the submitter falls back to
+ * appending the envelope to `<cwd>/.pugi/feedback-queue.jsonl`. On the
+ * next online session the flusher drains the queue silently in the
+ * background.
+ *
+ * # Module contract
+ *
+ *  - Per-workspace storage. The queue file lives at
+ *    `<cwd>/.pugi/feedback-queue.jsonl` so the operator-visible state
+ *    stays alongside the project's other Pugi metadata. Multi-repo
+ *    operators get one queue per repo — matches the rest of `.pugi/`.
+ *
+ *  - JSONL append-only format. One envelope per line. Newlines inside
+ *    the comment field are escaped as `\n` by `JSON.stringify`. The
+ *    enqueue path uses an atomic `O_APPEND` write so concurrent
+ *    `pugi feedback` invocations from a split-screen REPL + shell do
+ *    not interleave half-records.
+ *
+ *  - The flusher is best-effort. It returns counts but never throws —
+ *    a failed flush leaves the queue untouched and a successful flush
+ *    atomically rewrites the file with the remaining (unsubmitted)
+ *    envelopes. Partial-success is the normal path when the server
+ *    accepts the first N but 5xx's the (N+1)th.
+ *
+ *  - The queue file is intentionally NOT readable by anything beyond
+ *    the flusher. The operator's free-text comments are confidential
+ *    — we do not surface them in `/status` / `/doctor` / telemetry.
+ *
+ *  - All filesystem writes go through `mkdirSync({recursive: true})`
+ *    so the first-ever enqueue on a fresh workspace lazily creates
+ *    `.pugi/` without depending on an earlier `pugi init`.
+ */
+import { appendFileSync, existsSync, mkdirSync, readFileSync, renameSync, writeFileSync, } from 'node:fs';
+import { dirname, resolve } from 'node:path';
+/**
+ * Resolve the queue file path for a workspace. Centralised so the
+ * submitter + flusher + tests agree on a single canonical location.
+ */
+export function feedbackQueuePath(cwd) {
+    return resolve(cwd, '.pugi', 'feedback-queue.jsonl');
+}
+/**
+ * Append one envelope atomically. Uses `O_APPEND` semantics via
+ * `appendFileSync` so concurrent invocations from a split-screen
+ * REPL + shell cannot interleave bytes mid-line.
+ *
+ * Returns the absolute path written so callers can surface it in the
+ * "Feedback queued locally" toast.
+ */
+export function enqueueFeedback(env, cwd) {
+    const path = feedbackQueuePath(cwd);
+    mkdirSync(dirname(path), { recursive: true });
+    // JSON.stringify of an object never emits raw newlines; the trailing
+    // '\n' is the line separator. JSONL parsers split on '\n' so the
+    // separator survives round-trips.
+    const line = `${JSON.stringify(env)}\n`;
+    appendFileSync(path, line, { encoding: 'utf8' });
+    return path;
+}
+export function readFeedbackQueue(cwd) {
+    const path = feedbackQueuePath(cwd);
+    if (!existsSync(path)) {
+        return { envelopes: [], parseErrors: [] };
+    }
+    const contents = readFileSync(path, 'utf8');
+    const lines = contents.split('\n');
+    const envelopes = [];
+    const parseErrors = [];
+    for (let i = 0; i < lines.length; i += 1) {
+        const raw = lines[i]?.trim();
+        if (!raw)
+            continue;
+        try {
+            const parsed = JSON.parse(raw);
+            // Minimal shape check — we don't full-validate here because the
+            // server is the trust boundary. Just guard against obvious
+            // corruption that would make the line un-submittable.
+            if (typeof parsed.category === 'string'
+                && typeof parsed.rating === 'number'
+                && typeof parsed.comment === 'string'
+                && typeof parsed.ts === 'string'
+                && typeof parsed.cliVersion === 'string') {
+                envelopes.push(parsed);
+            }
+            else {
+                parseErrors.push(i + 1);
+            }
+        }
+        catch {
+            parseErrors.push(i + 1);
+        }
+    }
+    return { envelopes, parseErrors };
+}
+/**
+ * Rewrite the queue file atomically with the remaining (unsubmitted)
+ * envelopes. Called by the flusher after a partial-success drain.
+ *
+ * Atomicity: write to a sibling `.tmp` then rename. On a crash mid-
+ * rewrite the original file is preserved (rename is atomic on POSIX
+ * + on NTFS via `MoveFileEx`).
+ */
+export function rewriteFeedbackQueue(remaining, cwd) {
+    const path = feedbackQueuePath(cwd);
+    if (remaining.length === 0) {
+        // Clear the file by truncating to empty. Done in-place — we still
+        // want the file to exist (presence signals an active workspace)
+        // but with zero bytes so the next read returns no envelopes.
+        if (existsSync(path)) {
+            writeFileSync(path, '', { encoding: 'utf8' });
+        }
+        return;
+    }
+    mkdirSync(dirname(path), { recursive: true });
+    const tmp = `${path}.tmp`;
+    const body = remaining.map((env) => JSON.stringify(env)).join('\n') + '\n';
+    writeFileSync(tmp, body, { encoding: 'utf8' });
+    // Use writeFileSync's atomic-replace semantics by going through
+    // tmp + rename. Node's `fs.renameSync` is the atomic primitive
+    // on POSIX. We avoid `fs.writeFileSync` directly on `path`
+    // because writeFileSync truncates first which leaves a brief
+    // window of zero-byte state if the process is killed mid-write.
+    renameSync(tmp, path);
+}
+/**
+ * Drain the queue. Best-effort: each envelope is submitted in order;
+ * a `false` return keeps it in the queue for the next attempt; a
+ * `true` return removes it. After all envelopes are processed the
+ * queue file is rewritten with the unsubmitted ones.
+ *
+ * The function NEVER throws — it returns a structured result and
+ * the caller decides whether to log / surface failures. This keeps
+ * the silent-background-drain path on session-start safe.
+ */
+export async function flushFeedbackQueue(cwd, submit) {
+    const { envelopes, parseErrors } = readFeedbackQueue(cwd);
+    if (envelopes.length === 0) {
+        return {
+            attempted: 0,
+            succeeded: 0,
+            failed: 0,
+            failedEnvelopes: [],
+            parseErrors,
+        };
+    }
+    let succeeded = 0;
+    const failedEnvelopes = [];
+    for (const env of envelopes) {
+        let ok = false;
+        try {
+            ok = await submit(env);
+        }
+        catch {
+            ok = false;
+        }
+        if (ok) {
+            succeeded += 1;
+        }
+        else {
+            failedEnvelopes.push(env);
+        }
+    }
+    rewriteFeedbackQueue(failedEnvelopes, cwd);
+    return {
+        attempted: envelopes.length,
+        succeeded,
+        failed: failedEnvelopes.length,
+        failedEnvelopes,
+        parseErrors,
+    };
+}
+//# sourceMappingURL=queue.js.map

package/dist/core/feedback/submitter.js

@@ -0,0 +1,145 @@
+/**
+ * Feedback POST submitter — .
+ *
+ * Submits one `FeedbackEnvelope` to the admin-api `/api/pugi/feedback`
+ * route. Designed for graceful degradation:
+ *
+ *  - 200/201/204               → success
+ *  - 404 / route not found     → "endpoint missing, fall back to queue"
+ *  - 4xx (other)               → permanent — discard (do NOT requeue)
+ *  - 5xx / network error / abort → transient — caller should enqueue
+ *
+ * The submitter does NOT touch the local queue. The caller wires the
+ * submitter to `enqueueFeedback` on a `transient` result, and to a
+ * silent log on a `permanent` failure. This split keeps the submitter
+ * a pure HTTP wrapper that the flusher (`flushFeedbackQueue`) can
+ * reuse without filesystem side effects.
+ */
+const DEFAULT_TIMEOUT_MS = 8000;
+/**
+ * Build the absolute submit URL from the base API URL. Centralised so
+ * the spec can reference one canonical place when asserting the
+ * outgoing path. The leading slash is normalised so a base URL with
+ * or without trailing slash both produce a well-formed URL.
+ */
+export function feedbackSubmitUrl(apiUrl) {
+    const base = apiUrl.replace(/\/+$/u, '');
+    return `${base}/api/pugi/feedback`;
+}
+/**
+ * Submit one envelope. See `FeedbackSubmitResult` for the contract.
+ *
+ * Never throws — every failure path is mapped to a result variant so
+ * callers do not need a try/catch boundary.
+ */
+export async function submitFeedback(env, config) {
+    const url = feedbackSubmitUrl(config.apiUrl);
+    const fetchImpl = config.fetchImpl ?? fetch;
+    const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const headers = {
+            'content-type': 'application/json',
+            'user-agent': `pugi-cli/${env.cliVersion}`,
+        };
+        if (config.apiKey) {
+            headers['authorization'] = `Bearer ${config.apiKey}`;
+        }
+        const res = await fetchImpl(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify(env),
+            signal: controller.signal,
+        });
+        const status = res.status;
+        if (status >= 200 && status < 300) {
+            return { kind: 'ok', httpStatus: status };
+        }
+        if (status === 404) {
+            // The most common transient cause: admin-api hasn't shipped the
+            // route yet. Treat as retry-worthy so once the controller lands
+            // a future flush picks it up.
+            return {
+                kind: 'transient',
+                reason: 'admin-api /api/pugi/feedback not deployed yet',
+                httpStatus: status,
+            };
+        }
+        if (status >= 500) {
+            return {
+                kind: 'transient',
+                reason: `server error ${status}`,
+                httpStatus: status,
+            };
+        }
+        // Any other 4xx — auth failure, payload rejected, rate-limit
+        // exceeded. None of those will fix themselves on a silent retry,
+        // so we mark them permanent. The operator sees a one-line error
+        // and the envelope is dropped (not queued).
+        return {
+            kind: 'permanent',
+            reason: `client error ${status}`,
+            httpStatus: status,
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        // AbortController.abort fires when the timeout elapses. We treat
+        // it as transient so the queue picks it up on the next online
+        // session. Same for plain network errors (`fetch failed`, ECONNREFUSED).
+        return { kind: 'transient', reason: `network: ${message}` };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+/**
+ * Bundle the last N turns of the conversation into a redacted
+ * `FeedbackSessionContext`. The redactor:
+ *
+ *  - Caps at 5 turns (most recent). Older context is dropped — the
+ *    submitter never sees it.
+ *  - Truncates each turn to 240 chars + ellipsis. Operator comments
+ *    are the primary signal; raw transcript is just disambiguation.
+ *  - Strips bearer tokens, JWT-like blobs, and `PUGI_API_KEY=`-style
+ *    env-var prefixes. Conservative — we'd rather drop a few
+ *    non-secret characters than leak a key.
+ *
+ * The function is pure + sync so tests can pin its output without a
+ * worktree harness.
+ */
+export function redactSessionContext(turns, options = {}) {
+    const lastFive = turns.slice(-5);
+    const previewed = lastFive.map((turn) => ({
+        role: turn.role,
+        preview: redactPreview(truncate(turn.text, 240)),
+    }));
+    return {
+        turnCount: previewed.length,
+        turns: previewed,
+        ...(options.gitBranch ? { gitBranch: options.gitBranch } : {}),
+    };
+}
+function truncate(s, max) {
+    if (s.length <= max)
+        return s;
+    return `${s.slice(0, max - 1)}…`;
+}
+/**
+ * Conservative secret-blanking. The rules:
+ *  - Bearer tokens: `Bearer <token>` → `Bearer ***REDACTED***`
+ *  - Long base64/JWT-ish blobs (≥ 40 chars of [A-Za-z0-9_-/=+]):
+ *    replace the inner middle with `***`. Keeps a head + tail so the
+ *    operator can still spot which kind of secret it was.
+ *  - `PUGI_API_KEY=...` and similar `*_KEY=`/`*_TOKEN=` lookalikes:
+ *    replace the value with `***REDACTED***`.
+ */
+function redactPreview(s) {
+    let out = s;
+    out = out.replace(/bearer\s+[A-Za-z0-9._-]{20,}/giu, 'Bearer ***REDACTED***');
+    out = out.replace(/([A-Z][A-Z0-9_]*?(?:KEY|TOKEN|SECRET|PASSWORD))\s*=\s*\S+/gu, '$1=***REDACTED***');
+    out = out.replace(/\b([A-Za-z0-9_-]{6})[A-Za-z0-9_/+=-]{30,}([A-Za-z0-9_-]{4})\b/gu, '$1***$2');
+    return out;
+}
+//# sourceMappingURL=submitter.js.map