@vyuhlabs/dxkit 2.13.3 → 2.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +66 -0
  2. package/README.md +85 -58
  3. package/dist/analyzers/cache.d.ts +9 -0
  4. package/dist/analyzers/cache.d.ts.map +1 -1
  5. package/dist/analyzers/cache.js +27 -15
  6. package/dist/analyzers/cache.js.map +1 -1
  7. package/dist/analyzers/health.d.ts +19 -0
  8. package/dist/analyzers/health.d.ts.map +1 -1
  9. package/dist/analyzers/health.js +72 -26
  10. package/dist/analyzers/health.js.map +1 -1
  11. package/dist/analyzers/tests/types.d.ts +9 -0
  12. package/dist/analyzers/tests/types.d.ts.map +1 -1
  13. package/dist/analyzers/tests/types.js +34 -0
  14. package/dist/analyzers/tests/types.js.map +1 -1
  15. package/dist/analyzers/tools/parallel.d.ts +2 -1
  16. package/dist/analyzers/tools/parallel.d.ts.map +1 -1
  17. package/dist/analyzers/tools/parallel.js +38 -24
  18. package/dist/analyzers/tools/parallel.js.map +1 -1
  19. package/dist/analyzers/tools/semgrep.d.ts +15 -1
  20. package/dist/analyzers/tools/semgrep.d.ts.map +1 -1
  21. package/dist/analyzers/tools/semgrep.js +49 -3
  22. package/dist/analyzers/tools/semgrep.js.map +1 -1
  23. package/dist/baseline/changed-files.d.ts +12 -0
  24. package/dist/baseline/changed-files.d.ts.map +1 -0
  25. package/dist/baseline/changed-files.js +100 -0
  26. package/dist/baseline/changed-files.js.map +1 -0
  27. package/dist/baseline/check.d.ts +30 -0
  28. package/dist/baseline/check.d.ts.map +1 -1
  29. package/dist/baseline/check.js +71 -4
  30. package/dist/baseline/check.js.map +1 -1
  31. package/dist/baseline/create.d.ts +10 -0
  32. package/dist/baseline/create.d.ts.map +1 -1
  33. package/dist/baseline/create.js +19 -15
  34. package/dist/baseline/create.js.map +1 -1
  35. package/dist/baseline/gather-scope.d.ts +116 -0
  36. package/dist/baseline/gather-scope.d.ts.map +1 -0
  37. package/dist/baseline/gather-scope.js +105 -0
  38. package/dist/baseline/gather-scope.js.map +1 -0
  39. package/dist/baseline/ref-baseline.d.ts +17 -2
  40. package/dist/baseline/ref-baseline.d.ts.map +1 -1
  41. package/dist/baseline/ref-baseline.js +27 -4
  42. package/dist/baseline/ref-baseline.js.map +1 -1
  43. package/dist/baseline/scoped-inputs.d.ts +21 -0
  44. package/dist/baseline/scoped-inputs.d.ts.map +1 -0
  45. package/dist/baseline/scoped-inputs.js +53 -0
  46. package/dist/baseline/scoped-inputs.js.map +1 -0
  47. package/dist/cli.d.ts.map +1 -1
  48. package/dist/cli.js +7 -2
  49. package/dist/cli.js.map +1 -1
  50. package/dist/loop/stop-gate.d.ts.map +1 -1
  51. package/dist/loop/stop-gate.js +12 -1
  52. package/dist/loop/stop-gate.js.map +1 -1
  53. package/package.json +2 -2
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gather-scope.d.ts","sourceRoot":"","sources":["../../src/baseline/gather-scope.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,sCAAsC;IACtC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;IAC/B,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,6BAA6B;IAC7B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,2DAA2D;IAC3D,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,yDAAyD;IACzD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,6CAA6C;IAC7C,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,0EAA0E;IAC1E,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,gEAAgE;IAChE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,0EAA0E;IAC1E,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,8DAA8D;AAC9D,eAAO,MAAM,UAAU,EAAE,WAcvB,CAAC;AAmBH,2EAA2E;AAC3E,wBAAgB,YAAY,CAAC,CAAC,EAAE,WAAW,GAAG,OAAO,CAEpD;AAED,+DAA+D;AAC/D,wBAAgB,WAAW,CAAC,CAAC,EAAE,WAAW,GAAG,OAAO,CAEnD;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,WAAW,GAAG,MAAM,CAMrD;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,GAAG,WAAW,CAiBpE"}
@@ -0,0 +1,105 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.FULL_SCOPE = void 0;
4
+ exports.isEmptyScope = isEmptyScope;
5
+ exports.isFullScope = isFullScope;
6
+ exports.scopeSignature = scopeSignature;
7
+ exports.scopeForPolicy = scopeForPolicy;
8
+ /** Everything on — the default every non-loop caller gets. */
9
+ exports.FULL_SCOPE = Object.freeze({
10
+ secrets: true,
11
+ codePatterns: true,
12
+ depVulns: true,
13
+ structural: true,
14
+ duplication: true,
15
+ lint: true,
16
+ coverage: true,
17
+ licenses: true,
18
+ imports: true,
19
+ testFramework: true,
20
+ cloc: true,
21
+ testGaps: true,
22
+ hygiene: true,
23
+ });
24
+ /** All-off starting point for the additive derivation below. */
25
+ const EMPTY_SCOPE = Object.freeze({
26
+ secrets: false,
27
+ codePatterns: false,
28
+ depVulns: false,
29
+ structural: false,
30
+ duplication: false,
31
+ lint: false,
32
+ coverage: false,
33
+ licenses: false,
34
+ imports: false,
35
+ testFramework: false,
36
+ cloc: false,
37
+ testGaps: false,
38
+ hygiene: false,
39
+ });
40
+ /** True when no analyzer at all is required — caller can short-circuit. */
41
+ function isEmptyScope(s) {
42
+ return !Object.values(s).some(Boolean);
43
+ }
44
+ /** True when this is the full gather (no analyzer skipped). */
45
+ function isFullScope(s) {
46
+ return Object.values(s).every(Boolean);
47
+ }
48
+ /**
49
+ * A compact, deterministic signature of which analyzers a scope runs.
50
+ * Used to namespace the ref-scan cache so a scoped ref gather is never
51
+ * served as if it were a full one (and vice versa). Order is fixed by the
52
+ * sorted key list, so the signature is stable across calls.
53
+ */
54
+ function scopeSignature(s) {
55
+ if (isFullScope(s))
56
+ return 'full';
57
+ return Object.keys(s)
58
+ .sort()
59
+ .filter((k) => s[k])
60
+ .join('+');
61
+ }
62
+ /**
63
+ * Derive the minimal gather scope a policy needs.
64
+ *
65
+ * The verdict can only be changed by a kind the policy BLOCKS, so the scope
66
+ * tracks `evaluateBlockRules` (in `./policy.ts`) one-to-one:
67
+ *
68
+ * newSecret → secrets
69
+ * newCriticalSecurity / newHighSecurity → codePatterns
70
+ * newCritical/HighReachableDependency… → depVulns
71
+ * newUntestedChangedSource → testGaps
72
+ * newSevereQualityIssueInChangedFiles → codePatterns + hygiene
73
+ *
74
+ * A non-empty `policy.block` list (statuses that block regardless of kind,
75
+ * e.g. `full-debt`'s `['added']`) means any kind can block, so we cannot
76
+ * skip anything → `FULL_SCOPE`.
77
+ *
78
+ * NB: `newHighReachableDependencyVulnerability` needs reachability, which the
79
+ * guardrail's classifier never populates today (`context.reachable` is unset
80
+ * on the check path), so it cannot actually fire — but we still scope in
81
+ * `depVulns` for it so the mapping stays a faithful, future-proof mirror of
82
+ * the rule table rather than relying on that downstream gap.
83
+ */
84
+ function scopeForPolicy(policy) {
85
+ // Any status-based block applies across all kinds — nothing is safe to skip.
86
+ if (policy.block.length > 0)
87
+ return exports.FULL_SCOPE;
88
+ const r = policy.blockRules;
89
+ const scope = { ...EMPTY_SCOPE };
90
+ if (r.newSecret)
91
+ scope.secrets = true;
92
+ if (r.newCriticalSecurity || r.newHighSecurity)
93
+ scope.codePatterns = true;
94
+ if (r.newCriticalDependencyVulnerability || r.newHighReachableDependencyVulnerability) {
95
+ scope.depVulns = true;
96
+ }
97
+ if (r.newUntestedChangedSource)
98
+ scope.testGaps = true;
99
+ if (r.newSevereQualityIssueInChangedFiles) {
100
+ scope.codePatterns = true;
101
+ scope.hygiene = true;
102
+ }
103
+ return Object.freeze(scope);
104
+ }
105
+ //# sourceMappingURL=gather-scope.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"gather-scope.js","sourceRoot":"","sources":["../../src/baseline/gather-scope.ts"],"names":[],"mappings":";;;AAoHA,oCAEC;AAGD,kCAEC;AAQD,wCAMC;AAwBD,wCAiBC;AAjGD,8DAA8D;AACjD,QAAA,UAAU,GAAgB,MAAM,CAAC,MAAM,CAAC;IACnD,OAAO,EAAE,IAAI;IACb,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,IAAI;IACd,UAAU,EAAE,IAAI;IAChB,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,IAAI;IACd,QAAQ,EAAE,IAAI;IACd,OAAO,EAAE,IAAI;IACb,aAAa,EAAE,IAAI;IACnB,IAAI,EAAE,IAAI;IACV,QAAQ,EAAE,IAAI;IACd,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAEH,gEAAgE;AAChE,MAAM,WAAW,GAAgB,MAAM,CAAC,MAAM,CAAC;IAC7C,OAAO,EAAE,KAAK;IACd,YAAY,EAAE,KAAK;IACnB,QAAQ,EAAE,KAAK;IACf,UAAU,EAAE,KAAK;IACjB,WAAW,EAAE,KAAK;IAClB,IAAI,EAAE,KAAK;IACX,QAAQ,EAAE,KAAK;IACf,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;IACd,aAAa,EAAE,KAAK;IACpB,IAAI,EAAE,KAAK;IACX,QAAQ,EAAE,KAAK;IACf,OAAO,EAAE,KAAK;CACf,CAAC,CAAC;AAEH,2EAA2E;AAC3E,SAAgB,YAAY,CAAC,CAAc;IACzC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED,+DAA+D;AAC/D,SAAgB,WAAW,CAAC,CAAc;IACxC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,CAAc;IAC3C,IAAI,WAAW,CAAC,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IAClC,OAAQ,MAAM,CAAC,IAAI,CAAC,CAAC,CAA8B;SAChD,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACnB,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,SAAgB,cAAc,CAAC,MAAwB;IACrD,6EAA6E;IAC7E,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,kBAAU,CAAC;IAE/C,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC;IAC5B,MAAM,KAAK,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,CAAC,SAAS;QAAE,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACtC,IAAI,CAAC,CAAC,mBAAmB,IAAI,CAAC,CAAC,eAAe;QAAE,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;IAC1E,IAAI,CAAC,CAAC,kCAAkC,IAAI,CAAC,CAAC,uCAAuC,EAAE,CAAC;QACtF,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;IACxB,CAAC;IACD,IAAI,CAAC,CAAC,wBAAwB;QAAE,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;IACtD,IAAI,CAAC,CAAC,mCAAmC,EAAE,CAAC;QAC1C,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;QAC1B,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;IACvB,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC"}
@@ -49,6 +49,7 @@
49
49
  * handling in the orchestrator.
50
50
  */
51
51
  import type { CurrentScan } from './create';
52
+ import { type GatherScope } from './gather-scope';
52
53
  /**
53
54
  * Recoverable error from the ref-based gather path. Carries an
54
55
  * actionable `hint` the CLI surfaces verbatim so customers don't
@@ -110,10 +111,24 @@ export declare function gatherFromRef(opts: {
110
111
  readonly cwd: string;
111
112
  readonly ref: string;
112
113
  readonly verbose?: boolean;
114
+ /** Scope the ref-side gather identically to the current side so the
115
+ * cross-run diff stays balanced. Defaults to `FULL_SCOPE`. */
116
+ readonly scope?: GatherScope;
117
+ /** Incremental scanning (opt 3): scope the ref side's semgrep to just
118
+ * these changed files, exactly like the current side. In ref-based mode
119
+ * the changed set is fully computable (`diff(ref, HEAD)`), so scoping
120
+ * BOTH sides to the same files keeps the cross-run diff symmetric and
121
+ * sound for the net-new gate (semgrep is intraprocedural — a net-new
122
+ * code finding can only appear in a changed file). Omit for a full ref
123
+ * scan. The set is part of the cache key so a scoped ref scan is never
124
+ * reused for a full request. */
125
+ readonly incrementalFiles?: ReadonlyArray<string>;
113
126
  }): Promise<CurrentScan>;
114
127
  /** Deterministic cache key over every input that can change a ref scan.
115
- * Exported for testing. */
116
- export declare function refScanCacheKey(cwd: string, sha: string): string;
128
+ * Includes the gather scope so a scoped ref scan is never reused for a
129
+ * full request (or vice versa), and the incremental changed-file set so a
130
+ * symmetric ref-based incremental scan keys distinctly. Exported for testing. */
131
+ export declare function refScanCacheKey(cwd: string, sha: string, scope?: GatherScope, incrementalFiles?: ReadonlyArray<string>): string;
117
132
  /** Read a cached ref scan; null on miss, bypass, or any shape mismatch.
118
133
  * Exported for testing. */
119
134
  export declare function readRefScanCache(cwd: string, key: string): CurrentScan | null;
@@ -1 +1 @@
1
- {"version":3,"file":"ref-baseline.d.ts","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAkBH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE5C;;;;;GAKG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBACV,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;CAK1C;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWvE;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAWlD;AAqBD;;;;;;;GAOG;AACH,wBAAsB,eAAe,CAAC,CAAC,EACrC,IAAI,EAAE,kBAAkB,EACxB,EAAE,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GACvC,OAAO,CAAC,CAAC,CAAC,CAuDZ;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAMnE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B,GAAG,OAAO,CAAC,WAAW,CAAC,CAavB;AAkCD;4BAC4B;AAC5B,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAShE;AAED;4BAC4B;AAC5B,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAgB7E;AAED;4BAC4B;AAC5B,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,IAAI,CAanF"}
1
+ {"version":3,"file":"ref-baseline.d.ts","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAkBH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,KAAK,WAAW,EAA8B,MAAM,gBAAgB,CAAC;AAE9E;;;;;GAKG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;gBACV,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;CAK1C;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAWvE;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAWlD;AAqBD;;;;;;;GAOG;AACH,wBAAsB,eAAe,CAAC,CAAC,EACrC,IAAI,EAAE,kBAAkB,EACxB,EAAE,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,GACvC,OAAO,CAAC,CAAC,CAAC,CAuDZ;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAMnE;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;mEAC+D;IAC/D,QAAQ,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC;IAC7B;;;;;;;qCAOiC;IACjC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CACnD,GAAG,OAAO,CAAC,WAAW,CAAC,CAmBvB;AA6CD;;;kFAGkF;AAClF,wBAAgB,eAAe,CAC7B,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,EACX,KAAK,GAAE,WAAwB,EAC/B,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,GACvC,MAAM,CAWR;AAED;4BAC4B;AAC5B,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAgB7E;AAED;4BAC4B;AAC5B,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,IAAI,CAanF"}
@@ -100,6 +100,7 @@ const path = __importStar(require("path"));
100
100
  const constants_1 = require("../constants");
101
101
  const types_1 = require("./types");
102
102
  const create_1 = require("./create");
103
+ const gather_scope_1 = require("./gather-scope");
103
104
  /**
104
105
  * Recoverable error from the ref-based gather path. Carries an
105
106
  * actionable `hint` the CLI surfaces verbatim so customers don't
@@ -262,12 +263,18 @@ async function gatherFromRef(opts) {
262
263
  const sha = resolveRefToSha(opts.cwd, opts.ref);
263
264
  if (sha === null)
264
265
  throw unreachableRefError(opts.cwd, opts.ref);
265
- const key = refScanCacheKey(opts.cwd, sha);
266
+ const scope = opts.scope ?? gather_scope_1.FULL_SCOPE;
267
+ const key = refScanCacheKey(opts.cwd, sha, scope, opts.incrementalFiles);
266
268
  const cached = readRefScanCache(opts.cwd, key);
267
269
  if (cached)
268
270
  return cached;
269
271
  const scan = await withRefWorktree({ cwd: opts.cwd, ref: opts.ref }, async (worktreePath) => {
270
- return (0, create_1.gatherCurrentScan)({ cwd: worktreePath, verbose: opts.verbose });
272
+ return (0, create_1.gatherCurrentScan)({
273
+ cwd: worktreePath,
274
+ verbose: opts.verbose,
275
+ scope,
276
+ incrementalFiles: opts.incrementalFiles,
277
+ });
271
278
  });
272
279
  writeRefScanCache(opts.cwd, key, scan);
273
280
  return scan;
@@ -303,15 +310,31 @@ function saltSignature(cwd) {
303
310
  return 'no-salt';
304
311
  }
305
312
  }
313
+ /** Stable signature of an incremental changed-file set (order-independent),
314
+ * or a sentinel for a full (non-incremental) scan. Part of the cache key so
315
+ * a scan scoped to one changed set is never reused for a different set or a
316
+ * full request. */
317
+ function incrementalSignature(incrementalFiles) {
318
+ if (incrementalFiles === undefined)
319
+ return 'full';
320
+ if (incrementalFiles.length === 0)
321
+ return 'incremental:empty';
322
+ const joined = [...incrementalFiles].sort().join('\n');
323
+ return `incremental:${(0, crypto_1.createHash)('sha256').update(joined).digest('hex').slice(0, 16)}`; // fingerprint-helper-ok
324
+ }
306
325
  /** Deterministic cache key over every input that can change a ref scan.
307
- * Exported for testing. */
308
- function refScanCacheKey(cwd, sha) {
326
+ * Includes the gather scope so a scoped ref scan is never reused for a
327
+ * full request (or vice versa), and the incremental changed-file set so a
328
+ * symmetric ref-based incremental scan keys distinctly. Exported for testing. */
329
+ function refScanCacheKey(cwd, sha, scope = gather_scope_1.FULL_SCOPE, incrementalFiles) {
309
330
  const material = [
310
331
  `fmt:${REF_SCAN_CACHE_FORMAT}`,
311
332
  `sha:${sha}`,
312
333
  `ver:${constants_1.VERSION}`,
313
334
  `scheme:${types_1.CURRENT_IDENTITY_SCHEME}`,
314
335
  `salt:${saltSignature(cwd)}`,
336
+ `scope:${(0, gather_scope_1.scopeSignature)(scope)}`,
337
+ `incr:${incrementalSignature(incrementalFiles)}`,
315
338
  ].join('\0');
316
339
  return (0, crypto_1.createHash)('sha256').update(material).digest('hex').slice(0, 32); // fingerprint-helper-ok
317
340
  }
@@ -1 +1 @@
1
- {"version":3,"file":"ref-baseline.js","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8CH,0CAWC;AAQD,sCAWC;AA6BD,0CA0DC;AASD,wCAMC;AAcD,sCAiBC;AAoCD,0CASC;AAID,4CAgBC;AAID,8CAaC;AAjSD,iDAA6C;AAC7C,mCAAoC;AACpC,2BAQY;AACZ,2BAA4B;AAC5B,2CAA6B;AAC7B,4CAAuC;AACvC,mCAAkD;AAClD,qCAA6C;AAG7C;;;;;GAKG;AACH,MAAa,gBAAiB,SAAQ,KAAK;IAChC,IAAI,CAAS;IACtB,YAAY,OAAe,EAAE,IAAY;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAPD,4CAOC;AAOD;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,GAAW,EAAE,GAAW;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE;YAC5E,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,yBAAyB,CAAC,EAAE;YACxE,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,KAAK,MAAM,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,GAAW,EAAE,GAAW;IACnD,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,gBAAgB,CACzB,+BAA+B,GAAG,4BAA4B,EAC9D,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,gBAAgB,CACzB,+BAA+B,GAAG,GAAG,EACrC,oHAAoH,CACrH,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,eAAe,CACnC,IAAwB,EACxB,EAAwC;IAExC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI;QAAE,MAAM,mBAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,+DAA+D;IAC/D,gEAAgE;IAChE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAA,gBAAW,EAAC,IAAI,CAAC,IAAI,CAAC,IAAA,WAAM,GAAE,EAAE,YAAY,CAAC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACrD,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,CAAC;QACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE;YACtE,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QACH,aAAa,GAAG,IAAI,CAAC;QACrB,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,2DAA2D;QAC3D,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACvC,OAAO,MAAM,EAAE,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,gBAAgB;YAAE,MAAM,GAAG,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,wDAAwD;YACxD,sCAAsC;YACtC,MAAM,IAAI,gBAAgB,CACxB,yCAAyC,IAAI,CAAC,GAAG,GAAG,EACpD,mDAAmD,QAAQ,eAAe,CAC3E,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE;oBACnE,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;iBAClC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,uDAAuD;gBACvD,yDAAyD;YAC3D,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,IAAA,WAAM,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;YAC3D,8DAA8D;YAC9D,qBAAqB;QACvB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,MAAc,EAAE,MAAc;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChD,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC;QAAE,OAAO;IAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC3C,IAAA,cAAS,EAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,IAAA,iBAAY,EAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,aAAa,CAAC,IAInC;IACC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI;QAAE,MAAM,mBAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE;QAC1F,OAAO,IAAA,0BAAiB,EAAC,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IACH,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAChC,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AAEpE,6DAA6D;AAC7D,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;IAC9F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;4BAC4B;AAC5B,SAAgB,eAAe,CAAC,GAAW,EAAE,GAAW;IACtD,MAAM,QAAQ,GAAG;QACf,OAAO,qBAAqB,EAAE;QAC9B,OAAO,GAAG,EAAE;QACZ,OAAO,mBAAO,EAAE;QAChB,UAAU,+BAAuB,EAAE;QACnC,QAAQ,aAAa,CAAC,GAAG,CAAC,EAAE;KAC7B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACb,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;AACnG,CAAC;AAED;4BAC4B;AAC5B,SAAgB,gBAAgB,CAAC,GAAW,EAAE,GAAW;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,EAAE,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4C,CAAC;QAC1E,IACE,MAAM,CAAC,MAAM,KAAK,qBAAqB;YACvC,CAAC,MAAM,CAAC,IAAI;YACZ,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EACpC,CAAC;YACD,OAAO,IAAI,CAAC,CAAC,iDAAiD;QAChE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,gEAAgE;IAC/E,CAAC;AACH,CAAC;AAED;4BAC4B;AAC5B,SAAgB,iBAAiB,CAAC,GAAW,EAAE,GAAW,EAAE,IAAiB;IAC3E,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG;QAAE,OAAO;IACnD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAC/C,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,IAAA,kBAAa,EACX,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,EAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EAC9D,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;IAClD,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"ref-baseline.js","sourceRoot":"","sources":["../../src/baseline/ref-baseline.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CH,0CAWC;AAQD,sCAWC;AA6BD,0CA0DC;AASD,wCAMC;AAcD,sCAmCC;AAiDD,0CAgBC;AAID,4CAgBC;AAID,8CAaC;AAxUD,iDAA6C;AAC7C,mCAAoC;AACpC,2BAQY;AACZ,2BAA4B;AAC5B,2CAA6B;AAC7B,4CAAuC;AACvC,mCAAkD;AAClD,qCAA6C;AAE7C,iDAA8E;AAE9E;;;;;GAKG;AACH,MAAa,gBAAiB,SAAQ,KAAK;IAChC,IAAI,CAAS;IACtB,YAAY,OAAe,EAAE,IAAY;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAPD,4CAOC;AAOD;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,GAAW,EAAE,GAAW;IACtD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,GAAG,WAAW,CAAC,EAAE;YAC5E,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,yBAAyB,CAAC,EAAE;YACxE,GAAG;YACH,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,GAAG,KAAK,MAAM,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,mBAAmB,CAAC,GAAW,EAAE,GAAW;IACnD,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,gBAAgB,CACzB,+BAA+B,GAAG,4BAA4B,EAC9D,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,gBAAgB,CACzB,+BAA+B,GAAG,GAAG,EACrC,oHAAoH,CACrH,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,eAAe,CACnC,IAAwB,EACxB,EAAwC;IAExC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI;QAAE,MAAM,mBAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,+DAA+D;IAC/D,gEAAgE;IAChE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAA,gBAAW,EAAC,IAAI,CAAC,IAAI,CAAC,IAAA,WAAM,GAAE,EAAE,YAAY,CAAC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACrD,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,IAAI,CAAC;QACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE;YACtE,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QACH,aAAa,GAAG,IAAI,CAAC;QACrB,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,+DAA+D;QAC/D,+DAA+D;QAC/D,2DAA2D;QAC3D,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACvC,OAAO,MAAM,EAAE,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,gBAAgB;YAAE,MAAM,GAAG,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,wDAAwD;YACxD,sCAAsC;YACtC,MAAM,IAAI,gBAAgB,CACxB,yCAAyC,IAAI,CAAC,GAAG,GAAG,EACpD,mDAAmD,QAAQ,eAAe,CAC3E,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE;oBACnE,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;iBAClC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,uDAAuD;gBACvD,yDAAyD;YAC3D,CAAC;QACH,CAAC;QACD,IAAI,CAAC;YACH,IAAA,WAAM,EAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;YAC3D,8DAA8D;YAC9D,qBAAqB;QACvB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,MAAc,EAAE,MAAc;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAChD,IAAI,CAAC,IAAA,eAAU,EAAC,GAAG,CAAC;QAAE,OAAO;IAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC3C,IAAA,cAAS,EAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,IAAA,iBAAY,EAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,aAAa,CAAC,IAgBnC;IACC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,GAAG,KAAK,IAAI;QAAE,MAAM,mBAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAEhE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,yBAAU,CAAC;IACvC,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACzE,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE;QAC1F,OAAO,IAAA,0BAAiB,EAAC;YACvB,GAAG,EAAE,YAAY;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;SACxC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAChC,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AAEpE,6DAA6D;AAC7D,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;IAC9F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;oBAGoB;AACpB,SAAS,oBAAoB,CAAC,gBAAwC;IACpE,IAAI,gBAAgB,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAClD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,mBAAmB,CAAC;IAC9D,MAAM,MAAM,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,OAAO,eAAe,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,wBAAwB;AAClH,CAAC;AAED;;;kFAGkF;AAClF,SAAgB,eAAe,CAC7B,GAAW,EACX,GAAW,EACX,QAAqB,yBAAU,EAC/B,gBAAwC;IAExC,MAAM,QAAQ,GAAG;QACf,OAAO,qBAAqB,EAAE;QAC9B,OAAO,GAAG,EAAE;QACZ,OAAO,mBAAO,EAAE;QAChB,UAAU,+BAAuB,EAAE;QACnC,QAAQ,aAAa,CAAC,GAAG,CAAC,EAAE;QAC5B,SAAS,IAAA,6BAAc,EAAC,KAAK,CAAC,EAAE;QAChC,QAAQ,oBAAoB,CAAC,gBAAgB,CAAC,EAAE;KACjD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACb,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;AACnG,CAAC;AAED;4BAC4B;AAC5B,SAAgB,gBAAgB,CAAC,GAAW,EAAE,GAAW;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,EAAE,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4C,CAAC;QAC1E,IACE,MAAM,CAAC,MAAM,KAAK,qBAAqB;YACvC,CAAC,MAAM,CAAC,IAAI;YACZ,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EACpC,CAAC;YACD,OAAO,IAAI,CAAC,CAAC,iDAAiD;QAChE,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,gEAAgE;IAC/E,CAAC;AACH,CAAC;AAED;4BAC4B;AAC5B,SAAgB,iBAAiB,CAAC,GAAW,EAAE,GAAW,EAAE,IAAiB;IAC3E,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG;QAAE,OAAO;IACnD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAC/C,IAAA,cAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,IAAA,kBAAa,EACX,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,EAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EAC9D,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;IAClD,CAAC;AACH,CAAC"}
@@ -0,0 +1,21 @@
1
+ import { type TestGapsReport } from '../analyzers/tests/types';
2
+ import type { GitleaksRawSecret } from '../analyzers/tools/gitleaks';
3
+ import type { InlineAllowlistOccurrence } from '../allowlist/gather';
4
+ import type { GatherScope } from './gather-scope';
5
+ import type { HygieneSnapshot } from './producers';
6
+ /** The non-cached analyzer outputs the producer registry consumes. */
7
+ export interface ScopedProducerInputs {
8
+ readonly testGapsReport: TestGapsReport;
9
+ readonly hygiene: HygieneSnapshot;
10
+ readonly rawSecrets: ReadonlyArray<GitleaksRawSecret>;
11
+ readonly inlineAllowlistAnnotations: ReadonlyArray<InlineAllowlistOccurrence>;
12
+ }
13
+ /**
14
+ * Gather the producer-context inputs a scope needs. Each gather is skipped
15
+ * when its scope flag is off, substituting an empty value so the
16
+ * corresponding producer emits zero entries. `inlineAllowlistAnnotations` is
17
+ * always gathered (a cheap source scan that feeds the stale-allow producer,
18
+ * which has no scope flag).
19
+ */
20
+ export declare function gatherScopedProducerInputs(cwd: string, scope: GatherScope, verbose: boolean): Promise<ScopedProducerInputs>;
21
+ //# sourceMappingURL=scoped-inputs.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scoped-inputs.d.ts","sourceRoot":"","sources":["../../src/baseline/scoped-inputs.ts"],"names":[],"mappings":"AAcA,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAErE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAenD,sEAAsE;AACtE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD,QAAQ,CAAC,0BAA0B,EAAE,aAAa,CAAC,yBAAyB,CAAC,CAAC;CAC/E;AAED;;;;;;GAMG;AACH,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,WAAW,EAClB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,oBAAoB,CAAC,CAY/B"}
@@ -0,0 +1,53 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.gatherScopedProducerInputs = gatherScopedProducerInputs;
4
+ /**
5
+ * Scope-aware producer-context inputs.
6
+ *
7
+ * Extracted from `create.ts` so `gatherCurrentScan` stays focused on
8
+ * orchestration. The producer registry (CLAUDE.md Rule 10) reads a handful
9
+ * of analyzer outputs from `ProducerContext` beyond the cached
10
+ * `AnalysisResult`: the test-gaps report, hygiene markers, raw secrets, and
11
+ * inline allowlist annotations. Each feeds exactly one producer family, so a
12
+ * gather scope that can't block on that family skips the (sometimes
13
+ * expensive) gather and substitutes an empty input — the producer then
14
+ * emits zero entries. The ref side is scoped identically, so the cross-run
15
+ * diff stays balanced (see `gather-scope.ts`).
16
+ */
17
+ const tests_1 = require("../analyzers/tests");
18
+ const types_1 = require("../analyzers/tests/types");
19
+ const gather_1 = require("../analyzers/quality/gather");
20
+ const gitleaks_1 = require("../analyzers/tools/gitleaks");
21
+ const gather_2 = require("../allowlist/gather");
22
+ /** Vacuous hygiene snapshot for the scope-aware gather when a posture
23
+ * cannot block on `stale-file` / hygiene counts (`scope.hygiene === false`),
24
+ * so the hygiene grep is skipped. The `quality` producer reads
25
+ * `hygiene.staleFiles` and emits zero entries from the empty list. */
26
+ const EMPTY_HYGIENE_SNAPSHOT = {
27
+ staleFiles: [],
28
+ todoCount: 0,
29
+ fixmeCount: 0,
30
+ hackCount: 0,
31
+ consoleLogCount: 0,
32
+ mixedLanguages: false,
33
+ };
34
+ /**
35
+ * Gather the producer-context inputs a scope needs. Each gather is skipped
36
+ * when its scope flag is off, substituting an empty value so the
37
+ * corresponding producer emits zero entries. `inlineAllowlistAnnotations` is
38
+ * always gathered (a cheap source scan that feeds the stale-allow producer,
39
+ * which has no scope flag).
40
+ */
41
+ async function gatherScopedProducerInputs(cwd, scope, verbose) {
42
+ const testGapsReport = scope.testGaps
43
+ ? await (0, tests_1.analyzeTestGaps)(cwd, { verbose })
44
+ : (0, types_1.emptyTestGapsReport)();
45
+ const hygiene = scope.hygiene ? (0, gather_1.gatherHygieneMarkers)(cwd) : EMPTY_HYGIENE_SNAPSHOT;
46
+ const gitleaksOutcome = scope.secrets
47
+ ? (0, gitleaks_1.gatherGitleaksResult)(cwd)
48
+ : { kind: 'unavailable', reason: 'scoped out' };
49
+ const rawSecrets = gitleaksOutcome.kind === 'success' ? gitleaksOutcome.rawSecrets : [];
50
+ const inlineAllowlistAnnotations = (0, gather_2.gatherInlineAllowlistAnnotations)(cwd);
51
+ return { testGapsReport, hygiene, rawSecrets, inlineAllowlistAnnotations };
52
+ }
53
+ //# sourceMappingURL=scoped-inputs.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scoped-inputs.js","sourceRoot":"","sources":["../../src/baseline/scoped-inputs.ts"],"names":[],"mappings":";;AAmDA,gEAgBC;AAnED;;;;;;;;;;;;GAYG;AACH,8CAAqD;AACrD,oDAAoF;AACpF,wDAAmE;AACnE,0DAAmE;AAEnE,gDAAuE;AAKvE;;;uEAGuE;AACvE,MAAM,sBAAsB,GAAoB;IAC9C,UAAU,EAAE,EAAE;IACd,SAAS,EAAE,CAAC;IACZ,UAAU,EAAE,CAAC;IACb,SAAS,EAAE,CAAC;IACZ,eAAe,EAAE,CAAC;IAClB,cAAc,EAAE,KAAK;CACtB,CAAC;AAUF;;;;;;GAMG;AACI,KAAK,UAAU,0BAA0B,CAC9C,GAAW,EACX,KAAkB,EAClB,OAAgB;IAEhB,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ;QACnC,CAAC,CAAC,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC,CAAC,IAAA,2BAAmB,GAAE,CAAC;IAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC;IACnF,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO;QACnC,CAAC,CAAC,IAAA,+BAAoB,EAAC,GAAG,CAAC;QAC3B,CAAC,CAAE,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,YAAY,EAAY,CAAC;IAC7D,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,MAAM,0BAA0B,GAAG,IAAA,yCAAgC,EAAC,GAAG,CAAC,CAAC;IACzE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,EAAE,0BAA0B,EAAE,CAAC;AAC7E,CAAC"}
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AA8RA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAy4DvD"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAiSA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA24DvD"}
package/dist/cli.js CHANGED
@@ -137,7 +137,7 @@ function applyFailOnSeverity(raw, counts, countsLabel) {
137
137
  }
138
138
  function printUsage() {
139
139
  console.log(`
140
- ${logger.bold('vyuh-dxkit')} v${constants_1.VERSION} — a Stop-gate for autonomous coding loops that blocks net-new findings
140
+ ${logger.bold('vyuh-dxkit')} v${constants_1.VERSION} — a deterministic stop condition + code-graph context layer for AI coding agents
141
141
 
142
142
  ${logger.bold('Usage:')}
143
143
  vyuh-dxkit init [options] Install dxkit agent DX in this repo
@@ -177,12 +177,15 @@ function printUsage() {
177
177
  per-kind counts. --kind drills into one kind. --json
178
178
  emits a schema-banner-wrapped payload.
179
179
  vyuh-dxkit guardrail check [path] [--name <n>] [--baseline <path>]
180
- [--changed-only] [--policy <path>]
180
+ [--changed-only] [--incremental] [--policy <path>]
181
181
  [--mode=<mode>] [--ref=<ref>]
182
182
  [--json | --markdown]
183
183
  Diff current scan against the named baseline; block on net-new
184
184
  regressions per brownfield policy. Exit code 1 when blocked.
185
185
  --mode/--ref mirror baseline create (override policy.json).
186
+ --incremental scopes semgrep to changed files (both sides in
187
+ ref-based mode) so the check scales with PR size, not repo size;
188
+ same verdict, much faster. Falls back to a full scan on any doubt.
186
189
  vyuh-dxkit hooks activate [path]
187
190
  Idempotently set core.hooksPath = .githooks. Wired into
188
191
  package.json postinstall by 'init --with-hooks' so every
@@ -317,6 +320,7 @@ async function run(argv) {
317
320
  'no-fail-fast': { type: 'boolean', default: false },
318
321
  'with-coverage': { type: 'boolean', default: false },
319
322
  'changed-only': { type: 'boolean', default: false },
323
+ incremental: { type: 'boolean', default: false },
320
324
  baseline: { type: 'string' },
321
325
  policy: { type: 'string' },
322
326
  markdown: { type: 'boolean', default: false },
@@ -1697,6 +1701,7 @@ async function run(argv) {
1697
1701
  name: values.name,
1698
1702
  baselinePath: values.baseline,
1699
1703
  changedOnly: !!values['changed-only'],
1704
+ incremental: !!values.incremental,
1700
1705
  policyPath: values.policy,
1701
1706
  verbose: !!values.verbose,
1702
1707
  cliMode: cliMode ?? undefined,