@vyuhlabs/dxkit 2.5.2 → 2.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +218 -13
- package/README.md +220 -369
- package/dist/allowlist/categories.d.ts +120 -0
- package/dist/allowlist/categories.d.ts.map +1 -0
- package/dist/allowlist/categories.js +194 -0
- package/dist/allowlist/categories.js.map +1 -0
- package/dist/allowlist/cli.d.ts +95 -0
- package/dist/allowlist/cli.d.ts.map +1 -0
- package/dist/allowlist/cli.js +454 -0
- package/dist/allowlist/cli.js.map +1 -0
- package/dist/allowlist/diff.d.ts +67 -0
- package/dist/allowlist/diff.d.ts.map +1 -0
- package/dist/allowlist/diff.js +147 -0
- package/dist/allowlist/diff.js.map +1 -0
- package/dist/allowlist/file.d.ts +249 -0
- package/dist/allowlist/file.d.ts.map +1 -0
- package/dist/allowlist/file.js +497 -0
- package/dist/allowlist/file.js.map +1 -0
- package/dist/allowlist/gather.d.ts +61 -0
- package/dist/allowlist/gather.d.ts.map +1 -0
- package/dist/allowlist/gather.js +143 -0
- package/dist/allowlist/gather.js.map +1 -0
- package/dist/allowlist/hint.d.ts +80 -0
- package/dist/allowlist/hint.d.ts.map +1 -0
- package/dist/allowlist/hint.js +271 -0
- package/dist/allowlist/hint.js.map +1 -0
- package/dist/allowlist/inline.d.ts +149 -0
- package/dist/allowlist/inline.d.ts.map +1 -0
- package/dist/allowlist/inline.js +306 -0
- package/dist/allowlist/inline.js.map +1 -0
- package/dist/analyzers/bom/discovery.d.ts +3 -4
- package/dist/analyzers/bom/discovery.d.ts.map +1 -1
- package/dist/analyzers/bom/discovery.js +3 -4
- package/dist/analyzers/bom/discovery.js.map +1 -1
- package/dist/analyzers/bom/types.d.ts +1 -1
- package/dist/analyzers/dashboard/index.d.ts.map +1 -1
- package/dist/analyzers/dashboard/index.js +42 -5
- package/dist/analyzers/dashboard/index.js.map +1 -1
- package/dist/analyzers/quality/detailed.d.ts +8 -1
- package/dist/analyzers/quality/detailed.d.ts.map +1 -1
- package/dist/analyzers/quality/detailed.js +43 -10
- package/dist/analyzers/quality/detailed.js.map +1 -1
- package/dist/analyzers/security/detailed.d.ts +8 -1
- package/dist/analyzers/security/detailed.d.ts.map +1 -1
- package/dist/analyzers/security/detailed.js +14 -1
- package/dist/analyzers/security/detailed.js.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts +8 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +26 -7
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tools/cloc.js +3 -3
- package/dist/analyzers/tools/cloc.js.map +1 -1
- package/dist/analyzers/tools/exclusions.d.ts +12 -12
- package/dist/analyzers/tools/exclusions.d.ts.map +1 -1
- package/dist/analyzers/tools/exclusions.js +27 -13
- package/dist/analyzers/tools/exclusions.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts +39 -5
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +609 -45
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/nuget-package-reference.d.ts +4 -4
- package/dist/analyzers/tools/nuget-package-reference.js +4 -4
- package/dist/analyzers/tools/osv-scanner-fix.d.ts +4 -5
- package/dist/analyzers/tools/osv-scanner-fix.d.ts.map +1 -1
- package/dist/analyzers/tools/osv-scanner-fix.js +4 -5
- package/dist/analyzers/tools/osv-scanner-fix.js.map +1 -1
- package/dist/analyzers/tools/parallel.d.ts.map +1 -1
- package/dist/analyzers/tools/parallel.js +7 -0
- package/dist/analyzers/tools/parallel.js.map +1 -1
- package/dist/analyzers/tools/vendored-advisor.d.ts.map +1 -1
- package/dist/analyzers/tools/vendored-advisor.js +3 -4
- package/dist/analyzers/tools/vendored-advisor.js.map +1 -1
- package/dist/analyzers/xlsx/licenses.d.ts +7 -7
- package/dist/analyzers/xlsx/licenses.js +7 -7
- package/dist/baseline/baseline-file.d.ts +7 -0
- package/dist/baseline/baseline-file.d.ts.map +1 -1
- package/dist/baseline/baseline-file.js +22 -1
- package/dist/baseline/baseline-file.js.map +1 -1
- package/dist/baseline/check-renderers.d.ts +13 -1
- package/dist/baseline/check-renderers.d.ts.map +1 -1
- package/dist/baseline/check-renderers.js +67 -1
- package/dist/baseline/check-renderers.js.map +1 -1
- package/dist/baseline/check.d.ts +33 -7
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +90 -64
- package/dist/baseline/check.js.map +1 -1
- package/dist/baseline/create.d.ts +35 -7
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +43 -5
- package/dist/baseline/create.js.map +1 -1
- package/dist/baseline/entry-to-located.d.ts +6 -1
- package/dist/baseline/entry-to-located.d.ts.map +1 -1
- package/dist/baseline/entry-to-located.js +20 -2
- package/dist/baseline/entry-to-located.js.map +1 -1
- package/dist/baseline/finding-identity.d.ts.map +1 -1
- package/dist/baseline/finding-identity.js +15 -13
- package/dist/baseline/finding-identity.js.map +1 -1
- package/dist/baseline/modes.d.ts +140 -0
- package/dist/baseline/modes.d.ts.map +1 -0
- package/dist/baseline/modes.js +179 -0
- package/dist/baseline/modes.js.map +1 -0
- package/dist/baseline/policy.d.ts +64 -0
- package/dist/baseline/policy.d.ts.map +1 -1
- package/dist/baseline/policy.js +102 -1
- package/dist/baseline/policy.js.map +1 -1
- package/dist/baseline/producers/health.d.ts +2 -2
- package/dist/baseline/producers/health.d.ts.map +1 -1
- package/dist/baseline/producers/health.js.map +1 -1
- package/dist/baseline/producers/index.d.ts +11 -5
- package/dist/baseline/producers/index.d.ts.map +1 -1
- package/dist/baseline/producers/index.js +12 -9
- package/dist/baseline/producers/index.js.map +1 -1
- package/dist/baseline/producers/quality.d.ts +3 -3
- package/dist/baseline/producers/quality.d.ts.map +1 -1
- package/dist/baseline/producers/quality.js.map +1 -1
- package/dist/baseline/producers/secret-hmac.d.ts +2 -2
- package/dist/baseline/producers/secret-hmac.d.ts.map +1 -1
- package/dist/baseline/producers/secret-hmac.js.map +1 -1
- package/dist/baseline/producers/security.d.ts +2 -2
- package/dist/baseline/producers/security.d.ts.map +1 -1
- package/dist/baseline/producers/security.js.map +1 -1
- package/dist/baseline/producers/stale-allow.d.ts +70 -0
- package/dist/baseline/producers/stale-allow.d.ts.map +1 -0
- package/dist/baseline/producers/stale-allow.js +111 -0
- package/dist/baseline/producers/stale-allow.js.map +1 -0
- package/dist/baseline/producers/tests.d.ts +2 -2
- package/dist/baseline/producers/tests.d.ts.map +1 -1
- package/dist/baseline/producers/tests.js.map +1 -1
- package/dist/baseline/ref-baseline.d.ts +114 -0
- package/dist/baseline/ref-baseline.d.ts.map +1 -0
- package/dist/baseline/ref-baseline.js +260 -0
- package/dist/baseline/ref-baseline.js.map +1 -0
- package/dist/baseline/sanitize.d.ts +80 -0
- package/dist/baseline/sanitize.d.ts.map +1 -0
- package/dist/baseline/sanitize.js +91 -0
- package/dist/baseline/sanitize.js.map +1 -0
- package/dist/baseline/show.d.ts.map +1 -1
- package/dist/baseline/show.js +9 -3
- package/dist/baseline/show.js.map +1 -1
- package/dist/baseline/types.d.ts +73 -26
- package/dist/baseline/types.d.ts.map +1 -1
- package/dist/baseline/types.js +7 -1
- package/dist/baseline/types.js.map +1 -1
- package/dist/baseline/visibility.d.ts +61 -0
- package/dist/baseline/visibility.d.ts.map +1 -0
- package/dist/baseline/visibility.js +121 -0
- package/dist/baseline/visibility.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +168 -6
- package/dist/cli.js.map +1 -1
- package/dist/dashboard/graph-adapter.d.ts +151 -0
- package/dist/dashboard/graph-adapter.d.ts.map +1 -0
- package/dist/dashboard/graph-adapter.js +415 -0
- package/dist/dashboard/graph-adapter.js.map +1 -0
- package/dist/dashboard/graph-tab.d.ts +109 -0
- package/dist/dashboard/graph-tab.d.ts.map +1 -0
- package/dist/dashboard/graph-tab.js +297 -0
- package/dist/dashboard/graph-tab.js.map +1 -0
- package/dist/dashboard/vendor/vis-network.min.js +34 -0
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +106 -16
- package/dist/doctor.js.map +1 -1
- package/dist/explore/cli/api-surface.d.ts +12 -0
- package/dist/explore/cli/api-surface.d.ts.map +1 -0
- package/dist/explore/cli/api-surface.js +57 -0
- package/dist/explore/cli/api-surface.js.map +1 -0
- package/dist/explore/cli/communities.d.ts +10 -0
- package/dist/explore/cli/communities.d.ts.map +1 -0
- package/dist/explore/cli/communities.js +47 -0
- package/dist/explore/cli/communities.js.map +1 -0
- package/dist/explore/cli/context.d.ts +16 -0
- package/dist/explore/cli/context.d.ts.map +1 -0
- package/dist/explore/cli/context.js +118 -0
- package/dist/explore/cli/context.js.map +1 -0
- package/dist/explore/cli/entry-points.d.ts +12 -0
- package/dist/explore/cli/entry-points.d.ts.map +1 -0
- package/dist/explore/cli/entry-points.js +85 -0
- package/dist/explore/cli/entry-points.js.map +1 -0
- package/dist/explore/cli/feature.d.ts +16 -0
- package/dist/explore/cli/feature.d.ts.map +1 -0
- package/dist/explore/cli/feature.js +89 -0
- package/dist/explore/cli/feature.js.map +1 -0
- package/dist/explore/cli/file.d.ts +12 -0
- package/dist/explore/cli/file.d.ts.map +1 -0
- package/dist/explore/cli/file.js +139 -0
- package/dist/explore/cli/file.js.map +1 -0
- package/dist/explore/cli/hot-files.d.ts +11 -0
- package/dist/explore/cli/hot-files.d.ts.map +1 -0
- package/dist/explore/cli/hot-files.js +63 -0
- package/dist/explore/cli/hot-files.js.map +1 -0
- package/dist/explore/context-hook.d.ts +42 -0
- package/dist/explore/context-hook.d.ts.map +1 -0
- package/dist/explore/context-hook.js +131 -0
- package/dist/explore/context-hook.js.map +1 -0
- package/dist/explore/finding-context.d.ts +69 -0
- package/dist/explore/finding-context.d.ts.map +1 -0
- package/dist/explore/finding-context.js +102 -0
- package/dist/explore/finding-context.js.map +1 -0
- package/dist/explore/format.d.ts +64 -0
- package/dist/explore/format.d.ts.map +1 -0
- package/dist/explore/format.js +99 -0
- package/dist/explore/format.js.map +1 -0
- package/dist/explore/load.d.ts +50 -0
- package/dist/explore/load.d.ts.map +1 -0
- package/dist/explore/load.js +197 -0
- package/dist/explore/load.js.map +1 -0
- package/dist/explore/queries.d.ts +413 -0
- package/dist/explore/queries.d.ts.map +1 -0
- package/dist/explore/queries.js +855 -0
- package/dist/explore/queries.js.map +1 -0
- package/dist/explore/types.d.ts +130 -0
- package/dist/explore/types.d.ts.map +1 -0
- package/dist/explore/types.js +28 -0
- package/dist/explore/types.js.map +1 -0
- package/dist/explore-cli.d.ts +45 -0
- package/dist/explore-cli.d.ts.map +1 -0
- package/dist/explore-cli.js +213 -0
- package/dist/explore-cli.js.map +1 -0
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +19 -0
- package/dist/generator.js.map +1 -1
- package/dist/issue-cli.d.ts +62 -0
- package/dist/issue-cli.d.ts.map +1 -0
- package/dist/issue-cli.js +252 -0
- package/dist/issue-cli.js.map +1 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +32 -11
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +5 -0
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +27 -0
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +35 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +5 -0
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +5 -0
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +5 -0
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +5 -0
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +5 -0
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +79 -0
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +6 -1
- package/dist/languages/typescript.js.map +1 -1
- package/package.json +2 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +126 -12
- package/templates/.claude/skills/dxkit-onboard/SKILL.md +31 -3
- package/templates/.claude/skills/dxkit-reports/SKILL.md +3 -1
- package/templates/AGENTS.md.template +8 -1
- package/dist/baseline/producers/licenses.d.ts +0 -23
- package/dist/baseline/producers/licenses.d.ts.map +0 -1
- package/dist/baseline/producers/licenses.js +0 -46
- package/dist/baseline/producers/licenses.js.map +0 -1
package/dist/baseline/types.d.ts
CHANGED
|
@@ -46,7 +46,13 @@
|
|
|
46
46
|
* analyzer.
|
|
47
47
|
* - `hygiene` — TODO / FIXME / HACK / console-log / any-type
|
|
48
48
|
* occurrences (per-occurrence identity).
|
|
49
|
-
*
|
|
49
|
+
*
|
|
50
|
+
* License attributions are NOT a baseline finding kind. They live in
|
|
51
|
+
* the per-package BoM artifact (`.dxkit/bom.json`) — the canonical
|
|
52
|
+
* license inventory carried by `vyuh-dxkit bom`. License findings
|
|
53
|
+
* are informational, not regression material, and dominated the
|
|
54
|
+
* baseline (~73% of entries on real customer repos) before being
|
|
55
|
+
* lifted out.
|
|
50
56
|
*/
|
|
51
57
|
/**
|
|
52
58
|
* 16-char lowercase hex fingerprint. Same byte format as the
|
|
@@ -79,7 +85,7 @@ export type IdentitySchemeVersion = 'v1';
|
|
|
79
85
|
* The hash format is SHA-1[0:16] across every kind — callers store
|
|
80
86
|
* identities in one flat set without tracking provenance.
|
|
81
87
|
*/
|
|
82
|
-
export type IdentityInput = SecretIdentityInput | CodeIdentityInput | ConfigIdentityInput | DepVulnIdentityInput | DuplicationIdentityInput | CoverageGapIdentityInput | TestGapIdentityInput | HygieneOffenderIdentityInput |
|
|
88
|
+
export type IdentityInput = SecretIdentityInput | CodeIdentityInput | ConfigIdentityInput | DepVulnIdentityInput | DuplicationIdentityInput | CoverageGapIdentityInput | TestGapIdentityInput | HygieneOffenderIdentityInput | TestFileDegradationIdentityInput | GodFileIdentityInput | StaleFileIdentityInput | LargeFileIdentityInput | SecretHmacIdentityInput | StaleAllowIdentityInput;
|
|
83
89
|
/** gitleaks + private-key files + similar secret detectors. */
|
|
84
90
|
export interface SecretIdentityInput {
|
|
85
91
|
readonly kind: 'secret';
|
|
@@ -190,23 +196,6 @@ export interface HygieneOffenderIdentityInput {
|
|
|
190
196
|
readonly line: number;
|
|
191
197
|
readonly marker: HygieneMarker;
|
|
192
198
|
}
|
|
193
|
-
/**
|
|
194
|
-
* Package license attribution. Identity includes the license type so
|
|
195
|
-
* a license change on the same `(package, version)` pin registers
|
|
196
|
-
* as a fresh finding — compliance teams want to know if a dependency
|
|
197
|
-
* re-licenses under a different (perhaps more restrictive) license
|
|
198
|
-
* even when no version bump happened.
|
|
199
|
-
*/
|
|
200
|
-
export interface LicenseIdentityInput {
|
|
201
|
-
readonly kind: 'license';
|
|
202
|
-
readonly package: string;
|
|
203
|
-
readonly version: string;
|
|
204
|
-
/** Canonical SPDX identifier (`'MIT'`, `'Apache-2.0'`, `'GPL-3.0'`,
|
|
205
|
-
* `'UNKNOWN'`). Producer is the existing license-aggregation
|
|
206
|
-
* pipeline; identity is byte-stable as long as the producer
|
|
207
|
-
* reports the SPDX id consistently. */
|
|
208
|
-
readonly licenseType: string;
|
|
209
|
-
}
|
|
210
199
|
/**
|
|
211
200
|
* A test file flagged by the test-gaps analyzer as degraded — present
|
|
212
201
|
* but not actively exercising the system under test. Identity carries
|
|
@@ -294,6 +283,32 @@ export interface SecretHmacIdentityInput {
|
|
|
294
283
|
/** 16-char hex from `computeSecretHmac(secret, repoSalt)`. */
|
|
295
284
|
readonly hmac: string;
|
|
296
285
|
}
|
|
286
|
+
/**
|
|
287
|
+
* Orphaned inline allowlist annotation — a `dxkit-allow:<category>`
|
|
288
|
+
* comment in a source file that matches no current finding. The
|
|
289
|
+
* developer suppressed something that's since been fixed (or the
|
|
290
|
+
* scanner stopped flagging), and the annotation should be removed.
|
|
291
|
+
* TypeScript's `@ts-expect-error` proved this pattern: tools that
|
|
292
|
+
* surface their own stale suppressions as findings force the dev
|
|
293
|
+
* to clean up, preventing the annotation graveyard.
|
|
294
|
+
*
|
|
295
|
+
* Identity is `(file, lineWindow, category)` — same 3-line window
|
|
296
|
+
* the code-finding fingerprint uses, so formatter / unrelated-edit
|
|
297
|
+
* line drift doesn't churn identity. Category is part of identity
|
|
298
|
+
* because a `# dxkit-allow:test-fixture` becoming
|
|
299
|
+
* `# dxkit-allow:false-positive` (developer reclassified mid-review)
|
|
300
|
+
* is a semantically different stale-allow.
|
|
301
|
+
*/
|
|
302
|
+
export interface StaleAllowIdentityInput {
|
|
303
|
+
readonly kind: 'stale-allow';
|
|
304
|
+
readonly file: string;
|
|
305
|
+
readonly line: number;
|
|
306
|
+
/** The category named in the orphaned annotation. Free-form
|
|
307
|
+
* string at identity-input level (the canonical
|
|
308
|
+
* `AllowlistCategory` union lives in `src/allowlist/categories.ts`
|
|
309
|
+
* to avoid a cross-module import here in the baseline types). */
|
|
310
|
+
readonly category: string;
|
|
311
|
+
}
|
|
297
312
|
/**
|
|
298
313
|
* Per-finding entry stored in a baseline. Carries identity plus the
|
|
299
314
|
* minimum metadata needed for cross-run drift-tolerant matching —
|
|
@@ -350,12 +365,6 @@ export type BaselineEntry = {
|
|
|
350
365
|
* — populated when the producer can read the file at the
|
|
351
366
|
* baseline commit. */
|
|
352
367
|
contentHash?: string;
|
|
353
|
-
} | {
|
|
354
|
-
id: FindingId;
|
|
355
|
-
kind: 'license';
|
|
356
|
-
package: string;
|
|
357
|
-
version: string;
|
|
358
|
-
licenseType: string;
|
|
359
368
|
} | {
|
|
360
369
|
id: FindingId;
|
|
361
370
|
kind: 'test-file-degradation';
|
|
@@ -380,7 +389,45 @@ export type BaselineEntry = {
|
|
|
380
389
|
tool: string;
|
|
381
390
|
rule: string;
|
|
382
391
|
hmac: string;
|
|
383
|
-
}
|
|
392
|
+
} | {
|
|
393
|
+
id: FindingId;
|
|
394
|
+
kind: 'stale-allow';
|
|
395
|
+
file: string;
|
|
396
|
+
line: number;
|
|
397
|
+
category: string;
|
|
398
|
+
} | SanitizedBaselineEntry;
|
|
399
|
+
/**
|
|
400
|
+
* The full-payload subset of `BaselineEntry` — every variant except
|
|
401
|
+
* the stripped sanitized shape. Producers emit this shape directly;
|
|
402
|
+
* sanitization is a write-time transformation, never a producer
|
|
403
|
+
* concern. Consumers narrowing on `entry.kind` from a `BaselineEntry`
|
|
404
|
+
* must call `isSanitized` first to reach this shape (or accept the
|
|
405
|
+
* sanitized variant in the union).
|
|
406
|
+
*/
|
|
407
|
+
export type RichBaselineEntry = Exclude<BaselineEntry, SanitizedBaselineEntry>;
|
|
408
|
+
/**
|
|
409
|
+
* Stripped per-finding entry — identity + kind only, every other
|
|
410
|
+
* field dropped. Produced by `sanitizeEntry` for baselines written in
|
|
411
|
+
* sanitized mode (the public-repo / compliance-conscious posture).
|
|
412
|
+
*
|
|
413
|
+
* Sanitization preserves the cross-run matching contract: the
|
|
414
|
+
* fingerprint `id` is unchanged, the matcher's identity-multiset
|
|
415
|
+
* pass still works at full confidence. What's lost is the location-
|
|
416
|
+
* pair pass (no `file` / `line` to compare) and the renderer's
|
|
417
|
+
* ability to surface human-readable locators (`src/auth/oauth.ts:42`)
|
|
418
|
+
* — they collapse to `<sanitized>` in `baseline show` output.
|
|
419
|
+
*
|
|
420
|
+
* The `sanitized: true` discriminant lets exhaustive switches narrow
|
|
421
|
+
* to either the rich shape or the stripped shape via the
|
|
422
|
+
* `isSanitized` guard in `./sanitize.ts`. Adding a new finding kind
|
|
423
|
+
* doesn't require touching this variant — `kind` is the union of all
|
|
424
|
+
* non-sanitized kinds, propagated automatically.
|
|
425
|
+
*/
|
|
426
|
+
export interface SanitizedBaselineEntry {
|
|
427
|
+
readonly id: FindingId;
|
|
428
|
+
readonly kind: 'secret' | 'code' | 'config' | 'dep-vuln' | 'duplication' | 'coverage-gap' | 'test-gap' | 'hygiene' | 'test-file-degradation' | 'god-file' | 'stale-file' | 'large-file' | 'secret-hmac' | 'stale-allow';
|
|
429
|
+
readonly sanitized: true;
|
|
430
|
+
}
|
|
384
431
|
/**
|
|
385
432
|
* One pairing decision from the matcher. Carries enough context for
|
|
386
433
|
* the guardrail to render a clear explanation ("this finding was
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/baseline/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/baseline/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AAEH;;;;;;;;;;GAUG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC;AAE/B;;;;GAIG;AACH,MAAM,MAAM,qBAAqB,GAAG,IAAI,CAAC;AAEzC;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,aAAa,GACrB,mBAAmB,GACnB,iBAAiB,GACjB,mBAAmB,GACnB,oBAAoB,GACpB,wBAAwB,GACxB,wBAAwB,GACxB,oBAAoB,GACpB,4BAA4B,GAC5B,gCAAgC,GAChC,oBAAoB,GACpB,sBAAsB,GACtB,sBAAsB,GACtB,uBAAuB,GACvB,uBAAuB,CAAC;AAE5B,+DAA+D;AAC/D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,wEAAwE;IACxE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;gDAC4C;IAC5C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,kCAAkC;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;6DACyD;IACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,2EAA2E;AAC3E,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,+DAA+D;AAC/D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,gFAAgF;AAChF,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,gDAAgD;IAChD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB;0CACsC;IACtC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9C,qEAAqE;IACrE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;CACrB;AAED,4CAA4C;AAC5C,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B;kEAC8D;IAC9D,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;;gEAI4D;IAC5D,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;8CAG0C;IAC1C,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,yCAAyC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;uBAEmB;IACnB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB;kBACc;IACd,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChD;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEjE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;CAC5B;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,aAAa,GAAG,UAAU,CAAC;AAEnF,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,yBAAyB,GAAG,eAAe,GAAG,OAAO,GAAG,aAAa,CAAC;AAElF,MAAM,WAAW,gCAAgC;IAC/C,QAAQ,CAAC,IAAI,EAAE,uBAAuB,CAAC;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,yBAAyB,CAAC;CAC5C;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;;oDAGgD;IAChD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,4CAA4C;IAC5C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;0BAEsB;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB;;;sEAGkE;IAClE,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;;GAMG;AACH,MAAM,MAAM,aAAa,GACrB;IACE,EAAE,EAAE,SAAS,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb;;;;;oDAKgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACD;IACE,EAAE,EAAE,SAAS,CAAC;IACd,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,EAAE,EAAE,SAAS,CAAC;IACd,IAAI,EAAE,aAAa,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,EAAE,EAAE,SAAS,CAAC;IACd,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACvC,GACD;IAAE,EAAE,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,UAAU,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,WAAW,CAAA;CAAE,GACpE;IACE,EAAE,EAAE,SAAS,CAAC;IACd,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,aAAa,CAAC;IACtB;;2BAEuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACD;IACE,EAAE,EAAE,SAAS,CAAC;IACd,IAAI,EAAE,uBAAuB,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,yBAAyB,CAAC;CACnC,GACD;IAAE,EAAE,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,UAAU,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACjD;IAAE,EAAE,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,YAAY,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GACnE;IAAE,EAAE,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,YAAY,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,EAAE,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAChF;IAAE,EAAE,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACpF,sBAAsB,CAAC;AAE3B;;;;;;;GAOG;AACH,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;AAE/E;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC;IACvB,QAAQ,CAAC,IAAI,EACT,QAAQ,GACR,MAAM,GACN,QAAQ,GACR,UAAU,GACV,aAAa,GACb,cAAc,GACd,UAAU,GACV,SAAS,GACT,uBAAuB,GACvB,UAAU,GACV,YAAY,GACZ,YAAY,GACZ,aAAa,GACb,aAAa,CAAC;IAClB,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,WAAW,GAAG,OAAO,GAAG,SAAS,CAAC;AAE1E,MAAM,WAAW,WAAW;IAC1B;+CAC2C;IAC3C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,kEAAkE;IAClE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAC7B;gEAC4D;IAC5D,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC;CAC9C;AAED;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAErE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,MAAM,aAAa,GACrB,WAAW,GACX,WAAW,GACX,OAAO,GACP,SAAS,GACT,OAAO,GACP,gBAAgB,GAChB,eAAe,GACf,cAAc,GACd,mBAAmB,GACnB,WAAW,CAAC;AAEhB;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IACzC,QAAQ,CAAC,SAAS,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IAC7C,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IACzC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;CAClC"}
|
package/dist/baseline/types.js
CHANGED
|
@@ -47,7 +47,13 @@
|
|
|
47
47
|
* analyzer.
|
|
48
48
|
* - `hygiene` — TODO / FIXME / HACK / console-log / any-type
|
|
49
49
|
* occurrences (per-occurrence identity).
|
|
50
|
-
*
|
|
50
|
+
*
|
|
51
|
+
* License attributions are NOT a baseline finding kind. They live in
|
|
52
|
+
* the per-package BoM artifact (`.dxkit/bom.json`) — the canonical
|
|
53
|
+
* license inventory carried by `vyuh-dxkit bom`. License findings
|
|
54
|
+
* are informational, not regression material, and dominated the
|
|
55
|
+
* baseline (~73% of entries on real customer repos) before being
|
|
56
|
+
* lifted out.
|
|
51
57
|
*/
|
|
52
58
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
53
59
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/baseline/types.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/baseline/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Repo visibility detection — probes `gh repo view --json visibility`
|
|
3
|
+
* to learn whether the current repo is public, private, or internal
|
|
4
|
+
* (GitHub Enterprise's middle tier).
|
|
5
|
+
*
|
|
6
|
+
* # Why this module exists
|
|
7
|
+
*
|
|
8
|
+
* Baseline mode resolution (see `./modes.ts`) needs the answer to
|
|
9
|
+
* "is this a public repo?" to pick the right default posture.
|
|
10
|
+
* Public repos default to `ref-based` (no committed baseline,
|
|
11
|
+
* zero disclosure); private repos default to `committed-full`.
|
|
12
|
+
* Without a reliable visibility probe the picker can't be safe-
|
|
13
|
+
* by-default.
|
|
14
|
+
*
|
|
15
|
+
* # Failure semantics
|
|
16
|
+
*
|
|
17
|
+
* Every failure path returns `'unknown'` rather than throwing.
|
|
18
|
+
* Callers treat unknown the same way they treat private — the
|
|
19
|
+
* safe default. Concrete failure modes:
|
|
20
|
+
*
|
|
21
|
+
* - `gh` binary missing
|
|
22
|
+
* - `gh auth` not configured
|
|
23
|
+
* - Repo has no GitHub remote
|
|
24
|
+
* - Repo is on a non-GitHub host (GitLab, self-hosted)
|
|
25
|
+
* - Network failure / API throttling
|
|
26
|
+
* - Repo deleted or made inaccessible to the calling user
|
|
27
|
+
*
|
|
28
|
+
* None of these warrant a surprise switch to sanitized mode — a
|
|
29
|
+
* customer's private repo shouldn't suddenly start writing
|
|
30
|
+
* stripped baselines because `gh auth` lapsed.
|
|
31
|
+
*
|
|
32
|
+
* # Caching
|
|
33
|
+
*
|
|
34
|
+
* The probe is slow (~500ms cold). Results are cached per-process
|
|
35
|
+
* by absolute cwd. Tests clear the cache via `clearVisibilityCache`.
|
|
36
|
+
*/
|
|
37
|
+
/**
|
|
38
|
+
* The visibility states the picker reads. `'internal'` is GitHub
|
|
39
|
+
* Enterprise's middle tier (visible to org members; not the public).
|
|
40
|
+
* The mode picker treats internal the same as private — internal
|
|
41
|
+
* repos are not safe to expose location data on, but they're not
|
|
42
|
+
* literally public either.
|
|
43
|
+
*/
|
|
44
|
+
export type RepoVisibility = 'public' | 'private' | 'internal' | 'unknown';
|
|
45
|
+
/**
|
|
46
|
+
* Detect the visibility of the repo rooted at `cwd`. Returns
|
|
47
|
+
* `'unknown'` on every failure path — never throws. Cached per
|
|
48
|
+
* absolute cwd for the lifetime of the process.
|
|
49
|
+
*
|
|
50
|
+
* Production callers always use this through `resolveBaselineMode`;
|
|
51
|
+
* direct invocations should be rare. The single-entry contract keeps
|
|
52
|
+
* the `gh` probe count predictable + makes mocking trivial in tests.
|
|
53
|
+
*/
|
|
54
|
+
export declare function detectRepoVisibility(cwd: string): RepoVisibility;
|
|
55
|
+
/**
|
|
56
|
+
* Test seam: clear the per-process visibility cache. Production
|
|
57
|
+
* callers never use this — the cache lives for the entire CLI
|
|
58
|
+
* invocation and dies with the process.
|
|
59
|
+
*/
|
|
60
|
+
export declare function clearVisibilityCache(): void;
|
|
61
|
+
//# sourceMappingURL=visibility.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"visibility.d.ts","sourceRoot":"","sources":["../../src/baseline/visibility.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAKH;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,CAAC;AAI3E;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAOhE;AAmBD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Repo visibility detection — probes `gh repo view --json visibility`
|
|
4
|
+
* to learn whether the current repo is public, private, or internal
|
|
5
|
+
* (GitHub Enterprise's middle tier).
|
|
6
|
+
*
|
|
7
|
+
* # Why this module exists
|
|
8
|
+
*
|
|
9
|
+
* Baseline mode resolution (see `./modes.ts`) needs the answer to
|
|
10
|
+
* "is this a public repo?" to pick the right default posture.
|
|
11
|
+
* Public repos default to `ref-based` (no committed baseline,
|
|
12
|
+
* zero disclosure); private repos default to `committed-full`.
|
|
13
|
+
* Without a reliable visibility probe the picker can't be safe-
|
|
14
|
+
* by-default.
|
|
15
|
+
*
|
|
16
|
+
* # Failure semantics
|
|
17
|
+
*
|
|
18
|
+
* Every failure path returns `'unknown'` rather than throwing.
|
|
19
|
+
* Callers treat unknown the same way they treat private — the
|
|
20
|
+
* safe default. Concrete failure modes:
|
|
21
|
+
*
|
|
22
|
+
* - `gh` binary missing
|
|
23
|
+
* - `gh auth` not configured
|
|
24
|
+
* - Repo has no GitHub remote
|
|
25
|
+
* - Repo is on a non-GitHub host (GitLab, self-hosted)
|
|
26
|
+
* - Network failure / API throttling
|
|
27
|
+
* - Repo deleted or made inaccessible to the calling user
|
|
28
|
+
*
|
|
29
|
+
* None of these warrant a surprise switch to sanitized mode — a
|
|
30
|
+
* customer's private repo shouldn't suddenly start writing
|
|
31
|
+
* stripped baselines because `gh auth` lapsed.
|
|
32
|
+
*
|
|
33
|
+
* # Caching
|
|
34
|
+
*
|
|
35
|
+
* The probe is slow (~500ms cold). Results are cached per-process
|
|
36
|
+
* by absolute cwd. Tests clear the cache via `clearVisibilityCache`.
|
|
37
|
+
*/
|
|
38
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
39
|
+
if (k2 === undefined) k2 = k;
|
|
40
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
41
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
42
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
43
|
+
}
|
|
44
|
+
Object.defineProperty(o, k2, desc);
|
|
45
|
+
}) : (function(o, m, k, k2) {
|
|
46
|
+
if (k2 === undefined) k2 = k;
|
|
47
|
+
o[k2] = m[k];
|
|
48
|
+
}));
|
|
49
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
50
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
51
|
+
}) : function(o, v) {
|
|
52
|
+
o["default"] = v;
|
|
53
|
+
});
|
|
54
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
55
|
+
var ownKeys = function(o) {
|
|
56
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
57
|
+
var ar = [];
|
|
58
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
59
|
+
return ar;
|
|
60
|
+
};
|
|
61
|
+
return ownKeys(o);
|
|
62
|
+
};
|
|
63
|
+
return function (mod) {
|
|
64
|
+
if (mod && mod.__esModule) return mod;
|
|
65
|
+
var result = {};
|
|
66
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
67
|
+
__setModuleDefault(result, mod);
|
|
68
|
+
return result;
|
|
69
|
+
};
|
|
70
|
+
})();
|
|
71
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
72
|
+
exports.detectRepoVisibility = detectRepoVisibility;
|
|
73
|
+
exports.clearVisibilityCache = clearVisibilityCache;
|
|
74
|
+
const child_process_1 = require("child_process");
|
|
75
|
+
const path = __importStar(require("path"));
|
|
76
|
+
const VISIBILITY_CACHE = new Map();
|
|
77
|
+
/**
|
|
78
|
+
* Detect the visibility of the repo rooted at `cwd`. Returns
|
|
79
|
+
* `'unknown'` on every failure path — never throws. Cached per
|
|
80
|
+
* absolute cwd for the lifetime of the process.
|
|
81
|
+
*
|
|
82
|
+
* Production callers always use this through `resolveBaselineMode`;
|
|
83
|
+
* direct invocations should be rare. The single-entry contract keeps
|
|
84
|
+
* the `gh` probe count predictable + makes mocking trivial in tests.
|
|
85
|
+
*/
|
|
86
|
+
function detectRepoVisibility(cwd) {
|
|
87
|
+
const cacheKey = path.resolve(cwd);
|
|
88
|
+
const cached = VISIBILITY_CACHE.get(cacheKey);
|
|
89
|
+
if (cached !== undefined)
|
|
90
|
+
return cached;
|
|
91
|
+
const resolved = detectRepoVisibilityUncached(cwd);
|
|
92
|
+
VISIBILITY_CACHE.set(cacheKey, resolved);
|
|
93
|
+
return resolved;
|
|
94
|
+
}
|
|
95
|
+
function detectRepoVisibilityUncached(cwd) {
|
|
96
|
+
try {
|
|
97
|
+
const out = (0, child_process_1.execSync)('gh repo view --json visibility', {
|
|
98
|
+
cwd,
|
|
99
|
+
stdio: ['ignore', 'pipe', 'pipe'],
|
|
100
|
+
encoding: 'utf-8',
|
|
101
|
+
timeout: 5000,
|
|
102
|
+
});
|
|
103
|
+
const parsed = JSON.parse(out);
|
|
104
|
+
const raw = typeof parsed.visibility === 'string' ? parsed.visibility.toLowerCase() : '';
|
|
105
|
+
if (raw === 'public' || raw === 'private' || raw === 'internal')
|
|
106
|
+
return raw;
|
|
107
|
+
return 'unknown';
|
|
108
|
+
}
|
|
109
|
+
catch {
|
|
110
|
+
return 'unknown';
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
/**
|
|
114
|
+
* Test seam: clear the per-process visibility cache. Production
|
|
115
|
+
* callers never use this — the cache lives for the entire CLI
|
|
116
|
+
* invocation and dies with the process.
|
|
117
|
+
*/
|
|
118
|
+
function clearVisibilityCache() {
|
|
119
|
+
VISIBILITY_CACHE.clear();
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=visibility.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"visibility.js","sourceRoot":"","sources":["../../src/baseline/visibility.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBH,oDAOC;AAwBD,oDAEC;AAxDD,iDAAyC;AACzC,2CAA6B;AAW7B,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA0B,CAAC;AAE3D;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACxC,MAAM,QAAQ,GAAG,4BAA4B,CAAC,GAAG,CAAC,CAAC;IACnD,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACzC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,4BAA4B,CAAC,GAAW;IAC/C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,wBAAQ,EAAC,gCAAgC,EAAE;YACrD,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;YACjC,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA6B,CAAC;QAC3D,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzF,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU;YAAE,OAAO,GAAG,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,oBAAoB;IAClC,gBAAgB,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC"}
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAgPA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA+oDvD"}
|