@syke1/mcp-server 1.0.0

package/dist/license/validator.js

@@ -0,0 +1,297 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startHeartbeat = startHeartbeat;
+exports.stopAndDeactivate = stopAndDeactivate;
+exports.getDeviceId = getDeviceId;
+exports.checkLicense = checkLicense;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const https = __importStar(require("https"));
+const crypto = __importStar(require("crypto"));
+const CACHE_DIR = path.join(os.homedir(), ".syke");
+const CACHE_FILE = path.join(CACHE_DIR, ".license-cache.json");
+const CONFIG_FILE = path.join(CACHE_DIR, "config.json");
+// Cache durations
+const CACHE_MAX_AGE = 24 * 60 * 60 * 1000; // 24 hours
+const CACHE_GRACE_PERIOD = 7 * 24 * 60 * 60 * 1000; // 7 days offline grace
+// Heartbeat interval
+const HEARTBEAT_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes
+// Cloud Function URLs
+const BASE_URL = "https://us-central1-syke-cloud.cloudfunctions.net";
+const VALIDATE_URL = `${BASE_URL}/validateLicenseKey`;
+const HEARTBEAT_URL = `${BASE_URL}/licenseHeartbeat`;
+const DEACTIVATE_URL = `${BASE_URL}/licenseDeactivate`;
+// Module state for heartbeat
+let heartbeatTimer = null;
+let currentLicenseKey = null;
+let currentDeviceId = null;
+/**
+ * Generate a stable device fingerprint from machine info
+ */
+function getDeviceFingerprint() {
+    const raw = `${os.hostname()}:${os.userInfo().username}:${os.platform()}:${os.arch()}`;
+    return crypto.createHash("sha256").update(raw).digest("hex").substring(0, 16);
+}
+/**
+ * Human-readable device name for dashboard display
+ */
+function getDeviceName() {
+    const platformNames = {
+        win32: "Windows",
+        darwin: "macOS",
+        linux: "Linux",
+    };
+    const platformName = platformNames[os.platform()] || os.platform();
+    return `${os.hostname()} (${platformName})`;
+}
+/**
+ * Read license key from env var or config file
+ */
+function getLicenseKey() {
+    // 1. Environment variable
+    const envKey = process.env.SYKE_LICENSE_KEY;
+    if (envKey && envKey.startsWith("SYKE-"))
+        return envKey;
+    // 2. Config file
+    try {
+        if (fs.existsSync(CONFIG_FILE)) {
+            const config = JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
+            if (config.licenseKey && config.licenseKey.startsWith("SYKE-"))
+                return config.licenseKey;
+        }
+    }
+    catch {
+        // ignore
+    }
+    return null;
+}
+/**
+ * Read cached license validation result
+ */
+function readCache() {
+    try {
+        if (!fs.existsSync(CACHE_FILE))
+            return null;
+        const data = JSON.parse(fs.readFileSync(CACHE_FILE, "utf-8"));
+        if (!data || typeof data.cachedAt !== "number")
+            return null;
+        return data;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Write license validation result to cache
+ */
+function writeCache(data) {
+    try {
+        if (!fs.existsSync(CACHE_DIR)) {
+            fs.mkdirSync(CACHE_DIR, { recursive: true });
+        }
+        fs.writeFileSync(CACHE_FILE, JSON.stringify(data, null, 2));
+    }
+    catch {
+        // silently fail — cache is optional
+    }
+}
+/**
+ * POST JSON to a URL, return parsed response
+ */
+function postJSON(url, body) {
+    return new Promise((resolve) => {
+        const payload = JSON.stringify(body);
+        const parsedUrl = new URL(url);
+        const req = https.request({
+            hostname: parsedUrl.hostname,
+            path: parsedUrl.pathname,
+            method: "POST",
+            timeout: 10000,
+            headers: {
+                "Content-Type": "application/json",
+                "Content-Length": Buffer.byteLength(payload),
+            },
+        }, (res) => {
+            let data = "";
+            res.on("data", (chunk) => { data += chunk.toString(); });
+            res.on("end", () => {
+                try {
+                    resolve(JSON.parse(data));
+                }
+                catch {
+                    resolve({ valid: false });
+                }
+            });
+        });
+        req.on("error", () => resolve({ valid: false }));
+        req.on("timeout", () => { req.destroy(); resolve({ valid: false }); });
+        req.write(payload);
+        req.end();
+    });
+}
+/**
+ * Validate license online with device binding
+ */
+async function validateOnline(key) {
+    const deviceId = getDeviceFingerprint();
+    const deviceName = getDeviceName();
+    return postJSON(VALIDATE_URL, { key, deviceId, deviceName });
+}
+/**
+ * Send heartbeat to keep session alive
+ */
+async function sendHeartbeat() {
+    if (!currentLicenseKey || !currentDeviceId)
+        return;
+    try {
+        await postJSON(HEARTBEAT_URL, {
+            key: currentLicenseKey,
+            deviceId: currentDeviceId,
+        });
+    }
+    catch {
+        // silently fail — next heartbeat will retry
+    }
+}
+/**
+ * Deactivate session — called on graceful shutdown
+ */
+async function sendDeactivate() {
+    if (!currentLicenseKey || !currentDeviceId)
+        return;
+    try {
+        await postJSON(DEACTIVATE_URL, {
+            key: currentLicenseKey,
+            deviceId: currentDeviceId,
+        });
+    }
+    catch {
+        // best-effort — server will timeout the session anyway
+    }
+}
+/**
+ * Start heartbeat interval (called after successful Pro validation)
+ */
+function startHeartbeat(key, deviceId) {
+    currentLicenseKey = key;
+    currentDeviceId = deviceId;
+    if (heartbeatTimer)
+        clearInterval(heartbeatTimer);
+    heartbeatTimer = setInterval(sendHeartbeat, HEARTBEAT_INTERVAL_MS);
+}
+/**
+ * Stop heartbeat and deactivate session (called on shutdown)
+ */
+async function stopAndDeactivate() {
+    if (heartbeatTimer) {
+        clearInterval(heartbeatTimer);
+        heartbeatTimer = null;
+    }
+    await sendDeactivate();
+    currentLicenseKey = null;
+    currentDeviceId = null;
+}
+/**
+ * Get current device fingerprint (exported for use by index.ts)
+ */
+function getDeviceId() {
+    return getDeviceFingerprint();
+}
+/**
+ * Main license validation — called on MCP server startup
+ */
+async function checkLicense() {
+    const key = getLicenseKey();
+    // No key → Free mode
+    if (!key) {
+        return { plan: "free", source: "default" };
+    }
+    // Check cache first
+    const cache = readCache();
+    const now = Date.now();
+    if (cache && cache.valid && (now - cache.cachedAt) < CACHE_MAX_AGE) {
+        // Cache is fresh — still start heartbeat with cached session
+        startHeartbeat(key, getDeviceFingerprint());
+        return {
+            plan: "pro",
+            email: cache.email,
+            expiresAt: cache.expiresAt,
+            source: "cache",
+        };
+    }
+    // Try online validation (with device binding)
+    const result = await validateOnline(key);
+    if (result.valid) {
+        // Update cache
+        writeCache({
+            valid: true,
+            plan: result.plan,
+            email: result.email,
+            expiresAt: result.expiresAt,
+            cachedAt: now,
+        });
+        // Start heartbeat
+        startHeartbeat(key, getDeviceFingerprint());
+        return {
+            plan: "pro",
+            email: result.email,
+            expiresAt: result.expiresAt,
+            source: "online",
+        };
+    }
+    // Device/session error — pass through error message
+    if (result.error) {
+        return {
+            plan: "free",
+            source: "online",
+            error: result.error,
+        };
+    }
+    // Online validation failed — check if we have a grace-period cache
+    if (cache && cache.valid && (now - cache.cachedAt) < CACHE_GRACE_PERIOD) {
+        startHeartbeat(key, getDeviceFingerprint());
+        return {
+            plan: "pro",
+            email: cache.email,
+            expiresAt: cache.expiresAt,
+            source: "cache",
+        };
+    }
+    // No valid cache within grace period → Free mode
+    writeCache({ valid: false, cachedAt: now });
+    return { plan: "free", source: "default" };
+}

package/dist/tools/analyze-impact.d.ts

@@ -0,0 +1,23 @@
+import { DependencyGraph } from "../graph";
+export type RiskLevel = "HIGH" | "MEDIUM" | "LOW" | "NONE";
+export interface ImpactResult {
+    filePath: string;
+    relativePath: string;
+    riskLevel: RiskLevel;
+    directDependents: string[];
+    transitiveDependents: string[];
+    totalImpacted: number;
+}
+/**
+ * BFS reverse traversal to find all files impacted by modifying `filePath`.
+ */
+export declare function analyzeImpact(filePath: string, graph: DependencyGraph): ImpactResult;
+export declare function classifyRisk(count: number): RiskLevel;
+/**
+ * Rank files by number of reverse dependents (hub score).
+ */
+export declare function getHubFiles(graph: DependencyGraph, topN?: number): Array<{
+    relativePath: string;
+    dependentCount: number;
+    riskLevel: RiskLevel;
+}>;

package/dist/tools/analyze-impact.js

@@ -0,0 +1,102 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeImpact = analyzeImpact;
+exports.classifyRisk = classifyRisk;
+exports.getHubFiles = getHubFiles;
+const path = __importStar(require("path"));
+/**
+ * BFS reverse traversal to find all files impacted by modifying `filePath`.
+ */
+function analyzeImpact(filePath, graph) {
+    const normalized = path.normalize(filePath);
+    // Direct dependents (depth 1)
+    const directDependents = graph.reverse.get(normalized) || [];
+    // BFS for transitive dependents (all depths)
+    const visited = new Set();
+    const queue = [...directDependents];
+    for (const d of directDependents) {
+        visited.add(d);
+    }
+    while (queue.length > 0) {
+        const current = queue.shift();
+        const dependents = graph.reverse.get(current) || [];
+        for (const dep of dependents) {
+            if (!visited.has(dep) && dep !== normalized) {
+                visited.add(dep);
+                queue.push(dep);
+            }
+        }
+    }
+    const totalImpacted = visited.size;
+    // Transitive-only = all visited minus direct
+    const directSet = new Set(directDependents);
+    const transitiveDependents = [...visited].filter((f) => !directSet.has(f));
+    const riskLevel = classifyRisk(totalImpacted);
+    const toRelative = (f) => path.relative(graph.sourceDir, f).replace(/\\/g, "/");
+    return {
+        filePath: normalized,
+        relativePath: toRelative(normalized),
+        riskLevel,
+        directDependents: directDependents.map(toRelative),
+        transitiveDependents: transitiveDependents.map(toRelative),
+        totalImpacted,
+    };
+}
+function classifyRisk(count) {
+    if (count >= 10)
+        return "HIGH";
+    if (count >= 5)
+        return "MEDIUM";
+    if (count >= 1)
+        return "LOW";
+    return "NONE";
+}
+/**
+ * Rank files by number of reverse dependents (hub score).
+ */
+function getHubFiles(graph, topN = 10) {
+    const entries = [];
+    for (const file of graph.files) {
+        const revDeps = graph.reverse.get(file) || [];
+        entries.push({ file, count: revDeps.length });
+    }
+    entries.sort((a, b) => b.count - a.count);
+    return entries.slice(0, topN).map((e) => ({
+        relativePath: path.relative(graph.sourceDir, e.file).replace(/\\/g, "/"),
+        dependentCount: e.count,
+        riskLevel: classifyRisk(e.count),
+    }));
+}

package/dist/tools/gate-build.d.ts

@@ -0,0 +1,25 @@
+import { DependencyGraph } from "../graph";
+export type GateVerdict = "PASS" | "WARN" | "FAIL";
+export interface GateIssue {
+    file: string;
+    severity: "CRITICAL" | "HIGH" | "MEDIUM" | "LOW";
+    description: string;
+}
+export interface GateResult {
+    verdict: GateVerdict;
+    statusLine: string;
+    issues: GateIssue[];
+    recommendation: string;
+    stats: {
+        filesInGraph: number;
+        unresolvedWarnings: number;
+    };
+    autoAcknowledged: number;
+}
+/**
+ * Run the build gate check.
+ * If `specifiedFiles` is provided, only warnings for those files are considered.
+ * Cycle detection also starts from those files.
+ */
+export declare function gateCheck(graph: DependencyGraph, specifiedFiles?: string[]): GateResult;
+export declare function formatGateResult(result: GateResult): string;

package/dist/tools/gate-build.js

@@ -0,0 +1,243 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gateCheck = gateCheck;
+exports.formatGateResult = formatGateResult;
+const path = __importStar(require("path"));
+const server_1 = require("../web/server");
+const analyze_impact_1 = require("./analyze-impact");
+/**
+ * DFS forward traversal from specified files to detect circular dependencies.
+ * Returns at most `maxCycles` cycles for performance.
+ */
+function detectCyclesForFiles(files, graph, maxCycles = 10) {
+    const cycles = [];
+    const globalVisited = new Set();
+    for (const startFile of files) {
+        if (!graph.files.has(startFile))
+            continue;
+        const stack = new Set();
+        const pathStack = [];
+        function dfs(file) {
+            if (cycles.length >= maxCycles)
+                return;
+            if (globalVisited.has(file))
+                return;
+            stack.add(file);
+            pathStack.push(file);
+            const deps = graph.forward.get(file) || [];
+            for (const dep of deps) {
+                if (cycles.length >= maxCycles)
+                    break;
+                if (stack.has(dep)) {
+                    // Back-edge found → cycle
+                    const idx = pathStack.indexOf(dep);
+                    if (idx >= 0) {
+                        cycles.push({
+                            cycle: [...pathStack.slice(idx), dep],
+                            file: startFile,
+                        });
+                    }
+                }
+                else if (!globalVisited.has(dep)) {
+                    dfs(dep);
+                }
+            }
+            stack.delete(file);
+            pathStack.pop();
+        }
+        dfs(startFile);
+        // Mark all visited from this start as globally visited
+        for (const f of stack)
+            globalVisited.add(f);
+    }
+    return cycles.slice(0, maxCycles);
+}
+// ── Gate Check ──
+/**
+ * Run the build gate check.
+ * If `specifiedFiles` is provided, only warnings for those files are considered.
+ * Cycle detection also starts from those files.
+ */
+function gateCheck(graph, specifiedFiles) {
+    const allWarnings = (0, server_1.getUnacknowledgedWarnings)();
+    const stats = {
+        filesInGraph: graph.files.size,
+        unresolvedWarnings: allWarnings.length,
+    };
+    // Filter warnings to specified files if provided
+    const warnings = specifiedFiles
+        ? allWarnings.filter((w) => specifiedFiles.some((f) => w.file === f ||
+            f.endsWith(w.file) ||
+            w.file.endsWith(f.replace(/\\/g, "/"))))
+        : allWarnings;
+    const issues = [];
+    // 1. Check warnings by severity
+    for (const w of warnings) {
+        const severity = mapRiskToSeverity(w.riskLevel);
+        if (severity) {
+            issues.push({
+                file: w.file,
+                severity,
+                description: w.summary +
+                    (w.brokenImports.length > 0
+                        ? ` (broken imports: ${w.brokenImports.join(", ")})`
+                        : ""),
+            });
+        }
+    }
+    // 2. Detect cycles for specified files (or skip full-graph scan for perf)
+    const filesToCheck = specifiedFiles || [];
+    const cycles = detectCyclesForFiles(filesToCheck, graph, 10);
+    for (const c of cycles) {
+        const cyclePath = c.cycle
+            .map((f) => path.relative(graph.sourceDir, f).replace(/\\/g, "/"))
+            .join(" → ");
+        issues.push({
+            file: path.relative(graph.sourceDir, c.file).replace(/\\/g, "/"),
+            severity: "CRITICAL",
+            description: `Circular dependency: ${cyclePath}`,
+        });
+    }
+    // 3. Check if hub files were modified
+    if (specifiedFiles) {
+        const hubs = (0, analyze_impact_1.getHubFiles)(graph, 5);
+        const hubPaths = new Set(hubs.map((h) => h.relativePath));
+        for (const f of specifiedFiles) {
+            const rel = path.relative(graph.sourceDir, f).replace(/\\/g, "/");
+            if (hubPaths.has(rel)) {
+                const hub = hubs.find((h) => h.relativePath === rel);
+                issues.push({
+                    file: rel,
+                    severity: "MEDIUM",
+                    description: `Hub file modified (${hub.dependentCount} dependents, ${hub.riskLevel} risk)`,
+                });
+            }
+        }
+    }
+    // ── Determine verdict ──
+    const hasCritical = issues.some((i) => i.severity === "CRITICAL");
+    const highIssues = issues.filter((i) => i.severity === "HIGH");
+    const hasHighWithBroken = highIssues.length > 0 &&
+        warnings.some((w) => w.riskLevel === "HIGH" && w.brokenImports.length > 0);
+    const hasCycles = cycles.length > 0;
+    let verdict;
+    let statusLine;
+    let recommendation;
+    let autoAcknowledged = 0;
+    if (hasCritical || hasHighWithBroken || hasCycles) {
+        verdict = "FAIL";
+        const reasons = [];
+        if (hasCritical)
+            reasons.push("CRITICAL warnings");
+        if (hasHighWithBroken)
+            reasons.push("HIGH warnings with broken imports");
+        if (hasCycles)
+            reasons.push(`${cycles.length} circular dependency(ies)`);
+        statusLine = `BUILD BLOCKED — ${reasons.join(", ")}`;
+        recommendation =
+            "Fix the issues above before building. Use `check_warnings` for details, then `analyze_impact` on affected files.";
+    }
+    else if (highIssues.length > 0 ||
+        issues.some((i) => i.severity === "MEDIUM")) {
+        verdict = "WARN";
+        statusLine = `PROCEED WITH CAUTION — ${issues.length} issue(s) detected`;
+        recommendation =
+            "Review the issues. If you've verified they're safe, proceed with the build. Use `check_warnings acknowledge=true` to clear warnings.";
+    }
+    else {
+        verdict = "PASS";
+        statusLine = "All clear — safe to build";
+        recommendation = "No issues detected. You may proceed with build/deploy.";
+        // Auto-acknowledge warnings on PASS
+        autoAcknowledged = (0, server_1.acknowledgeWarnings)();
+    }
+    return {
+        verdict,
+        statusLine,
+        issues,
+        recommendation,
+        stats,
+        autoAcknowledged,
+    };
+}
+// ── Formatting ──
+function formatGateResult(result) {
+    const icon = result.verdict === "PASS"
+        ? "✅"
+        : result.verdict === "WARN"
+            ? "⚠️"
+            : "🚫";
+    const lines = [
+        `## SYKE Build Gate — ${icon} ${result.verdict}`,
+        "",
+        "### Status",
+        result.statusLine,
+    ];
+    if (result.issues.length > 0) {
+        lines.push("", "### Issues");
+        for (const issue of result.issues) {
+            const issueIcon = issue.severity === "CRITICAL"
+                ? "🚫"
+                : issue.severity === "HIGH"
+                    ? "🔴"
+                    : issue.severity === "MEDIUM"
+                        ? "🟡"
+                        : "🔵";
+            lines.push(`- ${issueIcon} **[${issue.severity}]** ${issue.file}: ${issue.description}`);
+        }
+    }
+    lines.push("", "### Recommendation", result.recommendation);
+    lines.push("", "### Stats", `- Files in graph: ${result.stats.filesInGraph}`, `- Unresolved warnings: ${result.stats.unresolvedWarnings}`);
+    if (result.autoAcknowledged > 0) {
+        lines.push(`- Auto-acknowledged: ${result.autoAcknowledged} warning(s)`);
+    }
+    return lines.join("\n");
+}
+// ── Helpers ──
+function mapRiskToSeverity(riskLevel) {
+    switch (riskLevel) {
+        case "CRITICAL":
+            return "CRITICAL";
+        case "HIGH":
+            return "HIGH";
+        case "MEDIUM":
+            return "MEDIUM";
+        case "LOW":
+            return "LOW";
+        default:
+            return null; // SAFE → no issue
+    }
+}