@vyuhlabs/dxkit 2.5.2 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (146) hide show
  1. package/CHANGELOG.md +164 -0
  2. package/README.md +102 -0
  3. package/dist/allowlist/categories.d.ts +120 -0
  4. package/dist/allowlist/categories.d.ts.map +1 -0
  5. package/dist/allowlist/categories.js +194 -0
  6. package/dist/allowlist/categories.js.map +1 -0
  7. package/dist/allowlist/cli.d.ts +95 -0
  8. package/dist/allowlist/cli.d.ts.map +1 -0
  9. package/dist/allowlist/cli.js +454 -0
  10. package/dist/allowlist/cli.js.map +1 -0
  11. package/dist/allowlist/diff.d.ts +67 -0
  12. package/dist/allowlist/diff.d.ts.map +1 -0
  13. package/dist/allowlist/diff.js +147 -0
  14. package/dist/allowlist/diff.js.map +1 -0
  15. package/dist/allowlist/file.d.ts +249 -0
  16. package/dist/allowlist/file.d.ts.map +1 -0
  17. package/dist/allowlist/file.js +497 -0
  18. package/dist/allowlist/file.js.map +1 -0
  19. package/dist/allowlist/gather.d.ts +61 -0
  20. package/dist/allowlist/gather.d.ts.map +1 -0
  21. package/dist/allowlist/gather.js +143 -0
  22. package/dist/allowlist/gather.js.map +1 -0
  23. package/dist/allowlist/hint.d.ts +80 -0
  24. package/dist/allowlist/hint.d.ts.map +1 -0
  25. package/dist/allowlist/hint.js +271 -0
  26. package/dist/allowlist/hint.js.map +1 -0
  27. package/dist/allowlist/inline.d.ts +149 -0
  28. package/dist/allowlist/inline.d.ts.map +1 -0
  29. package/dist/allowlist/inline.js +306 -0
  30. package/dist/allowlist/inline.js.map +1 -0
  31. package/dist/baseline/baseline-file.d.ts +7 -0
  32. package/dist/baseline/baseline-file.d.ts.map +1 -1
  33. package/dist/baseline/baseline-file.js +22 -1
  34. package/dist/baseline/baseline-file.js.map +1 -1
  35. package/dist/baseline/check-renderers.d.ts +13 -1
  36. package/dist/baseline/check-renderers.d.ts.map +1 -1
  37. package/dist/baseline/check-renderers.js +67 -1
  38. package/dist/baseline/check-renderers.js.map +1 -1
  39. package/dist/baseline/check.d.ts +33 -7
  40. package/dist/baseline/check.d.ts.map +1 -1
  41. package/dist/baseline/check.js +90 -64
  42. package/dist/baseline/check.js.map +1 -1
  43. package/dist/baseline/create.d.ts +35 -7
  44. package/dist/baseline/create.d.ts.map +1 -1
  45. package/dist/baseline/create.js +43 -5
  46. package/dist/baseline/create.js.map +1 -1
  47. package/dist/baseline/entry-to-located.d.ts +6 -1
  48. package/dist/baseline/entry-to-located.d.ts.map +1 -1
  49. package/dist/baseline/entry-to-located.js +20 -2
  50. package/dist/baseline/entry-to-located.js.map +1 -1
  51. package/dist/baseline/finding-identity.d.ts.map +1 -1
  52. package/dist/baseline/finding-identity.js +15 -13
  53. package/dist/baseline/finding-identity.js.map +1 -1
  54. package/dist/baseline/modes.d.ts +140 -0
  55. package/dist/baseline/modes.d.ts.map +1 -0
  56. package/dist/baseline/modes.js +179 -0
  57. package/dist/baseline/modes.js.map +1 -0
  58. package/dist/baseline/policy.d.ts +64 -0
  59. package/dist/baseline/policy.d.ts.map +1 -1
  60. package/dist/baseline/policy.js +102 -1
  61. package/dist/baseline/policy.js.map +1 -1
  62. package/dist/baseline/producers/health.d.ts +2 -2
  63. package/dist/baseline/producers/health.d.ts.map +1 -1
  64. package/dist/baseline/producers/health.js.map +1 -1
  65. package/dist/baseline/producers/index.d.ts +11 -5
  66. package/dist/baseline/producers/index.d.ts.map +1 -1
  67. package/dist/baseline/producers/index.js +12 -9
  68. package/dist/baseline/producers/index.js.map +1 -1
  69. package/dist/baseline/producers/quality.d.ts +3 -3
  70. package/dist/baseline/producers/quality.d.ts.map +1 -1
  71. package/dist/baseline/producers/quality.js.map +1 -1
  72. package/dist/baseline/producers/secret-hmac.d.ts +2 -2
  73. package/dist/baseline/producers/secret-hmac.d.ts.map +1 -1
  74. package/dist/baseline/producers/secret-hmac.js.map +1 -1
  75. package/dist/baseline/producers/security.d.ts +2 -2
  76. package/dist/baseline/producers/security.d.ts.map +1 -1
  77. package/dist/baseline/producers/security.js.map +1 -1
  78. package/dist/baseline/producers/stale-allow.d.ts +70 -0
  79. package/dist/baseline/producers/stale-allow.d.ts.map +1 -0
  80. package/dist/baseline/producers/stale-allow.js +111 -0
  81. package/dist/baseline/producers/stale-allow.js.map +1 -0
  82. package/dist/baseline/producers/tests.d.ts +2 -2
  83. package/dist/baseline/producers/tests.d.ts.map +1 -1
  84. package/dist/baseline/producers/tests.js.map +1 -1
  85. package/dist/baseline/ref-baseline.d.ts +114 -0
  86. package/dist/baseline/ref-baseline.d.ts.map +1 -0
  87. package/dist/baseline/ref-baseline.js +260 -0
  88. package/dist/baseline/ref-baseline.js.map +1 -0
  89. package/dist/baseline/sanitize.d.ts +80 -0
  90. package/dist/baseline/sanitize.d.ts.map +1 -0
  91. package/dist/baseline/sanitize.js +91 -0
  92. package/dist/baseline/sanitize.js.map +1 -0
  93. package/dist/baseline/show.d.ts.map +1 -1
  94. package/dist/baseline/show.js +9 -3
  95. package/dist/baseline/show.js.map +1 -1
  96. package/dist/baseline/types.d.ts +73 -26
  97. package/dist/baseline/types.d.ts.map +1 -1
  98. package/dist/baseline/types.js +7 -1
  99. package/dist/baseline/types.js.map +1 -1
  100. package/dist/baseline/visibility.d.ts +61 -0
  101. package/dist/baseline/visibility.d.ts.map +1 -0
  102. package/dist/baseline/visibility.js +121 -0
  103. package/dist/baseline/visibility.js.map +1 -0
  104. package/dist/cli.d.ts.map +1 -1
  105. package/dist/cli.js +88 -3
  106. package/dist/cli.js.map +1 -1
  107. package/dist/doctor.d.ts.map +1 -1
  108. package/dist/doctor.js +106 -16
  109. package/dist/doctor.js.map +1 -1
  110. package/dist/issue-cli.d.ts +62 -0
  111. package/dist/issue-cli.d.ts.map +1 -0
  112. package/dist/issue-cli.js +252 -0
  113. package/dist/issue-cli.js.map +1 -0
  114. package/dist/languages/csharp.d.ts.map +1 -1
  115. package/dist/languages/csharp.js +1 -0
  116. package/dist/languages/csharp.js.map +1 -1
  117. package/dist/languages/go.d.ts.map +1 -1
  118. package/dist/languages/go.js +1 -0
  119. package/dist/languages/go.js.map +1 -1
  120. package/dist/languages/java.d.ts.map +1 -1
  121. package/dist/languages/java.js +1 -0
  122. package/dist/languages/java.js.map +1 -1
  123. package/dist/languages/kotlin.d.ts.map +1 -1
  124. package/dist/languages/kotlin.js +1 -0
  125. package/dist/languages/kotlin.js.map +1 -1
  126. package/dist/languages/python.d.ts.map +1 -1
  127. package/dist/languages/python.js +1 -0
  128. package/dist/languages/python.js.map +1 -1
  129. package/dist/languages/ruby.d.ts.map +1 -1
  130. package/dist/languages/ruby.js +1 -0
  131. package/dist/languages/ruby.js.map +1 -1
  132. package/dist/languages/rust.d.ts.map +1 -1
  133. package/dist/languages/rust.js +1 -0
  134. package/dist/languages/rust.js.map +1 -1
  135. package/dist/languages/types.d.ts +25 -0
  136. package/dist/languages/types.d.ts.map +1 -1
  137. package/dist/languages/typescript.d.ts.map +1 -1
  138. package/dist/languages/typescript.js +1 -0
  139. package/dist/languages/typescript.js.map +1 -1
  140. package/package.json +1 -1
  141. package/templates/.claude/skills/dxkit-action/SKILL.md +105 -11
  142. package/templates/.claude/skills/dxkit-onboard/SKILL.md +31 -3
  143. package/dist/baseline/producers/licenses.d.ts +0 -23
  144. package/dist/baseline/producers/licenses.d.ts.map +0 -1
  145. package/dist/baseline/producers/licenses.js +0 -46
  146. package/dist/baseline/producers/licenses.js.map +0 -1
@@ -23,10 +23,47 @@
23
23
  * Phase 3's baseline-metadata work can light them up incrementally
24
24
  * without re-shaping consumer code.
25
25
  */
26
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
27
+ if (k2 === undefined) k2 = k;
28
+ var desc = Object.getOwnPropertyDescriptor(m, k);
29
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
30
+ desc = { enumerable: true, get: function() { return m[k]; } };
31
+ }
32
+ Object.defineProperty(o, k2, desc);
33
+ }) : (function(o, m, k, k2) {
34
+ if (k2 === undefined) k2 = k;
35
+ o[k2] = m[k];
36
+ }));
37
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
38
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
39
+ }) : function(o, v) {
40
+ o["default"] = v;
41
+ });
42
+ var __importStar = (this && this.__importStar) || (function () {
43
+ var ownKeys = function(o) {
44
+ ownKeys = Object.getOwnPropertyNames || function (o) {
45
+ var ar = [];
46
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
47
+ return ar;
48
+ };
49
+ return ownKeys(o);
50
+ };
51
+ return function (mod) {
52
+ if (mod && mod.__esModule) return mod;
53
+ var result = {};
54
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
55
+ __setModuleDefault(result, mod);
56
+ return result;
57
+ };
58
+ })();
26
59
  Object.defineProperty(exports, "__esModule", { value: true });
27
- exports.DEFAULT_BROWNFIELD_POLICY = void 0;
60
+ exports.DEFAULT_POLICY_FILENAME = exports.DEFAULT_BROWNFIELD_POLICY = void 0;
28
61
  exports.classify = classify;
29
62
  exports.classifyAll = classifyAll;
63
+ exports.resolvePolicy = resolvePolicy;
64
+ exports.loadPolicyFromCwd = loadPolicyFromCwd;
65
+ const fs = __importStar(require("fs"));
66
+ const path = __importStar(require("path"));
30
67
  /**
31
68
  * Default brownfield policy. Captures the conservative posture from
32
69
  * the agentic-brownfield strategy: block only on high-confidence new
@@ -203,4 +240,68 @@ function evaluateBlockRules(status, rules, context) {
203
240
  function classifyAll(pairs, policy = exports.DEFAULT_BROWNFIELD_POLICY, contextFor = () => ({})) {
204
241
  return pairs.map((pair) => classify(pair, policy, contextFor(pair)));
205
242
  }
243
+ /** Conventional location for a per-repo brownfield policy. Loaded
244
+ * automatically by `resolvePolicy` when present. */
245
+ exports.DEFAULT_POLICY_FILENAME = path.join('.dxkit', 'policy.json');
246
+ /**
247
+ * Load a brownfield policy with the three-step resolution order
248
+ * shared by `createBaseline` and `runGuardrailCheck`:
249
+ *
250
+ * 1. `policyPath` (explicit `--policy <p>` flag). Errors if the
251
+ * path is supplied but unreadable / malformed.
252
+ * 2. `<cwd>/.dxkit/policy.json` (conventional). Silently skipped
253
+ * when absent so consumers without a policy get the defaults.
254
+ * 3. `DEFAULT_BROWNFIELD_POLICY` (compiled-in fallback).
255
+ *
256
+ * Customer fields shallow-merge over the default. The
257
+ * `confidence` / `blockRules` blocks deep-merge by key. Unknown
258
+ * fields are preserved — the classifier ignores what it doesn't
259
+ * know, so forward-compatible policy files don't break old dxkit.
260
+ */
261
+ function resolvePolicy(policyPath, cwd) {
262
+ let resolvedPath = policyPath;
263
+ if (!resolvedPath) {
264
+ const conventional = path.join(cwd, exports.DEFAULT_POLICY_FILENAME);
265
+ if (fs.existsSync(conventional))
266
+ resolvedPath = conventional;
267
+ }
268
+ if (!resolvedPath)
269
+ return exports.DEFAULT_BROWNFIELD_POLICY;
270
+ let raw;
271
+ try {
272
+ raw = fs.readFileSync(resolvedPath, 'utf8');
273
+ }
274
+ catch (err) {
275
+ throw new Error(`policy file not readable: ${resolvedPath} (${err.message})`);
276
+ }
277
+ let parsed;
278
+ try {
279
+ parsed = JSON.parse(raw);
280
+ }
281
+ catch (err) {
282
+ throw new Error(`policy file is not valid JSON: ${resolvedPath} (${err.message})`);
283
+ }
284
+ if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
285
+ throw new Error(`policy file root is not an object: ${resolvedPath}`);
286
+ }
287
+ const obj = parsed;
288
+ return {
289
+ ...exports.DEFAULT_BROWNFIELD_POLICY,
290
+ ...obj,
291
+ confidence: { ...exports.DEFAULT_BROWNFIELD_POLICY.confidence, ...(obj.confidence ?? {}) },
292
+ blockRules: { ...exports.DEFAULT_BROWNFIELD_POLICY.blockRules, ...(obj.blockRules ?? {}) },
293
+ block: obj.block ?? exports.DEFAULT_BROWNFIELD_POLICY.block,
294
+ warn: obj.warn ?? exports.DEFAULT_BROWNFIELD_POLICY.warn,
295
+ addedRequiresChangedLines: obj.addedRequiresChangedLines ?? exports.DEFAULT_BROWNFIELD_POLICY.addedRequiresChangedLines,
296
+ mode: 'brownfield',
297
+ };
298
+ }
299
+ /**
300
+ * Convenience wrapper for callers that don't take a `--policy`
301
+ * override (e.g., `createBaseline`). Loads the conventional file if
302
+ * present; returns defaults otherwise.
303
+ */
304
+ function loadPolicyFromCwd(cwd) {
305
+ return resolvePolicy(undefined, cwd);
306
+ }
206
307
  //# sourceMappingURL=policy.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/baseline/policy.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;AA0KH,4BAuEC;AAkED,kCAMC;AAlPD;;;;;;;;;;;GAWG;AACU,QAAA,yBAAyB,GAAqB,MAAM,CAAC,MAAM,CAAC;IACvE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAiC,CAAC;IAC/D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC;QAClB,mBAAmB;QACnB,gBAAgB;QAChB,eAAe;QACf,cAAc;QACd,WAAW;KACoB,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,IAAI;QACZ,GAAG,EAAE,GAAG;KACT,CAAC;IACF,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,SAAS,EAAE,IAAI;QACf,mBAAmB,EAAE,IAAI;QACzB,eAAe,EAAE,IAAI;QACrB,kCAAkC,EAAE,IAAI;QACxC,uCAAuC,EAAE,IAAI;QAC7C,wBAAwB,EAAE,IAAI;QAC9B,mCAAmC,EAAE,IAAI;KAC1C,CAAC;IACF,yBAAyB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CAC9D,CAAC,CAAC;AA0CH;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,QAAQ,CACtB,IAAe,EACf,SAA2B,iCAAyB,EACpD,UAA2B,EAAE;IAE7B,IAAI,MAAM,GAAkB,IAAI,CAAC,MAAM,CAAC;IACxC,MAAM,OAAO,GAAkB,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAEjD,gDAAgD;IAChD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClC,MAAM,GAAG,eAAe,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,qDAAqD;aAC9D,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACjC,MAAM,GAAG,cAAc,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,mDAAmD;aAC5D,CAAC,CAAC;QACL,CAAC;aAAM,IACL,OAAO,CAAC,IAAI;YACZ,MAAM,CAAC,yBAAyB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YACvD,OAAO,CAAC,oBAAoB,KAAK,KAAK,EACtC,CAAC;YACD,2DAA2D;YAC3D,yDAAyD;YACzD,yDAAyD;YACzD,6DAA6D;YAC7D,4DAA4D;YAC5D,yBAAyB;YACzB,MAAM,GAAG,WAAW,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,8HAA8H;aACtJ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ;YAChC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;YACrC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,GAAG,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EACJ,oBAAoB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACxF,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC,CAAC;YACH,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5E,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,4BAA4B,YAAY,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,YAAY,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE3C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,kBAAkB,CACzB,MAAqB,EACrB,KAA2B,EAC3B,OAAwB;IAExB,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC;IACrE,IAAI,KAAK,CAAC,mBAAmB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5F,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,IACE,KAAK,CAAC,kCAAkC;QACxC,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,UAAU,EAC/B,CAAC;QACD,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,IACE,KAAK,CAAC,uCAAuC;QAC7C,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,MAAM;QAC3B,OAAO,CAAC,SAAS,KAAK,IAAI,EAC1B,CAAC;QACD,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,IACE,KAAK,CAAC,wBAAwB;QAC9B,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,0BAA0B,CAAC;IACpC,CAAC;IACD,IACE,KAAK,CAAC,mCAAmC;QACzC,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC;QACvD,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC;QAChE,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,qCAAqC,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CACzB,KAA+B,EAC/B,SAA2B,iCAAyB,EACpD,aAAmD,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;IAE7D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC"}
1
+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/baseline/policy.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoNH,4BAuEC;AAkED,kCAMC;AAqBD,sCAkCC;AAOD,8CAEC;AAjaD,uCAAyB;AACzB,2CAA6B;AA8G7B;;;;;;;;;;;GAWG;AACU,QAAA,yBAAyB,GAAqB,MAAM,CAAC,MAAM,CAAC;IACvE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAiC,CAAC;IAC/D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC;QAClB,mBAAmB;QACnB,gBAAgB;QAChB,eAAe;QACf,cAAc;QACd,WAAW;KACoB,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,IAAI;QACZ,GAAG,EAAE,GAAG;KACT,CAAC;IACF,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,SAAS,EAAE,IAAI;QACf,mBAAmB,EAAE,IAAI;QACzB,eAAe,EAAE,IAAI;QACrB,kCAAkC,EAAE,IAAI;QACxC,uCAAuC,EAAE,IAAI;QAC7C,wBAAwB,EAAE,IAAI;QAC9B,mCAAmC,EAAE,IAAI;KAC1C,CAAC;IACF,yBAAyB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;CAC9D,CAAC,CAAC;AA0CH;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,QAAQ,CACtB,IAAe,EACf,SAA2B,iCAAyB,EACpD,UAA2B,EAAE;IAE7B,IAAI,MAAM,GAAkB,IAAI,CAAC,MAAM,CAAC;IACxC,MAAM,OAAO,GAAkB,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAEjD,gDAAgD;IAChD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClC,MAAM,GAAG,eAAe,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,eAAe;gBACrB,MAAM,EAAE,qDAAqD;aAC9D,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACjC,MAAM,GAAG,cAAc,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,mDAAmD;aAC5D,CAAC,CAAC;QACL,CAAC;aAAM,IACL,OAAO,CAAC,IAAI;YACZ,MAAM,CAAC,yBAAyB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC;YACvD,OAAO,CAAC,oBAAoB,KAAK,KAAK,EACtC,CAAC;YACD,2DAA2D;YAC3D,yDAAyD;YACzD,yDAAyD;YACzD,6DAA6D;YAC7D,4DAA4D;YAC5D,yBAAyB;YACzB,MAAM,GAAG,WAAW,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,8HAA8H;aACtJ,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ;YAChC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;YACrC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,UAAU,GAAG,SAAS,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,MAAM,EACJ,oBAAoB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACxF,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,iBAAiB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC,CAAC;YACH,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5E,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,4BAA4B,YAAY,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,YAAY,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE3C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,kBAAkB,CACzB,MAAqB,EACrB,KAA2B,EAC3B,OAAwB;IAExB,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,KAAK,CAAC,SAAS,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC;IACrE,IAAI,KAAK,CAAC,mBAAmB,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5F,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpF,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,IACE,KAAK,CAAC,kCAAkC;QACxC,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,UAAU,EAC/B,CAAC;QACD,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,IACE,KAAK,CAAC,uCAAuC;QAC7C,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,QAAQ,KAAK,MAAM;QAC3B,OAAO,CAAC,SAAS,KAAK,IAAI,EAC1B,CAAC;QACD,OAAO,yCAAyC,CAAC;IACnD,CAAC;IACD,IACE,KAAK,CAAC,wBAAwB;QAC9B,OAAO,CAAC,IAAI,KAAK,UAAU;QAC3B,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,0BAA0B,CAAC;IACpC,CAAC;IACD,IACE,KAAK,CAAC,mCAAmC;QACzC,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC;QACvD,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC;QAChE,OAAO,CAAC,oBAAoB,KAAK,IAAI,EACrC,CAAC;QACD,OAAO,qCAAqC,CAAC;IAC/C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CACzB,KAA+B,EAC/B,SAA2B,iCAAyB,EACpD,aAAmD,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC;IAE7D,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;qDACqD;AACxC,QAAA,uBAAuB,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AAE1E;;;;;;;;;;;;;;GAcG;AACH,SAAgB,aAAa,CAAC,UAA8B,EAAE,GAAW;IACvE,IAAI,YAAY,GAAuB,UAAU,CAAC;IAClD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,+BAAuB,CAAC,CAAC;QAC7D,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC;YAAE,YAAY,GAAG,YAAY,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,YAAY;QAAE,OAAO,iCAAyB,CAAC;IACpD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,YAAY,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,KAAM,GAAa,CAAC,OAAO,GAAG,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,GAAG,GAAG,MAAmC,CAAC;IAChD,OAAO;QACL,GAAG,iCAAyB;QAC5B,GAAG,GAAG;QACN,UAAU,EAAE,EAAE,GAAG,iCAAyB,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE;QAClF,UAAU,EAAE,EAAE,GAAG,iCAAyB,CAAC,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE;QAClF,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,iCAAyB,CAAC,KAAK;QACnD,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,iCAAyB,CAAC,IAAI;QAChD,yBAAyB,EACvB,GAAG,CAAC,yBAAyB,IAAI,iCAAyB,CAAC,yBAAyB;QACtF,IAAI,EAAE,YAAY;KACnB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,OAAO,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC"}
@@ -14,7 +14,7 @@
14
14
  * two in sync ensures the per-file identity set sums to the
15
15
  * aggregate count.
16
16
  */
17
- import type { BaselineEntry } from '../types';
17
+ import type { RichBaselineEntry } from '../types';
18
18
  import type { HealthMetrics } from '../../analyzers/types';
19
19
  /** Canonical large-file threshold — file is "too large" at strictly
20
20
  * more than this many lines. Mirror of the constant the generic-
@@ -26,5 +26,5 @@ export declare const LARGE_FILE_THRESHOLD_LINES = 500;
26
26
  * Files with `lines <= threshold` are skipped so the identity set
27
27
  * matches the user-facing aggregate count.
28
28
  */
29
- export declare function largeFilesToBaselineEntries(metrics: HealthMetrics): BaselineEntry[];
29
+ export declare function largeFilesToBaselineEntries(metrics: HealthMetrics): RichBaselineEntry[];
30
30
  //# sourceMappingURL=health.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,aAAa,EAA0B,MAAM,UAAU,CAAC;AACtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;uDAGuD;AACvD,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,EAAE,CAQnF"}
1
+ {"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAA0B,MAAM,UAAU,CAAC;AAC1E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D;;;uDAGuD;AACvD,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,aAAa,GAAG,iBAAiB,EAAE,CAQvF"}
@@ -1 +1 @@
1
- {"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAiBH,kEAQC;AAvBD,0DAAkD;AAIlD;;;uDAGuD;AAC1C,QAAA,0BAA0B,GAAG,GAAG,CAAC;AAE9C;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,OAAsB;IAChE,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,KAAK,IAAI,kCAA0B;YAAE,SAAS;QACpD,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/baseline/producers/health.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAiBH,kEAQC;AAvBD,0DAAkD;AAIlD;;;uDAGuD;AAC1C,QAAA,0BAA0B,GAAG,GAAG,CAAC;AAE9C;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,OAAsB;IAChE,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,KAAK,IAAI,kCAA0B;YAAE,SAAS;QACpD,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -52,7 +52,8 @@
52
52
  import type { GitleaksRawSecret } from '../../analyzers/tools/gitleaks';
53
53
  import type { AnalysisResult } from '../../analysis-result';
54
54
  import type { TestGapsReport } from '../../analyzers/tests/types';
55
- import type { BaselineEntry } from '../types';
55
+ import type { InlineAllowlistOccurrence } from '../../allowlist/gather';
56
+ import type { BaselineEntry, RichBaselineEntry } from '../types';
56
57
  /** Every discriminant value the `BaselineEntry` union takes. Mirror
57
58
  * of `IdentityInput['kind']` — kept as a separate alias because the
58
59
  * registry contract speaks in terms of stored entries, not the
@@ -101,6 +102,10 @@ export interface ProducerContext {
101
102
  /** Raw secrets gitleaks captured (process-only; never written to
102
103
  * disk; consumed by the secret-HMAC producer). */
103
104
  readonly rawSecrets: ReadonlyArray<GitleaksRawSecret>;
105
+ /** Inline `dxkit-allow:` annotations gathered from source files.
106
+ * Consumed by the stale-allow producer to detect orphaned
107
+ * annotations whose underlying finding is gone. */
108
+ readonly inlineAllowlistAnnotations: ReadonlyArray<InlineAllowlistOccurrence>;
104
109
  }
105
110
  /**
106
111
  * The registry entry shape. A producer self-describes the kinds it
@@ -114,11 +119,12 @@ export interface BaselineProducer {
114
119
  * the union across every producer and asserts it covers every
115
120
  * `IdentityKind` value not in `DEFERRED_KINDS`. */
116
121
  readonly contributes: ReadonlyArray<IdentityKind>;
117
- /** Build `BaselineEntry`s from the shared context. Producers
122
+ /** Build `RichBaselineEntry`s from the shared context. Producers
118
123
  * emit ZERO entries when their upstream data is missing
119
124
  * (analyzer didn't run, envelope absent, etc.) — never throw
120
- * for missing inputs. */
121
- readonly produce: (ctx: ProducerContext) => BaselineEntry[];
125
+ * for missing inputs. Producers always emit the rich shape;
126
+ * sanitization is applied at the write boundary, not here. */
127
+ readonly produce: (ctx: ProducerContext) => RichBaselineEntry[];
122
128
  }
123
129
  /**
124
130
  * Identity kinds declared in `IdentityInput` but not yet wired by
@@ -154,7 +160,7 @@ export declare const PRODUCERS: ReadonlyArray<BaselineProducer>;
154
160
  * for production use; the playbook test calls it with an extended
155
161
  * list to verify synthetic producers flow through.
156
162
  */
157
- export declare function runProducers(ctx: ProducerContext, producers?: ReadonlyArray<BaselineProducer>): BaselineEntry[];
163
+ export declare function runProducers(ctx: ProducerContext, producers?: ReadonlyArray<BaselineProducer>): RichBaselineEntry[];
158
164
  /**
159
165
  * Every kind currently contributed by some producer in `producers`.
160
166
  * Convenience used by the contract test + by the orchestrator for
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAQ9C;;;8BAG8B;AAC9B,MAAM,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC3C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;CAClC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B,0BAA0B;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;yCAEqC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;wCACoC;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;kDAC8C;IAC9C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;;qBAEiB;IACjB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC;uDACmD;IACnD,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;CACvD;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B;4DACwD;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;wDAEoD;IACpD,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD;;;8BAG0B;IAC1B,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,eAAe,KAAK,aAAa,EAAE,CAAC;CAC7D;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,cAAc,EAAE,QAAQ,CACnC,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B1E,CAAC;AAiEH;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,EAAE,aAAa,CAAC,gBAAgB,CAOpD,CAAC;AAEH;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,aAAa,EAAE,CAMjB;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CACxB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,WAAW,CAAC,YAAY,CAAC,CAI3B"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAQjE;;;8BAG8B;AAC9B,MAAM,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC3C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;CAClC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B,0BAA0B;IAC1B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB;;yCAEqC;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B;wCACoC;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;kDAC8C;IAC9C,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC;;qBAEiB;IACjB,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IACxC,oEAAoE;IACpE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC;uDACmD;IACnD,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD;;wDAEoD;IACpD,QAAQ,CAAC,0BAA0B,EAAE,aAAa,CAAC,yBAAyB,CAAC,CAAC;CAC/E;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B;4DACwD;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;wDAEoD;IACpD,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;IAClD;;;;mEAI+D;IAC/D,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,eAAe,KAAK,iBAAiB,EAAE,CAAC;CACjE;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,cAAc,EAAE,QAAQ,CACnC,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B1E,CAAC;AAoEH;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,EAAE,aAAa,CAAC,gBAAgB,CAOpD,CAAC;AAEH;;;;;GAKG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,iBAAiB,EAAE,CAMrB;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CACxB,SAAS,GAAE,aAAa,CAAC,gBAAgB,CAAa,GACrD,WAAW,CAAC,YAAY,CAAC,CAI3B"}
@@ -55,10 +55,10 @@ exports.PRODUCERS = exports.DEFERRED_KINDS = void 0;
55
55
  exports.runProducers = runProducers;
56
56
  exports.wiredKinds = wiredKinds;
57
57
  const health_1 = require("./health");
58
- const licenses_1 = require("./licenses");
59
58
  const quality_1 = require("./quality");
60
59
  const secret_hmac_1 = require("./secret-hmac");
61
60
  const security_1 = require("./security");
61
+ const stale_allow_1 = require("./stale-allow");
62
62
  const tests_1 = require("./tests");
63
63
  /**
64
64
  * Identity kinds declared in `IdentityInput` but not yet wired by
@@ -141,13 +141,6 @@ const HEALTH_PRODUCER = {
141
141
  return (0, health_1.largeFilesToBaselineEntries)(ctx.analysisResult.metrics);
142
142
  },
143
143
  };
144
- const LICENSES_PRODUCER = {
145
- name: 'licenses',
146
- contributes: ['license'],
147
- produce(ctx) {
148
- return (0, licenses_1.licensesToBaselineEntries)(ctx.analysisResult.capabilities.licenses);
149
- },
150
- };
151
144
  const TESTS_PRODUCER = {
152
145
  name: 'tests',
153
146
  contributes: ['test-gap', 'test-file-degradation'],
@@ -155,6 +148,16 @@ const TESTS_PRODUCER = {
155
148
  return (0, tests_1.testGapsToBaselineEntries)(ctx.testGapsReport);
156
149
  },
157
150
  };
151
+ const STALE_ALLOW_PRODUCER = {
152
+ name: 'stale-allow',
153
+ contributes: ['stale-allow'],
154
+ produce(ctx) {
155
+ return (0, stale_allow_1.staleAllowToBaselineEntries)({
156
+ annotations: ctx.inlineAllowlistAnnotations,
157
+ aggregate: ctx.analysisResult.capabilities.securityAggregate ?? null,
158
+ });
159
+ },
160
+ };
158
161
  /**
159
162
  * The canonical producer list. Order is preserved in baseline-file
160
163
  * output for deterministic diffs; adding a new producer appends
@@ -169,8 +172,8 @@ exports.PRODUCERS = Object.freeze([
169
172
  SECRET_HMAC_PRODUCER,
170
173
  QUALITY_PRODUCER,
171
174
  HEALTH_PRODUCER,
172
- LICENSES_PRODUCER,
173
175
  TESTS_PRODUCER,
176
+ STALE_ALLOW_PRODUCER,
174
177
  ]);
175
178
  /**
176
179
  * Run every producer in `producers` against the shared context and
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;;;AAuNH,oCASC;AAOD,gCAMC;AAvOD,qCAAuD;AACvD,yCAAuD;AACvD,uCAAsF;AACtF,+CAA4D;AAC5D,yCAAgE;AAChE,mCAAoD;AAyEpD;;;;;;;;;;;;;GAaG;AACU,QAAA,cAAc,GAEvB,MAAM,CAAC,MAAM,CAAC;IAChB,UAAU,EAAE;QACV,MAAM,EACJ,6EAA6E;YAC7E,kEAAkE;YAClE,gFAAgF;QAClF,YAAY,EAAE,gDAAgD;KAC/D;IACD,OAAO,EAAE;QACP,MAAM,EACJ,6EAA6E;YAC7E,+EAA+E;YAC/E,iEAAiE;YACjE,+EAA+E;QACjF,YAAY,EAAE,6BAA6B;KAC5C;IACD,cAAc,EAAE;QACd,MAAM,EACJ,yEAAyE;YACzE,uEAAuE;YACvE,yEAAyE;YACzE,6CAA6C;YAC7C,2EAA2E;YAC3E,uEAAuE;QACzE,YAAY,EAAE,uCAAuC;KACtD;CACF,CAAC,CAAC;AAEH,6EAA6E;AAC7E,mEAAmE;AACnE,qEAAqE;AACrE,mEAAmE;AACnE,iEAAiE;AACjE,aAAa;AAEb,MAAM,iBAAiB,GAAqB;IAC1C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC;IACrD,OAAO,CAAC,GAAG;QACT,MAAM,SAAS,GAAG,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;QACpE,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAC1B,OAAO,IAAA,6CAAkC,EAAC,SAAS,EAAE;YACnD,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAqB;IAC7C,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,yCAA2B,EAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrF,CAAC;CACF,CAAC;AAEF,MAAM,gBAAgB,GAAqB;IACzC,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC;IAC1C,OAAO,CAAC,GAAG;QACT,OAAO;YACL,GAAG,IAAA,sCAA4B,EAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,WAAW,CAAC;YAC5E,GAAG,IAAA,qCAA2B,EAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;SACvD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAqB;IACxC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,oCAA2B,EAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjE,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAqB;IAC1C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,SAAS,CAAC;IACxB,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,oCAAyB,EAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC7E,CAAC;CACF,CAAC;AAEF,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,OAAO;IACb,WAAW,EAAE,CAAC,UAAU,EAAE,uBAAuB,CAAC;IAClD,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,iCAAyB,EAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACvD,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACU,QAAA,SAAS,GAAoC,MAAM,CAAC,MAAM,CAAC;IACtE,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,eAAe;IACf,iBAAiB;IACjB,cAAc;CACf,CAAC,CAAC;AAEH;;;;;GAKG;AACH,SAAgB,YAAY,CAC1B,GAAoB,EACpB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CACxB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,SAAS;QAAE,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/baseline/producers/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;;;AAgOH,oCASC;AAOD,gCAMC;AA/OD,qCAAuD;AACvD,uCAAsF;AACtF,+CAA4D;AAC5D,yCAAgE;AAChE,+CAA4D;AAC5D,mCAAoD;AA8EpD;;;;;;;;;;;;;GAaG;AACU,QAAA,cAAc,GAEvB,MAAM,CAAC,MAAM,CAAC;IAChB,UAAU,EAAE;QACV,MAAM,EACJ,6EAA6E;YAC7E,kEAAkE;YAClE,gFAAgF;QAClF,YAAY,EAAE,gDAAgD;KAC/D;IACD,OAAO,EAAE;QACP,MAAM,EACJ,6EAA6E;YAC7E,+EAA+E;YAC/E,iEAAiE;YACjE,+EAA+E;QACjF,YAAY,EAAE,6BAA6B;KAC5C;IACD,cAAc,EAAE;QACd,MAAM,EACJ,yEAAyE;YACzE,uEAAuE;YACvE,yEAAyE;YACzE,6CAA6C;YAC7C,2EAA2E;YAC3E,uEAAuE;QACzE,YAAY,EAAE,uCAAuC;KACtD;CACF,CAAC,CAAC;AAEH,6EAA6E;AAC7E,mEAAmE;AACnE,qEAAqE;AACrE,mEAAmE;AACnE,iEAAiE;AACjE,aAAa;AAEb,MAAM,iBAAiB,GAAqB;IAC1C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC;IACrD,OAAO,CAAC,GAAG;QACT,MAAM,SAAS,GAAG,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,CAAC;QACpE,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAC1B,OAAO,IAAA,6CAAkC,EAAC,SAAS,EAAE;YACnD,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAqB;IAC7C,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,yCAA2B,EAAC,EAAE,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrF,CAAC;CACF,CAAC;AAEF,MAAM,gBAAgB,GAAqB;IACzC,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC;IAC1C,OAAO,CAAC,GAAG;QACT,OAAO;YACL,GAAG,IAAA,sCAA4B,EAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,WAAW,CAAC;YAC5E,GAAG,IAAA,qCAA2B,EAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;SACvD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAqB;IACxC,IAAI,EAAE,QAAQ;IACd,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,oCAA2B,EAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACjE,CAAC;CACF,CAAC;AAEF,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,OAAO;IACb,WAAW,EAAE,CAAC,UAAU,EAAE,uBAAuB,CAAC;IAClD,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,iCAAyB,EAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACvD,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAqB;IAC7C,IAAI,EAAE,aAAa;IACnB,WAAW,EAAE,CAAC,aAAa,CAAC;IAC5B,OAAO,CAAC,GAAG;QACT,OAAO,IAAA,yCAA2B,EAAC;YACjC,WAAW,EAAE,GAAG,CAAC,0BAA0B;YAC3C,SAAS,EAAE,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,iBAAiB,IAAI,IAAI;SACrE,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;;;;;GAQG;AACU,QAAA,SAAS,GAAoC,MAAM,CAAC,MAAM,CAAC;IACtE,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,eAAe;IACf,cAAc;IACd,oBAAoB;CACrB,CAAC,CAAC;AAEH;;;;;GAKG;AACH,SAAgB,YAAY,CAC1B,GAAoB,EACpB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CACxB,YAA6C,iBAAS;IAEtD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,SAAS;QAAE,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACrE,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -26,14 +26,14 @@
26
26
  * kind) require extending `gatherHygieneMarkers` to emit
27
27
  * positions, not just counts. Pending in a follow-up commit.
28
28
  */
29
- import type { BaselineEntry } from '../types';
29
+ import type { RichBaselineEntry } from '../types';
30
30
  import type { DuplicationResult } from '../../languages/capabilities/types';
31
31
  /** Build `duplication` entries from a jscpd-style envelope. */
32
- export declare function duplicationToBaselineEntries(duplication: DuplicationResult | undefined): BaselineEntry[];
32
+ export declare function duplicationToBaselineEntries(duplication: DuplicationResult | undefined): RichBaselineEntry[];
33
33
  /**
34
34
  * Build `stale-file` entries from a list of repo-relative paths.
35
35
  * Files with a suffix outside the canonical stale set are skipped
36
36
  * (defensive — the caller's gather should already have filtered).
37
37
  */
38
- export declare function staleFilesToBaselineEntries(staleFiles: ReadonlyArray<string>): BaselineEntry[];
38
+ export declare function staleFilesToBaselineEntries(staleFiles: ReadonlyArray<string>): RichBaselineEntry[];
39
39
  //# sourceMappingURL=quality.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"quality.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAoD,MAAM,UAAU,CAAC;AAChG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAQ5E,+DAA+D;AAC/D,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,iBAAiB,GAAG,SAAS,GACzC,aAAa,EAAE,CAuBjB;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,aAAa,EAAE,CAW9F"}
1
+ {"version":3,"file":"quality.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAoD,MAAM,UAAU,CAAC;AACpG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAQ5E,+DAA+D;AAC/D,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,iBAAiB,GAAG,SAAS,GACzC,iBAAiB,EAAE,CAuBrB;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CACzC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,GAChC,iBAAiB,EAAE,CAWrB"}
@@ -1 +1 @@
1
- {"version":3,"file":"quality.js","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;AAaH,oEAyBC;AAOD,kEAWC;AAtDD,0DAAkD;AAIlD;;;gBAGgB;AAChB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnF,+DAA+D;AAC/D,SAAgB,4BAA4B,CAC1C,WAA0C;IAE1C,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,GAA6B;YACtC,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC;QACF,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,2BAA2B,CAAC,UAAiC;IAC3E,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,CAAC;YAAE,SAAS;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAC1C,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"quality.js","sourceRoot":"","sources":["../../../src/baseline/producers/quality.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;;AAaH,oEAyBC;AAOD,kEAaC;AAxDD,0DAAkD;AAIlD;;;gBAGgB;AAChB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnF,+DAA+D;AAC/D,SAAgB,4BAA4B,CAC1C,WAA0C;IAE1C,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,KAAK,GAA6B;YACtC,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC;QACF,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,aAAa;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI;YACnB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;YAC7B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS;SAC9B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,SAAgB,2BAA2B,CACzC,UAAiC;IAEjC,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,GAAG,CAAC;YAAE,SAAS;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,SAAS;QAC1C,MAAM,KAAK,GAA2B,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -21,7 +21,7 @@
21
21
  * value, so the HMAC machinery stays out of the public envelope.
22
22
  */
23
23
  import type { GitleaksRawSecret } from '../../analyzers/tools/gitleaks';
24
- import type { BaselineEntry } from '../types';
24
+ import type { RichBaselineEntry } from '../types';
25
25
  export interface SecretHmacProducerInput {
26
26
  /** Raw secrets from `gatherGitleaksResult(cwd).rawSecrets`. */
27
27
  readonly rawSecrets: ReadonlyArray<GitleaksRawSecret>;
@@ -41,5 +41,5 @@ export interface SecretHmacProducerInput {
41
41
  * etc.) would add their own producer; the canonical-rule mapping
42
42
  * collapses cross-tool overlaps inside `identityFor`.
43
43
  */
44
- export declare function rawSecretsToBaselineEntries(input: SecretHmacProducerInput): BaselineEntry[];
44
+ export declare function rawSecretsToBaselineEntries(input: SecretHmacProducerInput): RichBaselineEntry[];
45
45
  //# sourceMappingURL=secret-hmac.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"secret-hmac.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/secret-hmac.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAExE,OAAO,KAAK,EAAE,aAAa,EAA2B,MAAM,UAAU,CAAC;AAEvE,MAAM,WAAW,uBAAuB;IACtC,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD;;;iDAG6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,uBAAuB,GAAG,aAAa,EAAE,CA6B3F"}
1
+ {"version":3,"file":"secret-hmac.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/secret-hmac.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAExE,OAAO,KAAK,EAAE,iBAAiB,EAA2B,MAAM,UAAU,CAAC;AAE3E,MAAM,WAAW,uBAAuB;IACtC,+DAA+D;IAC/D,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAC;IACtD;;;iDAG6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,uBAAuB,GAAG,iBAAiB,EAAE,CA6B/F"}
@@ -1 +1 @@
1
- {"version":3,"file":"secret-hmac.js","sourceRoot":"","sources":["../../../src/baseline/producers/secret-hmac.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;AA2BH,kEA6BC;AAtDD,mEAAsE;AAEtE,0DAAkD;AAalD;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CAAC,KAA8B;IACxE,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,oEAAoE;IACpE,mEAAmE;IACnE,kEAAkE;IAClE,8DAA8D;IAC9D,qDAAqD;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,SAAS;QAC1B,MAAM,IAAI,GAAG,IAAA,+BAAiB,EAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,aAAa,GAA4B;YAC7C,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI;SACL,CAAC;QACF,MAAM,EAAE,GAAG,IAAA,8BAAW,EAAC,aAAa,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,SAAS;QAC3B,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,GAAG,CAAC,IAAI,CAAC;YACP,EAAE;YACF,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"secret-hmac.js","sourceRoot":"","sources":["../../../src/baseline/producers/secret-hmac.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;AA2BH,kEA6BC;AAtDD,mEAAsE;AAEtE,0DAAkD;AAalD;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CAAC,KAA8B;IACxE,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,oEAAoE;IACpE,mEAAmE;IACnE,kEAAkE;IAClE,8DAA8D;IAC9D,qDAAqD;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,SAAS;QAC1B,MAAM,IAAI,GAAG,IAAA,+BAAiB,EAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,aAAa,GAA4B;YAC7C,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI;SACL,CAAC;QACF,MAAM,EAAE,GAAG,IAAA,8BAAW,EAAC,aAAa,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,SAAS;QAC3B,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,GAAG,CAAC,IAAI,CAAC;YACP,EAAE;YACF,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -38,7 +38,7 @@
38
38
  * work.
39
39
  */
40
40
  import type { SecurityAggregate } from '../../analyzers/security/aggregator';
41
- import type { BaselineEntry } from '../types';
41
+ import type { RichBaselineEntry } from '../types';
42
42
  export interface SecurityProducerOptions {
43
43
  /** Repo path; used by `computeContentHashFromCommit` to invoke
44
44
  * `git show`. Omitting it disables content-hash stamping. */
@@ -55,5 +55,5 @@ export interface SecurityProducerOptions {
55
55
  * iteration order of the four categories so the produced baseline
56
56
  * stays stable across re-runs of the same scan.
57
57
  */
58
- export declare function securityAggregateToBaselineEntries(aggregate: SecurityAggregate, options?: SecurityProducerOptions): BaselineEntry[];
58
+ export declare function securityAggregateToBaselineEntries(aggregate: SecurityAggregate, options?: SecurityProducerOptions): RichBaselineEntry[];
59
59
  //# sourceMappingURL=security.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAE7E,OAAO,KAAK,EACV,aAAa,EAKd,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,uBAAuB;IACtC;kEAC8D;IAC9D,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;;;;eAIW;IACX,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAgB,kCAAkC,CAChD,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,uBAA4B,GACpC,aAAa,EAAE,CAwFjB"}
1
+ {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAE7E,OAAO,KAAK,EACV,iBAAiB,EAKlB,MAAM,UAAU,CAAC;AAElB,MAAM,WAAW,uBAAuB;IACtC;kEAC8D;IAC9D,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IACtB;;;;eAIW;IACX,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAgB,kCAAkC,CAChD,SAAS,EAAE,iBAAiB,EAC5B,OAAO,GAAE,uBAA4B,GACpC,iBAAiB,EAAE,CAwFrB"}
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../src/baseline/producers/security.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;;AA8BH,gFA2FC;AAvHD,kDAA+D;AAE/D,0DAAkD;AAqBlD;;;;GAIG;AACH,SAAgB,kCAAkC,CAChD,SAA4B,EAC5B,UAAmC,EAAE;IAErC,MAAM,GAAG,GAAoB,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,CAAC,IAAY,EAAE,IAAY,EAAsB,EAAE;QAC/D,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QACtE,MAAM,IAAI,GAAG,IAAA,2CAA4B,EAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACtF,OAAO,IAAI,IAAI,SAAS,CAAC;IAC3B,CAAC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,MAAM,KAAK,GAAwB;YACjC,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;SACb,CAAC;QACF,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,KAAK,GAAsB;YAC/B,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;SACb,CAAC;QACF,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,MAAM,KAAK,GAAwB;YACjC,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;SACb,CAAC;QACF,iEAAiE;QACjE,yDAAyD;QACzD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,MAAM,KAAK,GAAyB;YAClC,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,EAAE,EAAE,CAAC,CAAC,EAAE;SACT,CAAC;QACF,MAAM,KAAK,GAAkB;YAC3B,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,UAAU,EAAE,CAAC,CAAC,EAAE;YAChB,GAAG,CAAC,CAAC,CAAC,gBAAgB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtF,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}
1
+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../src/baseline/producers/security.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;;AA8BH,gFA2FC;AAvHD,kDAA+D;AAE/D,0DAAkD;AAqBlD;;;;GAIG;AACH,SAAgB,kCAAkC,CAChD,SAA4B,EAC5B,UAAmC,EAAE;IAErC,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,CAAC,IAAY,EAAE,IAAY,EAAsB,EAAE;QAC/D,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QACtE,MAAM,IAAI,GAAG,IAAA,2CAA4B,EAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACtF,OAAO,IAAI,IAAI,SAAS,CAAC;IAC3B,CAAC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,MAAM,KAAK,GAAwB;YACjC,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;SACb,CAAC;QACF,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,KAAK,GAAsB;YAC/B,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;SACb,CAAC;QACF,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,MAAM,KAAK,GAAwB;YACjC,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;SACb,CAAC;QACF,iEAAiE;QACjE,yDAAyD;QACzD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACxD,MAAM,KAAK,GAAyB;YAClC,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;YACpC,EAAE,EAAE,CAAC,CAAC,EAAE;SACT,CAAC;QACF,MAAM,KAAK,GAAsB;YAC/B,EAAE,EAAE,IAAA,8BAAW,EAAC,KAAK,CAAC;YACtB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,UAAU,EAAE,CAAC,CAAC,EAAE;YAChB,GAAG,CAAC,CAAC,CAAC,gBAAgB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtF,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -0,0 +1,70 @@
1
+ /**
2
+ * Stale-allow → baseline-entry producer.
3
+ *
4
+ * Detects orphaned inline allowlist annotations — `dxkit-allow:`
5
+ * comments in source files that no longer match any current
6
+ * finding. The developer added the annotation when something was
7
+ * flagged; the finding is now gone (resolved, scanner-rule changed,
8
+ * code refactored); the annotation is dead code that should be
9
+ * removed.
10
+ *
11
+ * # The matching contract
12
+ *
13
+ * An annotation at `(file, line)` is considered ACTIVE when at
14
+ * least one current finding lands at the same `(file, lineWindow)` —
15
+ * the 3-line window from `lineWindowFor` absorbs small formatter /
16
+ * line-shift drift so a still-relevant annotation doesn't get
17
+ * flagged stale by an unrelated edit.
18
+ *
19
+ * Annotations with no matching finding emit a `stale-allow`
20
+ * `BaselineEntry` whose identity is `(file, lineWindow, category)`.
21
+ * The strict-stale model (TypeScript's `@ts-expect-error` pattern)
22
+ * forces the developer to clean up — preventing the annotation
23
+ * graveyard pattern common to less strict tools.
24
+ *
25
+ * # What counts as a "covered location"
26
+ *
27
+ * Source-anchored finding kinds — `secret`, `code`, `config` —
28
+ * carry `(file, line)` and contribute to the covered set. The
29
+ * `findingsByCategory` arrays on the canonical `SecurityAggregate`
30
+ * are the only source today; the aggregator is the single canonical
31
+ * fingerprint-deduped source of these findings (CLAUDE.md G_v4_8).
32
+ *
33
+ * Kinds without `(file, line)` — `dep-vuln`, `duplication`,
34
+ * `secret-hmac`, `license`, etc. — never participate in inline-
35
+ * annotation matching by construction. Annotations targeting those
36
+ * findings always use the file-level allowlist.
37
+ *
38
+ * # Mode handling
39
+ *
40
+ * `staleHandling` lives in `.dxkit/policy.json` (out of scope for
41
+ * this producer — the orchestrator gates whether to call it). When
42
+ * called, the producer emits `stale-allow` entries unconditionally
43
+ * for every orphan; the policy-level "lenient mode" surfaces these
44
+ * as warnings in the renderer rather than as blocking entries.
45
+ */
46
+ import type { SecurityAggregate } from '../../analyzers/security/aggregator';
47
+ import type { InlineAllowlistOccurrence } from '../../allowlist/gather';
48
+ import type { RichBaselineEntry } from '../types';
49
+ export interface StaleAllowInput {
50
+ readonly annotations: ReadonlyArray<InlineAllowlistOccurrence>;
51
+ readonly aggregate: SecurityAggregate | null;
52
+ }
53
+ /**
54
+ * Build `stale-allow` entries from the annotation list + the
55
+ * canonical security aggregate. Pure function — no I/O, no side
56
+ * effects. Deterministic over equal inputs.
57
+ *
58
+ * Returns an empty array when:
59
+ * - The annotation list is empty (nothing to check).
60
+ * - The aggregate is null AND the annotation list is empty.
61
+ *
62
+ * When the aggregate is null but annotations exist, the producer
63
+ * conservatively emits NO stale entries — the caller has no way to
64
+ * know whether annotations are active or stale without the
65
+ * findings. Surfacing "everything is stale" in that scenario would
66
+ * be wrong; surfacing "everything is fine" is also wrong but less
67
+ * actively misleading.
68
+ */
69
+ export declare function staleAllowToBaselineEntries(input: StaleAllowInput): RichBaselineEntry[];
70
+ //# sourceMappingURL=stale-allow.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"stale-allow.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/stale-allow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AAExE,OAAO,KAAK,EAAE,iBAAiB,EAA2B,MAAM,UAAU,CAAC;AAE3E,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,WAAW,EAAE,aAAa,CAAC,yBAAyB,CAAC,CAAC;IAC/D,QAAQ,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,CAAC;CAC9C;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,eAAe,GAAG,iBAAiB,EAAE,CAwBvF"}
@@ -0,0 +1,111 @@
1
+ "use strict";
2
+ /**
3
+ * Stale-allow → baseline-entry producer.
4
+ *
5
+ * Detects orphaned inline allowlist annotations — `dxkit-allow:`
6
+ * comments in source files that no longer match any current
7
+ * finding. The developer added the annotation when something was
8
+ * flagged; the finding is now gone (resolved, scanner-rule changed,
9
+ * code refactored); the annotation is dead code that should be
10
+ * removed.
11
+ *
12
+ * # The matching contract
13
+ *
14
+ * An annotation at `(file, line)` is considered ACTIVE when at
15
+ * least one current finding lands at the same `(file, lineWindow)` —
16
+ * the 3-line window from `lineWindowFor` absorbs small formatter /
17
+ * line-shift drift so a still-relevant annotation doesn't get
18
+ * flagged stale by an unrelated edit.
19
+ *
20
+ * Annotations with no matching finding emit a `stale-allow`
21
+ * `BaselineEntry` whose identity is `(file, lineWindow, category)`.
22
+ * The strict-stale model (TypeScript's `@ts-expect-error` pattern)
23
+ * forces the developer to clean up — preventing the annotation
24
+ * graveyard pattern common to less strict tools.
25
+ *
26
+ * # What counts as a "covered location"
27
+ *
28
+ * Source-anchored finding kinds — `secret`, `code`, `config` —
29
+ * carry `(file, line)` and contribute to the covered set. The
30
+ * `findingsByCategory` arrays on the canonical `SecurityAggregate`
31
+ * are the only source today; the aggregator is the single canonical
32
+ * fingerprint-deduped source of these findings (CLAUDE.md G_v4_8).
33
+ *
34
+ * Kinds without `(file, line)` — `dep-vuln`, `duplication`,
35
+ * `secret-hmac`, `license`, etc. — never participate in inline-
36
+ * annotation matching by construction. Annotations targeting those
37
+ * findings always use the file-level allowlist.
38
+ *
39
+ * # Mode handling
40
+ *
41
+ * `staleHandling` lives in `.dxkit/policy.json` (out of scope for
42
+ * this producer — the orchestrator gates whether to call it). When
43
+ * called, the producer emits `stale-allow` entries unconditionally
44
+ * for every orphan; the policy-level "lenient mode" surfaces these
45
+ * as warnings in the renderer rather than as blocking entries.
46
+ */
47
+ Object.defineProperty(exports, "__esModule", { value: true });
48
+ exports.staleAllowToBaselineEntries = staleAllowToBaselineEntries;
49
+ const fingerprint_1 = require("../../analyzers/tools/fingerprint");
50
+ const finding_identity_1 = require("../finding-identity");
51
+ /**
52
+ * Build `stale-allow` entries from the annotation list + the
53
+ * canonical security aggregate. Pure function — no I/O, no side
54
+ * effects. Deterministic over equal inputs.
55
+ *
56
+ * Returns an empty array when:
57
+ * - The annotation list is empty (nothing to check).
58
+ * - The aggregate is null AND the annotation list is empty.
59
+ *
60
+ * When the aggregate is null but annotations exist, the producer
61
+ * conservatively emits NO stale entries — the caller has no way to
62
+ * know whether annotations are active or stale without the
63
+ * findings. Surfacing "everything is stale" in that scenario would
64
+ * be wrong; surfacing "everything is fine" is also wrong but less
65
+ * actively misleading.
66
+ */
67
+ function staleAllowToBaselineEntries(input) {
68
+ if (input.annotations.length === 0)
69
+ return [];
70
+ if (input.aggregate === null)
71
+ return [];
72
+ const covered = buildCoveredLocations(input.aggregate);
73
+ const out = [];
74
+ for (const occ of input.annotations) {
75
+ const key = locationKey(occ.file, occ.line);
76
+ if (covered.has(key))
77
+ continue; // active suppression — not stale
78
+ const identityInput = {
79
+ kind: 'stale-allow',
80
+ file: occ.file,
81
+ line: occ.line,
82
+ category: occ.category,
83
+ };
84
+ out.push({
85
+ id: (0, finding_identity_1.identityFor)(identityInput),
86
+ kind: 'stale-allow',
87
+ file: occ.file,
88
+ line: occ.line,
89
+ category: occ.category,
90
+ });
91
+ }
92
+ return out;
93
+ }
94
+ // ─── Internals ────────────────────────────────────────────────────────────
95
+ function buildCoveredLocations(aggregate) {
96
+ const out = new Set();
97
+ for (const f of aggregate.findingsByCategory.secret) {
98
+ out.add(locationKey(f.file, f.line));
99
+ }
100
+ for (const f of aggregate.findingsByCategory.code) {
101
+ out.add(locationKey(f.file, f.line));
102
+ }
103
+ for (const f of aggregate.findingsByCategory.config) {
104
+ out.add(locationKey(f.file, f.line));
105
+ }
106
+ return out;
107
+ }
108
+ function locationKey(file, line) {
109
+ return `${file}\0${(0, fingerprint_1.lineWindowFor)(line)}`;
110
+ }
111
+ //# sourceMappingURL=stale-allow.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"stale-allow.js","sourceRoot":"","sources":["../../../src/baseline/producers/stale-allow.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;;AA6BH,kEAwBC;AAnDD,mEAAkE;AAGlE,0DAAkD;AAQlD;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,2BAA2B,CAAC,KAAsB;IAChE,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9C,IAAI,KAAK,CAAC,SAAS,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,OAAO,GAAG,qBAAqB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACvD,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,iCAAiC;QACjE,MAAM,aAAa,GAA4B;YAC7C,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;QACF,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAA,8BAAW,EAAC,aAAa,CAAC;YAC9B,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6EAA6E;AAE7E,SAAS,qBAAqB,CAAC,SAA4B;IACzD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QAClD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,EAAE,CAAC;QACpD,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,IAAY,EAAE,IAAY;IAC7C,OAAO,GAAG,IAAI,KAAK,IAAA,2BAAa,EAAC,IAAI,CAAC,EAAE,CAAC;AAC3C,CAAC"}
@@ -22,7 +22,7 @@
22
22
  * `AnalysisResult` cache so it doesn't re-gather what the security
23
23
  * producer already triggered).
24
24
  */
25
- import type { BaselineEntry } from '../types';
25
+ import type { RichBaselineEntry } from '../types';
26
26
  import type { TestGapsReport } from '../../analyzers/tests/types';
27
27
  /**
28
28
  * Build `test-gap` + `test-file-degradation` entries from a
@@ -32,5 +32,5 @@ import type { TestGapsReport } from '../../analyzers/tests/types';
32
32
  * report's iteration order so re-runs against the same scan are
33
33
  * byte-stable.
34
34
  */
35
- export declare function testGapsToBaselineEntries(report: TestGapsReport): BaselineEntry[];
35
+ export declare function testGapsToBaselineEntries(report: TestGapsReport): RichBaselineEntry[];
36
36
  //# sourceMappingURL=tests.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"tests.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/tests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,KAAK,EACV,aAAa,EAGd,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAElE;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,cAAc,GAAG,aAAa,EAAE,CAgCjF"}
1
+ {"version":3,"file":"tests.d.ts","sourceRoot":"","sources":["../../../src/baseline/producers/tests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,KAAK,EACV,iBAAiB,EAGlB,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAElE;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,cAAc,GAAG,iBAAiB,EAAE,CAgCrF"}