@vyuhlabs/dxkit 2.4.8 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +312 -0
- package/README.md +360 -439
- package/dist/analyzers/security/aggregator.d.ts.map +1 -1
- package/dist/analyzers/security/aggregator.js +4 -46
- package/dist/analyzers/security/aggregator.js.map +1 -1
- package/dist/analyzers/tools/fingerprint.d.ts +91 -26
- package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.js +111 -22
- package/dist/analyzers/tools/fingerprint.js.map +1 -1
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +6 -1
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts +24 -1
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +20 -11
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +9 -5
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts +19 -1
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +25 -0
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/analyzers/types.d.ts +6 -4
- package/dist/analyzers/types.d.ts.map +1 -1
- package/dist/baseline/baseline-file.d.ts +104 -0
- package/dist/baseline/baseline-file.d.ts.map +1 -0
- package/dist/baseline/baseline-file.js +110 -0
- package/dist/baseline/baseline-file.js.map +1 -0
- package/dist/baseline/check-renderers.d.ts +108 -0
- package/dist/baseline/check-renderers.d.ts.map +1 -0
- package/dist/baseline/check-renderers.js +379 -0
- package/dist/baseline/check-renderers.js.map +1 -0
- package/dist/baseline/check.d.ts +127 -0
- package/dist/baseline/check.d.ts.map +1 -0
- package/dist/baseline/check.js +462 -0
- package/dist/baseline/check.js.map +1 -0
- package/dist/baseline/content-hash.d.ts +83 -0
- package/dist/baseline/content-hash.d.ts.map +1 -0
- package/dist/baseline/content-hash.js +131 -0
- package/dist/baseline/content-hash.js.map +1 -0
- package/dist/baseline/create.d.ts +96 -0
- package/dist/baseline/create.d.ts.map +1 -0
- package/dist/baseline/create.js +339 -0
- package/dist/baseline/create.js.map +1 -0
- package/dist/baseline/entry-to-located.d.ts +35 -0
- package/dist/baseline/entry-to-located.d.ts.map +1 -0
- package/dist/baseline/entry-to-located.js +72 -0
- package/dist/baseline/entry-to-located.js.map +1 -0
- package/dist/baseline/finding-identity.d.ts +47 -0
- package/dist/baseline/finding-identity.d.ts.map +1 -0
- package/dist/baseline/finding-identity.js +292 -0
- package/dist/baseline/finding-identity.js.map +1 -0
- package/dist/baseline/git-aware-match.d.ts +146 -0
- package/dist/baseline/git-aware-match.d.ts.map +1 -0
- package/dist/baseline/git-aware-match.js +439 -0
- package/dist/baseline/git-aware-match.js.map +1 -0
- package/dist/baseline/policy.d.ts +171 -0
- package/dist/baseline/policy.d.ts.map +1 -0
- package/dist/baseline/policy.js +206 -0
- package/dist/baseline/policy.js.map +1 -0
- package/dist/baseline/producers/health.d.ts +30 -0
- package/dist/baseline/producers/health.d.ts.map +1 -0
- package/dist/baseline/producers/health.js +42 -0
- package/dist/baseline/producers/health.js.map +1 -0
- package/dist/baseline/producers/index.d.ts +164 -0
- package/dist/baseline/producers/index.d.ts.map +1 -0
- package/dist/baseline/producers/index.js +200 -0
- package/dist/baseline/producers/index.js.map +1 -0
- package/dist/baseline/producers/licenses.d.ts +23 -0
- package/dist/baseline/producers/licenses.d.ts.map +1 -0
- package/dist/baseline/producers/licenses.js +46 -0
- package/dist/baseline/producers/licenses.js.map +1 -0
- package/dist/baseline/producers/quality.d.ts +39 -0
- package/dist/baseline/producers/quality.d.ts.map +1 -0
- package/dist/baseline/producers/quality.js +84 -0
- package/dist/baseline/producers/quality.js.map +1 -0
- package/dist/baseline/producers/secret-hmac.d.ts +45 -0
- package/dist/baseline/producers/secret-hmac.d.ts.map +1 -0
- package/dist/baseline/producers/secret-hmac.js +70 -0
- package/dist/baseline/producers/secret-hmac.js.map +1 -0
- package/dist/baseline/producers/security.d.ts +59 -0
- package/dist/baseline/producers/security.d.ts.map +1 -0
- package/dist/baseline/producers/security.js +135 -0
- package/dist/baseline/producers/security.js.map +1 -0
- package/dist/baseline/producers/tests.d.ts +36 -0
- package/dist/baseline/producers/tests.d.ts.map +1 -0
- package/dist/baseline/producers/tests.js +69 -0
- package/dist/baseline/producers/tests.js.map +1 -0
- package/dist/baseline/salt.d.ts +45 -0
- package/dist/baseline/salt.d.ts.map +1 -0
- package/dist/baseline/salt.js +113 -0
- package/dist/baseline/salt.js.map +1 -0
- package/dist/baseline/show.d.ts +79 -0
- package/dist/baseline/show.d.ts.map +1 -0
- package/dist/baseline/show.js +233 -0
- package/dist/baseline/show.js.map +1 -0
- package/dist/baseline/types.d.ts +482 -0
- package/dist/baseline/types.d.ts.map +1 -0
- package/dist/baseline/types.js +53 -0
- package/dist/baseline/types.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +398 -82
- package/dist/cli.js.map +1 -1
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +0 -4
- package/dist/constants.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +39 -35
- package/dist/doctor.js.map +1 -1
- package/dist/fail-on.d.ts +84 -0
- package/dist/fail-on.d.ts.map +1 -0
- package/dist/fail-on.js +128 -0
- package/dist/fail-on.js.map +1 -0
- package/dist/generator.d.ts +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +81 -274
- package/dist/generator.js.map +1 -1
- package/dist/hooks-cli.d.ts +20 -0
- package/dist/hooks-cli.d.ts.map +1 -0
- package/dist/hooks-cli.js +145 -0
- package/dist/hooks-cli.js.map +1 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +4 -9
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +3 -14
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +19 -1
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +32 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +4 -6
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +9 -11
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +4 -15
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +4 -6
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +4 -4
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +29 -28
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +31 -4
- package/dist/languages/typescript.js.map +1 -1
- package/dist/lib.d.ts +2 -3
- package/dist/lib.d.ts.map +1 -1
- package/dist/lib.js +3 -6
- package/dist/lib.js.map +1 -1
- package/dist/prompts.d.ts.map +1 -1
- package/dist/prompts.js +0 -10
- package/dist/prompts.js.map +1 -1
- package/dist/report-schema.d.ts +42 -0
- package/dist/report-schema.d.ts.map +1 -0
- package/dist/report-schema.js +54 -0
- package/dist/report-schema.js.map +1 -0
- package/dist/ship-installers.d.ts +112 -0
- package/dist/ship-installers.d.ts.map +1 -0
- package/dist/ship-installers.js +530 -0
- package/dist/ship-installers.js.map +1 -0
- package/dist/tools-cli.d.ts.map +1 -1
- package/dist/tools-cli.js +45 -9
- package/dist/tools-cli.js.map +1 -1
- package/dist/types.d.ts +0 -4
- package/dist/types.d.ts.map +1 -1
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +0 -4
- package/dist/update.js.map +1 -1
- package/package.json +17 -11
- package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
- package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
- package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
- package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
- package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
- package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
- package/templates/.devcontainer/devcontainer.json +55 -0
- package/templates/.devcontainer/install-agent-clis.sh +42 -0
- package/templates/.devcontainer/post-create.sh +81 -0
- package/templates/.githooks/pre-commit +55 -0
- package/templates/.githooks/pre-push +63 -0
- package/templates/.github/workflows/dxkit-baseline-refresh.yml +78 -0
- package/templates/.github/workflows/dxkit-guardrails.yml +98 -0
- package/templates/AGENTS.md.template +137 -0
- package/templates/CLAUDE.md.template +16 -245
- package/dist/codebase-scanner.d.ts +0 -36
- package/dist/codebase-scanner.d.ts.map +0 -1
- package/dist/codebase-scanner.js +0 -688
- package/dist/codebase-scanner.js.map +0 -1
- package/dist/project-yaml.d.ts +0 -13
- package/dist/project-yaml.d.ts.map +0 -1
- package/dist/project-yaml.js +0 -188
- package/dist/project-yaml.js.map +0 -1
- package/templates/.ai/README.md +0 -117
- package/templates/.ai/prompts/execution-prompt.md +0 -9
- package/templates/.ai/prompts/planning-prompt.md +0 -18
- package/templates/.ai/prompts/session-end-template.md +0 -182
- package/templates/.ai/prompts/session-end.md +0 -132
- package/templates/.ai/prompts/session-start.md +0 -109
- package/templates/.ai/prompts/step-by-step.md +0 -113
- package/templates/.ai/sessions/.gitkeep +0 -0
- package/templates/.claude/agents/doc-writer.md +0 -107
- package/templates/.claude/agents/knowledge-bot.md +0 -64
- package/templates/.claude/agents/onboarding.md +0 -61
- package/templates/.claude/agents/quality-reviewer.md +0 -85
- package/templates/.claude/agents-available/code-reviewer.md +0 -29
- package/templates/.claude/agents-available/codebase-explorer.md +0 -100
- package/templates/.claude/agents-available/dashboard-builder.md +0 -433
- package/templates/.claude/agents-available/debugger.md +0 -29
- package/templates/.claude/agents-available/dependency-mapper.md +0 -80
- package/templates/.claude/agents-available/dev-report.md +0 -108
- package/templates/.claude/agents-available/doc-writer.md +0 -107
- package/templates/.claude/agents-available/feature-builder.md +0 -163
- package/templates/.claude/agents-available/feature-planner.md +0 -185
- package/templates/.claude/agents-available/health-auditor.md +0 -95
- package/templates/.claude/agents-available/hooks-configurator.md +0 -211
- package/templates/.claude/agents-available/knowledge-bot.md +0 -62
- package/templates/.claude/agents-available/plan-executor.md +0 -133
- package/templates/.claude/agents-available/strategic-planner.md +0 -141
- package/templates/.claude/agents-available/test-gap-finder.md +0 -67
- package/templates/.claude/agents-available/test-writer.md +0 -34
- package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
- package/templates/.claude/commands/ask.md +0 -7
- package/templates/.claude/commands/build-feature.md +0 -26
- package/templates/.claude/commands/build.md.template +0 -30
- package/templates/.claude/commands/check.md.template +0 -43
- package/templates/.claude/commands/dashboard.md +0 -28
- package/templates/.claude/commands/deps.md +0 -15
- package/templates/.claude/commands/dev-report.md +0 -50
- package/templates/.claude/commands/docs.md +0 -21
- package/templates/.claude/commands/doctor.md +0 -21
- package/templates/.claude/commands/enable-agent.md +0 -12
- package/templates/.claude/commands/execute-plan.md +0 -25
- package/templates/.claude/commands/explore-codebase.md +0 -12
- package/templates/.claude/commands/export-pdf.md +0 -30
- package/templates/.claude/commands/feature.md +0 -25
- package/templates/.claude/commands/fix-issue.md +0 -12
- package/templates/.claude/commands/fix.md.template +0 -32
- package/templates/.claude/commands/health.md +0 -58
- package/templates/.claude/commands/help.md +0 -36
- package/templates/.claude/commands/learn.md +0 -48
- package/templates/.claude/commands/onboarding.md +0 -21
- package/templates/.claude/commands/plan.md +0 -20
- package/templates/.claude/commands/quality.md.template +0 -65
- package/templates/.claude/commands/session-end.md +0 -40
- package/templates/.claude/commands/session-start.md +0 -30
- package/templates/.claude/commands/setup-hooks.md +0 -18
- package/templates/.claude/commands/setup-pr-review.md +0 -72
- package/templates/.claude/commands/stealth-mode.md +0 -17
- package/templates/.claude/commands/test-gaps.md +0 -49
- package/templates/.claude/commands/test.md.template +0 -40
- package/templates/.claude/commands/vulnerabilities.md +0 -49
- package/templates/.claude/skills/build/SKILL.md.template +0 -98
- package/templates/.claude/skills/deploy/SKILL.md.template +0 -131
- package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
- package/templates/.claude/skills/doctor/SKILL.md +0 -54
- package/templates/.claude/skills/gcloud/SKILL.md +0 -66
- package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
- package/templates/.claude/skills/learned/SKILL.md +0 -55
- package/templates/.claude/skills/learned/references/conventions.md +0 -11
- package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
- package/templates/.claude/skills/learned/references/gotchas.md +0 -11
- package/templates/.claude/skills/pulumi/SKILL.md +0 -73
- package/templates/.claude/skills/quality/SKILL.md.template +0 -108
- package/templates/.claude/skills/quality/references/gotchas.md +0 -5
- package/templates/.claude/skills/review/SKILL.md.template +0 -73
- package/templates/.claude/skills/scaffold/SKILL.md.template +0 -123
- package/templates/.claude/skills/secrets/SKILL.md +0 -52
- package/templates/.claude/skills/session/SKILL.md +0 -43
- package/templates/.claude/skills/test/SKILL.md.template +0 -122
- package/templates/.claude/skills/test/references/gotchas.md +0 -5
- package/templates/.devcontainer/Dockerfile.dev.template +0 -89
- package/templates/.devcontainer/devcontainer.json.template +0 -184
- package/templates/.devcontainer/docker-compose.yml.template +0 -105
- package/templates/.devcontainer/init-scripts/01-init.sql.template +0 -12
- package/templates/.devcontainer/post-create.sh.template +0 -298
- package/templates/.github/workflows/ci.yml.template +0 -399
- package/templates/.github/workflows/quality.yml.template +0 -376
- package/templates/.pre-commit-config.yaml.template +0 -106
- package/templates/.project/config/edit_config.py +0 -275
- package/templates/.project/config/project_config.py +0 -894
- package/templates/.project/scripts/codegen/generate-all.sh +0 -20
- package/templates/.project/scripts/codegen/validate-all.sh +0 -17
- package/templates/.project/scripts/docs/generate-all.sh +0 -30
- package/templates/.project/scripts/docs/serve.sh +0 -20
- package/templates/.project/scripts/quality/fix-all.sh +0 -138
- package/templates/.project/scripts/quality/lint-go.sh +0 -34
- package/templates/.project/scripts/quality/lint-python.sh +0 -54
- package/templates/.project/scripts/quality/run-all.sh +0 -497
- package/templates/.project/scripts/session/commit.sh +0 -70
- package/templates/.project/scripts/session/create-pr.sh +0 -165
- package/templates/.project/scripts/session/end.sh +0 -207
- package/templates/.project/scripts/session/start.sh +0 -233
- package/templates/.project/scripts/setup/doctor.sh +0 -404
- package/templates/.project/scripts/setup/interactive-setup.sh +0 -585
- package/templates/.project/scripts/sync/sync-template.sh +0 -328
- package/templates/.project/scripts/test/run-all.sh +0 -179
- package/templates/.project/scripts/test/run-quick.sh +0 -25
- package/templates/Makefile +0 -514
- package/templates/config/versions.yaml +0 -57
- package/templates/configs/go/.golangci.yml.template +0 -172
- package/templates/configs/go/go.mod.template +0 -15
- package/templates/configs/java/README.md +0 -6
- package/templates/configs/kotlin/README.md +0 -6
- package/templates/configs/node/package.json.template +0 -67
- package/templates/configs/node/tsconfig.json.template +0 -53
- package/templates/configs/python/pyproject.toml.template +0 -92
- package/templates/configs/python/pytest.ini.template +0 -64
- package/templates/configs/python/ruff.toml.template +0 -79
- package/templates/configs/ruby/README.md +0 -6
- package/templates/configs/rust/Cargo.toml.template +0 -51
- package/templates/configs/shared/.editorconfig +0 -67
- package/templates/scripts/validate-templates.sh +0 -449
|
@@ -0,0 +1,379 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Output renderers for `vyuh-dxkit guardrail check`.
|
|
4
|
+
*
|
|
5
|
+
* Three target surfaces, one shared `GuardrailCheckResult`:
|
|
6
|
+
*
|
|
7
|
+
* - **Console** (`renderConsole`) — human-readable text for
|
|
8
|
+
* terminal output. Grouped by verdict (blocking / warning /
|
|
9
|
+
* informational), each pair showing status + kind + locator +
|
|
10
|
+
* severity + reason chain. Color codes via the shared logger
|
|
11
|
+
* palette so output blends with the rest of dxkit's CLI.
|
|
12
|
+
*
|
|
13
|
+
* - **JSON** (`renderJson`) — schema-stable machine-readable
|
|
14
|
+
* payload (top-level `schema: 'dxkit.guardrail-check.v1'`).
|
|
15
|
+
* Designed for AI agents and CI runners that need to programmatically
|
|
16
|
+
* decide what to do. Includes the matcher's per-pair detail,
|
|
17
|
+
* classifier verdicts, envelope drift, and the resolved policy.
|
|
18
|
+
*
|
|
19
|
+
* - **Markdown** (`renderMarkdown`) — Phase 4 PR-comment template.
|
|
20
|
+
* Compact, table-heavy, status-banner-first. Renders into the
|
|
21
|
+
* `dxkit-guardrails.yml` workflow's PR comment unchanged. No
|
|
22
|
+
* emojis (bot-friendly; Phase 4 templates can layer presentation
|
|
23
|
+
* on top).
|
|
24
|
+
*
|
|
25
|
+
* Pure modules. No I/O — callers handle stdout writing, file
|
|
26
|
+
* writing, or PR-comment posting.
|
|
27
|
+
*/
|
|
28
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
29
|
+
if (k2 === undefined) k2 = k;
|
|
30
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
31
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
32
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
33
|
+
}
|
|
34
|
+
Object.defineProperty(o, k2, desc);
|
|
35
|
+
}) : (function(o, m, k, k2) {
|
|
36
|
+
if (k2 === undefined) k2 = k;
|
|
37
|
+
o[k2] = m[k];
|
|
38
|
+
}));
|
|
39
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
40
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
41
|
+
}) : function(o, v) {
|
|
42
|
+
o["default"] = v;
|
|
43
|
+
});
|
|
44
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
45
|
+
var ownKeys = function(o) {
|
|
46
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
47
|
+
var ar = [];
|
|
48
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
49
|
+
return ar;
|
|
50
|
+
};
|
|
51
|
+
return ownKeys(o);
|
|
52
|
+
};
|
|
53
|
+
return function (mod) {
|
|
54
|
+
if (mod && mod.__esModule) return mod;
|
|
55
|
+
var result = {};
|
|
56
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
57
|
+
__setModuleDefault(result, mod);
|
|
58
|
+
return result;
|
|
59
|
+
};
|
|
60
|
+
})();
|
|
61
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
62
|
+
exports.GUARDRAIL_JSON_SCHEMA = void 0;
|
|
63
|
+
exports.renderConsole = renderConsole;
|
|
64
|
+
exports.renderJson = renderJson;
|
|
65
|
+
exports.renderMarkdown = renderMarkdown;
|
|
66
|
+
const logger = __importStar(require("../logger"));
|
|
67
|
+
// ─── Console renderer ─────────────────────────────────────────────────────
|
|
68
|
+
/**
|
|
69
|
+
* Render the check result as a human-readable text block. Returns a
|
|
70
|
+
* single multi-line string; callers route it to stdout.
|
|
71
|
+
*/
|
|
72
|
+
function renderConsole(result) {
|
|
73
|
+
const lines = [];
|
|
74
|
+
// Verdict banner. Single line at the top so a developer skimming
|
|
75
|
+
// terminal output sees pass/fail without scrolling.
|
|
76
|
+
lines.push(verdictBanner(result));
|
|
77
|
+
lines.push('');
|
|
78
|
+
// Provenance: what was compared against what. Inline so the user
|
|
79
|
+
// can verify they're checking against the intended baseline.
|
|
80
|
+
lines.push(logger.bold('Baseline'));
|
|
81
|
+
lines.push(` Path: ${result.baselinePath}`);
|
|
82
|
+
lines.push(` Name: ${result.baseline.name}`);
|
|
83
|
+
lines.push(` Captured: ${result.baseline.createdAt}`);
|
|
84
|
+
lines.push(` Commit: ${shortSha(result.baseline.repo.commitSha)} (${result.baseline.repo.branch || 'detached'})`);
|
|
85
|
+
lines.push(` Findings: ${result.baseline.findings.length}`);
|
|
86
|
+
lines.push('');
|
|
87
|
+
lines.push(logger.bold('Current'));
|
|
88
|
+
lines.push(` Commit: ${shortSha(result.current.repoState.commitSha)}`);
|
|
89
|
+
lines.push(` Findings: ${result.current.findings.length}`);
|
|
90
|
+
lines.push(` Matcher: ${result.matchResult.gitAware ? 'git-aware' : `degraded (${result.matchResult.degradedReason ?? 'unknown reason'})`}`);
|
|
91
|
+
lines.push('');
|
|
92
|
+
const driftLines = formatDrift(result.envelopeDrift);
|
|
93
|
+
if (driftLines.length > 0) {
|
|
94
|
+
lines.push(logger.bold('Envelope drift'));
|
|
95
|
+
for (const l of driftLines)
|
|
96
|
+
lines.push(` ${l}`);
|
|
97
|
+
lines.push('');
|
|
98
|
+
}
|
|
99
|
+
// Group + render pairs by verdict bucket. Buckets ordered so the
|
|
100
|
+
// most actionable surfaces first.
|
|
101
|
+
const blocking = result.pairs.filter((p) => p.classification.blocks);
|
|
102
|
+
const warning = result.pairs.filter((p) => !p.classification.blocks && p.classification.warns);
|
|
103
|
+
const persisted = result.pairs.filter((p) => !p.classification.blocks &&
|
|
104
|
+
!p.classification.warns &&
|
|
105
|
+
(p.classification.status === 'persisted' || p.classification.status === 'relocated'));
|
|
106
|
+
const removed = result.pairs.filter((p) => p.classification.status === 'removed');
|
|
107
|
+
if (blocking.length > 0) {
|
|
108
|
+
lines.push(logger.bold(`Blocking (${blocking.length})`));
|
|
109
|
+
for (const p of blocking)
|
|
110
|
+
lines.push(...formatPairLines(p, ' '));
|
|
111
|
+
lines.push('');
|
|
112
|
+
}
|
|
113
|
+
if (warning.length > 0) {
|
|
114
|
+
lines.push(logger.bold(`Warnings (${warning.length})`));
|
|
115
|
+
for (const p of warning)
|
|
116
|
+
lines.push(...formatPairLines(p, ' '));
|
|
117
|
+
lines.push('');
|
|
118
|
+
}
|
|
119
|
+
if (removed.length > 0) {
|
|
120
|
+
lines.push(logger.bold(`Resolved (${removed.length})`));
|
|
121
|
+
for (const p of removed)
|
|
122
|
+
lines.push(...formatPairLines(p, ' '));
|
|
123
|
+
lines.push('');
|
|
124
|
+
}
|
|
125
|
+
// Always show a summary footer — sets expectations for what
|
|
126
|
+
// happens next (exit code, what to read on a fail).
|
|
127
|
+
lines.push(logger.bold('Summary'));
|
|
128
|
+
lines.push(` Pairs: ${result.pairs.length} (blocking: ${blocking.length}, ` +
|
|
129
|
+
`warning: ${warning.length}, persisted: ${persisted.length}, ` +
|
|
130
|
+
`resolved: ${removed.length})`);
|
|
131
|
+
lines.push(` Verdict: ${result.blocks ? 'BLOCKED' : result.warns ? 'PASSED (with warnings)' : 'PASSED'}`);
|
|
132
|
+
lines.push(` Exit code: ${result.blocks ? 1 : 0}`);
|
|
133
|
+
if (result.blocks) {
|
|
134
|
+
lines.push('');
|
|
135
|
+
lines.push(` Re-run with --json for a machine-readable payload, or --markdown to capture a PR-comment-friendly report.`);
|
|
136
|
+
}
|
|
137
|
+
return lines.join('\n');
|
|
138
|
+
}
|
|
139
|
+
function verdictBanner(result) {
|
|
140
|
+
if (result.blocks) {
|
|
141
|
+
const count = result.pairs.filter((p) => p.classification.blocks).length;
|
|
142
|
+
return logger.bold(`Guardrail BLOCKED — ${count} new regression${count === 1 ? '' : 's'}`);
|
|
143
|
+
}
|
|
144
|
+
if (result.warns) {
|
|
145
|
+
const count = result.pairs.filter((p) => p.classification.warns).length;
|
|
146
|
+
return logger.bold(`Guardrail PASSED — ${count} warning${count === 1 ? '' : 's'}`);
|
|
147
|
+
}
|
|
148
|
+
return logger.bold('Guardrail PASSED');
|
|
149
|
+
}
|
|
150
|
+
function formatPairLines(p, indent) {
|
|
151
|
+
const out = [];
|
|
152
|
+
const loc = locatorProse(p);
|
|
153
|
+
const sev = p.severity ? `[${p.severity}]` : '';
|
|
154
|
+
const conf = p.pair.confidence < 1 ? ` (${p.pair.confidence.toFixed(2)})` : '';
|
|
155
|
+
out.push(`${indent}${statusLabel(p.classification.status)} ${sev} ${p.kind} ${loc}${conf}`
|
|
156
|
+
.replace(/\s+/g, ' ')
|
|
157
|
+
.trim());
|
|
158
|
+
for (const r of p.classification.reasons) {
|
|
159
|
+
out.push(`${indent} · ${r.code}: ${r.detail}`);
|
|
160
|
+
}
|
|
161
|
+
return out;
|
|
162
|
+
}
|
|
163
|
+
function statusLabel(status) {
|
|
164
|
+
switch (status) {
|
|
165
|
+
case 'added':
|
|
166
|
+
return 'ADDED';
|
|
167
|
+
case 'removed':
|
|
168
|
+
return 'RESOLVED';
|
|
169
|
+
case 'persisted':
|
|
170
|
+
return 'PERSISTED';
|
|
171
|
+
case 'relocated':
|
|
172
|
+
return 'RELOCATED';
|
|
173
|
+
case 'tooling_drift':
|
|
174
|
+
return 'TOOLING-DRIFT';
|
|
175
|
+
case 'config_drift':
|
|
176
|
+
return 'CONFIG-DRIFT';
|
|
177
|
+
case 'newly_detected':
|
|
178
|
+
return 'NEWLY-DETECTED';
|
|
179
|
+
case 'probable_existing':
|
|
180
|
+
return 'PROBABLE-EXISTING';
|
|
181
|
+
case 'uncertain':
|
|
182
|
+
return 'UNCERTAIN';
|
|
183
|
+
case 'fixed':
|
|
184
|
+
return 'FIXED';
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
function locatorProse(p) {
|
|
188
|
+
if (p.file === undefined)
|
|
189
|
+
return '';
|
|
190
|
+
return p.line !== undefined && p.line > 0 ? `${p.file}:${p.line}` : p.file;
|
|
191
|
+
}
|
|
192
|
+
function shortSha(sha) {
|
|
193
|
+
if (!sha)
|
|
194
|
+
return '(no-commit)';
|
|
195
|
+
return sha.slice(0, 8);
|
|
196
|
+
}
|
|
197
|
+
function formatDrift(drift) {
|
|
198
|
+
const out = [];
|
|
199
|
+
if (drift.dxkitVersionChanged)
|
|
200
|
+
out.push('dxkit version changed since baseline capture');
|
|
201
|
+
if (drift.toolchainHashChanged)
|
|
202
|
+
out.push('toolchainHash changed');
|
|
203
|
+
if (drift.policyHashChanged)
|
|
204
|
+
out.push('policy hash changed');
|
|
205
|
+
if (drift.ignoreHashChanged)
|
|
206
|
+
out.push('.dxkit-ignore changed');
|
|
207
|
+
if (drift.configHashChanged)
|
|
208
|
+
out.push('.vyuh-dxkit.json changed');
|
|
209
|
+
for (const d of drift.toolVersionDiffs) {
|
|
210
|
+
out.push(`tool drift: ${d.tool} ${d.baselineVersion ?? '(absent)'} → ${d.currentVersion ?? '(absent)'}`);
|
|
211
|
+
}
|
|
212
|
+
return out;
|
|
213
|
+
}
|
|
214
|
+
// ─── JSON renderer ────────────────────────────────────────────────────────
|
|
215
|
+
exports.GUARDRAIL_JSON_SCHEMA = 'dxkit.guardrail-check.v1';
|
|
216
|
+
function renderJson(result) {
|
|
217
|
+
const blocking = result.pairs.filter((p) => p.classification.blocks).length;
|
|
218
|
+
const warning = result.pairs.filter((p) => !p.classification.blocks && p.classification.warns).length;
|
|
219
|
+
const persisted = result.pairs.filter((p) => !p.classification.blocks &&
|
|
220
|
+
!p.classification.warns &&
|
|
221
|
+
(p.classification.status === 'persisted' || p.classification.status === 'relocated')).length;
|
|
222
|
+
const resolved = result.pairs.filter((p) => p.classification.status === 'removed').length;
|
|
223
|
+
return {
|
|
224
|
+
schema: exports.GUARDRAIL_JSON_SCHEMA,
|
|
225
|
+
verdict: { blocks: result.blocks, warns: result.warns, exitCode: result.blocks ? 1 : 0 },
|
|
226
|
+
baseline: {
|
|
227
|
+
path: result.baselinePath,
|
|
228
|
+
name: result.baseline.name,
|
|
229
|
+
createdAt: result.baseline.createdAt,
|
|
230
|
+
commitSha: result.baseline.repo.commitSha,
|
|
231
|
+
branch: result.baseline.repo.branch,
|
|
232
|
+
findingsCount: result.baseline.findings.length,
|
|
233
|
+
},
|
|
234
|
+
current: {
|
|
235
|
+
commitSha: result.current.repoState.commitSha,
|
|
236
|
+
branch: result.current.repoState.branch,
|
|
237
|
+
findingsCount: result.current.findings.length,
|
|
238
|
+
},
|
|
239
|
+
matcher: {
|
|
240
|
+
gitAware: result.matchResult.gitAware,
|
|
241
|
+
...(result.matchResult.degradedReason
|
|
242
|
+
? { degradedReason: result.matchResult.degradedReason }
|
|
243
|
+
: {}),
|
|
244
|
+
},
|
|
245
|
+
envelopeDrift: result.envelopeDrift,
|
|
246
|
+
policy: {
|
|
247
|
+
mode: result.policy.mode,
|
|
248
|
+
block: result.policy.block,
|
|
249
|
+
warn: result.policy.warn,
|
|
250
|
+
confidence: result.policy.confidence,
|
|
251
|
+
blockRules: result.policy.blockRules,
|
|
252
|
+
},
|
|
253
|
+
summary: {
|
|
254
|
+
pairs: result.pairs.length,
|
|
255
|
+
blocking,
|
|
256
|
+
warning,
|
|
257
|
+
persisted,
|
|
258
|
+
resolved,
|
|
259
|
+
},
|
|
260
|
+
pairs: result.pairs.map((p) => ({
|
|
261
|
+
status: p.classification.status,
|
|
262
|
+
blocks: p.classification.blocks,
|
|
263
|
+
warns: p.classification.warns,
|
|
264
|
+
...(p.pair.priorId !== undefined ? { priorId: p.pair.priorId } : {}),
|
|
265
|
+
...(p.pair.currentId !== undefined ? { currentId: p.pair.currentId } : {}),
|
|
266
|
+
confidence: p.pair.confidence,
|
|
267
|
+
kind: p.kind,
|
|
268
|
+
...(p.severity !== undefined ? { severity: p.severity } : {}),
|
|
269
|
+
...(p.file !== undefined ? { file: p.file } : {}),
|
|
270
|
+
...(p.line !== undefined ? { line: p.line } : {}),
|
|
271
|
+
...(p.overlapsChangedLines !== undefined
|
|
272
|
+
? { overlapsChangedLines: p.overlapsChangedLines }
|
|
273
|
+
: {}),
|
|
274
|
+
reasons: p.classification.reasons,
|
|
275
|
+
})),
|
|
276
|
+
};
|
|
277
|
+
}
|
|
278
|
+
// ─── Markdown renderer ────────────────────────────────────────────────────
|
|
279
|
+
/**
|
|
280
|
+
* PR-comment-friendly markdown. Phase 4's GitHub Actions workflow
|
|
281
|
+
* pastes the output verbatim into a PR comment. Format:
|
|
282
|
+
*
|
|
283
|
+
* ## Guardrail: PASSED / BLOCKED
|
|
284
|
+
* one-line summary
|
|
285
|
+
* <blocking findings table, when any>
|
|
286
|
+
* <warnings collapsible section, when any>
|
|
287
|
+
* <drift signal callout, when envelope drifted>
|
|
288
|
+
* <provenance footnote>
|
|
289
|
+
*/
|
|
290
|
+
function renderMarkdown(result) {
|
|
291
|
+
const lines = [];
|
|
292
|
+
const blocking = result.pairs.filter((p) => p.classification.blocks);
|
|
293
|
+
const warning = result.pairs.filter((p) => !p.classification.blocks && p.classification.warns);
|
|
294
|
+
const resolved = result.pairs.filter((p) => p.classification.status === 'removed');
|
|
295
|
+
const verdict = result.blocks ? 'BLOCKED' : result.warns ? 'PASSED (with warnings)' : 'PASSED';
|
|
296
|
+
lines.push(`## Guardrail: ${verdict}`);
|
|
297
|
+
lines.push('');
|
|
298
|
+
lines.push(summarySentence(result, blocking.length, warning.length, resolved.length));
|
|
299
|
+
lines.push('');
|
|
300
|
+
if (blocking.length > 0) {
|
|
301
|
+
lines.push('### Blocking findings');
|
|
302
|
+
lines.push('');
|
|
303
|
+
lines.push('| Status | Kind | Severity | Location | Reason |');
|
|
304
|
+
lines.push('|---|---|---|---|---|');
|
|
305
|
+
for (const p of blocking)
|
|
306
|
+
lines.push(markdownPairRow(p));
|
|
307
|
+
lines.push('');
|
|
308
|
+
}
|
|
309
|
+
if (warning.length > 0) {
|
|
310
|
+
lines.push('<details>');
|
|
311
|
+
lines.push(`<summary>Warnings (${warning.length})</summary>`);
|
|
312
|
+
lines.push('');
|
|
313
|
+
lines.push('| Status | Kind | Severity | Location | Reason |');
|
|
314
|
+
lines.push('|---|---|---|---|---|');
|
|
315
|
+
for (const p of warning)
|
|
316
|
+
lines.push(markdownPairRow(p));
|
|
317
|
+
lines.push('');
|
|
318
|
+
lines.push('</details>');
|
|
319
|
+
lines.push('');
|
|
320
|
+
}
|
|
321
|
+
const driftLines = formatDrift(result.envelopeDrift);
|
|
322
|
+
if (driftLines.length > 0) {
|
|
323
|
+
lines.push('### Envelope drift');
|
|
324
|
+
lines.push('');
|
|
325
|
+
for (const l of driftLines)
|
|
326
|
+
lines.push(`- ${l}`);
|
|
327
|
+
lines.push('');
|
|
328
|
+
}
|
|
329
|
+
if (resolved.length > 0) {
|
|
330
|
+
lines.push('<details>');
|
|
331
|
+
lines.push(`<summary>Resolved (${resolved.length})</summary>`);
|
|
332
|
+
lines.push('');
|
|
333
|
+
lines.push('| Kind | Location |');
|
|
334
|
+
lines.push('|---|---|');
|
|
335
|
+
for (const p of resolved) {
|
|
336
|
+
lines.push(`| ${escapeMd(p.kind)} | ${escapeMd(locatorProse(p) || '—')} |`);
|
|
337
|
+
}
|
|
338
|
+
lines.push('');
|
|
339
|
+
lines.push('</details>');
|
|
340
|
+
lines.push('');
|
|
341
|
+
}
|
|
342
|
+
lines.push('---');
|
|
343
|
+
lines.push('');
|
|
344
|
+
lines.push(`_Baseline_: \`${escapeMd(result.baseline.name)}\` @ ${shortSha(result.baseline.repo.commitSha)} · ` +
|
|
345
|
+
`_Current_: ${shortSha(result.current.repoState.commitSha)} · ` +
|
|
346
|
+
`_Matcher_: ${result.matchResult.gitAware ? 'git-aware' : 'degraded'} · ` +
|
|
347
|
+
`_dxkit_: ${escapeMd(result.current.analysisMeta.dxkitVersion)}`);
|
|
348
|
+
return lines.join('\n');
|
|
349
|
+
}
|
|
350
|
+
function summarySentence(result, blockingCount, warningCount, resolvedCount) {
|
|
351
|
+
const parts = [];
|
|
352
|
+
if (blockingCount > 0) {
|
|
353
|
+
parts.push(`${blockingCount} new regression${blockingCount === 1 ? '' : 's'}`);
|
|
354
|
+
}
|
|
355
|
+
if (warningCount > 0)
|
|
356
|
+
parts.push(`${warningCount} warning${warningCount === 1 ? '' : 's'}`);
|
|
357
|
+
if (resolvedCount > 0)
|
|
358
|
+
parts.push(`${resolvedCount} resolved`);
|
|
359
|
+
if (parts.length === 0) {
|
|
360
|
+
return `No changes from baseline (${result.pairs.length} pair${result.pairs.length === 1 ? '' : 's'} checked).`;
|
|
361
|
+
}
|
|
362
|
+
return parts.join(', ') + '.';
|
|
363
|
+
}
|
|
364
|
+
function markdownPairRow(p) {
|
|
365
|
+
const status = escapeMd(statusLabel(p.classification.status));
|
|
366
|
+
const kind = escapeMd(p.kind);
|
|
367
|
+
const sev = escapeMd(p.severity ?? '—');
|
|
368
|
+
const loc = escapeMd(locatorProse(p) || '—');
|
|
369
|
+
const reasonProse = p.classification.reasons.map((r) => `${r.code}: ${r.detail}`).join('; ');
|
|
370
|
+
return `| ${status} | ${kind} | ${sev} | ${loc} | ${escapeMd(reasonProse) || '—'} |`;
|
|
371
|
+
}
|
|
372
|
+
function escapeMd(s) {
|
|
373
|
+
// Pipe and backtick are the table-breaking characters; escape only
|
|
374
|
+
// those to keep the rendered output readable. Backslash-escape
|
|
375
|
+
// doesn't survive inside table cells in some renderers, so use a
|
|
376
|
+
// visually-similar replacement for pipes.
|
|
377
|
+
return s.replace(/\|/g, '\\|').replace(/`/g, "'");
|
|
378
|
+
}
|
|
379
|
+
//# sourceMappingURL=check-renderers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"check-renderers.js","sourceRoot":"","sources":["../../src/baseline/check-renderers.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaH,sCAkFC;AAgJD,gCAmEC;AAeD,wCAiEC;AAhYD,kDAAoC;AAKpC,6EAA6E;AAE7E;;;GAGG;AACH,SAAgB,aAAa,CAAC,MAA4B;IACxD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,iEAAiE;IACjE,oDAAoD;IACpD,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,iEAAiE;IACjE,6DAA6D;IAC7D,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACpC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;IACpD,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CACR,kBAAkB,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,IAAI,UAAU,GAAG,CAC5G,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,kBAAkB,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC7E,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,WAAW,CAAC,cAAc,IAAI,gBAAgB,GAAG,EAAE,CACtI,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,UAAU;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,iEAAiE;IACjE,kCAAkC;IAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/F,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM;QACxB,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK;QACvB,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,CAAC,CACvF,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAElF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzD,KAAK,MAAM,CAAC,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QACjE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,4DAA4D;IAC5D,oDAAoD;IACpD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,KAAK,CAAC,MAAM,eAAe,QAAQ,CAAC,MAAM,IAAI;QACrE,YAAY,OAAO,CAAC,MAAM,gBAAgB,SAAS,CAAC,MAAM,IAAI;QAC9D,aAAa,OAAO,CAAC,MAAM,GAAG,CACjC,CAAC;IACF,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,QAAQ,EAAE,CACnG,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACtD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,6GAA6G,CAC9G,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,aAAa,CAAC,MAA4B;IACjD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QACzE,OAAO,MAAM,CAAC,IAAI,CAAC,uBAAuB,KAAK,kBAAkB,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7F,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACxE,OAAO,MAAM,CAAC,IAAI,CAAC,sBAAsB,KAAK,WAAW,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,CAAiB,EAAE,MAAc;IACxD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,GAAG,CAAC,IAAI,CACN,GAAG,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,IAAI,IAAI,GAAG,GAAG,IAAI,EAAE;SAC9E,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CACV,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,MAAqB;IACxC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC;QACpB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,eAAe;YAClB,OAAO,eAAe,CAAC;QACzB,KAAK,cAAc;YACjB,OAAO,cAAc,CAAC;QACxB,KAAK,gBAAgB;YACnB,OAAO,gBAAgB,CAAC;QAC1B,KAAK,mBAAmB;YACtB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,CAAiB;IACrC,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7E,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,IAAI,CAAC,GAAG;QAAE,OAAO,aAAa,CAAC;IAC/B,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,KAAK,CAAC,mBAAmB;QAAE,GAAG,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IACxF,IAAI,KAAK,CAAC,oBAAoB;QAAE,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,iBAAiB;QAAE,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,iBAAiB;QAAE,GAAG,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,iBAAiB;QAAE,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAClE,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CACN,eAAe,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,eAAe,IAAI,UAAU,MAAM,CAAC,CAAC,cAAc,IAAI,UAAU,EAAE,CAC/F,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6EAA6E;AAEhE,QAAA,qBAAqB,GAAG,0BAAmC,CAAC;AA8DzE,SAAgB,UAAU,CAAC,MAA4B;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAC1D,CAAC,MAAM,CAAC;IACT,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM;QACxB,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK;QACvB,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,WAAW,CAAC,CACvF,CAAC,MAAM,CAAC;IACT,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAE1F,OAAO;QACL,MAAM,EAAE,6BAAqB;QAC7B,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;QACxF,QAAQ,EAAE;YACR,IAAI,EAAE,MAAM,CAAC,YAAY;YACzB,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;YAC1B,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS;YACzC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM;YACnC,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM;SAC/C;QACD,OAAO,EAAE;YACP,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS;YAC7C,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM;YACvC,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM;SAC9C;QACD,OAAO,EAAE;YACP,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ;YACrC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,cAAc;gBACnC,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE;gBACvD,CAAC,CAAC,EAAE,CAAC;SACR;QACD,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;YACxB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK;YAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;YACxB,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;YACpC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;SACrC;QACD,OAAO,EAAE;YACP,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;YAC1B,QAAQ;YACR,OAAO;YACP,SAAS;YACT,QAAQ;SACT;QACD,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC9B,MAAM,EAAE,CAAC,CAAC,cAAc,CAAC,MAAM;YAC/B,MAAM,EAAE,CAAC,CAAC,cAAc,CAAC,MAAM;YAC/B,KAAK,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK;YAC7B,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,CAAC,CAAC,oBAAoB,KAAK,SAAS;gBACtC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,oBAAoB,EAAE;gBAClD,CAAC,CAAC,EAAE,CAAC;YACP,OAAO,EAAE,CAAC,CAAC,cAAc,CAAC,OAAO;SAClC,CAAC,CAAC;KACJ,CAAC;AACJ,CAAC;AAED,6EAA6E;AAE7E;;;;;;;;;;GAUG;AACH,SAAgB,cAAc,CAAC,MAA4B;IACzD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAEnF,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC/F,KAAK,CAAC,IAAI,CAAC,iBAAiB,OAAO,EAAE,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACtF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,MAAM,aAAa,CAAC,CAAC;QAC9D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACrD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,CAAC,IAAI,UAAU;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,sBAAsB,QAAQ,CAAC,MAAM,aAAa,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9E,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,iBAAiB,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK;QAClG,cAAc,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK;QAC/D,cAAc,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,KAAK;QACzE,YAAY,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CACnE,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,eAAe,CACtB,MAA4B,EAC5B,aAAqB,EACrB,YAAoB,EACpB,aAAqB;IAErB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,kBAAkB,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,YAAY,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,WAAW,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC5F,IAAI,aAAa,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,aAAa,WAAW,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,6BAA6B,MAAM,CAAC,KAAK,CAAC,MAAM,QAAQ,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC;IAClH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AAChC,CAAC;AAED,SAAS,eAAe,CAAC,CAAiB;IACxC,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9D,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7F,OAAO,KAAK,MAAM,MAAM,IAAI,MAAM,GAAG,MAAM,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,IAAI,CAAC;AACvF,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,mEAAmE;IACnE,+DAA+D;IAC/D,iEAAiE;IACjE,0CAA0C;IAC1C,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACpD,CAAC"}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `dxkit guardrail check` orchestrator.
|
|
3
|
+
*
|
|
4
|
+
* The matcher (`gitAwareMatch`) and classifier (`classify`) are pure
|
|
5
|
+
* modules that already exist. This file wires them together with the
|
|
6
|
+
* baseline file format, the producer pipeline, and the per-pair
|
|
7
|
+
* context lookups (severity, drift signals, changed-line overlap)
|
|
8
|
+
* the classifier needs to make policy decisions.
|
|
9
|
+
*
|
|
10
|
+
* Pipeline:
|
|
11
|
+
*
|
|
12
|
+
* 1. Load the prior baseline file.
|
|
13
|
+
* 2. Re-run every analyzer (via `gatherCurrentScan`) to produce the
|
|
14
|
+
* current side of the diff.
|
|
15
|
+
* 3. Convert both sides to `LocatedIdentity[]` and run the
|
|
16
|
+
* git-aware matcher.
|
|
17
|
+
* 4. Build per-pair classify context:
|
|
18
|
+
* - severity from the current security aggregate or per-kind
|
|
19
|
+
* defaults
|
|
20
|
+
* - kind from the matched BaselineEntry
|
|
21
|
+
* - scannerVersionDiffers from per-kind tool version compare
|
|
22
|
+
* - configDiffers from envelope hash compare
|
|
23
|
+
* - overlapsChangedLines from `git diff base..HEAD` hunks
|
|
24
|
+
* intersected with the finding's line
|
|
25
|
+
* 5. Run the brownfield policy classifier over every pair.
|
|
26
|
+
* 6. Optionally filter via `--changed-only`: drop pairs whose
|
|
27
|
+
* locator falls outside the diff. Non-locator pairs (dep-vuln,
|
|
28
|
+
* license, duplication, etc.) are always kept — their
|
|
29
|
+
* "semantic" identity doesn't map cleanly to changed lines.
|
|
30
|
+
* 7. Compose a `GuardrailCheckResult` with a deterministic
|
|
31
|
+
* blocks/warns verdict so the CLI can pick exit code + render.
|
|
32
|
+
*
|
|
33
|
+
* Drift signals come from comparing the baseline's `analysis` /
|
|
34
|
+
* `tools` envelope against the freshly-gathered envelope. Per-kind
|
|
35
|
+
* tool attribution uses the current run's `SecurityAggregate.provenance`
|
|
36
|
+
* — the cleaner alternative to a hardcoded kind→tool table.
|
|
37
|
+
*/
|
|
38
|
+
import type { CurrentScan } from './create';
|
|
39
|
+
import type { BaselineFile } from './baseline-file';
|
|
40
|
+
import type { BrownfieldPolicy, ClassifyResult } from './policy';
|
|
41
|
+
import type { BaselineEntry, FindingSeverity, MatchPair, MatchResult } from './types';
|
|
42
|
+
export interface RunGuardrailCheckOptions {
|
|
43
|
+
/** Repo root being checked. Caller should pass an absolute path. */
|
|
44
|
+
readonly cwd: string;
|
|
45
|
+
/** Baseline name to read from `.dxkit/baselines/<name>.json`.
|
|
46
|
+
* Defaults to `'main'`. */
|
|
47
|
+
readonly name?: string;
|
|
48
|
+
/** Explicit baseline file path. Overrides `name` when supplied —
|
|
49
|
+
* lets callers diff against a baseline stored outside the default
|
|
50
|
+
* directory (e.g. an artifact downloaded from CI). */
|
|
51
|
+
readonly baselinePath?: string;
|
|
52
|
+
/** When true, drop pairs whose locator falls outside the diff.
|
|
53
|
+
* Non-locator findings (dep-vuln, license, duplication, etc.) are
|
|
54
|
+
* always kept. */
|
|
55
|
+
readonly changedOnly?: boolean;
|
|
56
|
+
/** Path to a `.dxkit/policy.json` override. The on-disk shape
|
|
57
|
+
* matches `BrownfieldPolicy` (modulo readonly markers); unknown
|
|
58
|
+
* fields are preserved but not type-checked here — the policy
|
|
59
|
+
* classifier reads only the fields it knows. When omitted, a
|
|
60
|
+
* `<cwd>/.dxkit/policy.json` is auto-loaded if it exists; otherwise
|
|
61
|
+
* the compiled-in defaults apply. */
|
|
62
|
+
readonly policyPath?: string;
|
|
63
|
+
/** Forwarded to the underlying analyzers for per-tool timing logs. */
|
|
64
|
+
readonly verbose?: boolean;
|
|
65
|
+
}
|
|
66
|
+
/**
|
|
67
|
+
* Per-pair entry the CLI renderers consume. Carries the raw
|
|
68
|
+
* `MatchPair`, the classifier verdict, and enough context to render
|
|
69
|
+
* a meaningful diagnostic (which side the entry lives on, kind,
|
|
70
|
+
* severity, file/line locator).
|
|
71
|
+
*/
|
|
72
|
+
export interface ClassifiedPair {
|
|
73
|
+
readonly pair: MatchPair;
|
|
74
|
+
readonly classification: ClassifyResult;
|
|
75
|
+
/** Resolved severity (or undefined when the pair has no current-
|
|
76
|
+
* side entry to attribute to — `removed` pairs typically). */
|
|
77
|
+
readonly severity?: FindingSeverity;
|
|
78
|
+
/** Kind of the pair's anchor entry (prior for `removed`, current
|
|
79
|
+
* for everything else). */
|
|
80
|
+
readonly kind: BaselineEntry['kind'];
|
|
81
|
+
/** Locator info for renderers — populated when the anchor entry
|
|
82
|
+
* carries `file` / `line`. */
|
|
83
|
+
readonly file?: string;
|
|
84
|
+
readonly line?: number;
|
|
85
|
+
/** True when the anchor entry's line falls inside the diff
|
|
86
|
+
* between baseline and HEAD. Undefined when the pair has no
|
|
87
|
+
* line locator (dep-vuln, license, etc.) or when git history
|
|
88
|
+
* isn't reachable. Drives `--changed-only` filtering and the
|
|
89
|
+
* `newSevereQualityIssueInChangedFiles` / `newUntestedChangedSource`
|
|
90
|
+
* block rules. */
|
|
91
|
+
readonly overlapsChangedLines?: boolean;
|
|
92
|
+
}
|
|
93
|
+
export interface EnvelopeDrift {
|
|
94
|
+
readonly toolchainHashChanged: boolean;
|
|
95
|
+
readonly policyHashChanged: boolean;
|
|
96
|
+
readonly ignoreHashChanged: boolean;
|
|
97
|
+
readonly configHashChanged: boolean;
|
|
98
|
+
readonly dxkitVersionChanged: boolean;
|
|
99
|
+
/** Per-tool version drift. Empty when `tools` maps agree. */
|
|
100
|
+
readonly toolVersionDiffs: ReadonlyArray<{
|
|
101
|
+
readonly tool: string;
|
|
102
|
+
readonly baselineVersion: string | undefined;
|
|
103
|
+
readonly currentVersion: string | undefined;
|
|
104
|
+
}>;
|
|
105
|
+
}
|
|
106
|
+
export interface GuardrailCheckResult {
|
|
107
|
+
readonly baselinePath: string;
|
|
108
|
+
readonly baseline: BaselineFile;
|
|
109
|
+
readonly current: CurrentScan;
|
|
110
|
+
readonly matchResult: MatchResult;
|
|
111
|
+
readonly pairs: ReadonlyArray<ClassifiedPair>;
|
|
112
|
+
readonly envelopeDrift: EnvelopeDrift;
|
|
113
|
+
readonly policy: BrownfieldPolicy;
|
|
114
|
+
/** True when at least one classified pair blocks. The CLI maps
|
|
115
|
+
* this to exit code 1. */
|
|
116
|
+
readonly blocks: boolean;
|
|
117
|
+
/** True when at least one pair warns. Informational; doesn't
|
|
118
|
+
* affect exit code by itself. */
|
|
119
|
+
readonly warns: boolean;
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Run the guardrail-check pipeline. Pure-orchestrator: loads the
|
|
123
|
+
* baseline, gathers current state, runs the matcher + classifier,
|
|
124
|
+
* and returns a structured result. Renderers + CLI are downstream.
|
|
125
|
+
*/
|
|
126
|
+
export declare function runGuardrailCheck(options: RunGuardrailCheckOptions): Promise<GuardrailCheckResult>;
|
|
127
|
+
//# sourceMappingURL=check.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAClF,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAGjG,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;2DAEuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;uBAEmB;IACnB,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;0CAKsC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;uBAKmB;IACnB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,6DAA6D;IAC7D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7C,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;+BAC2B;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB;sCACkC;IAClC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;CACzB;AAoBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,oBAAoB,CAAC,CA+H/B"}
|