circle-ir 3.2.0 → 3.3.1

package/dist/utils/logger.js

@@ -1,198 +1,125 @@
 /**
- * Centralized logging module using pino.
+ * Centralized logging module with dependency injection.
+ *
+ * By default uses a simple console-based logger (zero dependencies).
+ * Consumers can inject a custom logger (e.g. pino) via setLogger().
  *
  * Usage:
  *   import { logger } from './utils/logger.js';
  *   logger.info('Processing file', { file: 'test.java' });
  *   logger.error('Failed to parse', { error: err.message });
  *
+ * Injecting a custom logger (e.g. from circle-pack):
+ *   import pino from 'pino';
+ *   import { setLogger } from 'circle-ir';
+ *   setLogger(pino({ level: 'debug' }));
+ *
  * Log Levels (in order of severity):
  *   - trace: Very detailed debugging
  *   - debug: Debugging information
- *   - info: General information (default for CLI)
+ *   - info: General information (default)
  *   - warn: Warnings
  *   - error: Errors
  *   - fatal: Fatal errors
  *   - silent: No logging
- *
- * Configuration:
- *   - Set LOG_LEVEL env var to change level
- *   - Set LOG_FORMAT=json for JSON output (default in non-TTY)
- *   - Set LOG_FORMAT=pretty for human-readable output
  */
-import pino from 'pino';
-// Default configuration
-const DEFAULT_CONFIG = {
-    level: process.env.LOG_LEVEL || 'info',
-    pretty: process.env.LOG_FORMAT === 'pretty' || (process.stdout.isTTY && process.env.LOG_FORMAT !== 'json'),
-    name: 'circle-ir',
+const LOG_LEVELS = {
+    trace: 0,
+    debug: 1,
+    info: 2,
+    warn: 3,
+    error: 4,
+    fatal: 5,
+    silent: 6,
 };
-let currentConfig = { ...DEFAULT_CONFIG };
-let loggerInstance = null;
-/**
- * Create pino logger options from config
- */
-function createLoggerOptions(config) {
-    const options = {
-        name: config.name,
-        level: config.level || 'info',
-    };
-    // Add pretty printing for TTY or when explicitly requested
-    if (config.pretty) {
-        options.transport = {
-            target: 'pino-pretty',
-            options: {
-                colorize: true,
-                translateTime: 'SYS:standard',
-                ignore: 'pid,hostname',
-                messageFormat: '{msg}',
-                singleLine: true,
-            },
-        };
-    }
-    return options;
+let currentLevel = 'info';
+let customLogger = null;
+function shouldLog(level) {
+    return LOG_LEVELS[level] >= LOG_LEVELS[currentLevel];
 }
 /**
- * Get the singleton logger instance
+ * Configure the logger. Should be called early in application startup.
  */
-function getLogger() {
-    if (!loggerInstance) {
-        const options = createLoggerOptions(currentConfig);
-        // Write to stderr to avoid polluting stdout for CLI tools
-        if (options.transport) {
-            // When using transport (pino-pretty), specify destination in options
-            options.transport.options = {
-                ...options.transport.options,
-                destination: 2, // stderr file descriptor
-            };
-            loggerInstance = pino(options);
-        }
-        else {
-            loggerInstance = pino(options, process.stderr);
-        }
+export function configureLogger(config) {
+    if (config.level) {
+        currentLevel = config.level;
     }
-    return loggerInstance;
 }
 /**
- * Configure the logger. Should be called early in application startup.
- * Subsequent calls will reconfigure the logger.
+ * Inject a custom logger implementation (e.g. pino).
+ * The custom logger receives all log calls regardless of level filtering —
+ * it is expected to handle its own level filtering.
  */
-export function configureLogger(config) {
-    currentConfig = { ...currentConfig, ...config };
-    const options = createLoggerOptions(currentConfig);
-    // Write to stderr to avoid polluting stdout for CLI tools
-    if (options.transport) {
-        options.transport.options = {
-            ...options.transport.options,
-            destination: 2, // stderr file descriptor
-        };
-        loggerInstance = pino(options);
-    }
-    else {
-        loggerInstance = pino(options, process.stderr);
-    }
+export function setLogger(instance) {
+    customLogger = instance;
 }
 /**
  * Set the log level dynamically
  */
 export function setLogLevel(level) {
-    currentConfig.level = level;
-    if (loggerInstance) {
-        loggerInstance.level = level;
-    }
+    currentLevel = level;
 }
 /**
  * Get the current log level
  */
 export function getLogLevel() {
-    return currentConfig.level || 'info';
-}
-/**
- * Create a child logger with additional context
- */
-export function createChildLogger(bindings) {
-    return getLogger().child(bindings);
+    return currentLevel;
 }
 /**
  * The main logger instance.
  * Use this for all logging throughout the application.
  */
 export const logger = {
-    /**
-     * Log at trace level (most verbose)
-     */
     trace: (msg, obj) => {
-        if (obj) {
-            getLogger().trace(obj, msg);
-        }
-        else {
-            getLogger().trace(msg);
+        if (customLogger) {
+            customLogger.trace(msg, obj);
+            return;
         }
+        if (shouldLog('trace'))
+            console.debug(obj ? `[TRACE] ${msg} ${JSON.stringify(obj)}` : `[TRACE] ${msg}`);
     },
-    /**
-     * Log at debug level
-     */
     debug: (msg, obj) => {
-        if (obj) {
-            getLogger().debug(obj, msg);
-        }
-        else {
-            getLogger().debug(msg);
+        if (customLogger) {
+            customLogger.debug(msg, obj);
+            return;
         }
+        if (shouldLog('debug'))
+            console.debug(obj ? `[DEBUG] ${msg} ${JSON.stringify(obj)}` : `[DEBUG] ${msg}`);
     },
-    /**
-     * Log at info level (default)
-     */
     info: (msg, obj) => {
-        if (obj) {
-            getLogger().info(obj, msg);
-        }
-        else {
-            getLogger().info(msg);
+        if (customLogger) {
+            customLogger.info(msg, obj);
+            return;
         }
+        if (shouldLog('info'))
+            console.log(obj ? `[INFO] ${msg} ${JSON.stringify(obj)}` : `[INFO] ${msg}`);
     },
-    /**
-     * Log at warn level
-     */
     warn: (msg, obj) => {
-        if (obj) {
-            getLogger().warn(obj, msg);
-        }
-        else {
-            getLogger().warn(msg);
+        if (customLogger) {
+            customLogger.warn(msg, obj);
+            return;
         }
+        if (shouldLog('warn'))
+            console.warn(obj ? `[WARN] ${msg} ${JSON.stringify(obj)}` : `[WARN] ${msg}`);
     },
-    /**
-     * Log at error level
-     */
     error: (msg, obj) => {
-        if (obj) {
-            getLogger().error(obj, msg);
-        }
-        else {
-            getLogger().error(msg);
+        if (customLogger) {
+            customLogger.error(msg, obj);
+            return;
         }
+        if (shouldLog('error'))
+            console.error(obj ? `[ERROR] ${msg} ${JSON.stringify(obj)}` : `[ERROR] ${msg}`);
     },
-    /**
-     * Log at fatal level (most severe)
-     */
     fatal: (msg, obj) => {
-        if (obj) {
-            getLogger().fatal(obj, msg);
-        }
-        else {
-            getLogger().fatal(msg);
+        if (customLogger) {
+            customLogger.fatal(msg, obj);
+            return;
         }
+        if (shouldLog('fatal'))
+            console.error(obj ? `[FATAL] ${msg} ${JSON.stringify(obj)}` : `[FATAL] ${msg}`);
     },
-    /**
-     * Create a child logger with additional context
-     */
-    child: (bindings) => createChildLogger(bindings),
-    /**
-     * Check if a level is enabled
-     */
     isLevelEnabled: (level) => {
-        return getLogger().isLevelEnabled(level);
+        return shouldLog(level);
     },
 };
 //# sourceMappingURL=logger.js.map

package/dist/utils/logger.js.map

@@ -1 +1 @@
-{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,IAA+B,MAAM,MAAM,CAAC;AAUnD,wBAAwB;AACxB,MAAM,cAAc,GAAiB;IACnC,KAAK,EAAG,OAAO,CAAC,GAAG,CAAC,SAAsB,IAAI,MAAM;IACpD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,MAAM,CAAC;IAC1G,IAAI,EAAE,WAAW;CAClB,CAAC;AAEF,IAAI,aAAa,GAAiB,EAAE,GAAG,cAAc,EAAE,CAAC;AACxD,IAAI,cAAc,GAAkB,IAAI,CAAC;AAEzC;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAoB;IAC/C,MAAM,OAAO,GAAkB;QAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,MAAM;KAC9B,CAAC;IAEF,2DAA2D;IAC3D,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,SAAS,GAAG;YAClB,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE;gBACP,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,cAAc;gBAC7B,MAAM,EAAE,cAAc;gBACtB,aAAa,EAAE,OAAO;gBACtB,UAAU,EAAE,IAAI;aACjB;SACF,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,SAAS;IAChB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;QACnD,0DAA0D;QAC1D,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,qEAAqE;YACrE,OAAO,CAAC,SAAS,CAAC,OAAO,GAAG;gBAC1B,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO;gBAC5B,WAAW,EAAE,CAAC,EAAE,yBAAyB;aAC1C,CAAC;YACF,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,MAA6B;IAC3D,aAAa,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;IACnD,0DAA0D;IAC1D,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,OAAO,CAAC,SAAS,CAAC,OAAO,GAAG;YAC1B,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO;YAC5B,WAAW,EAAE,CAAC,EAAE,yBAAyB;SAC1C,CAAC;QACF,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,cAAc,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAe;IACzC,aAAa,CAAC,KAAK,GAAG,KAAK,CAAC;IAC5B,IAAI,cAAc,EAAE,CAAC;QACnB,cAAc,CAAC,KAAK,GAAG,KAAK,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,aAAa,CAAC,KAAK,IAAI,MAAM,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAiC;IACjE,OAAO,SAAS,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB;;OAEG;IACH,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACnD,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACnD,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,EAAE,CAAC,QAAiC,EAAE,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC;IAEzE;;OAEG;IACH,cAAc,EAAE,CAAC,KAAe,EAAW,EAAE;QAC3C,OAAO,SAAS,EAAE,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;CACF,CAAC"}
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAsBH,MAAM,UAAU,GAA6B;IAC3C,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;IACR,IAAI,EAAE,CAAC;IACP,IAAI,EAAE,CAAC;IACP,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;CACV,CAAC;AAEF,IAAI,YAAY,GAAa,MAAM,CAAC;AACpC,IAAI,YAAY,GAA0B,IAAI,CAAC;AAE/C,SAAS,SAAS,CAAC,KAAe;IAChC,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAA6B;IAC3D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC;IAC9B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,QAAwB;IAChD,YAAY,GAAG,QAAQ,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAe;IACzC,YAAY,GAAG,KAAK,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,YAAY,EAAE,CAAC;YAAC,YAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC3D,IAAI,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,YAAY,EAAE,CAAC;YAAC,YAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC3D,IAAI,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,IAAI,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACnD,IAAI,YAAY,EAAE,CAAC;YAAC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC1D,IAAI,SAAS,CAAC,MAAM,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IACrG,CAAC;IAED,IAAI,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACnD,IAAI,YAAY,EAAE,CAAC;YAAC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC1D,IAAI,SAAS,CAAC,MAAM,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;IACtG,CAAC;IAED,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,YAAY,EAAE,CAAC;YAAC,YAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC3D,IAAI,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,KAAK,EAAE,CAAC,GAAW,EAAE,GAA6B,EAAE,EAAE;QACpD,IAAI,YAAY,EAAE,CAAC;YAAC,YAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAAC,OAAO;QAAC,CAAC;QAC3D,IAAI,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,cAAc,EAAE,CAAC,KAAe,EAAW,EAAE;QAC3C,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;CACF,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "circle-ir",
-  "version": "3.2.0",
+  "version": "3.3.1",
   "description": "High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis",
   "main": "dist/index.js",
   "module": "dist/index.js",
@@ -34,8 +34,8 @@
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
     "build": "tsc",
-    "build:browser": "esbuild src/browser.ts --bundle --format=esm --platform=browser --external:fs --external:fs/promises --external:path --external:module --external:crypto --external:pino --outfile=dist/browser/circle-ir.js && mkdir -p dist/wasm && cp node_modules/web-tree-sitter/web-tree-sitter.wasm dist/wasm/ && cp wasm/*.wasm dist/wasm/",
-    "build:core": "esbuild src/core-lib.ts --bundle --format=esm --platform=neutral --external:fs --external:fs/promises --external:path --external:module --external:pino --external:crypto --outfile=dist/core/circle-ir-core.js && esbuild src/core-lib.ts --bundle --format=cjs --platform=neutral --external:fs --external:fs/promises --external:path --external:module --external:pino --external:crypto --outfile=dist/core/circle-ir-core.cjs && cp dist/core-lib.d.ts dist/core/circle-ir-core.d.ts",
+    "build:browser": "esbuild src/browser.ts --bundle --format=esm --platform=browser --external:fs --external:fs/promises --external:path --external:module --external:crypto --outfile=dist/browser/circle-ir.js && mkdir -p dist/wasm && cp node_modules/web-tree-sitter/web-tree-sitter.wasm dist/wasm/ && cp wasm/*.wasm dist/wasm/",
+    "build:core": "esbuild src/core-lib.ts --bundle --format=esm --platform=neutral --external:fs --external:fs/promises --external:path --external:module --external:crypto --outfile=dist/core/circle-ir-core.js && esbuild src/core-lib.ts --bundle --format=cjs --platform=neutral --external:fs --external:fs/promises --external:path --external:module --external:crypto --outfile=dist/core/circle-ir-core.cjs && cp dist/core-lib.d.ts dist/core/circle-ir-core.d.ts",
     "build:all": "npm run build && npm run build:browser && npm run build:core",
     "clean": "rm -rf dist coverage *.tsbuildinfo *.tgz",
     "typecheck": "tsc --noEmit",
@@ -87,7 +87,6 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "pino": "^10.3.0",
     "web-tree-sitter": "^0.26.3",
     "yaml": "^2.8.2"
   },
@@ -96,7 +95,6 @@
     "@types/unzipper": "^0.10.11",
     "@vitest/coverage-v8": "^3.0.0",
     "esbuild": "^0.27.2",
-    "pino-pretty": "^13.1.3",
     "tree-sitter-java": "^0.23.5",
     "tree-sitter-python": "^0.25.0",
     "tree-sitter-rust": "^0.24.0",

package/dist/analysis/advisory-db.d.ts

@@ -1,86 +0,0 @@
-/**
- * RustSec Advisory Database Integration
- *
- * Provides vulnerability data from the RustSec advisory database.
- * Advisory data is bundled at build time for offline/deterministic usage.
- */
-import type { Severity } from '../types/index.js';
-export interface AdvisoryVulnerability {
-    /** Unique advisory ID (RUSTSEC-YYYY-NNNN) */
-    id: string;
-    /** Crate name */
-    package: string;
-    /** Advisory date (RFC 3339) */
-    date: string;
-    /** Advisory URL */
-    url: string;
-    /** CVSS score string */
-    cvss?: string;
-    /** Vulnerability categories */
-    categories: string[];
-    /** Search keywords */
-    keywords: string[];
-    /** Related identifiers (CVE, etc.) */
-    aliases: string[];
-    /** Affected functions with version constraints */
-    affectedFunctions?: {
-        name: string;
-        versions: string[];
-    }[];
-    /** Version constraints */
-    versions: {
-        patched?: string[];
-        unaffected?: string[];
-    };
-    /** Affected architectures */
-    affectedArch?: string[];
-    /** Affected operating systems */
-    affectedOs?: string[];
-    /** Human-readable description */
-    description: string;
-    /** Title/summary of the vulnerability */
-    title?: string;
-}
-export interface AdvisoryDatabase {
-    /** Map of crate name to list of advisories */
-    advisories: Map<string, AdvisoryVulnerability[]>;
-    /** When the database was last updated */
-    lastUpdated: string;
-    /** Source of the database */
-    source: 'bundled' | 'fetched';
-    /** Database format version */
-    version: string;
-    /** Statistics */
-    stats?: {
-        totalAdvisories: number;
-        uniqueCrates: number;
-    };
-}
-/**
- * Load the bundled advisory database
- */
-export declare function loadBundledAdvisories(): AdvisoryDatabase;
-/**
- * Parse advisory JSON into database structure
- */
-export declare function parseAdvisoryJson(json: {
-    version: string;
-    lastUpdated: string;
-    advisories: AdvisoryVulnerability[];
-}): AdvisoryDatabase;
-/**
- * Map RustSec categories to severity levels
- */
-export declare function categoryToSeverity(categories: string[]): Severity;
-/**
- * Get advisories for a specific crate
- */
-export declare function getAdvisoriesForCrate(db: AdvisoryDatabase, crateName: string): AdvisoryVulnerability[];
-/**
- * Search advisories by CVE ID
- */
-export declare function findAdvisoryByCve(db: AdvisoryDatabase, cveId: string): AdvisoryVulnerability | undefined;
-/**
- * Get all unique crate names with advisories
- */
-export declare function getVulnerableCrates(db: AdvisoryDatabase): string[];

package/dist/analysis/advisory-db.js

@@ -1,104 +0,0 @@
-/**
- * RustSec Advisory Database Integration
- *
- * Provides vulnerability data from the RustSec advisory database.
- * Advisory data is bundled at build time for offline/deterministic usage.
- */
-/**
- * Bundled advisory database (loaded lazily)
- */
-let bundledDb = null;
-/**
- * Load the bundled advisory database
- */
-export function loadBundledAdvisories() {
-    if (bundledDb) {
-        return bundledDb;
-    }
-    // Try to load bundled advisories
-    try {
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
-        const json = require('../../advisory-db.json');
-        bundledDb = parseAdvisoryJson(json);
-        return bundledDb;
-    }
-    catch {
-        // Return empty database if bundled data not available
-        return {
-            advisories: new Map(),
-            lastUpdated: new Date().toISOString(),
-            source: 'bundled',
-            version: '1.0',
-            stats: { totalAdvisories: 0, uniqueCrates: 0 },
-        };
-    }
-}
-/**
- * Parse advisory JSON into database structure
- */
-export function parseAdvisoryJson(json) {
-    const advisories = new Map();
-    for (const advisory of json.advisories) {
-        const existing = advisories.get(advisory.package) || [];
-        existing.push(advisory);
-        advisories.set(advisory.package, existing);
-    }
-    return {
-        advisories,
-        lastUpdated: json.lastUpdated,
-        source: 'bundled',
-        version: json.version,
-        stats: {
-            totalAdvisories: json.advisories.length,
-            uniqueCrates: advisories.size,
-        },
-    };
-}
-/**
- * Map RustSec categories to severity levels
- */
-export function categoryToSeverity(categories) {
-    const categorySet = new Set(categories);
-    // Critical: code execution, privilege escalation
-    if (categorySet.has('code-execution') ||
-        categorySet.has('privilege-escalation')) {
-        return 'critical';
-    }
-    // High: memory safety, denial of service
-    if (categorySet.has('memory-safety') || categorySet.has('denial-of-service')) {
-        return 'high';
-    }
-    // Medium: crypto issues, information disclosure
-    if (categorySet.has('crypto-failure') ||
-        categorySet.has('information-disclosure')) {
-        return 'medium';
-    }
-    // Default to medium for unknown categories
-    return 'medium';
-}
-/**
- * Get advisories for a specific crate
- */
-export function getAdvisoriesForCrate(db, crateName) {
-    return db.advisories.get(crateName) || [];
-}
-/**
- * Search advisories by CVE ID
- */
-export function findAdvisoryByCve(db, cveId) {
-    for (const advisories of db.advisories.values()) {
-        for (const advisory of advisories) {
-            if (advisory.aliases.includes(cveId)) {
-                return advisory;
-            }
-        }
-    }
-    return undefined;
-}
-/**
- * Get all unique crate names with advisories
- */
-export function getVulnerableCrates(db) {
-    return Array.from(db.advisories.keys());
-}
-//# sourceMappingURL=advisory-db.js.map

package/dist/analysis/advisory-db.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"advisory-db.js","sourceRoot":"","sources":["../../src/analysis/advisory-db.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyDH;;GAEG;AACH,IAAI,SAAS,GAA4B,IAAI,CAAC;AAE9C;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,iCAAiC;IACjC,IAAI,CAAC;QACH,iEAAiE;QACjE,MAAM,IAAI,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC/C,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,sDAAsD;QACtD,OAAO;YACL,UAAU,EAAE,IAAI,GAAG,EAAE;YACrB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;SAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAIjC;IACC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAmC,CAAC;IAE9D,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxB,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO;QACL,UAAU;QACV,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,KAAK,EAAE;YACL,eAAe,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;YACvC,YAAY,EAAE,UAAU,CAAC,IAAI;SAC9B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAoB;IACrD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAExC,iDAAiD;IACjD,IACE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC,EACvC,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,yCAAyC;IACzC,IAAI,WAAW,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC7E,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,gDAAgD;IAChD,IACE,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,wBAAwB,CAAC,EACzC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,2CAA2C;IAC3C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,EAAoB,EACpB,SAAiB;IAEjB,OAAO,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,EAAoB,EACpB,KAAa;IAEb,KAAK,MAAM,UAAU,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;QAChD,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;YAClC,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,EAAoB;IACtD,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;AAC1C,CAAC"}

package/dist/analysis/cargo-parser.d.ts

@@ -1,42 +0,0 @@
-/**
- * Cargo.lock parser for extracting crate dependencies and versions
- */
-export interface CargoLockDependency {
-    name: string;
-    version: string;
-    source?: string;
-    checksum?: string;
-}
-export interface CargoLock {
-    version: number;
-    dependencies: CargoLockDependency[];
-}
-/**
- * Parse Cargo.lock TOML file content
- */
-export declare function parseCargoLock(content: string): CargoLock;
-/**
- * Parse Cargo.toml to extract direct dependencies
- */
-export interface CargoTomlDependency {
-    name: string;
-    version?: string;
-    path?: string;
-    git?: string;
-    features?: string[];
-}
-export interface CargoToml {
-    name?: string;
-    version?: string;
-    dependencies: CargoTomlDependency[];
-    devDependencies: CargoTomlDependency[];
-}
-/**
- * Parse Cargo.toml file content
- */
-export declare function parseCargoToml(content: string): CargoToml;
-/**
- * Filter dependencies to only include registry-sourced crates
- * (excludes path and git dependencies which can't be vulnerability-checked)
- */
-export declare function filterRegistryDeps(deps: CargoLockDependency[]): CargoLockDependency[];

package/dist/analysis/cargo-parser.js

@@ -1,102 +0,0 @@
-/**
- * Cargo.lock parser for extracting crate dependencies and versions
- */
-/**
- * Parse Cargo.lock TOML file content
- */
-export function parseCargoLock(content) {
-    const dependencies = [];
-    // Extract version from the file
-    const versionMatch = content.match(/^version\s*=\s*(\d+)/m);
-    const version = versionMatch ? parseInt(versionMatch[1], 10) : 3;
-    // Parse [[package]] sections
-    // Format:
-    // [[package]]
-    // name = "crate-name"
-    // version = "1.0.0"
-    // source = "registry+..."
-    // checksum = "abc123..."
-    const packagePattern = /\[\[package\]\]\s*\n((?:(?!^\[\[|\[package\]).*\n?)*)/gm;
-    let match;
-    while ((match = packagePattern.exec(content)) !== null) {
-        const block = match[1];
-        const nameMatch = block.match(/^name\s*=\s*"([^"]+)"/m);
-        const versionMatch = block.match(/^version\s*=\s*"([^"]+)"/m);
-        const sourceMatch = block.match(/^source\s*=\s*"([^"]+)"/m);
-        const checksumMatch = block.match(/^checksum\s*=\s*"([^"]+)"/m);
-        if (nameMatch && versionMatch) {
-            dependencies.push({
-                name: nameMatch[1],
-                version: versionMatch[1],
-                source: sourceMatch?.[1],
-                checksum: checksumMatch?.[1],
-            });
-        }
-    }
-    return { version, dependencies };
-}
-/**
- * Parse Cargo.toml file content
- */
-export function parseCargoToml(content) {
-    const dependencies = [];
-    const devDependencies = [];
-    // Extract package name and version
-    const nameMatch = content.match(/^\[package\][^[]*name\s*=\s*"([^"]+)"/ms);
-    const versionMatch = content.match(/^\[package\][^[]*version\s*=\s*"([^"]+)"/ms);
-    // Parse [dependencies] section
-    const depsMatch = content.match(/\[dependencies\]\s*\n((?:(?!\[(?!dependencies\.))[^\n]*\n?)*)/m);
-    if (depsMatch) {
-        parseDependencySection(depsMatch[1], dependencies);
-    }
-    // Parse [dev-dependencies] section
-    const devDepsMatch = content.match(/\[dev-dependencies\]\s*\n((?:(?!\[(?!dev-dependencies\.))[^\n]*\n?)*)/m);
-    if (devDepsMatch) {
-        parseDependencySection(devDepsMatch[1], devDependencies);
-    }
-    return {
-        name: nameMatch?.[1],
-        version: versionMatch?.[1],
-        dependencies,
-        devDependencies,
-    };
-}
-function parseDependencySection(section, deps) {
-    // Simple dependency: crate = "1.0"
-    const simplePattern = /^(\w[\w-]*)\s*=\s*"([^"]+)"/gm;
-    let match;
-    while ((match = simplePattern.exec(section)) !== null) {
-        deps.push({
-            name: match[1],
-            version: match[2],
-        });
-    }
-    // Complex dependency: crate = { version = "1.0", features = [...] }
-    const complexPattern = /^(\w[\w-]*)\s*=\s*\{([^}]+)\}/gm;
-    while ((match = complexPattern.exec(section)) !== null) {
-        const name = match[1];
-        const attrs = match[2];
-        const versionMatch = attrs.match(/version\s*=\s*"([^"]+)"/);
-        const pathMatch = attrs.match(/path\s*=\s*"([^"]+)"/);
-        const gitMatch = attrs.match(/git\s*=\s*"([^"]+)"/);
-        deps.push({
-            name,
-            version: versionMatch?.[1],
-            path: pathMatch?.[1],
-            git: gitMatch?.[1],
-        });
-    }
-}
-/**
- * Filter dependencies to only include registry-sourced crates
- * (excludes path and git dependencies which can't be vulnerability-checked)
- */
-export function filterRegistryDeps(deps) {
-    return deps.filter((dep) => {
-        // Include if no source (defaults to registry) or explicitly from registry
-        if (!dep.source)
-            return true;
-        return dep.source.startsWith('registry+');
-    });
-}
-//# sourceMappingURL=cargo-parser.js.map