@vyuhlabs/dxkit 2.4.8 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (319) hide show
  1. package/CHANGELOG.md +312 -0
  2. package/README.md +360 -439
  3. package/dist/analyzers/security/aggregator.d.ts.map +1 -1
  4. package/dist/analyzers/security/aggregator.js +4 -46
  5. package/dist/analyzers/security/aggregator.js.map +1 -1
  6. package/dist/analyzers/tools/fingerprint.d.ts +91 -26
  7. package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
  8. package/dist/analyzers/tools/fingerprint.js +111 -22
  9. package/dist/analyzers/tools/fingerprint.js.map +1 -1
  10. package/dist/analyzers/tools/generic.d.ts.map +1 -1
  11. package/dist/analyzers/tools/generic.js +6 -1
  12. package/dist/analyzers/tools/generic.js.map +1 -1
  13. package/dist/analyzers/tools/gitleaks.d.ts +24 -1
  14. package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
  15. package/dist/analyzers/tools/gitleaks.js +20 -11
  16. package/dist/analyzers/tools/gitleaks.js.map +1 -1
  17. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  18. package/dist/analyzers/tools/graphify.js +9 -5
  19. package/dist/analyzers/tools/graphify.js.map +1 -1
  20. package/dist/analyzers/tools/tool-registry.d.ts +19 -1
  21. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  22. package/dist/analyzers/tools/tool-registry.js +25 -0
  23. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  24. package/dist/analyzers/types.d.ts +6 -4
  25. package/dist/analyzers/types.d.ts.map +1 -1
  26. package/dist/baseline/baseline-file.d.ts +104 -0
  27. package/dist/baseline/baseline-file.d.ts.map +1 -0
  28. package/dist/baseline/baseline-file.js +110 -0
  29. package/dist/baseline/baseline-file.js.map +1 -0
  30. package/dist/baseline/check-renderers.d.ts +108 -0
  31. package/dist/baseline/check-renderers.d.ts.map +1 -0
  32. package/dist/baseline/check-renderers.js +379 -0
  33. package/dist/baseline/check-renderers.js.map +1 -0
  34. package/dist/baseline/check.d.ts +127 -0
  35. package/dist/baseline/check.d.ts.map +1 -0
  36. package/dist/baseline/check.js +462 -0
  37. package/dist/baseline/check.js.map +1 -0
  38. package/dist/baseline/content-hash.d.ts +83 -0
  39. package/dist/baseline/content-hash.d.ts.map +1 -0
  40. package/dist/baseline/content-hash.js +131 -0
  41. package/dist/baseline/content-hash.js.map +1 -0
  42. package/dist/baseline/create.d.ts +96 -0
  43. package/dist/baseline/create.d.ts.map +1 -0
  44. package/dist/baseline/create.js +339 -0
  45. package/dist/baseline/create.js.map +1 -0
  46. package/dist/baseline/entry-to-located.d.ts +35 -0
  47. package/dist/baseline/entry-to-located.d.ts.map +1 -0
  48. package/dist/baseline/entry-to-located.js +72 -0
  49. package/dist/baseline/entry-to-located.js.map +1 -0
  50. package/dist/baseline/finding-identity.d.ts +47 -0
  51. package/dist/baseline/finding-identity.d.ts.map +1 -0
  52. package/dist/baseline/finding-identity.js +292 -0
  53. package/dist/baseline/finding-identity.js.map +1 -0
  54. package/dist/baseline/git-aware-match.d.ts +146 -0
  55. package/dist/baseline/git-aware-match.d.ts.map +1 -0
  56. package/dist/baseline/git-aware-match.js +439 -0
  57. package/dist/baseline/git-aware-match.js.map +1 -0
  58. package/dist/baseline/policy.d.ts +171 -0
  59. package/dist/baseline/policy.d.ts.map +1 -0
  60. package/dist/baseline/policy.js +206 -0
  61. package/dist/baseline/policy.js.map +1 -0
  62. package/dist/baseline/producers/health.d.ts +30 -0
  63. package/dist/baseline/producers/health.d.ts.map +1 -0
  64. package/dist/baseline/producers/health.js +42 -0
  65. package/dist/baseline/producers/health.js.map +1 -0
  66. package/dist/baseline/producers/index.d.ts +164 -0
  67. package/dist/baseline/producers/index.d.ts.map +1 -0
  68. package/dist/baseline/producers/index.js +200 -0
  69. package/dist/baseline/producers/index.js.map +1 -0
  70. package/dist/baseline/producers/licenses.d.ts +23 -0
  71. package/dist/baseline/producers/licenses.d.ts.map +1 -0
  72. package/dist/baseline/producers/licenses.js +46 -0
  73. package/dist/baseline/producers/licenses.js.map +1 -0
  74. package/dist/baseline/producers/quality.d.ts +39 -0
  75. package/dist/baseline/producers/quality.d.ts.map +1 -0
  76. package/dist/baseline/producers/quality.js +84 -0
  77. package/dist/baseline/producers/quality.js.map +1 -0
  78. package/dist/baseline/producers/secret-hmac.d.ts +45 -0
  79. package/dist/baseline/producers/secret-hmac.d.ts.map +1 -0
  80. package/dist/baseline/producers/secret-hmac.js +70 -0
  81. package/dist/baseline/producers/secret-hmac.js.map +1 -0
  82. package/dist/baseline/producers/security.d.ts +59 -0
  83. package/dist/baseline/producers/security.d.ts.map +1 -0
  84. package/dist/baseline/producers/security.js +135 -0
  85. package/dist/baseline/producers/security.js.map +1 -0
  86. package/dist/baseline/producers/tests.d.ts +36 -0
  87. package/dist/baseline/producers/tests.d.ts.map +1 -0
  88. package/dist/baseline/producers/tests.js +69 -0
  89. package/dist/baseline/producers/tests.js.map +1 -0
  90. package/dist/baseline/salt.d.ts +45 -0
  91. package/dist/baseline/salt.d.ts.map +1 -0
  92. package/dist/baseline/salt.js +113 -0
  93. package/dist/baseline/salt.js.map +1 -0
  94. package/dist/baseline/show.d.ts +79 -0
  95. package/dist/baseline/show.d.ts.map +1 -0
  96. package/dist/baseline/show.js +233 -0
  97. package/dist/baseline/show.js.map +1 -0
  98. package/dist/baseline/types.d.ts +482 -0
  99. package/dist/baseline/types.d.ts.map +1 -0
  100. package/dist/baseline/types.js +53 -0
  101. package/dist/baseline/types.js.map +1 -0
  102. package/dist/cli.d.ts.map +1 -1
  103. package/dist/cli.js +398 -82
  104. package/dist/cli.js.map +1 -1
  105. package/dist/constants.d.ts.map +1 -1
  106. package/dist/constants.js +0 -4
  107. package/dist/constants.js.map +1 -1
  108. package/dist/doctor.d.ts.map +1 -1
  109. package/dist/doctor.js +39 -35
  110. package/dist/doctor.js.map +1 -1
  111. package/dist/fail-on.d.ts +84 -0
  112. package/dist/fail-on.d.ts.map +1 -0
  113. package/dist/fail-on.js +128 -0
  114. package/dist/fail-on.js.map +1 -0
  115. package/dist/generator.d.ts +1 -1
  116. package/dist/generator.d.ts.map +1 -1
  117. package/dist/generator.js +81 -274
  118. package/dist/generator.js.map +1 -1
  119. package/dist/hooks-cli.d.ts +20 -0
  120. package/dist/hooks-cli.d.ts.map +1 -0
  121. package/dist/hooks-cli.js +145 -0
  122. package/dist/hooks-cli.js.map +1 -0
  123. package/dist/languages/csharp.d.ts.map +1 -1
  124. package/dist/languages/csharp.js +4 -9
  125. package/dist/languages/csharp.js.map +1 -1
  126. package/dist/languages/go.d.ts.map +1 -1
  127. package/dist/languages/go.js +3 -14
  128. package/dist/languages/go.js.map +1 -1
  129. package/dist/languages/index.d.ts +19 -1
  130. package/dist/languages/index.d.ts.map +1 -1
  131. package/dist/languages/index.js +32 -0
  132. package/dist/languages/index.js.map +1 -1
  133. package/dist/languages/java.d.ts.map +1 -1
  134. package/dist/languages/java.js +4 -6
  135. package/dist/languages/java.js.map +1 -1
  136. package/dist/languages/kotlin.d.ts.map +1 -1
  137. package/dist/languages/kotlin.js +9 -11
  138. package/dist/languages/kotlin.js.map +1 -1
  139. package/dist/languages/python.d.ts.map +1 -1
  140. package/dist/languages/python.js +4 -15
  141. package/dist/languages/python.js.map +1 -1
  142. package/dist/languages/ruby.d.ts.map +1 -1
  143. package/dist/languages/ruby.js +4 -6
  144. package/dist/languages/ruby.js.map +1 -1
  145. package/dist/languages/rust.d.ts.map +1 -1
  146. package/dist/languages/rust.js +4 -4
  147. package/dist/languages/rust.js.map +1 -1
  148. package/dist/languages/types.d.ts +29 -28
  149. package/dist/languages/types.d.ts.map +1 -1
  150. package/dist/languages/typescript.d.ts.map +1 -1
  151. package/dist/languages/typescript.js +31 -4
  152. package/dist/languages/typescript.js.map +1 -1
  153. package/dist/lib.d.ts +2 -3
  154. package/dist/lib.d.ts.map +1 -1
  155. package/dist/lib.js +3 -6
  156. package/dist/lib.js.map +1 -1
  157. package/dist/prompts.d.ts.map +1 -1
  158. package/dist/prompts.js +0 -10
  159. package/dist/prompts.js.map +1 -1
  160. package/dist/report-schema.d.ts +42 -0
  161. package/dist/report-schema.d.ts.map +1 -0
  162. package/dist/report-schema.js +54 -0
  163. package/dist/report-schema.js.map +1 -0
  164. package/dist/ship-installers.d.ts +112 -0
  165. package/dist/ship-installers.d.ts.map +1 -0
  166. package/dist/ship-installers.js +530 -0
  167. package/dist/ship-installers.js.map +1 -0
  168. package/dist/tools-cli.d.ts.map +1 -1
  169. package/dist/tools-cli.js +45 -9
  170. package/dist/tools-cli.js.map +1 -1
  171. package/dist/types.d.ts +0 -4
  172. package/dist/types.d.ts.map +1 -1
  173. package/dist/update.d.ts.map +1 -1
  174. package/dist/update.js +0 -4
  175. package/dist/update.js.map +1 -1
  176. package/package.json +17 -11
  177. package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
  178. package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
  179. package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
  180. package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
  181. package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
  182. package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
  183. package/templates/.devcontainer/devcontainer.json +55 -0
  184. package/templates/.devcontainer/install-agent-clis.sh +42 -0
  185. package/templates/.devcontainer/post-create.sh +81 -0
  186. package/templates/.githooks/pre-commit +55 -0
  187. package/templates/.githooks/pre-push +63 -0
  188. package/templates/.github/workflows/dxkit-baseline-refresh.yml +78 -0
  189. package/templates/.github/workflows/dxkit-guardrails.yml +98 -0
  190. package/templates/AGENTS.md.template +137 -0
  191. package/templates/CLAUDE.md.template +16 -245
  192. package/dist/codebase-scanner.d.ts +0 -36
  193. package/dist/codebase-scanner.d.ts.map +0 -1
  194. package/dist/codebase-scanner.js +0 -688
  195. package/dist/codebase-scanner.js.map +0 -1
  196. package/dist/project-yaml.d.ts +0 -13
  197. package/dist/project-yaml.d.ts.map +0 -1
  198. package/dist/project-yaml.js +0 -188
  199. package/dist/project-yaml.js.map +0 -1
  200. package/templates/.ai/README.md +0 -117
  201. package/templates/.ai/prompts/execution-prompt.md +0 -9
  202. package/templates/.ai/prompts/planning-prompt.md +0 -18
  203. package/templates/.ai/prompts/session-end-template.md +0 -182
  204. package/templates/.ai/prompts/session-end.md +0 -132
  205. package/templates/.ai/prompts/session-start.md +0 -109
  206. package/templates/.ai/prompts/step-by-step.md +0 -113
  207. package/templates/.ai/sessions/.gitkeep +0 -0
  208. package/templates/.claude/agents/doc-writer.md +0 -107
  209. package/templates/.claude/agents/knowledge-bot.md +0 -64
  210. package/templates/.claude/agents/onboarding.md +0 -61
  211. package/templates/.claude/agents/quality-reviewer.md +0 -85
  212. package/templates/.claude/agents-available/code-reviewer.md +0 -29
  213. package/templates/.claude/agents-available/codebase-explorer.md +0 -100
  214. package/templates/.claude/agents-available/dashboard-builder.md +0 -433
  215. package/templates/.claude/agents-available/debugger.md +0 -29
  216. package/templates/.claude/agents-available/dependency-mapper.md +0 -80
  217. package/templates/.claude/agents-available/dev-report.md +0 -108
  218. package/templates/.claude/agents-available/doc-writer.md +0 -107
  219. package/templates/.claude/agents-available/feature-builder.md +0 -163
  220. package/templates/.claude/agents-available/feature-planner.md +0 -185
  221. package/templates/.claude/agents-available/health-auditor.md +0 -95
  222. package/templates/.claude/agents-available/hooks-configurator.md +0 -211
  223. package/templates/.claude/agents-available/knowledge-bot.md +0 -62
  224. package/templates/.claude/agents-available/plan-executor.md +0 -133
  225. package/templates/.claude/agents-available/strategic-planner.md +0 -141
  226. package/templates/.claude/agents-available/test-gap-finder.md +0 -67
  227. package/templates/.claude/agents-available/test-writer.md +0 -34
  228. package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
  229. package/templates/.claude/commands/ask.md +0 -7
  230. package/templates/.claude/commands/build-feature.md +0 -26
  231. package/templates/.claude/commands/build.md.template +0 -30
  232. package/templates/.claude/commands/check.md.template +0 -43
  233. package/templates/.claude/commands/dashboard.md +0 -28
  234. package/templates/.claude/commands/deps.md +0 -15
  235. package/templates/.claude/commands/dev-report.md +0 -50
  236. package/templates/.claude/commands/docs.md +0 -21
  237. package/templates/.claude/commands/doctor.md +0 -21
  238. package/templates/.claude/commands/enable-agent.md +0 -12
  239. package/templates/.claude/commands/execute-plan.md +0 -25
  240. package/templates/.claude/commands/explore-codebase.md +0 -12
  241. package/templates/.claude/commands/export-pdf.md +0 -30
  242. package/templates/.claude/commands/feature.md +0 -25
  243. package/templates/.claude/commands/fix-issue.md +0 -12
  244. package/templates/.claude/commands/fix.md.template +0 -32
  245. package/templates/.claude/commands/health.md +0 -58
  246. package/templates/.claude/commands/help.md +0 -36
  247. package/templates/.claude/commands/learn.md +0 -48
  248. package/templates/.claude/commands/onboarding.md +0 -21
  249. package/templates/.claude/commands/plan.md +0 -20
  250. package/templates/.claude/commands/quality.md.template +0 -65
  251. package/templates/.claude/commands/session-end.md +0 -40
  252. package/templates/.claude/commands/session-start.md +0 -30
  253. package/templates/.claude/commands/setup-hooks.md +0 -18
  254. package/templates/.claude/commands/setup-pr-review.md +0 -72
  255. package/templates/.claude/commands/stealth-mode.md +0 -17
  256. package/templates/.claude/commands/test-gaps.md +0 -49
  257. package/templates/.claude/commands/test.md.template +0 -40
  258. package/templates/.claude/commands/vulnerabilities.md +0 -49
  259. package/templates/.claude/skills/build/SKILL.md.template +0 -98
  260. package/templates/.claude/skills/deploy/SKILL.md.template +0 -131
  261. package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
  262. package/templates/.claude/skills/doctor/SKILL.md +0 -54
  263. package/templates/.claude/skills/gcloud/SKILL.md +0 -66
  264. package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
  265. package/templates/.claude/skills/learned/SKILL.md +0 -55
  266. package/templates/.claude/skills/learned/references/conventions.md +0 -11
  267. package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
  268. package/templates/.claude/skills/learned/references/gotchas.md +0 -11
  269. package/templates/.claude/skills/pulumi/SKILL.md +0 -73
  270. package/templates/.claude/skills/quality/SKILL.md.template +0 -108
  271. package/templates/.claude/skills/quality/references/gotchas.md +0 -5
  272. package/templates/.claude/skills/review/SKILL.md.template +0 -73
  273. package/templates/.claude/skills/scaffold/SKILL.md.template +0 -123
  274. package/templates/.claude/skills/secrets/SKILL.md +0 -52
  275. package/templates/.claude/skills/session/SKILL.md +0 -43
  276. package/templates/.claude/skills/test/SKILL.md.template +0 -122
  277. package/templates/.claude/skills/test/references/gotchas.md +0 -5
  278. package/templates/.devcontainer/Dockerfile.dev.template +0 -89
  279. package/templates/.devcontainer/devcontainer.json.template +0 -184
  280. package/templates/.devcontainer/docker-compose.yml.template +0 -105
  281. package/templates/.devcontainer/init-scripts/01-init.sql.template +0 -12
  282. package/templates/.devcontainer/post-create.sh.template +0 -298
  283. package/templates/.github/workflows/ci.yml.template +0 -399
  284. package/templates/.github/workflows/quality.yml.template +0 -376
  285. package/templates/.pre-commit-config.yaml.template +0 -106
  286. package/templates/.project/config/edit_config.py +0 -275
  287. package/templates/.project/config/project_config.py +0 -894
  288. package/templates/.project/scripts/codegen/generate-all.sh +0 -20
  289. package/templates/.project/scripts/codegen/validate-all.sh +0 -17
  290. package/templates/.project/scripts/docs/generate-all.sh +0 -30
  291. package/templates/.project/scripts/docs/serve.sh +0 -20
  292. package/templates/.project/scripts/quality/fix-all.sh +0 -138
  293. package/templates/.project/scripts/quality/lint-go.sh +0 -34
  294. package/templates/.project/scripts/quality/lint-python.sh +0 -54
  295. package/templates/.project/scripts/quality/run-all.sh +0 -497
  296. package/templates/.project/scripts/session/commit.sh +0 -70
  297. package/templates/.project/scripts/session/create-pr.sh +0 -165
  298. package/templates/.project/scripts/session/end.sh +0 -207
  299. package/templates/.project/scripts/session/start.sh +0 -233
  300. package/templates/.project/scripts/setup/doctor.sh +0 -404
  301. package/templates/.project/scripts/setup/interactive-setup.sh +0 -585
  302. package/templates/.project/scripts/sync/sync-template.sh +0 -328
  303. package/templates/.project/scripts/test/run-all.sh +0 -179
  304. package/templates/.project/scripts/test/run-quick.sh +0 -25
  305. package/templates/Makefile +0 -514
  306. package/templates/config/versions.yaml +0 -57
  307. package/templates/configs/go/.golangci.yml.template +0 -172
  308. package/templates/configs/go/go.mod.template +0 -15
  309. package/templates/configs/java/README.md +0 -6
  310. package/templates/configs/kotlin/README.md +0 -6
  311. package/templates/configs/node/package.json.template +0 -67
  312. package/templates/configs/node/tsconfig.json.template +0 -53
  313. package/templates/configs/python/pyproject.toml.template +0 -92
  314. package/templates/configs/python/pytest.ini.template +0 -64
  315. package/templates/configs/python/ruff.toml.template +0 -79
  316. package/templates/configs/ruby/README.md +0 -6
  317. package/templates/configs/rust/Cargo.toml.template +0 -51
  318. package/templates/configs/shared/.editorconfig +0 -67
  319. package/templates/scripts/validate-templates.sh +0 -449
@@ -1 +1 @@
1
- {"version":3,"file":"aggregator.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/aggregator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,QAAQ,EAAmB,eAAe,EAAE,MAAM,SAAS,CAAC;AAI1E,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAI1E;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,WAAY,SAAQ,eAAe;IAClD,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,QAAQ,CAAC;IACvB,aAAa,EAAE,aAAa,CAAC;QAC3B,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,QAAQ,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,OAAO,CAAA;KAAE,CAAC;IAC/C,YAAY,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,OAAO,CAAA;KAAE,CAAC;IACpD,SAAS,EAAE;QAAE,GAAG,EAAE,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,YAAY,EAAE;QAAE,GAAG,EAAE,OAAO,CAAA;KAAE,CAAC;IAC/B,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;CAClF;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC;qEACiE;IACjE,cAAc,EAAE,cAAc,CAAC;IAE/B;;+DAE2D;IAC3D,aAAa,EAAE,cAAc,CAAC;IAE9B;;+BAE2B;IAC3B,iBAAiB,EAAE,cAAc,CAAC;IAElC;;2CAEuC;IACvC,kBAAkB,EAAE;QAClB,MAAM,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;QACjC,MAAM,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;QACnC,UAAU,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;KAC3C,CAAC;IAEF;;;;;;OAMG;IACH,6BAA6B,EAAE,MAAM,CAAC;IAEtC;;;;;OAKG;IACH,0BAA0B,EAAE,MAAM,CAAC;IAEnC;0CACsC;IACtC,eAAe,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAE/C,qEAAqE;IACrE,UAAU,EAAE,mBAAmB,CAAC;CACjC;AAwFD;;;;;GAKG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE;QAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IAClE,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,YAAY,EAAE;QAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IACvE,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B;;;wBAGoB;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE;QACR,QAAQ,EAAE,cAAc,EAAE,CAAC;QAC3B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;CACH;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,sBAAsB,GAAG,iBAAiB,CAuNvF"}
1
+ {"version":3,"file":"aggregator.d.ts","sourceRoot":"","sources":["../../../src/analyzers/security/aggregator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,KAAK,EAAE,QAAQ,EAAmB,eAAe,EAAE,MAAM,SAAS,CAAC;AAK1E,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAI1E;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,WAAY,SAAQ,eAAe;IAClD,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,QAAQ,CAAC;IACvB,aAAa,EAAE,aAAa,CAAC;QAC3B,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,QAAQ,CAAC;KACpB,CAAC,CAAC;CACJ;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,OAAO,CAAA;KAAE,CAAC;IAC/C,YAAY,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,OAAO,CAAA;KAAE,CAAC;IACpD,SAAS,EAAE;QAAE,GAAG,EAAE,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;IAClD,YAAY,EAAE;QAAE,GAAG,EAAE,OAAO,CAAA;KAAE,CAAC;IAC/B,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,CAAC;CAClF;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC;qEACiE;IACjE,cAAc,EAAE,cAAc,CAAC;IAE/B;;+DAE2D;IAC3D,aAAa,EAAE,cAAc,CAAC;IAE9B;;+BAE2B;IAC3B,iBAAiB,EAAE,cAAc,CAAC;IAElC;;2CAEuC;IACvC,kBAAkB,EAAE;QAClB,MAAM,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;QACnC,IAAI,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;QACjC,MAAM,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;QACnC,UAAU,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;KAC3C,CAAC;IAEF;;;;;;OAMG;IACH,6BAA6B,EAAE,MAAM,CAAC;IAEtC;;;;;OAKG;IACH,0BAA0B,EAAE,MAAM,CAAC;IAEnC;0CACsC;IACtC,eAAe,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAE/C,qEAAqE;IACrE,UAAU,EAAE,mBAAmB,CAAC;CACjC;AAyCD;;;;;GAKG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE;QAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IAClE,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,YAAY,EAAE;QAAE,QAAQ,EAAE,eAAe,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IACvE,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B;;;wBAGoB;IACpB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE;QACR,QAAQ,EAAE,cAAc,EAAE,CAAC;QAC3B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;QACnB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;CACH;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,sBAAsB,GAAG,iBAAiB,CAuNvF"}
@@ -57,7 +57,7 @@
57
57
  */
58
58
  Object.defineProperty(exports, "__esModule", { value: true });
59
59
  exports.buildSecurityAggregate = buildSecurityAggregate;
60
- const crypto_1 = require("crypto");
60
+ const fingerprint_1 = require("../tools/fingerprint");
61
61
  // ─── Canonical-rule registry ──────────────────────────────────────────────
62
62
  /**
63
63
  * Maps raw `(tool, rule)` pairs to a canonical rule id. Two raw
@@ -73,48 +73,6 @@ const crypto_1 = require("crypto");
73
73
  * double-counting. Future entries land when a new language pack or
74
74
  * semgrep ruleset surfaces overlap with an existing finding type.
75
75
  */
76
- const CANONICAL_RULE_MAP = new Map([
77
- // TLS / certificate validation bypass — D091 closure
78
- ['tls-bypass-registry:tls-validation-disabled', 'canonical:tls-bypass'],
79
- ['semgrep:bypass-tls-verification', 'canonical:tls-bypass'],
80
- ['semgrep:nodejsscan.node_tls_reject_unauthorized', 'canonical:tls-bypass'],
81
- // Private-key file on disk — find + gitleaks may both surface
82
- ['find:private-key-file', 'canonical:private-key-on-disk'],
83
- ['gitleaks:private-key', 'canonical:private-key-on-disk'],
84
- ]);
85
- function canonicalRuleFor(tool, rule) {
86
- return CANONICAL_RULE_MAP.get(`${tool}:${rule}`) ?? `raw:${tool}:${rule}`;
87
- }
88
- /**
89
- * Line-window bucketing. Tools report the same code construct at
90
- * slightly-different lines (semgrep on the declaration, registry-grep
91
- * on the assignment — D091's `:72` vs `:74` shape). 3-line buckets
92
- * absorb that drift without collapsing genuinely-different findings
93
- * in the same file.
94
- *
95
- * Boundary edge case closed by C1.10: the natural fixed-boundary
96
- * bucketing alone would miss adjacent findings straddling a
97
- * multiple-of-3 (a JS-heavy customer frontend surfaced
98
- * SetupConfigForm.js:43 + :45 → buckets 42 + 45 → no collapse
99
- * pre-C1.10). The grouping loop now
100
- * does a neighbor-bucket lookup (naturalBucket ± 3) after the natural
101
- * miss, restoring D091's intent across boundary-straddling pairs.
102
- * Effective collapse window: ~3-5 lines depending on alignment.
103
- */
104
- function lineWindowFor(line) {
105
- return Math.floor(line / 3) * 3;
106
- }
107
- /**
108
- * Stable 16-char hex hash of `(canonicalRule | file | lineWindow)`.
109
- * NUL-separated so distinct tuples can't collide via concatenation
110
- * tricks. Mirrors `tools/fingerprint.computeFingerprint`'s format
111
- * (SHA-1 first 8 bytes hex) so dep-vuln and code-finding fingerprints
112
- * share a downstream type contract.
113
- */
114
- function computeCodeFingerprint(canonicalRule, file, line) {
115
- const input = `${canonicalRule}\0${file}\0${lineWindowFor(line)}`;
116
- return (0, crypto_1.createHash)('sha1').update(input).digest('hex').slice(0, 16);
117
- }
118
76
  // ─── Severity helpers ─────────────────────────────────────────────────────
119
77
  const SEVERITY_RANK = {
120
78
  critical: 3,
@@ -162,8 +120,8 @@ function buildSecurityAggregate(input) {
162
120
  ];
163
121
  const groups = new Map();
164
122
  for (const f of rawCodeFindings) {
165
- const canonicalRule = canonicalRuleFor(f.tool, f.rule);
166
- const naturalFingerprint = computeCodeFingerprint(canonicalRule, f.file, f.line);
123
+ const canonicalRule = (0, fingerprint_1.canonicalRuleFor)(f.tool, f.rule);
124
+ const naturalFingerprint = (0, fingerprint_1.computeCodeFingerprint)(canonicalRule, f.file, f.line);
167
125
  // C1.10: neighbor-bucket lookup. The 3-line fixed bucket misses
168
126
  // adjacent findings that straddle a multiple-of-3 line (the JS-heavy
169
127
  // customer frontend surfaced SetupConfigForm.js:43 + :45 → buckets 42
@@ -177,7 +135,7 @@ function buildSecurityAggregate(input) {
177
135
  let existing = groups.get(fingerprint);
178
136
  if (!existing) {
179
137
  for (const offset of [-3, 3]) {
180
- const neighborFingerprint = computeCodeFingerprint(canonicalRule, f.file, f.line + offset);
138
+ const neighborFingerprint = (0, fingerprint_1.computeCodeFingerprint)(canonicalRule, f.file, f.line + offset);
181
139
  const candidate = groups.get(neighborFingerprint);
182
140
  if (candidate) {
183
141
  existing = candidate;
@@ -1 +1 @@
1
- {"version":3,"file":"aggregator.js","sourceRoot":"","sources":["../../../src/analyzers/security/aggregator.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;;AAyQH,wDAuNC;AA9dD,mCAAoC;AAoIpC,6EAA6E;AAE7E;;;;;;;;;;;;;GAaG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAiB;IACjD,qDAAqD;IACrD,CAAC,6CAA6C,EAAE,sBAAsB,CAAC;IACvE,CAAC,iCAAiC,EAAE,sBAAsB,CAAC;IAC3D,CAAC,iDAAiD,EAAE,sBAAsB,CAAC;IAE3E,8DAA8D;IAC9D,CAAC,uBAAuB,EAAE,+BAA+B,CAAC;IAC1D,CAAC,sBAAsB,EAAE,+BAA+B,CAAC;CAC1D,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,IAAY,EAAE,IAAY;IAClD,OAAO,kBAAkB,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,IAAI,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC;AAC5E,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,aAAqB,EAAE,IAAY,EAAE,IAAY;IAC/E,MAAM,KAAK,GAAG,GAAG,aAAa,KAAK,IAAI,KAAK,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;IAClE,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,6EAA6E;AAE7E,MAAM,aAAa,GAA6B;IAC9C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,SAAS,WAAW,CAAC,CAAW,EAAE,CAAW;IAC3C,OAAO,aAAa,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,WAAW;IAClB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,MAAsB,EAAE,QAAkB;IAC5D,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;AACrB,CAAC;AA4BD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,sBAAsB,CAAC,KAA6B;IAClE,uEAAuE;IACvE,MAAM,eAAe,GAAsB;QACzC,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ;QACzB,GAAG,KAAK,CAAC,YAAY;QACrB,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ;QAC9B,GAAG,KAAK,CAAC,SAAS;KACnB,CAAC;IAkBF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAiB,CAAC;IAExC,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;QAChC,MAAM,aAAa,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,kBAAkB,GAAG,sBAAsB,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAEjF,gEAAgE;QAChE,qEAAqE;QACrE,sEAAsE;QACtE,sEAAsE;QACtE,qBAAqB;QACrB,gEAAgE;QAChE,oEAAoE;QACpE,gEAAgE;QAChE,gEAAgE;QAChE,IAAI,WAAW,GAAG,kBAAkB,CAAC;QACrC,IAAI,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,KAAK,MAAM,MAAM,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC7B,MAAM,mBAAmB,GAAG,sBAAsB,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,CAAC;gBAC3F,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;gBAClD,IAAI,SAAS,EAAE,CAAC;oBACd,QAAQ,GAAG,SAAS,CAAC;oBACrB,WAAW,GAAG,mBAAmB,CAAC;oBAClC,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC/D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;gBACjB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;YACH,+DAA+D;YAC/D,yDAAyD;YACzD,+DAA+D;YAC/D,iEAAiE;YACjE,IAAI,CAAC,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;gBACzB,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC;YACvC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;gBACtB,WAAW;gBACX,aAAa;gBACb,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC7B,IAAI,EAAE;oBACJ;wBACE,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB;iBACF;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,sBAAsB,GAAwD;QAClF,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;KACX,CAAC;IACF,MAAM,cAAc,GAAG,WAAW,EAAE,CAAC;IACrC,MAAM,iBAAiB,GAAG,WAAW,EAAE,CAAC;IACxC,MAAM,eAAe,GAAqB,EAAE,CAAC;IAE7C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QAChC,MAAM,OAAO,GAAgB;YAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE;SACrC,CAAC;QAEF,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5B,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACnC,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,wBAAwB;YACxB,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,eAAe,CAAC,IAAI,CAAC;gBACnB,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,YAAY,EAAE,CAAC,CAAC,QAAQ;gBACxB,aAAa,EAAE,CAAC,CAAC,IAAI;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,kEAAkE;IAClE,oEAAoE;IACpE,gDAAgD;IAChD,MAAM,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IACpD,IAAI,2BAA2B,GAAG,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,IAAI,gBAAgB,2BAA2B,EAAE,EAAE,CAAC;QAC7E,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,6DAA6D;YAC7D,2DAA2D;YAC3D,2BAA2B;YAC3B,IAAI,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,iBAAiB,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,WAAW,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAClC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,uEAAuE;IACvE,MAAM,UAAU,GAAwB;QACtC,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;YAC5B,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,IAAI;SACrC;QACD,YAAY,EAAE;YACZ,IAAI,EAAE,KAAK,CAAC,YAAY,CAAC,QAAQ;YACjC,GAAG,EAAE,KAAK,CAAC,YAAY,CAAC,QAAQ,KAAK,IAAI;SAC1C;QACD,SAAS,EAAE;YACT,gEAAgE;YAChE,6DAA6D;YAC7D,8DAA8D;YAC9D,4BAA4B;YAC5B,GAAG,EAAE,KAAK,CAAC,qBAAqB,GAAG,CAAC;YACpC,YAAY,EAAE,KAAK,CAAC,qBAAqB;SAC1C;QACD,YAAY,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE;QAC3B,QAAQ,EAAE;YACR,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI;YACzB,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,SAAS;YACnC,iBAAiB,EAAE,KAAK,CAAC,QAAQ,CAAC,iBAAiB;SACpD;KACF,CAAC;IAEF,OAAO;QACL,cAAc;QACd,aAAa;QACb,iBAAiB;QACjB,kBAAkB,EAAE;YAClB,MAAM,EAAE,sBAAsB,CAAC,MAAM;YACrC,IAAI,EAAE,sBAAsB,CAAC,IAAI;YACjC,MAAM,EAAE,sBAAsB,CAAC,MAAM;YACrC,UAAU,EAAE,iBAAiB;SAC9B;QACD,6BAA6B,EAAE,iBAAiB,CAAC,MAAM;QACvD,0BAA0B,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM;QAC1D,eAAe;QACf,UAAU;KACX,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"aggregator.js","sourceRoot":"","sources":["../../../src/analyzers/security/aggregator.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;;AA0NH,wDAuNC;AA7aD,sDAAgF;AAkIhF,6EAA6E;AAE7E;;;;;;;;;;;;;GAaG;AACH,6EAA6E;AAE7E,MAAM,aAAa,GAA6B;IAC9C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;CACP,CAAC;AAEF,SAAS,WAAW,CAAC,CAAW,EAAE,CAAW;IAC3C,OAAO,aAAa,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,WAAW;IAClB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,MAAsB,EAAE,QAAkB;IAC5D,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;AACrB,CAAC;AA4BD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,sBAAsB,CAAC,KAA6B;IAClE,uEAAuE;IACvE,MAAM,eAAe,GAAsB;QACzC,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ;QACzB,GAAG,KAAK,CAAC,YAAY;QACrB,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ;QAC9B,GAAG,KAAK,CAAC,SAAS;KACnB,CAAC;IAkBF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAiB,CAAC;IAExC,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;QAChC,MAAM,aAAa,GAAG,IAAA,8BAAgB,EAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,kBAAkB,GAAG,IAAA,oCAAsB,EAAC,aAAa,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAEjF,gEAAgE;QAChE,qEAAqE;QACrE,sEAAsE;QACtE,sEAAsE;QACtE,qBAAqB;QACrB,gEAAgE;QAChE,oEAAoE;QACpE,gEAAgE;QAChE,gEAAgE;QAChE,IAAI,WAAW,GAAG,kBAAkB,CAAC;QACrC,IAAI,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,KAAK,MAAM,MAAM,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC7B,MAAM,mBAAmB,GAAG,IAAA,oCAAsB,EAAC,aAAa,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,CAAC;gBAC3F,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;gBAClD,IAAI,SAAS,EAAE,CAAC;oBACd,QAAQ,GAAG,SAAS,CAAC;oBACrB,WAAW,GAAG,mBAAmB,CAAC;oBAClC,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;YAC/D,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;gBACjB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;YACH,+DAA+D;YAC/D,yDAAyD;YACzD,+DAA+D;YAC/D,iEAAiE;YACjE,IAAI,CAAC,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;gBACzB,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC;YACvC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE;gBACtB,WAAW;gBACX,aAAa;gBACb,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,GAAG,EAAE,CAAC,CAAC,GAAG;gBACV,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,UAAU,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC7B,IAAI,EAAE;oBACJ;wBACE,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;wBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;qBACrB;iBACF;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,sBAAsB,GAAwD;QAClF,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;KACX,CAAC;IACF,MAAM,cAAc,GAAG,WAAW,EAAE,CAAC;IACrC,MAAM,iBAAiB,GAAG,WAAW,EAAE,CAAC;IACxC,MAAM,eAAe,GAAqB,EAAE,CAAC;IAE7C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;QAChC,MAAM,OAAO,GAAgB;YAC3B,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE;SACrC,CAAC;QAEF,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC5B,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACnC,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5C,6DAA6D;YAC7D,+DAA+D;YAC/D,8DAA8D;YAC9D,wBAAwB;YACxB,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1C,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,eAAe,CAAC,IAAI,CAAC;gBACnB,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,YAAY,EAAE,CAAC,CAAC,QAAQ;gBACxB,aAAa,EAAE,CAAC,CAAC,IAAI;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,kEAAkE;IAClE,oEAAoE;IACpE,gDAAgD;IAChD,MAAM,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IACpD,IAAI,2BAA2B,GAAG,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,IAAI,gBAAgB,2BAA2B,EAAE,EAAE,CAAC;QAC7E,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,6DAA6D;YAC7D,2DAA2D;YAC3D,2BAA2B;YAC3B,IAAI,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjE,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,iBAAiB,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,WAAW,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAClC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,uEAAuE;IACvE,MAAM,UAAU,GAAwB;QACtC,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ;YAC5B,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,IAAI;SACrC;QACD,YAAY,EAAE;YACZ,IAAI,EAAE,KAAK,CAAC,YAAY,CAAC,QAAQ;YACjC,GAAG,EAAE,KAAK,CAAC,YAAY,CAAC,QAAQ,KAAK,IAAI;SAC1C;QACD,SAAS,EAAE;YACT,gEAAgE;YAChE,6DAA6D;YAC7D,8DAA8D;YAC9D,4BAA4B;YAC5B,GAAG,EAAE,KAAK,CAAC,qBAAqB,GAAG,CAAC;YACpC,YAAY,EAAE,KAAK,CAAC,qBAAqB;SAC1C;QACD,YAAY,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE;QAC3B,QAAQ,EAAE;YACR,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI;YACzB,SAAS,EAAE,KAAK,CAAC,QAAQ,CAAC,SAAS;YACnC,iBAAiB,EAAE,KAAK,CAAC,QAAQ,CAAC,iBAAiB;SACpD;KACF,CAAC;IAEF,OAAO;QACL,cAAc;QACd,aAAa;QACb,iBAAiB;QACjB,kBAAkB,EAAE;YAClB,MAAM,EAAE,sBAAsB,CAAC,MAAM;YACrC,IAAI,EAAE,sBAAsB,CAAC,IAAI;YACjC,MAAM,EAAE,sBAAsB,CAAC,MAAM;YACrC,UAAU,EAAE,iBAAiB;SAC9B;QACD,6BAA6B,EAAE,iBAAiB,CAAC,MAAM;QACvD,0BAA0B,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM;QAC1D,eAAe;QACf,UAAU;KACX,CAAC;AACJ,CAAC"}
@@ -1,30 +1,29 @@
1
1
  /**
2
- * Advisory fingerprints — durable per-finding identity across runs.
3
- *
4
- * The dispatcher's dep-vuln aggregator (src/analyzers/security/gather.ts)
5
- * stamps every finding with a stable hash of `(package, installedVersion,
6
- * id)` before scoring + reporting. The same advisory against the same
7
- * installed version produces the same fingerprint on every run, so
8
- * consumers (agent-driven upgrade bots, suppressions, CI gates) can diff
9
- * a current bom against a stored prior to detect:
10
- *
11
- * - new advisories (fingerprint present now, absent before)
12
- * - resolved advisories (fingerprint absent now, present before)
13
- * - unchanged advisories (fingerprint in both sets)
14
- *
15
- * Excluded from the hash:
16
- * - severity / cvssScorere-scoring the same advisory against the
17
- * same install must not mint a new identity
18
- * - enrichment fields (epssScore, kev, reachable, riskScore) — same
19
- * reason; these are signals about the advisory, not part of it
20
- * - producer `tool` the same advisory hit by two producers (e.g.
21
- * npm-audit + snyk) should collapse to one identity
22
- * - `upgradeAdvice` / `upgradePlan` — resolution suggestions change
23
- * across releases of the fix tooling; identity must outlive them
24
- *
25
- * Format: 16-char lowercase hex (first 8 bytes of SHA-1). Short enough
26
- * to embed inline in reports, long enough to make collisions between
27
- * non-identical tuples effectively impossible for repo-scale sets.
2
+ * Durable per-finding identity across runs — used by both intra-run dedup
3
+ * (the security aggregator collapses cross-tool overlaps via fingerprint)
4
+ * and cross-run diff tooling (baselines compare today's fingerprint set
5
+ * against yesterday's to surface added / removed / persisted findings).
6
+ *
7
+ * Two fingerprint families live here:
8
+ *
9
+ * 1. Dependency-advisory fingerprints stable hash of
10
+ * `(package, installedVersion, id)`. Used by `gatherDepVulns` +
11
+ * BoM. Excludes severity / cvssScore / enrichment fields
12
+ * (epssScore, kev, reachable, riskScore), producer `tool`, and
13
+ * `upgradeAdvice` / `upgradePlan` so re-scoring the same advisory
14
+ * against the same install never mints a new identity.
15
+ *
16
+ * 2. Code/secret/config-finding fingerprintsstable hash of
17
+ * `(canonicalRule, file, lineWindow)`. The canonical-rule map
18
+ * collapses cross-tool overlaps (e.g. semgrep + a per-language
19
+ * grep-based pattern both reporting the same TLS-bypass
20
+ * construct). The line-window absorbs the small offset between
21
+ * tools that report the declaration vs. the assignment.
22
+ *
23
+ * Both families share format: 16-char lowercase hex (first 8 bytes of
24
+ * SHA-1). Short enough to embed inline in reports, long enough to make
25
+ * collisions between non-identical tuples effectively impossible at
26
+ * repo scale. Producers may render either inline interchangeably.
28
27
  */
29
28
  import type { DepVulnFinding } from '../../languages/capabilities/types';
30
29
  /**
@@ -60,4 +59,70 @@ export declare function stampFingerprints(findings: DepVulnFinding[]): void;
60
59
  * findings outside the `gatherDepVulns` path).
61
60
  */
62
61
  export declare function collectFingerprints(findings: ReadonlyArray<DepVulnFinding>): string[];
62
+ /**
63
+ * Maps raw `(tool, rule)` pairs to a canonical rule id. Two raw
64
+ * findings with the same canonical rule (and same file + line window)
65
+ * fingerprint identically — the aggregator's dedup pipeline collapses
66
+ * them into a single CodeFinding with `producedBy` listing every
67
+ * contributing tool. Adding a new collapse is a one-line addition; no
68
+ * algorithm changes.
69
+ *
70
+ * Unmapped pairs fall through to `raw:${tool}:${rule}` — conservative
71
+ * default. Never accidentally collapses unrelated findings.
72
+ */
73
+ export declare const CANONICAL_RULE_MAP: ReadonlyMap<string, string>;
74
+ /** Resolve a raw `(tool, rule)` pair to its canonical rule id. */
75
+ export declare function canonicalRuleFor(tool: string, rule: string): string;
76
+ /**
77
+ * Width of the line-number bucket used by code-finding fingerprints.
78
+ * Tools report the same construct at slightly different lines (one
79
+ * tool on the declaration, another on the assignment). Bucketing
80
+ * absorbs that drift without collapsing unrelated findings on
81
+ * nearby lines.
82
+ */
83
+ export declare const CODE_FINGERPRINT_LINE_WINDOW = 3;
84
+ /**
85
+ * Bucket a line number to its canonical line-window value. Findings
86
+ * sharing the same `(canonicalRule, file, lineWindow)` tuple share a
87
+ * fingerprint.
88
+ *
89
+ * Note on boundary cases: the aggregator additionally probes the two
90
+ * neighbor buckets (±lineWindow) to catch adjacent findings that
91
+ * straddle a bucket boundary; that lookup lives in the aggregator
92
+ * because it owns the merge policy, not here.
93
+ */
94
+ export declare function lineWindowFor(line: number): number;
95
+ /**
96
+ * Stable 16-char hex hash of `(canonicalRule, file, lineWindow)`.
97
+ * NUL-separated so distinct tuples can't collide via concatenation
98
+ * tricks. Same byte format as `computeFingerprint` so dep-vuln and
99
+ * code-finding fingerprints share a downstream type contract.
100
+ */
101
+ export declare function computeCodeFingerprint(canonicalRule: string, file: string, line: number): string;
102
+ /**
103
+ * HMAC-SHA256 of a detected secret value, keyed by a per-repo salt.
104
+ * The output is 16-char lowercase hex (first 8 bytes of the 32-byte
105
+ * HMAC) so it shares the byte format of the other fingerprint helpers
106
+ * and can be embedded inline in reports without taking real estate.
107
+ *
108
+ * Cryptographic posture: HMAC (not bare hash) so the producer cannot
109
+ * recover the secret from its identity even if the salt is leaked,
110
+ * and the salt cannot be recovered from the identity even if the
111
+ * secret is known. Truncating to 8 bytes is safe at repo scale —
112
+ * collision probability for distinct secrets is ~2^-32 per pair,
113
+ * negligible for any realistic finding set.
114
+ *
115
+ * Used by the secret-hmac identity scheme: a leaked token that moves
116
+ * files between runs produces the same HMAC, so the matcher can
117
+ * recognize "same secret, different location" as a relocated finding
118
+ * rather than a deleted+added pair. The salt is per-repo so
119
+ * cross-repo identity collisions are impossible (the same secret in
120
+ * two repos hashes to two different HMACs).
121
+ *
122
+ * The producer never stores the secret value itself — only the HMAC.
123
+ * That's the whole reason this scheme is preferred over a bare
124
+ * content hash of the secret: zero secret-recovery risk in the
125
+ * baseline file.
126
+ */
127
+ export declare function computeSecretHmac(secret: string, salt: string): string;
63
128
  //# sourceMappingURL=fingerprint.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"fingerprint.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,SAAS,GAAG,kBAAkB,GAAG,IAAI,CAAC,GACnE,MAAM,CAGR;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI,CAIlE;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,CAAC,GAAG,MAAM,EAAE,CAMrF"}
1
+ {"version":3,"file":"fingerprint.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,SAAS,GAAG,kBAAkB,GAAG,IAAI,CAAC,GACnE,MAAM,CAGR;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI,CAIlE;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,CAAC,GAAG,MAAM,EAAE,CAMrF;AAID;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CASzD,CAAC;AAEH,kEAAkE;AAClE,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEnE;AAED;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,IAAI,CAAC;AAE9C;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAElD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAGhG;AAID;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEtE"}
@@ -1,36 +1,40 @@
1
1
  "use strict";
2
2
  /**
3
- * Advisory fingerprints — durable per-finding identity across runs.
3
+ * Durable per-finding identity across runs — used by both intra-run dedup
4
+ * (the security aggregator collapses cross-tool overlaps via fingerprint)
5
+ * and cross-run diff tooling (baselines compare today's fingerprint set
6
+ * against yesterday's to surface added / removed / persisted findings).
4
7
  *
5
- * The dispatcher's dep-vuln aggregator (src/analyzers/security/gather.ts)
6
- * stamps every finding with a stable hash of `(package, installedVersion,
7
- * id)` before scoring + reporting. The same advisory against the same
8
- * installed version produces the same fingerprint on every run, so
9
- * consumers (agent-driven upgrade bots, suppressions, CI gates) can diff
10
- * a current bom against a stored prior to detect:
8
+ * Two fingerprint families live here:
11
9
  *
12
- * - new advisories (fingerprint present now, absent before)
13
- * - resolved advisories (fingerprint absent now, present before)
14
- * - unchanged advisories (fingerprint in both sets)
10
+ * 1. Dependency-advisory fingerprints stable hash of
11
+ * `(package, installedVersion, id)`. Used by `gatherDepVulns` +
12
+ * BoM. Excludes severity / cvssScore / enrichment fields
13
+ * (epssScore, kev, reachable, riskScore), producer `tool`, and
14
+ * `upgradeAdvice` / `upgradePlan` so re-scoring the same advisory
15
+ * against the same install never mints a new identity.
15
16
  *
16
- * Excluded from the hash:
17
- * - severity / cvssScore — re-scoring the same advisory against the
18
- * same install must not mint a new identity
19
- * - enrichment fields (epssScore, kev, reachable, riskScore) — same
20
- * reason; these are signals about the advisory, not part of it
21
- * - producer `tool` the same advisory hit by two producers (e.g.
22
- * npm-audit + snyk) should collapse to one identity
23
- * - `upgradeAdvice` / `upgradePlan` — resolution suggestions change
24
- * across releases of the fix tooling; identity must outlive them
17
+ * 2. Code/secret/config-finding fingerprints stable hash of
18
+ * `(canonicalRule, file, lineWindow)`. The canonical-rule map
19
+ * collapses cross-tool overlaps (e.g. semgrep + a per-language
20
+ * grep-based pattern both reporting the same TLS-bypass
21
+ * construct). The line-window absorbs the small offset between
22
+ * tools that report the declaration vs. the assignment.
25
23
  *
26
- * Format: 16-char lowercase hex (first 8 bytes of SHA-1). Short enough
27
- * to embed inline in reports, long enough to make collisions between
28
- * non-identical tuples effectively impossible for repo-scale sets.
24
+ * Both families share format: 16-char lowercase hex (first 8 bytes of
25
+ * SHA-1). Short enough to embed inline in reports, long enough to make
26
+ * collisions between non-identical tuples effectively impossible at
27
+ * repo scale. Producers may render either inline interchangeably.
29
28
  */
30
29
  Object.defineProperty(exports, "__esModule", { value: true });
30
+ exports.CODE_FINGERPRINT_LINE_WINDOW = exports.CANONICAL_RULE_MAP = void 0;
31
31
  exports.computeFingerprint = computeFingerprint;
32
32
  exports.stampFingerprints = stampFingerprints;
33
33
  exports.collectFingerprints = collectFingerprints;
34
+ exports.canonicalRuleFor = canonicalRuleFor;
35
+ exports.lineWindowFor = lineWindowFor;
36
+ exports.computeCodeFingerprint = computeCodeFingerprint;
37
+ exports.computeSecretHmac = computeSecretHmac;
34
38
  const crypto_1 = require("crypto");
35
39
  /**
36
40
  * Stable 16-char hex fingerprint for one DepVulnFinding. Input tuple
@@ -79,4 +83,89 @@ function collectFingerprints(findings) {
79
83
  }
80
84
  return [...set].sort();
81
85
  }
86
+ // ─── Code/secret/config-finding fingerprints ─────────────────────────────────
87
+ /**
88
+ * Maps raw `(tool, rule)` pairs to a canonical rule id. Two raw
89
+ * findings with the same canonical rule (and same file + line window)
90
+ * fingerprint identically — the aggregator's dedup pipeline collapses
91
+ * them into a single CodeFinding with `producedBy` listing every
92
+ * contributing tool. Adding a new collapse is a one-line addition; no
93
+ * algorithm changes.
94
+ *
95
+ * Unmapped pairs fall through to `raw:${tool}:${rule}` — conservative
96
+ * default. Never accidentally collapses unrelated findings.
97
+ */
98
+ exports.CANONICAL_RULE_MAP = new Map([
99
+ // TLS / certificate validation bypass
100
+ ['tls-bypass-registry:tls-validation-disabled', 'canonical:tls-bypass'],
101
+ ['semgrep:bypass-tls-verification', 'canonical:tls-bypass'],
102
+ ['semgrep:nodejsscan.node_tls_reject_unauthorized', 'canonical:tls-bypass'],
103
+ // Private-key file on disk — find + gitleaks may both surface
104
+ ['find:private-key-file', 'canonical:private-key-on-disk'],
105
+ ['gitleaks:private-key', 'canonical:private-key-on-disk'],
106
+ ]);
107
+ /** Resolve a raw `(tool, rule)` pair to its canonical rule id. */
108
+ function canonicalRuleFor(tool, rule) {
109
+ return exports.CANONICAL_RULE_MAP.get(`${tool}:${rule}`) ?? `raw:${tool}:${rule}`;
110
+ }
111
+ /**
112
+ * Width of the line-number bucket used by code-finding fingerprints.
113
+ * Tools report the same construct at slightly different lines (one
114
+ * tool on the declaration, another on the assignment). Bucketing
115
+ * absorbs that drift without collapsing unrelated findings on
116
+ * nearby lines.
117
+ */
118
+ exports.CODE_FINGERPRINT_LINE_WINDOW = 3;
119
+ /**
120
+ * Bucket a line number to its canonical line-window value. Findings
121
+ * sharing the same `(canonicalRule, file, lineWindow)` tuple share a
122
+ * fingerprint.
123
+ *
124
+ * Note on boundary cases: the aggregator additionally probes the two
125
+ * neighbor buckets (±lineWindow) to catch adjacent findings that
126
+ * straddle a bucket boundary; that lookup lives in the aggregator
127
+ * because it owns the merge policy, not here.
128
+ */
129
+ function lineWindowFor(line) {
130
+ return Math.floor(line / exports.CODE_FINGERPRINT_LINE_WINDOW) * exports.CODE_FINGERPRINT_LINE_WINDOW;
131
+ }
132
+ /**
133
+ * Stable 16-char hex hash of `(canonicalRule, file, lineWindow)`.
134
+ * NUL-separated so distinct tuples can't collide via concatenation
135
+ * tricks. Same byte format as `computeFingerprint` so dep-vuln and
136
+ * code-finding fingerprints share a downstream type contract.
137
+ */
138
+ function computeCodeFingerprint(canonicalRule, file, line) {
139
+ const input = `${canonicalRule}\0${file}\0${lineWindowFor(line)}`;
140
+ return (0, crypto_1.createHash)('sha1').update(input).digest('hex').slice(0, 16);
141
+ }
142
+ // ─── Secret HMAC primitive ───────────────────────────────────────────────────
143
+ /**
144
+ * HMAC-SHA256 of a detected secret value, keyed by a per-repo salt.
145
+ * The output is 16-char lowercase hex (first 8 bytes of the 32-byte
146
+ * HMAC) so it shares the byte format of the other fingerprint helpers
147
+ * and can be embedded inline in reports without taking real estate.
148
+ *
149
+ * Cryptographic posture: HMAC (not bare hash) so the producer cannot
150
+ * recover the secret from its identity even if the salt is leaked,
151
+ * and the salt cannot be recovered from the identity even if the
152
+ * secret is known. Truncating to 8 bytes is safe at repo scale —
153
+ * collision probability for distinct secrets is ~2^-32 per pair,
154
+ * negligible for any realistic finding set.
155
+ *
156
+ * Used by the secret-hmac identity scheme: a leaked token that moves
157
+ * files between runs produces the same HMAC, so the matcher can
158
+ * recognize "same secret, different location" as a relocated finding
159
+ * rather than a deleted+added pair. The salt is per-repo so
160
+ * cross-repo identity collisions are impossible (the same secret in
161
+ * two repos hashes to two different HMACs).
162
+ *
163
+ * The producer never stores the secret value itself — only the HMAC.
164
+ * That's the whole reason this scheme is preferred over a bare
165
+ * content hash of the secret: zero secret-recovery risk in the
166
+ * baseline file.
167
+ */
168
+ function computeSecretHmac(secret, salt) {
169
+ return (0, crypto_1.createHmac)('sha256', salt).update(secret).digest('hex').slice(0, 16);
170
+ }
82
171
  //# sourceMappingURL=fingerprint.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"fingerprint.js","sourceRoot":"","sources":["../../../src/analyzers/tools/fingerprint.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;AAeH,gDAKC;AAYD,8CAIC;AAYD,kDAMC;AApDD,mCAAoC;AAGpC;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAChC,OAAoE;IAEpE,MAAM,KAAK,GAAG,GAAG,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,gBAAgB,IAAI,EAAE,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;IACrF,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,iBAAiB,CAAC,QAA0B;IAC1D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,CAAC,CAAC,WAAW,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,mBAAmB,CAAC,QAAuC;IACzE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC"}
1
+ {"version":3,"file":"fingerprint.js","sourceRoot":"","sources":["../../../src/analyzers/tools/fingerprint.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;;;AAeH,gDAKC;AAYD,8CAIC;AAYD,kDAMC;AA2BD,4CAEC;AAqBD,sCAEC;AAQD,wDAGC;AA6BD,8CAEC;AAlJD,mCAAgD;AAGhD;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAChC,OAAoE;IAEpE,MAAM,KAAK,GAAG,GAAG,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,gBAAgB,IAAI,EAAE,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;IACrF,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,iBAAiB,CAAC,QAA0B;IAC1D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,CAAC,CAAC,WAAW,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,mBAAmB,CAAC,QAAuC;IACzE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;GAUG;AACU,QAAA,kBAAkB,GAAgC,IAAI,GAAG,CAAiB;IACrF,sCAAsC;IACtC,CAAC,6CAA6C,EAAE,sBAAsB,CAAC;IACvE,CAAC,iCAAiC,EAAE,sBAAsB,CAAC;IAC3D,CAAC,iDAAiD,EAAE,sBAAsB,CAAC;IAE3E,8DAA8D;IAC9D,CAAC,uBAAuB,EAAE,+BAA+B,CAAC;IAC1D,CAAC,sBAAsB,EAAE,+BAA+B,CAAC;CAC1D,CAAC,CAAC;AAEH,kEAAkE;AAClE,SAAgB,gBAAgB,CAAC,IAAY,EAAE,IAAY;IACzD,OAAO,0BAAkB,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,IAAI,OAAO,IAAI,IAAI,IAAI,EAAE,CAAC;AAC5E,CAAC;AAED;;;;;;GAMG;AACU,QAAA,4BAA4B,GAAG,CAAC,CAAC;AAE9C;;;;;;;;;GASG;AACH,SAAgB,aAAa,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,oCAA4B,CAAC,GAAG,oCAA4B,CAAC;AACxF,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,aAAqB,EAAE,IAAY,EAAE,IAAY;IACtF,MAAM,KAAK,GAAG,GAAG,aAAa,KAAK,IAAI,KAAK,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;IAClE,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAgB,iBAAiB,CAAC,MAAc,EAAE,IAAY;IAC5D,OAAO,IAAA,mBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"generic.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AA+DjD;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,MAAM,EACX,aAAa,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,GACzC,OAAO,CAAC,aAAa,CAAC,CAiOxB"}
1
+ {"version":3,"file":"generic.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AA+DjD;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,MAAM,EACX,aAAa,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,GACzC,OAAO,CAAC,aAAa,CAAC,CAsOxB"}
@@ -151,7 +151,12 @@ function gatherGenericMetrics(cwd, languageFlags) {
151
151
  filesOver500Lines++;
152
152
  }
153
153
  const sourceFiles = sourceList.length;
154
- const largestFiles = [...filteredFiles].sort((a, b) => b.lines - a.lines).slice(0, 10);
154
+ // Every file over the canonical large-file threshold, sorted
155
+ // descending. Filtered (not pre-sliced) at this layer so the
156
+ // baseline `large-file` producer captures one entry per file and
157
+ // the per-kind count matches `filesOver500Lines` above. The
158
+ // markdown renderer caps to top 10 at the display site.
159
+ const largestFiles = filteredFiles.filter((f) => f.lines > 500).sort((a, b) => b.lines - a.lines);
155
160
  // ─── Console / debug / type-escape / eval counts (D074 closure) ───────────
156
161
  // skipComments: true filters lines beginning with //, /*, or # so
157
162
  // commented-out occurrences don't inflate the count.
@@ -1 +1 @@
1
- {"version":3,"file":"generic.js","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+EA,oDAoOC;AA3SD,qCAAuD;AACvD,6CAAmD;AACnD,2DAAwE;AACxE,yDAA2D;AAC3D,+CAMyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,wEAAwE;AACxE,uEAAuE;AACvE,gEAAgE;AAChE,qEAAqE;AACrE,gEAAgE;AAChE,6DAA6D;AAC7D,oEAAoE;AACpE,EAAE;AACF,kEAAkE;AAClE,iEAAiE;AACjE,6DAA6D;AAC7D,qCAAqC;AAErC;;;;;;;;;;;;;GAaG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACzE,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AACpC,CAAC;AAED;;;;GAIG;AACH,SAAS,SAAS,CAAC,OAAe;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,QAAQ;YAAE,KAAK,EAAE,CAAC;IACrD,CAAC;IACD,8DAA8D;IAC9D,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,CAAC;IAC3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAClC,GAAW,EACX,aAA0C;IAE1C,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,CAAC,CAAC;IACzC,qEAAqE;IACrE,iEAAiE;IACjE,kEAAkE;IAClE,yBAAyB;IACzB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAEzC,6EAA6E;IAC7E,oEAAoE;IACpE,qEAAqE;IACrE,kEAAkE;IAClE,wEAAwE;IACxE,kEAAkE;IAClE,EAAE;IACF,oEAAoE;IACpE,mEAAmE;IACnE,+DAA+D;IAC/D,+DAA+D;IAC/D,iEAAiE;IACjE,gEAAgE;IAChE,oCAAoC;IACpC,MAAM,UAAU,GAAG,IAAA,mCAAe,EAAC,GAAG,CAAC,CAAC;IACxC,MAAM,mBAAmB,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5E,6EAA6E;IAC7E,iEAAiE;IACjE,kEAAkE;IAClE,sEAAsE;IACtE,MAAM,aAAa,GAA2C,EAAE,CAAC;IACjE,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,eAAe,GAAG,EAAE,CAAC;IACzB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,UAAU,IAAI,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,CAAC,CAAC,KAAK,GAAG,gBAAgB,EAAE,CAAC;YAC/B,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC;YAC3B,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,CAAC,KAAK,GAAG,GAAG;YAAE,iBAAiB,EAAE,CAAC;IACzC,CAAC;IACD,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC;IACtC,MAAM,YAAY,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEvF,6EAA6E;IAC7E,kEAAkE;IAClE,qDAAqD;IACrD,EAAE;IACF,sEAAsE;IACtE,qEAAqE;IACrE,kEAAkE;IAClE,0DAA0D;IAC1D,MAAM,eAAe,GAAG,IAAA,wCAAqB,EAAC,GAAG,CAAC,CAAC,KAAK,CAAC;IAEzD,iCAAiC;IACjC,MAAM,OAAO,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE;QACnC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC1C,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAA,oCAAgB,EAAC,GAAG,EAAE,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU;IAExG,6EAA6E;IAC7E,oDAAoD;IACpD,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,WAAW,GACf,QAAQ,CAAC,IAAA,YAAG,EAAC,gDAAgD,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC;IACjF,kEAAkE;IAClE,oEAAoE;IACpE,uEAAuE;IACvE,MAAM,kBAAkB,GAAG,IAAA,iCAAqB,GAAE,CAAC;IACnD,MAAM,eAAe,GACnB,kBAAkB,CAAC,MAAM,GAAG,CAAC;QAC3B,CAAC,CAAC,IAAA,oCAAgB,EAAC,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK;QAChF,CAAC,CAAC,CAAC,CAAC;IACR,MAAM,YAAY,GAAG,IAAA,mBAAU,EAC7B,QAAQ,EACR,cAAc,EACd,cAAc,EACd,cAAc,EACd,cAAc,CACf,CAAC;IACF,MAAM,qBAAqB,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/F,MAAM,kBAAkB,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACnE,MAAM,eAAe,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;IAE3E,6EAA6E;IAC7E,wEAAwE;IACxE,sEAAsE;IACtE,sDAAsD;IACtD,MAAM,SAAS,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE;QACrC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;QACjD,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAA,oCAAgB,EAAC,GAAG,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE;QACjE,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC,KAAK,CAAC;IAET,MAAM,eAAe,GAAG,IAAA,mBAAU,EAChC,iDAAiD,OAAO,cAAc,EACtE,GAAG,CACJ,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,mBAAU,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAC9E,qEAAqE;IACrE,8DAA8D;IAC9D,iEAAiE;IACjE,oCAAoC;IACpC,MAAM,iBAAiB,GAAG,IAAA,gCAAoB,GAAE,CAAC;IACjD,MAAM,gBAAgB,GACpB,iBAAiB,CAAC,MAAM,GAAG,CAAC;QAC1B,CAAC,CAAC,IAAA,oCAAgB,EAAC,GAAG,EAAE,UAAU,EAAE,iBAAiB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK;QACpF,CAAC,CAAC,CAAC,CAAC;IAER,8EAA8E;IAC9E,iEAAiE;IACjE,sEAAsE;IACtE,oEAAoE;IACpE,sEAAsE;IACtE,qEAAqE;IACrE,oEAAoE;IACpE,oEAAoE;IACpE,qEAAqE;IACrE,oEAAoE;IACpE,sBAAsB;IACtB,MAAM,KAAK,GAAG,aAAa,IAAK,EAAiC,CAAC;IAClE,MAAM,YAAY,GAAG,IAAA,oCAAwB,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjF,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,OAAiB,EAAW,EAAE;QAC3D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACvC,MAAM,KAAK,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QACrC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACF,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,oEAAoE;QACpE,kEAAkE;QAClE,qEAAqE;QACrE,MAAM,QAAQ,GAAG,GAAG,GAAG,GAAG,CAAC;QAC3B,IAAI,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC;YAAE,WAAW,EAAE,CAAC;QACtD,IAAI,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;YAAE,iBAAiB,EAAE,CAAC;QAC1D,IAAI,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;YAAE,MAAM,EAAE,CAAC;IACjD,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,kBAAkB,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAE7E,6EAA6E;IAC7E,MAAM,aAAa,GAAG,IAAA,mBAAU,EAC9B,oIAAoI,EACpI,QAAQ,CACT,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAA,mBAAU,EAClC,kGAAkG,EAClG,QAAQ,CACT,CAAC;IACF,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,wEAAwE,EACxE,QAAQ,CACT,CAAC;IACF,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACpF,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,CAAC,CAAC;IAC9F,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,YAAY,CACb,CAAC;IAEF,OAAO;QACL,WAAW;QACX,SAAS,EAAE,QAAQ,CAAC,MAAM;QAC1B,UAAU;QACV,oBAAoB;QACpB,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,YAAY;QACZ,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,eAAe;QACf,YAAY;QACZ,qBAAqB;QACrB,kBAAkB;QAClB,eAAe;QACf,SAAS;QACT,eAAe;QACf,aAAa;QACb,gBAAgB;QAChB,WAAW;QACX,MAAM;QACN,iBAAiB;QACjB,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,oBAAoB;QACpB,cAAc;QACd,gBAAgB;QAChB,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;QACxC,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"generic.js","sourceRoot":"","sources":["../../../src/analyzers/tools/generic.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+EA,oDAyOC;AAhTD,qCAAuD;AACvD,6CAAmD;AACnD,2DAAwE;AACxE,yDAA2D;AAC3D,+CAMyB;AACzB,uCAAyB;AACzB,2CAA6B;AAE7B,wEAAwE;AACxE,uEAAuE;AACvE,gEAAgE;AAChE,qEAAqE;AACrE,gEAAgE;AAChE,6DAA6D;AAC7D,oEAAoE;AACpE,EAAE;AACF,kEAAkE;AAClE,iEAAiE;AACjE,6DAA6D;AAC7D,qCAAqC;AAErC;;;;;;;;;;;;;GAaG;AACH,SAAS,kBAAkB,CAAC,GAAW;IACrC,MAAM,GAAG,GAAG,IAAA,YAAG,EAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACzE,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AACpC,CAAC;AAED;;;;GAIG;AACH,SAAS,SAAS,CAAC,OAAe;IAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,QAAQ;YAAE,KAAK,EAAE,CAAC;IACrD,CAAC;IACD,8DAA8D;IAC9D,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,CAAC;IAC3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAClC,GAAW,EACX,aAA0C;IAE1C,MAAM,OAAO,GAAG,IAAA,gCAAmB,EAAC,GAAG,CAAC,CAAC;IACzC,qEAAqE;IACrE,iEAAiE;IACjE,kEAAkE;IAClE,yBAAyB;IACzB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAEzC,6EAA6E;IAC7E,oEAAoE;IACpE,qEAAqE;IACrE,kEAAkE;IAClE,wEAAwE;IACxE,kEAAkE;IAClE,EAAE;IACF,oEAAoE;IACpE,mEAAmE;IACnE,+DAA+D;IAC/D,+DAA+D;IAC/D,iEAAiE;IACjE,gEAAgE;IAChE,oCAAoC;IACpC,MAAM,UAAU,GAAG,IAAA,mCAAe,EAAC,GAAG,CAAC,CAAC;IACxC,MAAM,mBAAmB,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5E,6EAA6E;IAC7E,iEAAiE;IACjE,kEAAkE;IAClE,sEAAsE;IACtE,MAAM,aAAa,GAA2C,EAAE,CAAC;IACjE,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,eAAe,GAAG,EAAE,CAAC;IACzB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,UAAU,IAAI,CAAC,CAAC,KAAK,CAAC;QACtB,IAAI,CAAC,CAAC,KAAK,GAAG,gBAAgB,EAAE,CAAC;YAC/B,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC;YAC3B,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,CAAC,KAAK,GAAG,GAAG;YAAE,iBAAiB,EAAE,CAAC;IACzC,CAAC;IACD,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC;IACtC,6DAA6D;IAC7D,6DAA6D;IAC7D,iEAAiE;IACjE,4DAA4D;IAC5D,wDAAwD;IACxD,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAElG,6EAA6E;IAC7E,kEAAkE;IAClE,qDAAqD;IACrD,EAAE;IACF,sEAAsE;IACtE,qEAAqE;IACrE,kEAAkE;IAClE,0DAA0D;IAC1D,MAAM,eAAe,GAAG,IAAA,wCAAqB,EAAC,GAAG,CAAC,CAAC,KAAK,CAAC;IAEzD,iCAAiC;IACjC,MAAM,OAAO,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE;QACnC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC;QAC1C,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,kBAAkB;IAClB,MAAM,YAAY,GAAG,IAAA,oCAAgB,EAAC,GAAG,EAAE,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU;IAExG,6EAA6E;IAC7E,oDAAoD;IACpD,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,WAAW,GACf,QAAQ,CAAC,IAAA,YAAG,EAAC,gDAAgD,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC;IACjF,kEAAkE;IAClE,oEAAoE;IACpE,uEAAuE;IACvE,MAAM,kBAAkB,GAAG,IAAA,iCAAqB,GAAE,CAAC;IACnD,MAAM,eAAe,GACnB,kBAAkB,CAAC,MAAM,GAAG,CAAC;QAC3B,CAAC,CAAC,IAAA,oCAAgB,EAAC,GAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK;QAChF,CAAC,CAAC,CAAC,CAAC;IACR,MAAM,YAAY,GAAG,IAAA,mBAAU,EAC7B,QAAQ,EACR,cAAc,EACd,cAAc,EACd,cAAc,EACd,cAAc,CACf,CAAC;IACF,MAAM,qBAAqB,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/F,MAAM,kBAAkB,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACnE,MAAM,eAAe,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;IAE3E,6EAA6E;IAC7E,wEAAwE;IACxE,sEAAsE;IACtE,sDAAsD;IACtD,MAAM,SAAS,GAAG,IAAA,mCAAe,EAAC,GAAG,EAAE;QACrC,UAAU,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC;QACjD,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAA,oCAAgB,EAAC,GAAG,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE;QACjE,YAAY,EAAE,IAAI;KACnB,CAAC,CAAC,KAAK,CAAC;IAET,MAAM,eAAe,GAAG,IAAA,mBAAU,EAChC,iDAAiD,OAAO,cAAc,EACtE,GAAG,CACJ,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,mBAAU,EAAC,sCAAsC,EAAE,GAAG,CAAC,CAAC;IAC9E,qEAAqE;IACrE,8DAA8D;IAC9D,iEAAiE;IACjE,oCAAoC;IACpC,MAAM,iBAAiB,GAAG,IAAA,gCAAoB,GAAE,CAAC;IACjD,MAAM,gBAAgB,GACpB,iBAAiB,CAAC,MAAM,GAAG,CAAC;QAC1B,CAAC,CAAC,IAAA,oCAAgB,EAAC,GAAG,EAAE,UAAU,EAAE,iBAAiB,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK;QACpF,CAAC,CAAC,CAAC,CAAC;IAER,8EAA8E;IAC9E,iEAAiE;IACjE,sEAAsE;IACtE,oEAAoE;IACpE,sEAAsE;IACtE,qEAAqE;IACrE,oEAAoE;IACpE,oEAAoE;IACpE,qEAAqE;IACrE,oEAAoE;IACpE,sBAAsB;IACtB,MAAM,KAAK,GAAG,aAAa,IAAK,EAAiC,CAAC;IAClE,MAAM,YAAY,GAAG,IAAA,oCAAwB,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjF,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,IAAA,yBAAa,EAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,OAAiB,EAAW,EAAE;QAC3D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACvC,MAAM,KAAK,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QACrC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACF,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,oEAAoE;QACpE,kEAAkE;QAClE,qEAAqE;QACrE,MAAM,QAAQ,GAAG,GAAG,GAAG,GAAG,CAAC;QAC3B,IAAI,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC;YAAE,WAAW,EAAE,CAAC;QACtD,IAAI,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;YAAE,iBAAiB,EAAE,CAAC;QAC1D,IAAI,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC;YAAE,MAAM,EAAE,CAAC;IACjD,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,mBAAU,EAAC,kBAAkB,OAAO,cAAc,EAAE,GAAG,CAAC,CAAC;IAE7E,6EAA6E;IAC7E,MAAM,aAAa,GAAG,IAAA,mBAAU,EAC9B,oIAAoI,EACpI,QAAQ,CACT,CAAC;IACF,MAAM,iBAAiB,GAAG,IAAA,mBAAU,EAClC,kGAAkG,EAClG,QAAQ,CACT,CAAC;IACF,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,wEAAwE,EACxE,QAAQ,CACT,CAAC;IACF,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;IACpF,MAAM,gBAAgB,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,cAAc,EAAE,aAAa,EAAE,eAAe,CAAC,CAAC;IAC9F,MAAM,oBAAoB,GAAG,IAAA,mBAAU,EACrC,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,YAAY,CACb,CAAC;IAEF,OAAO;QACL,WAAW;QACX,SAAS,EAAE,QAAQ,CAAC,MAAM;QAC1B,UAAU;QACV,oBAAoB;QACpB,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,YAAY;QACZ,eAAe;QACf,YAAY;QACZ,YAAY;QACZ,WAAW;QACX,eAAe;QACf,YAAY;QACZ,qBAAqB;QACrB,kBAAkB;QAClB,eAAe;QACf,SAAS;QACT,eAAe;QACf,aAAa;QACb,gBAAgB;QAChB,WAAW;QACX,MAAM;QACN,iBAAiB;QACjB,WAAW;QACX,aAAa;QACb,iBAAiB;QACjB,oBAAoB;QACpB,cAAc;QACd,gBAAgB;QAChB,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC;QACxC,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC"}
@@ -1,16 +1,39 @@
1
1
  import type { CapabilityProvider } from '../../languages/capabilities/provider';
2
2
  import type { SecretsResult } from '../../languages/capabilities/types';
3
+ /**
4
+ * Per-finding raw value carried alongside the public envelope. Stays
5
+ * out of `SecretsResult` (and therefore out of `SecurityAggregate`,
6
+ * `SecurityReport`, the dashboard, JSON outputs) so the secret value
7
+ * never leaks through the normal reporting surfaces. The only legit
8
+ * consumer is the baseline-side secret-HMAC producer, which immediately
9
+ * HMACs the value and discards it.
10
+ *
11
+ * Lives in this outcome rather than fetched separately so the memoized
12
+ * gitleaks invocation (`gatherGitleaksResult` runs at most once per
13
+ * cwd) covers both the public envelope path and the HMAC path.
14
+ */
15
+ export interface GitleaksRawSecret {
16
+ readonly file: string;
17
+ readonly line: number;
18
+ readonly rule: string;
19
+ /** The matched secret value as reported by gitleaks. Process-only;
20
+ * callers MUST NOT write this to disk, log it, or include it in
21
+ * any output payload. */
22
+ readonly secret: string;
23
+ }
3
24
  /**
4
25
  * Outcome union used by `gatherGitleaksResult`. The capability provider
5
26
  * collapses this to `SecretsResult | null`; the Layer 2 reshape in
6
27
  * `tools/parallel.ts` reads `unavailable.reason` so the
7
28
  * `toolsUnavailable` strings carry install-missing vs parse-failure
8
- * detail.
29
+ * detail. The `rawSecrets` field is read only by the baseline-side
30
+ * secret-HMAC producer; other consumers ignore it.
9
31
  */
10
32
  export type SecretsGatherOutcome = {
11
33
  kind: 'success';
12
34
  envelope: SecretsResult;
13
35
  suppressedCount: number;
36
+ rawSecrets: ReadonlyArray<GitleaksRawSecret>;
14
37
  } | {
15
38
  kind: 'unavailable';
16
39
  reason: string;
@@ -1 +1 @@
1
- {"version":3,"file":"gitleaks.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAUvF;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,aAAa,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,GACrE;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAgB5C;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAMtE;AA6ED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,EAAE,kBAAkB,CAAC,aAAa,CAM9D,CAAC"}
1
+ {"version":3,"file":"gitleaks.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAiB,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAUvF;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;8BAE0B;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IACE,IAAI,EAAE,SAAS,CAAC;IAChB,QAAQ,EAAE,aAAa,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;CAC9C,GACD;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAgB5C;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAMtE;AA0FD;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,EAAE,kBAAkB,CAAC,aAAa,CAM9D,CAAC"}
@@ -117,28 +117,37 @@ function computeGitleaksOutcome(cwd) {
117
117
  findings: [],
118
118
  suppressedCount: 0,
119
119
  };
120
- return { kind: 'success', envelope, suppressedCount: 0 };
120
+ return { kind: 'success', envelope, suppressedCount: 0, rawSecrets: [] };
121
121
  }
122
- const raw = parsed.map((f) => ({
123
- file: (0, paths_1.toProjectRelative)(cwd, f.File),
124
- line: f.StartLine,
125
- rule: f.RuleID,
126
- severity: f.RuleID.includes('private-key') ? 'critical' : 'high',
127
- title: f.Description,
122
+ const combined = parsed.map((f) => ({
123
+ finding: {
124
+ file: (0, paths_1.toProjectRelative)(cwd, f.File),
125
+ line: f.StartLine,
126
+ rule: f.RuleID,
127
+ severity: f.RuleID.includes('private-key') ? 'critical' : 'high',
128
+ title: f.Description,
129
+ },
130
+ secret: f.Secret,
128
131
  }));
129
132
  // Gitleaks --no-git scans everything on disk (ignores .gitignore), so
130
133
  // we re-apply the resolved exclusion set via isExcludedPath().
131
- const filtered = raw.filter((d) => !(0, exclusions_1.isExcludedPath)(cwd, d.file));
134
+ const filteredCombined = combined.filter((c) => !(0, exclusions_1.isExcludedPath)(cwd, c.finding.file));
132
135
  // Apply `.dxkit-suppressions.json` so known-false positives don't count.
133
136
  const suppressions = (0, suppressions_1.loadSuppressions)(cwd);
134
- const { kept, suppressed } = (0, suppressions_1.applySuppressions)(filtered, suppressions.gitleaks, (d) => d.rule, (d) => d.file);
137
+ const { kept, suppressed } = (0, suppressions_1.applySuppressions)(filteredCombined, suppressions.gitleaks, (c) => c.finding.rule, (c) => c.finding.file);
135
138
  const envelope = {
136
139
  schemaVersion: 1,
137
140
  tool: 'gitleaks',
138
- findings: kept,
141
+ findings: kept.map((c) => c.finding),
139
142
  suppressedCount: suppressed.length,
140
143
  };
141
- return { kind: 'success', envelope, suppressedCount: suppressed.length };
144
+ const rawSecrets = kept.map((c) => ({
145
+ file: c.finding.file,
146
+ line: c.finding.line,
147
+ rule: c.finding.rule,
148
+ secret: c.secret,
149
+ }));
150
+ return { kind: 'success', envelope, suppressedCount: suppressed.length, rawSecrets };
142
151
  }
143
152
  /**
144
153
  * Capability-shaped provider. Register in
@@ -1 +1 @@
1
- {"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DA,oDAMC;AAhED;;;;;;;;;GASG;AACH,uCAAyB;AACzB,qCAA+B;AAC/B,mDAAsD;AACtD,6CAA8C;AAC9C,mCAA4C;AAC5C,iDAAqE;AAuBrE;;;;;;;;;;;GAWG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAgC,CAAC;AAErE;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC5C,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAE1E,yEAAyE;IACzE,MAAM,UAAU,GAAG,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC5D,IAAA,YAAG,EACD,GAAG,WAAW,qBAAqB,GAAG,yCAAyC,UAAU,sCAAsC,EAC/H,GAAG,EACH,MAAM,CACP,CAAC;IACF,6DAA6D;IAC7D,6DAA6D;IAC7D,kEAAkE;IAClE,kEAAkE;IAClE,0DAA0D;IAC1D,6DAA6D;IAC7D,YAAY;IACZ,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,EAAE,CAAC;IACjB,CAAC;IACD,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAEpE,IAAI,MAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAsB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,wEAAwE;QACxE,MAAM,QAAQ,GAAkB;YAC9B,aAAa,EAAE,CAAC;YAChB,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,EAAE;YACZ,eAAe,EAAE,CAAC;SACnB,CAAC;QACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;IAC3D,CAAC;IAED,MAAM,GAAG,GAAoB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9C,IAAI,EAAE,IAAA,yBAAiB,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;QACpC,IAAI,EAAE,CAAC,CAAC,SAAS;QACjB,IAAI,EAAE,CAAC,CAAC,MAAM;QACd,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;QAChE,KAAK,EAAE,CAAC,CAAC,WAAW;KACrB,CAAC,CAAC,CAAC;IAEJ,sEAAsE;IACtE,+DAA+D;IAC/D,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAEjE,yEAAyE;IACzE,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,QAAQ,EACR,YAAY,CAAC,QAAQ,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EACb,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CACd,CAAC;IAEF,MAAM,QAAQ,GAAkB;QAC9B,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,IAAI;QACd,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC;IACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;AAC3E,CAAC;AAED;;;;GAIG;AACU,QAAA,gBAAgB,GAAsC;IACjE,MAAM,EAAE,UAAU;IAClB,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC;AAEF,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC"}
1
+ {"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/analyzers/tools/gitleaks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsFA,oDAMC;AA5FD;;;;;;;;;GASG;AACH,uCAAyB;AACzB,qCAA+B;AAC/B,mDAAsD;AACtD,6CAA8C;AAC9C,mCAA4C;AAC5C,iDAAqE;AAmDrE;;;;;;;;;;;GAWG;AACH,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAgC,CAAC;AAErE;;;;;GAKG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,OAAO,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC5C,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAE1E,yEAAyE;IACzE,MAAM,UAAU,GAAG,uBAAuB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC5D,IAAA,YAAG,EACD,GAAG,WAAW,qBAAqB,GAAG,yCAAyC,UAAU,sCAAsC,EAC/H,GAAG,EACH,MAAM,CACP,CAAC;IACF,6DAA6D;IAC7D,6DAA6D;IAC7D,kEAAkE;IAClE,kEAAkE;IAClE,0DAA0D;IAC1D,6DAA6D;IAC7D,YAAY;IACZ,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,EAAE,CAAC;IACjB,CAAC;IACD,IAAA,YAAG,EAAC,UAAU,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAEpE,IAAI,MAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAsB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,wEAAwE;QACxE,MAAM,QAAQ,GAAkB;YAC9B,aAAa,EAAE,CAAC;YAChB,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,EAAE;YACZ,eAAe,EAAE,CAAC;SACnB,CAAC;QACF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC3E,CAAC;IAMD,MAAM,QAAQ,GAAe,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAE;YACP,IAAI,EAAE,IAAA,yBAAiB,EAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC;YACpC,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,IAAI,EAAE,CAAC,CAAC,MAAM;YACd,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;YAChE,KAAK,EAAE,CAAC,CAAC,WAAW;SACrB;QACD,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC,CAAC,CAAC;IAEJ,sEAAsE;IACtE,+DAA+D;IAC/D,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAA,2BAAc,EAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IAEtF,yEAAyE;IACzE,MAAM,YAAY,GAAG,IAAA,+BAAgB,EAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAC5C,gBAAgB,EAChB,YAAY,CAAC,QAAQ,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CACtB,CAAC;IAEF,MAAM,QAAQ,GAAkB;QAC9B,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QACpC,eAAe,EAAE,UAAU,CAAC,MAAM;KACnC,CAAC;IACF,MAAM,UAAU,GAAwB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvD,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;QACpB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;QACpB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC,CAAC,CAAC;IACJ,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;AACvF,CAAC;AAED;;;;GAIG;AACU,QAAA,gBAAgB,GAAsC;IACjE,MAAM,EAAE,UAAU;IAClB,KAAK,CAAC,MAAM,CAAC,GAAG;QACd,MAAM,OAAO,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;QAC1C,OAAO,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;CACF,CAAC;AAEF,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"graphify.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/graphify.ts"],"names":[],"mappings":"AAwBA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAE3E,UAAU,cAAc;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAgLD;;;;;;;GAOG;AACH,MAAM,MAAM,uBAAuB,GAC/B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,gBAAgB,CAAA;CAAE,GAC/C;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAa5C;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAMxF;AA6ED;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAiBzF;AAED;;;;GAIG;AAOH,eAAO,MAAM,gBAAgB,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,GAAG;IACpE,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CAU9D,CAAC"}
1
+ {"version":3,"file":"graphify.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/graphify.ts"],"names":[],"mappings":"AAwBA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAE3E,UAAU,cAAc;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAoLD;;;;;;;GAOG;AACH,MAAM,MAAM,uBAAuB,GAC/B;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,QAAQ,EAAE,gBAAgB,CAAA;CAAE,GAC/C;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAa5C;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAMxF;AA6ED;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAiBzF;AAED;;;;GAIG;AAOH,eAAO,MAAM,gBAAgB,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,GAAG;IACpE,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAAC;CAU9D,CAAC"}