@vyuhlabs/dxkit 2.7.1 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +145 -0
- package/README.md +20 -9
- package/dist/analyzers/cache.js +11 -0
- package/dist/analyzers/cache.js.map +1 -1
- package/dist/analyzers/security/aggregator.d.ts +20 -0
- package/dist/analyzers/security/aggregator.d.ts.map +1 -1
- package/dist/analyzers/security/aggregator.js +5 -0
- package/dist/analyzers/security/aggregator.js.map +1 -1
- package/dist/analyzers/security/gather.d.ts.map +1 -1
- package/dist/analyzers/security/gather.js +8 -0
- package/dist/analyzers/security/gather.js.map +1 -1
- package/dist/analyzers/tools/grep-secrets.d.ts +6 -1
- package/dist/analyzers/tools/grep-secrets.d.ts.map +1 -1
- package/dist/analyzers/tools/grep-secrets.js +80 -60
- package/dist/analyzers/tools/grep-secrets.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +50 -0
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/baseline/create.d.ts.map +1 -1
- package/dist/baseline/create.js +18 -6
- package/dist/baseline/create.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +58 -0
- package/dist/cli.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +85 -7
- package/dist/doctor.js.map +1 -1
- package/dist/explore/cli/context.d.ts +1 -1
- package/dist/explore/cli/context.d.ts.map +1 -1
- package/dist/explore/cli/context.js +173 -4
- package/dist/explore/cli/context.js.map +1 -1
- package/dist/explore/queries.d.ts +71 -0
- package/dist/explore/queries.d.ts.map +1 -1
- package/dist/explore/queries.js +76 -0
- package/dist/explore/queries.js.map +1 -1
- package/dist/explore/source-slice.d.ts +51 -0
- package/dist/explore/source-slice.d.ts.map +1 -0
- package/dist/explore/source-slice.js +88 -0
- package/dist/explore/source-slice.js.map +1 -0
- package/dist/explore-cli.js +6 -4
- package/dist/explore-cli.js.map +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +18 -0
- package/dist/generator.js.map +1 -1
- package/dist/hooks-cli.d.ts.map +1 -1
- package/dist/hooks-cli.js +43 -0
- package/dist/hooks-cli.js.map +1 -1
- package/dist/ingest/codeql.d.ts +36 -0
- package/dist/ingest/codeql.d.ts.map +1 -0
- package/dist/ingest/codeql.js +166 -0
- package/dist/ingest/codeql.js.map +1 -0
- package/dist/ingest/config.d.ts +10 -0
- package/dist/ingest/config.d.ts.map +1 -0
- package/dist/ingest/config.js +69 -0
- package/dist/ingest/config.js.map +1 -0
- package/dist/ingest/engine-resolver.d.ts +42 -0
- package/dist/ingest/engine-resolver.d.ts.map +1 -0
- package/dist/ingest/engine-resolver.js +89 -0
- package/dist/ingest/engine-resolver.js.map +1 -0
- package/dist/ingest/normalize.d.ts +23 -0
- package/dist/ingest/normalize.d.ts.map +1 -0
- package/dist/ingest/normalize.js +18 -0
- package/dist/ingest/normalize.js.map +1 -0
- package/dist/ingest/sarif.d.ts +29 -0
- package/dist/ingest/sarif.d.ts.map +1 -0
- package/dist/ingest/sarif.js +136 -0
- package/dist/ingest/sarif.js.map +1 -0
- package/dist/ingest/snapshot.d.ts +26 -0
- package/dist/ingest/snapshot.d.ts.map +1 -0
- package/dist/ingest/snapshot.js +114 -0
- package/dist/ingest/snapshot.js.map +1 -0
- package/dist/ingest/snyk-api.d.ts +82 -0
- package/dist/ingest/snyk-api.d.ts.map +1 -0
- package/dist/ingest/snyk-api.js +114 -0
- package/dist/ingest/snyk-api.js.map +1 -0
- package/dist/ingest/snyk-cli.d.ts +22 -0
- package/dist/ingest/snyk-cli.d.ts.map +1 -0
- package/dist/ingest/snyk-cli.js +135 -0
- package/dist/ingest/snyk-cli.js.map +1 -0
- package/dist/ingest/types.d.ts +68 -0
- package/dist/ingest/types.d.ts.map +1 -0
- package/dist/ingest/types.js +3 -0
- package/dist/ingest/types.js.map +1 -0
- package/dist/ingest-cli.d.ts +21 -0
- package/dist/ingest-cli.d.ts.map +1 -0
- package/dist/ingest-cli.js +232 -0
- package/dist/ingest-cli.js.map +1 -0
- package/dist/languages/csharp.d.ts +9 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +87 -7
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +2 -0
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +21 -1
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +32 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +2 -0
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +8 -0
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +2 -0
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +2 -0
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +3 -0
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +40 -0
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +3 -0
- package/dist/languages/typescript.js.map +1 -1
- package/dist/ship-installers.d.ts +22 -0
- package/dist/ship-installers.d.ts.map +1 -1
- package/dist/ship-installers.js +83 -3
- package/dist/ship-installers.js.map +1 -1
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +8 -0
- package/dist/update.js.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +9 -0
- package/templates/.claude/skills/dxkit-config/SKILL.md +23 -0
- package/templates/.claude/skills/dxkit-docs/SKILL.md +148 -0
- package/templates/.claude/skills/dxkit-feature/SKILL.md +189 -0
- package/templates/.claude/skills/dxkit-ingest/SKILL.md +99 -0
- package/templates/.claude/skills/dxkit-update/SKILL.md +10 -0
- package/templates/.github/workflows/dxkit-deep-sast-refresh.yml +104 -0
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Pure source-slicing for `vyuh-dxkit context <file:line>`. The graph
|
|
4
|
+
* carries declaration lines but no source text, so the CLI reads the
|
|
5
|
+
* file from disk and hands the raw text here to carve out a focused,
|
|
6
|
+
* budget-bounded chunk centered on the requested line.
|
|
7
|
+
*
|
|
8
|
+
* This module is deliberately fs-free: it takes the already-read file
|
|
9
|
+
* text + a span and returns the slice, so the windowing math is
|
|
10
|
+
* unit-testable without touching the filesystem. The CLI layer
|
|
11
|
+
* (`cli/context.ts`) owns the `readFileSync`.
|
|
12
|
+
*
|
|
13
|
+
* The window is CENTERED on the requested line, not anchored to the
|
|
14
|
+
* span's top. That matters: a 700-line symbol whose budget only fits
|
|
15
|
+
* 60 lines must still show the line the caller asked about — anchoring
|
|
16
|
+
* to the declaration could fill the budget before ever reaching it.
|
|
17
|
+
*/
|
|
18
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
19
|
+
exports.extractWindow = extractWindow;
|
|
20
|
+
/** Default chars-per-token estimate for the budget→chars conversion. */
|
|
21
|
+
const CHARS_PER_TOKEN = 4;
|
|
22
|
+
function clamp(n, lo, hi) {
|
|
23
|
+
return Math.max(lo, Math.min(hi, n));
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Carve a budget-bounded window out of `fileText`, centered on
|
|
27
|
+
* `targetLine`, clamped to `[spanStart, spanEndExclusive)`. Always
|
|
28
|
+
* returns at least the target line itself (even when that single line
|
|
29
|
+
* already exceeds the budget) so the caller never gets an empty chunk
|
|
30
|
+
* for a valid location. `truncated` is true iff the returned window is
|
|
31
|
+
* a strict subset of the span (budget cut it short).
|
|
32
|
+
*/
|
|
33
|
+
function extractWindow(fileText, targetLine, opts) {
|
|
34
|
+
const all = fileText.split('\n');
|
|
35
|
+
const total = Math.max(1, all.length);
|
|
36
|
+
const charsPerToken = opts.charsPerToken ?? CHARS_PER_TOKEN;
|
|
37
|
+
const spanStart = clamp(opts.spanStart ?? 1, 1, total);
|
|
38
|
+
const spanEnd = clamp((opts.spanEndExclusive ?? total + 1) - 1, spanStart, total);
|
|
39
|
+
const spanLines = spanEnd - spanStart + 1;
|
|
40
|
+
const target = clamp(targetLine, spanStart, spanEnd);
|
|
41
|
+
const budgetChars = Math.max(1, opts.budgetTokens) * charsPerToken;
|
|
42
|
+
// +1 per line approximates the stripped newline so the char budget
|
|
43
|
+
// tracks the rendered size rather than the raw slice length.
|
|
44
|
+
const lineLen = (oneBased) => (all[oneBased - 1]?.length ?? 0) + 1;
|
|
45
|
+
let lo = target;
|
|
46
|
+
let hi = target;
|
|
47
|
+
let used = lineLen(target);
|
|
48
|
+
// Alternate expansion (down first, then up) so the window stays
|
|
49
|
+
// roughly symmetric around the target. Stop when neither neighbor
|
|
50
|
+
// fits the remaining budget — lines only grow the total, so once
|
|
51
|
+
// both immediate neighbors overflow, nothing further can fit.
|
|
52
|
+
let preferDown = true;
|
|
53
|
+
while (true) {
|
|
54
|
+
const canDown = hi < spanEnd;
|
|
55
|
+
const canUp = lo > spanStart;
|
|
56
|
+
if (!canDown && !canUp)
|
|
57
|
+
break;
|
|
58
|
+
const tryOrder = preferDown ? ['down', 'up'] : ['up', 'down'];
|
|
59
|
+
let advanced = false;
|
|
60
|
+
for (const dir of tryOrder) {
|
|
61
|
+
if (dir === 'down' && canDown && used + lineLen(hi + 1) <= budgetChars) {
|
|
62
|
+
hi++;
|
|
63
|
+
used += lineLen(hi);
|
|
64
|
+
advanced = true;
|
|
65
|
+
break;
|
|
66
|
+
}
|
|
67
|
+
if (dir === 'up' && canUp && used + lineLen(lo - 1) <= budgetChars) {
|
|
68
|
+
lo--;
|
|
69
|
+
used += lineLen(lo);
|
|
70
|
+
advanced = true;
|
|
71
|
+
break;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
if (!advanced)
|
|
75
|
+
break;
|
|
76
|
+
preferDown = !preferDown;
|
|
77
|
+
}
|
|
78
|
+
return {
|
|
79
|
+
startLine: lo,
|
|
80
|
+
endLine: hi,
|
|
81
|
+
lines: all.slice(lo - 1, hi),
|
|
82
|
+
spanStart,
|
|
83
|
+
spanEnd,
|
|
84
|
+
spanLines,
|
|
85
|
+
truncated: lo > spanStart || hi < spanEnd,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=source-slice.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"source-slice.js","sourceRoot":"","sources":["../../src/explore/source-slice.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AA4CH,sCA+DC;AAzGD,wEAAwE;AACxE,MAAM,eAAe,GAAG,CAAC,CAAC;AA6B1B,SAAS,KAAK,CAAC,CAAS,EAAE,EAAU,EAAE,EAAU;IAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,aAAa,CAC3B,QAAgB,EAChB,UAAkB,EAClB,IAAiB;IAEjB,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,eAAe,CAAC;IAE5D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,gBAAgB,IAAI,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,OAAO,GAAG,SAAS,GAAG,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,aAAa,CAAC;IAEnE,mEAAmE;IACnE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,CAAC,QAAgB,EAAU,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnF,IAAI,EAAE,GAAG,MAAM,CAAC;IAChB,IAAI,EAAE,GAAG,MAAM,CAAC;IAChB,IAAI,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE3B,gEAAgE;IAChE,kEAAkE;IAClE,iEAAiE;IACjE,8DAA8D;IAC9D,IAAI,UAAU,GAAG,IAAI,CAAC;IACtB,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,OAAO,GAAG,EAAE,GAAG,OAAO,CAAC;QAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;QAC7B,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK;YAAE,MAAM;QAE9B,MAAM,QAAQ,GAAyB,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACpF,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,GAAG,KAAK,MAAM,IAAI,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;gBACvE,EAAE,EAAE,CAAC;gBACL,IAAI,IAAI,OAAO,CAAC,EAAE,CAAC,CAAC;gBACpB,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;YACD,IAAI,GAAG,KAAK,IAAI,IAAI,KAAK,IAAI,IAAI,GAAG,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC;gBACnE,EAAE,EAAE,CAAC;gBACL,IAAI,IAAI,OAAO,CAAC,EAAE,CAAC,CAAC;gBACpB,QAAQ,GAAG,IAAI,CAAC;gBAChB,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,CAAC,QAAQ;YAAE,MAAM;QACrB,UAAU,GAAG,CAAC,UAAU,CAAC;IAC3B,CAAC;IAED,OAAO;QACL,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;QAC5B,SAAS;QACT,OAAO;QACP,SAAS;QACT,SAAS,EAAE,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,OAAO;KAC1C,CAAC;AACJ,CAAC"}
|
package/dist/explore-cli.js
CHANGED
|
@@ -110,7 +110,7 @@ async function runExplore(cwd, positionals, values) {
|
|
|
110
110
|
(0, feature_1.runFeature)(graph, positionals.slice(1), values);
|
|
111
111
|
return;
|
|
112
112
|
case 'context':
|
|
113
|
-
(0, context_1.runContext)(graph, positionals.slice(1), values);
|
|
113
|
+
(0, context_1.runContext)(graph, positionals.slice(1), values, cwd);
|
|
114
114
|
return;
|
|
115
115
|
case 'help':
|
|
116
116
|
case '--help':
|
|
@@ -195,6 +195,8 @@ Subcommands:
|
|
|
195
195
|
api-surface Exported symbols with no internal callers
|
|
196
196
|
context <query> Slim structural slice for a query (token-reduction;
|
|
197
197
|
also available as the top-level 'vyuh-dxkit context')
|
|
198
|
+
context <file:line> Focused source chunk around a location + its callers
|
|
199
|
+
/callees (read ~the enclosing symbol, not the file)
|
|
198
200
|
|
|
199
201
|
Flags (all subcommands):
|
|
200
202
|
--json Emit structured JSON envelope
|
|
@@ -202,9 +204,9 @@ Flags (all subcommands):
|
|
|
202
204
|
--refresh Force-regenerate graph.json before query
|
|
203
205
|
|
|
204
206
|
context-only flags:
|
|
205
|
-
--budget N Token ceiling on the slice (default 2000)
|
|
206
|
-
--depth N Hard ceiling on call-graph hops (default: budget-bounded)
|
|
207
|
-
--substring Broaden keyword matching to substrings
|
|
207
|
+
--budget N Token ceiling on the slice / source chunk (default 2000)
|
|
208
|
+
--depth N Hard ceiling on call-graph hops (query form; default: budget-bounded)
|
|
209
|
+
--substring Broaden keyword matching to substrings (query form)
|
|
208
210
|
|
|
209
211
|
Reads from .dxkit/reports/graph.json. Run \`vyuh-dxkit health\` first
|
|
210
212
|
to generate the artifact.
|
package/dist/explore-cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"explore-cli.js","sourceRoot":"","sources":["../src/explore-cli.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,gCA4DC;AAhGD,2DAA2C;AAC3C,qCAAqC;AACrC,gDAAkC;AAClC,yCAKwB;AACxB,2DAA0D;AAC1D,2DAA2D;AAC3D,mDAAmD;AACnD,6DAA4D;AAC5D,mDAAmD;AACnD,6CAA6C;AAC7C,uDAAsD;AAetD;;;;;GAKG;AACI,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,WAAkC,EAClC,MAAwB;IAExB,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IAED,+DAA+D;IAC/D,mEAAmE;IACnE,kEAAkE;IAClE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAEnC,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,WAAW;YACd,IAAA,uBAAW,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO;QAET,KAAK,aAAa;YAChB,IAAA,4BAAc,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACpD,OAAO;QAET,KAAK,MAAM;YACT,IAAA,cAAO,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAClD,OAAO;QAET,KAAK,cAAc;YACjB,IAAA,6BAAc,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YACzD,OAAO;QAET,KAAK,aAAa;YAChB,IAAA,2BAAa,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACnD,OAAO;QAET,KAAK,SAAS;YACZ,IAAA,oBAAU,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAChD,OAAO;QAET,KAAK,SAAS;YACZ,IAAA,oBAAU,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"explore-cli.js","sourceRoot":"","sources":["../src/explore-cli.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsCH,gCA4DC;AAhGD,2DAA2C;AAC3C,qCAAqC;AACrC,gDAAkC;AAClC,yCAKwB;AACxB,2DAA0D;AAC1D,2DAA2D;AAC3D,mDAAmD;AACnD,6DAA4D;AAC5D,mDAAmD;AACnD,6CAA6C;AAC7C,uDAAsD;AAetD;;;;;GAKG;AACI,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,WAAkC,EAClC,MAAwB;IAExB,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IAED,+DAA+D;IAC/D,mEAAmE;IACnE,kEAAkE;IAClE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAEnC,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,WAAW;YACd,IAAA,uBAAW,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACjD,OAAO;QAET,KAAK,aAAa;YAChB,IAAA,4BAAc,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACpD,OAAO;QAET,KAAK,MAAM;YACT,IAAA,cAAO,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YAClD,OAAO;QAET,KAAK,cAAc;YACjB,IAAA,6BAAc,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YACzD,OAAO;QAET,KAAK,aAAa;YAChB,IAAA,2BAAa,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACnD,OAAO;QAET,KAAK,SAAS;YACZ,IAAA,oBAAU,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YAChD,OAAO;QAET,KAAK,SAAS;YACZ,IAAA,oBAAU,EAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YACrD,OAAO;QAET,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI;YACP,gBAAgB,EAAE,CAAC;YACnB,OAAO;QAET;YACE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,UAAU,MAAM,CAAC,CAAC;YACtE,gBAAgB,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,OAAO,IAAA,gBAAS,EAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,yBAAkB,EAAE,CAAC;YACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,GAAG,YAAY,8BAAuB,EAAE,CAAC;YAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,GAAG,YAAY,wBAAiB,EAAE,CAAC;YACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,YAAY,CAAC,GAAW;IACrC,iEAAiE;IACjE,+DAA+D;IAC/D,mCAAmC;IACnC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,IAAA,0BAAK,EAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,EAAE;YACrD,KAAK,EAAE,SAAS;YAChB,GAAG;SACJ,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;;gBACrB,MAAM,CAAC,IAAI,KAAK,CAAC,sCAAsC,IAAI,EAAE,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,eAAe;IACtB,sCAAsC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACtD,IAAI,IAAA,oBAAU,EAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5C,6DAA6D;IAC7D,OAAO,4CAA4C,CAAC;AACtD,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BtB,CAAC,CAAC;AACH,CAAC"}
|
package/dist/generator.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAkInE,UAAU,cAAc;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,wBAAsB,QAAQ,CAC5B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,cAAc,EACtB,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE,OAAO,EACd,OAAO,UAAQ,EACf,eAAe,UAAQ,GACtB,OAAO,CAAC,cAAc,CAAC,CAmHzB"}
|
package/dist/generator.js
CHANGED
|
@@ -135,6 +135,24 @@ const DXKIT_SKILLS = [
|
|
|
135
135
|
// doctor, fix-gaps, baseline, hooks, branch protection, prebuild).
|
|
136
136
|
// Dispatches into the other lifecycle skills for sub-decisions.
|
|
137
137
|
'dxkit-onboard',
|
|
138
|
+
// dxkit-feature: forward-development orchestrator. Orients via the
|
|
139
|
+
// code graph (context / explore) to find where a new feature plugs
|
|
140
|
+
// in and what it touches, then runs the analyzers + guardrail on the
|
|
141
|
+
// change so net-new development doesn't ship a regression. The
|
|
142
|
+
// proactive counterpart to dxkit-action's reactive fix loop.
|
|
143
|
+
'dxkit-feature',
|
|
144
|
+
// dxkit-docs: documentation generator. Reads the Documentation
|
|
145
|
+
// dimension's gaps, orients on the real code via the graph, and
|
|
146
|
+
// writes grounded README / docstrings / API + architecture docs —
|
|
147
|
+
// re-running the slop check so generated prose doesn't trade
|
|
148
|
+
// Documentation score for Quality score.
|
|
149
|
+
'dxkit-docs',
|
|
150
|
+
// dxkit-ingest: brings an external interprocedural-SAST engine's
|
|
151
|
+
// findings (Snyk Code, CodeQL, any SARIF) into dxkit so they're
|
|
152
|
+
// fingerprinted, baselined, guardrailed, graph-linked, and fixable
|
|
153
|
+
// by dxkit-action. License-aware engine selection; quota-free Snyk
|
|
154
|
+
// read; committed snapshot so the token is needed only at ingest time.
|
|
155
|
+
'dxkit-ingest',
|
|
138
156
|
];
|
|
139
157
|
async function generate(targetDir, config, mode, force, _noScan = false, withDxkitAgents = false) {
|
|
140
158
|
const variables = (0, constants_1.buildVariables)(config);
|
package/dist/generator.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generator.js","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"generator.js","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2IA,4BA0HC;AArQD,uCAAyB;AACzB,2CAA6B;AAE7B,2CAAuE;AACvE,uDAAoD;AACpD,mCAAsD;AACtD,2CAAuD;AACvD,iDAAmC;AAEnC,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,YAAY,CAAC,CAAC;IAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,iBAAiB,CAAC,MAAsB;IAC/C,MAAM,KAAK,GAAa;QACtB,oBAAoB;QACpB,kBAAkB;QAClB,iBAAiB;QACjB,oBAAoB;QACpB,wBAAwB;QACxB,wCAAwC;QACxC,oBAAoB;KACrB,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,IAAA,oCAAwB,EAAC,MAAM,CAAC,EAAE,CAAC;QACpD,IAAI,IAAI,CAAC,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,CACL,IAAI,CAAC,SAAS,CACZ;QACE,OAAO,EAAE,wDAAwD;QACjE,WAAW,EAAE;YACX,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,EAAE;SACT;QACD,6DAA6D;QAC7D,0DAA0D;QAC1D,+DAA+D;QAC/D,6DAA6D;QAC7D,2DAA2D;QAC3D,0DAA0D;QAC1D,KAAK,EAAE;YACL,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE,WAAW;oBACpB,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,SAAS;4BACf,OAAO,EAAE,6BAA6B;yBACvC;qBACF;iBACF;aACF;SACF;KACF,EACD,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,YAAY,GAAG;IACnB,aAAa;IACb,YAAY;IACZ,cAAc;IACd,aAAa;IACb,eAAe;IACf,cAAc;IACd,uDAAuD;IACvD,mEAAmE;IACnE,mEAAmE;IACnE,kCAAkC;IAClC,WAAW;IACX,+DAA+D;IAC/D,gEAAgE;IAChE,gEAAgE;IAChE,6BAA6B;IAC7B,cAAc;IACd,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,gEAAgE;IAChE,eAAe;IACf,mEAAmE;IACnE,mEAAmE;IACnE,qEAAqE;IACrE,+DAA+D;IAC/D,6DAA6D;IAC7D,eAAe;IACf,+DAA+D;IAC/D,gEAAgE;IAChE,kEAAkE;IAClE,6DAA6D;IAC7D,yCAAyC;IACzC,YAAY;IACZ,iEAAiE;IACjE,gEAAgE;IAChE,mEAAmE;IACnE,mEAAmE;IACnE,uEAAuE;IACvE,cAAc;CACN,CAAC;AASJ,KAAK,UAAU,QAAQ,CAC5B,SAAiB,EACjB,MAAsB,EACtB,IAAoB,EACpB,KAAc,EACd,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,KAAK;IAEvB,MAAM,SAAS,GAAG,IAAA,0BAAc,EAAC,MAAM,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,IAAA,2BAAe,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAmB;QAC7B,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,QAAQ,EAAE;YACR,OAAO,EAAE,mBAAO;YAChB,IAAI;YACJ,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,MAAM;YACN,KAAK,EAAE,EAAE;SACV;KACF,CAAC;IAEF,MAAM,IAAI,GAAG,CAAC,QAAiB,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAEhF,SAAS,KAAK,CACZ,UAAkB,EAClB,OAAsB,EACtB,WAAmB,EACnB,QAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,WAAW,KAAK,SAAS;YAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACnD,IAAI,WAAW,KAAK,SAAS;YAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACxD,IAAI,WAAW,KAAK,aAAa;YAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErE,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG;YAC3B,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;YACxD,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,aAAa,CAAC,YAAoB,EAAE,SAAiB,EAAE,QAAQ,GAAG,KAAK;QACpF,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAA,iCAAe,EAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAS,EAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,KAAK,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,SAAS,UAAU,CAAC,YAAoB,EAAE,SAAiB,EAAE,QAAQ,GAAG,KAAK;QAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpE,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAEhD,2DAA2D;QAC3D,kEAAkE;QAClE,6DAA6D;QAC7D,MAAM,aAAa,CAAC,oBAAoB,EAAE,WAAW,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAE5B,kEAAkE;QAClE,6DAA6D;QAC7D,gEAAgE;QAChE,wBAAwB;QACxB,MAAM,aAAa,CAAC,oBAAoB,EAAE,WAAW,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAE5B,mEAAmE;QACnE,mEAAmE;QACnE,kBAAkB;QAClB,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAChF,KAAK,CAAC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAExC,iEAAiE;QACjE,kEAAkE;QAClE,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,UAAU,CAAC,kBAAkB,KAAK,WAAW,EAAE,kBAAkB,KAAK,WAAW,CAAC,CAAC;QACrF,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAEzC,6DAA6D;QAC7D,+DAA+D;QAC/D,qBAAqB;QACrB,KAAK,MAAM,IAAI,IAAI,IAAA,oCAAwB,EAAC,MAAM,CAAC,EAAE,CAAC;YACpD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,UAAU,CAAC,iBAAiB,IAAI,CAAC,QAAQ,EAAE,EAAE,iBAAiB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QACD,wDAAwD;QACxD,iEAAiE;QACjE,0DAA0D;QAC1D,qCAAqC;QACrC,IAAI,UAAU,CAAC,SAAS;YAAE,UAAU,CAAC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC;QAC3F,IAAI,MAAM,CAAC,SAAS,KAAK,UAAU;YACjC,UAAU,CAAC,2BAA2B,EAAE,2BAA2B,CAAC,CAAC;QACvE,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS;YAChC,UAAU,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,CAAC;QACrE,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACnC,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,cAAc;IACd,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IACxE,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAErF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/dist/hooks-cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hooks-cli.d.ts","sourceRoot":"","sources":["../src/hooks-cli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"hooks-cli.d.ts","sourceRoot":"","sources":["../src/hooks-cli.ts"],"names":[],"mappings":"AAoDA,MAAM,WAAW,mBAAmB;IAClC,2DAA2D;IAC3D,SAAS,EAAE,OAAO,CAAC;IACnB,yEAAyE;IACzE,MAAM,CAAC,EACH,gBAAgB,GAChB,aAAa,GACb,uBAAuB,GACvB,uBAAuB,GACvB,WAAW,CAAC;IAChB,4DAA4D;IAC5D,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,mBAAmB,CA6D9D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CA6BlD"}
|
package/dist/hooks-cli.js
CHANGED
|
@@ -49,7 +49,46 @@ exports.runHooksActivate = runHooksActivate;
|
|
|
49
49
|
* or `git` is missing, log a dim notice and return cleanly.
|
|
50
50
|
*/
|
|
51
51
|
const child_process_1 = require("child_process");
|
|
52
|
+
const fs = __importStar(require("fs"));
|
|
53
|
+
const path = __importStar(require("path"));
|
|
52
54
|
const logger = __importStar(require("./logger"));
|
|
55
|
+
/**
|
|
56
|
+
* Ensure every file in `.githooks/` carries the executable bit. Git
|
|
57
|
+
* SILENTLY IGNORES a hook that isn't executable (it only prints an
|
|
58
|
+
* advice hint), so a hook committed as mode 100644, or checked out on
|
|
59
|
+
* a filesystem that drops the bit, produces a hooksPath that's "set"
|
|
60
|
+
* but a guardrail that never fires. Because activation runs on every
|
|
61
|
+
* clone via the postinstall, chmod-ing here is the self-heal: each
|
|
62
|
+
* `npm install` restores the bit regardless of how the file arrived.
|
|
63
|
+
* Best-effort — a chmod failure (e.g. Windows, where executability is
|
|
64
|
+
* carried in the git index instead) must never abort activation.
|
|
65
|
+
*/
|
|
66
|
+
function ensureHooksExecutable(cwd) {
|
|
67
|
+
const hooksDir = path.join(cwd, '.githooks');
|
|
68
|
+
let entries;
|
|
69
|
+
try {
|
|
70
|
+
entries = fs.readdirSync(hooksDir);
|
|
71
|
+
}
|
|
72
|
+
catch {
|
|
73
|
+
return; // no .githooks dir — nothing to do
|
|
74
|
+
}
|
|
75
|
+
for (const name of entries) {
|
|
76
|
+
const file = path.join(hooksDir, name);
|
|
77
|
+
try {
|
|
78
|
+
const st = fs.statSync(file);
|
|
79
|
+
if (!st.isFile())
|
|
80
|
+
continue;
|
|
81
|
+
// Mirror read bits into execute (0o755-style) without clobbering
|
|
82
|
+
// existing perms: add execute wherever read is already granted.
|
|
83
|
+
const withExec = st.mode | 0o111;
|
|
84
|
+
if (withExec !== st.mode)
|
|
85
|
+
fs.chmodSync(file, withExec);
|
|
86
|
+
}
|
|
87
|
+
catch {
|
|
88
|
+
/* best-effort per file */
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
53
92
|
/**
|
|
54
93
|
* Pure-ish core: takes a cwd, returns a structured outcome. Side
|
|
55
94
|
* effects are limited to invoking `git config` against the supplied
|
|
@@ -78,6 +117,10 @@ function activateHooks(cwd) {
|
|
|
78
117
|
return { activated: false, reason: 'git-missing' };
|
|
79
118
|
return { activated: false, reason: 'not-a-git-repo' };
|
|
80
119
|
}
|
|
120
|
+
// Restore the executable bit on every activation — a non-executable
|
|
121
|
+
// hook is silently ignored by git, so this runs regardless of the
|
|
122
|
+
// hooksPath outcome below (including the steady-state re-run path).
|
|
123
|
+
ensureHooksExecutable(cwd);
|
|
81
124
|
// Read the current value (if any). `git config --get` exits 1 when
|
|
82
125
|
// the key is unset — that's the happy path for a fresh clone.
|
|
83
126
|
let previousValue;
|
package/dist/hooks-cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hooks-cli.js","sourceRoot":"","sources":["../src/hooks-cli.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"hooks-cli.js","sourceRoot":"","sources":["../src/hooks-cli.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuEA,sCA6DC;AAMD,4CA6BC;AAvKD;;;;;;;;;;;;GAYG;AACH,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAC7B,iDAAmC;AAEnC;;;;;;;;;;GAUG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAC7C,IAAI,OAAiB,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,mCAAmC;IAC7C,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE;gBAAE,SAAS;YAC3B,iEAAiE;YACjE,gEAAgE;YAChE,MAAM,QAAQ,GAAG,EAAE,CAAC,IAAI,GAAG,KAAK,CAAC;YACjC,IAAI,QAAQ,KAAK,EAAE,CAAC,IAAI;gBAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;AACH,CAAC;AAgBD;;;;GAIG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,kEAAkE;IAClE,gEAAgE;IAChE,iEAAiE;IACjE,uCAAuC;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,WAAW,EAAE,uBAAuB,CAAC,EAAE;YACtE,GAAG;YACH,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;SACpC,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YACnB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAI,GAA4B,CAAC,OAAO,IAAI,EAAE,CAAC;QACxD,gEAAgE;QAChE,iEAAiE;QACjE,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC/E,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACxD,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,oEAAoE;IACpE,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAE3B,mEAAmE;IACnE,8DAA8D;IAC9D,IAAI,aAAiC,CAAC;IACtC,IAAI,CAAC;QACH,aAAa,GAAG,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC,EAAE;YACpF,GAAG;YACH,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC;SACpC,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED,IAAI,aAAa,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,aAAa,EAAE,CAAC;IAC9E,CAAC;IAED,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,8DAA8D;QAC9D,gEAAgE;QAChE,+DAA+D;QAC/D,mBAAmB;QACnB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,aAAa,EAAE,CAAC;IAC9E,CAAC;IAED,IAAI,CAAC;QACH,IAAA,4BAAY,EAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,WAAW,CAAC,EAAE;YACxE,GAAG;YACH,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;QACH,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACnD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IACD,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,uBAAuB;YAC1B,yDAAyD;YACzD,iDAAiD;YACjD,OAAO;QACT,KAAK,uBAAuB;YAC1B,MAAM,CAAC,GAAG,CACR,kEAAkE,MAAM,CAAC,aAAa,KAAK;gBACzF,mFAAmF,CACtF,CAAC;YACF,OAAO;QACT,KAAK,gBAAgB;YACnB,MAAM,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;YAC7E,OAAO;QACT,KAAK,aAAa;YAChB,MAAM,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;YAC/D,OAAO;QACT;YACE,MAAM,CAAC,GAAG,CACR,kFAAkF,CACnF,CAAC;YACF,OAAO;IACX,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import type { ExternalFinding } from './types';
|
|
2
|
+
/** Env flag the opt-in paths (`ingest --codeql`, `tools install codeql`)
|
|
3
|
+
* set so the registry's applicability-guarded `codeql` entry resolves.
|
|
4
|
+
* Absent ⇒ CodeQL reports `n/a` and stays out of the default toolchain. */
|
|
5
|
+
export declare const CODEQL_OPTIN_ENV = "DXKIT_CODEQL";
|
|
6
|
+
/** True when CodeQL has been explicitly opted into for this process. */
|
|
7
|
+
export declare function codeqlOptedIn(): boolean;
|
|
8
|
+
/** Default security query suite for a CodeQL language id. Honors a
|
|
9
|
+
* per-pack override (`deepSast.codeqlQuerySuite`). */
|
|
10
|
+
export declare function codeqlQuerySuiteFor(lang: string, override?: string): string;
|
|
11
|
+
/** `codeql database create` argv (no shell). */
|
|
12
|
+
export declare function codeqlDbCreateArgs(lang: string, dbPath: string, sourceRoot: string): string[];
|
|
13
|
+
/** `codeql database analyze` argv (no shell). */
|
|
14
|
+
export declare function codeqlAnalyzeArgs(dbPath: string, querySuite: string, sarifPath: string): string[];
|
|
15
|
+
export interface CodeqlTarget {
|
|
16
|
+
/** CodeQL language id (e.g. `javascript`, `python`, `java`). */
|
|
17
|
+
language: string;
|
|
18
|
+
/** Optional per-pack query-suite override. */
|
|
19
|
+
querySuite?: string;
|
|
20
|
+
}
|
|
21
|
+
export interface RunCodeqlOptions {
|
|
22
|
+
cwd: string;
|
|
23
|
+
targets: CodeqlTarget[];
|
|
24
|
+
/** DB build + analyze are slow; default 30 min per phase. */
|
|
25
|
+
timeoutMs?: number;
|
|
26
|
+
/** Progress sink (one line per phase); defaults to no-op. */
|
|
27
|
+
onLog?: (msg: string) => void;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Run CodeQL across the requested languages and return the union of
|
|
31
|
+
* findings. Throws when the `codeql` binary isn't installed (with an
|
|
32
|
+
* install hint) so the caller can surface it; a language whose DB build
|
|
33
|
+
* or analysis fails is logged and skipped rather than aborting the rest.
|
|
34
|
+
*/
|
|
35
|
+
export declare function runCodeql(opts: RunCodeqlOptions): Promise<ExternalFinding[]>;
|
|
36
|
+
//# sourceMappingURL=codeql.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"codeql.d.ts","sourceRoot":"","sources":["../../src/ingest/codeql.ts"],"names":[],"mappings":"AA0BA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/C;;4EAE4E;AAC5E,eAAO,MAAM,gBAAgB,iBAAiB,CAAC;AAE/C,wEAAwE;AACxE,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;uDACuD;AACvD,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAE3E;AAED,gDAAgD;AAChD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAS7F;AAED,iDAAiD;AACjD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CAUjG;AAED,MAAM,WAAW,YAAY;IAC3B,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,6DAA6D;IAC7D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6DAA6D;IAC7D,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC/B;AAID;;;;;GAKG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA0DlF"}
|
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.CODEQL_OPTIN_ENV = void 0;
|
|
37
|
+
exports.codeqlOptedIn = codeqlOptedIn;
|
|
38
|
+
exports.codeqlQuerySuiteFor = codeqlQuerySuiteFor;
|
|
39
|
+
exports.codeqlDbCreateArgs = codeqlDbCreateArgs;
|
|
40
|
+
exports.codeqlAnalyzeArgs = codeqlAnalyzeArgs;
|
|
41
|
+
exports.runCodeql = runCodeql;
|
|
42
|
+
/**
|
|
43
|
+
* CodeQL on-demand runner.
|
|
44
|
+
*
|
|
45
|
+
* Builds a CodeQL database and runs the per-language security suite,
|
|
46
|
+
* emitting SARIF that flows through the same `parseSarif` → aggregate →
|
|
47
|
+
* graph pipeline as every other ingested engine. This is the
|
|
48
|
+
* open-source / GitHub-Advanced-Security path to interprocedural SAST
|
|
49
|
+
* (the license gate is enforced by `resolveDeepSastEngine`; this module
|
|
50
|
+
* only runs once the caller has cleared it).
|
|
51
|
+
*
|
|
52
|
+
* CodeQL is heavy — a database build plus query evaluation runs for
|
|
53
|
+
* minutes, not seconds. It is intended for CI / on-demand "deep scan",
|
|
54
|
+
* never the pre-push hook (the bundled semgrep tier owns that path).
|
|
55
|
+
*
|
|
56
|
+
* Detection + install go through the canonical tool registry (Rule 1):
|
|
57
|
+
* the runner sets the opt-in env flag so the registry's
|
|
58
|
+
* applicability-guarded `codeql` entry resolves, then calls `findTool`.
|
|
59
|
+
* The arg-builders are pure so the command shape is unit-tested without
|
|
60
|
+
* a (40-minute) real run.
|
|
61
|
+
*/
|
|
62
|
+
const fs = __importStar(require("fs"));
|
|
63
|
+
const os = __importStar(require("os"));
|
|
64
|
+
const path = __importStar(require("path"));
|
|
65
|
+
const tool_registry_1 = require("../analyzers/tools/tool-registry");
|
|
66
|
+
const runner_1 = require("../analyzers/tools/runner");
|
|
67
|
+
const sarif_1 = require("./sarif");
|
|
68
|
+
/** Env flag the opt-in paths (`ingest --codeql`, `tools install codeql`)
|
|
69
|
+
* set so the registry's applicability-guarded `codeql` entry resolves.
|
|
70
|
+
* Absent ⇒ CodeQL reports `n/a` and stays out of the default toolchain. */
|
|
71
|
+
exports.CODEQL_OPTIN_ENV = 'DXKIT_CODEQL';
|
|
72
|
+
/** True when CodeQL has been explicitly opted into for this process. */
|
|
73
|
+
function codeqlOptedIn() {
|
|
74
|
+
return process.env[exports.CODEQL_OPTIN_ENV] === '1';
|
|
75
|
+
}
|
|
76
|
+
/** Default security query suite for a CodeQL language id. Honors a
|
|
77
|
+
* per-pack override (`deepSast.codeqlQuerySuite`). */
|
|
78
|
+
function codeqlQuerySuiteFor(lang, override) {
|
|
79
|
+
return override ?? `codeql/${lang}-queries:codeql-suites/${lang}-security-extended.qls`;
|
|
80
|
+
}
|
|
81
|
+
/** `codeql database create` argv (no shell). */
|
|
82
|
+
function codeqlDbCreateArgs(lang, dbPath, sourceRoot) {
|
|
83
|
+
return [
|
|
84
|
+
'database',
|
|
85
|
+
'create',
|
|
86
|
+
dbPath,
|
|
87
|
+
`--language=${lang}`,
|
|
88
|
+
`--source-root=${sourceRoot}`,
|
|
89
|
+
'--overwrite',
|
|
90
|
+
];
|
|
91
|
+
}
|
|
92
|
+
/** `codeql database analyze` argv (no shell). */
|
|
93
|
+
function codeqlAnalyzeArgs(dbPath, querySuite, sarifPath) {
|
|
94
|
+
return [
|
|
95
|
+
'database',
|
|
96
|
+
'analyze',
|
|
97
|
+
dbPath,
|
|
98
|
+
querySuite,
|
|
99
|
+
'--format=sarifv2.1.0',
|
|
100
|
+
`--output=${sarifPath}`,
|
|
101
|
+
'--threads=0',
|
|
102
|
+
];
|
|
103
|
+
}
|
|
104
|
+
const DEFAULT_TIMEOUT_MS = 30 * 60 * 1000;
|
|
105
|
+
/**
|
|
106
|
+
* Run CodeQL across the requested languages and return the union of
|
|
107
|
+
* findings. Throws when the `codeql` binary isn't installed (with an
|
|
108
|
+
* install hint) so the caller can surface it; a language whose DB build
|
|
109
|
+
* or analysis fails is logged and skipped rather than aborting the rest.
|
|
110
|
+
*/
|
|
111
|
+
async function runCodeql(opts) {
|
|
112
|
+
// Opt in so the registry's guarded entry resolves, then detect via
|
|
113
|
+
// the canonical path (Rule 1) — never a hardcoded binary path.
|
|
114
|
+
process.env[exports.CODEQL_OPTIN_ENV] = '1';
|
|
115
|
+
const status = (0, tool_registry_1.findTool)(tool_registry_1.TOOL_DEFS.codeql, opts.cwd);
|
|
116
|
+
if (!status.available || !status.path) {
|
|
117
|
+
throw new Error('CodeQL is not installed. Run `vyuh-dxkit tools install codeql` first.');
|
|
118
|
+
}
|
|
119
|
+
const log = opts.onLog ?? (() => { });
|
|
120
|
+
const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
121
|
+
const out = [];
|
|
122
|
+
for (const target of opts.targets) {
|
|
123
|
+
const workDir = fs.mkdtempSync(path.join(os.tmpdir(), `dxkit-codeql-${target.language}-`));
|
|
124
|
+
const dbPath = path.join(workDir, 'db');
|
|
125
|
+
const sarifPath = path.join(workDir, 'results.sarif');
|
|
126
|
+
try {
|
|
127
|
+
log(`codeql: building database for ${target.language} (this can take minutes)…`);
|
|
128
|
+
const create = await (0, runner_1.runDetached)(status.path, codeqlDbCreateArgs(target.language, dbPath, opts.cwd), { cwd: opts.cwd, timeoutMs });
|
|
129
|
+
if (create.code !== 0) {
|
|
130
|
+
log(`codeql: database build failed for ${target.language} (exit ${create.code}) — skipped. ` +
|
|
131
|
+
(create.stderr.split('\n').find((l) => l.trim()) ?? ''));
|
|
132
|
+
continue;
|
|
133
|
+
}
|
|
134
|
+
const suite = codeqlQuerySuiteFor(target.language, target.querySuite);
|
|
135
|
+
log(`codeql: analyzing ${target.language} with ${suite}…`);
|
|
136
|
+
const analyze = await (0, runner_1.runDetached)(status.path, codeqlAnalyzeArgs(dbPath, suite, sarifPath), {
|
|
137
|
+
cwd: opts.cwd,
|
|
138
|
+
timeoutMs,
|
|
139
|
+
});
|
|
140
|
+
if (analyze.code !== 0) {
|
|
141
|
+
log(`codeql: analysis failed for ${target.language} (exit ${analyze.code}) — skipped.`);
|
|
142
|
+
continue;
|
|
143
|
+
}
|
|
144
|
+
let raw = '';
|
|
145
|
+
try {
|
|
146
|
+
raw = fs.readFileSync(sarifPath, 'utf-8');
|
|
147
|
+
}
|
|
148
|
+
catch {
|
|
149
|
+
raw = '';
|
|
150
|
+
}
|
|
151
|
+
const findings = (0, sarif_1.parseSarif)(raw, 'codeql');
|
|
152
|
+
log(`codeql: ${target.language} → ${findings.length} finding(s).`);
|
|
153
|
+
out.push(...findings);
|
|
154
|
+
}
|
|
155
|
+
finally {
|
|
156
|
+
try {
|
|
157
|
+
fs.rmSync(workDir, { recursive: true, force: true });
|
|
158
|
+
}
|
|
159
|
+
catch {
|
|
160
|
+
/* best-effort cleanup */
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
return out;
|
|
165
|
+
}
|
|
166
|
+
//# sourceMappingURL=codeql.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"codeql.js","sourceRoot":"","sources":["../../src/ingest/codeql.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCA,sCAEC;AAID,kDAEC;AAGD,gDASC;AAGD,8CAUC;AA0BD,8BA0DC;AAvJD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,uCAAyB;AACzB,uCAAyB;AACzB,2CAA6B;AAC7B,oEAAuE;AACvE,sDAAwD;AACxD,mCAAqC;AAGrC;;4EAE4E;AAC/D,QAAA,gBAAgB,GAAG,cAAc,CAAC;AAE/C,wEAAwE;AACxE,SAAgB,aAAa;IAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAgB,CAAC,KAAK,GAAG,CAAC;AAC/C,CAAC;AAED;uDACuD;AACvD,SAAgB,mBAAmB,CAAC,IAAY,EAAE,QAAiB;IACjE,OAAO,QAAQ,IAAI,UAAU,IAAI,0BAA0B,IAAI,wBAAwB,CAAC;AAC1F,CAAC;AAED,gDAAgD;AAChD,SAAgB,kBAAkB,CAAC,IAAY,EAAE,MAAc,EAAE,UAAkB;IACjF,OAAO;QACL,UAAU;QACV,QAAQ;QACR,MAAM;QACN,cAAc,IAAI,EAAE;QACpB,iBAAiB,UAAU,EAAE;QAC7B,aAAa;KACd,CAAC;AACJ,CAAC;AAED,iDAAiD;AACjD,SAAgB,iBAAiB,CAAC,MAAc,EAAE,UAAkB,EAAE,SAAiB;IACrF,OAAO;QACL,UAAU;QACV,SAAS;QACT,MAAM;QACN,UAAU;QACV,sBAAsB;QACtB,YAAY,SAAS,EAAE;QACvB,aAAa;KACd,CAAC;AACJ,CAAC;AAkBD,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1C;;;;;GAKG;AACI,KAAK,UAAU,SAAS,CAAC,IAAsB;IACpD,mEAAmE;IACnE,+DAA+D;IAC/D,OAAO,CAAC,GAAG,CAAC,wBAAgB,CAAC,GAAG,GAAG,CAAC;IACpC,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC3F,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,GAAG,GAAsB,EAAE,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,gBAAgB,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC3F,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,GAAG,CAAC,iCAAiC,MAAM,CAAC,QAAQ,2BAA2B,CAAC,CAAC;YACjF,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAW,EAC9B,MAAM,CAAC,IAAI,EACX,kBAAkB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,EACrD,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,CAC7B,CAAC;YACF,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACtB,GAAG,CACD,qCAAqC,MAAM,CAAC,QAAQ,UAAU,MAAM,CAAC,IAAI,eAAe;oBACtF,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAC1D,CAAC;gBACF,SAAS;YACX,CAAC;YACD,MAAM,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;YACtE,GAAG,CAAC,qBAAqB,MAAM,CAAC,QAAQ,SAAS,KAAK,GAAG,CAAC,CAAC;YAC3D,MAAM,OAAO,GAAG,MAAM,IAAA,oBAAW,EAAC,MAAM,CAAC,IAAI,EAAE,iBAAiB,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE;gBAC1F,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,SAAS;aACV,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACvB,GAAG,CAAC,+BAA+B,MAAM,CAAC,QAAQ,UAAU,OAAO,CAAC,IAAI,cAAc,CAAC,CAAC;gBACxF,SAAS;YACX,CAAC;YACD,IAAI,GAAG,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC5C,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,GAAG,EAAE,CAAC;YACX,CAAC;YACD,MAAM,QAAQ,GAAG,IAAA,kBAAU,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC3C,GAAG,CAAC,WAAW,MAAM,CAAC,QAAQ,MAAM,QAAQ,CAAC,MAAM,cAAc,CAAC,CAAC;YACnE,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACxB,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC;gBACH,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
export interface DeepSastConfig {
|
|
2
|
+
engine?: 'snyk-code' | 'codeql';
|
|
3
|
+
snyk?: {
|
|
4
|
+
orgId?: string;
|
|
5
|
+
projectId?: string;
|
|
6
|
+
};
|
|
7
|
+
}
|
|
8
|
+
/** Read `.vyuh-dxkit.json:deepSast`, or `{}` when absent/unreadable. */
|
|
9
|
+
export declare function readDeepSastConfig(cwd: string): DeepSastConfig;
|
|
10
|
+
//# sourceMappingURL=config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/ingest/config.ts"],"names":[],"mappings":"AAsBA,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,WAAW,GAAG,QAAQ,CAAC;IAChC,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/C;AAED,wEAAwE;AACxE,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAQ9D"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.readDeepSastConfig = readDeepSastConfig;
|
|
37
|
+
/**
|
|
38
|
+
* Persisted deep-SAST configuration, read from `.vyuh-dxkit.json`.
|
|
39
|
+
*
|
|
40
|
+
* So a customer configures the engine + Snyk project ONCE (committed,
|
|
41
|
+
* non-secret — the token never lives here) instead of repeating
|
|
42
|
+
* `--org`/`--project` on every `ingest`. CLI flags always override
|
|
43
|
+
* config; config overrides nothing it doesn't set.
|
|
44
|
+
*
|
|
45
|
+
* Shape (all optional):
|
|
46
|
+
* {
|
|
47
|
+
* "deepSast": {
|
|
48
|
+
* "engine": "snyk-code" | "codeql",
|
|
49
|
+
* "snyk": { "orgId": "...", "projectId": "..." }
|
|
50
|
+
* }
|
|
51
|
+
* }
|
|
52
|
+
*
|
|
53
|
+
* Fail-open: a missing or malformed manifest yields an empty config —
|
|
54
|
+
* ingestion must never break on a config-read error.
|
|
55
|
+
*/
|
|
56
|
+
const fs = __importStar(require("fs"));
|
|
57
|
+
const path = __importStar(require("path"));
|
|
58
|
+
/** Read `.vyuh-dxkit.json:deepSast`, or `{}` when absent/unreadable. */
|
|
59
|
+
function readDeepSastConfig(cwd) {
|
|
60
|
+
try {
|
|
61
|
+
const raw = fs.readFileSync(path.join(cwd, '.vyuh-dxkit.json'), 'utf-8');
|
|
62
|
+
const manifest = JSON.parse(raw);
|
|
63
|
+
return manifest.deepSast ?? {};
|
|
64
|
+
}
|
|
65
|
+
catch {
|
|
66
|
+
return {};
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=config.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/ingest/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,gDAQC;AApCD;;;;;;;;;;;;;;;;;;GAkBG;AACH,uCAAyB;AACzB,2CAA6B;AAO7B,wEAAwE;AACxE,SAAgB,kBAAkB,CAAC,GAAW;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,EAAE,OAAO,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkC,CAAC;QAClE,OAAO,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { RepoVisibility } from '../baseline/visibility';
|
|
2
|
+
/** Engines the resolver can recommend. `none` means "no licensed
|
|
3
|
+
* interprocedural engine is available — stay on the bundled
|
|
4
|
+
* community semgrep tier." */
|
|
5
|
+
export type DeepSastEngine = 'snyk-code' | 'codeql' | 'none';
|
|
6
|
+
export type DeepSastSource = 'flag' | 'snyk-configured' | 'visibility-public' | 'visibility-private';
|
|
7
|
+
export interface DeepSastDecision {
|
|
8
|
+
readonly engine: DeepSastEngine;
|
|
9
|
+
readonly source: DeepSastSource;
|
|
10
|
+
/** True when the caller MUST obtain explicit user consent before
|
|
11
|
+
* running the engine — i.e. CodeQL against a non-public repo, where
|
|
12
|
+
* free use requires GitHub Advanced Security. Ingesting an engine the
|
|
13
|
+
* customer already licenses (Snyk) never requires consent. */
|
|
14
|
+
readonly requiresConsent: boolean;
|
|
15
|
+
/** One-line human explanation of how the engine was chosen. */
|
|
16
|
+
readonly explanation: string;
|
|
17
|
+
/** Present when there is a licensing constraint the caller should
|
|
18
|
+
* surface verbatim. */
|
|
19
|
+
readonly licenseNote?: string;
|
|
20
|
+
}
|
|
21
|
+
export interface ResolveDeepSastOptions {
|
|
22
|
+
readonly cwd: string;
|
|
23
|
+
/** Explicit engine override (`--engine`). Highest precedence. */
|
|
24
|
+
readonly engineFlag?: DeepSastEngine;
|
|
25
|
+
/** Whether a Snyk token + org/project are configured (env/config).
|
|
26
|
+
* When true, ingesting the customer's own Snyk Code results is the
|
|
27
|
+
* zero-license-friction default. */
|
|
28
|
+
readonly snykConfigured?: boolean;
|
|
29
|
+
/** Injectable for tests; defaults to the real cached probe. */
|
|
30
|
+
readonly visibilityProbe?: (cwd: string) => RepoVisibility;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Resolve which deep-SAST engine to use. Precedence:
|
|
34
|
+
* 1. explicit `--engine` flag
|
|
35
|
+
* 2. a configured Snyk token (ingest the customer's own results —
|
|
36
|
+
* license-safe, no consent)
|
|
37
|
+
* 3. repo visibility: public → CodeQL (licensed for OSS); otherwise
|
|
38
|
+
* CodeQL gated behind consent (GHAS), so the caller can prompt or
|
|
39
|
+
* fall back.
|
|
40
|
+
*/
|
|
41
|
+
export declare function resolveDeepSastEngine(opts: ResolveDeepSastOptions): DeepSastDecision;
|
|
42
|
+
//# sourceMappingURL=engine-resolver.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"engine-resolver.d.ts","sourceRoot":"","sources":["../../src/ingest/engine-resolver.ts"],"names":[],"mappings":"AAsBA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAE7D;;+BAE+B;AAC/B,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE7D,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,iBAAiB,GACjB,mBAAmB,GACnB,oBAAoB,CAAC;AAEzB,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC;;;mEAG+D;IAC/D,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,+DAA+D;IAC/D,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B;4BACwB;IACxB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,iEAAiE;IACjE,QAAQ,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC;IACrC;;yCAEqC;IACrC,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAClC,+DAA+D;IAC/D,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,cAAc,CAAC;CAC5D;AAQD;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,sBAAsB,GAAG,gBAAgB,CAoDpF"}
|