@vyuhlabs/dxkit 2.4.8 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (243) hide show
  1. package/CHANGELOG.md +235 -0
  2. package/README.md +360 -439
  3. package/dist/analyzers/security/aggregator.d.ts.map +1 -1
  4. package/dist/analyzers/security/aggregator.js +4 -46
  5. package/dist/analyzers/security/aggregator.js.map +1 -1
  6. package/dist/analyzers/tools/fingerprint.d.ts +91 -26
  7. package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
  8. package/dist/analyzers/tools/fingerprint.js +111 -22
  9. package/dist/analyzers/tools/fingerprint.js.map +1 -1
  10. package/dist/analyzers/tools/generic.d.ts.map +1 -1
  11. package/dist/analyzers/tools/generic.js +6 -1
  12. package/dist/analyzers/tools/generic.js.map +1 -1
  13. package/dist/analyzers/tools/gitleaks.d.ts +24 -1
  14. package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
  15. package/dist/analyzers/tools/gitleaks.js +20 -11
  16. package/dist/analyzers/tools/gitleaks.js.map +1 -1
  17. package/dist/analyzers/types.d.ts +6 -4
  18. package/dist/analyzers/types.d.ts.map +1 -1
  19. package/dist/baseline/baseline-file.d.ts +104 -0
  20. package/dist/baseline/baseline-file.d.ts.map +1 -0
  21. package/dist/baseline/baseline-file.js +110 -0
  22. package/dist/baseline/baseline-file.js.map +1 -0
  23. package/dist/baseline/check-renderers.d.ts +108 -0
  24. package/dist/baseline/check-renderers.d.ts.map +1 -0
  25. package/dist/baseline/check-renderers.js +379 -0
  26. package/dist/baseline/check-renderers.js.map +1 -0
  27. package/dist/baseline/check.d.ts +127 -0
  28. package/dist/baseline/check.d.ts.map +1 -0
  29. package/dist/baseline/check.js +462 -0
  30. package/dist/baseline/check.js.map +1 -0
  31. package/dist/baseline/content-hash.d.ts +83 -0
  32. package/dist/baseline/content-hash.d.ts.map +1 -0
  33. package/dist/baseline/content-hash.js +131 -0
  34. package/dist/baseline/content-hash.js.map +1 -0
  35. package/dist/baseline/create.d.ts +96 -0
  36. package/dist/baseline/create.d.ts.map +1 -0
  37. package/dist/baseline/create.js +339 -0
  38. package/dist/baseline/create.js.map +1 -0
  39. package/dist/baseline/entry-to-located.d.ts +35 -0
  40. package/dist/baseline/entry-to-located.d.ts.map +1 -0
  41. package/dist/baseline/entry-to-located.js +72 -0
  42. package/dist/baseline/entry-to-located.js.map +1 -0
  43. package/dist/baseline/finding-identity.d.ts +47 -0
  44. package/dist/baseline/finding-identity.d.ts.map +1 -0
  45. package/dist/baseline/finding-identity.js +292 -0
  46. package/dist/baseline/finding-identity.js.map +1 -0
  47. package/dist/baseline/git-aware-match.d.ts +146 -0
  48. package/dist/baseline/git-aware-match.d.ts.map +1 -0
  49. package/dist/baseline/git-aware-match.js +439 -0
  50. package/dist/baseline/git-aware-match.js.map +1 -0
  51. package/dist/baseline/policy.d.ts +171 -0
  52. package/dist/baseline/policy.d.ts.map +1 -0
  53. package/dist/baseline/policy.js +206 -0
  54. package/dist/baseline/policy.js.map +1 -0
  55. package/dist/baseline/producers/health.d.ts +30 -0
  56. package/dist/baseline/producers/health.d.ts.map +1 -0
  57. package/dist/baseline/producers/health.js +42 -0
  58. package/dist/baseline/producers/health.js.map +1 -0
  59. package/dist/baseline/producers/index.d.ts +164 -0
  60. package/dist/baseline/producers/index.d.ts.map +1 -0
  61. package/dist/baseline/producers/index.js +200 -0
  62. package/dist/baseline/producers/index.js.map +1 -0
  63. package/dist/baseline/producers/licenses.d.ts +23 -0
  64. package/dist/baseline/producers/licenses.d.ts.map +1 -0
  65. package/dist/baseline/producers/licenses.js +46 -0
  66. package/dist/baseline/producers/licenses.js.map +1 -0
  67. package/dist/baseline/producers/quality.d.ts +39 -0
  68. package/dist/baseline/producers/quality.d.ts.map +1 -0
  69. package/dist/baseline/producers/quality.js +84 -0
  70. package/dist/baseline/producers/quality.js.map +1 -0
  71. package/dist/baseline/producers/secret-hmac.d.ts +45 -0
  72. package/dist/baseline/producers/secret-hmac.d.ts.map +1 -0
  73. package/dist/baseline/producers/secret-hmac.js +70 -0
  74. package/dist/baseline/producers/secret-hmac.js.map +1 -0
  75. package/dist/baseline/producers/security.d.ts +59 -0
  76. package/dist/baseline/producers/security.d.ts.map +1 -0
  77. package/dist/baseline/producers/security.js +135 -0
  78. package/dist/baseline/producers/security.js.map +1 -0
  79. package/dist/baseline/producers/tests.d.ts +36 -0
  80. package/dist/baseline/producers/tests.d.ts.map +1 -0
  81. package/dist/baseline/producers/tests.js +69 -0
  82. package/dist/baseline/producers/tests.js.map +1 -0
  83. package/dist/baseline/salt.d.ts +45 -0
  84. package/dist/baseline/salt.d.ts.map +1 -0
  85. package/dist/baseline/salt.js +113 -0
  86. package/dist/baseline/salt.js.map +1 -0
  87. package/dist/baseline/show.d.ts +79 -0
  88. package/dist/baseline/show.d.ts.map +1 -0
  89. package/dist/baseline/show.js +233 -0
  90. package/dist/baseline/show.js.map +1 -0
  91. package/dist/baseline/types.d.ts +482 -0
  92. package/dist/baseline/types.d.ts.map +1 -0
  93. package/dist/baseline/types.js +53 -0
  94. package/dist/baseline/types.js.map +1 -0
  95. package/dist/cli.d.ts.map +1 -1
  96. package/dist/cli.js +360 -81
  97. package/dist/cli.js.map +1 -1
  98. package/dist/codebase-scanner.d.ts.map +1 -1
  99. package/dist/codebase-scanner.js +0 -1
  100. package/dist/codebase-scanner.js.map +1 -1
  101. package/dist/constants.d.ts.map +1 -1
  102. package/dist/constants.js +0 -4
  103. package/dist/constants.js.map +1 -1
  104. package/dist/doctor.d.ts.map +1 -1
  105. package/dist/doctor.js +22 -25
  106. package/dist/doctor.js.map +1 -1
  107. package/dist/fail-on.d.ts +84 -0
  108. package/dist/fail-on.d.ts.map +1 -0
  109. package/dist/fail-on.js +128 -0
  110. package/dist/fail-on.js.map +1 -0
  111. package/dist/generator.d.ts.map +1 -1
  112. package/dist/generator.js +2 -141
  113. package/dist/generator.js.map +1 -1
  114. package/dist/languages/csharp.d.ts.map +1 -1
  115. package/dist/languages/csharp.js +0 -9
  116. package/dist/languages/csharp.js.map +1 -1
  117. package/dist/languages/go.d.ts.map +1 -1
  118. package/dist/languages/go.js +0 -15
  119. package/dist/languages/go.js.map +1 -1
  120. package/dist/languages/index.d.ts +1 -1
  121. package/dist/languages/index.d.ts.map +1 -1
  122. package/dist/languages/index.js.map +1 -1
  123. package/dist/languages/java.d.ts.map +1 -1
  124. package/dist/languages/java.js +0 -6
  125. package/dist/languages/java.js.map +1 -1
  126. package/dist/languages/kotlin.d.ts.map +1 -1
  127. package/dist/languages/kotlin.js +0 -11
  128. package/dist/languages/kotlin.js.map +1 -1
  129. package/dist/languages/python.d.ts.map +1 -1
  130. package/dist/languages/python.js +0 -15
  131. package/dist/languages/python.js.map +1 -1
  132. package/dist/languages/ruby.d.ts.map +1 -1
  133. package/dist/languages/ruby.js +0 -6
  134. package/dist/languages/ruby.js.map +1 -1
  135. package/dist/languages/rust.d.ts.map +1 -1
  136. package/dist/languages/rust.js +0 -4
  137. package/dist/languages/rust.js.map +1 -1
  138. package/dist/languages/types.d.ts +2 -28
  139. package/dist/languages/types.d.ts.map +1 -1
  140. package/dist/languages/typescript.d.ts.map +1 -1
  141. package/dist/languages/typescript.js +26 -4
  142. package/dist/languages/typescript.js.map +1 -1
  143. package/dist/lib.d.ts +2 -3
  144. package/dist/lib.d.ts.map +1 -1
  145. package/dist/lib.js +3 -6
  146. package/dist/lib.js.map +1 -1
  147. package/dist/prompts.d.ts.map +1 -1
  148. package/dist/prompts.js +0 -10
  149. package/dist/prompts.js.map +1 -1
  150. package/dist/report-schema.d.ts +42 -0
  151. package/dist/report-schema.d.ts.map +1 -0
  152. package/dist/report-schema.js +54 -0
  153. package/dist/report-schema.js.map +1 -0
  154. package/dist/ship-installers.d.ts +106 -0
  155. package/dist/ship-installers.d.ts.map +1 -0
  156. package/dist/ship-installers.js +415 -0
  157. package/dist/ship-installers.js.map +1 -0
  158. package/dist/types.d.ts +0 -4
  159. package/dist/types.d.ts.map +1 -1
  160. package/dist/update.d.ts.map +1 -1
  161. package/dist/update.js +0 -4
  162. package/dist/update.js.map +1 -1
  163. package/package.json +17 -11
  164. package/templates/.claude/agents/onboarding.md +5 -4
  165. package/templates/.claude/agents-available/codebase-explorer.md +1 -1
  166. package/templates/.claude/agents-available/debugger.md +2 -2
  167. package/templates/.claude/agents-available/health-auditor.md +2 -2
  168. package/templates/.claude/commands/doctor.md +20 -12
  169. package/templates/.claude/skills/build/SKILL.md.template +22 -30
  170. package/templates/.claude/skills/deploy/SKILL.md.template +5 -25
  171. package/templates/.claude/skills/doctor/SKILL.md +24 -47
  172. package/templates/.claude/skills/gcloud/SKILL.md +5 -5
  173. package/templates/.claude/skills/learned/SKILL.md +1 -1
  174. package/templates/.claude/skills/pulumi/SKILL.md +2 -2
  175. package/templates/.claude/skills/quality/SKILL.md.template +4 -23
  176. package/templates/.claude/skills/review/SKILL.md.template +4 -3
  177. package/templates/.claude/skills/scaffold/SKILL.md.template +5 -15
  178. package/templates/.claude/skills/secrets/SKILL.md +20 -21
  179. package/templates/.claude/skills/session/SKILL.md +20 -31
  180. package/templates/.claude/skills/test/SKILL.md.template +1 -7
  181. package/templates/.devcontainer/devcontainer.json +81 -0
  182. package/templates/.devcontainer/install-agent-clis.sh +42 -0
  183. package/templates/.devcontainer/post-create.sh +67 -0
  184. package/templates/.githooks/pre-commit +55 -0
  185. package/templates/.githooks/pre-push +63 -0
  186. package/templates/.github/workflows/dxkit-baseline-refresh.yml +78 -0
  187. package/templates/.github/workflows/dxkit-guardrails.yml +98 -0
  188. package/templates/CLAUDE.md.template +62 -196
  189. package/dist/project-yaml.d.ts +0 -13
  190. package/dist/project-yaml.d.ts.map +0 -1
  191. package/dist/project-yaml.js +0 -188
  192. package/dist/project-yaml.js.map +0 -1
  193. package/templates/.ai/README.md +0 -117
  194. package/templates/.ai/prompts/execution-prompt.md +0 -9
  195. package/templates/.ai/prompts/planning-prompt.md +0 -18
  196. package/templates/.ai/prompts/session-end-template.md +0 -182
  197. package/templates/.ai/prompts/session-end.md +0 -132
  198. package/templates/.ai/prompts/session-start.md +0 -109
  199. package/templates/.ai/prompts/step-by-step.md +0 -113
  200. package/templates/.ai/sessions/.gitkeep +0 -0
  201. package/templates/.claude/commands/setup-pr-review.md +0 -72
  202. package/templates/.devcontainer/Dockerfile.dev.template +0 -89
  203. package/templates/.devcontainer/devcontainer.json.template +0 -184
  204. package/templates/.devcontainer/docker-compose.yml.template +0 -105
  205. package/templates/.devcontainer/init-scripts/01-init.sql.template +0 -12
  206. package/templates/.devcontainer/post-create.sh.template +0 -298
  207. package/templates/.github/workflows/ci.yml.template +0 -399
  208. package/templates/.github/workflows/quality.yml.template +0 -376
  209. package/templates/.pre-commit-config.yaml.template +0 -106
  210. package/templates/.project/config/edit_config.py +0 -275
  211. package/templates/.project/config/project_config.py +0 -894
  212. package/templates/.project/scripts/codegen/generate-all.sh +0 -20
  213. package/templates/.project/scripts/codegen/validate-all.sh +0 -17
  214. package/templates/.project/scripts/docs/generate-all.sh +0 -30
  215. package/templates/.project/scripts/docs/serve.sh +0 -20
  216. package/templates/.project/scripts/quality/fix-all.sh +0 -138
  217. package/templates/.project/scripts/quality/lint-go.sh +0 -34
  218. package/templates/.project/scripts/quality/lint-python.sh +0 -54
  219. package/templates/.project/scripts/quality/run-all.sh +0 -497
  220. package/templates/.project/scripts/session/commit.sh +0 -70
  221. package/templates/.project/scripts/session/create-pr.sh +0 -165
  222. package/templates/.project/scripts/session/end.sh +0 -207
  223. package/templates/.project/scripts/session/start.sh +0 -233
  224. package/templates/.project/scripts/setup/doctor.sh +0 -404
  225. package/templates/.project/scripts/setup/interactive-setup.sh +0 -585
  226. package/templates/.project/scripts/sync/sync-template.sh +0 -328
  227. package/templates/.project/scripts/test/run-all.sh +0 -179
  228. package/templates/.project/scripts/test/run-quick.sh +0 -25
  229. package/templates/Makefile +0 -514
  230. package/templates/config/versions.yaml +0 -57
  231. package/templates/configs/go/.golangci.yml.template +0 -172
  232. package/templates/configs/go/go.mod.template +0 -15
  233. package/templates/configs/java/README.md +0 -6
  234. package/templates/configs/kotlin/README.md +0 -6
  235. package/templates/configs/node/package.json.template +0 -67
  236. package/templates/configs/node/tsconfig.json.template +0 -53
  237. package/templates/configs/python/pyproject.toml.template +0 -92
  238. package/templates/configs/python/pytest.ini.template +0 -64
  239. package/templates/configs/python/ruff.toml.template +0 -79
  240. package/templates/configs/ruby/README.md +0 -6
  241. package/templates/configs/rust/Cargo.toml.template +0 -51
  242. package/templates/configs/shared/.editorconfig +0 -67
  243. package/templates/scripts/validate-templates.sh +0 -449
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/analyzers/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE/D;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAE9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IAErB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,eAAe,EAAE,OAAO,CAAC;IAEzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IAQzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAE5B;;;;;;;;;OASG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAEjC,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IAExB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAG3B,aAAa,EAAE,KAAK,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,GAAG,IAAI,CAAC;CACX;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC;IAC1D,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,gBAAgB,CAAC;IAC/B;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,OAAO,UAAU,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC/D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAErE;;;;oCAIgC;IAChC,wBAAwB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7E,wDAAwD;IACxD,uBAAuB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE5E,0DAA0D;IAC1D,sBAAsB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3E;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,8BAA8B;AAC9B,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB;;;;;;;WAOG;QACH,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,UAAU,EAAE;QACV,OAAO,EAAE,cAAc,CAAC;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,aAAa,EAAE,cAAc,CAAC;QAC9B,QAAQ,EAAE,cAAc,CAAC;QACzB,eAAe,EAAE,cAAc,CAAC;QAChC,mBAAmB,EAAE,cAAc,CAAC;KACrC,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF;;;;;OAKG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,gBAAgB,CAAC;CACjC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/analyzers/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE/D;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAE9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IAErB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,eAAe,EAAE,OAAO,CAAC;IAEzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IAQzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAE5B;;;;;;;;;OASG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAEjC,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IAExB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAG3B,aAAa,EAAE,KAAK,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,GAAG,IAAI,CAAC;CACX;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC;IAC1D,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,gBAAgB,CAAC;IAC/B;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,OAAO,UAAU,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC/D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAErE;;;;oCAIgC;IAChC,wBAAwB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7E,wDAAwD;IACxD,uBAAuB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE5E,0DAA0D;IAC1D,sBAAsB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3E;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,8BAA8B;AAC9B,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB;;;;;;;WAOG;QACH,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,UAAU,EAAE;QACV,OAAO,EAAE,cAAc,CAAC;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,aAAa,EAAE,cAAc,CAAC;QAC9B,QAAQ,EAAE,cAAc,CAAC;QACzB,eAAe,EAAE,cAAc,CAAC;QAChC,mBAAmB,EAAE,cAAc,CAAC;KACrC,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF;;;;;;;OAOG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,gBAAgB,CAAC;CACjC"}
@@ -0,0 +1,104 @@
1
+ /**
2
+ * On-disk baseline file — `.dxkit/baselines/<name>.json`.
3
+ *
4
+ * The baseline file is the durable contract between today's scan
5
+ * and tomorrow's guardrail check. It carries:
6
+ *
7
+ * - Per-finding identities (`BaselineEntry[]`) for cross-run
8
+ * matching.
9
+ * - Repo state at capture time (commit SHA, branch) so the
10
+ * git-aware matcher knows what to diff against.
11
+ * - Analysis-environment metadata (dxkit version, tool versions,
12
+ * policy hash, config hashes) so the policy classifier can
13
+ * reclassify newly-detected findings as `tooling_drift` or
14
+ * `config_drift` rather than blocking them as regressions.
15
+ * - The salt-resolution mode used to derive any secret-HMAC
16
+ * entries, so the matcher knows whether HMAC comparison is
17
+ * available on the current run.
18
+ *
19
+ * Raw finding payloads (titles, secret values, source excerpts) are
20
+ * NEVER stored. The file is committable to git: a leak surfaces
21
+ * identity fingerprints + locations, but no exploitable content.
22
+ */
23
+ import type { BaselineEntry } from './types';
24
+ import type { SaltMode } from './salt';
25
+ /** Banner stamped on every baseline file. Bump when the on-disk
26
+ * shape changes incompatibly so readers can refuse old / new files
27
+ * rather than silently mis-parse them. */
28
+ export declare const BASELINE_SCHEMA_VERSION: "dxkit-baseline/v1";
29
+ export type BaselineSchemaVersion = typeof BASELINE_SCHEMA_VERSION;
30
+ /** Default baseline name when the user doesn't pass `--name`. */
31
+ export declare const DEFAULT_BASELINE_NAME: "main";
32
+ /**
33
+ * Repo state at the moment of capture. The matcher reads `commitSha`
34
+ * to drive `git diff` against the current `HEAD`; `branch` and `root`
35
+ * are recorded for human auditability.
36
+ */
37
+ export interface BaselineRepoState {
38
+ readonly commitSha: string;
39
+ readonly branch: string;
40
+ readonly root: string;
41
+ }
42
+ /**
43
+ * Analysis-environment metadata. Hashes are 16-char hex (SHA-1[0:16])
44
+ * so a diff between baseline and current is one inequality check per
45
+ * field. Drift on `toolchainHash` triggers `tooling_drift`
46
+ * reclassification; drift on `policyHash` / `ignoreHash` / `configHash`
47
+ * triggers `config_drift`.
48
+ *
49
+ * `''` is the canonical "absent" value for files that didn't exist at
50
+ * capture time — so a baseline made before `.dxkit-ignore` existed
51
+ * doesn't accidentally read as "drift" against a current run where
52
+ * the file is still absent.
53
+ */
54
+ export interface BaselineAnalysisMeta {
55
+ readonly dxkitVersion: string;
56
+ readonly policyHash: string;
57
+ readonly ignoreHash: string;
58
+ readonly toolchainHash: string;
59
+ readonly configHash: string;
60
+ }
61
+ /**
62
+ * The full on-disk envelope. Fields are ordered to match the order
63
+ * the matcher reads them in: identity-related fields first, then
64
+ * envelope metadata. Serialized via `JSON.stringify(file, null, 2)`
65
+ * for git-friendly diffs.
66
+ */
67
+ export interface BaselineFile {
68
+ readonly schemaVersion: BaselineSchemaVersion;
69
+ readonly name: string;
70
+ readonly createdAt: string;
71
+ readonly repo: BaselineRepoState;
72
+ readonly analysis: BaselineAnalysisMeta;
73
+ /** Per-tool version strings keyed by tool name. Sparse: only the
74
+ * tools that actually ran appear. Surfaced to the matcher as
75
+ * the canonical "what scanned this repo" record so version drift
76
+ * is detectable per-tool, not just at the aggregate level. */
77
+ readonly tools: Readonly<Record<string, string>>;
78
+ /** Mode used to derive the salt for any `secret-hmac` entries.
79
+ * Read by the matcher to decide whether HMAC compare is
80
+ * available on the current run. Recorded even when no
81
+ * `secret-hmac` entries are present so the value is stable
82
+ * across runs that add the first HMAC entry. */
83
+ readonly saltMode: SaltMode;
84
+ /** Per-finding entries. Multiset — duplicates allowed (an
85
+ * identity appearing twice means two distinct occurrences). */
86
+ readonly findings: ReadonlyArray<BaselineEntry>;
87
+ }
88
+ /** Default storage directory. Lives under `.dxkit/` alongside the
89
+ * generated reports + the salt file. */
90
+ export declare const DEFAULT_BASELINE_DIR: string;
91
+ /** Absolute path for a named baseline inside `cwd`. */
92
+ export declare function pathForBaseline(cwd: string, name: string): string;
93
+ /**
94
+ * Write a baseline file. Creates the parent directory when missing.
95
+ * Pretty-printed JSON for git-friendly diffs.
96
+ */
97
+ export declare function writeBaselineFile(filePath: string, file: BaselineFile): void;
98
+ /**
99
+ * Read + validate a baseline file. Throws when the schema banner is
100
+ * missing or unrecognized — fail fast rather than letting the
101
+ * matcher consume a malformed file and produce wrong verdicts.
102
+ */
103
+ export declare function readBaselineFile(filePath: string): BaselineFile;
104
+ //# sourceMappingURL=baseline-file.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"baseline-file.d.ts","sourceRoot":"","sources":["../../src/baseline/baseline-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAEvC;;2CAE2C;AAC3C,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,MAAM,MAAM,qBAAqB,GAAG,OAAO,uBAAuB,CAAC;AAEnE,iEAAiE;AACjE,eAAO,MAAM,qBAAqB,EAAG,MAAe,CAAC;AAErD;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,aAAa,EAAE,qBAAqB,CAAC;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC;IACjC,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IACxC;;;mEAG+D;IAC/D,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD;;;;qDAIiD;IACjD,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B;oEACgE;IAChE,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;CACjD;AAED;yCACyC;AACzC,eAAO,MAAM,oBAAoB,QAAmC,CAAC;AAErE,uDAAuD;AACvD,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAG5E;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAoB/D"}
@@ -0,0 +1,110 @@
1
+ "use strict";
2
+ /**
3
+ * On-disk baseline file — `.dxkit/baselines/<name>.json`.
4
+ *
5
+ * The baseline file is the durable contract between today's scan
6
+ * and tomorrow's guardrail check. It carries:
7
+ *
8
+ * - Per-finding identities (`BaselineEntry[]`) for cross-run
9
+ * matching.
10
+ * - Repo state at capture time (commit SHA, branch) so the
11
+ * git-aware matcher knows what to diff against.
12
+ * - Analysis-environment metadata (dxkit version, tool versions,
13
+ * policy hash, config hashes) so the policy classifier can
14
+ * reclassify newly-detected findings as `tooling_drift` or
15
+ * `config_drift` rather than blocking them as regressions.
16
+ * - The salt-resolution mode used to derive any secret-HMAC
17
+ * entries, so the matcher knows whether HMAC comparison is
18
+ * available on the current run.
19
+ *
20
+ * Raw finding payloads (titles, secret values, source excerpts) are
21
+ * NEVER stored. The file is committable to git: a leak surfaces
22
+ * identity fingerprints + locations, but no exploitable content.
23
+ */
24
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
25
+ if (k2 === undefined) k2 = k;
26
+ var desc = Object.getOwnPropertyDescriptor(m, k);
27
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
28
+ desc = { enumerable: true, get: function() { return m[k]; } };
29
+ }
30
+ Object.defineProperty(o, k2, desc);
31
+ }) : (function(o, m, k, k2) {
32
+ if (k2 === undefined) k2 = k;
33
+ o[k2] = m[k];
34
+ }));
35
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
36
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
37
+ }) : function(o, v) {
38
+ o["default"] = v;
39
+ });
40
+ var __importStar = (this && this.__importStar) || (function () {
41
+ var ownKeys = function(o) {
42
+ ownKeys = Object.getOwnPropertyNames || function (o) {
43
+ var ar = [];
44
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
45
+ return ar;
46
+ };
47
+ return ownKeys(o);
48
+ };
49
+ return function (mod) {
50
+ if (mod && mod.__esModule) return mod;
51
+ var result = {};
52
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
53
+ __setModuleDefault(result, mod);
54
+ return result;
55
+ };
56
+ })();
57
+ Object.defineProperty(exports, "__esModule", { value: true });
58
+ exports.DEFAULT_BASELINE_DIR = exports.DEFAULT_BASELINE_NAME = exports.BASELINE_SCHEMA_VERSION = void 0;
59
+ exports.pathForBaseline = pathForBaseline;
60
+ exports.writeBaselineFile = writeBaselineFile;
61
+ exports.readBaselineFile = readBaselineFile;
62
+ const fs = __importStar(require("fs"));
63
+ const path = __importStar(require("path"));
64
+ /** Banner stamped on every baseline file. Bump when the on-disk
65
+ * shape changes incompatibly so readers can refuse old / new files
66
+ * rather than silently mis-parse them. */
67
+ exports.BASELINE_SCHEMA_VERSION = 'dxkit-baseline/v1';
68
+ /** Default baseline name when the user doesn't pass `--name`. */
69
+ exports.DEFAULT_BASELINE_NAME = 'main';
70
+ /** Default storage directory. Lives under `.dxkit/` alongside the
71
+ * generated reports + the salt file. */
72
+ exports.DEFAULT_BASELINE_DIR = path.join('.dxkit', 'baselines');
73
+ /** Absolute path for a named baseline inside `cwd`. */
74
+ function pathForBaseline(cwd, name) {
75
+ return path.join(cwd, exports.DEFAULT_BASELINE_DIR, `${name}.json`);
76
+ }
77
+ /**
78
+ * Write a baseline file. Creates the parent directory when missing.
79
+ * Pretty-printed JSON for git-friendly diffs.
80
+ */
81
+ function writeBaselineFile(filePath, file) {
82
+ fs.mkdirSync(path.dirname(filePath), { recursive: true });
83
+ fs.writeFileSync(filePath, JSON.stringify(file, null, 2) + '\n', 'utf8');
84
+ }
85
+ /**
86
+ * Read + validate a baseline file. Throws when the schema banner is
87
+ * missing or unrecognized — fail fast rather than letting the
88
+ * matcher consume a malformed file and produce wrong verdicts.
89
+ */
90
+ function readBaselineFile(filePath) {
91
+ const raw = fs.readFileSync(filePath, 'utf8');
92
+ let parsed;
93
+ try {
94
+ parsed = JSON.parse(raw);
95
+ }
96
+ catch (err) {
97
+ throw new Error(`baseline file is not valid JSON: ${filePath} (${err.message})`);
98
+ }
99
+ if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
100
+ throw new Error(`baseline file root is not an object: ${filePath}`);
101
+ }
102
+ const obj = parsed;
103
+ if (obj.schemaVersion !== exports.BASELINE_SCHEMA_VERSION) {
104
+ throw new Error(`baseline file schemaVersion is ${JSON.stringify(obj.schemaVersion)}; ` +
105
+ `this dxkit understands ${JSON.stringify(exports.BASELINE_SCHEMA_VERSION)} only ` +
106
+ `(${filePath})`);
107
+ }
108
+ return parsed;
109
+ }
110
+ //# sourceMappingURL=baseline-file.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"baseline-file.js","sourceRoot":"","sources":["../../src/baseline/baseline-file.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgFH,0CAEC;AAMD,8CAGC;AAOD,4CAoBC;AApHD,uCAAyB;AACzB,2CAA6B;AAI7B;;2CAE2C;AAC9B,QAAA,uBAAuB,GAAG,mBAA4B,CAAC;AAGpE,iEAAiE;AACpD,QAAA,qBAAqB,GAAG,MAAe,CAAC;AA6DrD;yCACyC;AAC5B,QAAA,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AAErE,uDAAuD;AACvD,SAAgB,eAAe,CAAC,GAAW,EAAE,IAAY;IACvD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,4BAAoB,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,QAAgB,EAAE,IAAkB;IACpE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3E,CAAC;AAED;;;;GAIG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,wCAAwC,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,GAAG,GAAG,MAAqC,CAAC;IAClD,IAAI,GAAG,CAAC,aAAa,KAAK,+BAAuB,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI;YACrE,0BAA0B,IAAI,CAAC,SAAS,CAAC,+BAAuB,CAAC,QAAQ;YACzE,IAAI,QAAQ,GAAG,CAClB,CAAC;IACJ,CAAC;IACD,OAAO,MAAsB,CAAC;AAChC,CAAC"}
@@ -0,0 +1,108 @@
1
+ /**
2
+ * Output renderers for `vyuh-dxkit guardrail check`.
3
+ *
4
+ * Three target surfaces, one shared `GuardrailCheckResult`:
5
+ *
6
+ * - **Console** (`renderConsole`) — human-readable text for
7
+ * terminal output. Grouped by verdict (blocking / warning /
8
+ * informational), each pair showing status + kind + locator +
9
+ * severity + reason chain. Color codes via the shared logger
10
+ * palette so output blends with the rest of dxkit's CLI.
11
+ *
12
+ * - **JSON** (`renderJson`) — schema-stable machine-readable
13
+ * payload (top-level `schema: 'dxkit.guardrail-check.v1'`).
14
+ * Designed for AI agents and CI runners that need to programmatically
15
+ * decide what to do. Includes the matcher's per-pair detail,
16
+ * classifier verdicts, envelope drift, and the resolved policy.
17
+ *
18
+ * - **Markdown** (`renderMarkdown`) — Phase 4 PR-comment template.
19
+ * Compact, table-heavy, status-banner-first. Renders into the
20
+ * `dxkit-guardrails.yml` workflow's PR comment unchanged. No
21
+ * emojis (bot-friendly; Phase 4 templates can layer presentation
22
+ * on top).
23
+ *
24
+ * Pure modules. No I/O — callers handle stdout writing, file
25
+ * writing, or PR-comment posting.
26
+ */
27
+ import type { EnvelopeDrift, GuardrailCheckResult } from './check';
28
+ import type { BrownfieldPolicy } from './policy';
29
+ import type { FindingStatus, MatchReason } from './types';
30
+ /**
31
+ * Render the check result as a human-readable text block. Returns a
32
+ * single multi-line string; callers route it to stdout.
33
+ */
34
+ export declare function renderConsole(result: GuardrailCheckResult): string;
35
+ export declare const GUARDRAIL_JSON_SCHEMA: "dxkit.guardrail-check.v1";
36
+ /**
37
+ * Schema-stable machine-readable payload. `schema` at the top level
38
+ * lets downstream tooling version-gate before reading further fields;
39
+ * bump it when the shape changes incompatibly.
40
+ */
41
+ export interface GuardrailJsonPayload {
42
+ readonly schema: typeof GUARDRAIL_JSON_SCHEMA;
43
+ readonly verdict: {
44
+ readonly blocks: boolean;
45
+ readonly warns: boolean;
46
+ readonly exitCode: 0 | 1;
47
+ };
48
+ readonly baseline: {
49
+ readonly path: string;
50
+ readonly name: string;
51
+ readonly createdAt: string;
52
+ readonly commitSha: string;
53
+ readonly branch: string;
54
+ readonly findingsCount: number;
55
+ };
56
+ readonly current: {
57
+ readonly commitSha: string;
58
+ readonly branch: string;
59
+ readonly findingsCount: number;
60
+ };
61
+ readonly matcher: {
62
+ readonly gitAware: boolean;
63
+ readonly degradedReason?: string;
64
+ };
65
+ readonly envelopeDrift: EnvelopeDrift;
66
+ readonly policy: {
67
+ readonly mode: BrownfieldPolicy['mode'];
68
+ readonly block: ReadonlyArray<FindingStatus>;
69
+ readonly warn: ReadonlyArray<FindingStatus>;
70
+ readonly confidence: BrownfieldPolicy['confidence'];
71
+ readonly blockRules: BrownfieldPolicy['blockRules'];
72
+ };
73
+ readonly summary: {
74
+ readonly pairs: number;
75
+ readonly blocking: number;
76
+ readonly warning: number;
77
+ readonly persisted: number;
78
+ readonly resolved: number;
79
+ };
80
+ readonly pairs: ReadonlyArray<{
81
+ readonly status: FindingStatus;
82
+ readonly blocks: boolean;
83
+ readonly warns: boolean;
84
+ readonly priorId?: string;
85
+ readonly currentId?: string;
86
+ readonly confidence: number;
87
+ readonly kind: string;
88
+ readonly severity?: string;
89
+ readonly file?: string;
90
+ readonly line?: number;
91
+ readonly overlapsChangedLines?: boolean;
92
+ readonly reasons: ReadonlyArray<MatchReason>;
93
+ }>;
94
+ }
95
+ export declare function renderJson(result: GuardrailCheckResult): GuardrailJsonPayload;
96
+ /**
97
+ * PR-comment-friendly markdown. Phase 4's GitHub Actions workflow
98
+ * pastes the output verbatim into a PR comment. Format:
99
+ *
100
+ * ## Guardrail: PASSED / BLOCKED
101
+ * one-line summary
102
+ * <blocking findings table, when any>
103
+ * <warnings collapsible section, when any>
104
+ * <drift signal callout, when envelope drifted>
105
+ * <provenance footnote>
106
+ */
107
+ export declare function renderMarkdown(result: GuardrailCheckResult): string;
108
+ //# sourceMappingURL=check-renderers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"check-renderers.d.ts","sourceRoot":"","sources":["../../src/baseline/check-renderers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,KAAK,EAAkB,aAAa,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AACnF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAI1D;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAkFlE;AAkFD,eAAO,MAAM,qBAAqB,EAAG,0BAAmC,CAAC;AAEzE;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,qBAAqB,CAAC;IAC9C,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;KAClC,CAAC;IACF,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE;QACf,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACxC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;QAC7C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;QAC5C,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAC;QACpD,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAC;KACrD,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;QAC5B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;QAC/B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;QACxC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;KAC9C,CAAC,CAAC;CACJ;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,oBAAoB,GAAG,oBAAoB,CAmE7E;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAiEnE"}