claude-crap 0.1.2

package/src/tests/tdr.test.ts

@@ -0,0 +1,86 @@
+/**
+ * Unit tests for the Technical Debt Ratio engine and its letter grading.
+ *
+ * @module tests/tdr.test
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+
+import { classifyTdr, computeTdr, ratingIsWorseThan, ratingToRank } from "../metrics/tdr.js";
+
+describe("classifyTdr", () => {
+  it("maps 0–5% to A", () => {
+    assert.equal(classifyTdr(0), "A");
+    assert.equal(classifyTdr(5), "A");
+  });
+
+  it("maps >5–10% to B", () => {
+    assert.equal(classifyTdr(5.0001), "B");
+    assert.equal(classifyTdr(10), "B");
+  });
+
+  it("maps >10–20% to C", () => {
+    assert.equal(classifyTdr(10.0001), "C");
+    assert.equal(classifyTdr(20), "C");
+  });
+
+  it("maps >20–50% to D", () => {
+    assert.equal(classifyTdr(20.0001), "D");
+    assert.equal(classifyTdr(50), "D");
+  });
+
+  it("maps >50% to E", () => {
+    assert.equal(classifyTdr(50.0001), "E");
+    assert.equal(classifyTdr(999), "E");
+  });
+
+  it("rejects negative percentages", () => {
+    assert.throws(() => classifyTdr(-0.01));
+  });
+});
+
+describe("computeTdr", () => {
+  it("produces an A rating for healthy projects", () => {
+    // 240 minutes of remediation / (30 × 500) = 0.016 = 1.6%
+    const result = computeTdr({
+      remediationMinutes: 240,
+      totalLinesOfCode: 500,
+      minutesPerLoc: 30,
+    });
+    assert.equal(result.percent, 1.6);
+    assert.equal(result.rating, "A");
+    assert.equal(result.developmentCostMinutes, 15_000);
+  });
+
+  it("produces an E rating for unmaintainable projects", () => {
+    // 9000 minutes on 100 LOC at 30 min/LOC → 300%
+    const result = computeTdr({
+      remediationMinutes: 9000,
+      totalLinesOfCode: 100,
+      minutesPerLoc: 30,
+    });
+    assert.equal(result.rating, "E");
+    assert.ok(result.percent > 50);
+  });
+
+  it("rejects a non-positive LOC denominator", () => {
+    assert.throws(() =>
+      computeTdr({ remediationMinutes: 10, totalLinesOfCode: 0, minutesPerLoc: 30 }),
+    );
+  });
+});
+
+describe("rating helpers", () => {
+  it("ranks A..E in the expected order", () => {
+    assert.equal(ratingToRank("A"), 0);
+    assert.equal(ratingToRank("C"), 2);
+    assert.equal(ratingToRank("E"), 4);
+  });
+
+  it("detects when actual is worse than the policy limit", () => {
+    assert.equal(ratingIsWorseThan("D", "C"), true);
+    assert.equal(ratingIsWorseThan("A", "C"), false);
+    assert.equal(ratingIsWorseThan("C", "C"), false); // equal is not worse
+  });
+});

package/src/tests/test-harness.test.ts

@@ -0,0 +1,153 @@
+/**
+ * Unit tests for the test-file resolver used by `require_test_harness`.
+ *
+ * Uses a temp workspace populated with a handful of source and test
+ * files so we can exercise every resolver convention (sibling, mirror
+ * tree, Python prefix) in isolation.
+ *
+ * @module tests/test-harness.test
+ */
+
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert/strict";
+import { promises as fs } from "node:fs";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+import { candidatePaths, findTestFile, isTestFile } from "../tools/test-harness.js";
+
+describe("isTestFile", () => {
+  it("recognizes .test.ts suffix", () => {
+    assert.equal(isTestFile("src/foo.test.ts"), true);
+  });
+
+  it("recognizes .spec.js suffix", () => {
+    assert.equal(isTestFile("app/bar.spec.js"), true);
+  });
+
+  it("recognizes python test_ prefix", () => {
+    assert.equal(isTestFile("pkg/test_mod.py"), true);
+  });
+
+  it("recognizes __tests__ directory name", () => {
+    assert.equal(isTestFile("src/__tests__/foo.ts"), true);
+  });
+
+  it("rejects plain source files", () => {
+    assert.equal(isTestFile("src/foo.ts"), false);
+    assert.equal(isTestFile("src/utils/math.py"), false);
+  });
+});
+
+describe("candidatePaths", () => {
+  it("lists sibling test locations first", () => {
+    const candidates = candidatePaths("/ws", "/ws/src/foo.ts");
+    assert.ok(candidates.includes("/ws/src/foo.test.ts"));
+    assert.ok(candidates.includes("/ws/src/foo.spec.ts"));
+  });
+
+  it("includes mirror-tree candidates under tests/", () => {
+    const candidates = candidatePaths("/ws", "/ws/src/foo.ts");
+    assert.ok(candidates.includes("/ws/tests/src/foo.test.ts"));
+  });
+
+  it("includes nearest-ancestor flat tests directory candidates", () => {
+    // For src/mcp-server/src/metrics/crap.ts the walker should probe
+    // every ancestor `tests/` dir up to the workspace root.
+    const candidates = candidatePaths(
+      "/ws",
+      "/ws/src/mcp-server/src/metrics/crap.ts",
+    );
+    assert.ok(candidates.includes("/ws/src/mcp-server/src/metrics/tests/crap.test.ts"));
+    assert.ok(candidates.includes("/ws/src/mcp-server/src/tests/crap.test.ts"));
+    assert.ok(candidates.includes("/ws/src/mcp-server/tests/crap.test.ts"));
+    assert.ok(candidates.includes("/ws/src/tests/crap.test.ts"));
+    assert.ok(candidates.includes("/ws/tests/crap.test.ts"));
+  });
+
+  it("stops walking at the workspace root", () => {
+    // Make sure the walker does not produce candidates OUTSIDE the workspace.
+    const candidates = candidatePaths("/ws", "/ws/src/foo.ts");
+    for (const c of candidates) {
+      assert.ok(c.startsWith("/ws"), `candidate '${c}' escaped the workspace root`);
+    }
+  });
+
+  it("adds python test_ prefix candidates for .py files", () => {
+    const candidates = candidatePaths("/ws", "/ws/pkg/mod.py");
+    assert.ok(candidates.includes("/ws/pkg/test_mod.py"));
+    assert.ok(candidates.includes("/ws/tests/test_mod.py"));
+  });
+});
+
+describe("findTestFile", () => {
+  let workspace = "";
+
+  before(async () => {
+    workspace = await mkdtemp(join(tmpdir(), "claude-crap-th-"));
+    // src/foo.ts with a sibling test
+    await fs.mkdir(join(workspace, "src"), { recursive: true });
+    await fs.writeFile(join(workspace, "src", "foo.ts"), "// source");
+    await fs.writeFile(join(workspace, "src", "foo.test.ts"), "// test");
+    // src/bar.ts with a mirror-tree test
+    await fs.writeFile(join(workspace, "src", "bar.ts"), "// source");
+    await fs.mkdir(join(workspace, "tests", "src"), { recursive: true });
+    await fs.writeFile(join(workspace, "tests", "src", "bar.test.ts"), "// test");
+    // src/baz.ts with no test at all
+    await fs.writeFile(join(workspace, "src", "baz.ts"), "// source");
+    // pkg/mod.py with a sibling python test
+    await fs.mkdir(join(workspace, "pkg"), { recursive: true });
+    await fs.writeFile(join(workspace, "pkg", "mod.py"), "# source");
+    await fs.writeFile(join(workspace, "pkg", "test_mod.py"), "# test");
+    // Flat-tests-dir layout: src/mcp/src/metrics/qux.ts tested by
+    // src/mcp/src/tests/qux.test.ts (mirrors this very project's layout).
+    await fs.mkdir(join(workspace, "src", "mcp", "src", "metrics"), { recursive: true });
+    await fs.writeFile(join(workspace, "src", "mcp", "src", "metrics", "qux.ts"), "// source");
+    await fs.mkdir(join(workspace, "src", "mcp", "src", "tests"), { recursive: true });
+    await fs.writeFile(join(workspace, "src", "mcp", "src", "tests", "qux.test.ts"), "// test");
+  });
+
+  after(async () => {
+    if (workspace) await rm(workspace, { recursive: true, force: true });
+  });
+
+  it("finds a sibling .test.ts", async () => {
+    const res = await findTestFile(workspace, join(workspace, "src", "foo.ts"));
+    assert.equal(res.isTestFile, false);
+    assert.equal(res.testFile, join(workspace, "src", "foo.test.ts"));
+  });
+
+  it("finds a mirror-tree test", async () => {
+    const res = await findTestFile(workspace, join(workspace, "src", "bar.ts"));
+    assert.equal(res.testFile, join(workspace, "tests", "src", "bar.test.ts"));
+  });
+
+  it("returns null when no test exists", async () => {
+    const res = await findTestFile(workspace, join(workspace, "src", "baz.ts"));
+    assert.equal(res.testFile, null);
+    assert.ok(res.candidates.length > 0);
+  });
+
+  it("short-circuits when input is already a test file", async () => {
+    const res = await findTestFile(workspace, join(workspace, "src", "foo.test.ts"));
+    assert.equal(res.isTestFile, true);
+    assert.equal(res.testFile, join(workspace, "src", "foo.test.ts"));
+  });
+
+  it("finds a python test_ prefix file", async () => {
+    const res = await findTestFile(workspace, join(workspace, "pkg", "mod.py"));
+    assert.equal(res.testFile, join(workspace, "pkg", "test_mod.py"));
+  });
+
+  it("finds a test inside a flat ancestor tests/ directory", async () => {
+    const res = await findTestFile(
+      workspace,
+      join(workspace, "src", "mcp", "src", "metrics", "qux.ts"),
+    );
+    assert.equal(
+      res.testFile,
+      join(workspace, "src", "mcp", "src", "tests", "qux.test.ts"),
+    );
+  });
+});

package/src/tests/workspace-guard.test.ts

@@ -0,0 +1,111 @@
+/**
+ * Unit tests for the workspace path containment guard.
+ *
+ * F-A01-01: the previous inlined guard used a naive
+ * `candidate.startsWith(workspace)` check that was fooled by
+ * sibling-prefix paths (e.g. `/tmp/ws-evil` vs `/tmp/ws`). These
+ * tests pin both the characterization invariants (paths inside the
+ * workspace still resolve, paths outside still throw) and the attack
+ * invariant (sibling-prefix paths now throw).
+ *
+ * The tests use a temp directory to avoid any dependency on the
+ * developer's local filesystem layout.
+ *
+ * @module tests/workspace-guard.test
+ */
+
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtemp, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join, sep } from "node:path";
+
+import { resolveWithinWorkspace } from "../workspace-guard.js";
+
+describe("resolveWithinWorkspace — characterization (well-formed paths)", () => {
+  let workspace = "";
+
+  before(async () => {
+    workspace = await mkdtemp(join(tmpdir(), "claude-crap-wg-"));
+  });
+
+  after(async () => {
+    if (workspace) await rm(workspace, { recursive: true, force: true });
+  });
+
+  it("accepts a relative path resolved against the workspace", () => {
+    const resolved = resolveWithinWorkspace(workspace, "src/foo.ts");
+    assert.equal(resolved, join(workspace, "src", "foo.ts"));
+  });
+
+  it("accepts an absolute path already inside the workspace", () => {
+    const input = join(workspace, "src", "bar.ts");
+    const resolved = resolveWithinWorkspace(workspace, input);
+    assert.equal(resolved, input);
+  });
+
+  it("accepts the workspace root itself", () => {
+    const resolved = resolveWithinWorkspace(workspace, workspace);
+    assert.equal(resolved, workspace);
+  });
+
+  it("accepts a deeply nested path inside the workspace", () => {
+    const resolved = resolveWithinWorkspace(workspace, "a/b/c/d/e.ts");
+    assert.equal(resolved, join(workspace, "a", "b", "c", "d", "e.ts"));
+  });
+});
+
+describe("resolveWithinWorkspace — attack invariants (outside paths rejected)", () => {
+  let workspace = "";
+
+  before(async () => {
+    workspace = await mkdtemp(join(tmpdir(), "claude-crap-wg-"));
+  });
+
+  after(async () => {
+    if (workspace) await rm(workspace, { recursive: true, force: true });
+  });
+
+  it("rejects an absolute path completely outside the workspace", () => {
+    assert.throws(
+      () => resolveWithinWorkspace(workspace, "/etc/passwd"),
+      /escapes the workspace root/,
+    );
+  });
+
+  it("rejects a parent-directory relative escape", () => {
+    assert.throws(
+      () => resolveWithinWorkspace(workspace, "../../../etc/passwd"),
+      /escapes the workspace root/,
+    );
+  });
+
+  it("rejects a sibling directory that shares the workspace prefix (F-A01-01)", () => {
+    // This is the exact attack class F-A01-01 covers: the sibling path
+    // starts with the literal workspace string but is NOT contained in
+    // it. The old `startsWith(workspace)` check would have accepted
+    // this. The fixed check uses `workspace + sep` so it rejects.
+    const siblingPrefix = `${workspace}-evil${sep}secret.txt`;
+    assert.throws(
+      () => resolveWithinWorkspace(workspace, siblingPrefix),
+      /escapes the workspace root/,
+    );
+  });
+
+  it("rejects another sibling-prefix variant (workspace-clone)", () => {
+    const siblingPrefix = `${workspace}-clone${sep}a${sep}b.ts`;
+    assert.throws(
+      () => resolveWithinWorkspace(workspace, siblingPrefix),
+      /escapes the workspace root/,
+    );
+  });
+
+  it("rejects an empty relative path that resolves to a parent", () => {
+    // `..` alone resolves to the parent directory, which is always
+    // outside the workspace for a tempdir.
+    assert.throws(
+      () => resolveWithinWorkspace(workspace, ".."),
+      /escapes the workspace root/,
+    );
+  });
+});

package/src/tools/index.ts

@@ -0,0 +1,24 @@
+/**
+ * Public SDK entry point for the tool backends that sit behind
+ * the `claude-crap` MCP server.
+ *
+ * These are the same pure functions the MCP server calls into — the
+ * server layer just wraps them in JSON-RPC. Downstream consumers can
+ * reuse them directly from any Node.js context without running the
+ * MCP server.
+ *
+ * Usage:
+ *
+ * ```ts
+ * import {
+ *   findTestFile,
+ *   isTestFile,
+ *   candidatePaths,
+ * } from "claude-crap/tools";
+ * ```
+ *
+ * @module tools
+ */
+
+export { candidatePaths, findTestFile, isTestFile } from "./test-harness.js";
+export type { TestFileResolution } from "./test-harness.js";

package/src/tools/test-harness.ts

@@ -0,0 +1,158 @@
+/**
+ * Deterministic test-file resolver used by the `require_test_harness`
+ * MCP tool.
+ *
+ * Given a production source file (for example `src/foo/bar.ts`), this
+ * module enumerates the conventional locations where a matching test
+ * file would live and returns the first existing match — or `null` when
+ * none of the candidates exist.
+ *
+ * This is a TypeScript twin of `hooks/lib/test-harness.mjs`. The two
+ * are intentionally independent so neither side has to import files
+ * from outside its own project tree:
+ *
+ *   - Hooks use the `.mjs` copy (vanilla JS, zero deps, runs everywhere).
+ *   - The MCP server uses this typed copy so its consumers get full
+ *     type safety and so the server stays a self-contained npm package.
+ *
+ * Both copies implement the same conventions and are validated against
+ * the same unit tests — see `src/tests/test-harness.test.ts`.
+ *
+ * @module tools/test-harness
+ */
+
+import { promises as fs } from "node:fs";
+import { basename, dirname, extname, isAbsolute, join, relative, resolve, sep } from "node:path";
+
+/**
+ * Result of probing the filesystem for a matching test file.
+ */
+export interface TestFileResolution {
+  /** Absolute path of the first matching test file, or `null` when none exists. */
+  readonly testFile: string | null;
+  /** Absolute paths of every location the resolver tried. */
+  readonly candidates: ReadonlyArray<string>;
+  /** `true` when the input path itself is a test file. */
+  readonly isTestFile: boolean;
+}
+
+/** Matches `.test.` and `.spec.` suffixes inside a file basename. */
+const TEST_SUFFIX_PATTERN = /\.(test|spec)\./;
+
+/**
+ * Return `true` when the given path is already a test file. Matching is
+ * done against the basename (`foo.test.ts`, `test_foo.py`) and against
+ * common test directory names in the path (`__tests__`, `tests`, `test`).
+ *
+ * @param filePath An absolute or relative source path.
+ */
+export function isTestFile(filePath: string): boolean {
+  const base = basename(filePath);
+  if (TEST_SUFFIX_PATTERN.test(base)) return true;
+  if (base.startsWith("test_") && base.endsWith(".py")) return true;
+  const parts = filePath.split(sep);
+  return parts.includes("__tests__") || parts.includes("tests") || parts.includes("test");
+}
+
+/**
+ * Enumerate every plausible test file path for a given production source
+ * file. Does not touch the filesystem — the caller is expected to probe
+ * existence separately (see {@link findTestFile}).
+ *
+ * Supported conventions, in the order they are probed:
+ *
+ *   1. Sibling `<base>.test.<ext>` / `<base>.spec.<ext>`
+ *   2. Sibling `__tests__/<base>.test.<ext>`
+ *   3. Mirror tree under `tests/`, `test/`, or `__tests__/` at the
+ *      workspace root (e.g. `tests/src/foo/bar.test.ts`)
+ *   4. **Nearest-ancestor flat test directory**: walk up from the source
+ *      file's directory toward the workspace root, and at every ancestor
+ *      check for `tests/<base>.test.<ext>`. Matches layouts where tests
+ *      live in a single flat directory near the source (this project
+ *      uses it for `src/mcp-server/src/tests/`).
+ *   5. Python-specific: sibling `test_<base>.py` and mirror-tree
+ *      `tests/.../test_<base>.py`.
+ *
+ * @param workspaceRoot Absolute workspace root.
+ * @param filePath      Absolute path to the production file.
+ * @returns             Ordered list of absolute candidate paths.
+ */
+export function candidatePaths(workspaceRoot: string, filePath: string): ReadonlyArray<string> {
+  const absSource = resolve(filePath);
+  const ext = extname(absSource);
+  const base = basename(absSource, ext);
+  const dir = dirname(absSource);
+  const absWorkspace = resolve(workspaceRoot);
+  const relFromRoot = relative(absWorkspace, absSource);
+  const relDir = dirname(relFromRoot);
+
+  const candidates = new Set<string>();
+
+  // 1. Sibling <base>.test.<ext> / <base>.spec.<ext>
+  candidates.add(join(dir, `${base}.test${ext}`));
+  candidates.add(join(dir, `${base}.spec${ext}`));
+
+  // 2. Sibling __tests__/<base>.test.<ext>
+  candidates.add(join(dir, "__tests__", `${base}.test${ext}`));
+  candidates.add(join(dir, "__tests__", `${base}.spec${ext}`));
+
+  // 3. Mirror tree under tests/, test/, or __tests__ at the workspace root.
+  for (const testRoot of ["tests", "test", "__tests__"]) {
+    candidates.add(join(absWorkspace, testRoot, relDir, `${base}.test${ext}`));
+    candidates.add(join(absWorkspace, testRoot, relDir, `${base}.spec${ext}`));
+    candidates.add(join(absWorkspace, testRoot, relDir, `${base}${ext}`));
+  }
+
+  // 4. Nearest-ancestor flat test directory. Walk up from `dir` to
+  //    `absWorkspace`, and at each ancestor probe for a flat
+  //    `tests/<base>.test.<ext>` (or `test/`, `__tests__/`) layout.
+  let current = dir;
+  while (current.length >= absWorkspace.length) {
+    for (const testRoot of ["tests", "test", "__tests__"]) {
+      candidates.add(join(current, testRoot, `${base}.test${ext}`));
+      candidates.add(join(current, testRoot, `${base}.spec${ext}`));
+      candidates.add(join(current, testRoot, `${base}${ext}`));
+    }
+    if (current === absWorkspace) break;
+    const parent = dirname(current);
+    if (parent === current) break; // reached filesystem root, stop
+    current = parent;
+  }
+
+  // 5. Python-specific variants.
+  if (ext === ".py") {
+    candidates.add(join(dir, `test_${base}.py`));
+    candidates.add(join(absWorkspace, "tests", `test_${base}.py`));
+    candidates.add(join(absWorkspace, "tests", relDir, `test_${base}.py`));
+  }
+
+  return Array.from(candidates);
+}
+
+/**
+ * Probe the filesystem and return the first candidate that exists, or
+ * `null` when none of them do. Returns early with `isTestFile: true`
+ * when the input is already a test file.
+ *
+ * @param workspaceRoot Absolute workspace root.
+ * @param filePath      Absolute or relative path to the production file.
+ */
+export async function findTestFile(
+  workspaceRoot: string,
+  filePath: string,
+): Promise<TestFileResolution> {
+  const absolute = isAbsolute(filePath) ? filePath : resolve(workspaceRoot, filePath);
+  if (isTestFile(absolute)) {
+    return { testFile: absolute, candidates: [absolute], isTestFile: true };
+  }
+  const candidates = candidatePaths(workspaceRoot, absolute);
+  for (const candidate of candidates) {
+    try {
+      await fs.access(candidate);
+      return { testFile: candidate, candidates, isTestFile: false };
+    } catch {
+      // Probe next candidate.
+    }
+  }
+  return { testFile: null, candidates, isTestFile: false };
+}

package/src/workspace-guard.ts

@@ -0,0 +1,64 @@
+/**
+ * Workspace path containment guard.
+ *
+ * Every MCP tool that accepts a user-supplied file path routes it
+ * through {@link resolveWithinWorkspace} before touching the
+ * filesystem. The guard rejects any resolved absolute path that is
+ * outside the configured workspace root, so the agent cannot be
+ * tricked (via prompt injection through scanner output, or via its
+ * own confusion) into reading files that live next to the project
+ * but outside it.
+ *
+ * F-A01-01: the original guard in `src/index.ts` used a naive
+ * `candidate.startsWith(workspace)` check, which suffers from prefix
+ * confusion — for a workspace like `/Users/x/claude-crap`, an
+ * absolute input path such as `/Users/x/claude-crap-evil/secret.ts`
+ * would pass the check because the two share the literal prefix up
+ * to the final segment. This module replaces that check with a
+ * separator-aware comparison: the candidate is only accepted if it
+ * equals the workspace exactly OR begins with `workspace + sep`.
+ *
+ * This module is intentionally pure (no I/O, no global state) so it
+ * can be unit-tested without any fixtures.
+ *
+ * @module workspace-guard
+ */
+
+import { isAbsolute, resolve, sep } from "node:path";
+
+/**
+ * Resolve a user-supplied file path against a workspace root, returning
+ * the absolute path only if it is contained inside the root. Throws a
+ * descriptive error when the resolved candidate escapes the workspace.
+ *
+ * Rules enforced (must stay in sync with
+ * `src/tests/workspace-guard.test.ts`):
+ *
+ *   1. Relative paths are resolved against `workspaceRoot`.
+ *   2. Absolute paths are accepted as-is for resolution.
+ *   3. The resolved candidate must equal `workspaceRoot` OR begin with
+ *      `workspaceRoot + sep`. Sibling directories that merely share a
+ *      prefix (e.g. `/tmp/workspace-evil` vs `/tmp/workspace`) are
+ *      rejected.
+ *   4. The comparison uses the platform's native path separator, so
+ *      the guard works on both POSIX and Windows.
+ *
+ * @param workspaceRoot Absolute or relative path to the workspace root.
+ *                      Non-absolute values are resolved against the
+ *                      current working directory, which matches the
+ *                      behavior of the previous in-lined guard.
+ * @param filePath      User-supplied path. May be absolute or relative
+ *                      to the workspace root.
+ * @returns             The absolute, workspace-contained path.
+ * @throws              `Error` when the candidate escapes the workspace.
+ */
+export function resolveWithinWorkspace(workspaceRoot: string, filePath: string): string {
+  const workspace = resolve(workspaceRoot);
+  const candidate = isAbsolute(filePath) ? resolve(filePath) : resolve(workspace, filePath);
+  if (candidate !== workspace && !candidate.startsWith(workspace + sep)) {
+    throw new Error(
+      `[claude-crap] Refusing to access '${filePath}' — path escapes the workspace root`,
+    );
+  }
+  return candidate;
+}

package/tsconfig.json

@@ -0,0 +1,27 @@
+{
+  "compilerOptions": {
+    "target": "ES2023",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "lib": ["ES2023"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "exactOptionalPropertyTypes": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "skipLibCheck": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "**/*.test.ts"]
+}