@vyuhlabs/dxkit 2.4.8 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (319) hide show
  1. package/CHANGELOG.md +312 -0
  2. package/README.md +360 -439
  3. package/dist/analyzers/security/aggregator.d.ts.map +1 -1
  4. package/dist/analyzers/security/aggregator.js +4 -46
  5. package/dist/analyzers/security/aggregator.js.map +1 -1
  6. package/dist/analyzers/tools/fingerprint.d.ts +91 -26
  7. package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
  8. package/dist/analyzers/tools/fingerprint.js +111 -22
  9. package/dist/analyzers/tools/fingerprint.js.map +1 -1
  10. package/dist/analyzers/tools/generic.d.ts.map +1 -1
  11. package/dist/analyzers/tools/generic.js +6 -1
  12. package/dist/analyzers/tools/generic.js.map +1 -1
  13. package/dist/analyzers/tools/gitleaks.d.ts +24 -1
  14. package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
  15. package/dist/analyzers/tools/gitleaks.js +20 -11
  16. package/dist/analyzers/tools/gitleaks.js.map +1 -1
  17. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  18. package/dist/analyzers/tools/graphify.js +9 -5
  19. package/dist/analyzers/tools/graphify.js.map +1 -1
  20. package/dist/analyzers/tools/tool-registry.d.ts +19 -1
  21. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  22. package/dist/analyzers/tools/tool-registry.js +25 -0
  23. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  24. package/dist/analyzers/types.d.ts +6 -4
  25. package/dist/analyzers/types.d.ts.map +1 -1
  26. package/dist/baseline/baseline-file.d.ts +104 -0
  27. package/dist/baseline/baseline-file.d.ts.map +1 -0
  28. package/dist/baseline/baseline-file.js +110 -0
  29. package/dist/baseline/baseline-file.js.map +1 -0
  30. package/dist/baseline/check-renderers.d.ts +108 -0
  31. package/dist/baseline/check-renderers.d.ts.map +1 -0
  32. package/dist/baseline/check-renderers.js +379 -0
  33. package/dist/baseline/check-renderers.js.map +1 -0
  34. package/dist/baseline/check.d.ts +127 -0
  35. package/dist/baseline/check.d.ts.map +1 -0
  36. package/dist/baseline/check.js +462 -0
  37. package/dist/baseline/check.js.map +1 -0
  38. package/dist/baseline/content-hash.d.ts +83 -0
  39. package/dist/baseline/content-hash.d.ts.map +1 -0
  40. package/dist/baseline/content-hash.js +131 -0
  41. package/dist/baseline/content-hash.js.map +1 -0
  42. package/dist/baseline/create.d.ts +96 -0
  43. package/dist/baseline/create.d.ts.map +1 -0
  44. package/dist/baseline/create.js +339 -0
  45. package/dist/baseline/create.js.map +1 -0
  46. package/dist/baseline/entry-to-located.d.ts +35 -0
  47. package/dist/baseline/entry-to-located.d.ts.map +1 -0
  48. package/dist/baseline/entry-to-located.js +72 -0
  49. package/dist/baseline/entry-to-located.js.map +1 -0
  50. package/dist/baseline/finding-identity.d.ts +47 -0
  51. package/dist/baseline/finding-identity.d.ts.map +1 -0
  52. package/dist/baseline/finding-identity.js +292 -0
  53. package/dist/baseline/finding-identity.js.map +1 -0
  54. package/dist/baseline/git-aware-match.d.ts +146 -0
  55. package/dist/baseline/git-aware-match.d.ts.map +1 -0
  56. package/dist/baseline/git-aware-match.js +439 -0
  57. package/dist/baseline/git-aware-match.js.map +1 -0
  58. package/dist/baseline/policy.d.ts +171 -0
  59. package/dist/baseline/policy.d.ts.map +1 -0
  60. package/dist/baseline/policy.js +206 -0
  61. package/dist/baseline/policy.js.map +1 -0
  62. package/dist/baseline/producers/health.d.ts +30 -0
  63. package/dist/baseline/producers/health.d.ts.map +1 -0
  64. package/dist/baseline/producers/health.js +42 -0
  65. package/dist/baseline/producers/health.js.map +1 -0
  66. package/dist/baseline/producers/index.d.ts +164 -0
  67. package/dist/baseline/producers/index.d.ts.map +1 -0
  68. package/dist/baseline/producers/index.js +200 -0
  69. package/dist/baseline/producers/index.js.map +1 -0
  70. package/dist/baseline/producers/licenses.d.ts +23 -0
  71. package/dist/baseline/producers/licenses.d.ts.map +1 -0
  72. package/dist/baseline/producers/licenses.js +46 -0
  73. package/dist/baseline/producers/licenses.js.map +1 -0
  74. package/dist/baseline/producers/quality.d.ts +39 -0
  75. package/dist/baseline/producers/quality.d.ts.map +1 -0
  76. package/dist/baseline/producers/quality.js +84 -0
  77. package/dist/baseline/producers/quality.js.map +1 -0
  78. package/dist/baseline/producers/secret-hmac.d.ts +45 -0
  79. package/dist/baseline/producers/secret-hmac.d.ts.map +1 -0
  80. package/dist/baseline/producers/secret-hmac.js +70 -0
  81. package/dist/baseline/producers/secret-hmac.js.map +1 -0
  82. package/dist/baseline/producers/security.d.ts +59 -0
  83. package/dist/baseline/producers/security.d.ts.map +1 -0
  84. package/dist/baseline/producers/security.js +135 -0
  85. package/dist/baseline/producers/security.js.map +1 -0
  86. package/dist/baseline/producers/tests.d.ts +36 -0
  87. package/dist/baseline/producers/tests.d.ts.map +1 -0
  88. package/dist/baseline/producers/tests.js +69 -0
  89. package/dist/baseline/producers/tests.js.map +1 -0
  90. package/dist/baseline/salt.d.ts +45 -0
  91. package/dist/baseline/salt.d.ts.map +1 -0
  92. package/dist/baseline/salt.js +113 -0
  93. package/dist/baseline/salt.js.map +1 -0
  94. package/dist/baseline/show.d.ts +79 -0
  95. package/dist/baseline/show.d.ts.map +1 -0
  96. package/dist/baseline/show.js +233 -0
  97. package/dist/baseline/show.js.map +1 -0
  98. package/dist/baseline/types.d.ts +482 -0
  99. package/dist/baseline/types.d.ts.map +1 -0
  100. package/dist/baseline/types.js +53 -0
  101. package/dist/baseline/types.js.map +1 -0
  102. package/dist/cli.d.ts.map +1 -1
  103. package/dist/cli.js +398 -82
  104. package/dist/cli.js.map +1 -1
  105. package/dist/constants.d.ts.map +1 -1
  106. package/dist/constants.js +0 -4
  107. package/dist/constants.js.map +1 -1
  108. package/dist/doctor.d.ts.map +1 -1
  109. package/dist/doctor.js +39 -35
  110. package/dist/doctor.js.map +1 -1
  111. package/dist/fail-on.d.ts +84 -0
  112. package/dist/fail-on.d.ts.map +1 -0
  113. package/dist/fail-on.js +128 -0
  114. package/dist/fail-on.js.map +1 -0
  115. package/dist/generator.d.ts +1 -1
  116. package/dist/generator.d.ts.map +1 -1
  117. package/dist/generator.js +81 -274
  118. package/dist/generator.js.map +1 -1
  119. package/dist/hooks-cli.d.ts +20 -0
  120. package/dist/hooks-cli.d.ts.map +1 -0
  121. package/dist/hooks-cli.js +145 -0
  122. package/dist/hooks-cli.js.map +1 -0
  123. package/dist/languages/csharp.d.ts.map +1 -1
  124. package/dist/languages/csharp.js +4 -9
  125. package/dist/languages/csharp.js.map +1 -1
  126. package/dist/languages/go.d.ts.map +1 -1
  127. package/dist/languages/go.js +3 -14
  128. package/dist/languages/go.js.map +1 -1
  129. package/dist/languages/index.d.ts +19 -1
  130. package/dist/languages/index.d.ts.map +1 -1
  131. package/dist/languages/index.js +32 -0
  132. package/dist/languages/index.js.map +1 -1
  133. package/dist/languages/java.d.ts.map +1 -1
  134. package/dist/languages/java.js +4 -6
  135. package/dist/languages/java.js.map +1 -1
  136. package/dist/languages/kotlin.d.ts.map +1 -1
  137. package/dist/languages/kotlin.js +9 -11
  138. package/dist/languages/kotlin.js.map +1 -1
  139. package/dist/languages/python.d.ts.map +1 -1
  140. package/dist/languages/python.js +4 -15
  141. package/dist/languages/python.js.map +1 -1
  142. package/dist/languages/ruby.d.ts.map +1 -1
  143. package/dist/languages/ruby.js +4 -6
  144. package/dist/languages/ruby.js.map +1 -1
  145. package/dist/languages/rust.d.ts.map +1 -1
  146. package/dist/languages/rust.js +4 -4
  147. package/dist/languages/rust.js.map +1 -1
  148. package/dist/languages/types.d.ts +29 -28
  149. package/dist/languages/types.d.ts.map +1 -1
  150. package/dist/languages/typescript.d.ts.map +1 -1
  151. package/dist/languages/typescript.js +31 -4
  152. package/dist/languages/typescript.js.map +1 -1
  153. package/dist/lib.d.ts +2 -3
  154. package/dist/lib.d.ts.map +1 -1
  155. package/dist/lib.js +3 -6
  156. package/dist/lib.js.map +1 -1
  157. package/dist/prompts.d.ts.map +1 -1
  158. package/dist/prompts.js +0 -10
  159. package/dist/prompts.js.map +1 -1
  160. package/dist/report-schema.d.ts +42 -0
  161. package/dist/report-schema.d.ts.map +1 -0
  162. package/dist/report-schema.js +54 -0
  163. package/dist/report-schema.js.map +1 -0
  164. package/dist/ship-installers.d.ts +112 -0
  165. package/dist/ship-installers.d.ts.map +1 -0
  166. package/dist/ship-installers.js +530 -0
  167. package/dist/ship-installers.js.map +1 -0
  168. package/dist/tools-cli.d.ts.map +1 -1
  169. package/dist/tools-cli.js +45 -9
  170. package/dist/tools-cli.js.map +1 -1
  171. package/dist/types.d.ts +0 -4
  172. package/dist/types.d.ts.map +1 -1
  173. package/dist/update.d.ts.map +1 -1
  174. package/dist/update.js +0 -4
  175. package/dist/update.js.map +1 -1
  176. package/package.json +17 -11
  177. package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
  178. package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
  179. package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
  180. package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
  181. package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
  182. package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
  183. package/templates/.devcontainer/devcontainer.json +55 -0
  184. package/templates/.devcontainer/install-agent-clis.sh +42 -0
  185. package/templates/.devcontainer/post-create.sh +81 -0
  186. package/templates/.githooks/pre-commit +55 -0
  187. package/templates/.githooks/pre-push +63 -0
  188. package/templates/.github/workflows/dxkit-baseline-refresh.yml +78 -0
  189. package/templates/.github/workflows/dxkit-guardrails.yml +98 -0
  190. package/templates/AGENTS.md.template +137 -0
  191. package/templates/CLAUDE.md.template +16 -245
  192. package/dist/codebase-scanner.d.ts +0 -36
  193. package/dist/codebase-scanner.d.ts.map +0 -1
  194. package/dist/codebase-scanner.js +0 -688
  195. package/dist/codebase-scanner.js.map +0 -1
  196. package/dist/project-yaml.d.ts +0 -13
  197. package/dist/project-yaml.d.ts.map +0 -1
  198. package/dist/project-yaml.js +0 -188
  199. package/dist/project-yaml.js.map +0 -1
  200. package/templates/.ai/README.md +0 -117
  201. package/templates/.ai/prompts/execution-prompt.md +0 -9
  202. package/templates/.ai/prompts/planning-prompt.md +0 -18
  203. package/templates/.ai/prompts/session-end-template.md +0 -182
  204. package/templates/.ai/prompts/session-end.md +0 -132
  205. package/templates/.ai/prompts/session-start.md +0 -109
  206. package/templates/.ai/prompts/step-by-step.md +0 -113
  207. package/templates/.ai/sessions/.gitkeep +0 -0
  208. package/templates/.claude/agents/doc-writer.md +0 -107
  209. package/templates/.claude/agents/knowledge-bot.md +0 -64
  210. package/templates/.claude/agents/onboarding.md +0 -61
  211. package/templates/.claude/agents/quality-reviewer.md +0 -85
  212. package/templates/.claude/agents-available/code-reviewer.md +0 -29
  213. package/templates/.claude/agents-available/codebase-explorer.md +0 -100
  214. package/templates/.claude/agents-available/dashboard-builder.md +0 -433
  215. package/templates/.claude/agents-available/debugger.md +0 -29
  216. package/templates/.claude/agents-available/dependency-mapper.md +0 -80
  217. package/templates/.claude/agents-available/dev-report.md +0 -108
  218. package/templates/.claude/agents-available/doc-writer.md +0 -107
  219. package/templates/.claude/agents-available/feature-builder.md +0 -163
  220. package/templates/.claude/agents-available/feature-planner.md +0 -185
  221. package/templates/.claude/agents-available/health-auditor.md +0 -95
  222. package/templates/.claude/agents-available/hooks-configurator.md +0 -211
  223. package/templates/.claude/agents-available/knowledge-bot.md +0 -62
  224. package/templates/.claude/agents-available/plan-executor.md +0 -133
  225. package/templates/.claude/agents-available/strategic-planner.md +0 -141
  226. package/templates/.claude/agents-available/test-gap-finder.md +0 -67
  227. package/templates/.claude/agents-available/test-writer.md +0 -34
  228. package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
  229. package/templates/.claude/commands/ask.md +0 -7
  230. package/templates/.claude/commands/build-feature.md +0 -26
  231. package/templates/.claude/commands/build.md.template +0 -30
  232. package/templates/.claude/commands/check.md.template +0 -43
  233. package/templates/.claude/commands/dashboard.md +0 -28
  234. package/templates/.claude/commands/deps.md +0 -15
  235. package/templates/.claude/commands/dev-report.md +0 -50
  236. package/templates/.claude/commands/docs.md +0 -21
  237. package/templates/.claude/commands/doctor.md +0 -21
  238. package/templates/.claude/commands/enable-agent.md +0 -12
  239. package/templates/.claude/commands/execute-plan.md +0 -25
  240. package/templates/.claude/commands/explore-codebase.md +0 -12
  241. package/templates/.claude/commands/export-pdf.md +0 -30
  242. package/templates/.claude/commands/feature.md +0 -25
  243. package/templates/.claude/commands/fix-issue.md +0 -12
  244. package/templates/.claude/commands/fix.md.template +0 -32
  245. package/templates/.claude/commands/health.md +0 -58
  246. package/templates/.claude/commands/help.md +0 -36
  247. package/templates/.claude/commands/learn.md +0 -48
  248. package/templates/.claude/commands/onboarding.md +0 -21
  249. package/templates/.claude/commands/plan.md +0 -20
  250. package/templates/.claude/commands/quality.md.template +0 -65
  251. package/templates/.claude/commands/session-end.md +0 -40
  252. package/templates/.claude/commands/session-start.md +0 -30
  253. package/templates/.claude/commands/setup-hooks.md +0 -18
  254. package/templates/.claude/commands/setup-pr-review.md +0 -72
  255. package/templates/.claude/commands/stealth-mode.md +0 -17
  256. package/templates/.claude/commands/test-gaps.md +0 -49
  257. package/templates/.claude/commands/test.md.template +0 -40
  258. package/templates/.claude/commands/vulnerabilities.md +0 -49
  259. package/templates/.claude/skills/build/SKILL.md.template +0 -98
  260. package/templates/.claude/skills/deploy/SKILL.md.template +0 -131
  261. package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
  262. package/templates/.claude/skills/doctor/SKILL.md +0 -54
  263. package/templates/.claude/skills/gcloud/SKILL.md +0 -66
  264. package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
  265. package/templates/.claude/skills/learned/SKILL.md +0 -55
  266. package/templates/.claude/skills/learned/references/conventions.md +0 -11
  267. package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
  268. package/templates/.claude/skills/learned/references/gotchas.md +0 -11
  269. package/templates/.claude/skills/pulumi/SKILL.md +0 -73
  270. package/templates/.claude/skills/quality/SKILL.md.template +0 -108
  271. package/templates/.claude/skills/quality/references/gotchas.md +0 -5
  272. package/templates/.claude/skills/review/SKILL.md.template +0 -73
  273. package/templates/.claude/skills/scaffold/SKILL.md.template +0 -123
  274. package/templates/.claude/skills/secrets/SKILL.md +0 -52
  275. package/templates/.claude/skills/session/SKILL.md +0 -43
  276. package/templates/.claude/skills/test/SKILL.md.template +0 -122
  277. package/templates/.claude/skills/test/references/gotchas.md +0 -5
  278. package/templates/.devcontainer/Dockerfile.dev.template +0 -89
  279. package/templates/.devcontainer/devcontainer.json.template +0 -184
  280. package/templates/.devcontainer/docker-compose.yml.template +0 -105
  281. package/templates/.devcontainer/init-scripts/01-init.sql.template +0 -12
  282. package/templates/.devcontainer/post-create.sh.template +0 -298
  283. package/templates/.github/workflows/ci.yml.template +0 -399
  284. package/templates/.github/workflows/quality.yml.template +0 -376
  285. package/templates/.pre-commit-config.yaml.template +0 -106
  286. package/templates/.project/config/edit_config.py +0 -275
  287. package/templates/.project/config/project_config.py +0 -894
  288. package/templates/.project/scripts/codegen/generate-all.sh +0 -20
  289. package/templates/.project/scripts/codegen/validate-all.sh +0 -17
  290. package/templates/.project/scripts/docs/generate-all.sh +0 -30
  291. package/templates/.project/scripts/docs/serve.sh +0 -20
  292. package/templates/.project/scripts/quality/fix-all.sh +0 -138
  293. package/templates/.project/scripts/quality/lint-go.sh +0 -34
  294. package/templates/.project/scripts/quality/lint-python.sh +0 -54
  295. package/templates/.project/scripts/quality/run-all.sh +0 -497
  296. package/templates/.project/scripts/session/commit.sh +0 -70
  297. package/templates/.project/scripts/session/create-pr.sh +0 -165
  298. package/templates/.project/scripts/session/end.sh +0 -207
  299. package/templates/.project/scripts/session/start.sh +0 -233
  300. package/templates/.project/scripts/setup/doctor.sh +0 -404
  301. package/templates/.project/scripts/setup/interactive-setup.sh +0 -585
  302. package/templates/.project/scripts/sync/sync-template.sh +0 -328
  303. package/templates/.project/scripts/test/run-all.sh +0 -179
  304. package/templates/.project/scripts/test/run-quick.sh +0 -25
  305. package/templates/Makefile +0 -514
  306. package/templates/config/versions.yaml +0 -57
  307. package/templates/configs/go/.golangci.yml.template +0 -172
  308. package/templates/configs/go/go.mod.template +0 -15
  309. package/templates/configs/java/README.md +0 -6
  310. package/templates/configs/kotlin/README.md +0 -6
  311. package/templates/configs/node/package.json.template +0 -67
  312. package/templates/configs/node/tsconfig.json.template +0 -53
  313. package/templates/configs/python/pyproject.toml.template +0 -92
  314. package/templates/configs/python/pytest.ini.template +0 -64
  315. package/templates/configs/python/ruff.toml.template +0 -79
  316. package/templates/configs/ruby/README.md +0 -6
  317. package/templates/configs/rust/Cargo.toml.template +0 -51
  318. package/templates/configs/shared/.editorconfig +0 -67
  319. package/templates/scripts/validate-templates.sh +0 -449
@@ -0,0 +1,379 @@
1
+ "use strict";
2
+ /**
3
+ * Output renderers for `vyuh-dxkit guardrail check`.
4
+ *
5
+ * Three target surfaces, one shared `GuardrailCheckResult`:
6
+ *
7
+ * - **Console** (`renderConsole`) — human-readable text for
8
+ * terminal output. Grouped by verdict (blocking / warning /
9
+ * informational), each pair showing status + kind + locator +
10
+ * severity + reason chain. Color codes via the shared logger
11
+ * palette so output blends with the rest of dxkit's CLI.
12
+ *
13
+ * - **JSON** (`renderJson`) — schema-stable machine-readable
14
+ * payload (top-level `schema: 'dxkit.guardrail-check.v1'`).
15
+ * Designed for AI agents and CI runners that need to programmatically
16
+ * decide what to do. Includes the matcher's per-pair detail,
17
+ * classifier verdicts, envelope drift, and the resolved policy.
18
+ *
19
+ * - **Markdown** (`renderMarkdown`) — Phase 4 PR-comment template.
20
+ * Compact, table-heavy, status-banner-first. Renders into the
21
+ * `dxkit-guardrails.yml` workflow's PR comment unchanged. No
22
+ * emojis (bot-friendly; Phase 4 templates can layer presentation
23
+ * on top).
24
+ *
25
+ * Pure modules. No I/O — callers handle stdout writing, file
26
+ * writing, or PR-comment posting.
27
+ */
28
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
29
+ if (k2 === undefined) k2 = k;
30
+ var desc = Object.getOwnPropertyDescriptor(m, k);
31
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
32
+ desc = { enumerable: true, get: function() { return m[k]; } };
33
+ }
34
+ Object.defineProperty(o, k2, desc);
35
+ }) : (function(o, m, k, k2) {
36
+ if (k2 === undefined) k2 = k;
37
+ o[k2] = m[k];
38
+ }));
39
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
40
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
41
+ }) : function(o, v) {
42
+ o["default"] = v;
43
+ });
44
+ var __importStar = (this && this.__importStar) || (function () {
45
+ var ownKeys = function(o) {
46
+ ownKeys = Object.getOwnPropertyNames || function (o) {
47
+ var ar = [];
48
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
49
+ return ar;
50
+ };
51
+ return ownKeys(o);
52
+ };
53
+ return function (mod) {
54
+ if (mod && mod.__esModule) return mod;
55
+ var result = {};
56
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
57
+ __setModuleDefault(result, mod);
58
+ return result;
59
+ };
60
+ })();
61
+ Object.defineProperty(exports, "__esModule", { value: true });
62
+ exports.GUARDRAIL_JSON_SCHEMA = void 0;
63
+ exports.renderConsole = renderConsole;
64
+ exports.renderJson = renderJson;
65
+ exports.renderMarkdown = renderMarkdown;
66
+ const logger = __importStar(require("../logger"));
67
+ // ─── Console renderer ─────────────────────────────────────────────────────
68
+ /**
69
+ * Render the check result as a human-readable text block. Returns a
70
+ * single multi-line string; callers route it to stdout.
71
+ */
72
+ function renderConsole(result) {
73
+ const lines = [];
74
+ // Verdict banner. Single line at the top so a developer skimming
75
+ // terminal output sees pass/fail without scrolling.
76
+ lines.push(verdictBanner(result));
77
+ lines.push('');
78
+ // Provenance: what was compared against what. Inline so the user
79
+ // can verify they're checking against the intended baseline.
80
+ lines.push(logger.bold('Baseline'));
81
+ lines.push(` Path: ${result.baselinePath}`);
82
+ lines.push(` Name: ${result.baseline.name}`);
83
+ lines.push(` Captured: ${result.baseline.createdAt}`);
84
+ lines.push(` Commit: ${shortSha(result.baseline.repo.commitSha)} (${result.baseline.repo.branch || 'detached'})`);
85
+ lines.push(` Findings: ${result.baseline.findings.length}`);
86
+ lines.push('');
87
+ lines.push(logger.bold('Current'));
88
+ lines.push(` Commit: ${shortSha(result.current.repoState.commitSha)}`);
89
+ lines.push(` Findings: ${result.current.findings.length}`);
90
+ lines.push(` Matcher: ${result.matchResult.gitAware ? 'git-aware' : `degraded (${result.matchResult.degradedReason ?? 'unknown reason'})`}`);
91
+ lines.push('');
92
+ const driftLines = formatDrift(result.envelopeDrift);
93
+ if (driftLines.length > 0) {
94
+ lines.push(logger.bold('Envelope drift'));
95
+ for (const l of driftLines)
96
+ lines.push(` ${l}`);
97
+ lines.push('');
98
+ }
99
+ // Group + render pairs by verdict bucket. Buckets ordered so the
100
+ // most actionable surfaces first.
101
+ const blocking = result.pairs.filter((p) => p.classification.blocks);
102
+ const warning = result.pairs.filter((p) => !p.classification.blocks && p.classification.warns);
103
+ const persisted = result.pairs.filter((p) => !p.classification.blocks &&
104
+ !p.classification.warns &&
105
+ (p.classification.status === 'persisted' || p.classification.status === 'relocated'));
106
+ const removed = result.pairs.filter((p) => p.classification.status === 'removed');
107
+ if (blocking.length > 0) {
108
+ lines.push(logger.bold(`Blocking (${blocking.length})`));
109
+ for (const p of blocking)
110
+ lines.push(...formatPairLines(p, ' '));
111
+ lines.push('');
112
+ }
113
+ if (warning.length > 0) {
114
+ lines.push(logger.bold(`Warnings (${warning.length})`));
115
+ for (const p of warning)
116
+ lines.push(...formatPairLines(p, ' '));
117
+ lines.push('');
118
+ }
119
+ if (removed.length > 0) {
120
+ lines.push(logger.bold(`Resolved (${removed.length})`));
121
+ for (const p of removed)
122
+ lines.push(...formatPairLines(p, ' '));
123
+ lines.push('');
124
+ }
125
+ // Always show a summary footer — sets expectations for what
126
+ // happens next (exit code, what to read on a fail).
127
+ lines.push(logger.bold('Summary'));
128
+ lines.push(` Pairs: ${result.pairs.length} (blocking: ${blocking.length}, ` +
129
+ `warning: ${warning.length}, persisted: ${persisted.length}, ` +
130
+ `resolved: ${removed.length})`);
131
+ lines.push(` Verdict: ${result.blocks ? 'BLOCKED' : result.warns ? 'PASSED (with warnings)' : 'PASSED'}`);
132
+ lines.push(` Exit code: ${result.blocks ? 1 : 0}`);
133
+ if (result.blocks) {
134
+ lines.push('');
135
+ lines.push(` Re-run with --json for a machine-readable payload, or --markdown to capture a PR-comment-friendly report.`);
136
+ }
137
+ return lines.join('\n');
138
+ }
139
+ function verdictBanner(result) {
140
+ if (result.blocks) {
141
+ const count = result.pairs.filter((p) => p.classification.blocks).length;
142
+ return logger.bold(`Guardrail BLOCKED — ${count} new regression${count === 1 ? '' : 's'}`);
143
+ }
144
+ if (result.warns) {
145
+ const count = result.pairs.filter((p) => p.classification.warns).length;
146
+ return logger.bold(`Guardrail PASSED — ${count} warning${count === 1 ? '' : 's'}`);
147
+ }
148
+ return logger.bold('Guardrail PASSED');
149
+ }
150
+ function formatPairLines(p, indent) {
151
+ const out = [];
152
+ const loc = locatorProse(p);
153
+ const sev = p.severity ? `[${p.severity}]` : '';
154
+ const conf = p.pair.confidence < 1 ? ` (${p.pair.confidence.toFixed(2)})` : '';
155
+ out.push(`${indent}${statusLabel(p.classification.status)} ${sev} ${p.kind} ${loc}${conf}`
156
+ .replace(/\s+/g, ' ')
157
+ .trim());
158
+ for (const r of p.classification.reasons) {
159
+ out.push(`${indent} · ${r.code}: ${r.detail}`);
160
+ }
161
+ return out;
162
+ }
163
+ function statusLabel(status) {
164
+ switch (status) {
165
+ case 'added':
166
+ return 'ADDED';
167
+ case 'removed':
168
+ return 'RESOLVED';
169
+ case 'persisted':
170
+ return 'PERSISTED';
171
+ case 'relocated':
172
+ return 'RELOCATED';
173
+ case 'tooling_drift':
174
+ return 'TOOLING-DRIFT';
175
+ case 'config_drift':
176
+ return 'CONFIG-DRIFT';
177
+ case 'newly_detected':
178
+ return 'NEWLY-DETECTED';
179
+ case 'probable_existing':
180
+ return 'PROBABLE-EXISTING';
181
+ case 'uncertain':
182
+ return 'UNCERTAIN';
183
+ case 'fixed':
184
+ return 'FIXED';
185
+ }
186
+ }
187
+ function locatorProse(p) {
188
+ if (p.file === undefined)
189
+ return '';
190
+ return p.line !== undefined && p.line > 0 ? `${p.file}:${p.line}` : p.file;
191
+ }
192
+ function shortSha(sha) {
193
+ if (!sha)
194
+ return '(no-commit)';
195
+ return sha.slice(0, 8);
196
+ }
197
+ function formatDrift(drift) {
198
+ const out = [];
199
+ if (drift.dxkitVersionChanged)
200
+ out.push('dxkit version changed since baseline capture');
201
+ if (drift.toolchainHashChanged)
202
+ out.push('toolchainHash changed');
203
+ if (drift.policyHashChanged)
204
+ out.push('policy hash changed');
205
+ if (drift.ignoreHashChanged)
206
+ out.push('.dxkit-ignore changed');
207
+ if (drift.configHashChanged)
208
+ out.push('.vyuh-dxkit.json changed');
209
+ for (const d of drift.toolVersionDiffs) {
210
+ out.push(`tool drift: ${d.tool} ${d.baselineVersion ?? '(absent)'} → ${d.currentVersion ?? '(absent)'}`);
211
+ }
212
+ return out;
213
+ }
214
+ // ─── JSON renderer ────────────────────────────────────────────────────────
215
+ exports.GUARDRAIL_JSON_SCHEMA = 'dxkit.guardrail-check.v1';
216
+ function renderJson(result) {
217
+ const blocking = result.pairs.filter((p) => p.classification.blocks).length;
218
+ const warning = result.pairs.filter((p) => !p.classification.blocks && p.classification.warns).length;
219
+ const persisted = result.pairs.filter((p) => !p.classification.blocks &&
220
+ !p.classification.warns &&
221
+ (p.classification.status === 'persisted' || p.classification.status === 'relocated')).length;
222
+ const resolved = result.pairs.filter((p) => p.classification.status === 'removed').length;
223
+ return {
224
+ schema: exports.GUARDRAIL_JSON_SCHEMA,
225
+ verdict: { blocks: result.blocks, warns: result.warns, exitCode: result.blocks ? 1 : 0 },
226
+ baseline: {
227
+ path: result.baselinePath,
228
+ name: result.baseline.name,
229
+ createdAt: result.baseline.createdAt,
230
+ commitSha: result.baseline.repo.commitSha,
231
+ branch: result.baseline.repo.branch,
232
+ findingsCount: result.baseline.findings.length,
233
+ },
234
+ current: {
235
+ commitSha: result.current.repoState.commitSha,
236
+ branch: result.current.repoState.branch,
237
+ findingsCount: result.current.findings.length,
238
+ },
239
+ matcher: {
240
+ gitAware: result.matchResult.gitAware,
241
+ ...(result.matchResult.degradedReason
242
+ ? { degradedReason: result.matchResult.degradedReason }
243
+ : {}),
244
+ },
245
+ envelopeDrift: result.envelopeDrift,
246
+ policy: {
247
+ mode: result.policy.mode,
248
+ block: result.policy.block,
249
+ warn: result.policy.warn,
250
+ confidence: result.policy.confidence,
251
+ blockRules: result.policy.blockRules,
252
+ },
253
+ summary: {
254
+ pairs: result.pairs.length,
255
+ blocking,
256
+ warning,
257
+ persisted,
258
+ resolved,
259
+ },
260
+ pairs: result.pairs.map((p) => ({
261
+ status: p.classification.status,
262
+ blocks: p.classification.blocks,
263
+ warns: p.classification.warns,
264
+ ...(p.pair.priorId !== undefined ? { priorId: p.pair.priorId } : {}),
265
+ ...(p.pair.currentId !== undefined ? { currentId: p.pair.currentId } : {}),
266
+ confidence: p.pair.confidence,
267
+ kind: p.kind,
268
+ ...(p.severity !== undefined ? { severity: p.severity } : {}),
269
+ ...(p.file !== undefined ? { file: p.file } : {}),
270
+ ...(p.line !== undefined ? { line: p.line } : {}),
271
+ ...(p.overlapsChangedLines !== undefined
272
+ ? { overlapsChangedLines: p.overlapsChangedLines }
273
+ : {}),
274
+ reasons: p.classification.reasons,
275
+ })),
276
+ };
277
+ }
278
+ // ─── Markdown renderer ────────────────────────────────────────────────────
279
+ /**
280
+ * PR-comment-friendly markdown. Phase 4's GitHub Actions workflow
281
+ * pastes the output verbatim into a PR comment. Format:
282
+ *
283
+ * ## Guardrail: PASSED / BLOCKED
284
+ * one-line summary
285
+ * <blocking findings table, when any>
286
+ * <warnings collapsible section, when any>
287
+ * <drift signal callout, when envelope drifted>
288
+ * <provenance footnote>
289
+ */
290
+ function renderMarkdown(result) {
291
+ const lines = [];
292
+ const blocking = result.pairs.filter((p) => p.classification.blocks);
293
+ const warning = result.pairs.filter((p) => !p.classification.blocks && p.classification.warns);
294
+ const resolved = result.pairs.filter((p) => p.classification.status === 'removed');
295
+ const verdict = result.blocks ? 'BLOCKED' : result.warns ? 'PASSED (with warnings)' : 'PASSED';
296
+ lines.push(`## Guardrail: ${verdict}`);
297
+ lines.push('');
298
+ lines.push(summarySentence(result, blocking.length, warning.length, resolved.length));
299
+ lines.push('');
300
+ if (blocking.length > 0) {
301
+ lines.push('### Blocking findings');
302
+ lines.push('');
303
+ lines.push('| Status | Kind | Severity | Location | Reason |');
304
+ lines.push('|---|---|---|---|---|');
305
+ for (const p of blocking)
306
+ lines.push(markdownPairRow(p));
307
+ lines.push('');
308
+ }
309
+ if (warning.length > 0) {
310
+ lines.push('<details>');
311
+ lines.push(`<summary>Warnings (${warning.length})</summary>`);
312
+ lines.push('');
313
+ lines.push('| Status | Kind | Severity | Location | Reason |');
314
+ lines.push('|---|---|---|---|---|');
315
+ for (const p of warning)
316
+ lines.push(markdownPairRow(p));
317
+ lines.push('');
318
+ lines.push('</details>');
319
+ lines.push('');
320
+ }
321
+ const driftLines = formatDrift(result.envelopeDrift);
322
+ if (driftLines.length > 0) {
323
+ lines.push('### Envelope drift');
324
+ lines.push('');
325
+ for (const l of driftLines)
326
+ lines.push(`- ${l}`);
327
+ lines.push('');
328
+ }
329
+ if (resolved.length > 0) {
330
+ lines.push('<details>');
331
+ lines.push(`<summary>Resolved (${resolved.length})</summary>`);
332
+ lines.push('');
333
+ lines.push('| Kind | Location |');
334
+ lines.push('|---|---|');
335
+ for (const p of resolved) {
336
+ lines.push(`| ${escapeMd(p.kind)} | ${escapeMd(locatorProse(p) || '—')} |`);
337
+ }
338
+ lines.push('');
339
+ lines.push('</details>');
340
+ lines.push('');
341
+ }
342
+ lines.push('---');
343
+ lines.push('');
344
+ lines.push(`_Baseline_: \`${escapeMd(result.baseline.name)}\` @ ${shortSha(result.baseline.repo.commitSha)} · ` +
345
+ `_Current_: ${shortSha(result.current.repoState.commitSha)} · ` +
346
+ `_Matcher_: ${result.matchResult.gitAware ? 'git-aware' : 'degraded'} · ` +
347
+ `_dxkit_: ${escapeMd(result.current.analysisMeta.dxkitVersion)}`);
348
+ return lines.join('\n');
349
+ }
350
+ function summarySentence(result, blockingCount, warningCount, resolvedCount) {
351
+ const parts = [];
352
+ if (blockingCount > 0) {
353
+ parts.push(`${blockingCount} new regression${blockingCount === 1 ? '' : 's'}`);
354
+ }
355
+ if (warningCount > 0)
356
+ parts.push(`${warningCount} warning${warningCount === 1 ? '' : 's'}`);
357
+ if (resolvedCount > 0)
358
+ parts.push(`${resolvedCount} resolved`);
359
+ if (parts.length === 0) {
360
+ return `No changes from baseline (${result.pairs.length} pair${result.pairs.length === 1 ? '' : 's'} checked).`;
361
+ }
362
+ return parts.join(', ') + '.';
363
+ }
364
+ function markdownPairRow(p) {
365
+ const status = escapeMd(statusLabel(p.classification.status));
366
+ const kind = escapeMd(p.kind);
367
+ const sev = escapeMd(p.severity ?? '—');
368
+ const loc = escapeMd(locatorProse(p) || '—');
369
+ const reasonProse = p.classification.reasons.map((r) => `${r.code}: ${r.detail}`).join('; ');
370
+ return `| ${status} | ${kind} | ${sev} | ${loc} | ${escapeMd(reasonProse) || '—'} |`;
371
+ }
372
+ function escapeMd(s) {
373
+ // Pipe and backtick are the table-breaking characters; escape only
374
+ // those to keep the rendered output readable. Backslash-escape
375
+ // doesn't survive inside table cells in some renderers, so use a
376
+ // visually-similar replacement for pipes.
377
+ return s.replace(/\|/g, '\\|').replace(/`/g, "'");
378
+ }
379
+ //# sourceMappingURL=check-renderers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"check-renderers.js","sourceRoot":"","sources":["../../src/baseline/check-renderers.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaH,sCAkFC;AAgJD,gCAmEC;AAeD,wCAiEC;AAhYD,kDAAoC;AAKpC,6EAA6E;AAE7E;;;GAGG;AACH,SAAgB,aAAa,CAAC,MAA4B;IACxD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,iEAAiE;IACjE,oDAAoD;IACpD,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,iEAAiE;IACjE,6DAA6D;IAC7D,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CACR,kBAAkB,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,IAAI,UAAU,GAAG,CAC5G,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,kBAAkB,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC7E,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,WAAW,CAAC,cAAc,IAAI,gBAAgB,GAAG,EAAE,CACtI,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,UAAU;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,iEAAiE;IACjE,kCAAkC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/F,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM;QACxB,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK;QACvB,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,CAAC,CACvF,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAElF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,4DAA4D;IAC5D,oDAAoD;IACpD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,KAAK,CAAC,MAAM,eAAe,QAAQ,CAAC,MAAM,IAAI;QACrE,YAAY,OAAO,CAAC,MAAM,gBAAgB,SAAS,CAAC,MAAM,IAAI;QAC9D,aAAa,OAAO,CAAC,MAAM,GAAG,CACjC,CAAC;IACF,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,QAAQ,EAAE,CACnG,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACtD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,6GAA6G,CAC9G,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,MAA4B;IACjD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QACzE,OAAO,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,kBAAkB,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7F,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxE,OAAO,MAAM,CAAC,IAAI,CAAC,sBAAsB,KAAK,WAAW,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,CAAiB,EAAE,MAAc;IACxD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,GAAG,CAAC,IAAI,CACN,GAAG,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,GAAG,IAAI,EAAE;SAC9E,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CACV,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,MAAqB;IACxC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC;QACpB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,eAAe,CAAC;QACzB,KAAK,cAAc;YACjB,OAAO,cAAc,CAAC;QACxB,KAAK,gBAAgB;YACnB,OAAO,gBAAgB,CAAC;QAC1B,KAAK,mBAAmB;YACtB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,CAAiB;IACrC,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,IAAI,CAAC,GAAG;QAAE,OAAO,aAAa,CAAC;IAC/B,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,KAAK,CAAC,mBAAmB;QAAE,GAAG,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IACxF,IAAI,KAAK,CAAC,oBAAoB;QAAE,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,iBAAiB;QAAE,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,iBAAiB;QAAE,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,iBAAiB;QAAE,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAClE,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CACN,eAAe,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,eAAe,IAAI,UAAU,MAAM,CAAC,CAAC,cAAc,IAAI,UAAU,EAAE,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6EAA6E;AAEhE,QAAA,qBAAqB,GAAG,0BAAmC,CAAC;AA8DzE,SAAgB,UAAU,CAAC,MAA4B;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAC1D,CAAC,MAAM,CAAC;IACT,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM;QACxB,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK;QACvB,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,CAAC,CACvF,CAAC,MAAM,CAAC;IACT,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAE1F,OAAO;QACL,MAAM,EAAE,6BAAqB;QAC7B,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;QACxF,QAAQ,EAAE;YACR,IAAI,EAAE,MAAM,CAAC,YAAY;YACzB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAC1B,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS;YACzC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM;YACnC,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM;SAC/C;QACD,OAAO,EAAE;YACP,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS;YAC7C,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM;YACvC,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM;SAC9C;QACD,OAAO,EAAE;YACP,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ;YACrC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc;gBACnC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE;gBACvD,CAAC,CAAC,EAAE,CAAC;SACR;QACD,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;YACxB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK;YAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;YACxB,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;YACpC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;SACrC;QACD,OAAO,EAAE;YACP,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;YAC1B,QAAQ;YACR,OAAO;YACP,SAAS;YACT,QAAQ;SACT;QACD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC9B,MAAM,EAAE,CAAC,CAAC,cAAc,CAAC,MAAM;YAC/B,MAAM,EAAE,CAAC,CAAC,cAAc,CAAC,MAAM;YAC/B,KAAK,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK;YAC7B,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,CAAC,CAAC,oBAAoB,KAAK,SAAS;gBACtC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,oBAAoB,EAAE;gBAClD,CAAC,CAAC,EAAE,CAAC;YACP,OAAO,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO;SAClC,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC;AAED,6EAA6E;AAE7E;;;;;;;;;;GAUG;AACH,SAAgB,cAAc,CAAC,MAA4B;IACzD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAEnF,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC/F,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,EAAE,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACtF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,MAAM,aAAa,CAAC,CAAC;QAC9D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,CAAC,IAAI,UAAU;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,sBAAsB,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9E,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,iBAAiB,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK;QAClG,cAAc,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;QAC/D,cAAc,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,KAAK;QACzE,YAAY,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CACnE,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,eAAe,CACtB,MAA4B,EAC5B,aAAqB,EACrB,YAAoB,EACpB,aAAqB;IAErB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,kBAAkB,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,YAAY,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,WAAW,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5F,IAAI,aAAa,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,WAAW,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,6BAA6B,MAAM,CAAC,KAAK,CAAC,MAAM,QAAQ,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;IAClH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AAChC,CAAC;AAED,SAAS,eAAe,CAAC,CAAiB;IACxC,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7F,OAAO,KAAK,MAAM,MAAM,IAAI,MAAM,GAAG,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,IAAI,CAAC;AACvF,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,mEAAmE;IACnE,+DAA+D;IAC/D,iEAAiE;IACjE,0CAA0C;IAC1C,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACpD,CAAC"}
@@ -0,0 +1,127 @@
1
+ /**
2
+ * `dxkit guardrail check` orchestrator.
3
+ *
4
+ * The matcher (`gitAwareMatch`) and classifier (`classify`) are pure
5
+ * modules that already exist. This file wires them together with the
6
+ * baseline file format, the producer pipeline, and the per-pair
7
+ * context lookups (severity, drift signals, changed-line overlap)
8
+ * the classifier needs to make policy decisions.
9
+ *
10
+ * Pipeline:
11
+ *
12
+ * 1. Load the prior baseline file.
13
+ * 2. Re-run every analyzer (via `gatherCurrentScan`) to produce the
14
+ * current side of the diff.
15
+ * 3. Convert both sides to `LocatedIdentity[]` and run the
16
+ * git-aware matcher.
17
+ * 4. Build per-pair classify context:
18
+ * - severity from the current security aggregate or per-kind
19
+ * defaults
20
+ * - kind from the matched BaselineEntry
21
+ * - scannerVersionDiffers from per-kind tool version compare
22
+ * - configDiffers from envelope hash compare
23
+ * - overlapsChangedLines from `git diff base..HEAD` hunks
24
+ * intersected with the finding's line
25
+ * 5. Run the brownfield policy classifier over every pair.
26
+ * 6. Optionally filter via `--changed-only`: drop pairs whose
27
+ * locator falls outside the diff. Non-locator pairs (dep-vuln,
28
+ * license, duplication, etc.) are always kept — their
29
+ * "semantic" identity doesn't map cleanly to changed lines.
30
+ * 7. Compose a `GuardrailCheckResult` with a deterministic
31
+ * blocks/warns verdict so the CLI can pick exit code + render.
32
+ *
33
+ * Drift signals come from comparing the baseline's `analysis` /
34
+ * `tools` envelope against the freshly-gathered envelope. Per-kind
35
+ * tool attribution uses the current run's `SecurityAggregate.provenance`
36
+ * — the cleaner alternative to a hardcoded kind→tool table.
37
+ */
38
+ import type { CurrentScan } from './create';
39
+ import type { BaselineFile } from './baseline-file';
40
+ import type { BrownfieldPolicy, ClassifyResult } from './policy';
41
+ import type { BaselineEntry, FindingSeverity, MatchPair, MatchResult } from './types';
42
+ export interface RunGuardrailCheckOptions {
43
+ /** Repo root being checked. Caller should pass an absolute path. */
44
+ readonly cwd: string;
45
+ /** Baseline name to read from `.dxkit/baselines/<name>.json`.
46
+ * Defaults to `'main'`. */
47
+ readonly name?: string;
48
+ /** Explicit baseline file path. Overrides `name` when supplied —
49
+ * lets callers diff against a baseline stored outside the default
50
+ * directory (e.g. an artifact downloaded from CI). */
51
+ readonly baselinePath?: string;
52
+ /** When true, drop pairs whose locator falls outside the diff.
53
+ * Non-locator findings (dep-vuln, license, duplication, etc.) are
54
+ * always kept. */
55
+ readonly changedOnly?: boolean;
56
+ /** Path to a `.dxkit/policy.json` override. The on-disk shape
57
+ * matches `BrownfieldPolicy` (modulo readonly markers); unknown
58
+ * fields are preserved but not type-checked here — the policy
59
+ * classifier reads only the fields it knows. When omitted, a
60
+ * `<cwd>/.dxkit/policy.json` is auto-loaded if it exists; otherwise
61
+ * the compiled-in defaults apply. */
62
+ readonly policyPath?: string;
63
+ /** Forwarded to the underlying analyzers for per-tool timing logs. */
64
+ readonly verbose?: boolean;
65
+ }
66
+ /**
67
+ * Per-pair entry the CLI renderers consume. Carries the raw
68
+ * `MatchPair`, the classifier verdict, and enough context to render
69
+ * a meaningful diagnostic (which side the entry lives on, kind,
70
+ * severity, file/line locator).
71
+ */
72
+ export interface ClassifiedPair {
73
+ readonly pair: MatchPair;
74
+ readonly classification: ClassifyResult;
75
+ /** Resolved severity (or undefined when the pair has no current-
76
+ * side entry to attribute to — `removed` pairs typically). */
77
+ readonly severity?: FindingSeverity;
78
+ /** Kind of the pair's anchor entry (prior for `removed`, current
79
+ * for everything else). */
80
+ readonly kind: BaselineEntry['kind'];
81
+ /** Locator info for renderers — populated when the anchor entry
82
+ * carries `file` / `line`. */
83
+ readonly file?: string;
84
+ readonly line?: number;
85
+ /** True when the anchor entry's line falls inside the diff
86
+ * between baseline and HEAD. Undefined when the pair has no
87
+ * line locator (dep-vuln, license, etc.) or when git history
88
+ * isn't reachable. Drives `--changed-only` filtering and the
89
+ * `newSevereQualityIssueInChangedFiles` / `newUntestedChangedSource`
90
+ * block rules. */
91
+ readonly overlapsChangedLines?: boolean;
92
+ }
93
+ export interface EnvelopeDrift {
94
+ readonly toolchainHashChanged: boolean;
95
+ readonly policyHashChanged: boolean;
96
+ readonly ignoreHashChanged: boolean;
97
+ readonly configHashChanged: boolean;
98
+ readonly dxkitVersionChanged: boolean;
99
+ /** Per-tool version drift. Empty when `tools` maps agree. */
100
+ readonly toolVersionDiffs: ReadonlyArray<{
101
+ readonly tool: string;
102
+ readonly baselineVersion: string | undefined;
103
+ readonly currentVersion: string | undefined;
104
+ }>;
105
+ }
106
+ export interface GuardrailCheckResult {
107
+ readonly baselinePath: string;
108
+ readonly baseline: BaselineFile;
109
+ readonly current: CurrentScan;
110
+ readonly matchResult: MatchResult;
111
+ readonly pairs: ReadonlyArray<ClassifiedPair>;
112
+ readonly envelopeDrift: EnvelopeDrift;
113
+ readonly policy: BrownfieldPolicy;
114
+ /** True when at least one classified pair blocks. The CLI maps
115
+ * this to exit code 1. */
116
+ readonly blocks: boolean;
117
+ /** True when at least one pair warns. Informational; doesn't
118
+ * affect exit code by itself. */
119
+ readonly warns: boolean;
120
+ }
121
+ /**
122
+ * Run the guardrail-check pipeline. Pure-orchestrator: loads the
123
+ * baseline, gathers current state, runs the matcher + classifier,
124
+ * and returns a structured result. Renderers + CLI are downstream.
125
+ */
126
+ export declare function runGuardrailCheck(options: RunGuardrailCheckOptions): Promise<GuardrailCheckResult>;
127
+ //# sourceMappingURL=check.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAClF,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAGjG,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;2DAEuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;uBAEmB;IACnB,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;0CAKsC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;uBAKmB;IACnB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,6DAA6D;IAC7D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7C,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;+BAC2B;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB;sCACkC;IAClC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;CACzB;AAoBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,oBAAoB,CAAC,CA+H/B"}