@vyuhlabs/dxkit 2.5.1 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (200) hide show
  1. package/CHANGELOG.md +318 -0
  2. package/README.md +150 -28
  3. package/dist/allowlist/categories.d.ts +120 -0
  4. package/dist/allowlist/categories.d.ts.map +1 -0
  5. package/dist/allowlist/categories.js +194 -0
  6. package/dist/allowlist/categories.js.map +1 -0
  7. package/dist/allowlist/cli.d.ts +95 -0
  8. package/dist/allowlist/cli.d.ts.map +1 -0
  9. package/dist/allowlist/cli.js +454 -0
  10. package/dist/allowlist/cli.js.map +1 -0
  11. package/dist/allowlist/diff.d.ts +67 -0
  12. package/dist/allowlist/diff.d.ts.map +1 -0
  13. package/dist/allowlist/diff.js +147 -0
  14. package/dist/allowlist/diff.js.map +1 -0
  15. package/dist/allowlist/file.d.ts +249 -0
  16. package/dist/allowlist/file.d.ts.map +1 -0
  17. package/dist/allowlist/file.js +497 -0
  18. package/dist/allowlist/file.js.map +1 -0
  19. package/dist/allowlist/gather.d.ts +61 -0
  20. package/dist/allowlist/gather.d.ts.map +1 -0
  21. package/dist/allowlist/gather.js +143 -0
  22. package/dist/allowlist/gather.js.map +1 -0
  23. package/dist/allowlist/hint.d.ts +80 -0
  24. package/dist/allowlist/hint.d.ts.map +1 -0
  25. package/dist/allowlist/hint.js +271 -0
  26. package/dist/allowlist/hint.js.map +1 -0
  27. package/dist/allowlist/inline.d.ts +149 -0
  28. package/dist/allowlist/inline.d.ts.map +1 -0
  29. package/dist/allowlist/inline.js +306 -0
  30. package/dist/allowlist/inline.js.map +1 -0
  31. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  32. package/dist/analyzers/tools/tool-registry.js +25 -8
  33. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  34. package/dist/baseline/baseline-file.d.ts +7 -0
  35. package/dist/baseline/baseline-file.d.ts.map +1 -1
  36. package/dist/baseline/baseline-file.js +22 -1
  37. package/dist/baseline/baseline-file.js.map +1 -1
  38. package/dist/baseline/check-renderers.d.ts +13 -1
  39. package/dist/baseline/check-renderers.d.ts.map +1 -1
  40. package/dist/baseline/check-renderers.js +67 -1
  41. package/dist/baseline/check-renderers.js.map +1 -1
  42. package/dist/baseline/check.d.ts +33 -7
  43. package/dist/baseline/check.d.ts.map +1 -1
  44. package/dist/baseline/check.js +90 -64
  45. package/dist/baseline/check.js.map +1 -1
  46. package/dist/baseline/create.d.ts +35 -7
  47. package/dist/baseline/create.d.ts.map +1 -1
  48. package/dist/baseline/create.js +43 -5
  49. package/dist/baseline/create.js.map +1 -1
  50. package/dist/baseline/entry-to-located.d.ts +6 -1
  51. package/dist/baseline/entry-to-located.d.ts.map +1 -1
  52. package/dist/baseline/entry-to-located.js +20 -2
  53. package/dist/baseline/entry-to-located.js.map +1 -1
  54. package/dist/baseline/finding-identity.d.ts.map +1 -1
  55. package/dist/baseline/finding-identity.js +15 -13
  56. package/dist/baseline/finding-identity.js.map +1 -1
  57. package/dist/baseline/modes.d.ts +140 -0
  58. package/dist/baseline/modes.d.ts.map +1 -0
  59. package/dist/baseline/modes.js +179 -0
  60. package/dist/baseline/modes.js.map +1 -0
  61. package/dist/baseline/policy.d.ts +64 -0
  62. package/dist/baseline/policy.d.ts.map +1 -1
  63. package/dist/baseline/policy.js +102 -1
  64. package/dist/baseline/policy.js.map +1 -1
  65. package/dist/baseline/producers/health.d.ts +2 -2
  66. package/dist/baseline/producers/health.d.ts.map +1 -1
  67. package/dist/baseline/producers/health.js.map +1 -1
  68. package/dist/baseline/producers/index.d.ts +11 -5
  69. package/dist/baseline/producers/index.d.ts.map +1 -1
  70. package/dist/baseline/producers/index.js +12 -9
  71. package/dist/baseline/producers/index.js.map +1 -1
  72. package/dist/baseline/producers/quality.d.ts +3 -3
  73. package/dist/baseline/producers/quality.d.ts.map +1 -1
  74. package/dist/baseline/producers/quality.js.map +1 -1
  75. package/dist/baseline/producers/secret-hmac.d.ts +2 -2
  76. package/dist/baseline/producers/secret-hmac.d.ts.map +1 -1
  77. package/dist/baseline/producers/secret-hmac.js.map +1 -1
  78. package/dist/baseline/producers/security.d.ts +2 -2
  79. package/dist/baseline/producers/security.d.ts.map +1 -1
  80. package/dist/baseline/producers/security.js.map +1 -1
  81. package/dist/baseline/producers/stale-allow.d.ts +70 -0
  82. package/dist/baseline/producers/stale-allow.d.ts.map +1 -0
  83. package/dist/baseline/producers/stale-allow.js +111 -0
  84. package/dist/baseline/producers/stale-allow.js.map +1 -0
  85. package/dist/baseline/producers/tests.d.ts +2 -2
  86. package/dist/baseline/producers/tests.d.ts.map +1 -1
  87. package/dist/baseline/producers/tests.js.map +1 -1
  88. package/dist/baseline/ref-baseline.d.ts +114 -0
  89. package/dist/baseline/ref-baseline.d.ts.map +1 -0
  90. package/dist/baseline/ref-baseline.js +260 -0
  91. package/dist/baseline/ref-baseline.js.map +1 -0
  92. package/dist/baseline/sanitize.d.ts +80 -0
  93. package/dist/baseline/sanitize.d.ts.map +1 -0
  94. package/dist/baseline/sanitize.js +91 -0
  95. package/dist/baseline/sanitize.js.map +1 -0
  96. package/dist/baseline/show.d.ts.map +1 -1
  97. package/dist/baseline/show.js +9 -3
  98. package/dist/baseline/show.js.map +1 -1
  99. package/dist/baseline/types.d.ts +73 -26
  100. package/dist/baseline/types.d.ts.map +1 -1
  101. package/dist/baseline/types.js +7 -1
  102. package/dist/baseline/types.js.map +1 -1
  103. package/dist/baseline/visibility.d.ts +61 -0
  104. package/dist/baseline/visibility.d.ts.map +1 -0
  105. package/dist/baseline/visibility.js +121 -0
  106. package/dist/baseline/visibility.js.map +1 -0
  107. package/dist/cli.d.ts.map +1 -1
  108. package/dist/cli.js +154 -13
  109. package/dist/cli.js.map +1 -1
  110. package/dist/constants.d.ts.map +1 -1
  111. package/dist/constants.js +0 -10
  112. package/dist/constants.js.map +1 -1
  113. package/dist/detect.d.ts.map +1 -1
  114. package/dist/detect.js +0 -15
  115. package/dist/detect.js.map +1 -1
  116. package/dist/doctor.d.ts +78 -1
  117. package/dist/doctor.d.ts.map +1 -1
  118. package/dist/doctor.js +590 -101
  119. package/dist/doctor.js.map +1 -1
  120. package/dist/generator.d.ts.map +1 -1
  121. package/dist/generator.js +15 -0
  122. package/dist/generator.js.map +1 -1
  123. package/dist/issue-cli.d.ts +62 -0
  124. package/dist/issue-cli.d.ts.map +1 -0
  125. package/dist/issue-cli.js +252 -0
  126. package/dist/issue-cli.js.map +1 -0
  127. package/dist/languages/csharp.d.ts.map +1 -1
  128. package/dist/languages/csharp.js +2 -0
  129. package/dist/languages/csharp.js.map +1 -1
  130. package/dist/languages/go.d.ts.map +1 -1
  131. package/dist/languages/go.js +2 -0
  132. package/dist/languages/go.js.map +1 -1
  133. package/dist/languages/index.d.ts +25 -0
  134. package/dist/languages/index.d.ts.map +1 -1
  135. package/dist/languages/index.js +44 -0
  136. package/dist/languages/index.js.map +1 -1
  137. package/dist/languages/java.d.ts.map +1 -1
  138. package/dist/languages/java.js +2 -0
  139. package/dist/languages/java.js.map +1 -1
  140. package/dist/languages/kotlin.d.ts.map +1 -1
  141. package/dist/languages/kotlin.js +2 -0
  142. package/dist/languages/kotlin.js.map +1 -1
  143. package/dist/languages/python.d.ts.map +1 -1
  144. package/dist/languages/python.js +11 -1
  145. package/dist/languages/python.js.map +1 -1
  146. package/dist/languages/ruby.d.ts.map +1 -1
  147. package/dist/languages/ruby.js +2 -0
  148. package/dist/languages/ruby.js.map +1 -1
  149. package/dist/languages/rust.d.ts.map +1 -1
  150. package/dist/languages/rust.js +2 -0
  151. package/dist/languages/rust.js.map +1 -1
  152. package/dist/languages/types.d.ts +45 -0
  153. package/dist/languages/types.d.ts.map +1 -1
  154. package/dist/languages/typescript.d.ts.map +1 -1
  155. package/dist/languages/typescript.js +2 -0
  156. package/dist/languages/typescript.js.map +1 -1
  157. package/dist/prompts.d.ts.map +1 -1
  158. package/dist/prompts.js +0 -5
  159. package/dist/prompts.js.map +1 -1
  160. package/dist/setup-branch-protection.d.ts +34 -0
  161. package/dist/setup-branch-protection.d.ts.map +1 -0
  162. package/dist/setup-branch-protection.js +190 -0
  163. package/dist/setup-branch-protection.js.map +1 -0
  164. package/dist/setup-gh.d.ts +75 -0
  165. package/dist/setup-gh.d.ts.map +1 -0
  166. package/dist/setup-gh.js +213 -0
  167. package/dist/setup-gh.js.map +1 -0
  168. package/dist/setup-prebuild.d.ts +34 -0
  169. package/dist/setup-prebuild.d.ts.map +1 -0
  170. package/dist/setup-prebuild.js +181 -0
  171. package/dist/setup-prebuild.js.map +1 -0
  172. package/dist/ship-installers.d.ts.map +1 -1
  173. package/dist/ship-installers.js +19 -4
  174. package/dist/ship-installers.js.map +1 -1
  175. package/dist/types.d.ts +24 -6
  176. package/dist/types.d.ts.map +1 -1
  177. package/dist/update.d.ts +41 -0
  178. package/dist/update.d.ts.map +1 -1
  179. package/dist/update.js +154 -15
  180. package/dist/update.js.map +1 -1
  181. package/dist/upgrade.d.ts +88 -0
  182. package/dist/upgrade.d.ts.map +1 -0
  183. package/dist/upgrade.js +324 -0
  184. package/dist/upgrade.js.map +1 -0
  185. package/package.json +1 -1
  186. package/templates/.claude/skills/dxkit-action/SKILL.md +111 -17
  187. package/templates/.claude/skills/dxkit-config/SKILL.md +7 -7
  188. package/templates/.claude/skills/dxkit-fix/SKILL.md +165 -0
  189. package/templates/.claude/skills/dxkit-hooks/SKILL.md +8 -8
  190. package/templates/.claude/skills/dxkit-init/SKILL.md +3 -3
  191. package/templates/.claude/skills/dxkit-learn/SKILL.md +9 -9
  192. package/templates/.claude/skills/dxkit-onboard/SKILL.md +274 -0
  193. package/templates/.claude/skills/dxkit-reports/SKILL.md +18 -18
  194. package/templates/.claude/skills/dxkit-update/SKILL.md +164 -0
  195. package/templates/.devcontainer/devcontainer.json +6 -15
  196. package/templates/.devcontainer/post-create.sh +19 -4
  197. package/dist/baseline/producers/licenses.d.ts +0 -23
  198. package/dist/baseline/producers/licenses.d.ts.map +0 -1
  199. package/dist/baseline/producers/licenses.js +0 -46
  200. package/dist/baseline/producers/licenses.js.map +0 -1
@@ -0,0 +1,179 @@
1
+ "use strict";
2
+ /**
3
+ * Baseline mode resolution — single source of truth for picking
4
+ * between `committed-full`, `committed-sanitized`, and `ref-based`.
5
+ *
6
+ * # The three modes
7
+ *
8
+ * - **`committed-full`** — Rich entries committed to git under
9
+ * `.dxkit/baselines/<name>.json`. The default behavior dxkit
10
+ * has had since baselines existed. Best for private repos with
11
+ * small teams; the human-readable locator fields make `baseline
12
+ * show` and block-time hints maximally useful.
13
+ *
14
+ * - **`committed-sanitized`** — The file is still committed, but
15
+ * every entry is stripped to `{ id, kind, sanitized: true }`
16
+ * before write (see `./sanitize.ts`). The cross-run matching
17
+ * contract is preserved (identity fingerprints are unchanged);
18
+ * human-readable locators are gone. Best for compliance-
19
+ * conscious private repos where broad internal read access
20
+ * makes location disclosures material.
21
+ *
22
+ * - **`ref-based`** — No baseline file is committed. The prior
23
+ * side of the guardrail diff is computed at check time from a
24
+ * git ref (default: `origin/<default-branch>`) via
25
+ * `git worktree add`. Zero disclosure surface; best for public
26
+ * repos. Cost is a longer check (gather runs twice — once
27
+ * against the ref, once against HEAD).
28
+ *
29
+ * # Resolution precedence
30
+ *
31
+ * 1. **CLI flag** — `--mode=<X>` (and `--ref=<R>`). Highest
32
+ * precedence. Overrides everything else.
33
+ * 2. **Policy file** — `baseline.mode` / `baseline.ref` in
34
+ * `.dxkit/policy.json`. Pins the choice repo-wide so every
35
+ * developer + every CI job uses the same posture.
36
+ * 3. **Visibility-derived default** — probes
37
+ * `gh repo view --json visibility` (see `./visibility.ts`)
38
+ * and picks:
39
+ * - `'public'` → `ref-based`
40
+ * - `'private'` / `'internal'` → `committed-full`
41
+ * - `'unknown'` → `committed-full` (safe default + warning)
42
+ *
43
+ * `committed-sanitized` is never auto-picked. It's the explicit
44
+ * opt-in for compliance-conscious private repos. The reasoning:
45
+ *
46
+ * - For public repos, sanitized-in-git is strictly worse than
47
+ * ref-based — you're still committing the fingerprint set,
48
+ * and ref-based gives the same matching contract without
49
+ * storing anything.
50
+ * - For typical private repos with small teams, full content
51
+ * is more useful.
52
+ *
53
+ * So sanitized lives between those two extremes and customers
54
+ * opt in via `policy.json` or `--mode=committed-sanitized`.
55
+ *
56
+ * # Why one resolver
57
+ *
58
+ * Every consumer (the `baseline create` orchestrator, the
59
+ * `guardrail check` orchestrator, doctor checks, future modes-
60
+ * aware tooling) calls `resolveBaselineMode` and reads the
61
+ * returned `ResolvedMode`. Scattered `if (visibility === 'public')`
62
+ * branches would drift independently as the rules evolve; this
63
+ * module is the single edit point.
64
+ *
65
+ * Pure module — no I/O of its own. The visibility probe is
66
+ * injectable via `probeVisibility` so tests can simulate every
67
+ * path without going through `execSync('gh ...')`.
68
+ */
69
+ Object.defineProperty(exports, "__esModule", { value: true });
70
+ exports.BASELINE_MODES = void 0;
71
+ exports.resolveBaselineMode = resolveBaselineMode;
72
+ exports.probeOriginHeadRef = probeOriginHeadRef;
73
+ exports.parseBaselineMode = parseBaselineMode;
74
+ const child_process_1 = require("child_process");
75
+ const visibility_1 = require("./visibility");
76
+ /** Canonical enumeration of the mode strings. Consumers wanting to
77
+ * iterate every mode (CLI flag validation, help text, doctor)
78
+ * import this rather than re-listing the union members. */
79
+ exports.BASELINE_MODES = Object.freeze([
80
+ 'committed-full',
81
+ 'committed-sanitized',
82
+ 'ref-based',
83
+ ]);
84
+ /**
85
+ * Resolve the baseline mode for a given run. Pure over its inputs
86
+ * apart from the optional probe functions (which default to
87
+ * `detectRepoVisibility` + `probeOriginHeadRef` and ARE I/O-bound).
88
+ * The returned `ResolvedMode` carries everything callers need to
89
+ * dispatch + log.
90
+ */
91
+ function resolveBaselineMode(opts) {
92
+ if (opts.cliMode !== undefined) {
93
+ return finalize(opts, opts.cliMode, 'cli');
94
+ }
95
+ if (opts.policyMode !== undefined) {
96
+ return finalize(opts, opts.policyMode, 'policy');
97
+ }
98
+ const probe = opts.probeVisibility ?? visibility_1.detectRepoVisibility;
99
+ const visibility = probe(opts.cwd);
100
+ switch (visibility) {
101
+ case 'public':
102
+ return finalize(opts, 'ref-based', 'auto-public');
103
+ case 'private':
104
+ return finalize(opts, 'committed-full', 'auto-private');
105
+ case 'internal':
106
+ return finalize(opts, 'committed-full', 'auto-internal');
107
+ case 'unknown':
108
+ return finalize(opts, 'committed-full', 'auto-unknown');
109
+ }
110
+ }
111
+ /**
112
+ * Internal: stamp the explanation + resolve the ref (for ref-based)
113
+ * onto the outcome. Centralized so every code path emits the same
114
+ * shape.
115
+ */
116
+ function finalize(opts, mode, source) {
117
+ const explanation = explanationFor(mode, source);
118
+ if (mode !== 'ref-based')
119
+ return { mode, source, explanation };
120
+ const ref = resolveRef(opts);
121
+ return { mode, source, explanation, ref };
122
+ }
123
+ function resolveRef(opts) {
124
+ if (opts.cliRef)
125
+ return opts.cliRef;
126
+ if (opts.policyRef)
127
+ return opts.policyRef;
128
+ const probe = opts.probeDefaultRef ?? probeOriginHeadRef;
129
+ return probe(opts.cwd) ?? 'origin/main';
130
+ }
131
+ /**
132
+ * Probe `git symbolic-ref refs/remotes/origin/HEAD` to learn the
133
+ * remote's default branch. Returns `'origin/<branch>'` on success,
134
+ * `undefined` on any failure (no remote, no fetch ever ran, etc.).
135
+ *
136
+ * Public for testing — production callers go through
137
+ * `resolveBaselineMode`'s `opts.probeDefaultRef` injection.
138
+ */
139
+ function probeOriginHeadRef(cwd) {
140
+ try {
141
+ const out = (0, child_process_1.execSync)('git symbolic-ref refs/remotes/origin/HEAD', {
142
+ cwd,
143
+ stdio: ['ignore', 'pipe', 'pipe'],
144
+ encoding: 'utf-8',
145
+ }).trim();
146
+ // Output shape: "refs/remotes/origin/main" → strip the prefix.
147
+ if (out.startsWith('refs/remotes/'))
148
+ return out.slice('refs/remotes/'.length);
149
+ return undefined;
150
+ }
151
+ catch {
152
+ return undefined;
153
+ }
154
+ }
155
+ function explanationFor(mode, source) {
156
+ switch (source) {
157
+ case 'cli':
158
+ return `mode=${mode} (--mode flag)`;
159
+ case 'policy':
160
+ return `mode=${mode} (.dxkit/policy.json: baseline.mode)`;
161
+ case 'auto-public':
162
+ return `mode=${mode} (auto: gh detected a public repo)`;
163
+ case 'auto-private':
164
+ return `mode=${mode} (auto: gh detected a private repo)`;
165
+ case 'auto-internal':
166
+ return `mode=${mode} (auto: gh detected an internal repo)`;
167
+ case 'auto-unknown':
168
+ return `mode=${mode} (auto: visibility not detectable via gh; defaulting to private posture)`;
169
+ }
170
+ }
171
+ /**
172
+ * Parse a string into a `BaselineMode`. Returns `null` for unknown
173
+ * values so the CLI surfaces a helpful error including the full
174
+ * accepted list. Used by `--mode=<X>` flag parsing.
175
+ */
176
+ function parseBaselineMode(raw) {
177
+ return exports.BASELINE_MODES.includes(raw) ? raw : null;
178
+ }
179
+ //# sourceMappingURL=modes.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"modes.js","sourceRoot":"","sources":["../../src/baseline/modes.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkEG;;;AA4EH,kDAmBC;AA6BD,gDAaC;AAwBD,8CAEC;AAjKD,iDAAyC;AACzC,6CAAoD;AAQpD;;4DAE4D;AAC/C,QAAA,cAAc,GAAgC,MAAM,CAAC,MAAM,CAAC;IACvE,gBAAgB;IAChB,qBAAqB;IACrB,WAAW;CACZ,CAAC,CAAC;AAmDH;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,IAAwB;IAC1D,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAClC,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,IAAI,iCAAoB,CAAC;IAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnC,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QACpD,KAAK,SAAS;YACZ,OAAO,QAAQ,CAAC,IAAI,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAC1D,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC,IAAI,EAAE,gBAAgB,EAAE,eAAe,CAAC,CAAC;QAC3D,KAAK,SAAS;YACZ,OAAO,QAAQ,CAAC,IAAI,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,QAAQ,CAAC,IAAwB,EAAE,IAAkB,EAAE,MAAkB;IAChF,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,IAAI,KAAK,WAAW;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC/D,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC;AAC5C,CAAC;AAED,SAAS,UAAU,CAAC,IAAwB;IAC1C,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IACpC,IAAI,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,IAAI,kBAAkB,CAAC;IACzD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,aAAa,CAAC;AAC1C,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,2CAA2C,EAAE;YAChE,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;YACjC,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,+DAA+D;QAC/D,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC;YAAE,OAAO,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC9E,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,IAAkB,EAAE,MAAkB;IAC5D,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,KAAK;YACR,OAAO,QAAQ,IAAI,gBAAgB,CAAC;QACtC,KAAK,QAAQ;YACX,OAAO,QAAQ,IAAI,sCAAsC,CAAC;QAC5D,KAAK,aAAa;YAChB,OAAO,QAAQ,IAAI,oCAAoC,CAAC;QAC1D,KAAK,cAAc;YACjB,OAAO,QAAQ,IAAI,qCAAqC,CAAC;QAC3D,KAAK,eAAe;YAClB,OAAO,QAAQ,IAAI,uCAAuC,CAAC;QAC7D,KAAK,cAAc;YACjB,OAAO,QAAQ,IAAI,0EAA0E,CAAC;IAClG,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,OAAQ,sBAAwC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,GAAoB,CAAC,CAAC,CAAC,IAAI,CAAC;AAChG,CAAC"}
@@ -22,7 +22,31 @@
22
22
  * Phase 3's baseline-metadata work can light them up incrementally
23
23
  * without re-shaping consumer code.
24
24
  */
25
+ import type { BaselineMode } from './modes';
25
26
  import type { FindingSeverity, FindingStatus, MatchPair, MatchReason } from './types';
27
+ /**
28
+ * Optional `baseline.*` block in `.dxkit/policy.json`. Pins the
29
+ * mode + (when ref-based) the comparison ref repo-wide so every
30
+ * developer + every CI job uses the same posture. Both fields are
31
+ * optional; when absent the resolver in `./modes.ts` falls back to
32
+ * visibility-derived defaults.
33
+ *
34
+ * Schema example:
35
+ *
36
+ * {
37
+ * "baseline": {
38
+ * "mode": "ref-based",
39
+ * "ref": "origin/main"
40
+ * }
41
+ * }
42
+ */
43
+ export interface BaselineSection {
44
+ readonly mode?: BaselineMode;
45
+ /** Git ref to compare against in `ref-based` mode. When absent,
46
+ * the resolver probes `origin/HEAD` and falls back to
47
+ * `'origin/main'`. */
48
+ readonly ref?: string;
49
+ }
26
50
  /**
27
51
  * Per-finding-kind overrides that escalate specific guardrail rules
28
52
  * beyond the generic `block` / `warn` lists. Each rule maps to a
@@ -87,6 +111,21 @@ export interface BrownfieldPolicy {
87
111
  * diff overlap) via `.dxkit/policy.json`.
88
112
  */
89
113
  readonly addedRequiresChangedLines: ReadonlyArray<string>;
114
+ /**
115
+ * Baseline-mode pinning. When absent, the resolver in `./modes.ts`
116
+ * falls back to visibility-derived defaults
117
+ * (`'public'` → `ref-based`; `'private'` / `'internal'` /
118
+ * `'unknown'` → `committed-full`). Customers pin this to lock the
119
+ * posture across all developers + CI jobs:
120
+ *
121
+ * - `'committed-full'`: rich entries committed (default for
122
+ * private repos with small teams).
123
+ * - `'committed-sanitized'`: stripped entries committed
124
+ * (compliance-conscious private repos).
125
+ * - `'ref-based'`: no committed baseline; computed from a git
126
+ * ref at check time (default for public repos).
127
+ */
128
+ readonly baseline?: BaselineSection;
90
129
  }
91
130
  /**
92
131
  * Default brownfield policy. Captures the conservative posture from
@@ -168,4 +207,29 @@ export declare function classify(pair: MatchPair, policy?: BrownfieldPolicy, con
168
207
  * envelope to fill in the fields the classifier reads.
169
208
  */
170
209
  export declare function classifyAll(pairs: ReadonlyArray<MatchPair>, policy?: BrownfieldPolicy, contextFor?: (pair: MatchPair) => ClassifyContext): ReadonlyArray<ClassifyResult>;
210
+ /** Conventional location for a per-repo brownfield policy. Loaded
211
+ * automatically by `resolvePolicy` when present. */
212
+ export declare const DEFAULT_POLICY_FILENAME: string;
213
+ /**
214
+ * Load a brownfield policy with the three-step resolution order
215
+ * shared by `createBaseline` and `runGuardrailCheck`:
216
+ *
217
+ * 1. `policyPath` (explicit `--policy <p>` flag). Errors if the
218
+ * path is supplied but unreadable / malformed.
219
+ * 2. `<cwd>/.dxkit/policy.json` (conventional). Silently skipped
220
+ * when absent so consumers without a policy get the defaults.
221
+ * 3. `DEFAULT_BROWNFIELD_POLICY` (compiled-in fallback).
222
+ *
223
+ * Customer fields shallow-merge over the default. The
224
+ * `confidence` / `blockRules` blocks deep-merge by key. Unknown
225
+ * fields are preserved — the classifier ignores what it doesn't
226
+ * know, so forward-compatible policy files don't break old dxkit.
227
+ */
228
+ export declare function resolvePolicy(policyPath: string | undefined, cwd: string): BrownfieldPolicy;
229
+ /**
230
+ * Convenience wrapper for callers that don't take a `--policy`
231
+ * override (e.g., `createBaseline`). Loads the conventional file if
232
+ * present; returns defaults otherwise.
233
+ */
234
+ export declare function loadPolicyFromCwd(cwd: string): BrownfieldPolicy;
171
235
  //# sourceMappingURL=policy.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/baseline/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtF;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,kEAAkE;IAClE,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,4DAA4D;IAC5D,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IACvC,iEAAiE;IACjE,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;IACnC,oEAAoE;IACpE,QAAQ,CAAC,kCAAkC,CAAC,EAAE,OAAO,CAAC;IACtD,mEAAmE;IACnE,QAAQ,CAAC,uCAAuC,CAAC,EAAE,OAAO,CAAC;IAC3D,qEAAqE;IACrE,QAAQ,CAAC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,mCAAmC,CAAC,EAAE,OAAO,CAAC;CACxD;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAC7C,mDAAmD;IACnD,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAC5C;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/D,uCAAuC;IACvC,QAAQ,CAAC,UAAU,EAAE,oBAAoB,CAAC;IAC1C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,QAAQ,CAAC,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC3D;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,yBAAyB,EAAE,gBA0BtC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC,sEAAsE;IACtE,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;uEAEmE;IACnE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC;yEACqE;IACrE,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC;;;yDAGqD;IACrD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IACxC,iEAAiE;IACjE,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED,mDAAmD;AACnD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B;wCACoC;IACpC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,gCAAgC;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;kDAC8C;IAC9C,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC9C;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,QAAQ,CACtB,IAAI,EAAE,SAAS,EACf,MAAM,GAAE,gBAA4C,EACpD,OAAO,GAAE,eAAoB,GAC5B,cAAc,CAmEhB;AA0DD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAC/B,MAAM,GAAE,gBAA4C,EACpD,UAAU,GAAE,CAAC,IAAI,EAAE,SAAS,KAAK,eAA4B,GAC5D,aAAa,CAAC,cAAc,CAAC,CAE/B"}
1
+ {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/baseline/policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC;IAC7B;;2BAEuB;IACvB,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,kEAAkE;IAClE,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAC7B,4DAA4D;IAC5D,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IACvC,iEAAiE;IACjE,QAAQ,CAAC,eAAe,CAAC,EAAE,OAAO,CAAC;IACnC,oEAAoE;IACpE,QAAQ,CAAC,kCAAkC,CAAC,EAAE,OAAO,CAAC;IACtD,mEAAmE;IACnE,QAAQ,CAAC,uCAAuC,CAAC,EAAE,OAAO,CAAC;IAC3D,qEAAqE;IACrE,QAAQ,CAAC,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,mCAAmC,CAAC,EAAE,OAAO,CAAC;CACxD;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAC7C,mDAAmD;IACnD,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAC5C;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IAC/D,uCAAuC;IACvC,QAAQ,CAAC,UAAU,EAAE,oBAAoB,CAAC;IAC1C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,QAAQ,CAAC,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1D;;;;;;;;;;;;;OAaG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;CACrC;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,yBAAyB,EAAE,gBA0BtC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,0CAA0C;IAC1C,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC,sEAAsE;IACtE,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;uEAEmE;IACnE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC;IACzC;yEACqE;IACrE,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC;;;yDAGqD;IACrD,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;IACxC,iEAAiE;IACjE,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED,mDAAmD;AACnD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B;wCACoC;IACpC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,gCAAgC;IAChC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;kDAC8C;IAC9C,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC9C;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,QAAQ,CACtB,IAAI,EAAE,SAAS,EACf,MAAM,GAAE,gBAA4C,EACpD,OAAO,GAAE,eAAoB,GAC5B,cAAc,CAmEhB;AA0DD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAC/B,MAAM,GAAE,gBAA4C,EACpD,UAAU,GAAE,CAAC,IAAI,EAAE,SAAS,KAAK,eAA4B,GAC5D,aAAa,CAAC,cAAc,CAAC,CAE/B;AAED;qDACqD;AACrD,eAAO,MAAM,uBAAuB,QAAqC,CAAC;AAE1E;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAkC3F;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAE/D"}
@@ -23,10 +23,47 @@
23
23
  * Phase 3's baseline-metadata work can light them up incrementally
24
24
  * without re-shaping consumer code.
25
25
  */
26
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
27
+ if (k2 === undefined) k2 = k;
28
+ var desc = Object.getOwnPropertyDescriptor(m, k);
29
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
30
+ desc = { enumerable: true, get: function() { return m[k]; } };
31
+ }
32
+ Object.defineProperty(o, k2, desc);
33
+ }) : (function(o, m, k, k2) {
34
+ if (k2 === undefined) k2 = k;
35
+ o[k2] = m[k];
36
+ }));
37
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
38
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
39
+ }) : function(o, v) {
40
+ o["default"] = v;
41
+ });
42
+ var __importStar = (this && this.__importStar) || (function () {
43
+ var ownKeys = function(o) {
44
+ ownKeys = Object.getOwnPropertyNames || function (o) {
45
+ var ar = [];
46
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
47
+ return ar;
48
+ };
49
+ return ownKeys(o);
50
+ };
51
+ return function (mod) {
52
+ if (mod && mod.__esModule) return mod;
53
+ var result = {};
54
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
55
+ __setModuleDefault(result, mod);
56
+ return result;
57
+ };
58
+ })();
26
59
  Object.defineProperty(exports, "__esModule", { value: true });
27
- exports.DEFAULT_BROWNFIELD_POLICY = void 0;
60
+ exports.DEFAULT_POLICY_FILENAME = exports.DEFAULT_BROWNFIELD_POLICY = void 0;
28
61
  exports.classify = classify;
29
62
  exports.classifyAll = classifyAll;
63
+ exports.resolvePolicy = resolvePolicy;
64
+ exports.loadPolicyFromCwd = loadPolicyFromCwd;
65
+ const fs = __importStar(require("fs"));
66
+ const path = __importStar(require("path"));
30
67
  /**
31
68
  * Default brownfield policy. Captures the conservative posture from
32
69
  * the agentic-brownfield strategy: block only on high-confidence new
@@ -203,4 +240,68 @@ function evaluateBlockRules(status, rules, context) {
203
240
  function classifyAll(pairs, policy = exports.DEFAULT_BROWNFIELD_POLICY, contextFor = () => ({})) {
204
241
  return pairs.map((pair) => classify(pair, policy, contextFor(pair)));
205
242
  }
243
+ /** Conventional location for a per-repo brownfield policy. Loaded
244
+ * automatically by `resolvePolicy` when present. */
245
+ exports.DEFAULT_POLICY_FILENAME = path.join('.dxkit', 'policy.json');
246
+ /**
247
+ * Load a brownfield policy with the three-step resolution order
248
+ * shared by `createBaseline` and `runGuardrailCheck`:
249
+ *
250
+ * 1. `policyPath` (explicit `--policy <p>` flag). Errors if the
251
+ * path is supplied but unreadable / malformed.
252
+ * 2. `<cwd>/.dxkit/policy.json` (conventional). Silently skipped
253
+ * when absent so consumers without a policy get the defaults.
254
+ * 3. `DEFAULT_BROWNFIELD_POLICY` (compiled-in fallback).
255
+ *
256
+ * Customer fields shallow-merge over the default. The
257
+ * `confidence` / `blockRules` blocks deep-merge by key. Unknown
258
+ * fields are preserved — the classifier ignores what it doesn't
259
+ * know, so forward-compatible policy files don't break old dxkit.
260
+ */
261
+ function resolvePolicy(policyPath, cwd) {
262
+ let resolvedPath = policyPath;
263
+ if (!resolvedPath) {
264
+ const conventional = path.join(cwd, exports.DEFAULT_POLICY_FILENAME);
265
+ if (fs.existsSync(conventional))
266
+ resolvedPath = conventional;
267
+ }
268
+ if (!resolvedPath)
269
+ return exports.DEFAULT_BROWNFIELD_POLICY;
270
+ let raw;
271
+ try {
272
+ raw = fs.readFileSync(resolvedPath, 'utf8');
273
+ }
274
+ catch (err) {
275
+ throw new Error(`policy file not readable: ${resolvedPath} (${err.message})`);
276
+ }
277
+ let parsed;
278
+ try {
279
+ parsed = JSON.parse(raw);
280
+ }
281
+ catch (err) {
282
+ throw new Error(`policy file is not valid JSON: ${resolvedPath} (${err.message})`);
283
+ }
284
+ if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
285
+ throw new Error(`policy file root is not an object: ${resolvedPath}`);
286
+ }
287
+ const obj = parsed;
288
+ return {
289
+ ...exports.DEFAULT_BROWNFIELD_POLICY,
290
+ ...obj,
291
+ confidence: { ...exports.DEFAULT_BROWNFIELD_POLICY.confidence, ...(obj.confidence ?? {}) },
292
+ blockRules: { ...exports.DEFAULT_BROWNFIELD_POLICY.blockRules, ...(obj.blockRules ?? {}) },
293
+ block: obj.block ?? exports.DEFAULT_BROWNFIELD_POLICY.block,
294
+ warn: obj.warn ?? exports.DEFAULT_BROWNFIELD_POLICY.warn,
295
+ addedRequiresChangedLines: obj.addedRequiresChangedLines ?? exports.DEFAULT_BROWNFIELD_POLICY.addedRequiresChangedLines,
296
+ mode: 'brownfield',
297
+ };
298
+ }
299
+ /**
300
+ * Convenience wrapper for callers that don't take a `--policy`
301
+ * override (e.g., `createBaseline`). Loads the conventional file if
302
+ * present; returns defaults otherwise.
303
+ */
304
+ function loadPolicyFromCwd(cwd) {
305
+ return resolvePolicy(undefined, cwd);
306
+ }
206
307
  //# sourceMappingURL=policy.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/baseline/policy.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;AA0KH,4BAuEC;AAkED,kCAMC;AAlPD;;;;;;;;;;;GAWG;AACU,QAAA,yBAAyB,GAAqB,MAAM,CAAC,MAAM,CAAC;IACvE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAiC,CAAC;IAC/D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC;QAClB,mBAAmB;QACnB,gBAAgB;QAChB,eAAe;QACf,cAAc;QACd,WAAW;KACoB,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,IAAI;QACZ,GAAG,EAAE,GAAG;KACT,CAAC;IACF,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,SAAS,EAAE,IAAI;QACf,mBAAmB,EAAE,IAAI;QACzB,eAAe,EAAE,IAAI;QACrB,kCAAkC,EAAE,IAAI;QACxC,uCAAuC,EAAE,IAAI;QAC7C,wBAAwB,EAAE,IAAI;QAC9B,mCAAmC,EAAE,IAAI;KAC1C,CAAC;IACF,yBAAyB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CAC9D,CAAC,CAAC;AA0CH;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,QAAQ,CACtB,IAAe,EACf,SAA2B,iCAAyB,EACpD,UAA2B,EAAE;IAE7B,IAAI,MAAM,GAAkB,IAAI,CAAC,MAAM,CAAC;IACxC,MAAM,OAAO,GAAkB,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAEjD,gDAAgD;IAChD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClC,MAAM,GAAG,eAAe,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,qDAAqD;aAC9D,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACjC,MAAM,GAAG,cAAc,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,mDAAmD;aAC5D,CAAC,CAAC;QACL,CAAC;aAAM,IACL,OAAO,CAAC,IAAI;YACZ,MAAM,CAAC,yBAAyB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YACvD,OAAO,CAAC,oBAAoB,KAAK,KAAK,EACtC,CAAC;YACD,2DAA2D;YAC3D,yDAAyD;YACzD,yDAAyD;YACzD,6DAA6D;YAC7D,4DAA4D;YAC5D,yBAAyB;YACzB,MAAM,GAAG,WAAW,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,8HAA8H;aACtJ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ;YAChC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;YACrC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,GAAG,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EACJ,oBAAoB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACxF,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC,CAAC;YACH,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5E,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,4BAA4B,YAAY,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,YAAY,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE3C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,kBAAkB,CACzB,MAAqB,EACrB,KAA2B,EAC3B,OAAwB;IAExB,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC;IACrE,IAAI,KAAK,CAAC,mBAAmB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5F,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,IACE,KAAK,CAAC,kCAAkC;QACxC,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,UAAU,EAC/B,CAAC;QACD,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,IACE,KAAK,CAAC,uCAAuC;QAC7C,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,MAAM;QAC3B,OAAO,CAAC,SAAS,KAAK,IAAI,EAC1B,CAAC;QACD,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,IACE,KAAK,CAAC,wBAAwB;QAC9B,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,0BAA0B,CAAC;IACpC,CAAC;IACD,IACE,KAAK,CAAC,mCAAmC;QACzC,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC;QACvD,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC;QAChE,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,qCAAqC,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CACzB,KAA+B,EAC/B,SAA2B,iCAAyB,EACpD,aAAmD,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;IAE7D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC"}
1
+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/baseline/policy.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoNH,4BAuEC;AAkED,kCAMC;AAqBD,sCAkCC;AAOD,8CAEC;AAjaD,uCAAyB;AACzB,2CAA6B;AA8G7B;;;;;;;;;;;GAWG;AACU,QAAA,yBAAyB,GAAqB,MAAM,CAAC,MAAM,CAAC;IACvE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAiC,CAAC;IAC/D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC;QAClB,mBAAmB;QACnB,gBAAgB;QAChB,eAAe;QACf,cAAc;QACd,WAAW;KACoB,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,IAAI;QACZ,GAAG,EAAE,GAAG;KACT,CAAC;IACF,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,SAAS,EAAE,IAAI;QACf,mBAAmB,EAAE,IAAI;QACzB,eAAe,EAAE,IAAI;QACrB,kCAAkC,EAAE,IAAI;QACxC,uCAAuC,EAAE,IAAI;QAC7C,wBAAwB,EAAE,IAAI;QAC9B,mCAAmC,EAAE,IAAI;KAC1C,CAAC;IACF,yBAAyB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CAC9D,CAAC,CAAC;AA0CH;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,QAAQ,CACtB,IAAe,EACf,SAA2B,iCAAyB,EACpD,UAA2B,EAAE;IAE7B,IAAI,MAAM,GAAkB,IAAI,CAAC,MAAM,CAAC;IACxC,MAAM,OAAO,GAAkB,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAEjD,gDAAgD;IAChD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClC,MAAM,GAAG,eAAe,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,qDAAqD;aAC9D,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACjC,MAAM,GAAG,cAAc,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,mDAAmD;aAC5D,CAAC,CAAC;QACL,CAAC;aAAM,IACL,OAAO,CAAC,IAAI;YACZ,MAAM,CAAC,yBAAyB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YACvD,OAAO,CAAC,oBAAoB,KAAK,KAAK,EACtC,CAAC;YACD,2DAA2D;YAC3D,yDAAyD;YACzD,yDAAyD;YACzD,6DAA6D;YAC7D,4DAA4D;YAC5D,yBAAyB;YACzB,MAAM,GAAG,WAAW,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,8HAA8H;aACtJ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ;YAChC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;YACrC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,GAAG,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EACJ,oBAAoB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACxF,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC,CAAC;YACH,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5E,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,4BAA4B,YAAY,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,YAAY,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE3C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,kBAAkB,CACzB,MAAqB,EACrB,KAA2B,EAC3B,OAAwB;IAExB,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC;IACrE,IAAI,KAAK,CAAC,mBAAmB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5F,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,IACE,KAAK,CAAC,kCAAkC;QACxC,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,UAAU,EAC/B,CAAC;QACD,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,IACE,KAAK,CAAC,uCAAuC;QAC7C,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,MAAM;QAC3B,OAAO,CAAC,SAAS,KAAK,IAAI,EAC1B,CAAC;QACD,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,IACE,KAAK,CAAC,wBAAwB;QAC9B,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,0BAA0B,CAAC;IACpC,CAAC;IACD,IACE,KAAK,CAAC,mCAAmC;QACzC,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC;QACvD,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC;QAChE,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,qCAAqC,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CACzB,KAA+B,EAC/B,SAA2B,iCAAyB,EACpD,aAAmD,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;IAE7D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;qDACqD;AACxC,QAAA,uBAAuB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AAE1E;;;;;;;;;;;;;;GAcG;AACH,SAAgB,aAAa,CAAC,UAA8B,EAAE,GAAW;IACvE,IAAI,YAAY,GAAuB,UAAU,CAAC;IAClD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,+BAAuB,CAAC,CAAC;QAC7D,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,YAAY,GAAG,YAAY,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,YAAY;QAAE,OAAO,iCAAyB,CAAC;IACpD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,YAAY,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,GAAG,GAAG,MAAmC,CAAC;IAChD,OAAO;QACL,GAAG,iCAAyB;QAC5B,GAAG,GAAG;QACN,UAAU,EAAE,EAAE,GAAG,iCAAyB,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE;QAClF,UAAU,EAAE,EAAE,GAAG,iCAAyB,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE;QAClF,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,iCAAyB,CAAC,KAAK;QACnD,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,iCAAyB,CAAC,IAAI;QAChD,yBAAyB,EACvB,GAAG,CAAC,yBAAyB,IAAI,iCAAyB,CAAC,yBAAyB;QACtF,IAAI,EAAE,YAAY;KACnB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,OAAO,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC"}
@@ -14,7 +14,7 @@
14
14
  * two in sync ensures the per-file identity set sums to the
15
15
  * aggregate count.
16
16
  */
17
- import type { BaselineEntry } from '../types';
17
+ import type { RichBaselineEntry } from '../types';
18
18
  import type { HealthMetrics } from '../../analyzers/types';
19
19
  /** Canonical large-file threshold — file is "too large" at strictly
20
20
  * more than this many lines. Mirror of the constant the generic-
@@ -26,5 +26,5 @@ export declare const LARGE_FILE_THRESHOLD_LINES = 500;
26
26
  * Files with `lines <= threshold` are skipped so the identity set
27
27
  * matches the user-facing aggregate count.
28
28
  */
29
- export declare function largeFilesToBaselineEntries(metrics: HealthMetrics): BaselineEntry[];
29
+ export declare function largeFilesToBaselineEntries(metrics: HealthMetrics): RichBaselineEntry[];
30
30
  //# sourceMappingURL=health.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,aAAa,EAA0B,MAAM,UAAU,CAAC;AACtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;uDAGuD;AACvD,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,EAAE,CAQnF"}
1
+ {"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAA0B,MAAM,UAAU,CAAC;AAC1E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;uDAGuD;AACvD,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,aAAa,GAAG,iBAAiB,EAAE,CAQvF"}
@@ -1 +1 @@
1
- {"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAiBH,kEAQC;AAvBD,0DAAkD;AAIlD;;;uDAGuD;AAC1C,QAAA,0BAA0B,GAAG,GAAG,CAAC;AAE9C;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,OAAsB;IAChE,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,KAAK,IAAI,kCAA0B;YAAE,SAAS;QACpD,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAiBH,kEAQC;AAvBD,0DAAkD;AAIlD;;;uDAGuD;AAC1C,QAAA,0BAA0B,GAAG,GAAG,CAAC;AAE9C;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,OAAsB;IAChE,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,KAAK,IAAI,kCAA0B;YAAE,SAAS;QACpD,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -52,7 +52,8 @@
52
52
  import type { GitleaksRawSecret } from '../../analyzers/tools/gitleaks';
53
53
  import type { AnalysisResult } from '../../analysis-result';
54
54
  import type { TestGapsReport } from '../../analyzers/tests/types';
55
- import type { BaselineEntry } from '../types';
55
+ import type { InlineAllowlistOccurrence } from '../../allowlist/gather';
56
+ import type { BaselineEntry, RichBaselineEntry } from '../types';
56
57
  /** Every discriminant value the `BaselineEntry` union takes. Mirror
57
58
  * of `IdentityInput['kind']` — kept as a separate alias because the
58
59
  * registry contract speaks in terms of stored entries, not the
@@ -101,6 +102,10 @@ export interface ProducerContext {
101
102
  /** Raw secrets gitleaks captured (process-only; never written to
102
103
  * disk; consumed by the secret-HMAC producer). */
103
104
  readonly rawSecrets: ReadonlyArray<GitleaksRawSecret>;
105
+ /** Inline `dxkit-allow:` annotations gathered from source files.
106
+ * Consumed by the stale-allow producer to detect orphaned
107
+ * annotations whose underlying finding is gone. */
108
+ readonly inlineAllowlistAnnotations: ReadonlyArray<InlineAllowlistOccurrence>;
104
109
  }
105
110
  /**
106
111
  * The registry entry shape. A producer self-describes the kinds it
@@ -114,11 +119,12 @@ export interface BaselineProducer {
114
119
  * the union across every producer and asserts it covers every
115
120
  * `IdentityKind` value not in `DEFERRED_KINDS`. */
116
121
  readonly contributes: ReadonlyArray<IdentityKind>;
117
- /** Build `BaselineEntry`s from the shared context. Producers
122
+ /** Build `RichBaselineEntry`s from the shared context. Producers
118
123
  * emit ZERO entries when their upstream data is missing
119
124
  * (analyzer didn't run, envelope absent, etc.) — never throw
120
- * for missing inputs. */
121
- readonly produce: (ctx: ProducerContext) => BaselineEntry[];
125
+ * for missing inputs. Producers always emit the rich shape;
126
+ * sanitization is applied at the write boundary, not here. */
127
+ readonly produce: (ctx: ProducerContext) => RichBaselineEntry[];
122
128
  }
123
129
  /**
124
130
  * Identity kinds declared in `IdentityInput` but not yet wired by
@@ -154,7 +160,7 @@ export declare const PRODUCERS: ReadonlyArray<BaselineProducer>;
154
160
  * for production use; the playbook test calls it with an extended
155
161
  * list to verify synthetic producers flow through.
156
162
  */
157
- export declare function runProducers(ctx: ProducerContext, producers?: ReadonlyArray<BaselineProducer>): BaselineEntry[];
163
+ export declare function runProducers(ctx: ProducerContext, producers?: ReadonlyArray<BaselineProducer>): RichBaselineEntry[];
158
164
  /**
159
165
  * Every kind currently contributed by some producer in `producers`.
160
166
  * Convenience used by the contract test + by the orchestrator for
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAQ9C;;;8BAG8B;AAC9B,MAAM,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC3C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;CAClC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B,0BAA0B;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;yCAEqC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;wCACoC;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;kDAC8C;IAC9C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;;qBAEiB;IACjB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC;uDACmD;IACnD,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;CACvD;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B;4DACwD;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;wDAEoD;IACpD,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD;;;8BAG0B;IAC1B,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,eAAe,KAAK,aAAa,EAAE,CAAC;CAC7D;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,cAAc,EAAE,QAAQ,CACnC,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B1E,CAAC;AAiEH;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,EAAE,aAAa,CAAC,gBAAgB,CAOpD,CAAC;AAEH;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,aAAa,EAAE,CAMjB;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CACxB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,WAAW,CAAC,YAAY,CAAC,CAI3B"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAQjE;;;8BAG8B;AAC9B,MAAM,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC3C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;CAClC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B,0BAA0B;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;yCAEqC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;wCACoC;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;kDAC8C;IAC9C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;;qBAEiB;IACjB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC;uDACmD;IACnD,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD;;wDAEoD;IACpD,QAAQ,CAAC,0BAA0B,EAAE,aAAa,CAAC,yBAAyB,CAAC,CAAC;CAC/E;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B;4DACwD;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;wDAEoD;IACpD,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD;;;;mEAI+D;IAC/D,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,eAAe,KAAK,iBAAiB,EAAE,CAAC;CACjE;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,cAAc,EAAE,QAAQ,CACnC,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B1E,CAAC;AAoEH;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,EAAE,aAAa,CAAC,gBAAgB,CAOpD,CAAC;AAEH;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,iBAAiB,EAAE,CAMrB;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CACxB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,WAAW,CAAC,YAAY,CAAC,CAI3B"}
@@ -55,10 +55,10 @@ exports.PRODUCERS = exports.DEFERRED_KINDS = void 0;
55
55
  exports.runProducers = runProducers;
56
56
  exports.wiredKinds = wiredKinds;
57
57
  const health_1 = require("./health");
58
- const licenses_1 = require("./licenses");
59
58
  const quality_1 = require("./quality");
60
59
  const secret_hmac_1 = require("./secret-hmac");
61
60
  const security_1 = require("./security");
61
+ const stale_allow_1 = require("./stale-allow");
62
62
  const tests_1 = require("./tests");
63
63
  /**
64
64
  * Identity kinds declared in `IdentityInput` but not yet wired by
@@ -141,13 +141,6 @@ const HEALTH_PRODUCER = {
141
141
  return (0, health_1.largeFilesToBaselineEntries)(ctx.analysisResult.metrics);
142
142
  },
143
143
  };
144
- const LICENSES_PRODUCER = {
145
- name: 'licenses',
146
- contributes: ['license'],
147
- produce(ctx) {
148
- return (0, licenses_1.licensesToBaselineEntries)(ctx.analysisResult.capabilities.licenses);
149
- },
150
- };
151
144
  const TESTS_PRODUCER = {
152
145
  name: 'tests',
153
146
  contributes: ['test-gap', 'test-file-degradation'],
@@ -155,6 +148,16 @@ const TESTS_PRODUCER = {
155
148
  return (0, tests_1.testGapsToBaselineEntries)(ctx.testGapsReport);
156
149
  },
157
150
  };
151
+ const STALE_ALLOW_PRODUCER = {
152
+ name: 'stale-allow',
153
+ contributes: ['stale-allow'],
154
+ produce(ctx) {
155
+ return (0, stale_allow_1.staleAllowToBaselineEntries)({
156
+ annotations: ctx.inlineAllowlistAnnotations,
157
+ aggregate: ctx.analysisResult.capabilities.securityAggregate ?? null,
158
+ });
159
+ },
160
+ };
158
161
  /**
159
162
  * The canonical producer list. Order is preserved in baseline-file
160
163
  * output for deterministic diffs; adding a new producer appends
@@ -169,8 +172,8 @@ exports.PRODUCERS = Object.freeze([
169
172
  SECRET_HMAC_PRODUCER,
170
173
  QUALITY_PRODUCER,
171
174
  HEALTH_PRODUCER,
172
- LICENSES_PRODUCER,
173
175
  TESTS_PRODUCER,
176
+ STALE_ALLOW_PRODUCER,
174
177
  ]);
175
178
  /**
176
179
  * Run every producer in `producers` against the shared context and
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;;;AAuNH,oCASC;AAOD,gCAMC;AAvOD,qCAAuD;AACvD,yCAAuD;AACvD,uCAAsF;AACtF,+CAA4D;AAC5D,yCAAgE;AAChE,mCAAoD;AAyEpD;;;;;;;;;;;;;GAaG;AACU,QAAA,cAAc,GAEvB,MAAM,CAAC,MAAM,CAAC;IAChB,UAAU,EAAE;QACV,MAAM,EACJ,6EAA6E;YAC7E,kEAAkE;YAClE,gFAAgF;QAClF,YAAY,EAAE,gDAAgD;KAC/D;IACD,OAAO,EAAE;QACP,MAAM,EACJ,6EAA6E;YAC7E,+EAA+E;YAC/E,iEAAiE;YACjE,+EAA+E;QACjF,YAAY,EAAE,6BAA6B;KAC5C;IACD,cAAc,EAAE;QACd,MAAM,EACJ,yEAAyE;YACzE,uEAAuE;YACvE,yEAAyE;YACzE,6CAA6C;YAC7C,2EAA2E;YAC3E,uEAAuE;QACzE,YAAY,EAAE,uCAAuC;KACtD;CACF,CAAC,CAAC;AAEH,6EAA6E;AAC7E,mEAAmE;AACnE,qEAAqE;AACrE,mEAAmE;AACnE,iEAAiE;AACjE,aAAa;AAEb,MAAM,iBAAiB,GAAqB;IAC1C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC;IACrD,OAAO,CAAC,GAAG;QACT,MAAM,SAAS,GAAG,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;QACpE,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAC1B,OAAO,IAAA,6CAAkC,EAAC,SAAS,EAAE;YACnD,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAqB;IAC7C,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,yCAA2B,EAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrF,CAAC;CACF,CAAC;AAEF,MAAM,gBAAgB,GAAqB;IACzC,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC;IAC1C,OAAO,CAAC,GAAG;QACT,OAAO;YACL,GAAG,IAAA,sCAA4B,EAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,WAAW,CAAC;YAC5E,GAAG,IAAA,qCAA2B,EAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;SACvD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAqB;IACxC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,oCAA2B,EAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjE,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAqB;IAC1C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,SAAS,CAAC;IACxB,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,oCAAyB,EAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC7E,CAAC;CACF,CAAC;AAEF,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,OAAO;IACb,WAAW,EAAE,CAAC,UAAU,EAAE,uBAAuB,CAAC;IAClD,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,iCAAyB,EAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACvD,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACU,QAAA,SAAS,GAAoC,MAAM,CAAC,MAAM,CAAC;IACtE,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,eAAe;IACf,iBAAiB;IACjB,cAAc;CACf,CAAC,CAAC;AAEH;;;;;GAKG;AACH,SAAgB,YAAY,CAC1B,GAAoB,EACpB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CACxB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,SAAS;QAAE,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;;;AAgOH,oCASC;AAOD,gCAMC;AA/OD,qCAAuD;AACvD,uCAAsF;AACtF,+CAA4D;AAC5D,yCAAgE;AAChE,+CAA4D;AAC5D,mCAAoD;AA8EpD;;;;;;;;;;;;;GAaG;AACU,QAAA,cAAc,GAEvB,MAAM,CAAC,MAAM,CAAC;IAChB,UAAU,EAAE;QACV,MAAM,EACJ,6EAA6E;YAC7E,kEAAkE;YAClE,gFAAgF;QAClF,YAAY,EAAE,gDAAgD;KAC/D;IACD,OAAO,EAAE;QACP,MAAM,EACJ,6EAA6E;YAC7E,+EAA+E;YAC/E,iEAAiE;YACjE,+EAA+E;QACjF,YAAY,EAAE,6BAA6B;KAC5C;IACD,cAAc,EAAE;QACd,MAAM,EACJ,yEAAyE;YACzE,uEAAuE;YACvE,yEAAyE;YACzE,6CAA6C;YAC7C,2EAA2E;YAC3E,uEAAuE;QACzE,YAAY,EAAE,uCAAuC;KACtD;CACF,CAAC,CAAC;AAEH,6EAA6E;AAC7E,mEAAmE;AACnE,qEAAqE;AACrE,mEAAmE;AACnE,iEAAiE;AACjE,aAAa;AAEb,MAAM,iBAAiB,GAAqB;IAC1C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC;IACrD,OAAO,CAAC,GAAG;QACT,MAAM,SAAS,GAAG,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;QACpE,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAC1B,OAAO,IAAA,6CAAkC,EAAC,SAAS,EAAE;YACnD,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAqB;IAC7C,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,yCAA2B,EAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrF,CAAC;CACF,CAAC;AAEF,MAAM,gBAAgB,GAAqB;IACzC,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC;IAC1C,OAAO,CAAC,GAAG;QACT,OAAO;YACL,GAAG,IAAA,sCAA4B,EAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,WAAW,CAAC;YAC5E,GAAG,IAAA,qCAA2B,EAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;SACvD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAqB;IACxC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,oCAA2B,EAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjE,CAAC;CACF,CAAC;AAEF,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,OAAO;IACb,WAAW,EAAE,CAAC,UAAU,EAAE,uBAAuB,CAAC;IAClD,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,iCAAyB,EAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACvD,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAqB;IAC7C,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,yCAA2B,EAAC;YACjC,WAAW,EAAE,GAAG,CAAC,0BAA0B;YAC3C,SAAS,EAAE,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,IAAI,IAAI;SACrE,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACU,QAAA,SAAS,GAAoC,MAAM,CAAC,MAAM,CAAC;IACtE,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,eAAe;IACf,cAAc;IACd,oBAAoB;CACrB,CAAC,CAAC;AAEH;;;;;GAKG;AACH,SAAgB,YAAY,CAC1B,GAAoB,EACpB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CACxB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,SAAS;QAAE,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -26,14 +26,14 @@
26
26
  * kind) require extending `gatherHygieneMarkers` to emit
27
27
  * positions, not just counts. Pending in a follow-up commit.
28
28
  */
29
- import type { BaselineEntry } from '../types';
29
+ import type { RichBaselineEntry } from '../types';
30
30
  import type { DuplicationResult } from '../../languages/capabilities/types';
31
31
  /** Build `duplication` entries from a jscpd-style envelope. */
32
- export declare function duplicationToBaselineEntries(duplication: DuplicationResult | undefined): BaselineEntry[];
32
+ export declare function duplicationToBaselineEntries(duplication: DuplicationResult | undefined): RichBaselineEntry[];
33
33
  /**
34
34
  * Build `stale-file` entries from a list of repo-relative paths.
35
35
  * Files with a suffix outside the canonical stale set are skipped
36
36
  * (defensive — the caller's gather should already have filtered).
37
37
  */
38
- export declare function staleFilesToBaselineEntries(staleFiles: ReadonlyArray<string>): BaselineEntry[];
38
+ export declare function staleFilesToBaselineEntries(staleFiles: ReadonlyArray<string>): RichBaselineEntry[];
39
39
  //# sourceMappingURL=quality.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"quality.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAoD,MAAM,UAAU,CAAC;AAChG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAQ5E,+DAA+D;AAC/D,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,iBAAiB,GAAG,SAAS,GACzC,aAAa,EAAE,CAuBjB;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,aAAa,EAAE,CAW9F"}
1
+ {"version":3,"file":"quality.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAoD,MAAM,UAAU,CAAC;AACpG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAQ5E,+DAA+D;AAC/D,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,iBAAiB,GAAG,SAAS,GACzC,iBAAiB,EAAE,CAuBrB;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CACzC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,GAChC,iBAAiB,EAAE,CAWrB"}
@@ -1 +1 @@
1
- {"version":3,"file":"quality.js","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;AAaH,oEAyBC;AAOD,kEAWC;AAtDD,0DAAkD;AAIlD;;;gBAGgB;AAChB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnF,+DAA+D;AAC/D,SAAgB,4BAA4B,CAC1C,WAA0C;IAE1C,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,GAA6B;YACtC,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC;QACF,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,UAAiC;IAC3E,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,CAAC;YAAE,SAAS;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAC1C,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"quality.js","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;AAaH,oEAyBC;AAOD,kEAaC;AAxDD,0DAAkD;AAIlD;;;gBAGgB;AAChB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnF,+DAA+D;AAC/D,SAAgB,4BAA4B,CAC1C,WAA0C;IAE1C,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,GAA6B;YACtC,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC;QACF,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,2BAA2B,CACzC,UAAiC;IAEjC,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,CAAC;YAAE,SAAS;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAC1C,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -21,7 +21,7 @@
21
21
  * value, so the HMAC machinery stays out of the public envelope.
22
22
  */
23
23
  import type { GitleaksRawSecret } from '../../analyzers/tools/gitleaks';
24
- import type { BaselineEntry } from '../types';
24
+ import type { RichBaselineEntry } from '../types';
25
25
  export interface SecretHmacProducerInput {
26
26
  /** Raw secrets from `gatherGitleaksResult(cwd).rawSecrets`. */
27
27
  readonly rawSecrets: ReadonlyArray<GitleaksRawSecret>;
@@ -41,5 +41,5 @@ export interface SecretHmacProducerInput {
41
41
  * etc.) would add their own producer; the canonical-rule mapping
42
42
  * collapses cross-tool overlaps inside `identityFor`.
43
43
  */
44
- export declare function rawSecretsToBaselineEntries(input: SecretHmacProducerInput): BaselineEntry[];
44
+ export declare function rawSecretsToBaselineEntries(input: SecretHmacProducerInput): RichBaselineEntry[];
45
45
  //# sourceMappingURL=secret-hmac.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"secret-hmac.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/secret-hmac.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAExE,OAAO,KAAK,EAAE,aAAa,EAA2B,MAAM,UAAU,CAAC;AAEvE,MAAM,WAAW,uBAAuB;IACtC,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD;;;iDAG6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,uBAAuB,GAAG,aAAa,EAAE,CA6B3F"}
1
+ {"version":3,"file":"secret-hmac.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/secret-hmac.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAExE,OAAO,KAAK,EAAE,iBAAiB,EAA2B,MAAM,UAAU,CAAC;AAE3E,MAAM,WAAW,uBAAuB;IACtC,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD;;;iDAG6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,uBAAuB,GAAG,iBAAiB,EAAE,CA6B/F"}