@vyuhlabs/dxkit 2.5.2 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (146) hide show
  1. package/CHANGELOG.md +164 -0
  2. package/README.md +102 -0
  3. package/dist/allowlist/categories.d.ts +120 -0
  4. package/dist/allowlist/categories.d.ts.map +1 -0
  5. package/dist/allowlist/categories.js +194 -0
  6. package/dist/allowlist/categories.js.map +1 -0
  7. package/dist/allowlist/cli.d.ts +95 -0
  8. package/dist/allowlist/cli.d.ts.map +1 -0
  9. package/dist/allowlist/cli.js +454 -0
  10. package/dist/allowlist/cli.js.map +1 -0
  11. package/dist/allowlist/diff.d.ts +67 -0
  12. package/dist/allowlist/diff.d.ts.map +1 -0
  13. package/dist/allowlist/diff.js +147 -0
  14. package/dist/allowlist/diff.js.map +1 -0
  15. package/dist/allowlist/file.d.ts +249 -0
  16. package/dist/allowlist/file.d.ts.map +1 -0
  17. package/dist/allowlist/file.js +497 -0
  18. package/dist/allowlist/file.js.map +1 -0
  19. package/dist/allowlist/gather.d.ts +61 -0
  20. package/dist/allowlist/gather.d.ts.map +1 -0
  21. package/dist/allowlist/gather.js +143 -0
  22. package/dist/allowlist/gather.js.map +1 -0
  23. package/dist/allowlist/hint.d.ts +80 -0
  24. package/dist/allowlist/hint.d.ts.map +1 -0
  25. package/dist/allowlist/hint.js +271 -0
  26. package/dist/allowlist/hint.js.map +1 -0
  27. package/dist/allowlist/inline.d.ts +149 -0
  28. package/dist/allowlist/inline.d.ts.map +1 -0
  29. package/dist/allowlist/inline.js +306 -0
  30. package/dist/allowlist/inline.js.map +1 -0
  31. package/dist/baseline/baseline-file.d.ts +7 -0
  32. package/dist/baseline/baseline-file.d.ts.map +1 -1
  33. package/dist/baseline/baseline-file.js +22 -1
  34. package/dist/baseline/baseline-file.js.map +1 -1
  35. package/dist/baseline/check-renderers.d.ts +13 -1
  36. package/dist/baseline/check-renderers.d.ts.map +1 -1
  37. package/dist/baseline/check-renderers.js +67 -1
  38. package/dist/baseline/check-renderers.js.map +1 -1
  39. package/dist/baseline/check.d.ts +33 -7
  40. package/dist/baseline/check.d.ts.map +1 -1
  41. package/dist/baseline/check.js +90 -64
  42. package/dist/baseline/check.js.map +1 -1
  43. package/dist/baseline/create.d.ts +35 -7
  44. package/dist/baseline/create.d.ts.map +1 -1
  45. package/dist/baseline/create.js +43 -5
  46. package/dist/baseline/create.js.map +1 -1
  47. package/dist/baseline/entry-to-located.d.ts +6 -1
  48. package/dist/baseline/entry-to-located.d.ts.map +1 -1
  49. package/dist/baseline/entry-to-located.js +20 -2
  50. package/dist/baseline/entry-to-located.js.map +1 -1
  51. package/dist/baseline/finding-identity.d.ts.map +1 -1
  52. package/dist/baseline/finding-identity.js +15 -13
  53. package/dist/baseline/finding-identity.js.map +1 -1
  54. package/dist/baseline/modes.d.ts +140 -0
  55. package/dist/baseline/modes.d.ts.map +1 -0
  56. package/dist/baseline/modes.js +179 -0
  57. package/dist/baseline/modes.js.map +1 -0
  58. package/dist/baseline/policy.d.ts +64 -0
  59. package/dist/baseline/policy.d.ts.map +1 -1
  60. package/dist/baseline/policy.js +102 -1
  61. package/dist/baseline/policy.js.map +1 -1
  62. package/dist/baseline/producers/health.d.ts +2 -2
  63. package/dist/baseline/producers/health.d.ts.map +1 -1
  64. package/dist/baseline/producers/health.js.map +1 -1
  65. package/dist/baseline/producers/index.d.ts +11 -5
  66. package/dist/baseline/producers/index.d.ts.map +1 -1
  67. package/dist/baseline/producers/index.js +12 -9
  68. package/dist/baseline/producers/index.js.map +1 -1
  69. package/dist/baseline/producers/quality.d.ts +3 -3
  70. package/dist/baseline/producers/quality.d.ts.map +1 -1
  71. package/dist/baseline/producers/quality.js.map +1 -1
  72. package/dist/baseline/producers/secret-hmac.d.ts +2 -2
  73. package/dist/baseline/producers/secret-hmac.d.ts.map +1 -1
  74. package/dist/baseline/producers/secret-hmac.js.map +1 -1
  75. package/dist/baseline/producers/security.d.ts +2 -2
  76. package/dist/baseline/producers/security.d.ts.map +1 -1
  77. package/dist/baseline/producers/security.js.map +1 -1
  78. package/dist/baseline/producers/stale-allow.d.ts +70 -0
  79. package/dist/baseline/producers/stale-allow.d.ts.map +1 -0
  80. package/dist/baseline/producers/stale-allow.js +111 -0
  81. package/dist/baseline/producers/stale-allow.js.map +1 -0
  82. package/dist/baseline/producers/tests.d.ts +2 -2
  83. package/dist/baseline/producers/tests.d.ts.map +1 -1
  84. package/dist/baseline/producers/tests.js.map +1 -1
  85. package/dist/baseline/ref-baseline.d.ts +114 -0
  86. package/dist/baseline/ref-baseline.d.ts.map +1 -0
  87. package/dist/baseline/ref-baseline.js +260 -0
  88. package/dist/baseline/ref-baseline.js.map +1 -0
  89. package/dist/baseline/sanitize.d.ts +80 -0
  90. package/dist/baseline/sanitize.d.ts.map +1 -0
  91. package/dist/baseline/sanitize.js +91 -0
  92. package/dist/baseline/sanitize.js.map +1 -0
  93. package/dist/baseline/show.d.ts.map +1 -1
  94. package/dist/baseline/show.js +9 -3
  95. package/dist/baseline/show.js.map +1 -1
  96. package/dist/baseline/types.d.ts +73 -26
  97. package/dist/baseline/types.d.ts.map +1 -1
  98. package/dist/baseline/types.js +7 -1
  99. package/dist/baseline/types.js.map +1 -1
  100. package/dist/baseline/visibility.d.ts +61 -0
  101. package/dist/baseline/visibility.d.ts.map +1 -0
  102. package/dist/baseline/visibility.js +121 -0
  103. package/dist/baseline/visibility.js.map +1 -0
  104. package/dist/cli.d.ts.map +1 -1
  105. package/dist/cli.js +88 -3
  106. package/dist/cli.js.map +1 -1
  107. package/dist/doctor.d.ts.map +1 -1
  108. package/dist/doctor.js +106 -16
  109. package/dist/doctor.js.map +1 -1
  110. package/dist/issue-cli.d.ts +62 -0
  111. package/dist/issue-cli.d.ts.map +1 -0
  112. package/dist/issue-cli.js +252 -0
  113. package/dist/issue-cli.js.map +1 -0
  114. package/dist/languages/csharp.d.ts.map +1 -1
  115. package/dist/languages/csharp.js +1 -0
  116. package/dist/languages/csharp.js.map +1 -1
  117. package/dist/languages/go.d.ts.map +1 -1
  118. package/dist/languages/go.js +1 -0
  119. package/dist/languages/go.js.map +1 -1
  120. package/dist/languages/java.d.ts.map +1 -1
  121. package/dist/languages/java.js +1 -0
  122. package/dist/languages/java.js.map +1 -1
  123. package/dist/languages/kotlin.d.ts.map +1 -1
  124. package/dist/languages/kotlin.js +1 -0
  125. package/dist/languages/kotlin.js.map +1 -1
  126. package/dist/languages/python.d.ts.map +1 -1
  127. package/dist/languages/python.js +1 -0
  128. package/dist/languages/python.js.map +1 -1
  129. package/dist/languages/ruby.d.ts.map +1 -1
  130. package/dist/languages/ruby.js +1 -0
  131. package/dist/languages/ruby.js.map +1 -1
  132. package/dist/languages/rust.d.ts.map +1 -1
  133. package/dist/languages/rust.js +1 -0
  134. package/dist/languages/rust.js.map +1 -1
  135. package/dist/languages/types.d.ts +25 -0
  136. package/dist/languages/types.d.ts.map +1 -1
  137. package/dist/languages/typescript.d.ts.map +1 -1
  138. package/dist/languages/typescript.js +1 -0
  139. package/dist/languages/typescript.js.map +1 -1
  140. package/package.json +1 -1
  141. package/templates/.claude/skills/dxkit-action/SKILL.md +105 -11
  142. package/templates/.claude/skills/dxkit-onboard/SKILL.md +31 -3
  143. package/dist/baseline/producers/licenses.d.ts +0 -23
  144. package/dist/baseline/producers/licenses.d.ts.map +0 -1
  145. package/dist/baseline/producers/licenses.js +0 -46
  146. package/dist/baseline/producers/licenses.js.map +0 -1
@@ -25,8 +25,8 @@
25
25
  * 5. Run the brownfield policy classifier over every pair.
26
26
  * 6. Optionally filter via `--changed-only`: drop pairs whose
27
27
  * locator falls outside the diff. Non-locator pairs (dep-vuln,
28
- * license, duplication, etc.) are always kept — their
29
- * "semantic" identity doesn't map cleanly to changed lines.
28
+ * duplication, etc.) are always kept — their "semantic"
29
+ * identity doesn't map cleanly to changed lines.
30
30
  * 7. Compose a `GuardrailCheckResult` with a deterministic
31
31
  * blocks/warns verdict so the CLI can pick exit code + render.
32
32
  *
@@ -37,8 +37,10 @@
37
37
  */
38
38
  import type { CurrentScan } from './create';
39
39
  import type { BaselineFile } from './baseline-file';
40
+ import type { ResolvedMode } from './modes';
40
41
  import type { BrownfieldPolicy, ClassifyResult } from './policy';
41
42
  import type { BaselineEntry, FindingSeverity, MatchPair, MatchResult } from './types';
43
+ import { type AllowlistDelta } from '../allowlist/diff';
42
44
  export interface RunGuardrailCheckOptions {
43
45
  /** Repo root being checked. Caller should pass an absolute path. */
44
46
  readonly cwd: string;
@@ -50,8 +52,8 @@ export interface RunGuardrailCheckOptions {
50
52
  * directory (e.g. an artifact downloaded from CI). */
51
53
  readonly baselinePath?: string;
52
54
  /** When true, drop pairs whose locator falls outside the diff.
53
- * Non-locator findings (dep-vuln, license, duplication, etc.) are
54
- * always kept. */
55
+ * Non-locator findings (dep-vuln, duplication, etc.) are always
56
+ * kept. */
55
57
  readonly changedOnly?: boolean;
56
58
  /** Path to a `.dxkit/policy.json` override. The on-disk shape
57
59
  * matches `BrownfieldPolicy` (modulo readonly markers); unknown
@@ -62,6 +64,17 @@ export interface RunGuardrailCheckOptions {
62
64
  readonly policyPath?: string;
63
65
  /** Forwarded to the underlying analyzers for per-tool timing logs. */
64
66
  readonly verbose?: boolean;
67
+ /** Pre-resolved baseline mode. When supplied, the orchestrator
68
+ * skips its own resolution. Callers wanting deterministic
69
+ * behavior (tests, agents) pass this. */
70
+ readonly resolvedMode?: ResolvedMode;
71
+ /** Explicit CLI flag value for the mode (`--mode=<X>`). Forwarded
72
+ * to `resolveBaselineMode`. Ignored when `resolvedMode` is
73
+ * supplied. */
74
+ readonly cliMode?: ResolvedMode['mode'];
75
+ /** Explicit CLI flag value for the ref (`--ref=<R>`). Only
76
+ * consulted when the resolved mode is `ref-based`. */
77
+ readonly cliRef?: string;
65
78
  }
66
79
  /**
67
80
  * Per-pair entry the CLI renderers consume. Carries the raw
@@ -84,8 +97,8 @@ export interface ClassifiedPair {
84
97
  readonly line?: number;
85
98
  /** True when the anchor entry's line falls inside the diff
86
99
  * between baseline and HEAD. Undefined when the pair has no
87
- * line locator (dep-vuln, license, etc.) or when git history
88
- * isn't reachable. Drives `--changed-only` filtering and the
100
+ * line locator (dep-vuln, etc.) or when git history isn't
101
+ * reachable. Drives `--changed-only` filtering and the
89
102
  * `newSevereQualityIssueInChangedFiles` / `newUntestedChangedSource`
90
103
  * block rules. */
91
104
  readonly overlapsChangedLines?: boolean;
@@ -104,7 +117,14 @@ export interface EnvelopeDrift {
104
117
  }>;
105
118
  }
106
119
  export interface GuardrailCheckResult {
107
- readonly baselinePath: string;
120
+ /** Pre-resolved baseline mode (which path produced `baseline`).
121
+ * Carries the audit trail (CLI / policy / auto-detect) so the
122
+ * CLI surface can log WHY the mode was picked. */
123
+ readonly mode: ResolvedMode;
124
+ /** On-disk path of the baseline file, or undefined when mode is
125
+ * `ref-based` (the prior side was computed from a git ref, not
126
+ * read from a committed file). */
127
+ readonly baselinePath?: string;
108
128
  readonly baseline: BaselineFile;
109
129
  readonly current: CurrentScan;
110
130
  readonly matchResult: MatchResult;
@@ -117,6 +137,12 @@ export interface GuardrailCheckResult {
117
137
  /** True when at least one pair warns. Informational; doesn't
118
138
  * affect exit code by itself. */
119
139
  readonly warns: boolean;
140
+ /** Allowlist entries added / removed between the baseline's
141
+ * commit SHA and the current working tree. Renderers (the PR
142
+ * comment markdown in particular) surface this so reviewers
143
+ * see new suppressions being introduced. Absent when the
144
+ * baseline SHA wasn't reachable to diff against. */
145
+ readonly allowlistDelta: AllowlistDelta;
120
146
  }
121
147
  /**
122
148
  * Run the guardrail-check pipeline. Pure-orchestrator: loads the
@@ -1 +1 @@
1
- {"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAE5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAClF,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAGjG,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;2DAEuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;uBAEmB;IACnB,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;0CAKsC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;uBAKmB;IACnB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,6DAA6D;IAC7D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7C,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;+BAC2B;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB;sCACkC;IAClC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;CACzB;AAoBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,oBAAoB,CAAC,CA+H/B"}
1
+ {"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAO5C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAKpD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAAE,gBAAgB,EAAmB,cAAc,EAAE,MAAM,UAAU,CAAC;AAGlF,OAAO,KAAK,EAAE,aAAa,EAAa,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEjG,OAAO,EAAyB,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE/E,MAAM,WAAW,wBAAwB;IACvC,oEAAoE;IACpE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;2DAEuD;IACvD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;gBAEY;IACZ,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC;IAC/B;;;;;0CAKsC;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,sEAAsE;IACtE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;8CAE0C;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC;;oBAEgB;IAChB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC;2DACuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;mEAC+D;IAC/D,QAAQ,CAAC,QAAQ,CAAC,EAAE,eAAe,CAAC;IACpC;gCAC4B;IAC5B,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC;mCAC+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;uBAKmB;IACnB,QAAQ,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,6DAA6D;IAC7D,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC;QACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;KAC7C,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,oBAAoB;IACnC;;uDAEmD;IACnD,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B;;uCAEmC;IACnC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC;+BAC2B;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB;sCACkC;IAClC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB;;;;yDAIqD;IACrD,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;CACzC;AAwBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,wBAAwB,GAChC,OAAO,CAAC,oBAAoB,CAAC,CA+I/B"}
@@ -26,8 +26,8 @@
26
26
  * 5. Run the brownfield policy classifier over every pair.
27
27
  * 6. Optionally filter via `--changed-only`: drop pairs whose
28
28
  * locator falls outside the diff. Non-locator pairs (dep-vuln,
29
- * license, duplication, etc.) are always kept — their
30
- * "semantic" identity doesn't map cleanly to changed lines.
29
+ * duplication, etc.) are always kept — their "semantic"
30
+ * identity doesn't map cleanly to changed lines.
31
31
  * 7. Compose a `GuardrailCheckResult` with a deterministic
32
32
  * blocks/warns verdict so the CLI can pick exit code + render.
33
33
  *
@@ -78,7 +78,11 @@ const create_1 = require("./create");
78
78
  const baseline_file_1 = require("./baseline-file");
79
79
  const entry_to_located_1 = require("./entry-to-located");
80
80
  const git_aware_match_1 = require("./git-aware-match");
81
+ const modes_1 = require("./modes");
81
82
  const policy_1 = require("./policy");
83
+ const ref_baseline_1 = require("./ref-baseline");
84
+ const sanitize_1 = require("./sanitize");
85
+ const diff_1 = require("../allowlist/diff");
82
86
  const KIND_DEFAULT_SEVERITY = Object.freeze({
83
87
  secret: 'high',
84
88
  code: 'medium',
@@ -88,12 +92,16 @@ const KIND_DEFAULT_SEVERITY = Object.freeze({
88
92
  'coverage-gap': 'medium',
89
93
  'test-gap': 'medium',
90
94
  hygiene: 'low',
91
- license: 'low',
92
95
  'test-file-degradation': 'medium',
93
96
  'god-file': 'medium',
94
97
  'stale-file': 'low',
95
98
  'large-file': 'medium',
96
99
  'secret-hmac': 'high',
100
+ // Stale-allow is a self-detected dxkit hygiene finding (orphaned
101
+ // allowlist annotation). Low severity — it's a maintenance signal,
102
+ // not an active risk; the underlying suppressed finding is already
103
+ // gone.
104
+ 'stale-allow': 'low',
97
105
  });
98
106
  /**
99
107
  * Run the guardrail-check pipeline. Pure-orchestrator: loads the
@@ -102,13 +110,21 @@ const KIND_DEFAULT_SEVERITY = Object.freeze({
102
110
  */
103
111
  async function runGuardrailCheck(options) {
104
112
  const cwd = path.resolve(options.cwd);
105
- const baselinePath = options.baselinePath ?? (0, baseline_file_1.pathForBaseline)(cwd, options.name ?? baseline_file_1.DEFAULT_BASELINE_NAME);
106
- if (!fs.existsSync(baselinePath)) {
107
- throw new Error(`baseline file not found: ${baselinePath}. ` +
108
- `Run \`vyuh-dxkit baseline create\` first to capture today's state.`);
109
- }
110
- const baseline = (0, baseline_file_1.readBaselineFile)(baselinePath);
111
- const policy = resolvePolicy(options.policyPath, cwd);
113
+ const policy = (0, policy_1.resolvePolicy)(options.policyPath, cwd);
114
+ const mode = options.resolvedMode ??
115
+ (0, modes_1.resolveBaselineMode)({
116
+ cwd,
117
+ cliMode: options.cliMode,
118
+ cliRef: options.cliRef,
119
+ policyMode: policy.baseline?.mode,
120
+ policyRef: policy.baseline?.ref,
121
+ });
122
+ // Load the prior side. Committed modes read from the baseline
123
+ // file on disk; ref-based mode recomputes prior state by checking
124
+ // out a git ref into a temporary worktree. Both paths produce a
125
+ // `BaselineFile`-shaped value so the matcher / classifier
126
+ // downstream stay mode-agnostic.
127
+ const { baseline, baselinePath } = await loadPriorSide(cwd, mode, options);
112
128
  const current = await (0, create_1.gatherCurrentScan)({ cwd, verbose: options.verbose });
113
129
  const priorLocated = (0, entry_to_located_1.entriesToLocated)(baseline.findings);
114
130
  const currentLocated = (0, entry_to_located_1.entriesToLocated)(current.findings);
@@ -199,8 +215,15 @@ async function runGuardrailCheck(options) {
199
215
  if (p.classification.warns)
200
216
  filteredWarns = true;
201
217
  }
218
+ // Allowlist delta between the baseline's anchor SHA and the
219
+ // current working tree. Surfaced in the markdown renderer so
220
+ // PR reviewers see new suppressions being introduced; absent /
221
+ // degenerate when the SHA isn't reachable (shallow clone, etc.)
222
+ // and the renderer treats that as "delta unavailable."
223
+ const allowlistDelta = (0, diff_1.computeAllowlistDelta)(cwd, baseline.repo.commitSha);
202
224
  return {
203
- baselinePath,
225
+ mode,
226
+ ...(baselinePath !== undefined ? { baselinePath } : {}),
204
227
  baseline,
205
228
  current,
206
229
  matchResult,
@@ -209,57 +232,11 @@ async function runGuardrailCheck(options) {
209
232
  policy,
210
233
  blocks: options.changedOnly ? filteredBlocks : blocks,
211
234
  warns: options.changedOnly ? filteredWarns : warns,
235
+ allowlistDelta,
212
236
  };
213
237
  }
214
- /** Conventional location for a per-repo brownfield policy. Loaded
215
- * automatically when present; can be overridden with `--policy`. */
216
- const DEFAULT_POLICY_FILENAME = path.join('.dxkit', 'policy.json');
217
- function resolvePolicy(policyPath, cwd) {
218
- // Resolution order:
219
- // 1. `--policy <path>` flag (explicit; errors if unreadable)
220
- // 2. `<cwd>/.dxkit/policy.json` (conventional; silently skipped
221
- // when absent so consumers without a policy use the defaults)
222
- // 3. DEFAULT_BROWNFIELD_POLICY (compiled-in defaults)
223
- let resolvedPath = policyPath;
224
- if (!resolvedPath) {
225
- const conventional = path.join(cwd, DEFAULT_POLICY_FILENAME);
226
- if (fs.existsSync(conventional))
227
- resolvedPath = conventional;
228
- }
229
- if (!resolvedPath)
230
- return policy_1.DEFAULT_BROWNFIELD_POLICY;
231
- let raw;
232
- try {
233
- raw = fs.readFileSync(resolvedPath, 'utf8');
234
- }
235
- catch (err) {
236
- throw new Error(`policy file not readable: ${resolvedPath} (${err.message})`);
237
- }
238
- let parsed;
239
- try {
240
- parsed = JSON.parse(raw);
241
- }
242
- catch (err) {
243
- throw new Error(`policy file is not valid JSON: ${resolvedPath} (${err.message})`);
244
- }
245
- if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
246
- throw new Error(`policy file root is not an object: ${resolvedPath}`);
247
- }
248
- // Shallow merge over the default. Per-field overrides win; unknown
249
- // fields are preserved (the classifier reads only the fields it
250
- // knows so unknowns are harmless).
251
- const obj = parsed;
252
- return {
253
- ...policy_1.DEFAULT_BROWNFIELD_POLICY,
254
- ...obj,
255
- confidence: { ...policy_1.DEFAULT_BROWNFIELD_POLICY.confidence, ...(obj.confidence ?? {}) },
256
- blockRules: { ...policy_1.DEFAULT_BROWNFIELD_POLICY.blockRules, ...(obj.blockRules ?? {}) },
257
- block: obj.block ?? policy_1.DEFAULT_BROWNFIELD_POLICY.block,
258
- warn: obj.warn ?? policy_1.DEFAULT_BROWNFIELD_POLICY.warn,
259
- addedRequiresChangedLines: obj.addedRequiresChangedLines ?? policy_1.DEFAULT_BROWNFIELD_POLICY.addedRequiresChangedLines,
260
- mode: 'brownfield',
261
- };
262
- }
238
+ // `resolvePolicy` moved to `./policy.ts` so `createBaseline` and
239
+ // `runGuardrailCheck` share one canonical loader.
263
240
  function indexById(entries) {
264
241
  const out = new Map();
265
242
  for (const e of entries)
@@ -355,6 +332,8 @@ function diffEnvelopes(baseline, current) {
355
332
  };
356
333
  }
357
334
  function locatorFile(entry) {
335
+ if ((0, sanitize_1.isSanitized)(entry))
336
+ return undefined;
358
337
  switch (entry.kind) {
359
338
  case 'secret':
360
339
  case 'code':
@@ -371,12 +350,13 @@ function locatorFile(entry) {
371
350
  case 'duplication':
372
351
  return entry.fileA;
373
352
  case 'dep-vuln':
374
- case 'license':
375
353
  case 'secret-hmac':
376
354
  return undefined;
377
355
  }
378
356
  }
379
357
  function locatorLine(entry) {
358
+ if ((0, sanitize_1.isSanitized)(entry))
359
+ return undefined;
380
360
  switch (entry.kind) {
381
361
  case 'secret':
382
362
  case 'code':
@@ -393,9 +373,9 @@ function locatorLine(entry) {
393
373
  }
394
374
  /**
395
375
  * `--changed-only` filter predicate. Keeps:
396
- * - pairs without a line locator (dep-vuln, license, duplication,
397
- * etc.) — their identity isn't line-bound, so changed-line
398
- * overlap doesn't apply
376
+ * - pairs without a line locator (dep-vuln, duplication, etc.) —
377
+ * their identity isn't line-bound, so changed-line overlap
378
+ * doesn't apply
399
379
  * - prior-side pairs (persisted / relocated / removed) — they
400
380
  * represent existing state, not newly-introduced findings, so
401
381
  * they pass regardless of where they live in the diff
@@ -459,4 +439,50 @@ function readChangedLineSet(cwd, baseSha, headSha, file) {
459
439
  }
460
440
  return out;
461
441
  }
442
+ /**
443
+ * Load the prior side of the guardrail diff. Dispatches on
444
+ * `mode.mode`:
445
+ *
446
+ * - `committed-full` / `committed-sanitized` → read the on-disk
447
+ * baseline file. The path is `options.baselinePath` when
448
+ * supplied, otherwise the conventional
449
+ * `.dxkit/baselines/<name>.json`.
450
+ * - `ref-based` → run the full gather pipeline against a git
451
+ * worktree of `mode.ref`, then project the resulting
452
+ * `CurrentScan` into a synthetic `BaselineFile`. The matcher
453
+ * downstream doesn't care which path produced the value.
454
+ *
455
+ * The synthetic `BaselineFile` for ref-based mode carries the ref-
456
+ * scan's envelope unchanged — including its `repo.commitSha`,
457
+ * `tools`, `analysis` hashes, and `saltMode`. That's exactly what
458
+ * the matcher needs to compute git-aware diffs + envelope drift
459
+ * against the current scan.
460
+ */
461
+ async function loadPriorSide(cwd, mode, options) {
462
+ if (mode.mode !== 'ref-based') {
463
+ const baselinePath = options.baselinePath ?? (0, baseline_file_1.pathForBaseline)(cwd, options.name ?? baseline_file_1.DEFAULT_BASELINE_NAME);
464
+ if (!fs.existsSync(baselinePath)) {
465
+ throw new Error(`baseline file not found: ${baselinePath}. ` +
466
+ `Run \`vyuh-dxkit baseline create\` first to capture today's state.`);
467
+ }
468
+ return { baseline: (0, baseline_file_1.readBaselineFile)(baselinePath), baselinePath };
469
+ }
470
+ if (!mode.ref) {
471
+ // Defensive: the resolver always populates `ref` for ref-based
472
+ // mode. A missing ref here would be a programming error.
473
+ throw new Error('ref-based baseline mode requires a resolved ref; got undefined.');
474
+ }
475
+ const refScan = await (0, ref_baseline_1.gatherFromRef)({ cwd, ref: mode.ref, verbose: options.verbose });
476
+ const baseline = {
477
+ schemaVersion: baseline_file_1.BASELINE_SCHEMA_VERSION,
478
+ name: options.name ?? baseline_file_1.DEFAULT_BASELINE_NAME,
479
+ createdAt: new Date().toISOString(),
480
+ repo: refScan.repoState,
481
+ analysis: refScan.analysisMeta,
482
+ tools: refScan.tools,
483
+ saltMode: refScan.saltMode,
484
+ findings: refScan.findings,
485
+ };
486
+ return { baseline };
487
+ }
462
488
  //# sourceMappingURL=check.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2HH,8CAiIC;AA1PD,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA6C;AAE7C,mDAA2F;AAE3F,yDAAsD;AACtD,uDAAkD;AAElD,qCAA+D;AAwF/D,MAAM,qBAAqB,GACzB,MAAM,CAAC,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,QAAQ;IACrB,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,QAAQ;IACpB,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,KAAK;IACd,uBAAuB,EAAE,QAAQ;IACjC,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,MAAM;CACtB,CAAC,CAAC;AAEL;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAA,+BAAe,EAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC,CAAC;IACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,YAAY,IAAI;YAC1C,oEAAoE,CACvE,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAiB,EAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAE3E,MAAM,YAAY,GAAmC,IAAA,mCAAgB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzF,MAAM,cAAc,GAAmC,IAAA,mCAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1F,+DAA+D;IAC/D,kEAAkE;IAClE,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAA,+BAAa,EAAC,YAAY,EAAE,cAAc,EAAE;QAC9D,GAAG;QACH,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM;QAC1C,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEvD,gDAAgD;IAChD,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,kDAAkD;IAClD,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;IACxC,MAAM,eAAe,GAAG,CAAC,IAAY,EAA2B,EAAE;QAChE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC3C,IAAI,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,QAAQ,GACZ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,qBAAqB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,oBAAoB,GACxB,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,qBAAqB,GACzB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/F,MAAM,aAAa,GACjB,IAAI,CAAC,MAAM,KAAK,OAAO;YACvB,CAAC,aAAa,CAAC,iBAAiB;gBAC9B,aAAa,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,OAAO,GAAoB;YAC/B,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;QAEF,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QACvD,IAAI,cAAc,CAAC,MAAM;YAAE,MAAM,GAAG,IAAI,CAAC;QACzC,IAAI,cAAc,CAAC,KAAK;YAAE,KAAK,GAAG,IAAI,CAAC;QAEvC,eAAe,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,cAAc;YACd,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;QACvC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,eAAe,CAAC;IAEpB,+DAA+D;IAC/D,+DAA+D;IAC/D,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM;YAAE,cAAc,GAAG,IAAI,CAAC;QACnD,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK;YAAE,aAAa,GAAG,IAAI,CAAC;IACnD,CAAC;IAED,OAAO;QACL,YAAY;QACZ,QAAQ;QACR,OAAO;QACP,WAAW;QACX,KAAK,EAAE,aAAa;QACpB,aAAa;QACb,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK;KACnD,CAAC;AACJ,CAAC;AAED;qEACqE;AACrE,MAAM,uBAAuB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AAEnE,SAAS,aAAa,CAAC,UAA8B,EAAE,GAAW;IAChE,oBAAoB;IACpB,+DAA+D;IAC/D,kEAAkE;IAClE,mEAAmE;IACnE,wDAAwD;IACxD,IAAI,YAAY,GAAuB,UAAU,CAAC;IAClD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAC7D,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,YAAY,GAAG,YAAY,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,YAAY;QAAE,OAAO,kCAAyB,CAAC;IACpD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,YAAY,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,mEAAmE;IACnE,gEAAgE;IAChE,mCAAmC;IACnC,MAAM,GAAG,GAAG,MAAmC,CAAC;IAChD,OAAO;QACL,GAAG,kCAAyB;QAC5B,GAAG,GAAG;QACN,UAAU,EAAE,EAAE,GAAG,kCAAyB,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE;QAClF,UAAU,EAAE,EAAE,GAAG,kCAAyB,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE;QAClF,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,kCAAyB,CAAC,KAAK;QACnD,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,kCAAyB,CAAC,IAAI;QAChD,yBAAyB,EACvB,GAAG,CAAC,yBAAyB,IAAI,kCAAyB,CAAC,yBAAyB;QACtF,IAAI,EAAE,YAAY;KACnB,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,OAAqC;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,SAA4B;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,SAA4B;IAE5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,SAAS,CAAC;IACrE,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,QAAQ;QAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,YAAY;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,UAAU;QAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,OAAO;QAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,WAAW,EAAE,kEAAkE;QACvF,UAAU,EAAE,QAAQ;QACpB,aAAa,EAAE,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAA2B,EAC3B,WAAkF,EAClF,KAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB,EAAE,OAAoB;IACjE,MAAM,gBAAgB,GAIjB,EAAE,CAAC;IACR,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/F,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,KAAK,OAAO,CAAC,YAAY,CAAC,aAAa;QAC5F,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,YAAY;QACzF,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,UAAU,CAAC;QAChB,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,KAAK,UAAU,CAAC;QAChB,KAAK,SAAS,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,UAAU,CAAC;QAC1B,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAS,oBAAoB,CAAC,CAAiB;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,SAAS,GACb,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,OAAO;QACnC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,eAAe;QAC3C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,cAAc;QAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC;IAC/C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,CAAC,oBAAoB,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CACzB,GAAW,EACX,OAAe,EACf,OAAe,EACf,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,4BAAY,EACjB,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EACrF,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAC3D,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/baseline/check.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiKH,8CAiJC;AAhTD,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,qCAA6C;AAE7C,mDAKyB;AAEzB,yDAAsD;AACtD,uDAAkD;AAElD,mCAA8C;AAE9C,qCAAmD;AAEnD,iDAA+C;AAC/C,yCAAyC;AAGzC,4CAA+E;AA6G/E,MAAM,qBAAqB,GACzB,MAAM,CAAC,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,QAAQ;IACrB,cAAc,EAAE,QAAQ;IACxB,UAAU,EAAE,QAAQ;IACpB,OAAO,EAAE,KAAK;IACd,uBAAuB,EAAE,QAAQ;IACjC,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,QAAQ;IACtB,aAAa,EAAE,MAAM;IACrB,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,QAAQ;IACR,aAAa,EAAE,KAAK;CACrB,CAAC,CAAC;AAEL;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,OAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,IAAA,sBAAa,EAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,IAAA,2BAAmB,EAAC;YAClB,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;YACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;SAChC,CAAC,CAAC;IAEL,8DAA8D;IAC9D,kEAAkE;IAClE,gEAAgE;IAChE,0DAA0D;IAC1D,iCAAiC;IACjC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAE3E,MAAM,OAAO,GAAG,MAAM,IAAA,0BAAiB,EAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAE3E,MAAM,YAAY,GAAmC,IAAA,mCAAgB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzF,MAAM,cAAc,GAAmC,IAAA,mCAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1F,+DAA+D;IAC/D,kEAAkE;IAClE,8DAA8D;IAC9D,+DAA+D;IAC/D,MAAM,WAAW,GAAG,IAAA,+BAAa,EAAC,YAAY,EAAE,cAAc,EAAE;QAC9D,GAAG;QACH,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM;QAC1C,OAAO,EAAE,MAAM;KAChB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEvD,gDAAgD;IAChD,iEAAiE;IACjE,gEAAgE;IAChE,gEAAgE;IAChE,kDAAkD;IAClD,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;IACxC,MAAM,eAAe,GAAG,CAAC,IAAY,EAA2B,EAAE;QAChE,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QAC3C,IAAI,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,WAAW,GACf,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,SAAS;QAE3B,MAAM,QAAQ,GACZ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,qBAAqB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,oBAAoB,GACxB,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAC;QAEhB,MAAM,qBAAqB,GACzB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,mBAAmB,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/F,MAAM,aAAa,GACjB,IAAI,CAAC,MAAM,KAAK,OAAO;YACvB,CAAC,aAAa,CAAC,iBAAiB;gBAC9B,aAAa,CAAC,iBAAiB;gBAC/B,aAAa,CAAC,iBAAiB,CAAC,CAAC;QAErC,MAAM,OAAO,GAAoB;YAC/B,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC;QAEF,MAAM,cAAc,GAAG,IAAA,iBAAQ,EAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QACvD,IAAI,cAAc,CAAC,MAAM;YAAE,MAAM,GAAG,IAAI,CAAC;QACzC,IAAI,cAAc,CAAC,KAAK;YAAE,KAAK,GAAG,IAAI,CAAC;QAEvC,eAAe,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,cAAc;YACd,QAAQ;YACR,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW;QACvC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC,CAAC,eAAe,CAAC;IAEpB,+DAA+D;IAC/D,+DAA+D;IAC/D,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,aAAa,GAAG,KAAK,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM;YAAE,cAAc,GAAG,IAAI,CAAC;QACnD,IAAI,CAAC,CAAC,cAAc,CAAC,KAAK;YAAE,aAAa,GAAG,IAAI,CAAC;IACnD,CAAC;IAED,4DAA4D;IAC5D,6DAA6D;IAC7D,+DAA+D;IAC/D,gEAAgE;IAChE,uDAAuD;IACvD,MAAM,cAAc,GAAmB,IAAA,4BAAqB,EAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE3F,OAAO;QACL,IAAI;QACJ,GAAG,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,QAAQ;QACR,OAAO;QACP,WAAW;QACX,KAAK,EAAE,aAAa;QACpB,aAAa;QACb,MAAM;QACN,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM;QACrD,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK;QAClD,cAAc;KACf,CAAC;AACJ,CAAC;AAED,iEAAiE;AACjE,kDAAkD;AAElD,SAAS,SAAS,CAAC,OAAqC;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,SAA4B;IACtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAA8B,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,SAA4B;IAE5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;IAClE,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,IAAI,SAAS,CAAC;IACrE,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,CAAC;IAChE,MAAM,YAAY,GAAG,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC;IAExD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,QAAQ;QAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,YAAY;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,UAAU;QAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,IAAI,OAAO;QAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,WAAW,EAAE,kEAAkE;QACvF,UAAU,EAAE,QAAQ;QACpB,aAAa,EAAE,WAAW;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,IAA2B,EAC3B,WAAkF,EAClF,KAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACxC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,QAAsB,EAAE,OAAoB;IACjE,MAAM,gBAAgB,GAIjB,EAAE,CAAC;IACR,MAAM,KAAK,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/F,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,eAAe,KAAK,cAAc,EAAE,CAAC;YACvC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IACD,OAAO;QACL,oBAAoB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,KAAK,OAAO,CAAC,YAAY,CAAC,aAAa;QAC5F,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,UAAU;QACnF,mBAAmB,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,YAAY,CAAC,YAAY;QACzF,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,UAAU,CAAC;QAChB,KAAK,uBAAuB,CAAC;QAC7B,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,KAAK,UAAU,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,IAAA,sBAAW,EAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACzC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC,UAAU,CAAC;QAC1B,KAAK,cAAc;YACjB,OAAO,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAS,oBAAoB,CAAC,CAAiB;IAC7C,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC9D,MAAM,SAAS,GACb,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,OAAO;QACnC,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,eAAe;QAC3C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,cAAc;QAC1C,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC;IAC/C,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,CAAC,CAAC,oBAAoB,KAAK,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CACzB,GAAW,EACX,OAAe,EACf,OAAe,EACf,IAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,4BAAY,EACjB,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EACrF,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,CAC1B,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC7B,MAAM,MAAM,GAAG,2CAA2C,CAAC;IAC3D,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,0DAA0D;YAC1D,SAAS;QACX,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,IAAkB,EAClB,OAAiC;IAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAA,+BAAe,EAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC,CAAC;QACtF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,4BAA4B,YAAY,IAAI;gBAC1C,oEAAoE,CACvE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAA,gCAAgB,EAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,+DAA+D;QAC/D,yDAAyD;QACzD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAa,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACtF,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,qCAAqB;QAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,OAAO,CAAC,SAAS;QACvB,QAAQ,EAAE,OAAO,CAAC,YAAY;QAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IACF,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}
@@ -19,9 +19,10 @@
19
19
  * registering a producer there, never an edit here.
20
20
  */
21
21
  import type { BaselineAnalysisMeta, BaselineFile, BaselineRepoState } from './baseline-file';
22
+ import type { ResolvedMode } from './modes';
22
23
  import type { ProducerContext } from './producers';
23
24
  import type { SaltMode } from './salt';
24
- import type { BaselineEntry } from './types';
25
+ import type { RichBaselineEntry } from './types';
25
26
  import type { SecurityAggregate } from '../analyzers/security/aggregator';
26
27
  export interface CreateBaselineOptions {
27
28
  /** Repo root to baseline. Caller should pass an absolute path. */
@@ -37,10 +38,26 @@ export interface CreateBaselineOptions {
37
38
  readonly force?: boolean;
38
39
  /** Forwarded to the underlying analyzer for per-tool timing logs. */
39
40
  readonly verbose?: boolean;
41
+ /** Pre-resolved baseline mode. When supplied, the orchestrator
42
+ * skips its own resolution + policy load. Callers wanting
43
+ * deterministic behavior (tests, agents) pass this. */
44
+ readonly resolvedMode?: ResolvedMode;
45
+ /** Explicit CLI flag value for the mode (`--mode=<X>`). Forwarded
46
+ * to `resolveBaselineMode`. Ignored when `resolvedMode` is
47
+ * supplied. */
48
+ readonly cliMode?: ResolvedMode['mode'];
49
+ /** Explicit CLI flag value for the ref (`--ref=<R>`). Only
50
+ * consulted when the resolved mode is `ref-based`. */
51
+ readonly cliRef?: string;
40
52
  }
53
+ /** Outcome of `createBaseline`. `path` and `file` are absent when
54
+ * mode resolved to `ref-based` — no file is written, and the
55
+ * `mode` field carries the audit trail so callers can surface
56
+ * WHY nothing landed on disk. */
41
57
  export interface CreateBaselineResult {
42
- readonly path: string;
43
- readonly file: BaselineFile;
58
+ readonly mode: ResolvedMode;
59
+ readonly path?: string;
60
+ readonly file?: BaselineFile;
44
61
  }
45
62
  /**
46
63
  * Test seam: clear the version cache between test runs so per-test
@@ -61,7 +78,7 @@ export declare function clearToolVersionCache(): void;
61
78
  * forbids for tool invocation, and the same hazard applies here.
62
79
  */
63
80
  export interface CurrentScan {
64
- readonly findings: ReadonlyArray<BaselineEntry>;
81
+ readonly findings: ReadonlyArray<RichBaselineEntry>;
65
82
  readonly aggregate: SecurityAggregate;
66
83
  readonly repoState: BaselineRepoState;
67
84
  readonly saltMode: SaltMode;
@@ -88,9 +105,20 @@ export declare function gatherCurrentScan(options: {
88
105
  readonly verbose?: boolean;
89
106
  }): Promise<CurrentScan>;
90
107
  /**
91
- * Run the baseline-create pipeline. Pure-orchestrator: gather the
92
- * current scan via the shared step, then write it to disk under the
93
- * given name.
108
+ * Run the baseline-create pipeline. Pure-orchestrator: resolve
109
+ * the baseline mode, gather the current scan, then either:
110
+ *
111
+ * - `committed-full` → write rich entries to disk (today's
112
+ * behavior).
113
+ * - `committed-sanitized` → sanitize every entry, then write.
114
+ * The cross-run matching contract is preserved; locator
115
+ * fields are stripped.
116
+ * - `ref-based` → no file write. The guardrail check will
117
+ * recompute the prior side from a git ref instead.
118
+ *
119
+ * In all three cases the returned `CreateBaselineResult` carries
120
+ * `resolvedMode` so callers can log WHY a given mode was picked
121
+ * (CLI flag / policy file / visibility auto-detect).
94
122
  */
95
123
  export declare function createBaseline(options: CreateBaselineOptions): Promise<CreateBaselineResult>;
96
124
  //# sourceMappingURL=create.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAoBH,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAE1E,MAAM,WAAW,qBAAqB;IACpC,kEAAkE;IAClE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;oDAEgD;IAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;yCAGqC;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,qEAAqE;IACrE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;CAC7B;AA6JD;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAChD,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD;iCAC6B;IAC7B,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAAC;IAC5C;yEACqE;IACrE,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE;IAC/C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B,GAAG,OAAO,CAAC,WAAW,CAAC,CA0EvB;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CA0B/B"}
1
+ {"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAoBH,OAAO,KAAK,EAAE,oBAAoB,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAG5C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAEvC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAG1E,MAAM,WAAW,qBAAqB;IACpC,kEAAkE;IAClE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;oDAEgD;IAChD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB;;;yCAGqC;IACrC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IACzB,qEAAqE;IACrE,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B;;4DAEwD;IACxD,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC;;oBAEgB;IAChB,QAAQ,CAAC,OAAO,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC;IACxC;2DACuD;IACvD,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;kCAGkC;AAClC,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC;CAC9B;AA6JD;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACpD,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,mEAAmE;IACnE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACjD;iCAC6B;IAC7B,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAAC;IAC5C;yEACqE;IACrE,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;CACvC;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE;IAC/C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;CAC5B,GAAG,OAAO,CAAC,WAAW,CAAC,CA+EvB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,cAAc,CAClC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,oBAAoB,CAAC,CAgD/B"}
@@ -68,9 +68,12 @@ const gitleaks_1 = require("../analyzers/tools/gitleaks");
68
68
  const tool_registry_1 = require("../analyzers/tools/tool-registry");
69
69
  const constants_1 = require("../constants");
70
70
  const baseline_file_1 = require("./baseline-file");
71
+ const modes_1 = require("./modes");
71
72
  const policy_1 = require("./policy");
72
73
  const producers_1 = require("./producers");
73
74
  const salt_1 = require("./salt");
75
+ const sanitize_1 = require("./sanitize");
76
+ const gather_2 = require("../allowlist/gather");
74
77
  /** Hash used for baseline-envelope metadata fields (policy, ignore,
75
78
  * toolchain, config). Distinct concern from finding-identity
76
79
  * fingerprints — these never enter the matcher's identity space. */
@@ -271,6 +274,10 @@ async function gatherCurrentScan(options) {
271
274
  const hygieneMarkers = (0, gather_1.gatherHygieneMarkers)(cwd);
272
275
  const gitleaksOutcome = (0, gitleaks_1.gatherGitleaksResult)(cwd);
273
276
  const rawSecrets = gitleaksOutcome.kind === 'success' ? gitleaksOutcome.rawSecrets : [];
277
+ // Inline `dxkit-allow:` annotations gathered from source so the
278
+ // stale-allow producer can flag orphans whose underlying findings
279
+ // are no longer present.
280
+ const inlineAllowlistAnnotations = (0, gather_2.gatherInlineAllowlistAnnotations)(cwd);
274
281
  const producerCtx = {
275
282
  cwd,
276
283
  commitSha: repoState.commitSha,
@@ -279,6 +286,7 @@ async function gatherCurrentScan(options) {
279
286
  testGapsReport,
280
287
  hygiene: hygieneMarkers,
281
288
  rawSecrets,
289
+ inlineAllowlistAnnotations,
282
290
  };
283
291
  // Dispatch through the canonical producer registry (CLAUDE.md
284
292
  // Rule 10). Adding a new identity kind means registering a
@@ -310,20 +318,49 @@ async function gatherCurrentScan(options) {
310
318
  };
311
319
  }
312
320
  /**
313
- * Run the baseline-create pipeline. Pure-orchestrator: gather the
314
- * current scan via the shared step, then write it to disk under the
315
- * given name.
321
+ * Run the baseline-create pipeline. Pure-orchestrator: resolve
322
+ * the baseline mode, gather the current scan, then either:
323
+ *
324
+ * - `committed-full` → write rich entries to disk (today's
325
+ * behavior).
326
+ * - `committed-sanitized` → sanitize every entry, then write.
327
+ * The cross-run matching contract is preserved; locator
328
+ * fields are stripped.
329
+ * - `ref-based` → no file write. The guardrail check will
330
+ * recompute the prior side from a git ref instead.
331
+ *
332
+ * In all three cases the returned `CreateBaselineResult` carries
333
+ * `resolvedMode` so callers can log WHY a given mode was picked
334
+ * (CLI flag / policy file / visibility auto-detect).
316
335
  */
317
336
  async function createBaseline(options) {
318
337
  const cwd = path.resolve(options.cwd);
319
338
  const name = options.name ?? baseline_file_1.DEFAULT_BASELINE_NAME;
339
+ const mode = options.resolvedMode ??
340
+ (() => {
341
+ const policy = (0, policy_1.loadPolicyFromCwd)(cwd);
342
+ return (0, modes_1.resolveBaselineMode)({
343
+ cwd,
344
+ cliMode: options.cliMode,
345
+ cliRef: options.cliRef,
346
+ policyMode: policy.baseline?.mode,
347
+ policyRef: policy.baseline?.ref,
348
+ });
349
+ })();
350
+ if (mode.mode === 'ref-based') {
351
+ // Ref-based mode keeps no committed baseline. We still run no
352
+ // gather here — the guardrail check does it on demand against
353
+ // the configured ref. Returning the resolved mode lets the CLI
354
+ // surface a clear "ref-based mode active; no file written" log.
355
+ return { mode };
356
+ }
320
357
  const filePath = (0, baseline_file_1.pathForBaseline)(cwd, name);
321
358
  if (!options.force && fs.existsSync(filePath)) {
322
359
  throw new Error(`baseline already exists at ${filePath}. Pass force: true to overwrite, ` +
323
360
  `or use a different --name to keep both.`);
324
361
  }
325
362
  const scan = await gatherCurrentScan({ cwd, verbose: options.verbose });
326
- const file = {
363
+ const richFile = {
327
364
  schemaVersion: baseline_file_1.BASELINE_SCHEMA_VERSION,
328
365
  name,
329
366
  createdAt: new Date().toISOString(),
@@ -333,7 +370,8 @@ async function createBaseline(options) {
333
370
  saltMode: scan.saltMode,
334
371
  findings: scan.findings,
335
372
  };
373
+ const file = mode.mode === 'committed-sanitized' ? (0, sanitize_1.sanitizeFile)(richFile) : richFile;
336
374
  (0, baseline_file_1.writeBaselineFile)(filePath, file);
337
- return { path: filePath, file };
375
+ return { mode, path: filePath, file };
338
376
  }
339
377
  //# sourceMappingURL=create.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmNH,sDAEC;AAqCD,8CA6EC;AAOD,wCA4BC;AAxWD,iDAA6C;AAC7C,mCAAoC;AACpC,uCAAyB;AACzB,2CAA6B;AAC7B,gDAA+D;AAC/D,8CAA+D;AAC/D,wDAAmE;AACnE,8CAAqD;AACrD,0DAAmE;AAEnE,oEAAuE;AACvE,4CAAwD;AACxD,mDAKyB;AAEzB,qCAAqD;AACrD,2CAAsD;AAEtD,iCAAqC;AA0BrC;;qEAEqE;AACrE,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sEAAsE;AAC9I,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;qCAGqC;AACrC,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,GAAG,GAAG,CAAC,GAAG,IAAc,EAAU,EAAE;QACxC,IAAI,CAAC;YACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,IAAI,EAAE;gBAC/B,GAAG;gBACH,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;IACF,OAAO;QACL,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC;QACnC,MAAM,EAAE,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,kCAAyB,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACrF,0DAA0D;IAC1D,kEAAkE;IAClE,OAAO,EAAE,YAAY,EAAE,mBAAa,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;2CAgB2C;AAC3C,SAAS,aAAa,CAAC,SAAgC,EAAE,GAAW;IAClE,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,cAAc,CAAC,CAAC,CAAC;AAE/F;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEhD,SAAS,kBAAkB,CAAC,IAAY,EAAE,GAAW;IACnD,MAAM,QAAQ,GAAG,GAAG,IAAI,KAAK,GAAG,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACxC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACvD,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAY,EAAE,GAAW;IAC3D,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,mBAAa,EAAE,CAAC;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,yBAAS,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,iEAAiE;QACjE,iEAAiE;QACjE,4DAA4D;QAC5D,+DAA+D;QAC/D,8DAA8D;QAC9D,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,8DAA8D;QAC9D,kDAAkD;QAClD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,OAAO;gBAAE,OAAO,MAAM,CAAC,OAAO,CAAC;QAC5C,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB;IACnC,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC;AA4BD;;;;;;;;GAQG;AACI,KAAK,UAAU,iBAAiB,CAAC,OAGvC;IACC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEtC,MAAM,cAAc,GAAG,MAAM,IAAA,iCAAyB,EAAC;QACrD,GAAG;QACH,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,iCAAwB,EAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;KACxF,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;IAChE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,iEAAiE;YAC/D,yDAAyD,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAsB;QACnC,GAAG,aAAa,CAAC,GAAG,CAAC;QACrB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,iEAAiE;IACjE,4DAA4D;IAC5D,kEAAkE;IAClE,aAAa;IACb,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAW,EAAC,GAAG,CAAC,CAAC;IAElD,gEAAgE;IAChE,kEAAkE;IAClE,6DAA6D;IAC7D,0DAA0D;IAC1D,2DAA2D;IAC3D,MAAM,cAAc,GAAG,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC;IACjD,MAAM,eAAe,GAAG,IAAA,+BAAoB,EAAC,GAAG,CAAC,CAAC;IAClD,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAEvE,MAAM,WAAW,GAAoB;QACnC,GAAG;QACH,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,IAAI;QACJ,cAAc;QACd,cAAc;QACd,OAAO,EAAE,cAAc;QACvB,UAAU;KACX,CAAC;IAEF,8DAA8D;IAC9D,2DAA2D;IAC3D,gEAAgE;IAChE,QAAQ;IACR,MAAM,QAAQ,GAAoB,IAAA,wBAAY,EAAC,WAAW,EAAE,qBAAS,CAAC,CAAC;IAEvE,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI;QAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxF,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI;QAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAClG,IAAI,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI;QAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC1F,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;IAExD,MAAM,YAAY,GAAyB;QACzC,GAAG,iBAAiB,CAAC,GAAG,CAAC;QACzB,aAAa,EAAE,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;KAClD,CAAC;IAEF,OAAO;QACL,QAAQ;QACR,SAAS;QACT,SAAS;QACT,QAAQ;QACR,KAAK;QACL,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,cAAc,CAClC,OAA8B;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,8BAA8B,QAAQ,mCAAmC;YACvE,yCAAyC,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAExE,MAAM,IAAI,GAAiB;QACzB,aAAa,EAAE,uCAAuB;QACtC,IAAI;QACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,IAAI,CAAC,SAAS;QACpB,QAAQ,EAAE,IAAI,CAAC,YAAY;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC;IAEF,IAAA,iCAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAClC,CAAC"}
1
+ {"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/baseline/create.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuOH,sDAEC;AAqCD,8CAkFC;AAkBD,wCAkDC;AAlaD,iDAA6C;AAC7C,mCAAoC;AACpC,uCAAyB;AACzB,2CAA6B;AAC7B,gDAA+D;AAC/D,8CAA+D;AAC/D,wDAAmE;AACnE,8CAAqD;AACrD,0DAAmE;AAEnE,oEAAuE;AACvE,4CAAwD;AACxD,mDAKyB;AAEzB,mCAA8C;AAE9C,qCAAwE;AACxE,2CAAsD;AAEtD,iCAAqC;AAErC,yCAA0C;AAG1C,gDAAuE;AAuCvE;;qEAEqE;AACrE,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,sEAAsE;AAC9I,CAAC;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;qCAGqC;AACrC,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,GAAG,GAAG,CAAC,GAAG,IAAc,EAAU,EAAE;QACxC,IAAI,CAAC;YACH,OAAO,IAAA,4BAAY,EAAC,KAAK,EAAE,IAAI,EAAE;gBAC/B,GAAG;gBACH,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC,IAAI,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;IACF,OAAO;QACL,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC;QACnC,MAAM,EAAE,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,MAAM,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,kCAAyB,CAAC,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;IACrF,0DAA0D;IAC1D,kEAAkE;IAClE,OAAO,EAAE,YAAY,EAAE,mBAAa,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;2CAgB2C;AAC3C,SAAS,aAAa,CAAC,SAAgC,EAAE,GAAW;IAClE,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,qBAAqB,EAAE,cAAc,CAAC,CAAC,CAAC;AAE/F;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEhD,SAAS,kBAAkB,CAAC,IAAY,EAAE,GAAW;IACnD,MAAM,QAAQ,GAAG,GAAG,IAAI,KAAK,GAAG,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACxC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACvD,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAY,EAAE,GAAW;IAC3D,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,mBAAa,EAAE,CAAC;IAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,yBAAS,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,iEAAiE;QACjE,iEAAiE;QACjE,4DAA4D;QAC5D,+DAA+D;QAC/D,8DAA8D;QAC9D,iEAAiE;QACjE,iEAAiE;QACjE,+DAA+D;QAC/D,8DAA8D;QAC9D,kDAAkD;QAClD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,OAAO;gBAAE,OAAO,MAAM,CAAC,OAAO,CAAC;QAC5C,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB;IACnC,aAAa,CAAC,KAAK,EAAE,CAAC;AACxB,CAAC;AA4BD;;;;;;;;GAQG;AACI,KAAK,UAAU,iBAAiB,CAAC,OAGvC;IACC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEtC,MAAM,cAAc,GAAG,MAAM,IAAA,iCAAyB,EAAC;QACrD,GAAG;QACH,KAAK,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,iCAAwB,EAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;KACxF,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;IAChE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,iEAAiE;YAC/D,yDAAyD,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAsB;QACnC,GAAG,aAAa,CAAC,GAAG,CAAC;QACrB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,iEAAiE;IACjE,4DAA4D;IAC5D,kEAAkE;IAClE,aAAa;IACb,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAW,EAAC,GAAG,CAAC,CAAC;IAElD,gEAAgE;IAChE,kEAAkE;IAClE,6DAA6D;IAC7D,0DAA0D;IAC1D,2DAA2D;IAC3D,MAAM,cAAc,GAAG,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClF,MAAM,cAAc,GAAG,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC;IACjD,MAAM,eAAe,GAAG,IAAA,+BAAoB,EAAC,GAAG,CAAC,CAAC;IAClD,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,gEAAgE;IAChE,kEAAkE;IAClE,yBAAyB;IACzB,MAAM,0BAA0B,GAAG,IAAA,yCAAgC,EAAC,GAAG,CAAC,CAAC;IAEzE,MAAM,WAAW,GAAoB;QACnC,GAAG;QACH,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,IAAI;QACJ,cAAc;QACd,cAAc;QACd,OAAO,EAAE,cAAc;QACvB,UAAU;QACV,0BAA0B;KAC3B,CAAC;IAEF,8DAA8D;IAC9D,2DAA2D;IAC3D,gEAAgE;IAChE,QAAQ;IACR,MAAM,QAAQ,GAAwB,IAAA,wBAAY,EAAC,WAAW,EAAE,qBAAS,CAAC,CAAC;IAE3E,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI;QAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxF,IAAI,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI;QAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAClG,IAAI,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI;QAAE,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC1F,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG;QAAE,SAAS,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC7E,MAAM,KAAK,GAAG,aAAa,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;IAExD,MAAM,YAAY,GAAyB;QACzC,GAAG,iBAAiB,CAAC,GAAG,CAAC;QACzB,aAAa,EAAE,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;KAClD,CAAC;IAEF,OAAO;QACL,QAAQ;QACR,SAAS;QACT,SAAS;QACT,QAAQ;QACR,KAAK;QACL,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACI,KAAK,UAAU,cAAc,CAClC,OAA8B;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,qCAAqB,CAAC;IACnD,MAAM,IAAI,GACR,OAAO,CAAC,YAAY;QACpB,CAAC,GAAG,EAAE;YACJ,MAAM,MAAM,GAAG,IAAA,0BAAiB,EAAC,GAAG,CAAC,CAAC;YACtC,OAAO,IAAA,2BAAmB,EAAC;gBACzB,GAAG;gBACH,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI;gBACjC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,GAAG;aAChC,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IAEP,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,8DAA8D;QAC9D,8DAA8D;QAC9D,+DAA+D;QAC/D,gEAAgE;QAChE,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,+BAAe,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,8BAA8B,QAAQ,mCAAmC;YACvE,yCAAyC,CAC5C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAiB;QAC7B,aAAa,EAAE,uCAAuB;QACtC,IAAI;QACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,IAAI,EAAE,IAAI,CAAC,SAAS;QACpB,QAAQ,EAAE,IAAI,CAAC,YAAY;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,KAAK,qBAAqB,CAAC,CAAC,CAAC,IAAA,uBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IACrF,IAAA,iCAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACxC,CAAC"}
@@ -16,7 +16,7 @@
16
16
  * apply to hygiene markers; the marker IS the canonical name.
17
17
  *
18
18
  * Kinds without file/line locators (dep-vuln, duplication,
19
- * coverage-gap, license, test-gap, test-file-degradation, god-file,
19
+ * coverage-gap, test-gap, test-file-degradation, god-file,
20
20
  * stale-file, large-file, secret-hmac) fall through to the matcher's
21
21
  * multiset pass — they're paired by exact identity-hash equality,
22
22
  * which the matcher already handles without any locator metadata.
@@ -28,6 +28,11 @@ import type { BaselineEntry } from './types';
28
28
  * already-computed identity hash; locator fields are populated for
29
29
  * the kinds the matcher's location-pair / content-hash passes can
30
30
  * use.
31
+ *
32
+ * Sanitized entries (`sanitized: true`) carry only identity + kind;
33
+ * they short-circuit to identity-only locators because the
34
+ * location-pair pass has no fields to compare. The matcher's
35
+ * multiset pass still pairs them at full confidence by id.
31
36
  */
32
37
  export declare function entryToLocated(entry: BaselineEntry): LocatedIdentity;
33
38
  /** Convenience: map an array of entries through `entryToLocated`. */
@@ -1 +1 @@
1
- {"version":3,"file":"entry-to-located.d.ts","sourceRoot":"","sources":["../../src/baseline/entry-to-located.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,aAAa,GAAG,eAAe,CAgCpE;AAED,qEAAqE;AACrE,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,aAAa,CAAC,aAAa,CAAC,GACpC,aAAa,CAAC,eAAe,CAAC,CAEhC"}
1
+ {"version":3,"file":"entry-to-located.d.ts","sourceRoot":"","sources":["../../src/baseline/entry-to-located.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,aAAa,GAAG,eAAe,CA2CpE;AAED,qEAAqE;AACrE,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,aAAa,CAAC,aAAa,CAAC,GACpC,aAAa,CAAC,eAAe,CAAC,CAEhC"}