@securityreviewai/securityreview-kit 0.1.51 → 0.1.52

package/src/utils/srai.js

@@ -0,0 +1,252 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { MCP_SERVER_NAME, TARGET_NAMES, TARGETS } from './constants.js';
+import { readJson, readText } from './fs-helpers.js';
+
+const PROJECT_LIST_PATH = '/api/projects/';
+
+/**
+ * Normalize API URL from raw input.
+ */
+export function normalizeApiUrl(value) {
+    const trimmed = String(value || '').trim();
+    if (!trimmed) return '';
+
+    if (trimmed.startsWith('http://') || trimmed.startsWith('https://')) {
+        return trimmed;
+    }
+
+    return `https://${trimmed}`;
+}
+
+function parseTomlEnvValue(content, key) {
+    const match = content.match(new RegExp(`${key}\\s*=\\s*"(.*?)"`));
+    return match ? match[1].trim() : '';
+}
+
+function extractCredentialsFromJsonConfig(content) {
+    const servers = content?.mcpServers || content?.servers;
+    if (!servers || typeof servers !== 'object') return null;
+
+    const server = servers[MCP_SERVER_NAME];
+    if (!server || typeof server !== 'object') return null;
+
+    const apiUrl = normalizeApiUrl(server?.env?.SECURITY_REVIEW_API_URL || '');
+    const apiToken = String(server?.env?.SECURITY_REVIEW_API_TOKEN || '').trim();
+    if (!apiUrl || !apiToken) return null;
+
+    return { apiUrl, apiToken };
+}
+
+/**
+ * Read previously saved API credentials from any configured MCP file.
+ */
+export function getStoredCredentials(cwd) {
+    for (const targetName of TARGET_NAMES) {
+        const target = TARGETS[targetName];
+        const mcpPath = join(cwd, target.mcpConfigPath);
+        if (!existsSync(mcpPath)) continue;
+
+        if (mcpPath.endsWith('.toml')) {
+            const content = readText(mcpPath);
+            if (!content) continue;
+
+            const apiUrl = normalizeApiUrl(parseTomlEnvValue(content, 'SECURITY_REVIEW_API_URL'));
+            const apiToken = parseTomlEnvValue(content, 'SECURITY_REVIEW_API_TOKEN');
+            if (apiUrl && apiToken) {
+                return { apiUrl, apiToken };
+            }
+            continue;
+        }
+
+        const json = readJson(mcpPath);
+        const extracted = extractCredentialsFromJsonConfig(json);
+        if (extracted) {
+            return extracted;
+        }
+    }
+
+    return { apiUrl: '', apiToken: '' };
+}
+
+function resolveProjectsEndpoint(apiUrl) {
+    const parsed = new URL(apiUrl);
+    const pathname = parsed.pathname.replace(/\/+$/, '');
+
+    if (pathname.endsWith('/api/projects')) {
+        parsed.pathname = `${pathname}/`;
+    } else if (pathname.endsWith('/api')) {
+        parsed.pathname = `${pathname}/projects/`;
+    } else if (!pathname || pathname === '/') {
+        parsed.pathname = PROJECT_LIST_PATH;
+    } else {
+        parsed.pathname = `${pathname}${PROJECT_LIST_PATH}`;
+    }
+
+    parsed.search = '';
+    parsed.hash = '';
+    return parsed.toString();
+}
+
+function toProjectName(entry) {
+    if (typeof entry === 'string') return entry.trim();
+    if (!entry || typeof entry !== 'object') return '';
+
+    const nameFields = [
+        'name',
+        'projectName',
+        'project_name',
+        'displayName',
+        'display_name',
+        'title',
+    ];
+
+    for (const key of nameFields) {
+        const value = entry[key];
+        if (typeof value === 'string' && value.trim()) {
+            return value.trim();
+        }
+    }
+
+    if (entry.project && typeof entry.project === 'object') {
+        return toProjectName(entry.project);
+    }
+
+    return '';
+}
+
+function collectProjectLists(payload) {
+    const collections = [];
+
+    if (Array.isArray(payload)) {
+        collections.push(payload);
+    }
+
+    if (payload && typeof payload === 'object') {
+        const keys = ['projects', 'data', 'results', 'items'];
+        for (const key of keys) {
+            if (Array.isArray(payload[key])) {
+                collections.push(payload[key]);
+            }
+        }
+    }
+
+    return collections;
+}
+
+function extractProjectNames(payload) {
+    const names = new Set();
+    for (const list of collectProjectLists(payload)) {
+        for (const entry of list) {
+            const name = toProjectName(entry);
+            if (name) names.add(name);
+        }
+    }
+
+    return [...names].sort((a, b) => a.localeCompare(b));
+}
+
+/**
+ * Whether a project object is marked for AI / vibe review kit selection.
+ * Only entries with an explicit true-like `is_vibe_review` (or common API aliases) qualify.
+ */
+export function isVibeReviewProject(entry) {
+    if (!entry || typeof entry !== 'object') return false;
+
+    const keys = ['is_vibe_review', 'isVibeReview', 'vibe_review', 'vibeReview'];
+    for (const key of keys) {
+        if (!Object.prototype.hasOwnProperty.call(entry, key)) continue;
+        const value = entry[key];
+        if (value === true || value === 1) return true;
+        if (typeof value === 'string') {
+            const v = value.toLowerCase().trim();
+            if (v === 'true' || v === '1' || v === 'yes') return true;
+        }
+        return false;
+    }
+
+    return false;
+}
+
+/**
+ * Extract { name, entry } pairs from a projects API payload.
+ */
+export function extractProjectEntries(payload) {
+    const out = [];
+    const seen = new Set();
+
+    for (const list of collectProjectLists(payload)) {
+        for (const entry of list) {
+            const name = toProjectName(entry);
+            if (!name || seen.has(name)) continue;
+            seen.add(name);
+            out.push({ name, entry });
+        }
+    }
+
+    out.sort((a, b) => a.name.localeCompare(b.name));
+    return out;
+}
+
+async function fetchProjectsPayload(apiUrl, apiToken) {
+    const endpoint = resolveProjectsEndpoint(apiUrl);
+
+    let response;
+    try {
+        response = await fetch(endpoint, {
+            method: 'GET',
+            headers: {
+                Authorization: `Bearer ${apiToken}`,
+                Accept: 'application/json',
+            },
+        });
+    } catch (err) {
+        throw new Error(`Could not reach SRAI API at ${endpoint}: ${err.message}`);
+    }
+
+    if (!response.ok) {
+        throw new Error(
+            `Project fetch failed (${response.status} ${response.statusText}) at ${endpoint}`,
+        );
+    }
+
+    let payload;
+    try {
+        payload = await response.json();
+    } catch {
+        throw new Error(`Project fetch returned non-JSON content at ${endpoint}`);
+    }
+
+    return { payload, endpoint };
+}
+
+/**
+ * Fetch all project names from SRAI (no filtering).
+ */
+export async function fetchProjectNames(apiUrl, apiToken) {
+    const { payload, endpoint } = await fetchProjectsPayload(apiUrl, apiToken);
+    const names = extractProjectNames(payload);
+    if (names.length === 0) {
+        throw new Error(`No project names found in API response from ${endpoint}`);
+    }
+
+    return names;
+}
+
+/**
+ * Fetch project names that have `is_vibe_review` (or API alias) set true — used for kit init / project switch.
+ */
+export async function fetchVibeReviewProjectNames(apiUrl, apiToken) {
+    const { payload, endpoint } = await fetchProjectsPayload(apiUrl, apiToken);
+    const entries = extractProjectEntries(payload);
+    const names = entries.filter(({ entry }) => isVibeReviewProject(entry)).map(({ name }) => name);
+
+    if (names.length === 0) {
+        throw new Error(
+            `No projects with vibe review enabled (is_vibe_review=true) were returned from ${endpoint}. ` +
+                'Enable vibe review on at least one SRAI project, or check your API token and URL.',
+        );
+    }
+
+    return names;
+}

package/dist/api.js

@@ -1,44 +0,0 @@
-import { apiBaseUrl } from "./config.js";
-export class VibeReviewApiClient {
-    baseUrl;
-    apiKey;
-    constructor(config) {
-        this.baseUrl = apiBaseUrl(config).replace(/\/$/, "");
-        this.apiKey = config.api_key;
-    }
-    async listProjects() {
-        return this.request("/v1/projects");
-    }
-    async getAuthContext() {
-        return this.request("/v1/mcp/auth-context");
-    }
-    async getProject(projectSlug) {
-        return this.request(`/v1/projects/${encodeURIComponent(projectSlug)}`);
-    }
-    async getGuardrails(projectSlug) {
-        return this.request(`/v1/projects/${encodeURIComponent(projectSlug)}/guardrails`);
-    }
-    async syncCTMMarkdown(projectSlug, payload) {
-        return this.request(`/v1/mcp/projects/${encodeURIComponent(projectSlug)}/ctm-sync-markdown`, {
-            method: "POST",
-            body: payload,
-        });
-    }
-    async request(path, options = {}) {
-        if (!this.apiKey) {
-            throw new Error("Missing VibeReview API key in .vibreview/config.json");
-        }
-        const response = await fetch(`${this.baseUrl}${path}`, {
-            method: options.method ?? "GET",
-            headers: {
-                Authorization: `Bearer ${this.apiKey}`,
-                ...(options.body ? { "Content-Type": "application/json" } : {}),
-            },
-            body: options.body ? JSON.stringify(options.body) : undefined,
-        });
-        if (!response.ok) {
-            throw new Error(`VibeReview API request failed (${response.status}): ${await response.text()}`);
-        }
-        return response.json();
-    }
-}

package/dist/commands/guardrails.js

@@ -1,13 +0,0 @@
-import chalk from "chalk";
-import { VibeReviewApiClient } from "../api.js";
-import { readConfig } from "../config.js";
-export async function guardrailsCommand(options = {}) {
-    const config = await readConfig(options.cwd ?? process.cwd());
-    if (!config)
-        throw new Error("VibeReview is not initialized. Run `securityreview-kit init` first.");
-    const guardrails = await new VibeReviewApiClient(config).getGuardrails(config.project_slug);
-    console.log(chalk.bold(`${guardrails.length} guardrail(s)`));
-    for (const guardrail of guardrails) {
-        console.log(`${guardrail.type.toUpperCase()} [${guardrail.category}] ${guardrail.title}`);
-    }
-}

package/dist/commands/init.js

@@ -1,88 +0,0 @@
-import inquirer from "inquirer";
-import chalk from "chalk";
-import { VibeReviewApiClient } from "../api.js";
-import { scaffoldProject } from "../scaffold/index.js";
-export async function initCommand(options = {}) {
-    const cwd = options.cwd ?? process.cwd();
-    const answers = await promptForMissing(options);
-    const client = new VibeReviewApiClient({
-        server_url: answers.serverUrl,
-        api_base_url: answers.apiBaseUrl,
-        api_key: answers.apiKey,
-    });
-    const authContext = await client.getAuthContext();
-    const projects = await loadProjects(client);
-    const selected = await selectProject(projects, authContext, answers.projectSlug, answers.projectId, answers.yes);
-    const config = {
-        version: 1,
-        server_url: answers.serverUrl,
-        api_base_url: answers.apiBaseUrl,
-        api_key: answers.apiKey,
-        tenant_id: authContext.tenant_id,
-        project_slug: selected.slug,
-        project_id: selected.id,
-        project_name: selected.name,
-        ide: answers.ide,
-    };
-    await scaffoldProject(cwd, config);
-    console.log(chalk.green(`VibeReview initialized for project ${selected.slug}.`));
-    console.log(chalk.dim(`Tenant: ${authContext.tenant_id}`));
-    console.log(chalk.dim(`MCP: ${answers.serverUrl.replace(/\/$/, "")}/mcp`));
-}
-async function promptForMissing(options) {
-    const questions = [];
-    if (!options.ide) {
-        questions.push({
-            type: "checkbox",
-            name: "ide",
-            message: "Which IDEs do you use?",
-            choices: [
-                { name: "Claude Code", value: "claude_code" },
-                { name: "Cursor", value: "cursor" },
-                { name: "VSCode Copilot", value: "vscode_copilot" },
-                { name: "Codex", value: "codex" },
-                { name: "Gemini", value: "gemini" },
-                { name: "Windsurf", value: "windsurf" },
-            ],
-            default: ["claude_code"],
-        });
-    }
-    if (!options.serverUrl)
-        questions.push({ type: "input", name: "serverUrl", message: "VibeReview MCP server URL", default: "http://localhost:3000" });
-    if (!options.apiBaseUrl)
-        questions.push({ type: "input", name: "apiBaseUrl", message: "VibeReview API URL", default: "http://localhost:8000" });
-    if (!options.apiKey)
-        questions.push({ type: "password", name: "apiKey", message: "VibeReview API key", mask: "*" });
-    const answers = questions.length ? await inquirer.prompt(questions) : {};
-    return {
-        serverUrl: (options.serverUrl ?? answers.serverUrl),
-        apiBaseUrl: (options.apiBaseUrl ?? answers.apiBaseUrl),
-        apiKey: (options.apiKey ?? answers.apiKey),
-        projectSlug: options.projectSlug,
-        projectId: options.projectId,
-        ide: (options.ide ?? answers.ide ?? ["claude_code"]),
-        yes: options.yes ?? false,
-    };
-}
-async function loadProjects(client) {
-    return client.listProjects();
-}
-async function selectProject(projects, authContext, slug, projectId, yes) {
-    const requested = projects.find((project) => project.id === projectId || project.slug === slug);
-    if (requested)
-        return requested;
-    const scopedProject = authContext.project_id ? projects.find((project) => project.id === authContext.project_id) : undefined;
-    if (scopedProject)
-        return scopedProject;
-    if (slug && yes)
-        return { id: projectId ?? "", name: slug, slug };
-    if (projects.length === 0) {
-        throw new Error("No VibeReview projects were visible for this API key. Create a project in the SaaS app first.");
-    }
-    if (yes)
-        return projects[0];
-    const answer = await inquirer.prompt([
-        { type: "list", name: "project", message: "Select a VibeReview project", choices: projects.map((project) => ({ name: `${project.name} (${project.slug})`, value: project.slug })) },
-    ]);
-    return projects.find((project) => project.slug === answer.project) ?? projects[0];
-}

package/dist/commands/profile.js

@@ -1,14 +0,0 @@
-import chalk from "chalk";
-import { readConfig } from "../config.js";
-export async function profileCommand(options = {}) {
-    const cwd = options.cwd ?? process.cwd();
-    const config = await readConfig(cwd);
-    if (!config) {
-        console.log(chalk.yellow("VibeReview is not initialized. Run `securityreview-kit init` first."));
-        return;
-    }
-    console.log(chalk.yellow("Local profiling is deprecated for VibeReview SaaS."));
-    console.log(`Project ${config.project_slug} is profiled server-side after project creation, and guardrails are served through the VibeReview MCP/KV path.`);
-    if (options.push)
-        console.log(chalk.dim("--push was ignored."));
-}

package/dist/commands/status.js

@@ -1,27 +0,0 @@
-import chalk from "chalk";
-import { VibeReviewApiClient } from "../api.js";
-import { readConfig } from "../config.js";
-export async function statusCommand(options = {}) {
-    const cwd = options.cwd ?? process.cwd();
-    const config = await readConfig(cwd);
-    if (!config) {
-        console.log(chalk.yellow("VibeReview is not initialized. Run `securityreview-kit init`."));
-        return;
-    }
-    console.log(chalk.bold("VibeReview status"));
-    console.log(`Project: ${config.project_slug}`);
-    if (config.project_id)
-        console.log(`Project ID: ${config.project_id}`);
-    if (config.tenant_id)
-        console.log(`Tenant ID: ${config.tenant_id}`);
-    console.log(`MCP server: ${config.server_url}`);
-    console.log(`IDEs: ${config.ide.join(", ")}`);
-    console.log(`Last synced: ${config.last_synced ?? "never"}`);
-    try {
-        const guardrails = await new VibeReviewApiClient(config).getGuardrails(config.project_slug);
-        console.log(`Guardrails: ${guardrails.length}`);
-    }
-    catch (error) {
-        console.log(chalk.yellow(`Remote check skipped: ${error instanceof Error ? error.message : String(error)}`));
-    }
-}

package/dist/commands/sync.js

@@ -1,6 +0,0 @@
-import chalk from "chalk";
-import { syncTelemetry } from "../sync/index.js";
-export async function syncCommand(options = {}) {
-    const result = await syncTelemetry(options.cwd ?? process.cwd(), { force: options.force });
-    console.log(chalk.green(`Synced ${result.synced} artifact(s), skipped ${result.skipped} unchanged artifact(s).`));
-}

package/dist/config.js

@@ -1,18 +0,0 @@
-import { join } from "node:path";
-import { readJson, writeJson } from "./fs.js";
-export const CONFIG_DIR = ".vibreview";
-export const CONFIG_PATH = join(CONFIG_DIR, "config.json");
-export const SYNC_STATE_PATH = join(CONFIG_DIR, "sync-state.json");
-export const SCANS_DIR = join(CONFIG_DIR, "scans");
-export function resolveConfigPath(cwd) {
-    return join(cwd, CONFIG_PATH);
-}
-export async function readConfig(cwd) {
-    return readJson(resolveConfigPath(cwd));
-}
-export async function writeConfig(cwd, config) {
-    await writeJson(resolveConfigPath(cwd), config);
-}
-export function apiBaseUrl(config) {
-    return config.api_base_url ?? config.server_url.replace(/\/mcp\/?$/, "").replace(/:3000$/, ":8000");
-}

package/dist/fs.js

@@ -1,43 +0,0 @@
-import { mkdir, readFile, writeFile } from "node:fs/promises";
-import { dirname } from "node:path";
-export async function ensureDir(path) {
-    await mkdir(path, { recursive: true });
-}
-export async function readText(path) {
-    try {
-        return await readFile(path, "utf8");
-    }
-    catch {
-        return "";
-    }
-}
-export async function writeText(path, content) {
-    await ensureDir(dirname(path));
-    await writeFile(path, content, "utf8");
-}
-export async function readJson(path) {
-    try {
-        return JSON.parse(await readFile(path, "utf8"));
-    }
-    catch {
-        return null;
-    }
-}
-export async function writeJson(path, data) {
-    await writeText(path, `${JSON.stringify(data, null, 2)}\n`);
-}
-export async function upsertBlock(path, start, end, content) {
-    const block = `${start}\n${content.trim()}\n${end}`;
-    const existing = await readText(path);
-    if (!existing) {
-        await writeText(path, `${block}\n`);
-        return;
-    }
-    const startIndex = existing.indexOf(start);
-    const endIndex = existing.indexOf(end);
-    if (startIndex >= 0 && endIndex >= 0) {
-        await writeText(path, `${existing.slice(0, startIndex)}${block}${existing.slice(endIndex + end.length)}`);
-        return;
-    }
-    await writeText(path, `${existing.trimEnd()}\n\n${block}\n`);
-}

package/dist/index.js

@@ -1,44 +0,0 @@
-#!/usr/bin/env node
-import { Command } from "commander";
-import { guardrailsCommand } from "./commands/guardrails.js";
-import { initCommand } from "./commands/init.js";
-import { profileCommand } from "./commands/profile.js";
-import { statusCommand } from "./commands/status.js";
-import { syncCommand } from "./commands/sync.js";
-const program = new Command();
-program.name("securityreview-kit").description("VibeReview IDE integration CLI").version("0.1.0");
-program
-    .command("init")
-    .description("Initialize VibeReview in this repository")
-    .option("--server-url <url>", "VibeReview MCP server URL")
-    .option("--api-base-url <url>", "VibeReview API URL")
-    .option("--api-key <key>", "VibeReview API key")
-    .option("--project-slug <slug>", "VibeReview project slug")
-    .option("--project-id <id>", "VibeReview project ID")
-    .option("--ide <ide...>", "IDE targets")
-    .option("-y, --yes", "Use provided values without project selection prompt")
-    .action((options) => initCommand({
-    serverUrl: options.serverUrl,
-    apiBaseUrl: options.apiBaseUrl,
-    apiKey: options.apiKey,
-    projectSlug: options.projectSlug,
-    projectId: options.projectId,
-    ide: options.ide,
-    yes: options.yes,
-}));
-program
-    .command("profile")
-    .description("Explain server-side VibeReview profiling")
-    .option("--push", "Deprecated; profiling runs server-side")
-    .action((options) => profileCommand({ push: options.push }));
-program
-    .command("sync")
-    .description("Sync local scan telemetry")
-    .option("--force", "Re-sync unchanged artifacts")
-    .action((options) => syncCommand({ force: options.force }));
-program.command("status").description("Show VibeReview link status").action(() => statusCommand());
-program.command("guardrails").description("List project guardrails").action(() => guardrailsCommand());
-program.parseAsync().catch((error) => {
-    console.error(error instanceof Error ? error.message : String(error));
-    process.exitCode = 1;
-});

package/dist/profile.js

@@ -1,113 +0,0 @@
-import { readdir, readFile, stat } from "node:fs/promises";
-import { extname, join } from "node:path";
-const LANGUAGE_BY_EXTENSION = {
-    ".py": "python",
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".go": "go",
-    ".java": "java",
-    ".rb": "ruby",
-    ".php": "php",
-    ".cs": "csharp",
-    ".rs": "rust",
-    ".kt": "kotlin",
-    ".swift": "swift",
-};
-const SKIP_DIRS = new Set([".git", "node_modules", ".venv", "venv", "dist", "build", ".turbo", "__pycache__"]);
-export async function profileRepository(cwd) {
-    const files = await collectFiles(cwd);
-    const languageCounts = {};
-    const frameworks = new Set();
-    const databases = new Set();
-    const auth = new Set();
-    const infrastructure = new Set();
-    const apiProtocols = new Set();
-    for (const file of files) {
-        const language = LANGUAGE_BY_EXTENSION[extname(file)];
-        if (language)
-            languageCounts[language] = (languageCounts[language] ?? 0) + 1;
-        const lower = file.toLowerCase();
-        if (lower.endsWith("package.json")) {
-            const pkg = await readJsonSafe(file);
-            const deps = { ...(pkg?.dependencies ?? {}), ...(pkg?.devDependencies ?? {}) };
-            if (deps.react)
-                frameworks.add("react");
-            if (deps.next)
-                frameworks.add("nextjs");
-            if (deps["@nestjs/core"])
-                frameworks.add("nestjs");
-            if (deps.express)
-                frameworks.add("express");
-            if (deps.hono)
-                frameworks.add("honojs");
-            if (deps["@apollo/server"])
-                apiProtocols.add("graphql");
-        }
-        if (lower.endsWith("pyproject.toml") || lower.endsWith("requirements.txt")) {
-            const text = await readFile(file, "utf8").catch(() => "");
-            if (/fastapi/i.test(text))
-                frameworks.add("fastapi");
-            if (/flask/i.test(text))
-                frameworks.add("flask");
-            if (/django/i.test(text))
-                frameworks.add("django");
-            if (/sqlalchemy/i.test(text))
-                frameworks.add("sqlalchemy");
-        }
-        if (lower.includes("dockerfile") || lower.endsWith("docker-compose.yml"))
-            infrastructure.add("docker");
-        if (lower.includes(".github/workflows"))
-            infrastructure.add("github-actions");
-        if (lower.includes("kubernetes") || lower.endsWith(".helm.yaml"))
-            infrastructure.add("kubernetes");
-        if (/postgres|postgresql/.test(lower))
-            databases.add("postgresql");
-        if (/redis/.test(lower))
-            databases.add("redis");
-        if (/mongo/.test(lower))
-            databases.add("mongodb");
-        if (/jwt|oauth|oidc|auth0|zitadel|okta|keycloak/.test(lower))
-            auth.add(RegExp.lastMatch.toLowerCase());
-        if (/openapi|swagger|graphql|grpc/.test(lower))
-            apiProtocols.add(RegExp.lastMatch.toLowerCase());
-    }
-    return {
-        languages: percentages(languageCounts),
-        frameworks: [...frameworks].sort(),
-        databases: [...databases].sort(),
-        auth: [...auth].sort(),
-        infrastructure: [...infrastructure].sort(),
-        api_protocols: [...apiProtocols].sort(),
-        generated_at: new Date().toISOString(),
-    };
-}
-async function collectFiles(root, current = root, output = []) {
-    for (const entry of await readdir(current, { withFileTypes: true }).catch(() => [])) {
-        if (entry.isDirectory()) {
-            if (!SKIP_DIRS.has(entry.name))
-                await collectFiles(root, join(current, entry.name), output);
-            continue;
-        }
-        const path = join(current, entry.name);
-        const info = await stat(path).catch(() => null);
-        if (info && info.size < 1_000_000)
-            output.push(path);
-    }
-    return output;
-}
-async function readJsonSafe(path) {
-    try {
-        return JSON.parse(await readFile(path, "utf8"));
-    }
-    catch {
-        return null;
-    }
-}
-function percentages(counts) {
-    const total = Object.values(counts).reduce((sum, value) => sum + value, 0);
-    if (total === 0)
-        return {};
-    return Object.fromEntries(Object.entries(counts).map(([key, value]) => [key, Math.round((value / total) * 100)]));
-}