@vyuhlabs/dxkit 2.13.3 → 2.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +66 -0
- package/README.md +85 -58
- package/dist/analyzers/cache.d.ts +9 -0
- package/dist/analyzers/cache.d.ts.map +1 -1
- package/dist/analyzers/cache.js +27 -15
- package/dist/analyzers/cache.js.map +1 -1
- package/dist/analyzers/health.d.ts +19 -0
- package/dist/analyzers/health.d.ts.map +1 -1
- package/dist/analyzers/health.js +72 -26
- package/dist/analyzers/health.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +9 -0
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/analyzers/tests/types.js +34 -0
- package/dist/analyzers/tests/types.js.map +1 -1
- package/dist/analyzers/tools/parallel.d.ts +2 -1
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +38 -24
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/semgrep.d.ts +15 -1
- package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
- package/dist/analyzers/tools/semgrep.js +49 -3
- package/dist/analyzers/tools/semgrep.js.map +1 -1
- package/dist/baseline/changed-files.d.ts +12 -0
- package/dist/baseline/changed-files.d.ts.map +1 -0
- package/dist/baseline/changed-files.js +100 -0
- package/dist/baseline/changed-files.js.map +1 -0
- package/dist/baseline/check.d.ts +30 -0
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +71 -4
- package/dist/baseline/check.js.map +1 -1
- package/dist/baseline/create.d.ts +10 -0
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +19 -15
- package/dist/baseline/create.js.map +1 -1
- package/dist/baseline/gather-scope.d.ts +116 -0
- package/dist/baseline/gather-scope.d.ts.map +1 -0
- package/dist/baseline/gather-scope.js +105 -0
- package/dist/baseline/gather-scope.js.map +1 -0
- package/dist/baseline/ref-baseline.d.ts +17 -2
- package/dist/baseline/ref-baseline.d.ts.map +1 -1
- package/dist/baseline/ref-baseline.js +27 -4
- package/dist/baseline/ref-baseline.js.map +1 -1
- package/dist/baseline/scoped-inputs.d.ts +21 -0
- package/dist/baseline/scoped-inputs.d.ts.map +1 -0
- package/dist/baseline/scoped-inputs.js +53 -0
- package/dist/baseline/scoped-inputs.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +7 -2
- package/dist/cli.js.map +1 -1
- package/dist/loop/stop-gate.d.ts.map +1 -1
- package/dist/loop/stop-gate.js +12 -1
- package/dist/loop/stop-gate.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gather-scope.d.ts","sourceRoot":"","sources":["../../src/baseline/gather-scope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,sCAAsC;IACtC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,6BAA6B;IAC7B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,2DAA2D;IAC3D,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,yDAAyD;IACzD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,6CAA6C;IAC7C,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,0EAA0E;IAC1E,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,gEAAgE;IAChE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,8DAA8D;AAC9D,eAAO,MAAM,UAAU,EAAE,WAcvB,CAAC;AAmBH,2EAA2E;AAC3E,wBAAgB,YAAY,CAAC,CAAC,EAAE,WAAW,GAAG,OAAO,CAEpD;AAED,+DAA+D;AAC/D,wBAAgB,WAAW,CAAC,CAAC,EAAE,WAAW,GAAG,OAAO,CAEnD;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,WAAW,GAAG,MAAM,CAMrD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,GAAG,WAAW,CAiBpE"}
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.FULL_SCOPE = void 0;
|
|
4
|
+
exports.isEmptyScope = isEmptyScope;
|
|
5
|
+
exports.isFullScope = isFullScope;
|
|
6
|
+
exports.scopeSignature = scopeSignature;
|
|
7
|
+
exports.scopeForPolicy = scopeForPolicy;
|
|
8
|
+
/** Everything on — the default every non-loop caller gets. */
|
|
9
|
+
exports.FULL_SCOPE = Object.freeze({
|
|
10
|
+
secrets: true,
|
|
11
|
+
codePatterns: true,
|
|
12
|
+
depVulns: true,
|
|
13
|
+
structural: true,
|
|
14
|
+
duplication: true,
|
|
15
|
+
lint: true,
|
|
16
|
+
coverage: true,
|
|
17
|
+
licenses: true,
|
|
18
|
+
imports: true,
|
|
19
|
+
testFramework: true,
|
|
20
|
+
cloc: true,
|
|
21
|
+
testGaps: true,
|
|
22
|
+
hygiene: true,
|
|
23
|
+
});
|
|
24
|
+
/** All-off starting point for the additive derivation below. */
|
|
25
|
+
const EMPTY_SCOPE = Object.freeze({
|
|
26
|
+
secrets: false,
|
|
27
|
+
codePatterns: false,
|
|
28
|
+
depVulns: false,
|
|
29
|
+
structural: false,
|
|
30
|
+
duplication: false,
|
|
31
|
+
lint: false,
|
|
32
|
+
coverage: false,
|
|
33
|
+
licenses: false,
|
|
34
|
+
imports: false,
|
|
35
|
+
testFramework: false,
|
|
36
|
+
cloc: false,
|
|
37
|
+
testGaps: false,
|
|
38
|
+
hygiene: false,
|
|
39
|
+
});
|
|
40
|
+
/** True when no analyzer at all is required — caller can short-circuit. */
|
|
41
|
+
function isEmptyScope(s) {
|
|
42
|
+
return !Object.values(s).some(Boolean);
|
|
43
|
+
}
|
|
44
|
+
/** True when this is the full gather (no analyzer skipped). */
|
|
45
|
+
function isFullScope(s) {
|
|
46
|
+
return Object.values(s).every(Boolean);
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* A compact, deterministic signature of which analyzers a scope runs.
|
|
50
|
+
* Used to namespace the ref-scan cache so a scoped ref gather is never
|
|
51
|
+
* served as if it were a full one (and vice versa). Order is fixed by the
|
|
52
|
+
* sorted key list, so the signature is stable across calls.
|
|
53
|
+
*/
|
|
54
|
+
function scopeSignature(s) {
|
|
55
|
+
if (isFullScope(s))
|
|
56
|
+
return 'full';
|
|
57
|
+
return Object.keys(s)
|
|
58
|
+
.sort()
|
|
59
|
+
.filter((k) => s[k])
|
|
60
|
+
.join('+');
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Derive the minimal gather scope a policy needs.
|
|
64
|
+
*
|
|
65
|
+
* The verdict can only be changed by a kind the policy BLOCKS, so the scope
|
|
66
|
+
* tracks `evaluateBlockRules` (in `./policy.ts`) one-to-one:
|
|
67
|
+
*
|
|
68
|
+
* newSecret → secrets
|
|
69
|
+
* newCriticalSecurity / newHighSecurity → codePatterns
|
|
70
|
+
* newCritical/HighReachableDependency… → depVulns
|
|
71
|
+
* newUntestedChangedSource → testGaps
|
|
72
|
+
* newSevereQualityIssueInChangedFiles → codePatterns + hygiene
|
|
73
|
+
*
|
|
74
|
+
* A non-empty `policy.block` list (statuses that block regardless of kind,
|
|
75
|
+
* e.g. `full-debt`'s `['added']`) means any kind can block, so we cannot
|
|
76
|
+
* skip anything → `FULL_SCOPE`.
|
|
77
|
+
*
|
|
78
|
+
* NB: `newHighReachableDependencyVulnerability` needs reachability, which the
|
|
79
|
+
* guardrail's classifier never populates today (`context.reachable` is unset
|
|
80
|
+
* on the check path), so it cannot actually fire — but we still scope in
|
|
81
|
+
* `depVulns` for it so the mapping stays a faithful, future-proof mirror of
|
|
82
|
+
* the rule table rather than relying on that downstream gap.
|
|
83
|
+
*/
|
|
84
|
+
function scopeForPolicy(policy) {
|
|
85
|
+
// Any status-based block applies across all kinds — nothing is safe to skip.
|
|
86
|
+
if (policy.block.length > 0)
|
|
87
|
+
return exports.FULL_SCOPE;
|
|
88
|
+
const r = policy.blockRules;
|
|
89
|
+
const scope = { ...EMPTY_SCOPE };
|
|
90
|
+
if (r.newSecret)
|
|
91
|
+
scope.secrets = true;
|
|
92
|
+
if (r.newCriticalSecurity || r.newHighSecurity)
|
|
93
|
+
scope.codePatterns = true;
|
|
94
|
+
if (r.newCriticalDependencyVulnerability || r.newHighReachableDependencyVulnerability) {
|
|
95
|
+
scope.depVulns = true;
|
|
96
|
+
}
|
|
97
|
+
if (r.newUntestedChangedSource)
|
|
98
|
+
scope.testGaps = true;
|
|
99
|
+
if (r.newSevereQualityIssueInChangedFiles) {
|
|
100
|
+
scope.codePatterns = true;
|
|
101
|
+
scope.hygiene = true;
|
|
102
|
+
}
|
|
103
|
+
return Object.freeze(scope);
|
|
104
|
+
}
|
|
105
|
+
//# sourceMappingURL=gather-scope.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gather-scope.js","sourceRoot":"","sources":["../../src/baseline/gather-scope.ts"],"names":[],"mappings":";;;AAoHA,oCAEC;AAGD,kCAEC;AAQD,wCAMC;AAwBD,wCAiBC;AAjGD,8DAA8D;AACjD,QAAA,UAAU,GAAgB,MAAM,CAAC,MAAM,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,IAAI;IACd,UAAU,EAAE,IAAI;IAChB,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,IAAI;IACd,QAAQ,EAAE,IAAI;IACd,OAAO,EAAE,IAAI;IACb,aAAa,EAAE,IAAI;IACnB,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,IAAI;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAEH,gEAAgE;AAChE,MAAM,WAAW,GAAgB,MAAM,CAAC,MAAM,CAAC;IAC7C,OAAO,EAAE,KAAK;IACd,YAAY,EAAE,KAAK;IACnB,QAAQ,EAAE,KAAK;IACf,UAAU,EAAE,KAAK;IACjB,WAAW,EAAE,KAAK;IAClB,IAAI,EAAE,KAAK;IACX,QAAQ,EAAE,KAAK;IACf,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;IACd,aAAa,EAAE,KAAK;IACpB,IAAI,EAAE,KAAK;IACX,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;CACf,CAAC,CAAC;AAEH,2EAA2E;AAC3E,SAAgB,YAAY,CAAC,CAAc;IACzC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED,+DAA+D;AAC/D,SAAgB,WAAW,CAAC,CAAc;IACxC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,CAAc;IAC3C,IAAI,WAAW,CAAC,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IAClC,OAAQ,MAAM,CAAC,IAAI,CAAC,CAAC,CAA8B;SAChD,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACnB,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAgB,cAAc,CAAC,MAAwB;IACrD,6EAA6E;IAC7E,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,kBAAU,CAAC;IAE/C,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC;IAC5B,MAAM,KAAK,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,CAAC,SAAS;QAAE,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACtC,IAAI,CAAC,CAAC,mBAAmB,IAAI,CAAC,CAAC,eAAe;QAAE,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;IAC1E,IAAI,CAAC,CAAC,kCAAkC,IAAI,CAAC,CAAC,uCAAuC,EAAE,CAAC;QACtF,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;IACxB,CAAC;IACD,IAAI,CAAC,CAAC,wBAAwB;QAAE,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;IACtD,IAAI,CAAC,CAAC,mCAAmC,EAAE,CAAC;QAC1C,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;QAC1B,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -49,6 +49,7 @@
|
|
|
49
49
|
* handling in the orchestrator.
|
|
50
50
|
*/
|
|
51
51
|
import type { CurrentScan } from './create';
|
|
52
|
+
import { type GatherScope } from './gather-scope';
|
|
52
53
|
/**
|
|
53
54
|
* Recoverable error from the ref-based gather path. Carries an
|
|
54
55
|
* actionable `hint` the CLI surfaces verbatim so customers don't
|
|
@@ -110,10 +111,24 @@ export declare function gatherFromRef(opts: {
|
|
|
110
111
|
readonly cwd: string;
|
|
111
112
|
readonly ref: string;
|
|
112
113
|
readonly verbose?: boolean;
|
|
114
|
+
/** Scope the ref-side gather identically to the current side so the
|
|
115
|
+
* cross-run diff stays balanced. Defaults to `FULL_SCOPE`. */
|
|
116
|
+
readonly scope?: GatherScope;
|
|
117
|
+
/** Incremental scanning (opt 3): scope the ref side's semgrep to just
|
|
118
|
+
* these changed files, exactly like the current side. In ref-based mode
|
|
119
|
+
* the changed set is fully computable (`diff(ref, HEAD)`), so scoping
|
|
120
|
+
* BOTH sides to the same files keeps the cross-run diff symmetric and
|
|
121
|
+
* sound for the net-new gate (semgrep is intraprocedural — a net-new
|
|
122
|
+
* code finding can only appear in a changed file). Omit for a full ref
|
|
123
|
+
* scan. The set is part of the cache key so a scoped ref scan is never
|
|
124
|
+
* reused for a full request. */
|
|
125
|
+
readonly incrementalFiles?: ReadonlyArray<string>;
|
|
113
126
|
}): Promise<CurrentScan>;
|
|
114
127
|
/** Deterministic cache key over every input that can change a ref scan.
|
|
115
|
-
*
|
|
116
|
-
|
|
128
|
+
* Includes the gather scope so a scoped ref scan is never reused for a
|
|
129
|
+
* full request (or vice versa), and the incremental changed-file set so a
|
|
130
|
+
* symmetric ref-based incremental scan keys distinctly. Exported for testing. */
|
|
131
|
+
export declare function refScanCacheKey(cwd: string, sha: string, scope?: GatherScope, incrementalFiles?: ReadonlyArray<string>): string;
|
|
117
132
|
/** Read a cached ref scan; null on miss, bypass, or any shape mismatch.
|
|
118
133
|
* Exported for testing. */
|
|
119
134
|
export declare function readRefScanCache(cwd: string, key: string): CurrentScan | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ref-baseline.d.ts","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAkBH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"ref-baseline.d.ts","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAkBH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,KAAK,WAAW,EAA8B,MAAM,gBAAgB,CAAC;AAE9E;;;;;GAKG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBACV,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;CAK1C;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWvE;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAWlD;AAqBD;;;;;;;GAOG;AACH,wBAAsB,eAAe,CAAC,CAAC,EACrC,IAAI,EAAE,kBAAkB,EACxB,EAAE,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GACvC,OAAO,CAAC,CAAC,CAAC,CAuDZ;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAMnE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;mEAC+D;IAC/D,QAAQ,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC;IAC7B;;;;;;;qCAOiC;IACjC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CACnD,GAAG,OAAO,CAAC,WAAW,CAAC,CAmBvB;AA6CD;;;kFAGkF;AAClF,wBAAgB,eAAe,CAC7B,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,KAAK,GAAE,WAAwB,EAC/B,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,GACvC,MAAM,CAWR;AAED;4BAC4B;AAC5B,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAgB7E;AAED;4BAC4B;AAC5B,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,IAAI,CAanF"}
|
|
@@ -100,6 +100,7 @@ const path = __importStar(require("path"));
|
|
|
100
100
|
const constants_1 = require("../constants");
|
|
101
101
|
const types_1 = require("./types");
|
|
102
102
|
const create_1 = require("./create");
|
|
103
|
+
const gather_scope_1 = require("./gather-scope");
|
|
103
104
|
/**
|
|
104
105
|
* Recoverable error from the ref-based gather path. Carries an
|
|
105
106
|
* actionable `hint` the CLI surfaces verbatim so customers don't
|
|
@@ -262,12 +263,18 @@ async function gatherFromRef(opts) {
|
|
|
262
263
|
const sha = resolveRefToSha(opts.cwd, opts.ref);
|
|
263
264
|
if (sha === null)
|
|
264
265
|
throw unreachableRefError(opts.cwd, opts.ref);
|
|
265
|
-
const
|
|
266
|
+
const scope = opts.scope ?? gather_scope_1.FULL_SCOPE;
|
|
267
|
+
const key = refScanCacheKey(opts.cwd, sha, scope, opts.incrementalFiles);
|
|
266
268
|
const cached = readRefScanCache(opts.cwd, key);
|
|
267
269
|
if (cached)
|
|
268
270
|
return cached;
|
|
269
271
|
const scan = await withRefWorktree({ cwd: opts.cwd, ref: opts.ref }, async (worktreePath) => {
|
|
270
|
-
return (0, create_1.gatherCurrentScan)({
|
|
272
|
+
return (0, create_1.gatherCurrentScan)({
|
|
273
|
+
cwd: worktreePath,
|
|
274
|
+
verbose: opts.verbose,
|
|
275
|
+
scope,
|
|
276
|
+
incrementalFiles: opts.incrementalFiles,
|
|
277
|
+
});
|
|
271
278
|
});
|
|
272
279
|
writeRefScanCache(opts.cwd, key, scan);
|
|
273
280
|
return scan;
|
|
@@ -303,15 +310,31 @@ function saltSignature(cwd) {
|
|
|
303
310
|
return 'no-salt';
|
|
304
311
|
}
|
|
305
312
|
}
|
|
313
|
+
/** Stable signature of an incremental changed-file set (order-independent),
|
|
314
|
+
* or a sentinel for a full (non-incremental) scan. Part of the cache key so
|
|
315
|
+
* a scan scoped to one changed set is never reused for a different set or a
|
|
316
|
+
* full request. */
|
|
317
|
+
function incrementalSignature(incrementalFiles) {
|
|
318
|
+
if (incrementalFiles === undefined)
|
|
319
|
+
return 'full';
|
|
320
|
+
if (incrementalFiles.length === 0)
|
|
321
|
+
return 'incremental:empty';
|
|
322
|
+
const joined = [...incrementalFiles].sort().join('\n');
|
|
323
|
+
return `incremental:${(0, crypto_1.createHash)('sha256').update(joined).digest('hex').slice(0, 16)}`; // fingerprint-helper-ok
|
|
324
|
+
}
|
|
306
325
|
/** Deterministic cache key over every input that can change a ref scan.
|
|
307
|
-
*
|
|
308
|
-
|
|
326
|
+
* Includes the gather scope so a scoped ref scan is never reused for a
|
|
327
|
+
* full request (or vice versa), and the incremental changed-file set so a
|
|
328
|
+
* symmetric ref-based incremental scan keys distinctly. Exported for testing. */
|
|
329
|
+
function refScanCacheKey(cwd, sha, scope = gather_scope_1.FULL_SCOPE, incrementalFiles) {
|
|
309
330
|
const material = [
|
|
310
331
|
`fmt:${REF_SCAN_CACHE_FORMAT}`,
|
|
311
332
|
`sha:${sha}`,
|
|
312
333
|
`ver:${constants_1.VERSION}`,
|
|
313
334
|
`scheme:${types_1.CURRENT_IDENTITY_SCHEME}`,
|
|
314
335
|
`salt:${saltSignature(cwd)}`,
|
|
336
|
+
`scope:${(0, gather_scope_1.scopeSignature)(scope)}`,
|
|
337
|
+
`incr:${incrementalSignature(incrementalFiles)}`,
|
|
315
338
|
].join('\0');
|
|
316
339
|
return (0, crypto_1.createHash)('sha256').update(material).digest('hex').slice(0, 32); // fingerprint-helper-ok
|
|
317
340
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ref-baseline.js","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"ref-baseline.js","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CH,0CAWC;AAQD,sCAWC;AA6BD,0CA0DC;AASD,wCAMC;AAcD,sCAmCC;AAiDD,0CAgBC;AAID,4CAgBC;AAID,8CAaC;AAxUD,iDAA6C;AAC7C,mCAAoC;AACpC,2BAQY;AACZ,2BAA4B;AAC5B,2CAA6B;AAC7B,4CAAuC;AACvC,mCAAkD;AAClD,qCAA6C;AAE7C,iDAA8E;AAE9E;;;;;GAKG;AACH,MAAa,gBAAiB,SAAQ,KAAK;IAChC,IAAI,CAAS;IACtB,YAAY,OAAe,EAAE,IAAY;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAPD,4CAOC;AAOD;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,GAAW,EAAE,GAAW;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE;YAC5E,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,yBAAyB,CAAC,EAAE;YACxE,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,KAAK,MAAM,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,GAAW,EAAE,GAAW;IACnD,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,gBAAgB,CACzB,+BAA+B,GAAG,4BAA4B,EAC9D,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,gBAAgB,CACzB,+BAA+B,GAAG,GAAG,EACrC,oHAAoH,CACrH,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,eAAe,CACnC,IAAwB,EACxB,EAAwC;IAExC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI;QAAE,MAAM,mBAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,+DAA+D;IAC/D,gEAAgE;IAChE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAA,gBAAW,EAAC,IAAI,CAAC,IAAI,CAAC,IAAA,WAAM,GAAE,EAAE,YAAY,CAAC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACrD,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,CAAC;QACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE;YACtE,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QACH,aAAa,GAAG,IAAI,CAAC;QACrB,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,2DAA2D;QAC3D,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACvC,OAAO,MAAM,EAAE,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,gBAAgB;YAAE,MAAM,GAAG,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,wDAAwD;YACxD,sCAAsC;YACtC,MAAM,IAAI,gBAAgB,CACxB,yCAAyC,IAAI,CAAC,GAAG,GAAG,EACpD,mDAAmD,QAAQ,eAAe,CAC3E,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE;oBACnE,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;iBAClC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,uDAAuD;gBACvD,yDAAyD;YAC3D,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,IAAA,WAAM,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;YAC3D,8DAA8D;YAC9D,qBAAqB;QACvB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,MAAc,EAAE,MAAc;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChD,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC;QAAE,OAAO;IAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC3C,IAAA,cAAS,EAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,IAAA,iBAAY,EAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,aAAa,CAAC,IAgBnC;IACC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI;QAAE,MAAM,mBAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,yBAAU,CAAC;IACvC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACzE,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE;QAC1F,OAAO,IAAA,0BAAiB,EAAC;YACvB,GAAG,EAAE,YAAY;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;SACxC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAChC,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AAEpE,6DAA6D;AAC7D,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;IAC9F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;oBAGoB;AACpB,SAAS,oBAAoB,CAAC,gBAAwC;IACpE,IAAI,gBAAgB,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAClD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAC9D,MAAM,MAAM,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,OAAO,eAAe,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,wBAAwB;AAClH,CAAC;AAED;;;kFAGkF;AAClF,SAAgB,eAAe,CAC7B,GAAW,EACX,GAAW,EACX,QAAqB,yBAAU,EAC/B,gBAAwC;IAExC,MAAM,QAAQ,GAAG;QACf,OAAO,qBAAqB,EAAE;QAC9B,OAAO,GAAG,EAAE;QACZ,OAAO,mBAAO,EAAE;QAChB,UAAU,+BAAuB,EAAE;QACnC,QAAQ,aAAa,CAAC,GAAG,CAAC,EAAE;QAC5B,SAAS,IAAA,6BAAc,EAAC,KAAK,CAAC,EAAE;QAChC,QAAQ,oBAAoB,CAAC,gBAAgB,CAAC,EAAE;KACjD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACb,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;AACnG,CAAC;AAED;4BAC4B;AAC5B,SAAgB,gBAAgB,CAAC,GAAW,EAAE,GAAW;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,EAAE,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4C,CAAC;QAC1E,IACE,MAAM,CAAC,MAAM,KAAK,qBAAqB;YACvC,CAAC,MAAM,CAAC,IAAI;YACZ,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EACpC,CAAC;YACD,OAAO,IAAI,CAAC,CAAC,iDAAiD;QAChE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,gEAAgE;IAC/E,CAAC;AACH,CAAC;AAED;4BAC4B;AAC5B,SAAgB,iBAAiB,CAAC,GAAW,EAAE,GAAW,EAAE,IAAiB;IAC3E,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG;QAAE,OAAO;IACnD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAC/C,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,IAAA,kBAAa,EACX,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,EAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EAC9D,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;IAClD,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { type TestGapsReport } from '../analyzers/tests/types';
|
|
2
|
+
import type { GitleaksRawSecret } from '../analyzers/tools/gitleaks';
|
|
3
|
+
import type { InlineAllowlistOccurrence } from '../allowlist/gather';
|
|
4
|
+
import type { GatherScope } from './gather-scope';
|
|
5
|
+
import type { HygieneSnapshot } from './producers';
|
|
6
|
+
/** The non-cached analyzer outputs the producer registry consumes. */
|
|
7
|
+
export interface ScopedProducerInputs {
|
|
8
|
+
readonly testGapsReport: TestGapsReport;
|
|
9
|
+
readonly hygiene: HygieneSnapshot;
|
|
10
|
+
readonly rawSecrets: ReadonlyArray<GitleaksRawSecret>;
|
|
11
|
+
readonly inlineAllowlistAnnotations: ReadonlyArray<InlineAllowlistOccurrence>;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Gather the producer-context inputs a scope needs. Each gather is skipped
|
|
15
|
+
* when its scope flag is off, substituting an empty value so the
|
|
16
|
+
* corresponding producer emits zero entries. `inlineAllowlistAnnotations` is
|
|
17
|
+
* always gathered (a cheap source scan that feeds the stale-allow producer,
|
|
18
|
+
* which has no scope flag).
|
|
19
|
+
*/
|
|
20
|
+
export declare function gatherScopedProducerInputs(cwd: string, scope: GatherScope, verbose: boolean): Promise<ScopedProducerInputs>;
|
|
21
|
+
//# sourceMappingURL=scoped-inputs.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scoped-inputs.d.ts","sourceRoot":"","sources":["../../src/baseline/scoped-inputs.ts"],"names":[],"mappings":"AAcA,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAenD,sEAAsE;AACtE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD,QAAQ,CAAC,0BAA0B,EAAE,aAAa,CAAC,yBAAyB,CAAC,CAAC;CAC/E;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,WAAW,EAClB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,oBAAoB,CAAC,CAY/B"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.gatherScopedProducerInputs = gatherScopedProducerInputs;
|
|
4
|
+
/**
|
|
5
|
+
* Scope-aware producer-context inputs.
|
|
6
|
+
*
|
|
7
|
+
* Extracted from `create.ts` so `gatherCurrentScan` stays focused on
|
|
8
|
+
* orchestration. The producer registry (CLAUDE.md Rule 10) reads a handful
|
|
9
|
+
* of analyzer outputs from `ProducerContext` beyond the cached
|
|
10
|
+
* `AnalysisResult`: the test-gaps report, hygiene markers, raw secrets, and
|
|
11
|
+
* inline allowlist annotations. Each feeds exactly one producer family, so a
|
|
12
|
+
* gather scope that can't block on that family skips the (sometimes
|
|
13
|
+
* expensive) gather and substitutes an empty input — the producer then
|
|
14
|
+
* emits zero entries. The ref side is scoped identically, so the cross-run
|
|
15
|
+
* diff stays balanced (see `gather-scope.ts`).
|
|
16
|
+
*/
|
|
17
|
+
const tests_1 = require("../analyzers/tests");
|
|
18
|
+
const types_1 = require("../analyzers/tests/types");
|
|
19
|
+
const gather_1 = require("../analyzers/quality/gather");
|
|
20
|
+
const gitleaks_1 = require("../analyzers/tools/gitleaks");
|
|
21
|
+
const gather_2 = require("../allowlist/gather");
|
|
22
|
+
/** Vacuous hygiene snapshot for the scope-aware gather when a posture
|
|
23
|
+
* cannot block on `stale-file` / hygiene counts (`scope.hygiene === false`),
|
|
24
|
+
* so the hygiene grep is skipped. The `quality` producer reads
|
|
25
|
+
* `hygiene.staleFiles` and emits zero entries from the empty list. */
|
|
26
|
+
const EMPTY_HYGIENE_SNAPSHOT = {
|
|
27
|
+
staleFiles: [],
|
|
28
|
+
todoCount: 0,
|
|
29
|
+
fixmeCount: 0,
|
|
30
|
+
hackCount: 0,
|
|
31
|
+
consoleLogCount: 0,
|
|
32
|
+
mixedLanguages: false,
|
|
33
|
+
};
|
|
34
|
+
/**
|
|
35
|
+
* Gather the producer-context inputs a scope needs. Each gather is skipped
|
|
36
|
+
* when its scope flag is off, substituting an empty value so the
|
|
37
|
+
* corresponding producer emits zero entries. `inlineAllowlistAnnotations` is
|
|
38
|
+
* always gathered (a cheap source scan that feeds the stale-allow producer,
|
|
39
|
+
* which has no scope flag).
|
|
40
|
+
*/
|
|
41
|
+
async function gatherScopedProducerInputs(cwd, scope, verbose) {
|
|
42
|
+
const testGapsReport = scope.testGaps
|
|
43
|
+
? await (0, tests_1.analyzeTestGaps)(cwd, { verbose })
|
|
44
|
+
: (0, types_1.emptyTestGapsReport)();
|
|
45
|
+
const hygiene = scope.hygiene ? (0, gather_1.gatherHygieneMarkers)(cwd) : EMPTY_HYGIENE_SNAPSHOT;
|
|
46
|
+
const gitleaksOutcome = scope.secrets
|
|
47
|
+
? (0, gitleaks_1.gatherGitleaksResult)(cwd)
|
|
48
|
+
: { kind: 'unavailable', reason: 'scoped out' };
|
|
49
|
+
const rawSecrets = gitleaksOutcome.kind === 'success' ? gitleaksOutcome.rawSecrets : [];
|
|
50
|
+
const inlineAllowlistAnnotations = (0, gather_2.gatherInlineAllowlistAnnotations)(cwd);
|
|
51
|
+
return { testGapsReport, hygiene, rawSecrets, inlineAllowlistAnnotations };
|
|
52
|
+
}
|
|
53
|
+
//# sourceMappingURL=scoped-inputs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scoped-inputs.js","sourceRoot":"","sources":["../../src/baseline/scoped-inputs.ts"],"names":[],"mappings":";;AAmDA,gEAgBC;AAnED;;;;;;;;;;;;GAYG;AACH,8CAAqD;AACrD,oDAAoF;AACpF,wDAAmE;AACnE,0DAAmE;AAEnE,gDAAuE;AAKvE;;;uEAGuE;AACvE,MAAM,sBAAsB,GAAoB;IAC9C,UAAU,EAAE,EAAE;IACd,SAAS,EAAE,CAAC;IACZ,UAAU,EAAE,CAAC;IACb,SAAS,EAAE,CAAC;IACZ,eAAe,EAAE,CAAC;IAClB,cAAc,EAAE,KAAK;CACtB,CAAC;AAUF;;;;;;GAMG;AACI,KAAK,UAAU,0BAA0B,CAC9C,GAAW,EACX,KAAkB,EAClB,OAAgB;IAEhB,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ;QACnC,CAAC,CAAC,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC,CAAC,IAAA,2BAAmB,GAAE,CAAC;IAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC;IACnF,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO;QACnC,CAAC,CAAC,IAAA,+BAAoB,EAAC,GAAG,CAAC;QAC3B,CAAC,CAAE,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,EAAY,CAAC;IAC7D,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,MAAM,0BAA0B,GAAG,IAAA,yCAAgC,EAAC,GAAG,CAAC,CAAC;IACzE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,EAAE,0BAA0B,EAAE,CAAC;AAC7E,CAAC"}
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAiSA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA24DvD"}
|
package/dist/cli.js
CHANGED
|
@@ -137,7 +137,7 @@ function applyFailOnSeverity(raw, counts, countsLabel) {
|
|
|
137
137
|
}
|
|
138
138
|
function printUsage() {
|
|
139
139
|
console.log(`
|
|
140
|
-
${logger.bold('vyuh-dxkit')} v${constants_1.VERSION} — a
|
|
140
|
+
${logger.bold('vyuh-dxkit')} v${constants_1.VERSION} — a deterministic stop condition + code-graph context layer for AI coding agents
|
|
141
141
|
|
|
142
142
|
${logger.bold('Usage:')}
|
|
143
143
|
vyuh-dxkit init [options] Install dxkit agent DX in this repo
|
|
@@ -177,12 +177,15 @@ function printUsage() {
|
|
|
177
177
|
per-kind counts. --kind drills into one kind. --json
|
|
178
178
|
emits a schema-banner-wrapped payload.
|
|
179
179
|
vyuh-dxkit guardrail check [path] [--name <n>] [--baseline <path>]
|
|
180
|
-
[--changed-only] [--policy <path>]
|
|
180
|
+
[--changed-only] [--incremental] [--policy <path>]
|
|
181
181
|
[--mode=<mode>] [--ref=<ref>]
|
|
182
182
|
[--json | --markdown]
|
|
183
183
|
Diff current scan against the named baseline; block on net-new
|
|
184
184
|
regressions per brownfield policy. Exit code 1 when blocked.
|
|
185
185
|
--mode/--ref mirror baseline create (override policy.json).
|
|
186
|
+
--incremental scopes semgrep to changed files (both sides in
|
|
187
|
+
ref-based mode) so the check scales with PR size, not repo size;
|
|
188
|
+
same verdict, much faster. Falls back to a full scan on any doubt.
|
|
186
189
|
vyuh-dxkit hooks activate [path]
|
|
187
190
|
Idempotently set core.hooksPath = .githooks. Wired into
|
|
188
191
|
package.json postinstall by 'init --with-hooks' so every
|
|
@@ -317,6 +320,7 @@ async function run(argv) {
|
|
|
317
320
|
'no-fail-fast': { type: 'boolean', default: false },
|
|
318
321
|
'with-coverage': { type: 'boolean', default: false },
|
|
319
322
|
'changed-only': { type: 'boolean', default: false },
|
|
323
|
+
incremental: { type: 'boolean', default: false },
|
|
320
324
|
baseline: { type: 'string' },
|
|
321
325
|
policy: { type: 'string' },
|
|
322
326
|
markdown: { type: 'boolean', default: false },
|
|
@@ -1697,6 +1701,7 @@ async function run(argv) {
|
|
|
1697
1701
|
name: values.name,
|
|
1698
1702
|
baselinePath: values.baseline,
|
|
1699
1703
|
changedOnly: !!values['changed-only'],
|
|
1704
|
+
incremental: !!values.incremental,
|
|
1700
1705
|
policyPath: values.policy,
|
|
1701
1706
|
verbose: !!values.verbose,
|
|
1702
1707
|
cliMode: cliMode ?? undefined,
|