@vyuhlabs/dxkit 2.4.8 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +235 -0
- package/README.md +360 -439
- package/dist/analyzers/security/aggregator.d.ts.map +1 -1
- package/dist/analyzers/security/aggregator.js +4 -46
- package/dist/analyzers/security/aggregator.js.map +1 -1
- package/dist/analyzers/tools/fingerprint.d.ts +91 -26
- package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.js +111 -22
- package/dist/analyzers/tools/fingerprint.js.map +1 -1
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +6 -1
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts +24 -1
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +20 -11
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/types.d.ts +6 -4
- package/dist/analyzers/types.d.ts.map +1 -1
- package/dist/baseline/baseline-file.d.ts +104 -0
- package/dist/baseline/baseline-file.d.ts.map +1 -0
- package/dist/baseline/baseline-file.js +110 -0
- package/dist/baseline/baseline-file.js.map +1 -0
- package/dist/baseline/check-renderers.d.ts +108 -0
- package/dist/baseline/check-renderers.d.ts.map +1 -0
- package/dist/baseline/check-renderers.js +379 -0
- package/dist/baseline/check-renderers.js.map +1 -0
- package/dist/baseline/check.d.ts +127 -0
- package/dist/baseline/check.d.ts.map +1 -0
- package/dist/baseline/check.js +462 -0
- package/dist/baseline/check.js.map +1 -0
- package/dist/baseline/content-hash.d.ts +83 -0
- package/dist/baseline/content-hash.d.ts.map +1 -0
- package/dist/baseline/content-hash.js +131 -0
- package/dist/baseline/content-hash.js.map +1 -0
- package/dist/baseline/create.d.ts +96 -0
- package/dist/baseline/create.d.ts.map +1 -0
- package/dist/baseline/create.js +339 -0
- package/dist/baseline/create.js.map +1 -0
- package/dist/baseline/entry-to-located.d.ts +35 -0
- package/dist/baseline/entry-to-located.d.ts.map +1 -0
- package/dist/baseline/entry-to-located.js +72 -0
- package/dist/baseline/entry-to-located.js.map +1 -0
- package/dist/baseline/finding-identity.d.ts +47 -0
- package/dist/baseline/finding-identity.d.ts.map +1 -0
- package/dist/baseline/finding-identity.js +292 -0
- package/dist/baseline/finding-identity.js.map +1 -0
- package/dist/baseline/git-aware-match.d.ts +146 -0
- package/dist/baseline/git-aware-match.d.ts.map +1 -0
- package/dist/baseline/git-aware-match.js +439 -0
- package/dist/baseline/git-aware-match.js.map +1 -0
- package/dist/baseline/policy.d.ts +171 -0
- package/dist/baseline/policy.d.ts.map +1 -0
- package/dist/baseline/policy.js +206 -0
- package/dist/baseline/policy.js.map +1 -0
- package/dist/baseline/producers/health.d.ts +30 -0
- package/dist/baseline/producers/health.d.ts.map +1 -0
- package/dist/baseline/producers/health.js +42 -0
- package/dist/baseline/producers/health.js.map +1 -0
- package/dist/baseline/producers/index.d.ts +164 -0
- package/dist/baseline/producers/index.d.ts.map +1 -0
- package/dist/baseline/producers/index.js +200 -0
- package/dist/baseline/producers/index.js.map +1 -0
- package/dist/baseline/producers/licenses.d.ts +23 -0
- package/dist/baseline/producers/licenses.d.ts.map +1 -0
- package/dist/baseline/producers/licenses.js +46 -0
- package/dist/baseline/producers/licenses.js.map +1 -0
- package/dist/baseline/producers/quality.d.ts +39 -0
- package/dist/baseline/producers/quality.d.ts.map +1 -0
- package/dist/baseline/producers/quality.js +84 -0
- package/dist/baseline/producers/quality.js.map +1 -0
- package/dist/baseline/producers/secret-hmac.d.ts +45 -0
- package/dist/baseline/producers/secret-hmac.d.ts.map +1 -0
- package/dist/baseline/producers/secret-hmac.js +70 -0
- package/dist/baseline/producers/secret-hmac.js.map +1 -0
- package/dist/baseline/producers/security.d.ts +59 -0
- package/dist/baseline/producers/security.d.ts.map +1 -0
- package/dist/baseline/producers/security.js +135 -0
- package/dist/baseline/producers/security.js.map +1 -0
- package/dist/baseline/producers/tests.d.ts +36 -0
- package/dist/baseline/producers/tests.d.ts.map +1 -0
- package/dist/baseline/producers/tests.js +69 -0
- package/dist/baseline/producers/tests.js.map +1 -0
- package/dist/baseline/salt.d.ts +45 -0
- package/dist/baseline/salt.d.ts.map +1 -0
- package/dist/baseline/salt.js +113 -0
- package/dist/baseline/salt.js.map +1 -0
- package/dist/baseline/show.d.ts +79 -0
- package/dist/baseline/show.d.ts.map +1 -0
- package/dist/baseline/show.js +233 -0
- package/dist/baseline/show.js.map +1 -0
- package/dist/baseline/types.d.ts +482 -0
- package/dist/baseline/types.d.ts.map +1 -0
- package/dist/baseline/types.js +53 -0
- package/dist/baseline/types.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +360 -81
- package/dist/cli.js.map +1 -1
- package/dist/codebase-scanner.d.ts.map +1 -1
- package/dist/codebase-scanner.js +0 -1
- package/dist/codebase-scanner.js.map +1 -1
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +0 -4
- package/dist/constants.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +22 -25
- package/dist/doctor.js.map +1 -1
- package/dist/fail-on.d.ts +84 -0
- package/dist/fail-on.d.ts.map +1 -0
- package/dist/fail-on.js +128 -0
- package/dist/fail-on.js.map +1 -0
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +2 -141
- package/dist/generator.js.map +1 -1
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +0 -9
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +0 -15
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +1 -1
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +0 -6
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +0 -11
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +0 -15
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +0 -6
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +0 -4
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +2 -28
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +26 -4
- package/dist/languages/typescript.js.map +1 -1
- package/dist/lib.d.ts +2 -3
- package/dist/lib.d.ts.map +1 -1
- package/dist/lib.js +3 -6
- package/dist/lib.js.map +1 -1
- package/dist/prompts.d.ts.map +1 -1
- package/dist/prompts.js +0 -10
- package/dist/prompts.js.map +1 -1
- package/dist/report-schema.d.ts +42 -0
- package/dist/report-schema.d.ts.map +1 -0
- package/dist/report-schema.js +54 -0
- package/dist/report-schema.js.map +1 -0
- package/dist/ship-installers.d.ts +106 -0
- package/dist/ship-installers.d.ts.map +1 -0
- package/dist/ship-installers.js +415 -0
- package/dist/ship-installers.js.map +1 -0
- package/dist/types.d.ts +0 -4
- package/dist/types.d.ts.map +1 -1
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +0 -4
- package/dist/update.js.map +1 -1
- package/package.json +17 -11
- package/templates/.claude/agents/onboarding.md +5 -4
- package/templates/.claude/agents-available/codebase-explorer.md +1 -1
- package/templates/.claude/agents-available/debugger.md +2 -2
- package/templates/.claude/agents-available/health-auditor.md +2 -2
- package/templates/.claude/commands/doctor.md +20 -12
- package/templates/.claude/skills/build/SKILL.md.template +22 -30
- package/templates/.claude/skills/deploy/SKILL.md.template +5 -25
- package/templates/.claude/skills/doctor/SKILL.md +24 -47
- package/templates/.claude/skills/gcloud/SKILL.md +5 -5
- package/templates/.claude/skills/learned/SKILL.md +1 -1
- package/templates/.claude/skills/pulumi/SKILL.md +2 -2
- package/templates/.claude/skills/quality/SKILL.md.template +4 -23
- package/templates/.claude/skills/review/SKILL.md.template +4 -3
- package/templates/.claude/skills/scaffold/SKILL.md.template +5 -15
- package/templates/.claude/skills/secrets/SKILL.md +20 -21
- package/templates/.claude/skills/session/SKILL.md +20 -31
- package/templates/.claude/skills/test/SKILL.md.template +1 -7
- package/templates/.devcontainer/devcontainer.json +81 -0
- package/templates/.devcontainer/install-agent-clis.sh +42 -0
- package/templates/.devcontainer/post-create.sh +67 -0
- package/templates/.githooks/pre-commit +55 -0
- package/templates/.githooks/pre-push +63 -0
- package/templates/.github/workflows/dxkit-baseline-refresh.yml +78 -0
- package/templates/.github/workflows/dxkit-guardrails.yml +98 -0
- package/templates/CLAUDE.md.template +62 -196
- package/dist/project-yaml.d.ts +0 -13
- package/dist/project-yaml.d.ts.map +0 -1
- package/dist/project-yaml.js +0 -188
- package/dist/project-yaml.js.map +0 -1
- package/templates/.ai/README.md +0 -117
- package/templates/.ai/prompts/execution-prompt.md +0 -9
- package/templates/.ai/prompts/planning-prompt.md +0 -18
- package/templates/.ai/prompts/session-end-template.md +0 -182
- package/templates/.ai/prompts/session-end.md +0 -132
- package/templates/.ai/prompts/session-start.md +0 -109
- package/templates/.ai/prompts/step-by-step.md +0 -113
- package/templates/.ai/sessions/.gitkeep +0 -0
- package/templates/.claude/commands/setup-pr-review.md +0 -72
- package/templates/.devcontainer/Dockerfile.dev.template +0 -89
- package/templates/.devcontainer/devcontainer.json.template +0 -184
- package/templates/.devcontainer/docker-compose.yml.template +0 -105
- package/templates/.devcontainer/init-scripts/01-init.sql.template +0 -12
- package/templates/.devcontainer/post-create.sh.template +0 -298
- package/templates/.github/workflows/ci.yml.template +0 -399
- package/templates/.github/workflows/quality.yml.template +0 -376
- package/templates/.pre-commit-config.yaml.template +0 -106
- package/templates/.project/config/edit_config.py +0 -275
- package/templates/.project/config/project_config.py +0 -894
- package/templates/.project/scripts/codegen/generate-all.sh +0 -20
- package/templates/.project/scripts/codegen/validate-all.sh +0 -17
- package/templates/.project/scripts/docs/generate-all.sh +0 -30
- package/templates/.project/scripts/docs/serve.sh +0 -20
- package/templates/.project/scripts/quality/fix-all.sh +0 -138
- package/templates/.project/scripts/quality/lint-go.sh +0 -34
- package/templates/.project/scripts/quality/lint-python.sh +0 -54
- package/templates/.project/scripts/quality/run-all.sh +0 -497
- package/templates/.project/scripts/session/commit.sh +0 -70
- package/templates/.project/scripts/session/create-pr.sh +0 -165
- package/templates/.project/scripts/session/end.sh +0 -207
- package/templates/.project/scripts/session/start.sh +0 -233
- package/templates/.project/scripts/setup/doctor.sh +0 -404
- package/templates/.project/scripts/setup/interactive-setup.sh +0 -585
- package/templates/.project/scripts/sync/sync-template.sh +0 -328
- package/templates/.project/scripts/test/run-all.sh +0 -179
- package/templates/.project/scripts/test/run-quick.sh +0 -25
- package/templates/Makefile +0 -514
- package/templates/config/versions.yaml +0 -57
- package/templates/configs/go/.golangci.yml.template +0 -172
- package/templates/configs/go/go.mod.template +0 -15
- package/templates/configs/java/README.md +0 -6
- package/templates/configs/kotlin/README.md +0 -6
- package/templates/configs/node/package.json.template +0 -67
- package/templates/configs/node/tsconfig.json.template +0 -53
- package/templates/configs/python/pyproject.toml.template +0 -92
- package/templates/configs/python/pytest.ini.template +0 -64
- package/templates/configs/python/ruff.toml.template +0 -79
- package/templates/configs/ruby/README.md +0 -6
- package/templates/configs/rust/Cargo.toml.template +0 -51
- package/templates/configs/shared/.editorconfig +0 -67
- package/templates/scripts/validate-templates.sh +0 -449
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/analyzers/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE/D;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAE9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IAErB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,eAAe,EAAE,OAAO,CAAC;IAEzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IAQzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAE5B;;;;;;;;;OASG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAEjC,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IAExB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAG3B,aAAa,EAAE,KAAK,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,GAAG,IAAI,CAAC;CACX;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC;IAC1D,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,gBAAgB,CAAC;IAC/B;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,OAAO,UAAU,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC/D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAErE;;;;oCAIgC;IAChC,wBAAwB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7E,wDAAwD;IACxD,uBAAuB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE5E,0DAA0D;IAC1D,sBAAsB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3E;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,8BAA8B;AAC9B,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB;;;;;;;WAOG;QACH,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,UAAU,EAAE;QACV,OAAO,EAAE,cAAc,CAAC;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,aAAa,EAAE,cAAc,CAAC;QAC9B,QAAQ,EAAE,cAAc,CAAC;QACzB,eAAe,EAAE,cAAc,CAAC;QAChC,mBAAmB,EAAE,cAAc,CAAC;KACrC,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/analyzers/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACpB,MAAM,iCAAiC,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE/D;;;;;;;;;GASG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAE9B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB;;;;;;OAMG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IAErB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,OAAO,CAAC;IACtB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,eAAe,EAAE,OAAO,CAAC;IAEzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IAQzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAE5B;;;;;;;;;OASG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAEjC,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IAExB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAG3B,aAAa,EAAE,KAAK,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC,GAAG,IAAI,CAAC;CACX;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC;IAC1D,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;IAClC,WAAW,CAAC,EAAE,SAAS,UAAU,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,SAAS,SAAS,EAAE,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,gBAAgB,CAAC;IAC/B;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,OAAO,UAAU,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC/D;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B;;;;;;;;OAQG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B;;;;;;;;;;OAUG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAErE;;;;oCAIgC;IAChC,wBAAwB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE7E,wDAAwD;IACxD,uBAAuB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAE5E,0DAA0D;IAC1D,sBAAsB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAC3E;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzE;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;CACvC;AAED,8BAA8B;AAC9B,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE;QACP,YAAY,EAAE,MAAM,CAAC;QACrB;;;;;;;WAOG;QACH,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,UAAU,EAAE;QACV,OAAO,EAAE,cAAc,CAAC;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,aAAa,EAAE,cAAc,CAAC;QAC9B,QAAQ,EAAE,cAAc,CAAC;QACzB,eAAe,EAAE,cAAc,CAAC;QAChC,mBAAmB,EAAE,cAAc,CAAC;KACrC,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrF;;;;;;;OAOG;IACH,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,gBAAgB,CAAC;CACjC"}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* On-disk baseline file — `.dxkit/baselines/<name>.json`.
|
|
3
|
+
*
|
|
4
|
+
* The baseline file is the durable contract between today's scan
|
|
5
|
+
* and tomorrow's guardrail check. It carries:
|
|
6
|
+
*
|
|
7
|
+
* - Per-finding identities (`BaselineEntry[]`) for cross-run
|
|
8
|
+
* matching.
|
|
9
|
+
* - Repo state at capture time (commit SHA, branch) so the
|
|
10
|
+
* git-aware matcher knows what to diff against.
|
|
11
|
+
* - Analysis-environment metadata (dxkit version, tool versions,
|
|
12
|
+
* policy hash, config hashes) so the policy classifier can
|
|
13
|
+
* reclassify newly-detected findings as `tooling_drift` or
|
|
14
|
+
* `config_drift` rather than blocking them as regressions.
|
|
15
|
+
* - The salt-resolution mode used to derive any secret-HMAC
|
|
16
|
+
* entries, so the matcher knows whether HMAC comparison is
|
|
17
|
+
* available on the current run.
|
|
18
|
+
*
|
|
19
|
+
* Raw finding payloads (titles, secret values, source excerpts) are
|
|
20
|
+
* NEVER stored. The file is committable to git: a leak surfaces
|
|
21
|
+
* identity fingerprints + locations, but no exploitable content.
|
|
22
|
+
*/
|
|
23
|
+
import type { BaselineEntry } from './types';
|
|
24
|
+
import type { SaltMode } from './salt';
|
|
25
|
+
/** Banner stamped on every baseline file. Bump when the on-disk
|
|
26
|
+
* shape changes incompatibly so readers can refuse old / new files
|
|
27
|
+
* rather than silently mis-parse them. */
|
|
28
|
+
export declare const BASELINE_SCHEMA_VERSION: "dxkit-baseline/v1";
|
|
29
|
+
export type BaselineSchemaVersion = typeof BASELINE_SCHEMA_VERSION;
|
|
30
|
+
/** Default baseline name when the user doesn't pass `--name`. */
|
|
31
|
+
export declare const DEFAULT_BASELINE_NAME: "main";
|
|
32
|
+
/**
|
|
33
|
+
* Repo state at the moment of capture. The matcher reads `commitSha`
|
|
34
|
+
* to drive `git diff` against the current `HEAD`; `branch` and `root`
|
|
35
|
+
* are recorded for human auditability.
|
|
36
|
+
*/
|
|
37
|
+
export interface BaselineRepoState {
|
|
38
|
+
readonly commitSha: string;
|
|
39
|
+
readonly branch: string;
|
|
40
|
+
readonly root: string;
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Analysis-environment metadata. Hashes are 16-char hex (SHA-1[0:16])
|
|
44
|
+
* so a diff between baseline and current is one inequality check per
|
|
45
|
+
* field. Drift on `toolchainHash` triggers `tooling_drift`
|
|
46
|
+
* reclassification; drift on `policyHash` / `ignoreHash` / `configHash`
|
|
47
|
+
* triggers `config_drift`.
|
|
48
|
+
*
|
|
49
|
+
* `''` is the canonical "absent" value for files that didn't exist at
|
|
50
|
+
* capture time — so a baseline made before `.dxkit-ignore` existed
|
|
51
|
+
* doesn't accidentally read as "drift" against a current run where
|
|
52
|
+
* the file is still absent.
|
|
53
|
+
*/
|
|
54
|
+
export interface BaselineAnalysisMeta {
|
|
55
|
+
readonly dxkitVersion: string;
|
|
56
|
+
readonly policyHash: string;
|
|
57
|
+
readonly ignoreHash: string;
|
|
58
|
+
readonly toolchainHash: string;
|
|
59
|
+
readonly configHash: string;
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* The full on-disk envelope. Fields are ordered to match the order
|
|
63
|
+
* the matcher reads them in: identity-related fields first, then
|
|
64
|
+
* envelope metadata. Serialized via `JSON.stringify(file, null, 2)`
|
|
65
|
+
* for git-friendly diffs.
|
|
66
|
+
*/
|
|
67
|
+
export interface BaselineFile {
|
|
68
|
+
readonly schemaVersion: BaselineSchemaVersion;
|
|
69
|
+
readonly name: string;
|
|
70
|
+
readonly createdAt: string;
|
|
71
|
+
readonly repo: BaselineRepoState;
|
|
72
|
+
readonly analysis: BaselineAnalysisMeta;
|
|
73
|
+
/** Per-tool version strings keyed by tool name. Sparse: only the
|
|
74
|
+
* tools that actually ran appear. Surfaced to the matcher as
|
|
75
|
+
* the canonical "what scanned this repo" record so version drift
|
|
76
|
+
* is detectable per-tool, not just at the aggregate level. */
|
|
77
|
+
readonly tools: Readonly<Record<string, string>>;
|
|
78
|
+
/** Mode used to derive the salt for any `secret-hmac` entries.
|
|
79
|
+
* Read by the matcher to decide whether HMAC compare is
|
|
80
|
+
* available on the current run. Recorded even when no
|
|
81
|
+
* `secret-hmac` entries are present so the value is stable
|
|
82
|
+
* across runs that add the first HMAC entry. */
|
|
83
|
+
readonly saltMode: SaltMode;
|
|
84
|
+
/** Per-finding entries. Multiset — duplicates allowed (an
|
|
85
|
+
* identity appearing twice means two distinct occurrences). */
|
|
86
|
+
readonly findings: ReadonlyArray<BaselineEntry>;
|
|
87
|
+
}
|
|
88
|
+
/** Default storage directory. Lives under `.dxkit/` alongside the
|
|
89
|
+
* generated reports + the salt file. */
|
|
90
|
+
export declare const DEFAULT_BASELINE_DIR: string;
|
|
91
|
+
/** Absolute path for a named baseline inside `cwd`. */
|
|
92
|
+
export declare function pathForBaseline(cwd: string, name: string): string;
|
|
93
|
+
/**
|
|
94
|
+
* Write a baseline file. Creates the parent directory when missing.
|
|
95
|
+
* Pretty-printed JSON for git-friendly diffs.
|
|
96
|
+
*/
|
|
97
|
+
export declare function writeBaselineFile(filePath: string, file: BaselineFile): void;
|
|
98
|
+
/**
|
|
99
|
+
* Read + validate a baseline file. Throws when the schema banner is
|
|
100
|
+
* missing or unrecognized — fail fast rather than letting the
|
|
101
|
+
* matcher consume a malformed file and produce wrong verdicts.
|
|
102
|
+
*/
|
|
103
|
+
export declare function readBaselineFile(filePath: string): BaselineFile;
|
|
104
|
+
//# sourceMappingURL=baseline-file.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline-file.d.ts","sourceRoot":"","sources":["../../src/baseline/baseline-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAEvC;;2CAE2C;AAC3C,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,MAAM,MAAM,qBAAqB,GAAG,OAAO,uBAAuB,CAAC;AAEnE,iEAAiE;AACjE,eAAO,MAAM,qBAAqB,EAAG,MAAe,CAAC;AAErD;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,aAAa,EAAE,qBAAqB,CAAC;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC;IACjC,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IACxC;;;mEAG+D;IAC/D,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD;;;;qDAIiD;IACjD,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B;oEACgE;IAChE,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;CACjD;AAED;yCACyC;AACzC,eAAO,MAAM,oBAAoB,QAAmC,CAAC;AAErE,uDAAuD;AACvD,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAG5E;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAoB/D"}
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* On-disk baseline file — `.dxkit/baselines/<name>.json`.
|
|
4
|
+
*
|
|
5
|
+
* The baseline file is the durable contract between today's scan
|
|
6
|
+
* and tomorrow's guardrail check. It carries:
|
|
7
|
+
*
|
|
8
|
+
* - Per-finding identities (`BaselineEntry[]`) for cross-run
|
|
9
|
+
* matching.
|
|
10
|
+
* - Repo state at capture time (commit SHA, branch) so the
|
|
11
|
+
* git-aware matcher knows what to diff against.
|
|
12
|
+
* - Analysis-environment metadata (dxkit version, tool versions,
|
|
13
|
+
* policy hash, config hashes) so the policy classifier can
|
|
14
|
+
* reclassify newly-detected findings as `tooling_drift` or
|
|
15
|
+
* `config_drift` rather than blocking them as regressions.
|
|
16
|
+
* - The salt-resolution mode used to derive any secret-HMAC
|
|
17
|
+
* entries, so the matcher knows whether HMAC comparison is
|
|
18
|
+
* available on the current run.
|
|
19
|
+
*
|
|
20
|
+
* Raw finding payloads (titles, secret values, source excerpts) are
|
|
21
|
+
* NEVER stored. The file is committable to git: a leak surfaces
|
|
22
|
+
* identity fingerprints + locations, but no exploitable content.
|
|
23
|
+
*/
|
|
24
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
25
|
+
if (k2 === undefined) k2 = k;
|
|
26
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
27
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
28
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
29
|
+
}
|
|
30
|
+
Object.defineProperty(o, k2, desc);
|
|
31
|
+
}) : (function(o, m, k, k2) {
|
|
32
|
+
if (k2 === undefined) k2 = k;
|
|
33
|
+
o[k2] = m[k];
|
|
34
|
+
}));
|
|
35
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
36
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
37
|
+
}) : function(o, v) {
|
|
38
|
+
o["default"] = v;
|
|
39
|
+
});
|
|
40
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
41
|
+
var ownKeys = function(o) {
|
|
42
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
43
|
+
var ar = [];
|
|
44
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
45
|
+
return ar;
|
|
46
|
+
};
|
|
47
|
+
return ownKeys(o);
|
|
48
|
+
};
|
|
49
|
+
return function (mod) {
|
|
50
|
+
if (mod && mod.__esModule) return mod;
|
|
51
|
+
var result = {};
|
|
52
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
53
|
+
__setModuleDefault(result, mod);
|
|
54
|
+
return result;
|
|
55
|
+
};
|
|
56
|
+
})();
|
|
57
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
58
|
+
exports.DEFAULT_BASELINE_DIR = exports.DEFAULT_BASELINE_NAME = exports.BASELINE_SCHEMA_VERSION = void 0;
|
|
59
|
+
exports.pathForBaseline = pathForBaseline;
|
|
60
|
+
exports.writeBaselineFile = writeBaselineFile;
|
|
61
|
+
exports.readBaselineFile = readBaselineFile;
|
|
62
|
+
const fs = __importStar(require("fs"));
|
|
63
|
+
const path = __importStar(require("path"));
|
|
64
|
+
/** Banner stamped on every baseline file. Bump when the on-disk
|
|
65
|
+
* shape changes incompatibly so readers can refuse old / new files
|
|
66
|
+
* rather than silently mis-parse them. */
|
|
67
|
+
exports.BASELINE_SCHEMA_VERSION = 'dxkit-baseline/v1';
|
|
68
|
+
/** Default baseline name when the user doesn't pass `--name`. */
|
|
69
|
+
exports.DEFAULT_BASELINE_NAME = 'main';
|
|
70
|
+
/** Default storage directory. Lives under `.dxkit/` alongside the
|
|
71
|
+
* generated reports + the salt file. */
|
|
72
|
+
exports.DEFAULT_BASELINE_DIR = path.join('.dxkit', 'baselines');
|
|
73
|
+
/** Absolute path for a named baseline inside `cwd`. */
|
|
74
|
+
function pathForBaseline(cwd, name) {
|
|
75
|
+
return path.join(cwd, exports.DEFAULT_BASELINE_DIR, `${name}.json`);
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Write a baseline file. Creates the parent directory when missing.
|
|
79
|
+
* Pretty-printed JSON for git-friendly diffs.
|
|
80
|
+
*/
|
|
81
|
+
function writeBaselineFile(filePath, file) {
|
|
82
|
+
fs.mkdirSync(path.dirname(filePath), { recursive: true });
|
|
83
|
+
fs.writeFileSync(filePath, JSON.stringify(file, null, 2) + '\n', 'utf8');
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Read + validate a baseline file. Throws when the schema banner is
|
|
87
|
+
* missing or unrecognized — fail fast rather than letting the
|
|
88
|
+
* matcher consume a malformed file and produce wrong verdicts.
|
|
89
|
+
*/
|
|
90
|
+
function readBaselineFile(filePath) {
|
|
91
|
+
const raw = fs.readFileSync(filePath, 'utf8');
|
|
92
|
+
let parsed;
|
|
93
|
+
try {
|
|
94
|
+
parsed = JSON.parse(raw);
|
|
95
|
+
}
|
|
96
|
+
catch (err) {
|
|
97
|
+
throw new Error(`baseline file is not valid JSON: ${filePath} (${err.message})`);
|
|
98
|
+
}
|
|
99
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
|
|
100
|
+
throw new Error(`baseline file root is not an object: ${filePath}`);
|
|
101
|
+
}
|
|
102
|
+
const obj = parsed;
|
|
103
|
+
if (obj.schemaVersion !== exports.BASELINE_SCHEMA_VERSION) {
|
|
104
|
+
throw new Error(`baseline file schemaVersion is ${JSON.stringify(obj.schemaVersion)}; ` +
|
|
105
|
+
`this dxkit understands ${JSON.stringify(exports.BASELINE_SCHEMA_VERSION)} only ` +
|
|
106
|
+
`(${filePath})`);
|
|
107
|
+
}
|
|
108
|
+
return parsed;
|
|
109
|
+
}
|
|
110
|
+
//# sourceMappingURL=baseline-file.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"baseline-file.js","sourceRoot":"","sources":["../../src/baseline/baseline-file.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgFH,0CAEC;AAMD,8CAGC;AAOD,4CAoBC;AApHD,uCAAyB;AACzB,2CAA6B;AAI7B;;2CAE2C;AAC9B,QAAA,uBAAuB,GAAG,mBAA4B,CAAC;AAGpE,iEAAiE;AACpD,QAAA,qBAAqB,GAAG,MAAe,CAAC;AA6DrD;yCACyC;AAC5B,QAAA,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AAErE,uDAAuD;AACvD,SAAgB,eAAe,CAAC,GAAW,EAAE,IAAY;IACvD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,4BAAoB,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,QAAgB,EAAE,IAAkB;IACpE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;AAC3E,CAAC;AAED;;;;GAIG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,wCAAwC,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,GAAG,GAAG,MAAqC,CAAC;IAClD,IAAI,GAAG,CAAC,aAAa,KAAK,+BAAuB,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI;YACrE,0BAA0B,IAAI,CAAC,SAAS,CAAC,+BAAuB,CAAC,QAAQ;YACzE,IAAI,QAAQ,GAAG,CAClB,CAAC;IACJ,CAAC;IACD,OAAO,MAAsB,CAAC;AAChC,CAAC"}
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Output renderers for `vyuh-dxkit guardrail check`.
|
|
3
|
+
*
|
|
4
|
+
* Three target surfaces, one shared `GuardrailCheckResult`:
|
|
5
|
+
*
|
|
6
|
+
* - **Console** (`renderConsole`) — human-readable text for
|
|
7
|
+
* terminal output. Grouped by verdict (blocking / warning /
|
|
8
|
+
* informational), each pair showing status + kind + locator +
|
|
9
|
+
* severity + reason chain. Color codes via the shared logger
|
|
10
|
+
* palette so output blends with the rest of dxkit's CLI.
|
|
11
|
+
*
|
|
12
|
+
* - **JSON** (`renderJson`) — schema-stable machine-readable
|
|
13
|
+
* payload (top-level `schema: 'dxkit.guardrail-check.v1'`).
|
|
14
|
+
* Designed for AI agents and CI runners that need to programmatically
|
|
15
|
+
* decide what to do. Includes the matcher's per-pair detail,
|
|
16
|
+
* classifier verdicts, envelope drift, and the resolved policy.
|
|
17
|
+
*
|
|
18
|
+
* - **Markdown** (`renderMarkdown`) — Phase 4 PR-comment template.
|
|
19
|
+
* Compact, table-heavy, status-banner-first. Renders into the
|
|
20
|
+
* `dxkit-guardrails.yml` workflow's PR comment unchanged. No
|
|
21
|
+
* emojis (bot-friendly; Phase 4 templates can layer presentation
|
|
22
|
+
* on top).
|
|
23
|
+
*
|
|
24
|
+
* Pure modules. No I/O — callers handle stdout writing, file
|
|
25
|
+
* writing, or PR-comment posting.
|
|
26
|
+
*/
|
|
27
|
+
import type { EnvelopeDrift, GuardrailCheckResult } from './check';
|
|
28
|
+
import type { BrownfieldPolicy } from './policy';
|
|
29
|
+
import type { FindingStatus, MatchReason } from './types';
|
|
30
|
+
/**
|
|
31
|
+
* Render the check result as a human-readable text block. Returns a
|
|
32
|
+
* single multi-line string; callers route it to stdout.
|
|
33
|
+
*/
|
|
34
|
+
export declare function renderConsole(result: GuardrailCheckResult): string;
|
|
35
|
+
export declare const GUARDRAIL_JSON_SCHEMA: "dxkit.guardrail-check.v1";
|
|
36
|
+
/**
|
|
37
|
+
* Schema-stable machine-readable payload. `schema` at the top level
|
|
38
|
+
* lets downstream tooling version-gate before reading further fields;
|
|
39
|
+
* bump it when the shape changes incompatibly.
|
|
40
|
+
*/
|
|
41
|
+
export interface GuardrailJsonPayload {
|
|
42
|
+
readonly schema: typeof GUARDRAIL_JSON_SCHEMA;
|
|
43
|
+
readonly verdict: {
|
|
44
|
+
readonly blocks: boolean;
|
|
45
|
+
readonly warns: boolean;
|
|
46
|
+
readonly exitCode: 0 | 1;
|
|
47
|
+
};
|
|
48
|
+
readonly baseline: {
|
|
49
|
+
readonly path: string;
|
|
50
|
+
readonly name: string;
|
|
51
|
+
readonly createdAt: string;
|
|
52
|
+
readonly commitSha: string;
|
|
53
|
+
readonly branch: string;
|
|
54
|
+
readonly findingsCount: number;
|
|
55
|
+
};
|
|
56
|
+
readonly current: {
|
|
57
|
+
readonly commitSha: string;
|
|
58
|
+
readonly branch: string;
|
|
59
|
+
readonly findingsCount: number;
|
|
60
|
+
};
|
|
61
|
+
readonly matcher: {
|
|
62
|
+
readonly gitAware: boolean;
|
|
63
|
+
readonly degradedReason?: string;
|
|
64
|
+
};
|
|
65
|
+
readonly envelopeDrift: EnvelopeDrift;
|
|
66
|
+
readonly policy: {
|
|
67
|
+
readonly mode: BrownfieldPolicy['mode'];
|
|
68
|
+
readonly block: ReadonlyArray<FindingStatus>;
|
|
69
|
+
readonly warn: ReadonlyArray<FindingStatus>;
|
|
70
|
+
readonly confidence: BrownfieldPolicy['confidence'];
|
|
71
|
+
readonly blockRules: BrownfieldPolicy['blockRules'];
|
|
72
|
+
};
|
|
73
|
+
readonly summary: {
|
|
74
|
+
readonly pairs: number;
|
|
75
|
+
readonly blocking: number;
|
|
76
|
+
readonly warning: number;
|
|
77
|
+
readonly persisted: number;
|
|
78
|
+
readonly resolved: number;
|
|
79
|
+
};
|
|
80
|
+
readonly pairs: ReadonlyArray<{
|
|
81
|
+
readonly status: FindingStatus;
|
|
82
|
+
readonly blocks: boolean;
|
|
83
|
+
readonly warns: boolean;
|
|
84
|
+
readonly priorId?: string;
|
|
85
|
+
readonly currentId?: string;
|
|
86
|
+
readonly confidence: number;
|
|
87
|
+
readonly kind: string;
|
|
88
|
+
readonly severity?: string;
|
|
89
|
+
readonly file?: string;
|
|
90
|
+
readonly line?: number;
|
|
91
|
+
readonly overlapsChangedLines?: boolean;
|
|
92
|
+
readonly reasons: ReadonlyArray<MatchReason>;
|
|
93
|
+
}>;
|
|
94
|
+
}
|
|
95
|
+
export declare function renderJson(result: GuardrailCheckResult): GuardrailJsonPayload;
|
|
96
|
+
/**
|
|
97
|
+
* PR-comment-friendly markdown. Phase 4's GitHub Actions workflow
|
|
98
|
+
* pastes the output verbatim into a PR comment. Format:
|
|
99
|
+
*
|
|
100
|
+
* ## Guardrail: PASSED / BLOCKED
|
|
101
|
+
* one-line summary
|
|
102
|
+
* <blocking findings table, when any>
|
|
103
|
+
* <warnings collapsible section, when any>
|
|
104
|
+
* <drift signal callout, when envelope drifted>
|
|
105
|
+
* <provenance footnote>
|
|
106
|
+
*/
|
|
107
|
+
export declare function renderMarkdown(result: GuardrailCheckResult): string;
|
|
108
|
+
//# sourceMappingURL=check-renderers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"check-renderers.d.ts","sourceRoot":"","sources":["../../src/baseline/check-renderers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAGH,OAAO,KAAK,EAAkB,aAAa,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AACnF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAI1D;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAkFlE;AAkFD,eAAO,MAAM,qBAAqB,EAAG,0BAAmC,CAAC;AAEzE;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,qBAAqB,CAAC;IAC9C,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC;KAC1B,CAAC;IACF,QAAQ,CAAC,QAAQ,EAAE;QACjB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;KAChC,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC3B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;KAClC,CAAC;IACF,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE;QACf,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACxC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;QAC7C,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;QAC5C,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAC;QACpD,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC,YAAY,CAAC,CAAC;KACrD,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;QACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;QAC5B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;QAC/B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;QACzB,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;QAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;QACxC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;KAC9C,CAAC,CAAC;CACJ;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,oBAAoB,GAAG,oBAAoB,CAmE7E;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAiEnE"}
|