@vyuhlabs/dxkit 2.13.3 → 2.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +66 -0
- package/README.md +85 -58
- package/dist/analyzers/cache.d.ts +9 -0
- package/dist/analyzers/cache.d.ts.map +1 -1
- package/dist/analyzers/cache.js +27 -15
- package/dist/analyzers/cache.js.map +1 -1
- package/dist/analyzers/health.d.ts +19 -0
- package/dist/analyzers/health.d.ts.map +1 -1
- package/dist/analyzers/health.js +72 -26
- package/dist/analyzers/health.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +9 -0
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/analyzers/tests/types.js +34 -0
- package/dist/analyzers/tests/types.js.map +1 -1
- package/dist/analyzers/tools/parallel.d.ts +2 -1
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +38 -24
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/semgrep.d.ts +15 -1
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +49 -3
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/baseline/changed-files.d.ts +12 -0
- package/dist/baseline/changed-files.d.ts.map +1 -0
- package/dist/baseline/changed-files.js +100 -0
- package/dist/baseline/changed-files.js.map +1 -0
- package/dist/baseline/check.d.ts +30 -0
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +71 -4
- package/dist/baseline/check.js.map +1 -1
- package/dist/baseline/create.d.ts +10 -0
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +19 -15
- package/dist/baseline/create.js.map +1 -1
- package/dist/baseline/gather-scope.d.ts +116 -0
- package/dist/baseline/gather-scope.d.ts.map +1 -0
- package/dist/baseline/gather-scope.js +105 -0
- package/dist/baseline/gather-scope.js.map +1 -0
- package/dist/baseline/ref-baseline.d.ts +17 -2
- package/dist/baseline/ref-baseline.d.ts.map +1 -1
- package/dist/baseline/ref-baseline.js +27 -4
- package/dist/baseline/ref-baseline.js.map +1 -1
- package/dist/baseline/scoped-inputs.d.ts +21 -0
- package/dist/baseline/scoped-inputs.d.ts.map +1 -0
- package/dist/baseline/scoped-inputs.js +53 -0
- package/dist/baseline/scoped-inputs.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +7 -2
- package/dist/cli.js.map +1 -1
- package/dist/loop/stop-gate.d.ts.map +1 -1
- package/dist/loop/stop-gate.js +12 -1
- package/dist/loop/stop-gate.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.computeChangedFiles = computeChangedFiles;
|
|
37
|
+
/**
|
|
38
|
+
* Changed-file computation for incremental scanning (opt 3).
|
|
39
|
+
*
|
|
40
|
+
* The loop guardrail blocks only on NET-NEW findings, and the scanners it
|
|
41
|
+
* file-scopes (semgrep) are intraprocedural — every finding is local to a
|
|
42
|
+
* single file. So a net-new finding can only live in a file the working
|
|
43
|
+
* tree changed relative to the comparison base. Scanning just those files
|
|
44
|
+
* catches every net-new finding while skipping the unchanged majority.
|
|
45
|
+
*
|
|
46
|
+
* # Safety: this set MUST be COMPLETE or fail safe
|
|
47
|
+
*
|
|
48
|
+
* If this under-reports the changed set, the gather would skip a file that
|
|
49
|
+
* actually changed and miss a real net-new finding — a false negative in a
|
|
50
|
+
* safety gate. So the contract is: return the COMPLETE set of files that
|
|
51
|
+
* differ from the base (tracked edits + staged + untracked), or `null` on
|
|
52
|
+
* ANY uncertainty (base unreachable, not a git repo, git error). A `null`
|
|
53
|
+
* tells the caller to fall back to a FULL scan — the safe default. Never
|
|
54
|
+
* return a partial set on error.
|
|
55
|
+
*/
|
|
56
|
+
const child_process_1 = require("child_process");
|
|
57
|
+
const fs_1 = require("fs");
|
|
58
|
+
const path = __importStar(require("path"));
|
|
59
|
+
/** Best-effort git stdout as lines; throws are surfaced to the caller so
|
|
60
|
+
* it can fail safe. `args` is fixed + caller-controlled (no shell). */
|
|
61
|
+
function gitLines(cwd, args) {
|
|
62
|
+
const out = (0, child_process_1.execFileSync)('git', args, {
|
|
63
|
+
cwd,
|
|
64
|
+
encoding: 'utf8',
|
|
65
|
+
stdio: ['ignore', 'pipe', 'ignore'],
|
|
66
|
+
maxBuffer: 64 * 1024 * 1024,
|
|
67
|
+
});
|
|
68
|
+
return out
|
|
69
|
+
.split('\n')
|
|
70
|
+
.map((s) => s.trim())
|
|
71
|
+
.filter(Boolean);
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* The complete set of project-relative files that differ from `baseSha` in
|
|
75
|
+
* the working tree — tracked modifications/additions (staged + unstaged)
|
|
76
|
+
* plus untracked files — restricted to files that still exist on disk (a
|
|
77
|
+
* deleted file has no current content to scan).
|
|
78
|
+
*
|
|
79
|
+
* Returns `null` when the set cannot be computed completely (base
|
|
80
|
+
* unreachable, not a git repo, any git failure). The caller MUST treat
|
|
81
|
+
* `null` as "scan everything" — never as "nothing changed".
|
|
82
|
+
*/
|
|
83
|
+
function computeChangedFiles(cwd, baseSha) {
|
|
84
|
+
if (!baseSha)
|
|
85
|
+
return null;
|
|
86
|
+
try {
|
|
87
|
+
// `git diff --name-only <base>` compares base → working tree, covering
|
|
88
|
+
// both staged and unstaged changes to tracked files (and additions).
|
|
89
|
+
const tracked = gitLines(cwd, ['diff', '--name-only', baseSha, '--']);
|
|
90
|
+
// Untracked, not-ignored files — these are new and unseen by the base.
|
|
91
|
+
const untracked = gitLines(cwd, ['ls-files', '--others', '--exclude-standard']);
|
|
92
|
+
const all = new Set([...tracked, ...untracked]);
|
|
93
|
+
// Keep only files that exist on disk now (drop deletions / renames-away).
|
|
94
|
+
return [...all].filter((rel) => (0, fs_1.existsSync)(path.join(cwd, rel)));
|
|
95
|
+
}
|
|
96
|
+
catch {
|
|
97
|
+
return null; // any failure → full scan (safe default)
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
//# sourceMappingURL=changed-files.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"changed-files.js","sourceRoot":"","sources":["../../src/baseline/changed-files.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDA,kDAcC;AA9DD;;;;;;;;;;;;;;;;;;GAkBG;AACH,iDAA6C;AAC7C,2BAAgC;AAChC,2CAA6B;AAE7B;wEACwE;AACxE,SAAS,QAAQ,CAAC,GAAW,EAAE,IAAc;IAC3C,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,IAAI,EAAE;QACpC,GAAG;QACH,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;QACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;KAC5B,CAAC,CAAC;IACH,OAAO,GAAG;SACP,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,mBAAmB,CAAC,GAAW,EAAE,OAAe;IAC9D,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC;QACH,uEAAuE;QACvE,qEAAqE;QACrE,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QACtE,uEAAuE;QACvE,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,oBAAoB,CAAC,CAAC,CAAC;QAChF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,OAAO,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC;QACxD,0EAA0E;QAC1E,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,yCAAyC;IACxD,CAAC;AACH,CAAC"}
|
package/dist/baseline/check.d.ts
CHANGED
|
@@ -40,6 +40,7 @@ import type { BaselineFile } from './baseline-file';
|
|
|
40
40
|
import type { CoverageDrift } from './coverage';
|
|
41
41
|
import type { ResolvedMode } from './modes';
|
|
42
42
|
import type { BrownfieldPolicy, ClassifyResult } from './policy';
|
|
43
|
+
import { type GatherScope } from './gather-scope';
|
|
43
44
|
import type { BaselineEntry, FindingSeverity, MatchPair, MatchResult } from './types';
|
|
44
45
|
import { type AllowlistDelta } from '../allowlist/diff';
|
|
45
46
|
import type { AllowlistFile } from '../allowlist/file';
|
|
@@ -85,6 +86,35 @@ export interface RunGuardrailCheckOptions {
|
|
|
85
86
|
/** Explicit CLI flag value for the ref (`--ref=<R>`). Only
|
|
86
87
|
* consulted when the resolved mode is `ref-based`. */
|
|
87
88
|
readonly cliRef?: string;
|
|
89
|
+
/**
|
|
90
|
+
* Restrict both sides of the gather to the analyzers a scope needs.
|
|
91
|
+
* Defaults to `FULL_SCOPE`, so CI / `baseline check` gather everything
|
|
92
|
+
* and still render every warning. The loop Stop-gate passes a
|
|
93
|
+
* policy-derived scope (`scopeForPolicy`) so a `security-only` posture
|
|
94
|
+
* skips the analyzers it can never block on. Both the current side and
|
|
95
|
+
* the ref side are scoped identically so the cross-run diff stays
|
|
96
|
+
* balanced. Opt-in by construction: only callers that pass a scope
|
|
97
|
+
* change what is gathered.
|
|
98
|
+
*/
|
|
99
|
+
readonly scope?: GatherScope;
|
|
100
|
+
/**
|
|
101
|
+
* Incremental scanning (opt 3): when true, semgrep scans only files that
|
|
102
|
+
* changed vs the comparison base, instead of the whole tree. Sound for a
|
|
103
|
+
* net-new gate (semgrep is intraprocedural — a net-new code finding only
|
|
104
|
+
* appears in a changed file). Scope by mode:
|
|
105
|
+
* - committed: only the CURRENT side is scoped (the prior side is the
|
|
106
|
+
* on-disk, already-full baseline), against the baseline's commit.
|
|
107
|
+
* - ref-based: the changed set is fully computable (`diff(ref, HEAD)`),
|
|
108
|
+
* so BOTH the ref side and the current side are scoped to the SAME
|
|
109
|
+
* set, keeping the cross-run diff symmetric. This makes a ref-based
|
|
110
|
+
* guardrail (CI, pre-push, the hosted PR gate) scale with PR size
|
|
111
|
+
* rather than repo size.
|
|
112
|
+
* Falls back to a full scan when the changed set can't be computed
|
|
113
|
+
* completely. Opt-in: the loop Stop-gate sets it, and `guardrail check
|
|
114
|
+
* --incremental` exposes it on the CLI; otherwise it stays false so the
|
|
115
|
+
* full report is unaffected.
|
|
116
|
+
*/
|
|
117
|
+
readonly incremental?: boolean;
|
|
88
118
|
}
|
|
89
119
|
/**
|
|
90
120
|
* Per-pair entry the CLI renderers consume. Carries the raw
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAO5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAO5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAKhD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAElF,OAAO,EAAE,KAAK,WAAW,EAA8B,MAAM,gBAAgB,CAAC;AAG9E,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAGjG,OAAO,EAAyB,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE/E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAEjE,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;2DAEuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;gBAEY;IACZ,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;0CAKsC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B;;;;;uEAKmE;IACnE,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC;IACnC,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;8CAE0C;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC;;oBAEgB;IAChB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC;2DACuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;;OASG;IACH,QAAQ,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC;IAC7B;;;;;;;;;;;;;;;;OAgBG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;uBAKmB;IACnB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IACxC;;;;;yEAKqE;IACrE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,oBAAoB,CAAC;CACvD;AAED;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,6DAA6D;IAC7D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7C,CAAC,CAAC;IACH;;;;kDAI8C;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,oBAAoB;IACnC;;uDAEmD;IACnD,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;;uCAEmC;IACnC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;+BAC2B;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB;sCACkC;IAClC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;;;;yDAIqD;IACrD,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;;;;;;;;mEAQ+D;IAC/D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;KAC/B,CAAC,CAAC;CACJ;AAkCD;;;;;;;;;;;;GAYG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,SAAS;IAAE,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;CAAE,EACzF,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,EAC/B,eAAe,EAAE,aAAa,CAAC,CAAC,CAAC,EACjC,UAAU,EAAE,OAAO,GAClB;IACD,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAChC,eAAe,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IAClC,gBAAgB,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;CAC5D,CAoBA;AAwBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,oBAAoB,CAAC,CAuP/B;AA8KD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,aAAa,EACxB,WAAW,EAAE,aAAa,EAC1B,GAAG,EAAE,IAAI,GACR,oBAAoB,GAAG,SAAS,CAYlC"}
|
package/dist/baseline/check.js
CHANGED
|
@@ -84,6 +84,8 @@ const git_aware_match_1 = require("./git-aware-match");
|
|
|
84
84
|
const modes_1 = require("./modes");
|
|
85
85
|
const policy_1 = require("./policy");
|
|
86
86
|
const ref_baseline_1 = require("./ref-baseline");
|
|
87
|
+
const gather_scope_1 = require("./gather-scope");
|
|
88
|
+
const changed_files_1 = require("./changed-files");
|
|
87
89
|
const sanitize_1 = require("./sanitize");
|
|
88
90
|
const types_1 = require("./types");
|
|
89
91
|
const diff_1 = require("../allowlist/diff");
|
|
@@ -100,10 +102,24 @@ const file_1 = require("../allowlist/file");
|
|
|
100
102
|
* differed only here (duplication 15→0, test-gap 44→12). Excluded from
|
|
101
103
|
* both sides in ref-based mode; committed-full (which captures them once
|
|
102
104
|
* from a fully-provisioned tree) is the mode that gates them. (D-G4.)
|
|
105
|
+
*
|
|
106
|
+
* `secret-hmac` joins them for a different reason: it is an internal,
|
|
107
|
+
* locator-less companion to each located `secret`, identified by a
|
|
108
|
+
* salt-based HMAC of the secret value. The salt resolves from
|
|
109
|
+
* `.dxkit/salt` / `DXKIT_BASELINE_SALT` / root-SHA, and on a fresh or
|
|
110
|
+
* shallow checkout the two sides can derive different salts (the ref
|
|
111
|
+
* worktree and the working tree need not share the salt source), so the
|
|
112
|
+
* HMACs don't match across the diff and every companion reads as net-new —
|
|
113
|
+
* a FALSE block, even though the located `secret` twins match fine. The
|
|
114
|
+
* located `secret` kind still gates net-new credentials; the companion
|
|
115
|
+
* exists only for cross-file relocation matching, which a committed salt
|
|
116
|
+
* provides and ref-based does not. So it is matcher-assist only here and is
|
|
117
|
+
* excluded from the ref-based diff.
|
|
103
118
|
*/
|
|
104
119
|
const REF_UNRELIABLE_KINDS = new Set([
|
|
105
120
|
'duplication',
|
|
106
121
|
'test-gap',
|
|
122
|
+
'secret-hmac',
|
|
107
123
|
]);
|
|
108
124
|
/**
|
|
109
125
|
* Apply the ref-based-mode kind exclusion to both sides of the diff.
|
|
@@ -177,12 +193,31 @@ async function runGuardrailCheck(options) {
|
|
|
177
193
|
policyMode: policy.baseline?.mode,
|
|
178
194
|
policyRef: policy.baseline?.ref,
|
|
179
195
|
});
|
|
196
|
+
// Incremental scanning in ref-based mode: the changed set is the diff of
|
|
197
|
+
// the ref against the working HEAD, known upfront from `mode.ref`. We scope
|
|
198
|
+
// BOTH the ref side and the current side to this same set so the cross-run
|
|
199
|
+
// diff stays symmetric (sound for the net-new gate — semgrep is
|
|
200
|
+
// intraprocedural). `computeChangedFiles` returns null on any uncertainty,
|
|
201
|
+
// which maps to `undefined` here, i.e. a full scan (the safe default).
|
|
202
|
+
const refIncrementalFiles = options.incremental && mode.mode === 'ref-based' && mode.ref
|
|
203
|
+
? ((0, changed_files_1.computeChangedFiles)(cwd, mode.ref) ?? undefined)
|
|
204
|
+
: undefined;
|
|
205
|
+
// Gather scope. Incremental mode mirrors the loop Stop-gate's fast path: it
|
|
206
|
+
// scopes the gather to the analyzers the policy can actually block on
|
|
207
|
+
// (opt 1, via the shared `scopeForPolicy`) IN ADDITION to the changed-files
|
|
208
|
+
// semgrep scoping (opt 3) — the dominant speed win is skipping the analyzers
|
|
209
|
+
// a `security-only` posture can never block on (lint, coverage, jscpd,
|
|
210
|
+
// structural, licenses). An explicit `options.scope` still wins; default
|
|
211
|
+
// (non-incremental) callers stay on FULL_SCOPE so their full report and
|
|
212
|
+
// every warning are unaffected. Both sides use the SAME scope so the
|
|
213
|
+
// cross-run diff stays balanced.
|
|
214
|
+
const gatherScope = options.scope ?? (options.incremental ? (0, gather_scope_1.scopeForPolicy)(policy) : gather_scope_1.FULL_SCOPE);
|
|
180
215
|
// Load the prior side. Committed modes read from the baseline
|
|
181
216
|
// file on disk; ref-based mode recomputes prior state by checking
|
|
182
217
|
// out a git ref into a temporary worktree. Both paths produce a
|
|
183
218
|
// `BaselineFile`-shaped value so the matcher / classifier
|
|
184
219
|
// downstream stay mode-agnostic.
|
|
185
|
-
const { baseline, baselinePath } = await loadPriorSide(cwd, mode, options);
|
|
220
|
+
const { baseline, baselinePath } = await loadPriorSide(cwd, mode, options, refIncrementalFiles, gatherScope);
|
|
186
221
|
// A committed baseline minted under an older identity scheme cannot be
|
|
187
222
|
// meaningfully diffed against the current one — every finding's id
|
|
188
223
|
// changed, so the matcher would report all pre-existing findings as
|
|
@@ -200,7 +235,27 @@ async function runGuardrailCheck(options) {
|
|
|
200
235
|
`automatically, or \`vyuh-dxkit baseline create --force\` to re-anchor manually.`);
|
|
201
236
|
}
|
|
202
237
|
}
|
|
203
|
-
const
|
|
238
|
+
const scope = gatherScope;
|
|
239
|
+
// Incremental scanning: scope the current side's semgrep to changed files.
|
|
240
|
+
// `computeChangedFiles` returns null when it can't enumerate the changed
|
|
241
|
+
// set completely (base unreachable, git error) — that maps to `undefined`
|
|
242
|
+
// here, i.e. a full scan (the safe default).
|
|
243
|
+
// - ref-based: reuse the set already computed from `mode.ref` above; the
|
|
244
|
+
// ref/baseline side was scoped to the SAME set, keeping the diff
|
|
245
|
+
// symmetric.
|
|
246
|
+
// - committed: the prior side is the on-disk (full) baseline, so only the
|
|
247
|
+
// current side is scoped, against the baseline's commit.
|
|
248
|
+
const incrementalFiles = mode.mode === 'ref-based'
|
|
249
|
+
? refIncrementalFiles
|
|
250
|
+
: options.incremental && baseline.repo.commitSha
|
|
251
|
+
? ((0, changed_files_1.computeChangedFiles)(cwd, baseline.repo.commitSha) ?? undefined)
|
|
252
|
+
: undefined;
|
|
253
|
+
const current = await (0, create_1.gatherCurrentScan)({
|
|
254
|
+
cwd,
|
|
255
|
+
verbose: options.verbose,
|
|
256
|
+
scope,
|
|
257
|
+
incrementalFiles,
|
|
258
|
+
});
|
|
204
259
|
// In ref-based mode the prior side came from a detached worktree that
|
|
205
260
|
// can't gather the build-artifact-dependent kinds; drop them from both
|
|
206
261
|
// sides so the diff stays symmetric (see partitionForRefBasedDiff).
|
|
@@ -618,7 +673,7 @@ function readChangedLineSet(cwd, baseSha, headSha, file) {
|
|
|
618
673
|
* the matcher needs to compute git-aware diffs + envelope drift
|
|
619
674
|
* against the current scan.
|
|
620
675
|
*/
|
|
621
|
-
async function loadPriorSide(cwd, mode, options) {
|
|
676
|
+
async function loadPriorSide(cwd, mode, options, incrementalFiles, scope = gather_scope_1.FULL_SCOPE) {
|
|
622
677
|
if (mode.mode !== 'ref-based') {
|
|
623
678
|
const baselinePath = options.baselinePath ?? (0, baseline_file_1.pathForBaseline)(cwd, options.name ?? baseline_file_1.DEFAULT_BASELINE_NAME);
|
|
624
679
|
if (!fs.existsSync(baselinePath)) {
|
|
@@ -632,7 +687,19 @@ async function loadPriorSide(cwd, mode, options) {
|
|
|
632
687
|
// mode. A missing ref here would be a programming error.
|
|
633
688
|
throw new Error('ref-based baseline mode requires a resolved ref; got undefined.');
|
|
634
689
|
}
|
|
635
|
-
const refScan = await (0, ref_baseline_1.gatherFromRef)({
|
|
690
|
+
const refScan = await (0, ref_baseline_1.gatherFromRef)({
|
|
691
|
+
cwd,
|
|
692
|
+
ref: mode.ref,
|
|
693
|
+
verbose: options.verbose,
|
|
694
|
+
// Same policy-derived scope as the current side (opt 1), so the cross-run
|
|
695
|
+
// diff stays balanced and the ref side skips the same non-blockable
|
|
696
|
+
// analyzers.
|
|
697
|
+
scope,
|
|
698
|
+
// Symmetric incremental scoping: when the caller scoped the current side
|
|
699
|
+
// to the changed files, scope the ref side to the SAME set (see the
|
|
700
|
+
// `refIncrementalFiles` computation in `runGuardrailCheck`).
|
|
701
|
+
incrementalFiles,
|
|
702
|
+
});
|
|
636
703
|
const baseline = {
|
|
637
704
|
schemaVersion: baseline_file_1.BASELINE_SCHEMA_VERSION,
|
|
638
705
|
name: options.name ?? baseline_file_1.DEFAULT_BASELINE_NAME,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0NH,4DA4BC;AA6BD,8CAwMC;AAiMD,0DAgBC;AA1qBD,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA6C;AAE7C,mDAKyB;AAEzB,yCAA0C;AAE1C,yDAAsD;AACtD,uDAAkD;AAElD,mCAA8C;AAE9C,qCAAmD;AAEnD,iDAA+C;AAC/C,yCAAyC;AAEzC,mCAAkD;AAElD,4CAA+E;AAC/E,4CAA4E;AA8J5E;;;;;;;;;;;;GAYG;AACH,MAAM,oBAAoB,GAAuC,IAAI,GAAG,CAAC;IACvE,aAAa;IACb,UAAU;CACX,CAAC,CAAC;AAEH;;;;;;;;;;;;GAYG;AACH,SAAgB,wBAAwB,CACtC,aAA+B,EAC/B,eAAiC,EACjC,UAAmB;IAMnB,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,aAAa,EAAE,aAAa;YAC5B,eAAe,EAAE,eAAe;YAChC,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAI,EAAW,EAAE,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAG,CAAC,GAAG,oBAAoB,CAAC;SAC/C,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;QACJ,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,MAAM;KACpE,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;IACrC,OAAO;QACL,aAAa,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC;QACzC,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC;QAC7C,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,QAAQ;IACrB,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,QAAQ;IACpB,OAAO,EAAE,KAAK;IACd,uBAAuB,EAAE,QAAQ;IACjC,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,MAAM;IACrB,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,QAAQ;IACR,aAAa,EAAE,KAAK;CACrB,CAAC,CAAC;AAEL;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,+DAA+D;IAC/D,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,sBAAa,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACxE,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,IAAA,2BAAmB,EAAC;YAClB,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;YACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;SAChC,CAAC,CAAC;IAEL,8DAA8D;IAC9D,kEAAkE;IAClE,gEAAgE;IAChE,0DAA0D;IAC1D,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAE3E,uEAAuE;IACvE,mEAAmE;IACnE,oEAAoE;IACpE,qEAAqE;IACrE,yEAAyE;IACzE,yEAAyE;IACzE,6CAA6C;IAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,cAAc,GAAG,QAAQ,CAAC,cAAc,IAAI,IAAI,CAAC;QACvD,IAAI,cAAc,KAAK,+BAAuB,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,CAAC,IAAI,+CAA+C;gBACvE,GAAG,cAAc,0BAA0B,+BAAuB,iBAAiB;gBACnF,oFAAoF;gBACpF,oFAAoF;gBACpF,iFAAiF,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAiB,EAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAE3E,sEAAsE;IACtE,uEAAuE;IACvE,oEAAoE;IACpE,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,GAAG,wBAAwB,CACnF,QAAQ,CAAC,QAAQ,EACjB,OAAO,CAAC,QAAQ,EAChB,IAAI,CAAC,IAAI,KAAK,WAAW,CAC1B,CAAC;IAEF,MAAM,YAAY,GAAmC,IAAA,mCAAgB,EAAC,aAAa,CAAC,CAAC;IACrF,MAAM,cAAc,GAAmC,IAAA,mCAAgB,EAAC,eAAe,CAAC,CAAC;IAEzF,+DAA+D;IAC/D,kEAAkE;IAClE,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAA,+BAAa,EAAC,YAAY,EAAE,cAAc,EAAE;QAC9D,GAAG;QACH,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM;QAC1C,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEvD,gDAAgD;IAChD,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,kDAAkD;IAClD,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;IACxC,MAAM,eAAe,GAAG,CAAC,IAAY,EAA2B,EAAE;QAChE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC3C,IAAI,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,mEAAmE;IACnE,qEAAqE;IACrE,qEAAqE;IACrE,oEAAoE;IACpE,+CAA+C;IAC/C,MAAM,SAAS,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,QAAQ,GACZ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,qBAAqB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,oBAAoB,GACxB,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,qBAAqB,GACzB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/F,MAAM,aAAa,GACjB,IAAI,CAAC,MAAM,KAAK,OAAO;YACvB,CAAC,aAAa,CAAC,iBAAiB;gBAC9B,aAAa,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,OAAO,GAAoB;YAC/B,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;QAEF,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEvD,kEAAkE;QAClE,kEAAkE;QAClE,+DAA+D;QAC/D,mEAAmE;QACnE,oEAAoE;QACpE,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,IAAI,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,WAAW,EAAE,GAAG,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,IAAI,qBAAqB,KAAK,SAAS,CAAC;QACrF,IAAI,eAAe;YAAE,MAAM,GAAG,IAAI,CAAC;QACnC,IAAI,cAAc,CAAC,KAAK;YAAE,KAAK,GAAG,IAAI,CAAC;QAEvC,eAAe,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,cAAc;YACd,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,qBAAqB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;QACvC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,eAAe,CAAC;IAEpB,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,gDAAgD;IAChD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,cAAc,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK;YAAE,aAAa,GAAG,IAAI,CAAC;IACnD,CAAC;IAED,4DAA4D;IAC5D,6DAA6D;IAC7D,+DAA+D;IAC/D,gEAAgE;IAChE,uDAAuD;IACvD,MAAM,cAAc,GAAmB,IAAA,4BAAqB,EAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE3F,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,QAAQ;QACR,OAAO;QACP,WAAW;QACX,KAAK,EAAE,aAAa;QACpB,aAAa;QACb,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK;QAClD,cAAc;QACd,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,iEAAiE;AACjE,kDAAkD;AAElD,SAAS,SAAS,CAAC,OAAqC;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,SAA4B;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,SAA4B;IAE5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,SAAS,CAAC;IACrE,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,QAAQ;QAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,YAAY;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,UAAU;QAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,OAAO;QAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,WAAW,EAAE,kEAAkE;QACvF,UAAU,EAAE,QAAQ;QACpB,aAAa,EAAE,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAA2B,EAC3B,WAAkF,EAClF,KAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB,EAAE,OAAoB;IACjE,MAAM,gBAAgB,GAIjB,EAAE,CAAC;IACR,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/F,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,KAAK,OAAO,CAAC,YAAY,CAAC,aAAa;QAC5F,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,YAAY;QACzF,gBAAgB;QAChB,aAAa,EAAE,IAAA,uBAAY,EAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,UAAU,CAAC;QAChB,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,KAAK,UAAU,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,UAAU,CAAC;QAC1B,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH;;;;;;GAMG;AACH,SAAS,UAAU,CAAC,CAAiB;IACnC,OAAO,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,qBAAqB,KAAK,SAAS,CAAC;AAC1E,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,uBAAuB,CACrC,SAAwB,EACxB,WAA0B,EAC1B,GAAS;IAET,KAAK,MAAM,EAAE,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI;YAAE,SAAS;QACxD,IAAI,CAAC,IAAA,oBAAa,EAAC,KAAK,EAAE,GAAG,CAAC;YAAE,SAAS;QACzC,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,KAAoB;IACjD,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC1C,IACE,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC;QAC7E,KAAK,CAAC,oBAAoB;QAC1B,KAAK,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,EACrC,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,oBAAoB,CAAC,CAAiB;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,SAAS,GACb,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,OAAO;QACnC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,eAAe;QAC3C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,cAAc;QAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC;IAC/C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,CAAC,oBAAoB,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CACzB,GAAW,EACX,OAAe,EACf,OAAe,EACf,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,4BAAY,EACjB,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EACrF,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAC3D,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,IAAkB,EAClB,OAAiC;IAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAA,+BAAe,EAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC,CAAC;QACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,YAAY,IAAI;gBAC1C,oEAAoE,CACvE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAA,gCAAgB,EAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAa,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB;QAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,OAAO,CAAC,SAAS;QACvB,QAAQ,EAAE,OAAO,CAAC,YAAY;QAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,cAAc,EAAE,+BAAuB;QACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuQH,4DA4BC;AA6BD,8CAyPC;AAiMD,0DAgBC;AAxwBD,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA6C;AAE7C,mDAKyB;AAEzB,yCAA0C;AAE1C,yDAAsD;AACtD,uDAAkD;AAElD,mCAA8C;AAE9C,qCAAmD;AAEnD,iDAA+C;AAC/C,iDAA8E;AAC9E,mDAAsD;AACtD,yCAAyC;AAEzC,mCAAkD;AAElD,4CAA+E;AAC/E,4CAA4E;AA2L5E;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,oBAAoB,GAAuC,IAAI,GAAG,CAAC;IACvE,aAAa;IACb,UAAU;IACV,aAAa;CACd,CAAC,CAAC;AAEH;;;;;;;;;;;;GAYG;AACH,SAAgB,wBAAwB,CACtC,aAA+B,EAC/B,eAAiC,EACjC,UAAmB;IAMnB,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,aAAa,EAAE,aAAa;YAC5B,eAAe,EAAE,eAAe;YAChC,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAI,EAAW,EAAE,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,gBAAgB,GAAG,CAAC,GAAG,oBAAoB,CAAC;SAC/C,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;QACJ,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,MAAM;KACpE,CAAC,CAAC;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;IACrC,OAAO;QACL,aAAa,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC;QACzC,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC;QAC7C,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,QAAQ;IACrB,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,QAAQ;IACpB,OAAO,EAAE,KAAK;IACd,uBAAuB,EAAE,QAAQ;IACjC,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,MAAM;IACrB,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,QAAQ;IACR,aAAa,EAAE,KAAK;CACrB,CAAC,CAAC;AAEL;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,+DAA+D;IAC/D,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,sBAAa,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACxE,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,IAAA,2BAAmB,EAAC;YAClB,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;YACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;SAChC,CAAC,CAAC;IAEL,yEAAyE;IACzE,4EAA4E;IAC5E,2EAA2E;IAC3E,gEAAgE;IAChE,2EAA2E;IAC3E,uEAAuE;IACvE,MAAM,mBAAmB,GACvB,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,GAAG;QAC1D,CAAC,CAAC,CAAC,IAAA,mCAAmB,EAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;QACnD,CAAC,CAAC,SAAS,CAAC;IAEhB,4EAA4E;IAC5E,sEAAsE;IACtE,4EAA4E;IAC5E,6EAA6E;IAC7E,uEAAuE;IACvE,yEAAyE;IACzE,wEAAwE;IACxE,qEAAqE;IACrE,iCAAiC;IACjC,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,IAAA,6BAAc,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC,yBAAU,CAAC,CAAC;IAEjG,8DAA8D;IAC9D,kEAAkE;IAClE,gEAAgE;IAChE,0DAA0D;IAC1D,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,aAAa,CACpD,GAAG,EACH,IAAI,EACJ,OAAO,EACP,mBAAmB,EACnB,WAAW,CACZ,CAAC;IAEF,uEAAuE;IACvE,mEAAmE;IACnE,oEAAoE;IACpE,qEAAqE;IACrE,yEAAyE;IACzE,yEAAyE;IACzE,6CAA6C;IAC7C,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,cAAc,GAAG,QAAQ,CAAC,cAAc,IAAI,IAAI,CAAC;QACvD,IAAI,cAAc,KAAK,+BAAuB,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,CAAC,IAAI,+CAA+C;gBACvE,GAAG,cAAc,0BAA0B,+BAAuB,iBAAiB;gBACnF,oFAAoF;gBACpF,oFAAoF;gBACpF,iFAAiF,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC;IAC1B,2EAA2E;IAC3E,yEAAyE;IACzE,0EAA0E;IAC1E,6CAA6C;IAC7C,2EAA2E;IAC3E,qEAAqE;IACrE,iBAAiB;IACjB,4EAA4E;IAC5E,6DAA6D;IAC7D,MAAM,gBAAgB,GACpB,IAAI,CAAC,IAAI,KAAK,WAAW;QACvB,CAAC,CAAC,mBAAmB;QACrB,CAAC,CAAC,OAAO,CAAC,WAAW,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS;YAC9C,CAAC,CAAC,CAAC,IAAA,mCAAmB,EAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;YAClE,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAiB,EAAC;QACtC,GAAG;QACH,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,KAAK;QACL,gBAAgB;KACjB,CAAC,CAAC;IAEH,sEAAsE;IACtE,uEAAuE;IACvE,oEAAoE;IACpE,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,GAAG,wBAAwB,CACnF,QAAQ,CAAC,QAAQ,EACjB,OAAO,CAAC,QAAQ,EAChB,IAAI,CAAC,IAAI,KAAK,WAAW,CAC1B,CAAC;IAEF,MAAM,YAAY,GAAmC,IAAA,mCAAgB,EAAC,aAAa,CAAC,CAAC;IACrF,MAAM,cAAc,GAAmC,IAAA,mCAAgB,EAAC,eAAe,CAAC,CAAC;IAEzF,+DAA+D;IAC/D,kEAAkE;IAClE,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAA,+BAAa,EAAC,YAAY,EAAE,cAAc,EAAE;QAC9D,GAAG;QACH,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM;QAC1C,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEvD,gDAAgD;IAChD,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,kDAAkD;IAClD,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;IACxC,MAAM,eAAe,GAAG,CAAC,IAAY,EAA2B,EAAE;QAChE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC3C,IAAI,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,mEAAmE;IACnE,qEAAqE;IACrE,qEAAqE;IACrE,oEAAoE;IACpE,+CAA+C;IAC/C,MAAM,SAAS,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,QAAQ,GACZ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,qBAAqB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,oBAAoB,GACxB,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,qBAAqB,GACzB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/F,MAAM,aAAa,GACjB,IAAI,CAAC,MAAM,KAAK,OAAO;YACvB,CAAC,aAAa,CAAC,iBAAiB;gBAC9B,aAAa,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,OAAO,GAAoB;YAC/B,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;QAEF,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAEvD,kEAAkE;QAClE,kEAAkE;QAClE,+DAA+D;QAC/D,mEAAmE;QACnE,oEAAoE;QACpE,MAAM,qBAAqB,GACzB,cAAc,CAAC,MAAM,IAAI,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,SAAS,EAAE,WAAW,EAAE,GAAG,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,eAAe,GAAG,cAAc,CAAC,MAAM,IAAI,qBAAqB,KAAK,SAAS,CAAC;QACrF,IAAI,eAAe;YAAE,MAAM,GAAG,IAAI,CAAC;QACnC,IAAI,cAAc,CAAC,KAAK;YAAE,KAAK,GAAG,IAAI,CAAC;QAEvC,eAAe,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,cAAc;YACd,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,qBAAqB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;QACvC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,eAAe,CAAC;IAEpB,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,gDAAgD;IAChD,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,cAAc,GAAG,IAAI,CAAC;QACzC,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK;YAAE,aAAa,GAAG,IAAI,CAAC;IACnD,CAAC;IAED,4DAA4D;IAC5D,6DAA6D;IAC7D,+DAA+D;IAC/D,gEAAgE;IAChE,uDAAuD;IACvD,MAAM,cAAc,GAAmB,IAAA,4BAAqB,EAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE3F,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,QAAQ;QACR,OAAO;QACP,WAAW;QACX,KAAK,EAAE,aAAa;QACpB,aAAa;QACb,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK;QAClD,cAAc;QACd,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,iEAAiE;AACjE,kDAAkD;AAElD,SAAS,SAAS,CAAC,OAAqC;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,SAA4B;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,SAA4B;IAE5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,SAAS,CAAC;IACrE,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,QAAQ;QAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,YAAY;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,UAAU;QAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,OAAO;QAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,WAAW,EAAE,kEAAkE;QACvF,UAAU,EAAE,QAAQ;QACpB,aAAa,EAAE,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAA2B,EAC3B,WAAkF,EAClF,KAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB,EAAE,OAAoB;IACjE,MAAM,gBAAgB,GAIjB,EAAE,CAAC;IACR,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/F,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,KAAK,OAAO,CAAC,YAAY,CAAC,aAAa;QAC5F,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,YAAY;QACzF,gBAAgB;QAChB,aAAa,EAAE,IAAA,uBAAY,EAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC;KACjE,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,UAAU,CAAC;QAChB,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,KAAK,UAAU,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,UAAU,CAAC;QAC1B,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH;;;;;;GAMG;AACH,SAAS,UAAU,CAAC,CAAiB;IACnC,OAAO,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,qBAAqB,KAAK,SAAS,CAAC;AAC1E,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,uBAAuB,CACrC,SAAwB,EACxB,WAA0B,EAC1B,GAAS;IAET,KAAK,MAAM,EAAE,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI;YAAE,SAAS;QACxD,IAAI,CAAC,IAAA,oBAAa,EAAC,KAAK,EAAE,GAAG,CAAC;YAAE,SAAS;QACzC,OAAO;YACL,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAS,qBAAqB,CAAC,KAAoB;IACjD,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC1C,IACE,CAAC,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC;QAC7E,KAAK,CAAC,oBAAoB;QAC1B,KAAK,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,EACrC,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,oBAAoB,CAAC,CAAiB;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,SAAS,GACb,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,OAAO;QACnC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,eAAe;QAC3C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,cAAc;QAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC;IAC/C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,CAAC,oBAAoB,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CACzB,GAAW,EACX,OAAe,EACf,OAAe,EACf,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,4BAAY,EACjB,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EACrF,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAC3D,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,IAAkB,EAClB,OAAiC,EACjC,gBAAwC,EACxC,QAAqB,yBAAU;IAE/B,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAA,+BAAe,EAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC,CAAC;QACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,YAAY,IAAI;gBAC1C,oEAAoE,CACvE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAA,gCAAgB,EAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAa,EAAC;QAClC,GAAG;QACH,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,0EAA0E;QAC1E,oEAAoE;QACpE,aAAa;QACb,KAAK;QACL,yEAAyE;QACzE,oEAAoE;QACpE,6DAA6D;QAC7D,gBAAgB;KACjB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB;QAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,OAAO,CAAC,SAAS;QACvB,QAAQ,EAAE,OAAO,CAAC,YAAY;QAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,cAAc,EAAE,+BAAuB;QACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}
|
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
* surface. Adding a new identity kind or analyzer means
|
|
19
19
|
* registering a producer there, never an edit here.
|
|
20
20
|
*/
|
|
21
|
+
import { type GatherScope } from './gather-scope';
|
|
21
22
|
import type { ScanCoverage } from './coverage';
|
|
22
23
|
import type { BaselineAnalysisMeta, BaselineFile, BaselineRepoState } from './baseline-file';
|
|
23
24
|
import type { ResolvedMode } from './modes';
|
|
@@ -107,6 +108,15 @@ export interface CurrentScan {
|
|
|
107
108
|
export declare function gatherCurrentScan(options: {
|
|
108
109
|
readonly cwd: string;
|
|
109
110
|
readonly verbose?: boolean;
|
|
111
|
+
/** Restrict the gather to the analyzers a scope needs (defaults to
|
|
112
|
+
* `FULL_SCOPE`). Only the loop Stop-gate passes a policy-derived scope;
|
|
113
|
+
* `createBaseline` / CI gather everything. See `gather-scope.ts`. */
|
|
114
|
+
readonly scope?: GatherScope;
|
|
115
|
+
/** Incremental scanning (opt 3): semgrep scans ONLY these changed files.
|
|
116
|
+
* Loop Stop-gate's current side only; the ref side stays full. Sound by
|
|
117
|
+
* semgrep's intraprocedural nature (a net-new code finding only appears
|
|
118
|
+
* in a changed file). */
|
|
119
|
+
readonly incrementalFiles?: ReadonlyArray<string>;
|
|
110
120
|
}): Promise<CurrentScan>;
|
|
111
121
|
/**
|
|
112
122
|
* Scanner-availability snapshot for `cwd`, independent of a full scan.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;
|
|
1
|
+
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAQH,OAAO,EAAE,KAAK,WAAW,EAA2B,MAAM,gBAAgB,CAAC;AAK3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAQ/C,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG5C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAEjD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAE1E,MAAM,WAAW,qBAAqB;IACpC,kEAAkE;IAClE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;oDAEgD;IAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;yCAGqC;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,qEAAqE;IACrE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;4DAEwD;IACxD,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC;;oBAEgB;IAChB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC;2DACuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;kCAGkC;AAClC,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC;CAC9B;AA6JD;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACpD,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD;uEACmE;IACnE,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC;iCAC6B;IAC7B,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAAC;IAC5C;yEACqE;IACrE,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE;IAC/C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;0EAEsE;IACtE,QAAQ,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC;IAC7B;;;8BAG0B;IAC1B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CACnD,GAAG,OAAO,CAAC,WAAW,CAAC,CA0GvB;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,CAG5D;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CAkD/B"}
|
package/dist/baseline/create.js
CHANGED
|
@@ -63,9 +63,8 @@ const fs = __importStar(require("fs"));
|
|
|
63
63
|
const path = __importStar(require("path"));
|
|
64
64
|
const health_1 = require("../analyzers/health");
|
|
65
65
|
const cache_1 = require("../analyzers/cache");
|
|
66
|
-
const
|
|
67
|
-
const
|
|
68
|
-
const gitleaks_1 = require("../analyzers/tools/gitleaks");
|
|
66
|
+
const gather_scope_1 = require("./gather-scope");
|
|
67
|
+
const scoped_inputs_1 = require("./scoped-inputs");
|
|
69
68
|
const tool_registry_1 = require("../analyzers/tools/tool-registry");
|
|
70
69
|
const detect_1 = require("../detect");
|
|
71
70
|
const coverage_1 = require("./coverage");
|
|
@@ -77,7 +76,6 @@ const producers_1 = require("./producers");
|
|
|
77
76
|
const salt_1 = require("../analyzers/tools/salt");
|
|
78
77
|
const sanitize_1 = require("./sanitize");
|
|
79
78
|
const types_1 = require("./types");
|
|
80
|
-
const gather_2 = require("../allowlist/gather");
|
|
81
79
|
/** Hash used for baseline-envelope metadata fields (policy, ignore,
|
|
82
80
|
* toolchain, config). Distinct concern from finding-identity
|
|
83
81
|
* fingerprints — these never enter the matcher's identity space. */
|
|
@@ -251,9 +249,19 @@ function clearToolVersionCache() {
|
|
|
251
249
|
*/
|
|
252
250
|
async function gatherCurrentScan(options) {
|
|
253
251
|
const cwd = path.resolve(options.cwd);
|
|
252
|
+
const scope = options.scope ?? gather_scope_1.FULL_SCOPE;
|
|
253
|
+
// A scoped OR incrementally-scanned result is partial — it must never
|
|
254
|
+
// enter the shared cache where a later full `health` read would consume
|
|
255
|
+
// an incomplete codePatterns set.
|
|
256
|
+
const partial = !(0, gather_scope_1.isFullScope)(scope) || options.incrementalFiles !== undefined;
|
|
254
257
|
const analysisResult = await (0, cache_1.readOrBuildAnalysisResult)({
|
|
255
258
|
cwd,
|
|
256
|
-
build: (innerCwd) => (0, health_1.gatherAnalysisResultBody)(innerCwd, {
|
|
259
|
+
build: (innerCwd) => (0, health_1.gatherAnalysisResultBody)(innerCwd, {
|
|
260
|
+
verbose: !!options.verbose,
|
|
261
|
+
scope,
|
|
262
|
+
incrementalFiles: options.incrementalFiles,
|
|
263
|
+
}),
|
|
264
|
+
opts: { partial },
|
|
257
265
|
});
|
|
258
266
|
const aggregate = analysisResult.capabilities.securityAggregate;
|
|
259
267
|
if (!aggregate) {
|
|
@@ -273,22 +281,18 @@ async function gatherCurrentScan(options) {
|
|
|
273
281
|
// here (or earlier inside readOrBuildAnalysisResult) so producers
|
|
274
282
|
// can be pure or near-pure consumers — adding a new producer
|
|
275
283
|
// means extending this context with one more input, never
|
|
276
|
-
// adding another producer-specific block in this function.
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
const rawSecrets
|
|
281
|
-
// Inline `dxkit-allow:` annotations gathered from source so the
|
|
282
|
-
// stale-allow producer can flag orphans whose underlying findings
|
|
283
|
-
// are no longer present.
|
|
284
|
-
const inlineAllowlistAnnotations = (0, gather_2.gatherInlineAllowlistAnnotations)(cwd);
|
|
284
|
+
// adding another producer-specific block in this function. The
|
|
285
|
+
// scope-aware analyzer inputs (test-gaps, hygiene, raw secrets,
|
|
286
|
+
// inline annotations) come from one helper that skips the gathers a
|
|
287
|
+
// scope can't block on (see scoped-inputs.ts).
|
|
288
|
+
const { testGapsReport, hygiene, rawSecrets, inlineAllowlistAnnotations } = await (0, scoped_inputs_1.gatherScopedProducerInputs)(cwd, scope, !!options.verbose);
|
|
285
289
|
const producerCtx = {
|
|
286
290
|
cwd,
|
|
287
291
|
commitSha: repoState.commitSha,
|
|
288
292
|
salt,
|
|
289
293
|
analysisResult,
|
|
290
294
|
testGapsReport,
|
|
291
|
-
hygiene
|
|
295
|
+
hygiene,
|
|
292
296
|
rawSecrets,
|
|
293
297
|
inlineAllowlistAnnotations,
|
|
294
298
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwOH,sDAEC;AAwCD,8CAsHC;AAUD,gDAGC;AAkBD,wCAoDC;AAzdD,iDAA6C;AAC7C,mCAAoC;AACpC,uCAAyB;AACzB,2CAA6B;AAC7B,gDAA+D;AAC/D,8CAA+D;AAC/D,iDAA2E;AAC3E,mDAA6D;AAC7D,oEAAsF;AACtF,sCAAmC;AACnC,yCAAsD;AAEtD,4CAAwD;AACxD,mDAKyB;AAEzB,mCAA8C;AAE9C,qCAAwE;AACxE,2CAAsD;AAEtD,kDAAsD;AAEtD,yCAA0C;AAE1C,mCAAkD;AAwClD;;qEAEqE;AACrE,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sEAAsE;AAC9I,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;qCAGqC;AACrC,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,GAAG,GAAG,CAAC,GAAG,IAAc,EAAU,EAAE;QACxC,IAAI,CAAC;YACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,IAAI,EAAE;gBAC/B,GAAG;gBACH,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;IACF,OAAO;QACL,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC;QACnC,MAAM,EAAE,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,kCAAyB,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACrF,0DAA0D;IAC1D,kEAAkE;IAClE,OAAO,EAAE,YAAY,EAAE,mBAAa,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;2CAgB2C;AAC3C,SAAS,aAAa,CAAC,SAAgC,EAAE,GAAW;IAClE,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,cAAc,CAAC,CAAC,CAAC;AAE/F;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEhD,SAAS,kBAAkB,CAAC,IAAY,EAAE,GAAW;IACnD,MAAM,QAAQ,GAAG,GAAG,IAAI,KAAK,GAAG,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACxC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACvD,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAY,EAAE,GAAW;IAC3D,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,mBAAa,EAAE,CAAC;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,yBAAS,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,iEAAiE;QACjE,iEAAiE;QACjE,4DAA4D;QAC5D,+DAA+D;QAC/D,8DAA8D;QAC9D,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,8DAA8D;QAC9D,kDAAkD;QAClD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,OAAO;gBAAE,OAAO,MAAM,CAAC,OAAO,CAAC;QAC5C,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB;IACnC,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC;AA+BD;;;;;;;;GAQG;AACI,KAAK,UAAU,iBAAiB,CAAC,OAYvC;IACC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,yBAAU,CAAC;IAC1C,sEAAsE;IACtE,wEAAwE;IACxE,kCAAkC;IAClC,MAAM,OAAO,GAAG,CAAC,IAAA,0BAAW,EAAC,KAAK,CAAC,IAAI,OAAO,CAAC,gBAAgB,KAAK,SAAS,CAAC;IAE9E,MAAM,cAAc,GAAG,MAAM,IAAA,iCAAyB,EAAC;QACrD,GAAG;QACH,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,CAClB,IAAA,iCAAwB,EAAC,QAAQ,EAAE;YACjC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO;YAC1B,KAAK;YACL,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;SAC3C,CAAC;QACJ,IAAI,EAAE,EAAE,OAAO,EAAE;KAClB,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;IAChE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,iEAAiE;YAC/D,yDAAyD,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAsB;QACnC,GAAG,aAAa,CAAC,GAAG,CAAC;QACrB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,iEAAiE;IACjE,4DAA4D;IAC5D,kEAAkE;IAClE,aAAa;IACb,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAW,EAAC,GAAG,CAAC,CAAC;IAElD,gEAAgE;IAChE,kEAAkE;IAClE,6DAA6D;IAC7D,0DAA0D;IAC1D,+DAA+D;IAC/D,gEAAgE;IAChE,oEAAoE;IACpE,+CAA+C;IAC/C,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,EAAE,0BAA0B,EAAE,GACvE,MAAM,IAAA,0CAA0B,EAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAElE,MAAM,WAAW,GAAoB;QACnC,GAAG;QACH,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,IAAI;QACJ,cAAc;QACd,cAAc;QACd,OAAO;QACP,UAAU;QACV,0BAA0B;KAC3B,CAAC;IAEF,8DAA8D;IAC9D,2DAA2D;IAC3D,gEAAgE;IAChE,QAAQ;IACR,MAAM,QAAQ,GAAwB,IAAA,wBAAY,EAAC,WAAW,EAAE,qBAAS,CAAC,CAAC;IAE3E,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,oEAAoE;IACpE,yEAAyE;IACzE,sEAAsE;IACtE,qEAAqE;IACrE,mEAAmE;IACnE,MAAM,QAAQ,GAAG,CAAC,MAAiC,EAAE,EAAE;QACrD,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,KAAK,MAAM,IAAI,IAAI,MAAM;aACtB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACnB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,CAAC;IACF,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACjD,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;IAExD,MAAM,YAAY,GAAyB;QACzC,GAAG,iBAAiB,CAAC,GAAG,CAAC;QACzB,aAAa,EAAE,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;KAClD,CAAC;IAEF,sEAAsE;IACtE,kEAAkE;IAClE,wDAAwD;IACxD,MAAM,QAAQ,GAAG,IAAA,mCAAwB,EAAC,IAAA,6BAAa,EAAC,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;IAE9F,OAAO;QACL,QAAQ;QACR,SAAS;QACT,SAAS;QACT,QAAQ;QACR,KAAK;QACL,QAAQ;QACR,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO,IAAA,mCAAwB,EAAC,IAAA,6BAAa,EAAC,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACI,KAAK,UAAU,cAAc,CAClC,OAA8B;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC;IACnD,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,CAAC,GAAG,EAAE;YACJ,MAAM,MAAM,GAAG,IAAA,0BAAiB,EAAC,GAAG,CAAC,CAAC;YACtC,OAAO,IAAA,2BAAmB,EAAC;gBACzB,GAAG;gBACH,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;gBACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;aAChC,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,8DAA8D;QAC9D,8DAA8D;QAC9D,+DAA+D;QAC/D,gEAAgE;QAChE,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,8BAA8B,QAAQ,mCAAmC;YACvE,yCAAyC,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI;QACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,IAAI,CAAC,SAAS;QACpB,QAAQ,EAAE,IAAI,CAAC,YAAY;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,+BAAuB;QACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,qBAAqB,CAAC,CAAC,CAAC,IAAA,uBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACrF,IAAA,iCAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACxC,CAAC"}
|
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Gather scope — which analyzers a guardrail gather actually needs to run.
|
|
3
|
+
*
|
|
4
|
+
* # Why this exists (2.14.0 opt 1)
|
|
5
|
+
*
|
|
6
|
+
* The full current-side gather runs every analyzer (semgrep, gitleaks,
|
|
7
|
+
* graphify AST, jscpd, OSV, lint, coverage, cloc, test-gaps, licenses, …).
|
|
8
|
+
* On a large repo that is ~60s. But a guardrail check can only ever BLOCK
|
|
9
|
+
* on the finding kinds its policy escalates — see `evaluateBlockRules` in
|
|
10
|
+
* `./policy.ts`. A `security-only` loop posture blocks on secrets + crit/
|
|
11
|
+
* high SAST + critical dep-vulns and NOTHING else, so gathering jscpd /
|
|
12
|
+
* lint / coverage / cloc / test-gaps / graphify for it is pure waste: those
|
|
13
|
+
* analyzers feed only kinds the policy can't act on.
|
|
14
|
+
*
|
|
15
|
+
* This module derives, from a `BrownfieldPolicy`, the minimal set of
|
|
16
|
+
* analyzers whose output can change the verdict, so the gather can skip the
|
|
17
|
+
* rest. It is the single source of truth for that mapping.
|
|
18
|
+
*
|
|
19
|
+
* # Safety contract (load-bearing)
|
|
20
|
+
*
|
|
21
|
+
* Scoping is correct ONLY because the verdict depends solely on BLOCKING
|
|
22
|
+
* pairs, and a kind the policy cannot block can never produce one. The map
|
|
23
|
+
* below therefore tracks `evaluateBlockRules` exactly:
|
|
24
|
+
*
|
|
25
|
+
* - `policy.block` non-empty (e.g. `['added']`, the `full-debt` posture)
|
|
26
|
+
* means ANY kind blocks by status alone → FULL_SCOPE, gather everything.
|
|
27
|
+
* - otherwise each enabled `blockRule` pulls in exactly the analyzer(s)
|
|
28
|
+
* that feed its kind.
|
|
29
|
+
*
|
|
30
|
+
* Two structural guarantees keep this honest:
|
|
31
|
+
* 1. Scoping is OPT-IN. Every existing caller (CI guardrail, `createBaseline`,
|
|
32
|
+
* the `health` report) gets `FULL_SCOPE` and is byte-identical. Only the
|
|
33
|
+
* loop Stop-gate passes a derived scope.
|
|
34
|
+
* 2. The security aggregate's cheap intrinsic scans (tls-bypass + file
|
|
35
|
+
* findings, ~0.5s) always run inside `buildSecurityAggregateForHealth`,
|
|
36
|
+
* so a `code`/`config` security finding can never be skipped by scoping.
|
|
37
|
+
*
|
|
38
|
+
* If a new block rule lands in `evaluateBlockRules`, `scopeForPolicy` MUST
|
|
39
|
+
* gain the matching analyzer here or a real finding could be skipped — the
|
|
40
|
+
* scope contract test pins this.
|
|
41
|
+
*/
|
|
42
|
+
import type { BrownfieldPolicy } from './policy';
|
|
43
|
+
/**
|
|
44
|
+
* One boolean per skippable analyzer. `true` = run it. The names mirror the
|
|
45
|
+
* gather steps in `health.ts` / `create.ts` so threading is mechanical.
|
|
46
|
+
*
|
|
47
|
+
* Not represented (always run, never scoped away):
|
|
48
|
+
* - the cheap tls-bypass + file-finding scans intrinsic to the security
|
|
49
|
+
* aggregate (they contribute blockable `code`/`config` findings);
|
|
50
|
+
* - generic Layer-0 metrics + package.json (microseconds).
|
|
51
|
+
*/
|
|
52
|
+
export interface GatherScope {
|
|
53
|
+
/** gitleaks + grep-secrets → `secret` (+ raw secrets → `secret-hmac`). */
|
|
54
|
+
readonly secrets: boolean;
|
|
55
|
+
/** semgrep → `code` SAST findings. */
|
|
56
|
+
readonly codePatterns: boolean;
|
|
57
|
+
/** OSV / per-pack dep audit → `dep-vuln`. */
|
|
58
|
+
readonly depVulns: boolean;
|
|
59
|
+
/** graphify AST → structural metrics + import reachability. */
|
|
60
|
+
readonly structural: boolean;
|
|
61
|
+
/** jscpd → `duplication`. */
|
|
62
|
+
readonly duplication: boolean;
|
|
63
|
+
/** per-pack linters → Quality dimension + `code`-adjacent hygiene. */
|
|
64
|
+
readonly lint: boolean;
|
|
65
|
+
/** coverage providers → Tests dimension. */
|
|
66
|
+
readonly coverage: boolean;
|
|
67
|
+
/** license scan → attribution (never a blockable kind). */
|
|
68
|
+
readonly licenses: boolean;
|
|
69
|
+
/** import graph → dep-vuln reachability + DX metrics. */
|
|
70
|
+
readonly imports: boolean;
|
|
71
|
+
/** test-framework detection → DX metrics. */
|
|
72
|
+
readonly testFramework: boolean;
|
|
73
|
+
/** cloc line counts → `large-file`, comment ratio, language breakdown. */
|
|
74
|
+
readonly cloc: boolean;
|
|
75
|
+
/** test-gap analyzer → `test-gap` / `test-file-degradation`. */
|
|
76
|
+
readonly testGaps: boolean;
|
|
77
|
+
/** hygiene markers (TODO/FIXME/stale) → `stale-file` + Quality counts. */
|
|
78
|
+
readonly hygiene: boolean;
|
|
79
|
+
}
|
|
80
|
+
/** Everything on — the default every non-loop caller gets. */
|
|
81
|
+
export declare const FULL_SCOPE: GatherScope;
|
|
82
|
+
/** True when no analyzer at all is required — caller can short-circuit. */
|
|
83
|
+
export declare function isEmptyScope(s: GatherScope): boolean;
|
|
84
|
+
/** True when this is the full gather (no analyzer skipped). */
|
|
85
|
+
export declare function isFullScope(s: GatherScope): boolean;
|
|
86
|
+
/**
|
|
87
|
+
* A compact, deterministic signature of which analyzers a scope runs.
|
|
88
|
+
* Used to namespace the ref-scan cache so a scoped ref gather is never
|
|
89
|
+
* served as if it were a full one (and vice versa). Order is fixed by the
|
|
90
|
+
* sorted key list, so the signature is stable across calls.
|
|
91
|
+
*/
|
|
92
|
+
export declare function scopeSignature(s: GatherScope): string;
|
|
93
|
+
/**
|
|
94
|
+
* Derive the minimal gather scope a policy needs.
|
|
95
|
+
*
|
|
96
|
+
* The verdict can only be changed by a kind the policy BLOCKS, so the scope
|
|
97
|
+
* tracks `evaluateBlockRules` (in `./policy.ts`) one-to-one:
|
|
98
|
+
*
|
|
99
|
+
* newSecret → secrets
|
|
100
|
+
* newCriticalSecurity / newHighSecurity → codePatterns
|
|
101
|
+
* newCritical/HighReachableDependency… → depVulns
|
|
102
|
+
* newUntestedChangedSource → testGaps
|
|
103
|
+
* newSevereQualityIssueInChangedFiles → codePatterns + hygiene
|
|
104
|
+
*
|
|
105
|
+
* A non-empty `policy.block` list (statuses that block regardless of kind,
|
|
106
|
+
* e.g. `full-debt`'s `['added']`) means any kind can block, so we cannot
|
|
107
|
+
* skip anything → `FULL_SCOPE`.
|
|
108
|
+
*
|
|
109
|
+
* NB: `newHighReachableDependencyVulnerability` needs reachability, which the
|
|
110
|
+
* guardrail's classifier never populates today (`context.reachable` is unset
|
|
111
|
+
* on the check path), so it cannot actually fire — but we still scope in
|
|
112
|
+
* `depVulns` for it so the mapping stays a faithful, future-proof mirror of
|
|
113
|
+
* the rule table rather than relying on that downstream gap.
|
|
114
|
+
*/
|
|
115
|
+
export declare function scopeForPolicy(policy: BrownfieldPolicy): GatherScope;
|
|
116
|
+
//# sourceMappingURL=gather-scope.d.ts.map
|