auditor-lambda 0.3.40 → 0.5.0

package/dist/quota/state.js

@@ -1,148 +0,0 @@
-import { mkdir, readFile, writeFile } from "node:fs/promises";
-import { homedir } from "node:os";
-import { join } from "node:path";
-import { withFileLock } from "./fileLock.js";
-const STATE_DIR = join(homedir(), ".audit-code");
-const STATE_PATH = join(STATE_DIR, "quota-state.json");
-// A bucket needs at least this much success weight before we trust it.
-const MIN_EVIDENCE_WEIGHT = 0.5;
-export function getQuotaStatePath() {
-    return STATE_PATH;
-}
-export function decayWeight(weight, elapsedHours, halfLifeHours) {
-    if (halfLifeHours <= 0 || weight <= 0)
-        return 0;
-    return weight * Math.pow(0.5, elapsedHours / halfLifeHours);
-}
-export function applyDecayToEntry(entry, halfLifeHours) {
-    const elapsedHours = (Date.now() - new Date(entry.updated_at).getTime()) / (1000 * 60 * 60);
-    if (elapsedHours < 0.001)
-        return entry;
-    const decayed = {};
-    for (const [key, bucket] of Object.entries(entry.buckets)) {
-        decayed[key] = {
-            success_weight: decayWeight(bucket.success_weight, elapsedHours, halfLifeHours),
-            failure_weight: decayWeight(bucket.failure_weight, elapsedHours, halfLifeHours),
-        };
-    }
-    return { ...entry, buckets: decayed };
-}
-function isQuotaState(value) {
-    if (value === null || typeof value !== "object" || Array.isArray(value))
-        return false;
-    const obj = value;
-    const version = obj["version"];
-    return (version === 1 || version === 2) && typeof obj["entries"] === "object";
-}
-export async function readQuotaState() {
-    try {
-        const raw = await readFile(STATE_PATH, "utf8");
-        const parsed = JSON.parse(raw);
-        if (isQuotaState(parsed)) {
-            if (parsed.version === 1) {
-                for (const entry of Object.values(parsed.entries)) {
-                    entry.consecutive_429_count ??= 0;
-                }
-            }
-            return parsed;
-        }
-        process.stderr.write(`[quota] ignoring invalid quota state at ${STATE_PATH}: expected { version: 1|2, entries: object }\n`);
-    }
-    catch (error) {
-        if (error.code === "ENOENT") {
-            return { version: 2, entries: {} };
-        }
-        process.stderr.write(`[quota] ignoring unreadable quota state at ${STATE_PATH}: ${error instanceof Error ? error.message : String(error)}\n`);
-    }
-    return { version: 2, entries: {} };
-}
-export async function writeQuotaState(state) {
-    await mkdir(STATE_DIR, { recursive: true });
-    const normalized = { ...state, version: 2 };
-    await writeFile(STATE_PATH, JSON.stringify(normalized, null, 2) + "\n", "utf8");
-}
-/**
- * Returns the highest concurrency level for which decayed success evidence
- * exceeds failure evidence, with a minimum of 1.
- */
-export function computeMaxSafeConcurrency(entry, halfLifeHours, maxToCheck = 32) {
-    const decayed = applyDecayToEntry(entry, halfLifeHours);
-    let maxSafe = 1;
-    for (let n = 1; n <= maxToCheck; n++) {
-        const bucket = decayed.buckets[String(n)];
-        if (!bucket)
-            break;
-        if (bucket.success_weight >= MIN_EVIDENCE_WEIGHT &&
-            bucket.success_weight > bucket.failure_weight) {
-            maxSafe = n;
-        }
-        else {
-            break;
-        }
-    }
-    return maxSafe;
-}
-const RAMP_UP_MIN_SUCCESSES = 2;
-export function computeRampUpConcurrency(entry, halfLifeHours, maxToCheck = 32) {
-    const maxSafe = computeMaxSafeConcurrency(entry, halfLifeHours, maxToCheck);
-    const decayed = applyDecayToEntry(entry, halfLifeHours);
-    const bucket = decayed.buckets[String(maxSafe)];
-    if (bucket &&
-        bucket.success_weight >= RAMP_UP_MIN_SUCCESSES &&
-        bucket.failure_weight === 0) {
-        return maxSafe + 1;
-    }
-    return maxSafe;
-}
-function blankEntry() {
-    return { updated_at: new Date().toISOString(), buckets: {}, cooldown_until: null, last_429_at: null };
-}
-const BASE_COOLDOWN_MS = 60_000;
-const MAX_COOLDOWN_MS = 15 * 60_000;
-export function computeBackoffCooldownMs(consecutive429Count) {
-    const ms = BASE_COOLDOWN_MS * Math.pow(2, Math.max(0, consecutive429Count - 1));
-    return Math.min(ms, MAX_COOLDOWN_MS);
-}
-export function computeBackoffFailureWeight(consecutive429Count) {
-    return 1.0 + 0.5 * Math.max(0, consecutive429Count - 1);
-}
-const LOCK_PATH = STATE_PATH + ".lock";
-export async function recordWaveOutcome(providerModelKey, outcome, halfLifeHours) {
-    await withFileLock(LOCK_PATH, () => recordWaveOutcomeUnsafe(providerModelKey, outcome, halfLifeHours));
-}
-async function recordWaveOutcomeUnsafe(providerModelKey, outcome, halfLifeHours) {
-    const state = await readQuotaState();
-    const entry = applyDecayToEntry(state.entries[providerModelKey] ?? blankEntry(), halfLifeHours);
-    if (outcome.outcome === "success") {
-        entry.consecutive_429_count = 0;
-        for (let n = 1; n <= outcome.concurrency; n++) {
-            const bucket = entry.buckets[String(n)] ?? { success_weight: 0, failure_weight: 0 };
-            bucket.success_weight += 1.0;
-            entry.buckets[String(n)] = bucket;
-        }
-    }
-    else {
-        const prev429Count = entry.consecutive_429_count ?? 0;
-        const new429Count = outcome.outcome === "rate_limited" ? prev429Count + 1 : prev429Count;
-        entry.consecutive_429_count = new429Count;
-        entry.last_429_at = new Date().toISOString();
-        if (outcome.outcome === "rate_limited" && new429Count > 0) {
-            const backoffMs = computeBackoffCooldownMs(new429Count);
-            entry.cooldown_until = new Date(Date.now() + backoffMs).toISOString();
-        }
-        else if (outcome.cooldown_until) {
-            entry.cooldown_until = outcome.cooldown_until;
-        }
-        const failureWeight = outcome.outcome === "rate_limited"
-            ? computeBackoffFailureWeight(new429Count)
-            : 1.0;
-        for (let n = outcome.concurrency; n <= outcome.concurrency + 4; n++) {
-            const bucket = entry.buckets[String(n)] ?? { success_weight: 0, failure_weight: 0 };
-            bucket.failure_weight += failureWeight;
-            entry.buckets[String(n)] = bucket;
-        }
-    }
-    entry.updated_at = new Date().toISOString();
-    state.entries[providerModelKey] = entry;
-    await writeQuotaState(state);
-}

package/dist/quota/types.d.ts

@@ -1,67 +0,0 @@
-export type LimitSource = "explicit_config" | "cli_flags" | "known_metadata" | "learned" | "default";
-export type LimitConfidence = "high" | "medium" | "low";
-export type HostConcurrencyLimitSource = "cli_flags" | "session_config" | "environment";
-export interface HostConcurrencyLimit {
-    active_subagents: number;
-    source: HostConcurrencyLimitSource;
-    description: string;
-}
-export interface ResolvedLimits {
-    context_tokens: number;
-    output_tokens: number;
-    requests_per_minute: number | null;
-    input_tokens_per_minute: number | null;
-    output_tokens_per_minute: number | null;
-}
-export interface ConcurrencyBucket {
-    success_weight: number;
-    failure_weight: number;
-}
-export interface QuotaStateEntry {
-    updated_at: string;
-    buckets: Record<string, ConcurrencyBucket>;
-    cooldown_until: string | null;
-    last_429_at: string | null;
-    consecutive_429_count?: number;
-}
-export interface QuotaState {
-    version: 1 | 2;
-    entries: Record<string, QuotaStateEntry>;
-}
-export interface WaveSchedule {
-    wave_size: number;
-    estimated_wave_tokens: number;
-    cooldown_until: string | null;
-    confidence: LimitConfidence;
-    source: LimitSource;
-    resolved_limits: ResolvedLimits;
-    host_concurrency_limit: HostConcurrencyLimit | null;
-    model: string | null;
-    quota_source_snapshot?: import("./quotaSource.js").QuotaUsageSnapshot | null;
-}
-export interface BackoffState {
-    consecutive_429_count: number;
-    current_cooldown_ms: number;
-    current_failure_weight: number;
-}
-export interface DispatchQuota {
-    contract_version: "audit-code-dispatch-quota/v1alpha1" | "audit-code-dispatch-quota/v1alpha2";
-    run_id: string;
-    model: string | null;
-    resolved_limits: ResolvedLimits;
-    confidence: LimitConfidence;
-    source: LimitSource;
-    host_concurrency_limit: HostConcurrencyLimit | null;
-    wave_size: number;
-    estimated_wave_tokens: number;
-    cooldown_until: string | null;
-    quota_source_snapshot?: import("./quotaSource.js").QuotaUsageSnapshot | null;
-    backoff_state?: BackoffState | null;
-}
-export interface ObservedWaveOutcome {
-    concurrency: number;
-    estimated_tokens: number;
-    outcome: "success" | "rate_limited" | "timeout";
-    cooldown_until?: string | null;
-    reset_at?: string | null;
-}

package/dist/quota/types.js

@@ -1 +0,0 @@
-export {};

package/dist/reporting/rootCause.d.ts

@@ -1,10 +0,0 @@
-import type { Finding } from "../types.js";
-import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
-import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
-export interface RootCauseCluster {
-    id: string;
-    title: string;
-    summary: string;
-    finding_ids: string[];
-}
-export declare function buildRootCauseClusters(findings: Finding[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): RootCauseCluster[];

package/dist/reporting/rootCause.js

@@ -1,146 +0,0 @@
-function severityRank(severity) {
-    switch (severity) {
-        case "critical":
-            return 5;
-        case "high":
-            return 4;
-        case "medium":
-            return 3;
-        case "low":
-            return 2;
-        case "info":
-            return 1;
-    }
-}
-function summarizeRuntime(report) {
-    if (!report) {
-        return "No runtime validation evidence attached.";
-    }
-    const counts = new Map();
-    for (const result of report.results) {
-        counts.set(result.status, (counts.get(result.status) ?? 0) + 1);
-    }
-    return [...counts.entries()]
-        .map(([status, count]) => `${status}:${count}`)
-        .join(", ");
-}
-function summarizeExternal(results) {
-    if (!results)
-        return "No external analyzer signals attached.";
-    return `${results.tool}:${results.results.length}`;
-}
-const STOP_WORDS = new Set([
-    "a",
-    "an",
-    "and",
-    "are",
-    "be",
-    "by",
-    "for",
-    "from",
-    "in",
-    "into",
-    "is",
-    "missing",
-    "not",
-    "of",
-    "on",
-    "or",
-    "that",
-    "the",
-    "this",
-    "to",
-    "under",
-    "when",
-    "with",
-]);
-function normalizeToken(token) {
-    if (token.endsWith("ies") && token.length > 4) {
-        return `${token.slice(0, -3)}y`;
-    }
-    if (token.endsWith("ing") && token.length > 6) {
-        return token.slice(0, -3);
-    }
-    if (token.endsWith("ed") && token.length > 5) {
-        return token.slice(0, -2);
-    }
-    if (token.endsWith("s") && token.length > 4) {
-        return token.slice(0, -1);
-    }
-    return token;
-}
-function extractSemanticTerms(finding) {
-    const source = [
-        finding.title,
-        finding.summary,
-        ...(finding.evidence ?? []).slice(0, 2),
-    ]
-        .join(" ")
-        .toLowerCase()
-        .replace(/[^a-z0-9]+/g, " ");
-    const terms = source
-        .split(/\s+/)
-        .map(normalizeToken)
-        .filter((token) => token.length >= 3 &&
-        !STOP_WORDS.has(token) &&
-        token !== finding.lens &&
-        token !== finding.category &&
-        !/^\d+$/.test(token));
-    return [...new Set(terms)];
-}
-function clusterKey(finding) {
-    const semanticTerms = extractSemanticTerms(finding).slice(0, 3).join(" ");
-    return `${finding.lens}:${finding.category}:${semanticTerms || finding.title.toLowerCase()}`;
-}
-function representativeFinding(grouped) {
-    return [...grouped].sort((a, b) => {
-        const severityDelta = severityRank(b.severity) - severityRank(a.severity);
-        if (severityDelta !== 0)
-            return severityDelta;
-        const systemicDelta = Number(Boolean(b.systemic)) - Number(Boolean(a.systemic));
-        if (systemicDelta !== 0)
-            return systemicDelta;
-        return a.title.localeCompare(b.title);
-    })[0];
-}
-function titleForCluster(grouped) {
-    return representativeFinding(grouped).title;
-}
-function summarizeFiles(grouped) {
-    const paths = [
-        ...new Set(grouped.flatMap((finding) => finding.affected_files.map((file) => file.path))),
-    ].sort();
-    if (paths.length === 0) {
-        return "no representative files recorded";
-    }
-    if (paths.length <= 3) {
-        return paths.join(", ");
-    }
-    return `${paths.slice(0, 3).join(", ")}, +${paths.length - 3} more`;
-}
-export function buildRootCauseClusters(findings, runtimeReport, externalAnalyzerResults) {
-    const groups = new Map();
-    for (const finding of findings) {
-        const key = clusterKey(finding);
-        const existing = groups.get(key) ?? [];
-        existing.push(finding);
-        groups.set(key, existing);
-    }
-    const runtimeSummary = summarizeRuntime(runtimeReport);
-    const externalSummary = summarizeExternal(externalAnalyzerResults);
-    return [...groups.entries()]
-        .map(([key, grouped], index) => {
-        const representative = representativeFinding(grouped);
-        const systemicCount = grouped.filter((finding) => finding.systemic).length;
-        const theme = key.split(":").slice(2).join(":") || representative.title;
-        return {
-            id: `cluster-${index + 1}`,
-            title: titleForCluster(grouped),
-            summary: `Theme "${theme}" groups ${grouped.length} finding(s) across ${summarizeFiles(grouped)}; ` +
-                `highest severity ${representative.severity}; systemic flags ${systemicCount}. ` +
-                `Runtime validation status: ${runtimeSummary}. External analyzer summary: ${externalSummary}.`,
-            finding_ids: grouped.map((finding) => finding.id),
-        };
-    })
-        .sort((a, b) => a.title.localeCompare(b.title));
-}

package/dist/types/disposition.d.ts

@@ -1,9 +0,0 @@
-export type FileDispositionStatus = "included" | "excluded" | "generated" | "vendor" | "binary" | "doc_only";
-export interface FileDispositionItem {
-    path: string;
-    status: FileDispositionStatus;
-    reason?: string;
-}
-export interface FileDisposition {
-    files: FileDispositionItem[];
-}

package/dist/types/disposition.js

@@ -1 +0,0 @@
-export {};

package/dist/types/flows.d.ts

@@ -1,17 +0,0 @@
-export declare const FLOW_CONFIDENCE_LEVELS: readonly ["high", "low"];
-export type FlowConfidenceLevel = (typeof FLOW_CONFIDENCE_LEVELS)[number];
-/** A critical user or system flow that must be covered by the audit. */
-export interface CriticalFlow {
-    id: string;
-    name: string;
-    entrypoints: string[];
-    paths: string[];
-    concerns: string[];
-    confidence?: FlowConfidenceLevel;
-    notes?: string[];
-}
-/** The set of critical flows inferred from intake artifacts. */
-export interface CriticalFlowManifest {
-    flows: CriticalFlow[];
-    fallback_required?: boolean;
-}

package/dist/types/flows.js

@@ -1 +0,0 @@
-export const FLOW_CONFIDENCE_LEVELS = ["high", "low"];

package/dist/types/graph.d.ts

@@ -1,22 +0,0 @@
-export interface GraphEdge {
-    from: string;
-    to: string;
-    kind?: string;
-    direction?: "directed" | "undirected";
-    confidence?: number;
-    reason?: string;
-}
-export interface RouteEdge {
-    path: string;
-    handler: string;
-    method?: string;
-}
-export interface GraphBundle {
-    graphs: {
-        imports?: GraphEdge[];
-        calls?: GraphEdge[];
-        references?: GraphEdge[];
-        routes?: RouteEdge[];
-        [key: string]: unknown;
-    };
-}

package/dist/types/graph.js

@@ -1 +0,0 @@
-export {};

package/dist/types/risk.d.ts

@@ -1,9 +0,0 @@
-export interface RiskItem {
-    unit_id: string;
-    risk_score: number;
-    signals: string[];
-    notes?: string[];
-}
-export interface RiskRegister {
-    items: RiskItem[];
-}

package/dist/types/risk.js

@@ -1 +0,0 @@
-export {};

package/dist/types/runLedger.d.ts

@@ -1,17 +0,0 @@
-export declare const RUN_LEDGER_STATUSES: readonly ["completed", "blocked", "failed", "no_progress"];
-export type RunLedgerStatus = (typeof RUN_LEDGER_STATUSES)[number];
-/** One persisted supervisor run entry, including the terminal worker outcome. */
-export interface RunLedgerEntry {
-    run_id: string;
-    provider: string;
-    obligation_id: string | null;
-    selected_executor: string | null;
-    status: RunLedgerStatus;
-    started_at: string;
-    ended_at: string;
-    result_path: string;
-}
-/** Append-only ledger used to explain how the audit advanced over time. */
-export interface RunLedger {
-    runs: RunLedgerEntry[];
-}

package/dist/types/runLedger.js

@@ -1,6 +0,0 @@
-export const RUN_LEDGER_STATUSES = [
-    "completed",
-    "blocked",
-    "failed",
-    "no_progress",
-];

package/dist/types/sessionConfig.d.ts

@@ -1,79 +0,0 @@
-export declare const PROVIDER_NAMES: readonly ["auto", "local-subprocess", "subprocess-template", "claude-code", "opencode", "vscode-task"];
-export type ProviderName = (typeof PROVIDER_NAMES)[number];
-export type ResolvedProviderName = Exclude<ProviderName, "auto">;
-export declare const SESSION_UI_MODES: readonly ["visible", "headless"];
-export type SessionUiMode = (typeof SESSION_UI_MODES)[number];
-export interface SubprocessTemplateConfig {
-    command_template: string[];
-    env?: Record<string, string>;
-}
-export interface ClaudeCodeConfig {
-    command?: string;
-    extra_args?: string[];
-    dangerously_skip_permissions?: boolean;
-}
-export interface OpenCodeConfig {
-    command?: string;
-    extra_args?: string[];
-}
-export interface VSCodeTaskConfig {
-    command_template: string[];
-    env?: Record<string, string>;
-}
-export interface QuotaModelLimits {
-    context_tokens?: number;
-    output_tokens?: number;
-    requests_per_minute?: number;
-    input_tokens_per_minute?: number;
-    output_tokens_per_minute?: number;
-}
-export interface QuotaConfig {
-    /** Set to false to disable all quota scheduling (default: true). */
-    enabled?: boolean;
-    /** Whether to probe the provider for live limits (default: "auto"). */
-    probe?: "auto" | "never" | "force";
-    /** Fraction of known limits to actually use (default: 0.8). */
-    safety_margin?: number;
-    /** Concurrency ceiling for hosted providers with no learned data (default: 1). */
-    unknown_hosted_concurrency?: number;
-    /** Concurrency for local providers with no learned data (default: "unlimited"). */
-    unknown_local_concurrency?: number | "unlimited";
-    /** Assumed context window when the model is not recognized (default: 32000). */
-    default_context_tokens?: number;
-    /** Tokens reserved for model output per request (default: 4096). */
-    reserved_output_tokens?: number;
-    /** Half-life of empirical success/failure evidence in hours (default: 24). */
-    empirical_half_life_hours?: number;
-    /** Allow the scheduler to try concurrency maxSafe+1 after consecutive successes (default: true). */
-    ramp_up_enabled?: boolean;
-    /** Conservative concurrency cap for the first wave when no learned history
-     *  and no discovered RPM/TPM limits exist (default: 3). */
-    first_contact_concurrency?: number;
-    /** Hard host ceiling for simultaneously active conversation subagents. */
-    host_active_subagent_limit?: number;
-    /** Per-model overrides keyed by "provider/model". */
-    models?: Record<string, QuotaModelLimits>;
-}
-export declare const PROVIDER_SECTION_KEYS: {
-    readonly "subprocess-template": "subprocess_template";
-    readonly "claude-code": "claude_code";
-    readonly opencode: "opencode";
-    readonly "vscode-task": "vscode_task";
-};
-/**
- * Provider names use CLI-friendly hyphenation, while nested provider config
- * sections stay snake_case because they serialize directly into JSON files.
- */
-export interface SessionConfig {
-    provider?: ProviderName;
-    timeout_ms?: number;
-    ui_mode?: SessionUiMode;
-    host_can_dispatch_subagents?: boolean;
-    subprocess_template?: SubprocessTemplateConfig;
-    claude_code?: ClaudeCodeConfig;
-    opencode?: OpenCodeConfig;
-    vscode_task?: VSCodeTaskConfig;
-    agent_task_batch_size?: number;
-    parallel_workers?: number;
-    quota?: QuotaConfig;
-}

package/dist/types/sessionConfig.js

@@ -1,15 +0,0 @@
-export const PROVIDER_NAMES = [
-    "auto",
-    "local-subprocess",
-    "subprocess-template",
-    "claude-code",
-    "opencode",
-    "vscode-task",
-];
-export const SESSION_UI_MODES = ["visible", "headless"];
-export const PROVIDER_SECTION_KEYS = {
-    "subprocess-template": "subprocess_template",
-    "claude-code": "claude_code",
-    opencode: "opencode",
-    "vscode-task": "vscode_task",
-};

package/dist/types/surfaces.d.ts

@@ -1,15 +0,0 @@
-export declare const SURFACE_KINDS: readonly ["interface", "background"];
-export type SurfaceKind = (typeof SURFACE_KINDS)[number];
-/** Discovered execution surfaces that define where the product can be reached. */
-export interface SurfaceRecord {
-    id: string;
-    kind: SurfaceKind;
-    entrypoint: string;
-    exposure?: string;
-    methods?: string[];
-    notes?: string[];
-}
-/** Intake output that summarizes externally reachable product surfaces. */
-export interface SurfaceManifest {
-    surfaces: SurfaceRecord[];
-}

package/dist/types/surfaces.js

@@ -1 +0,0 @@
-export const SURFACE_KINDS = ["interface", "background"];

package/dist/validation/basic.d.ts

@@ -1,13 +0,0 @@
-export type ValidationSeverity = "error" | "warning";
-export interface ValidationIssue {
-    path: string;
-    message: string;
-    severity: ValidationSeverity;
-}
-export declare function describeValue(value: unknown): string;
-export declare function isRecord(value: unknown): value is Record<string, unknown>;
-export declare function createValidationIssue(path: string, message: string, severity?: ValidationSeverity): ValidationIssue;
-export declare function pushValidationIssue(issues: ValidationIssue[], path: string, message: string, severity?: ValidationSeverity): void;
-export declare function prefixValidationIssues(prefix: string, issues: ValidationIssue[]): ValidationIssue[];
-export declare function formatValidationIssues(issues: ValidationIssue[]): string;
-export declare function requireKeys(value: unknown, path: string, keys: readonly string[]): ValidationIssue[];

package/dist/validation/basic.js

@@ -1,46 +0,0 @@
-export function describeValue(value) {
-    if (Array.isArray(value)) {
-        return "array";
-    }
-    if (value === null) {
-        return "null";
-    }
-    return typeof value;
-}
-export function isRecord(value) {
-    return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-export function createValidationIssue(path, message, severity = "error") {
-    return { path, message, severity };
-}
-export function pushValidationIssue(issues, path, message, severity = "error") {
-    issues.push(createValidationIssue(path, message, severity));
-}
-export function prefixValidationIssues(prefix, issues) {
-    return issues.map((issue) => ({
-        ...issue,
-        path: issue.path.length === 0
-            ? prefix
-            : issue.path === prefix || issue.path.startsWith(`${prefix}.`)
-                ? issue.path
-                : `${prefix}.${issue.path}`,
-    }));
-}
-export function formatValidationIssues(issues) {
-    return issues
-        .map((issue) => `  [${issue.severity}] ${issue.path}: ${issue.message}`)
-        .join("\n");
-}
-export function requireKeys(value, path, keys) {
-    const issues = [];
-    if (!isRecord(value)) {
-        pushValidationIssue(issues, path, `Expected an object, got ${describeValue(value)}.`);
-        return issues;
-    }
-    for (const key of keys) {
-        if (!(key in value)) {
-            pushValidationIssue(issues, path, `Missing required key: ${key}`);
-        }
-    }
-    return issues;
-}