code-warden 3.1.1

package/tools/hooks/claude/uninstall-hooks.js

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+/**
+ * uninstall-hooks.js
+ * Removes all code-warden hook entries from ~/.claude/settings.json.
+ * Identified by description prefix "code-warden:".
+ * Cleans up empty PreToolUse arrays and empty hooks objects after removal.
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+const MARKER_PREFIX = 'code-warden:';
+const SETTINGS_PATH = path.join(os.homedir(), '.claude', 'settings.json');
+
+function readSettings() {
+  if (!fs.existsSync(SETTINGS_PATH)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(SETTINGS_PATH, 'utf8'));
+  } catch (err) {
+    throw new Error(`settings.json could not be parsed (${SETTINGS_PATH}): ${err.message}`);
+  }
+}
+
+function writeSettings(settings) {
+  const tmp = `${SETTINGS_PATH}.tmp`;
+  fs.writeFileSync(tmp, JSON.stringify(settings, null, 2) + '\n', 'utf8');
+  fs.renameSync(tmp, SETTINGS_PATH);
+}
+
+function uninstallHooks() {
+  const settings = readSettings();
+
+  if (!settings) {
+    console.log('[CodeWarden]   No settings.json found — nothing to remove.');
+    return false;
+  }
+
+  if (!settings.hooks || !settings.hooks.PreToolUse) {
+    console.log('[CodeWarden]   No PreToolUse hooks in settings.json — nothing to remove.');
+    return false;
+  }
+
+  const before  = settings.hooks.PreToolUse;
+  const cleaned = before
+    .map(matcher => ({
+      ...matcher,
+      hooks: (matcher.hooks || []).filter(
+        h => !String(h.description || '').startsWith(MARKER_PREFIX)
+      ),
+    }))
+    .filter(matcher => (matcher.hooks || []).length > 0);
+
+  const removedMatchers = before.length - cleaned.length;
+  const removedHooks    = before.flatMap(m => m.hooks || []).filter(
+    h => String(h.description || '').startsWith(MARKER_PREFIX)
+  ).length;
+
+  if (removedHooks === 0) {
+    console.log('[CodeWarden]   No code-warden hook entries found — nothing to remove.');
+    return false;
+  }
+
+  settings.hooks.PreToolUse = cleaned;
+  if (cleaned.length === 0)                      delete settings.hooks.PreToolUse;
+  if (Object.keys(settings.hooks).length === 0)  delete settings.hooks;
+
+  writeSettings(settings);
+  console.log(`[CodeWarden]   Removed ${removedHooks} hook entry(ies) from settings.json.`);
+  return true;
+}
+
+module.exports = { uninstallHooks };

package/tools/hooks/claude/warden-lint-hook.js

@@ -0,0 +1,106 @@
+#!/usr/bin/env node
+/**
+ * warden-lint-hook.js
+ * PreToolUse Claude Code hook: blocks Write/Edit if the resulting file would
+ * exceed the configured line limit.
+ *
+ * Payload (stdin JSON):  { tool_name, tool_input: { file_path, content|new_string, ... } }
+ * On violation: exit 2 + JSON deny response to stdout.
+ * On pass:      exit 0 (no output).
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const { countLines } = require('../../lib/line-count');
+const { loadConfig } = require('../../lib/config');
+
+// ---------------------------------------------------------------------------
+// Config — loaded via shared module; falls back to 400 if missing
+// ---------------------------------------------------------------------------
+
+const { maxFileLength: MAX_LINES } = loadConfig();
+
+// ---------------------------------------------------------------------------
+// Skip list — file types where line counting is meaningless
+// ---------------------------------------------------------------------------
+
+const SKIP_EXTS = new Set([
+  '.png', '.jpg', '.jpeg', '.gif', '.bmp', '.ico', '.svg',
+  '.woff', '.woff2', '.ttf', '.eot', '.otf',
+  '.zip', '.tar', '.gz', '.rar', '.7z',
+  '.pdf', '.doc', '.docx', '.xls', '.xlsx',
+  '.mp3', '.mp4', '.avi', '.mov', '.wav',
+  '.map', '.lock',
+]);
+
+const SKIP_NAMES = new Set(['package-lock.json', 'yarn.lock', 'pnpm-lock.yaml']);
+
+function shouldSkip(filePath) {
+  if (!filePath) return true;
+  if (SKIP_NAMES.has(path.basename(filePath))) return true;
+  return SKIP_EXTS.has(path.extname(filePath).toLowerCase());
+}
+
+// ---------------------------------------------------------------------------
+// Response helpers
+// ---------------------------------------------------------------------------
+
+function deny(reason) {
+  process.stdout.write(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: 'deny',
+      permissionDecisionReason: reason,
+    },
+  }));
+  process.exit(2);
+}
+
+const allow = () => process.exit(0);
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+async function main() {
+  let payload;
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) chunks.push(chunk);
+    payload = JSON.parse(Buffer.concat(chunks).toString('utf8'));
+  } catch {
+    allow(); // parse failure is non-blocking
+  }
+
+  const { tool_name, tool_input = {} } = payload;
+  const { file_path, content, old_string, new_string, replace_all } = tool_input;
+
+  if (tool_name === 'Write') {
+    if (shouldSkip(file_path)) allow();
+    const lines = countLines(content || '');
+    if (lines > MAX_LINES) {
+      deny(`[CodeWarden] File length gate: ${path.basename(file_path)} would be ${lines} lines (limit ${MAX_LINES}). Split into modules before writing.`);
+    }
+    allow();
+  }
+
+  if (tool_name === 'Edit') {
+    if (shouldSkip(file_path)) allow();
+    if (!fs.existsSync(file_path)) allow(); // new file — Write hook will catch it
+    const current = fs.readFileSync(file_path, 'utf8');
+    const patched  = replace_all
+      ? current.split(old_string || '').join(new_string || '')
+      : current.replace(old_string || '', new_string || '');
+    const lines = countLines(patched);
+    if (lines > MAX_LINES) {
+      deny(`[CodeWarden] File length gate: ${path.basename(file_path)} would be ${lines} lines after edit (limit ${MAX_LINES}). Split into modules before editing.`);
+    }
+    allow();
+  }
+
+  allow(); // unrecognised tool — pass through
+}
+
+main().catch(() => allow());

package/tools/hooks/claude/warden-secrets-hook.js

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+/**
+ * warden-secrets-hook.js
+ * PreToolUse Claude Code hook: blocks Write/Edit if content contains
+ * hardcoded credentials matching zero-trust secret patterns.
+ *
+ * Write: scans full content.
+ * Edit:  scans new_string only (old content was already committed).
+ *
+ * On violation: exit 2 + JSON deny response to stdout.
+ * On pass:      exit 0 (no output).
+ */
+
+'use strict';
+
+const path = require('path');
+const { scanForSecrets } = require('../../lib/secret-patterns');
+
+// ---------------------------------------------------------------------------
+// Response helpers
+// ---------------------------------------------------------------------------
+
+function deny(reason) {
+  process.stdout.write(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: 'deny',
+      permissionDecisionReason: reason,
+    },
+  }));
+  process.exit(2);
+}
+
+const allow = () => process.exit(0);
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+async function main() {
+  let payload;
+  try {
+    const chunks = [];
+    for await (const chunk of process.stdin) chunks.push(chunk);
+    payload = JSON.parse(Buffer.concat(chunks).toString('utf8'));
+  } catch {
+    allow();
+  }
+
+  const { tool_name, tool_input = {} } = payload;
+
+  if (tool_name === 'Write') {
+    const hit = scanForSecrets(tool_input.content || '');
+    if (hit) {
+      const file = path.basename(tool_input.file_path || 'file');
+      deny(`[CodeWarden] Hardcoded credential scanner: ${hit.label} detected in ${file}. Use environment variables — no hardcoded credentials.`);
+    }
+    allow();
+  }
+
+  if (tool_name === 'Edit') {
+    const hit = scanForSecrets(tool_input.new_string || '');
+    if (hit) {
+      const file = path.basename(tool_input.file_path || 'file');
+      deny(`[CodeWarden] Hardcoded credential scanner: ${hit.label} detected in replacement for ${file}. Use environment variables — no hardcoded credentials.`);
+    }
+    allow();
+  }
+
+  allow();
+}
+
+main().catch(() => allow());

package/tools/hooks/codex/install-hooks.js

@@ -0,0 +1,100 @@
+#!/usr/bin/env node
+/**
+ * install-hooks.js — Codex PreToolUse hook installer
+ *
+ * Merges code-warden hook entries into ~/.codex/hooks.json.
+ *
+ * Codex hooks.json schema:
+ *   { "PreToolUse": [ { "matcher": "...", "description": "...", "command": "...", "args": [...] } ] }
+ *
+ * Idempotent: strips existing code-warden entries by description marker,
+ * then appends current entries. Ensures paths stay current after reinstalls.
+ *
+ * Requires the skill to already be installed at skillDir.
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+const MARKER_PREFIX = 'code-warden:';
+const HOOKS_PATH    = path.join(os.homedir(), '.codex', 'hooks.json');
+
+// ---------------------------------------------------------------------------
+// Hooks file I/O
+// ---------------------------------------------------------------------------
+
+function readHooks() {
+  if (!fs.existsSync(HOOKS_PATH)) return {};
+  try {
+    return JSON.parse(fs.readFileSync(HOOKS_PATH, 'utf8'));
+  } catch (err) {
+    throw new Error(`hooks.json exists but could not be parsed (${HOOKS_PATH}): ${err.message}`);
+  }
+}
+
+function writeHooks(hooks) {
+  const tmp = `${HOOKS_PATH}.tmp`;
+  fs.mkdirSync(path.dirname(HOOKS_PATH), { recursive: true });
+  fs.writeFileSync(tmp, JSON.stringify(hooks, null, 2) + '\n', 'utf8');
+  fs.renameSync(tmp, HOOKS_PATH);
+}
+
+// ---------------------------------------------------------------------------
+// Hook entry helpers
+// ---------------------------------------------------------------------------
+
+function stripCodeWardenHooks(entries) {
+  return (entries || []).filter(
+    e => !String(e.description || '').startsWith(MARKER_PREFIX)
+  );
+}
+
+function buildEntries(skillDir) {
+  return [
+    {
+      matcher:     'apply_patch',
+      command:     'node',
+      args:        [path.join(skillDir, 'tools', 'hooks', 'codex', 'warden-apply-patch-hook.js')],
+      description: 'code-warden: apply_patch secrets + size gate',
+    },
+    {
+      matcher:     'Bash',
+      command:     'node',
+      args:        [path.join(skillDir, 'tools', 'hooks', 'codex', 'warden-bash-hook.js')],
+      description: 'code-warden: bash secrets gate',
+    },
+  ];
+}
+
+// ---------------------------------------------------------------------------
+// Install
+// ---------------------------------------------------------------------------
+
+function installHooks(skillDir) {
+  // Guard: skill must be installed before hooks are written
+  const required = [
+    path.join(skillDir, 'SKILL.md'),
+    path.join(skillDir, 'tools', 'hooks', 'codex', 'warden-apply-patch-hook.js'),
+    path.join(skillDir, 'tools', 'hooks', 'codex', 'warden-bash-hook.js'),
+  ];
+  for (const p of required) {
+    if (!fs.existsSync(p)) {
+      console.error('[CodeWarden] Hooks require an installed Codex target.');
+      console.error(`[CodeWarden] Missing: ${p}`);
+      console.error('[CodeWarden] Run: node install.js --target=codex --all');
+      process.exit(1);
+    }
+  }
+
+  const hooks = readHooks();
+  const cleaned = stripCodeWardenHooks(hooks.PreToolUse);
+  hooks.PreToolUse = [...cleaned, ...buildEntries(skillDir)];
+
+  writeHooks(hooks);
+  return HOOKS_PATH;
+}
+
+module.exports = { installHooks };

package/tools/hooks/codex/uninstall-hooks.js

@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+/**
+ * uninstall-hooks.js — Codex PreToolUse hook remover
+ *
+ * Removes all code-warden entries from ~/.codex/hooks.json.
+ * Cleans up empty PreToolUse array and empty top-level object if nothing remains.
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+const MARKER_PREFIX = 'code-warden:';
+const HOOKS_PATH    = path.join(os.homedir(), '.codex', 'hooks.json');
+
+function uninstallHooks() {
+  if (!fs.existsSync(HOOKS_PATH)) {
+    console.log('[CodeWarden] ~/.codex/hooks.json not found — nothing to remove.');
+    return;
+  }
+
+  let hooks;
+  try {
+    hooks = JSON.parse(fs.readFileSync(HOOKS_PATH, 'utf8'));
+  } catch (err) {
+    console.error(`[CodeWarden] hooks.json could not be parsed: ${err.message}`);
+    process.exit(1);
+  }
+
+  const before = (hooks.PreToolUse || []).length;
+  hooks.PreToolUse = (hooks.PreToolUse || []).filter(
+    e => !String(e.description || '').startsWith(MARKER_PREFIX)
+  );
+  const removed = before - hooks.PreToolUse.length;
+
+  // Clean empty array
+  if (hooks.PreToolUse.length === 0) delete hooks.PreToolUse;
+
+  // Write back (or remove file if completely empty)
+  if (Object.keys(hooks).length === 0) {
+    fs.unlinkSync(HOOKS_PATH);
+    console.log(`[CodeWarden] Removed ${removed} hook(s) — hooks.json is now empty, file removed.`);
+  } else {
+    const tmp = `${HOOKS_PATH}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(hooks, null, 2) + '\n', 'utf8');
+    fs.renameSync(tmp, HOOKS_PATH);
+    console.log(`[CodeWarden] Removed ${removed} code-warden hook(s) from ~/.codex/hooks.json.`);
+  }
+}
+
+module.exports = { uninstallHooks };

package/tools/hooks/codex/warden-apply-patch-hook.js

@@ -0,0 +1,113 @@
+#!/usr/bin/env node
+/**
+ * warden-apply-patch-hook.js — Codex PreToolUse hook
+ *
+ * Fires on apply_patch tool calls. Scans added lines for hardcoded credentials
+ * and estimates resulting file size where the target path can be extracted.
+ *
+ * Codex hook payload (stdin, JSON):
+ *   { tool: "apply_patch", toolInput: { patch: "<patch text>" } }
+ *
+ * Exit codes:
+ *   0  — proceed
+ *   2  — block (writes JSON deny to stdout)
+ */
+
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const { scanForSecrets }          = require('../../lib/secret-patterns');
+const { countLines }              = require('../../lib/line-count');
+const { loadConfig }              = require('../../lib/config');
+
+const { maxFileLength: maxLines } = loadConfig();
+
+
+function deny(reason) {
+  process.stdout.write(JSON.stringify({ deny: true, message: `[CodeWarden] ${reason}` }) + '\n');
+  process.exit(2);
+}
+
+// ---------------------------------------------------------------------------
+// Patch parsing helpers
+// ---------------------------------------------------------------------------
+
+/**
+ * Extract lines added by the patch (lines starting with '+', not '+++').
+ */
+function extractAddedLines(patch) {
+  return patch.split('\n')
+    .filter(l => l.startsWith('+') && !l.startsWith('+++'))
+    .map(l => l.slice(1));
+}
+
+/**
+ * Extract target file path from patch header (*** path or +++ path or --- path).
+ * Returns null if not detectable.
+ */
+function extractTargetPath(patch) {
+  for (const line of patch.split('\n')) {
+    const m = line.match(/^\+{3}\s+(.+?)(\s+\d{4}-\d{2}-\d{2}.*)?$/) ||
+              line.match(/^\*{3}\s+(.+?)(\s+\d{4}-\d{2}-\d{2}.*)?$/);
+    if (m) {
+      const p = m[1].trim();
+      if (p !== '/dev/null') return p;
+    }
+  }
+  return null;
+}
+
+/**
+ * Estimate resulting line count: base file lines + added lines - removed lines.
+ * Returns null if file not readable.
+ */
+function estimateResultLines(patch, targetPath) {
+  let baseLines = 0;
+  if (targetPath && fs.existsSync(targetPath)) {
+    try {
+      baseLines = countLines(fs.readFileSync(targetPath, 'utf8'));
+    } catch { return null; }
+  } else if (!targetPath) {
+    return null;
+  }
+  // Count added and removed lines
+  let added = 0;
+  let removed = 0;
+  for (const line of patch.split('\n')) {
+    if (line.startsWith('+') && !line.startsWith('+++')) added++;
+    else if (line.startsWith('-') && !line.startsWith('---')) removed++;
+  }
+  return baseLines + added - removed;
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+let raw = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => { raw += chunk; });
+process.stdin.on('end', () => {
+  let payload;
+  try { payload = JSON.parse(raw); } catch { process.exit(0); }
+
+  const input = payload.toolInput || payload.tool_input || {};
+  const patch  = String(input.patch || '');
+  if (!patch) process.exit(0);
+
+  // --- Secrets check on added lines ---
+  const added = extractAddedLines(patch);
+  const addedText = added.join('\n');
+  const hit = scanForSecrets(addedText);
+  if (hit) deny(`Blocked apply_patch — hardcoded credential detected (${hit.label}). Remove before patching.`);
+
+  // --- File length check ---
+  const targetPath = extractTargetPath(patch);
+  const estimated  = estimateResultLines(patch, targetPath);
+  if (estimated !== null && estimated > maxLines) {
+    deny(`Blocked apply_patch — resulting file would be ~${estimated} lines (limit ${maxLines}). Break it up first.`);
+  }
+
+  process.exit(0);
+});

package/tools/hooks/codex/warden-bash-hook.js

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+/**
+ * warden-bash-hook.js — Codex PreToolUse hook
+ *
+ * Fires on Bash tool calls. Scans the command string for patterns that
+ * would embed hardcoded credentials into files (e.g. echo/printf/cat with
+ * secret values, curl with Authorization headers, env assignments, etc.).
+ *
+ * This is a best-effort surface: Bash is intentionally wide. The hook catches
+ * the most common accidental secret exposure patterns; it does not attempt to
+ * sandbox arbitrary shell execution.
+ *
+ * Codex hook payload (stdin, JSON):
+ *   { tool: "Bash", toolInput: { command: "<shell command>" } }
+ *
+ * Exit codes:
+ *   0  — proceed
+ *   2  — block (writes JSON deny to stdout)
+ */
+
+'use strict';
+
+const { scanForSecrets } = require('../../lib/secret-patterns');
+
+function deny(reason) {
+  process.stdout.write(JSON.stringify({ deny: true, message: `[CodeWarden] ${reason}` }) + '\n');
+  process.exit(2);
+}
+
+// ---------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------
+
+let raw = '';
+process.stdin.setEncoding('utf8');
+process.stdin.on('data', chunk => { raw += chunk; });
+process.stdin.on('end', () => {
+  let payload;
+  try { payload = JSON.parse(raw); } catch { process.exit(0); }
+
+  const input   = payload.toolInput || payload.tool_input || {};
+  const command = String(input.command || '');
+  if (!command) process.exit(0);
+
+  const hit = scanForSecrets(command);
+  if (hit) {
+    deny(`Blocked Bash command — hardcoded credential detected (${hit.label}). Use environment variables or a secrets manager instead.`);
+  }
+
+  process.exit(0);
+});

package/tools/lib/config.js

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * config.js
+ * Shared codewarden.json loader.
+ *
+ * Previously warden-lint.js, warden-lint-hook.js, and warden-apply-patch-hook.js
+ * each parsed codewarden.json independently with slightly different fallback paths.
+ * This module centralises config loading with a single documented precedence.
+ *
+ * Resolution order for config file:
+ *   1. Explicit path passed to loadConfig(configPath)
+ *   2. <__dirname>/../../codewarden.json  (relative to tools/lib/ → skill root)
+ */
+
+const fs   = require('fs');
+const path = require('path');
+
+const DEFAULT_CONFIG_PATH = path.join(__dirname, '..', '..', 'codewarden.json');
+
+/**
+ * Load and parse codewarden.json, returning a merged config object.
+ * Falls back to defaults silently if the file is missing or unparseable.
+ *
+ * @param {string} [configPath] - Override the config file location
+ * @returns {{ maxFileLength: number }}
+ */
+function loadConfig(configPath) {
+  const target = configPath || DEFAULT_CONFIG_PATH;
+  let maxFileLength = 400;
+
+  try {
+    const raw = fs.readFileSync(target, 'utf8');
+    const cfg = JSON.parse(raw);
+    const configured =
+      cfg?.thresholds?.max_file_length ??
+      cfg?.max_file_length;
+    if (typeof configured === 'number' && configured > 0) {
+      maxFileLength = configured;
+    }
+  } catch {
+    // Missing or invalid config — use defaults
+  }
+
+  return { maxFileLength };
+}
+
+module.exports = { loadConfig, DEFAULT_CONFIG_PATH };

package/tools/lib/file-collection.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * file-collection.js
+ * Shared file traversal helpers for warden-lint and verify-secrets CLI tools.
+ *
+ * Previously each CLI tool duplicated identical SKIP_DIRS, SKIP_EXTS,
+ * collectFiles, and expandPaths logic — any change had to be made twice.
+ */
+
+const fs   = require('fs');
+const path = require('path');
+
+const SKIP_DIRS = new Set(['node_modules', '.git', 'target', 'dist', '.next']);
+
+const SKIP_EXTS = new Set([
+  '.png', '.jpg', '.jpeg', '.gif', '.bmp', '.ico', '.svg', '.webp',
+  '.zip', '.tar', '.gz', '.7z', '.rar',
+  '.dll', '.exe', '.bin', '.so', '.dylib',
+  '.pdf', '.woff', '.woff2', '.ttf', '.eot', '.otf',
+  '.mp4', '.mp3', '.wav', '.ogg', '.avi', '.mov',
+  '.map', '.lock',
+]);
+
+/**
+ * Recursively collect all scannable files under a directory.
+ *
+ * @param {string} dir
+ * @param {string[]} results - accumulator (mutated)
+ */
+function collectFiles(dir, results) {
+  for (const entry of fs.readdirSync(dir)) {
+    if (SKIP_DIRS.has(entry)) continue;
+    const full = path.join(dir, entry);
+    const stat = fs.statSync(full);
+    if (stat.isDirectory()) {
+      collectFiles(full, results);
+    } else if (!SKIP_EXTS.has(path.extname(entry).toLowerCase())) {
+      results.push(full);
+    }
+  }
+}
+
+/**
+ * Expand a list of CLI path arguments into a flat array of file paths.
+ * Directories are walked recursively; individual files are included as-is.
+ * Exits with usage error if no args provided or a path is not found.
+ *
+ * @param {string[]} args - process.argv slice
+ * @param {string} toolName - used in the usage message
+ * @returns {string[]}
+ */
+function expandPaths(args, toolName) {
+  if (args.length === 0) {
+    console.log(`Usage: ${toolName} <file|dir> [file|dir] ...`);
+    console.log(`       node tools/${toolName} .           # scan entire project`);
+    process.exit(1);
+  }
+  const files = [];
+  for (const arg of args) {
+    if (!fs.existsSync(arg)) {
+      console.error(`Error: path not found: ${arg}`);
+      continue;
+    }
+    if (fs.statSync(arg).isDirectory()) collectFiles(arg, files);
+    else files.push(arg);
+  }
+  return files;
+}
+
+module.exports = { collectFiles, expandPaths, SKIP_DIRS, SKIP_EXTS };