@vyuhlabs/dxkit 1.6.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (210) hide show
  1. package/CHANGELOG.md +115 -0
  2. package/README.md +3 -3
  3. package/dist/agents/extract.d.ts +25 -0
  4. package/dist/agents/extract.d.ts.map +1 -0
  5. package/dist/agents/extract.js +186 -0
  6. package/dist/agents/extract.js.map +1 -0
  7. package/dist/agents/schemas.d.ts +106 -0
  8. package/dist/agents/schemas.d.ts.map +1 -0
  9. package/dist/agents/schemas.js +86 -0
  10. package/dist/agents/schemas.js.map +1 -0
  11. package/dist/agents/session.d.ts +28 -0
  12. package/dist/agents/session.d.ts.map +1 -0
  13. package/dist/agents/session.js +223 -0
  14. package/dist/agents/session.js.map +1 -0
  15. package/dist/analyzers/developer/detailed.js +1 -1
  16. package/dist/analyzers/developer/detailed.js.map +1 -1
  17. package/dist/analyzers/dispatcher.d.ts +36 -0
  18. package/dist/analyzers/dispatcher.d.ts.map +1 -0
  19. package/dist/analyzers/dispatcher.js +62 -0
  20. package/dist/analyzers/dispatcher.js.map +1 -0
  21. package/dist/analyzers/docs/shallow.d.ts +3 -2
  22. package/dist/analyzers/docs/shallow.d.ts.map +1 -1
  23. package/dist/analyzers/docs/shallow.js +2 -2
  24. package/dist/analyzers/docs/shallow.js.map +1 -1
  25. package/dist/analyzers/dx/shallow.d.ts +3 -2
  26. package/dist/analyzers/dx/shallow.d.ts.map +1 -1
  27. package/dist/analyzers/dx/shallow.js +2 -2
  28. package/dist/analyzers/dx/shallow.js.map +1 -1
  29. package/dist/analyzers/health/actions.d.ts +3 -3
  30. package/dist/analyzers/health/actions.d.ts.map +1 -1
  31. package/dist/analyzers/health/actions.js +99 -52
  32. package/dist/analyzers/health/actions.js.map +1 -1
  33. package/dist/analyzers/health/detailed.d.ts.map +1 -1
  34. package/dist/analyzers/health/detailed.js +6 -2
  35. package/dist/analyzers/health/detailed.js.map +1 -1
  36. package/dist/analyzers/health.d.ts +0 -2
  37. package/dist/analyzers/health.d.ts.map +1 -1
  38. package/dist/analyzers/health.js +134 -72
  39. package/dist/analyzers/health.js.map +1 -1
  40. package/dist/analyzers/maintainability/shallow.d.ts +3 -2
  41. package/dist/analyzers/maintainability/shallow.d.ts.map +1 -1
  42. package/dist/analyzers/maintainability/shallow.js +2 -2
  43. package/dist/analyzers/maintainability/shallow.js.map +1 -1
  44. package/dist/analyzers/quality/detailed.js +1 -1
  45. package/dist/analyzers/quality/detailed.js.map +1 -1
  46. package/dist/analyzers/quality/gather.d.ts +33 -4
  47. package/dist/analyzers/quality/gather.d.ts.map +1 -1
  48. package/dist/analyzers/quality/gather.js +81 -93
  49. package/dist/analyzers/quality/gather.js.map +1 -1
  50. package/dist/analyzers/quality/index.js +4 -4
  51. package/dist/analyzers/quality/index.js.map +1 -1
  52. package/dist/analyzers/quality/shallow.d.ts +3 -2
  53. package/dist/analyzers/quality/shallow.d.ts.map +1 -1
  54. package/dist/analyzers/quality/shallow.js +2 -2
  55. package/dist/analyzers/quality/shallow.js.map +1 -1
  56. package/dist/analyzers/scoring.d.ts +26 -9
  57. package/dist/analyzers/scoring.d.ts.map +1 -1
  58. package/dist/analyzers/scoring.js +83 -71
  59. package/dist/analyzers/scoring.js.map +1 -1
  60. package/dist/analyzers/security/detailed.js +1 -1
  61. package/dist/analyzers/security/detailed.js.map +1 -1
  62. package/dist/analyzers/security/gather.d.ts +28 -5
  63. package/dist/analyzers/security/gather.d.ts.map +1 -1
  64. package/dist/analyzers/security/gather.js +87 -135
  65. package/dist/analyzers/security/gather.js.map +1 -1
  66. package/dist/analyzers/security/index.d.ts +1 -1
  67. package/dist/analyzers/security/index.d.ts.map +1 -1
  68. package/dist/analyzers/security/index.js +16 -11
  69. package/dist/analyzers/security/index.js.map +1 -1
  70. package/dist/analyzers/security/report.d.ts +6 -0
  71. package/dist/analyzers/security/report.d.ts.map +1 -0
  72. package/dist/analyzers/security/report.js +118 -0
  73. package/dist/analyzers/security/report.js.map +1 -0
  74. package/dist/analyzers/security/shallow.d.ts +3 -2
  75. package/dist/analyzers/security/shallow.d.ts.map +1 -1
  76. package/dist/analyzers/security/shallow.js +2 -2
  77. package/dist/analyzers/security/shallow.js.map +1 -1
  78. package/dist/analyzers/tests/detailed.js +1 -1
  79. package/dist/analyzers/tests/detailed.js.map +1 -1
  80. package/dist/analyzers/tests/import-graph.d.ts +8 -22
  81. package/dist/analyzers/tests/import-graph.d.ts.map +1 -1
  82. package/dist/analyzers/tests/import-graph.js +22 -189
  83. package/dist/analyzers/tests/import-graph.js.map +1 -1
  84. package/dist/analyzers/tests/index.d.ts +1 -1
  85. package/dist/analyzers/tests/index.d.ts.map +1 -1
  86. package/dist/analyzers/tests/index.js +3 -3
  87. package/dist/analyzers/tests/index.js.map +1 -1
  88. package/dist/analyzers/tests/shallow.d.ts +3 -2
  89. package/dist/analyzers/tests/shallow.d.ts.map +1 -1
  90. package/dist/analyzers/tests/shallow.js +2 -2
  91. package/dist/analyzers/tests/shallow.js.map +1 -1
  92. package/dist/analyzers/tools/coverage.d.ts +21 -11
  93. package/dist/analyzers/tools/coverage.d.ts.map +1 -1
  94. package/dist/analyzers/tools/coverage.js +32 -44
  95. package/dist/analyzers/tools/coverage.js.map +1 -1
  96. package/dist/analyzers/tools/dotnet.d.ts +8 -0
  97. package/dist/analyzers/tools/dotnet.d.ts.map +1 -0
  98. package/dist/analyzers/tools/dotnet.js +81 -0
  99. package/dist/analyzers/tools/dotnet.js.map +1 -0
  100. package/dist/analyzers/tools/gather-cache.d.ts +16 -0
  101. package/dist/analyzers/tools/gather-cache.d.ts.map +1 -0
  102. package/dist/analyzers/tools/gather-cache.js +126 -0
  103. package/dist/analyzers/tools/gather-cache.js.map +1 -0
  104. package/dist/analyzers/tools/generic.d.ts.map +1 -1
  105. package/dist/analyzers/tools/generic.js +6 -28
  106. package/dist/analyzers/tools/generic.js.map +1 -1
  107. package/dist/analyzers/tools/gitleaks.d.ts +28 -5
  108. package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
  109. package/dist/analyzers/tools/gitleaks.js +91 -37
  110. package/dist/analyzers/tools/gitleaks.js.map +1 -1
  111. package/dist/analyzers/tools/go.d.ts +8 -0
  112. package/dist/analyzers/tools/go.d.ts.map +1 -0
  113. package/dist/analyzers/tools/go.js +84 -0
  114. package/dist/analyzers/tools/go.js.map +1 -0
  115. package/dist/analyzers/tools/graphify.d.ts +31 -3
  116. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  117. package/dist/analyzers/tools/graphify.js +78 -36
  118. package/dist/analyzers/tools/graphify.js.map +1 -1
  119. package/dist/analyzers/tools/grep-secrets.d.ts +6 -0
  120. package/dist/analyzers/tools/grep-secrets.d.ts.map +1 -0
  121. package/dist/analyzers/tools/grep-secrets.js +124 -0
  122. package/dist/analyzers/tools/grep-secrets.js.map +1 -0
  123. package/dist/analyzers/tools/jscpd.d.ts +40 -0
  124. package/dist/analyzers/tools/jscpd.d.ts.map +1 -0
  125. package/dist/analyzers/tools/jscpd.js +96 -0
  126. package/dist/analyzers/tools/jscpd.js.map +1 -0
  127. package/dist/analyzers/tools/node.d.ts +8 -0
  128. package/dist/analyzers/tools/node.d.ts.map +1 -0
  129. package/dist/analyzers/tools/node.js +160 -0
  130. package/dist/analyzers/tools/node.js.map +1 -0
  131. package/dist/analyzers/tools/package-json.d.ts +6 -0
  132. package/dist/analyzers/tools/package-json.d.ts.map +1 -0
  133. package/dist/analyzers/tools/package-json.js +67 -0
  134. package/dist/analyzers/tools/package-json.js.map +1 -0
  135. package/dist/analyzers/tools/parallel.d.ts +22 -5
  136. package/dist/analyzers/tools/parallel.d.ts.map +1 -1
  137. package/dist/analyzers/tools/parallel.js +26 -185
  138. package/dist/analyzers/tools/parallel.js.map +1 -1
  139. package/dist/analyzers/tools/paths.d.ts +21 -0
  140. package/dist/analyzers/tools/paths.d.ts.map +1 -0
  141. package/dist/analyzers/tools/paths.js +62 -0
  142. package/dist/analyzers/tools/paths.js.map +1 -0
  143. package/dist/analyzers/tools/python.d.ts +8 -0
  144. package/dist/analyzers/tools/python.d.ts.map +1 -0
  145. package/dist/analyzers/tools/python.js +81 -0
  146. package/dist/analyzers/tools/python.js.map +1 -0
  147. package/dist/analyzers/tools/rust.d.ts +8 -0
  148. package/dist/analyzers/tools/rust.d.ts.map +1 -0
  149. package/dist/analyzers/tools/rust.js +86 -0
  150. package/dist/analyzers/tools/rust.js.map +1 -0
  151. package/dist/analyzers/tools/semgrep.d.ts +39 -0
  152. package/dist/analyzers/tools/semgrep.d.ts.map +1 -0
  153. package/dist/analyzers/tools/semgrep.js +129 -0
  154. package/dist/analyzers/tools/semgrep.js.map +1 -0
  155. package/dist/analyzers/tools/tool-registry.d.ts +0 -41
  156. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  157. package/dist/analyzers/tools/tool-registry.js +0 -87
  158. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  159. package/dist/analyzers/types.d.ts +42 -30
  160. package/dist/analyzers/types.d.ts.map +1 -1
  161. package/dist/cli.js +2 -2
  162. package/dist/cli.js.map +1 -1
  163. package/dist/constants.d.ts +1 -3
  164. package/dist/constants.d.ts.map +1 -1
  165. package/dist/constants.js +55 -14
  166. package/dist/constants.js.map +1 -1
  167. package/dist/languages/capabilities/descriptors.d.ts +74 -0
  168. package/dist/languages/capabilities/descriptors.d.ts.map +1 -0
  169. package/dist/languages/capabilities/descriptors.js +250 -0
  170. package/dist/languages/capabilities/descriptors.js.map +1 -0
  171. package/dist/languages/capabilities/global.d.ts +43 -0
  172. package/dist/languages/capabilities/global.d.ts.map +1 -0
  173. package/dist/languages/capabilities/global.js +48 -0
  174. package/dist/languages/capabilities/global.js.map +1 -0
  175. package/dist/languages/capabilities/index.d.ts +31 -0
  176. package/dist/languages/capabilities/index.d.ts.map +1 -0
  177. package/dist/languages/capabilities/index.js +56 -0
  178. package/dist/languages/capabilities/index.js.map +1 -0
  179. package/dist/languages/capabilities/provider.d.ts +16 -0
  180. package/dist/languages/capabilities/provider.d.ts.map +1 -0
  181. package/dist/languages/capabilities/provider.js +12 -0
  182. package/dist/languages/capabilities/provider.js.map +1 -0
  183. package/dist/languages/capabilities/types.d.ts +226 -0
  184. package/dist/languages/capabilities/types.d.ts.map +1 -0
  185. package/dist/languages/capabilities/types.js +23 -0
  186. package/dist/languages/capabilities/types.js.map +1 -0
  187. package/dist/languages/csharp.d.ts +8 -0
  188. package/dist/languages/csharp.d.ts.map +1 -1
  189. package/dist/languages/csharp.js +203 -103
  190. package/dist/languages/csharp.js.map +1 -1
  191. package/dist/languages/go.d.ts +13 -7
  192. package/dist/languages/go.d.ts.map +1 -1
  193. package/dist/languages/go.js +277 -183
  194. package/dist/languages/go.js.map +1 -1
  195. package/dist/languages/python.d.ts +14 -0
  196. package/dist/languages/python.d.ts.map +1 -1
  197. package/dist/languages/python.js +276 -169
  198. package/dist/languages/python.js.map +1 -1
  199. package/dist/languages/rust.d.ts +8 -0
  200. package/dist/languages/rust.d.ts.map +1 -1
  201. package/dist/languages/rust.js +218 -131
  202. package/dist/languages/rust.js.map +1 -1
  203. package/dist/languages/types.d.ts +16 -15
  204. package/dist/languages/types.d.ts.map +1 -1
  205. package/dist/languages/typescript.d.ts +12 -11
  206. package/dist/languages/typescript.d.ts.map +1 -1
  207. package/dist/languages/typescript.js +256 -161
  208. package/dist/languages/typescript.js.map +1 -1
  209. package/package.json +1 -1
  210. package/templates/.ai/templates/session-checkpoint-template.md +97 -0
@@ -0,0 +1,8 @@
1
+ /**
2
+ * C# / .NET tool runner — dotnet format, dotnet list package --vulnerable.
3
+ * Layer 1: language-specific tools for .NET projects.
4
+ */
5
+ import { HealthMetrics } from '../types';
6
+ /** Gather .NET-specific metrics. */
7
+ export declare function gatherDotnetMetrics(cwd: string): Partial<HealthMetrics>;
8
+ //# sourceMappingURL=dotnet.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dotnet.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/dotnet.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,oCAAoC;AACpC,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAqFvE"}
@@ -0,0 +1,81 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.gatherDotnetMetrics = gatherDotnetMetrics;
4
+ const runner_1 = require("./runner");
5
+ const tool_registry_1 = require("./tool-registry");
6
+ /** Gather .NET-specific metrics. */
7
+ function gatherDotnetMetrics(cwd) {
8
+ const metrics = {
9
+ toolsUsed: [],
10
+ toolsUnavailable: [],
11
+ };
12
+ // dotnet format (lint/formatting check)
13
+ const dotnet = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS['dotnet-format'], cwd);
14
+ if (dotnet.available) {
15
+ const exitCode = (0, runner_1.runExitCode)('dotnet format --verify-no-changes 2>/dev/null', cwd, 120000);
16
+ if (exitCode === 0) {
17
+ metrics.lintErrors = 0;
18
+ metrics.lintWarnings = 0;
19
+ }
20
+ else {
21
+ // Count format violations from output
22
+ const raw = (0, runner_1.run)('dotnet format --verify-no-changes 2>&1', cwd, 120000);
23
+ const violations = raw ? raw.split('\n').filter((l) => l.includes('Formatted')).length : 1;
24
+ metrics.lintErrors = violations;
25
+ metrics.lintWarnings = 0;
26
+ }
27
+ metrics.lintTool = 'dotnet-format';
28
+ metrics.toolsUsed.push('dotnet-format');
29
+ }
30
+ else {
31
+ metrics.toolsUnavailable.push('dotnet-format');
32
+ }
33
+ // dotnet list package --vulnerable
34
+ if (dotnet.available) {
35
+ const raw = (0, runner_1.run)('dotnet list package --vulnerable --format json 2>/dev/null', cwd, 120000);
36
+ if (raw) {
37
+ try {
38
+ const data = JSON.parse(raw);
39
+ let critical = 0, high = 0, medium = 0, low = 0;
40
+ for (const proj of data.projects || []) {
41
+ for (const fw of proj.frameworks || []) {
42
+ for (const pkg of fw.topLevelPackages || []) {
43
+ for (const adv of pkg.advisories || []) {
44
+ const sev = adv.severity?.toLowerCase();
45
+ if (sev === 'critical')
46
+ critical++;
47
+ else if (sev === 'high')
48
+ high++;
49
+ else if (sev === 'moderate' || sev === 'medium')
50
+ medium++;
51
+ else
52
+ low++;
53
+ }
54
+ }
55
+ }
56
+ }
57
+ if (critical + high + medium + low > 0) {
58
+ metrics.depVulnCritical = critical;
59
+ metrics.depVulnHigh = high;
60
+ metrics.depVulnMedium = medium;
61
+ metrics.depVulnLow = low;
62
+ metrics.depAuditTool = 'dotnet-vulnerable';
63
+ metrics.toolsUsed.push('dotnet-vulnerable');
64
+ }
65
+ }
66
+ catch {
67
+ // --format json not supported in older SDKs — try text parsing
68
+ metrics.toolsUnavailable.push('dotnet-vulnerable (parse error)');
69
+ }
70
+ }
71
+ }
72
+ // Test framework detection
73
+ if ((0, runner_1.fileExists)(cwd, '*.csproj')) {
74
+ const csproj = (0, runner_1.run)("find . -name '*.csproj' -exec grep -l 'xunit\\|nunit\\|MSTest' {} \\; 2>/dev/null | head -1", cwd);
75
+ if (csproj) {
76
+ metrics.testFramework = 'dotnet-test';
77
+ }
78
+ }
79
+ return metrics;
80
+ }
81
+ //# sourceMappingURL=dotnet.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dotnet.js","sourceRoot":"","sources":["../../../src/analyzers/tools/dotnet.ts"],"names":[],"mappings":";;AASA,kDAqFC;AAzFD,qCAAwD;AACxD,mDAAsD;AAEtD,oCAAoC;AACpC,SAAgB,mBAAmB,CAAC,GAAW;IAC7C,MAAM,OAAO,GAA2B;QACtC,SAAS,EAAE,EAAE;QACb,gBAAgB,EAAE,EAAE;KACrB,CAAC;IAEF,wCAAwC;IACxC,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAA,oBAAW,EAAC,+CAA+C,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3F,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC;YACvB,OAAO,CAAC,YAAY,GAAG,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,sCAAsC;YACtC,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,wCAAwC,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3F,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;YAChC,OAAO,CAAC,YAAY,GAAG,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,eAAe,CAAC;QACnC,OAAO,CAAC,SAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,gBAAiB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC;IAED,mCAAmC;IACnC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,4DAA4D,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3F,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAS1B,CAAC;gBACF,IAAI,QAAQ,GAAG,CAAC,EACd,IAAI,GAAG,CAAC,EACR,MAAM,GAAG,CAAC,EACV,GAAG,GAAG,CAAC,CAAC;gBACV,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;oBACvC,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;wBACvC,KAAK,MAAM,GAAG,IAAI,EAAE,CAAC,gBAAgB,IAAI,EAAE,EAAE,CAAC;4BAC5C,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;gCACvC,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC;gCACxC,IAAI,GAAG,KAAK,UAAU;oCAAE,QAAQ,EAAE,CAAC;qCAC9B,IAAI,GAAG,KAAK,MAAM;oCAAE,IAAI,EAAE,CAAC;qCAC3B,IAAI,GAAG,KAAK,UAAU,IAAI,GAAG,KAAK,QAAQ;oCAAE,MAAM,EAAE,CAAC;;oCACrD,GAAG,EAAE,CAAC;4BACb,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,IAAI,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC;oBACvC,OAAO,CAAC,eAAe,GAAG,QAAQ,CAAC;oBACnC,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;oBAC3B,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC;oBAC/B,OAAO,CAAC,UAAU,GAAG,GAAG,CAAC;oBACzB,OAAO,CAAC,YAAY,GAAG,mBAAmB,CAAC;oBAC3C,OAAO,CAAC,SAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,+DAA+D;gBAC/D,OAAO,CAAC,gBAAiB,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,IAAI,IAAA,mBAAU,EAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,IAAA,YAAG,EAChB,6FAA6F,EAC7F,GAAG,CACJ,CAAC;QACF,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,aAAa,GAAG,aAAa,CAAC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
@@ -0,0 +1,16 @@
1
+ export declare class GatherCache {
2
+ private cacheDir;
3
+ private commitSha;
4
+ private memory;
5
+ constructor(targetRepo: string);
6
+ /**
7
+ * Get cached result or compute and cache it.
8
+ * Checks in-memory first (same process), then file cache (cross-process).
9
+ */
10
+ getOrCompute<T>(toolName: string, compute: () => T): T;
11
+ /** Check if a tool has a cached result. */
12
+ has(toolName: string): boolean;
13
+ /** Remove cached entries for a tool from different commits. */
14
+ private cleanStale;
15
+ }
16
+ //# sourceMappingURL=gather-cache.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gather-cache.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/gather-cache.ts"],"names":[],"mappings":"AAoBA,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,MAAM,CAA8B;gBAEhC,UAAU,EAAE,MAAM;IAK9B;;;OAGG;IACH,YAAY,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC;IAsCtD,2CAA2C;IAC3C,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAO9B,+DAA+D;IAC/D,OAAO,CAAC,UAAU;CAYnB"}
@@ -0,0 +1,126 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
35
+ Object.defineProperty(exports, "__esModule", { value: true });
36
+ exports.GatherCache = void 0;
37
+ /**
38
+ * Gather cache — file-based memoization for tool outputs.
39
+ *
40
+ * Solves: tools running multiple times when user runs health + vulnerabilities + quality.
41
+ * Each tool's output is cached per commitSha in `.ai/cache/` (gitignored).
42
+ *
43
+ * Cache key: {toolName}-{commitSha}.json
44
+ * Invalidation: automatic — if HEAD changes, the commitSha changes, cache misses.
45
+ * Cleanup: stale entries (different commitSha) are deleted on write.
46
+ *
47
+ * Usage:
48
+ * const result = cache.getOrCompute('cloc', cwd, () => gatherClocMetrics(cwd));
49
+ *
50
+ * The cache is optional. Gather functions work without it (backward compatible).
51
+ * Passing a GatherCache instance enables memoization across multiple analyzers.
52
+ */
53
+ const fs = __importStar(require("fs"));
54
+ const path = __importStar(require("path"));
55
+ const runner_1 = require("./runner");
56
+ class GatherCache {
57
+ cacheDir;
58
+ commitSha;
59
+ memory = new Map();
60
+ constructor(targetRepo) {
61
+ this.cacheDir = path.join(targetRepo, '.ai', 'cache');
62
+ this.commitSha = (0, runner_1.run)('git rev-parse --short HEAD 2>/dev/null', targetRepo) || 'unknown';
63
+ }
64
+ /**
65
+ * Get cached result or compute and cache it.
66
+ * Checks in-memory first (same process), then file cache (cross-process).
67
+ */
68
+ getOrCompute(toolName, compute) {
69
+ const key = `${toolName}-${this.commitSha}`;
70
+ // 1. In-memory cache (same process, same session)
71
+ if (this.memory.has(key)) {
72
+ return this.memory.get(key);
73
+ }
74
+ // 2. File cache (cross-process, e.g., health then vulnerabilities)
75
+ const filePath = path.join(this.cacheDir, `${key}.json`);
76
+ try {
77
+ if (fs.existsSync(filePath)) {
78
+ const raw = fs.readFileSync(filePath, 'utf-8');
79
+ const result = JSON.parse(raw);
80
+ this.memory.set(key, result);
81
+ return result;
82
+ }
83
+ }
84
+ catch {
85
+ // Cache read failed — compute fresh
86
+ }
87
+ // 3. Compute, cache, return
88
+ const result = compute();
89
+ this.memory.set(key, result);
90
+ // Write to file cache
91
+ try {
92
+ fs.mkdirSync(this.cacheDir, { recursive: true });
93
+ // Clean stale entries (different commitSha) for this tool
94
+ this.cleanStale(toolName);
95
+ fs.writeFileSync(filePath, JSON.stringify(result));
96
+ }
97
+ catch {
98
+ // Cache write failed — non-fatal
99
+ }
100
+ return result;
101
+ }
102
+ /** Check if a tool has a cached result. */
103
+ has(toolName) {
104
+ const key = `${toolName}-${this.commitSha}`;
105
+ if (this.memory.has(key))
106
+ return true;
107
+ const filePath = path.join(this.cacheDir, `${key}.json`);
108
+ return fs.existsSync(filePath);
109
+ }
110
+ /** Remove cached entries for a tool from different commits. */
111
+ cleanStale(toolName) {
112
+ try {
113
+ const files = fs.readdirSync(this.cacheDir);
114
+ for (const file of files) {
115
+ if (file.startsWith(`${toolName}-`) && !file.includes(this.commitSha)) {
116
+ fs.unlinkSync(path.join(this.cacheDir, file));
117
+ }
118
+ }
119
+ }
120
+ catch {
121
+ // Non-fatal
122
+ }
123
+ }
124
+ }
125
+ exports.GatherCache = GatherCache;
126
+ //# sourceMappingURL=gather-cache.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gather-cache.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gather-cache.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;GAeG;AACH,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA+B;AAE/B,MAAa,WAAW;IACd,QAAQ,CAAS;IACjB,SAAS,CAAS;IAClB,MAAM,GAAG,IAAI,GAAG,EAAmB,CAAC;IAE5C,YAAY,UAAkB;QAC5B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QACtD,IAAI,CAAC,SAAS,GAAG,IAAA,YAAG,EAAC,wCAAwC,EAAE,UAAU,CAAC,IAAI,SAAS,CAAC;IAC1F,CAAC;IAED;;;OAGG;IACH,YAAY,CAAI,QAAgB,EAAE,OAAgB;QAChD,MAAM,GAAG,GAAG,GAAG,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAE5C,kDAAkD;QAClD,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAM,CAAC;QACnC,CAAC;QAED,mEAAmE;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAM,CAAC;gBACpC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAC7B,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QAED,4BAA4B;QAC5B,MAAM,MAAM,GAAG,OAAO,EAAE,CAAC;QACzB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAE7B,sBAAsB;QACtB,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,0DAA0D;YAC1D,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC1B,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2CAA2C;IAC3C,GAAG,CAAC,QAAgB;QAClB,MAAM,GAAG,GAAG,GAAG,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAC5C,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC;QACzD,OAAO,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,+DAA+D;IACvD,UAAU,CAAC,QAAgB;QACjC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;CACF;AAzED,kCAyEC"}
@@ -1 +1 @@
1
- {"version":3,"file":"generic.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAsCzC,qDAAqD;AACrD,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAwMxE"}
1
+ {"version":3,"file":"generic.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAsCzC,qDAAqD;AACrD,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA4KxE"}
@@ -118,31 +118,12 @@ function gatherGenericMetrics(cwd) {
118
118
  const architectureDocsExist = (0, runner_1.fileExists)(cwd, 'ARCHITECTURE.md', 'docs/', 'ADR/', 'adr/');
119
119
  const contributingExists = (0, runner_1.fileExists)(cwd, 'CONTRIBUTING.md');
120
120
  const changelogExists = (0, runner_1.fileExists)(cwd, 'CHANGELOG.md', 'CHANGES.md');
121
- // Security -- grep-based secret detection (Layer 0 fallback, overridden by gitleaks when available)
122
- const secretPatterns = [
123
- { pattern: 'password[[:space:]]*[:=]', rule: 'hardcoded-password' },
124
- { pattern: 'api[_-]?key[[:space:]]*[:=]', rule: 'hardcoded-api-key' },
125
- { pattern: 'secret[[:space:]]*[:=]', rule: 'hardcoded-secret' },
126
- { pattern: 'BEGIN.*PRIVATE KEY', rule: 'private-key-in-source' },
127
- { pattern: 'AKIA[0-9A-Z]{16}', rule: 'aws-access-key' },
128
- { pattern: 'ghp_[a-zA-Z0-9]{36}', rule: 'github-token' },
129
- { pattern: 'sk-ant-[a-zA-Z0-9]', rule: 'anthropic-api-key' },
130
- ];
131
- const secretDetails = [];
132
- for (const sp of secretPatterns) {
133
- const findings = (0, runner_1.run)(`grep -rnE '${sp.pattern}' --include='*.ts' --include='*.js' --include='*.py' --include='*.go' . 2>/dev/null | grep -v node_modules | grep -v dist | grep -v '.d.ts' | head -20`, cwd);
134
- for (const line of findings.split('\n').filter((l) => l.trim())) {
135
- const match = line.match(/^\.\/(.+?):(\d+):/);
136
- if (match) {
137
- secretDetails.push({
138
- file: match[1],
139
- line: parseInt(match[2]),
140
- rule: sp.rule,
141
- severity: sp.rule.includes('private-key') || sp.rule.includes('password') ? 'critical' : 'high',
142
- });
143
- }
144
- }
145
- }
121
+ // Security secret scanning lives entirely under the SECRETS capability
122
+ // (gitleaks, 800+ patterns). The 7-pattern grep fallback that used to
123
+ // live here was deleted in Phase 10e.C.7 along with the legacy
124
+ // `secretFindings` / `secretDetails` fields. When gitleaks is absent
125
+ // the report surfaces that fact through `toolsUnavailable` and the
126
+ // capability envelope is simply absent.
146
127
  const evalCount = parseInt((0, runner_1.run)("grep -rnE '\\beval\\(' --include='*.ts' --include='*.js' --include='*.py' . 2>/dev/null | grep -v node_modules | grep -v dist | wc -l", cwd)) || 0;
147
128
  const privateKeyFiles = (0, runner_1.countLines)(`find . \\( -name "*.key" -o -name "*.pem" \\) ${EXCLUDE} 2>/dev/null`, cwd);
148
129
  const envFilesInGit = (0, runner_1.countLines)('git ls-files .env .env.* 2>/dev/null', cwd);
@@ -176,8 +157,6 @@ function gatherGenericMetrics(cwd) {
176
157
  architectureDocsExist,
177
158
  contributingExists,
178
159
  changelogExists,
179
- secretFindings: secretDetails.length,
180
- secretDetails,
181
160
  evalCount,
182
161
  privateKeyFiles,
183
162
  envFilesInGit,
@@ -190,7 +169,6 @@ function gatherGenericMetrics(cwd) {
190
169
  precommitConfigCount,
191
170
  makefileExists,
192
171
  envExampleExists,
193
- coveragePercent: null,
194
172
  toolsUsed: ['grep', 'find', 'wc', 'git'],
195
173
  toolsUnavailable: [],
196
174
  };
@@ -1 +1 @@
1
- {"version":3,"file":"generic.js","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,oDAwMC;AArPD;;;;GAIG;AACH,uCAAyB;AAEzB,qCAAuD;AACvD,6CAAmD;AAEnD,6EAA6E;AAC7E,2EAA2E;AAC3E,0EAA0E;AAC1E,gFAAgF;AAChF,MAAM,oBAAoB,GAAG,2DAA2D,CAAC;AAEzF,+FAA+F;AAC/F,SAAS,SAAS,CAAC,GAAW,EAAE,OAAe,EAAE,QAAkB;IACjE,MAAM,WAAW,GAAG,mBAAmB,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAC/F,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,IAAA,YAAG,EAChB,cAAc,WAAW,KAAK,YAAY,oBAAoB,oBAAoB,4BAA4B,EAC9G,GAAG,CACJ,CAAC;IACF,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;IACD,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,6EAA6E;AAC7E,sEAAsE;AAEtE,MAAM,WAAW,GACf,qEAAqE;IACrE,qEAAqE,CAAC;AAExE,MAAM,aAAa,GACjB,gEAAgE;IAChE,oEAAoE,CAAC;AAEvE,qDAAqD;AACrD,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,CAAC,CAAC;IAEzC,cAAc;IACd,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,kBAAkB,WAAW,IAAI,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,kBAAkB,aAAa,IAAI,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,IAAA,mBAAU,EAC7B,kBAAkB,WAAW,IAAI,OAAO,qFAAqF,EAC7H,GAAG,CACJ,CAAC;IAEF,wEAAwE;IACxE,MAAM,KAAK,GAAG,IAAA,YAAG,EACf,kBAAkB,WAAW,IAAI,OAAO,mDAAmD,EAC3F,GAAG,EACH,MAAM,CACP,CAAC;IAEF,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,eAAe,GAAG,EAAE,CAAC;IACzB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAE1B,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAC9C,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrB,UAAU,GAAG,KAAK,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,IAAI,KAAK,GAAG,gBAAgB,EAAE,CAAC;oBAC7B,gBAAgB,GAAG,KAAK,CAAC;oBACzB,eAAe,GAAG,IAAI,CAAC;gBACzB,CAAC;gBACD,IAAI,KAAK,GAAG,GAAG;oBAAE,iBAAiB,EAAE,CAAC;YACvC,CAAC;QACH,CAAC;QACD,iDAAiD;QACjD,IAAI,UAAU,KAAK,CAAC,IAAI,gBAAgB,GAAG,CAAC;YAAE,UAAU,GAAG,gBAAgB,CAAC;IAC9E,CAAC;IAED,wEAAwE;IACxE,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,EAAE,4BAA4B,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/F,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,cAAc,GAAG,YAAY,GAAG,YAAY,CAAC;IAErE,2BAA2B;IAC3B,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEhE,gBAAgB;IAChB,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAA,YAAG,EAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9F,MAAM,eAAe,GAAG,IAAA,mBAAU,EAChC,8JAA8J,EAC9J,GAAG,CACJ,CAAC;IACF,MAAM,YAAY,GAAG,IAAA,mBAAU,EAC7B,GAAG,EACH,cAAc,EACd,cAAc,EACd,cAAc,EACd,cAAc,CACf,CAAC;IACF,MAAM,qBAAqB,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1F,MAAM,kBAAkB,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC9D,MAAM,eAAe,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;IAEtE,oGAAoG;IACpG,MAAM,cAAc,GAAG;QACrB,EAAE,OAAO,EAAE,0BAA0B,EAAE,IAAI,EAAE,oBAAoB,EAAE;QACnE,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,mBAAmB,EAAE;QACrE,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,kBAAkB,EAAE;QAC/D,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,uBAAuB,EAAE;QAChE,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,gBAAgB,EAAE;QACvD,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;QACxD,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,mBAAmB,EAAE;KAC7D,CAAC;IAEF,MAAM,aAAa,GAAmC,EAAE,CAAC;IACzD,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAA,YAAG,EAClB,cAAc,EAAE,CAAC,OAAO,wJAAwJ,EAChL,GAAG,CACJ,CAAC;QACF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC9C,IAAI,KAAK,EAAE,CAAC;gBACV,aAAa,CAAC,IAAI,CAAC;oBACjB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;oBACd,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACxB,IAAI,EAAE,EAAE,CAAC,IAAI;oBACb,QAAQ,EACN,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;iBACxF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GACb,QAAQ,CACN,IAAA,YAAG,EACD,uIAAuI,EACvI,GAAG,CACJ,CACF,IAAI,CAAC,CAAC;IAET,MAAM,eAAe,GAAG,IAAA,mBAAU,EAChC,iDAAiD,OAAO,cAAc,EACtE,GAAG,CACJ,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,mBAAU,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAC9E,MAAM,gBAAgB,GACpB,QAAQ,CACN,IAAA,YAAG,EACD,yLAAyL,EACzL,GAAG,CACJ,CACF,IAAI,CAAC,CAAC;IAET,kBAAkB;IAClB,MAAM,WAAW,GAAG,IAAA,mBAAU,EAC5B,8HAA8H,OAAO,cAAc,EACnJ,GAAG,CACJ,CAAC;IACF,MAAM,MAAM,GAAG,IAAA,mBAAU,EACvB,qCAAqC,WAAW,IAAI,OAAO,cAAc,EACzE,GAAG,CACJ,CAAC;IACF,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,kBAAkB,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAE7E,uBAAuB;IACvB,MAAM,aAAa,GAAG,IAAA,mBAAU,EAC9B,oIAAoI,EACpI,GAAG,CACJ,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAA,mBAAU,EAClC,kGAAkG,EAClG,GAAG,CACJ,CAAC;IACF,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,wEAAwE,EACxE,GAAG,CACJ,CAAC;IACF,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAC/E,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,CAAC,CAAC;IAEzF,kBAAkB;IAClB,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,GAAG,EACH,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,YAAY,CACb,CAAC;IAEF,OAAO;QACL,WAAW;QACX,SAAS,EAAE,SAAS,GAAG,YAAY;QACnC,UAAU;QACV,oBAAoB;QACpB,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,eAAe;QACf,YAAY;QACZ,qBAAqB;QACrB,kBAAkB;QAClB,eAAe;QACf,cAAc,EAAE,aAAa,CAAC,MAAM;QACpC,aAAa;QACb,SAAS;QACT,eAAe;QACf,aAAa;QACb,gBAAgB;QAChB,WAAW;QACX,MAAM;QACN,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,oBAAoB;QACpB,cAAc;QACd,gBAAgB;QAChB,eAAe,EAAE,IAAI;QACrB,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;QACxC,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"generic.js","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,oDA4KC;AAzND;;;;GAIG;AACH,uCAAyB;AAEzB,qCAAuD;AACvD,6CAAmD;AAEnD,6EAA6E;AAC7E,2EAA2E;AAC3E,0EAA0E;AAC1E,gFAAgF;AAChF,MAAM,oBAAoB,GAAG,2DAA2D,CAAC;AAEzF,+FAA+F;AAC/F,SAAS,SAAS,CAAC,GAAW,EAAE,OAAe,EAAE,QAAkB;IACjE,MAAM,WAAW,GAAG,mBAAmB,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAC/F,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,IAAA,YAAG,EAChB,cAAc,WAAW,KAAK,YAAY,oBAAoB,oBAAoB,4BAA4B,EAC9G,GAAG,CACJ,CAAC;IACF,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;IACD,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,6EAA6E;AAC7E,sEAAsE;AAEtE,MAAM,WAAW,GACf,qEAAqE;IACrE,qEAAqE,CAAC;AAExE,MAAM,aAAa,GACjB,gEAAgE;IAChE,oEAAoE,CAAC;AAEvE,qDAAqD;AACrD,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,CAAC,CAAC;IAEzC,cAAc;IACd,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,kBAAkB,WAAW,IAAI,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,kBAAkB,aAAa,IAAI,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,IAAA,mBAAU,EAC7B,kBAAkB,WAAW,IAAI,OAAO,qFAAqF,EAC7H,GAAG,CACJ,CAAC;IAEF,wEAAwE;IACxE,MAAM,KAAK,GAAG,IAAA,YAAG,EACf,kBAAkB,WAAW,IAAI,OAAO,mDAAmD,EAC3F,GAAG,EACH,MAAM,CACP,CAAC;IAEF,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,eAAe,GAAG,EAAE,CAAC;IACzB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAE1B,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAC9C,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBACrB,UAAU,GAAG,KAAK,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,IAAI,KAAK,GAAG,gBAAgB,EAAE,CAAC;oBAC7B,gBAAgB,GAAG,KAAK,CAAC;oBACzB,eAAe,GAAG,IAAI,CAAC;gBACzB,CAAC;gBACD,IAAI,KAAK,GAAG,GAAG;oBAAE,iBAAiB,EAAE,CAAC;YACvC,CAAC;QACH,CAAC;QACD,iDAAiD;QACjD,IAAI,UAAU,KAAK,CAAC,IAAI,gBAAgB,GAAG,CAAC;YAAE,UAAU,GAAG,gBAAgB,CAAC;IAC9E,CAAC;IAED,wEAAwE;IACxE,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,EAAE,4BAA4B,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/F,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,cAAc,GAAG,YAAY,GAAG,YAAY,CAAC;IAErE,2BAA2B;IAC3B,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEhE,gBAAgB;IAChB,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAA,YAAG,EAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9F,MAAM,eAAe,GAAG,IAAA,mBAAU,EAChC,8JAA8J,EAC9J,GAAG,CACJ,CAAC;IACF,MAAM,YAAY,GAAG,IAAA,mBAAU,EAC7B,GAAG,EACH,cAAc,EACd,cAAc,EACd,cAAc,EACd,cAAc,CACf,CAAC;IACF,MAAM,qBAAqB,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1F,MAAM,kBAAkB,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IAC9D,MAAM,eAAe,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;IAEtE,yEAAyE;IACzE,sEAAsE;IACtE,+DAA+D;IAC/D,qEAAqE;IACrE,mEAAmE;IACnE,wCAAwC;IACxC,MAAM,SAAS,GACb,QAAQ,CACN,IAAA,YAAG,EACD,uIAAuI,EACvI,GAAG,CACJ,CACF,IAAI,CAAC,CAAC;IAET,MAAM,eAAe,GAAG,IAAA,mBAAU,EAChC,iDAAiD,OAAO,cAAc,EACtE,GAAG,CACJ,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,mBAAU,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAC9E,MAAM,gBAAgB,GACpB,QAAQ,CACN,IAAA,YAAG,EACD,yLAAyL,EACzL,GAAG,CACJ,CACF,IAAI,CAAC,CAAC;IAET,kBAAkB;IAClB,MAAM,WAAW,GAAG,IAAA,mBAAU,EAC5B,8HAA8H,OAAO,cAAc,EACnJ,GAAG,CACJ,CAAC;IACF,MAAM,MAAM,GAAG,IAAA,mBAAU,EACvB,qCAAqC,WAAW,IAAI,OAAO,cAAc,EACzE,GAAG,CACJ,CAAC;IACF,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,kBAAkB,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAE7E,uBAAuB;IACvB,MAAM,aAAa,GAAG,IAAA,mBAAU,EAC9B,oIAAoI,EACpI,GAAG,CACJ,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAA,mBAAU,EAClC,kGAAkG,EAClG,GAAG,CACJ,CAAC;IACF,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,wEAAwE,EACxE,GAAG,CACJ,CAAC;IACF,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IAC/E,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,GAAG,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,CAAC,CAAC;IAEzF,kBAAkB;IAClB,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,GAAG,EACH,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,YAAY,CACb,CAAC;IAEF,OAAO;QACL,WAAW;QACX,SAAS,EAAE,SAAS,GAAG,YAAY;QACnC,UAAU;QACV,oBAAoB;QACpB,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,eAAe;QACf,YAAY;QACZ,qBAAqB;QACrB,kBAAkB;QAClB,eAAe;QACf,SAAS;QACT,eAAe;QACf,aAAa;QACb,gBAAgB;QAChB,WAAW;QACX,MAAM;QACN,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,oBAAoB;QACpB,cAAc;QACd,gBAAgB;QAChB,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;QACxC,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC"}
@@ -1,8 +1,31 @@
1
+ import type { CapabilityProvider } from '../../languages/capabilities/provider';
2
+ import type { SecretsResult } from '../../languages/capabilities/types';
1
3
  /**
2
- * Gitleaks integration -- secret scanning with 800+ patterns.
3
- * Layer 2 (optional): requires `gitleaks` binary.
4
+ * Outcome union used by `gatherGitleaksResult`. The capability provider
5
+ * collapses this to `SecretsResult | null`; the Layer 2 reshape in
6
+ * `tools/parallel.ts` reads `unavailable.reason` so the
7
+ * `toolsUnavailable` strings carry install-missing vs parse-failure
8
+ * detail.
4
9
  */
5
- import { HealthMetrics } from '../types';
6
- /** Gather secret scanning metrics via gitleaks. */
7
- export declare function gatherGitleaksMetrics(cwd: string): Partial<HealthMetrics>;
10
+ export type SecretsGatherOutcome = {
11
+ kind: 'success';
12
+ envelope: SecretsResult;
13
+ suppressedCount: number;
14
+ } | {
15
+ kind: 'unavailable';
16
+ reason: string;
17
+ };
18
+ /**
19
+ * Single source of truth for secret-scanning via gitleaks. Consumed by
20
+ * `gitleaksProvider` (capability dispatcher) and by the Layer 2 legacy
21
+ * reshape in `tools/parallel.ts` — both paths share the memoized
22
+ * per-cwd outcome so gitleaks shells out at most once per analyzer run.
23
+ */
24
+ export declare function gatherGitleaksResult(cwd: string): SecretsGatherOutcome;
25
+ /**
26
+ * Capability-shaped provider. Register in
27
+ * `src/languages/capabilities/global.ts:GLOBAL_CAPABILITIES` so the
28
+ * dispatcher picks it up via `providersFor(SECRETS)`.
29
+ */
30
+ export declare const gitleaksProvider: CapabilityProvider<SecretsResult>;
8
31
  //# sourceMappingURL=gitleaks.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"gitleaks.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAczC,mDAAmD;AACnD,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA4DzE"}
1
+ {"version":3,"file":"gitleaks.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAUvF;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,aAAa,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,GACrE;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAgB5C;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAMtE;AAiED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,EAAE,kBAAkB,CAAC,aAAa,CAM9D,CAAC"}
@@ -1,56 +1,110 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.gatherGitleaksMetrics = gatherGitleaksMetrics;
3
+ exports.gitleaksProvider = void 0;
4
+ exports.gatherGitleaksResult = gatherGitleaksResult;
5
+ /**
6
+ * Gitleaks integration — secret scanning with 800+ patterns.
7
+ *
8
+ * Exposes one gather helper — `gatherGitleaksResult(cwd)` — returning a
9
+ * typed outcome with either a `SecretsResult` envelope or the reason
10
+ * scanning was skipped. Consumed by the capability provider
11
+ * (`gitleaksProvider`) and by the Layer 2 legacy-field reshape path in
12
+ * `tools/parallel.ts`. Memoized per-cwd so both callers share one
13
+ * invocation per analyzer run.
14
+ */
4
15
  const runner_1 = require("./runner");
5
16
  const tool_registry_1 = require("./tool-registry");
6
17
  const exclusions_1 = require("./exclusions");
18
+ const paths_1 = require("./paths");
7
19
  const suppressions_1 = require("./suppressions");
8
- /** Gather secret scanning metrics via gitleaks. */
9
- function gatherGitleaksMetrics(cwd) {
20
+ /**
21
+ * Per-cwd memoization of the gitleaks outcome. Gitleaks is a ~1-5s shell
22
+ * invocation; memoizing ensures the Layer 2 reshape path + the capability
23
+ * dispatcher's `gitleaksProvider` both hit the same computed outcome
24
+ * within one `analyzeHealth` call.
25
+ *
26
+ * Cache is module-scoped and not invalidated automatically — safe for
27
+ * dxkit's one-shot CLI shape (single cwd per process) and for the one
28
+ * analyzer that exercises two paths to the same cwd (parallel.ts +
29
+ * gatherCapabilityReport). Future long-running modes (diff, daemon)
30
+ * that re-analyze the same cwd will need a clear-cache seam here.
31
+ */
32
+ const gitleaksOutcomeCache = new Map();
33
+ /**
34
+ * Single source of truth for secret-scanning via gitleaks. Consumed by
35
+ * `gitleaksProvider` (capability dispatcher) and by the Layer 2 legacy
36
+ * reshape in `tools/parallel.ts` — both paths share the memoized
37
+ * per-cwd outcome so gitleaks shells out at most once per analyzer run.
38
+ */
39
+ function gatherGitleaksResult(cwd) {
40
+ const cached = gitleaksOutcomeCache.get(cwd);
41
+ if (cached)
42
+ return cached;
43
+ const outcome = computeGitleaksOutcome(cwd);
44
+ gitleaksOutcomeCache.set(cwd, outcome);
45
+ return outcome;
46
+ }
47
+ function computeGitleaksOutcome(cwd) {
10
48
  const gitleaksCmd = findGitleaks(cwd);
11
- if (!gitleaksCmd) {
12
- return { toolsUnavailable: ['gitleaks'] };
13
- }
14
- // Run gitleaks with JSON report (--no-git scans files, not git history)
49
+ if (!gitleaksCmd)
50
+ return { kind: 'unavailable', reason: 'not installed' };
51
+ // Run gitleaks with JSON report (--no-git scans files, not git history).
15
52
  const reportPath = `/tmp/dxkit-gitleaks-${Date.now()}.json`;
16
53
  (0, runner_1.run)(`${gitleaksCmd} detect --source '${cwd}' --report-format json --report-path '${reportPath}' --no-git --exit-code 0 2>/dev/null`, cwd, 120000);
17
- // Read report file
18
54
  const reportRaw = (0, runner_1.run)(`cat '${reportPath}' 2>/dev/null`, cwd);
19
- // Clean up
20
55
  (0, runner_1.run)(`rm -f '${reportPath}'`, cwd);
21
- if (!reportRaw) {
22
- return { toolsUnavailable: ['gitleaks (no output)'] };
23
- }
56
+ if (!reportRaw)
57
+ return { kind: 'unavailable', reason: 'no output' };
58
+ let parsed;
24
59
  try {
25
- const findings = JSON.parse(reportRaw);
26
- if (!Array.isArray(findings)) {
27
- return { toolsUsed: ['gitleaks'] };
28
- }
29
- const secretDetails = findings.map((f) => ({
30
- file: f.File.replace(cwd + '/', '').replace(cwd, ''),
31
- line: f.StartLine,
32
- rule: f.RuleID,
33
- severity: f.RuleID.includes('private-key') ? 'critical' : 'high',
34
- }));
35
- // Post-filter using project exclusions. Gitleaks --no-git scans everything
36
- // on disk (ignores .gitignore), so we re-apply the resolved exclusion set
37
- // via the centralized isExcludedPath() predicate.
38
- const filtered = secretDetails.filter((d) => !(0, exclusions_1.isExcludedPath)(cwd, d.file));
39
- // Apply user-defined suppressions from `.dxkit-suppressions.json` so
40
- // known-false positives (test fixtures, approved exceptions) don't count.
41
- const suppressions = (0, suppressions_1.loadSuppressions)(cwd);
42
- const { kept, suppressed } = (0, suppressions_1.applySuppressions)(filtered, suppressions.gitleaks, (d) => d.rule, (d) => d.file);
43
- return {
44
- secretFindings: kept.length,
45
- secretDetails: kept,
46
- secretSuppressed: suppressed.length,
47
- toolsUsed: ['gitleaks'],
48
- };
60
+ parsed = JSON.parse(reportRaw);
49
61
  }
50
62
  catch {
51
- return { toolsUnavailable: ['gitleaks (parse error)'] };
63
+ return { kind: 'unavailable', reason: 'parse error' };
64
+ }
65
+ if (!Array.isArray(parsed)) {
66
+ // gitleaks returned non-array JSON (malformed); treat as zero findings.
67
+ const envelope = {
68
+ schemaVersion: 1,
69
+ tool: 'gitleaks',
70
+ findings: [],
71
+ suppressedCount: 0,
72
+ };
73
+ return { kind: 'success', envelope, suppressedCount: 0 };
52
74
  }
75
+ const raw = parsed.map((f) => ({
76
+ file: (0, paths_1.toProjectRelative)(cwd, f.File),
77
+ line: f.StartLine,
78
+ rule: f.RuleID,
79
+ severity: f.RuleID.includes('private-key') ? 'critical' : 'high',
80
+ title: f.Description,
81
+ }));
82
+ // Gitleaks --no-git scans everything on disk (ignores .gitignore), so
83
+ // we re-apply the resolved exclusion set via isExcludedPath().
84
+ const filtered = raw.filter((d) => !(0, exclusions_1.isExcludedPath)(cwd, d.file));
85
+ // Apply `.dxkit-suppressions.json` so known-false positives don't count.
86
+ const suppressions = (0, suppressions_1.loadSuppressions)(cwd);
87
+ const { kept, suppressed } = (0, suppressions_1.applySuppressions)(filtered, suppressions.gitleaks, (d) => d.rule, (d) => d.file);
88
+ const envelope = {
89
+ schemaVersion: 1,
90
+ tool: 'gitleaks',
91
+ findings: kept,
92
+ suppressedCount: suppressed.length,
93
+ };
94
+ return { kind: 'success', envelope, suppressedCount: suppressed.length };
53
95
  }
96
+ /**
97
+ * Capability-shaped provider. Register in
98
+ * `src/languages/capabilities/global.ts:GLOBAL_CAPABILITIES` so the
99
+ * dispatcher picks it up via `providersFor(SECRETS)`.
100
+ */
101
+ exports.gitleaksProvider = {
102
+ source: 'gitleaks',
103
+ async gather(cwd) {
104
+ const outcome = gatherGitleaksResult(cwd);
105
+ return outcome.kind === 'success' ? outcome.envelope : null;
106
+ },
107
+ };
54
108
  function findGitleaks(cwd) {
55
109
  const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.gitleaks, cwd);
56
110
  return status.available ? status.path : null;
@@ -1 +1 @@
1
- {"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":";;AAmBA,sDA4DC;AA1ED,qCAA+B;AAC/B,mDAAsD;AACtD,6CAA8C;AAC9C,iDAAqE;AAUrE,mDAAmD;AACnD,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,gBAAgB,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;IAC5C,CAAC;IAED,wEAAwE;IACxE,MAAM,UAAU,GAAG,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC5D,IAAA,YAAG,EACD,GAAG,WAAW,qBAAqB,GAAG,yCAAyC,UAAU,sCAAsC,EAC/H,GAAG,EACH,MAAM,CACP,CAAC;IAEF,mBAAmB;IACnB,MAAM,SAAS,GAAG,IAAA,YAAG,EAAC,QAAQ,UAAU,eAAe,EAAE,GAAG,CAAC,CAAC;IAC9D,WAAW;IACX,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,gBAAgB,EAAE,CAAC,sBAAsB,CAAC,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAsB,CAAC;QAC5D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;QACrC,CAAC;QAED,MAAM,aAAa,GAAmC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACzE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;YACpD,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,IAAI,EAAE,CAAC,CAAC,MAAM;YACd,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;SACjE,CAAC,CAAC,CAAC;QAEJ,2EAA2E;QAC3E,0EAA0E;QAC1E,kDAAkD;QAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAE3E,qEAAqE;QACrE,0EAA0E;QAC1E,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,QAAQ,EACR,YAAY,CAAC,QAAQ,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EACb,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CACd,CAAC;QAEF,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,MAAM;YAC3B,aAAa,EAAE,IAAI;YACnB,gBAAgB,EAAE,UAAU,CAAC,MAAM;YACnC,SAAS,EAAE,CAAC,UAAU,CAAC;SACxB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,gBAAgB,EAAE,CAAC,wBAAwB,CAAC,EAAE,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC"}
1
+ {"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":";;;AAyDA,oDAMC;AA/DD;;;;;;;;;GASG;AACH,qCAA+B;AAC/B,mDAAsD;AACtD,6CAA8C;AAC9C,mCAA4C;AAC5C,iDAAqE;AAuBrE;;;;;;;;;;;GAWG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAgC,CAAC;AAErE;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC5C,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAE1E,yEAAyE;IACzE,MAAM,UAAU,GAAG,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC5D,IAAA,YAAG,EACD,GAAG,WAAW,qBAAqB,GAAG,yCAAyC,UAAU,sCAAsC,EAC/H,GAAG,EACH,MAAM,CACP,CAAC;IACF,MAAM,SAAS,GAAG,IAAA,YAAG,EAAC,QAAQ,UAAU,eAAe,EAAE,GAAG,CAAC,CAAC;IAC9D,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAEpE,IAAI,MAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAsB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,wEAAwE;QACxE,MAAM,QAAQ,GAAkB;YAC9B,aAAa,EAAE,CAAC;YAChB,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,EAAE;YACZ,eAAe,EAAE,CAAC;SACnB,CAAC;QACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;IAC3D,CAAC;IAED,MAAM,GAAG,GAAoB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9C,IAAI,EAAE,IAAA,yBAAiB,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,SAAS;QACjB,IAAI,EAAE,CAAC,CAAC,MAAM;QACd,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;QAChE,KAAK,EAAE,CAAC,CAAC,WAAW;KACrB,CAAC,CAAC,CAAC;IAEJ,sEAAsE;IACtE,+DAA+D;IAC/D,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEjE,yEAAyE;IACzE,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,QAAQ,EACR,YAAY,CAAC,QAAQ,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EACb,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CACd,CAAC;IAEF,MAAM,QAAQ,GAAkB;QAC9B,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,IAAI;QACd,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC;IACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;AAC3E,CAAC;AAED;;;;GAIG;AACU,QAAA,gBAAgB,GAAsC;IACjE,MAAM,EAAE,UAAU;IAClB,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC;AAEF,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC"}
@@ -0,0 +1,8 @@
1
+ /**
2
+ * Go tool runner — golangci-lint, govulncheck.
3
+ * Layer 1: language-specific tools for Go projects.
4
+ */
5
+ import { HealthMetrics } from '../types';
6
+ /** Gather Go-specific metrics. */
7
+ export declare function gatherGoMetrics(cwd: string): Partial<HealthMetrics>;
8
+ //# sourceMappingURL=go.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"go.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/go.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAazC,kCAAkC;AAClC,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAwEnE"}