dravix-agent 0.1.0

package/dist/stats.js

@@ -0,0 +1,217 @@
+/**
+ * Audit-log stats for ``aegis stats``.
+ *
+ * The orchestrator already appends one JSON line per gate decision to
+ * ``<project_root>/.aegis/audit.jsonl`` (see ``appendAudit`` in
+ * src/orchestrator.ts). This module reads that log, optionally filters
+ * by time window, and computes the operational metrics the user needs
+ * to answer "is the gate actually useful on my project?".
+ *
+ * Metrics produced:
+ *   total_runs            — how many ``runGate()`` invocations
+ *   verdict_distribution  — allow / warn / block counts + pct
+ *   latency               — p50 / p95 / p99 / max (ms)
+ *   truncated_rate        — fraction of runs that hit the orchestrator timeout
+ *   findings_per_run      — avg / max
+ *   top_engines           — which engine is doing the heavy lifting
+ *   top_rules             — most-fired rule_ids
+ *   top_files             — files with the most blocks (often = where the work is)
+ *
+ * Output is JSON by default (machine-readable) with optional ``--human``
+ * pretty-print. The CLI in src/bin/aegis.ts wires the flag.
+ *
+ * Time window: ``--since 7d`` accepts ``Nd`` / ``Nh`` / ``Nm`` / ISO-8601
+ * date. Default is "all-time".
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { getLogger } from "./util/logger.js";
+const log = getLogger("aegis.stats");
+// ── Audit log loader ──────────────────────────────────────────────────────
+export function auditPath(projectRoot) {
+    return join(projectRoot, ".aegis", "audit.jsonl");
+}
+/** Read all audit rows. Skips malformed lines silently. Never throws. */
+export function loadAuditRows(projectRoot) {
+    const p = auditPath(projectRoot);
+    if (!existsSync(p))
+        return [];
+    let raw;
+    try {
+        raw = readFileSync(p, "utf8");
+    }
+    catch (err) {
+        log.warn("stats: audit read failed", { path: p, err: String(err) });
+        return [];
+    }
+    const out = [];
+    for (const line of raw.split(/\r?\n/)) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            continue;
+        try {
+            const obj = JSON.parse(trimmed);
+            if (typeof obj.ts === "string" &&
+                typeof obj.file === "string" &&
+                typeof obj.action === "string" &&
+                (obj.action === "allow" || obj.action === "warn" || obj.action === "block") &&
+                typeof obj.duration_ms === "number") {
+                out.push(obj);
+            }
+        }
+        catch {
+            // skip
+        }
+    }
+    return out;
+}
+// ── --since parser ────────────────────────────────────────────────────────
+/** Parse a `--since` value: ``N{d|h|m}`` (relative) or an ISO 8601
+ * timestamp (absolute). Returns the epoch ms cutoff, or null when the
+ * value is unparseable (caller treats null as "all-time"). */
+export function parseSince(since) {
+    if (!since)
+        return null;
+    const trimmed = since.trim();
+    const rel = trimmed.match(/^(\d+)\s*([dhm])$/i);
+    if (rel) {
+        const n = Number(rel[1]);
+        const unit = rel[2].toLowerCase();
+        const ms = unit === "d" ? 86_400_000 : unit === "h" ? 3_600_000 : 60_000;
+        return Date.now() - n * ms;
+    }
+    const t = Date.parse(trimmed);
+    if (Number.isFinite(t))
+        return t;
+    return null;
+}
+export function computeStats(rows, opts) {
+    const sinceMs = opts?.sinceMs ?? null;
+    const topN = opts?.topN ?? 10;
+    // Filter by since.
+    const filtered = sinceMs === null
+        ? rows
+        : rows.filter((r) => {
+            const t = Date.parse(r.ts);
+            return Number.isFinite(t) && t >= sinceMs;
+        });
+    const total = filtered.length;
+    const counts = { allow: 0, warn: 0, block: 0 };
+    const latencies = [];
+    const engines = new Map();
+    const rules = new Map();
+    const fileStats = new Map();
+    let truncated = 0;
+    let findingsTotal = 0;
+    let findingsMax = 0;
+    for (const r of filtered) {
+        counts[r.action]++;
+        if (Number.isFinite(r.duration_ms))
+            latencies.push(r.duration_ms);
+        if (r.truncated)
+            truncated++;
+        const nf = r.n_findings ?? 0;
+        findingsTotal += nf;
+        if (nf > findingsMax)
+            findingsMax = nf;
+        if (r.driving?.engine) {
+            engines.set(r.driving.engine, (engines.get(r.driving.engine) ?? 0) + 1);
+        }
+        if (r.driving?.rule_id) {
+            rules.set(r.driving.rule_id, (rules.get(r.driving.rule_id) ?? 0) + 1);
+        }
+        const fs = fileStats.get(r.file) ?? { blocks: 0, runs: 0 };
+        fs.runs++;
+        if (r.action === "block")
+            fs.blocks++;
+        fileStats.set(r.file, fs);
+    }
+    const sortedLatencies = [...latencies].sort((a, b) => a - b);
+    const pct = (p) => {
+        if (sortedLatencies.length === 0)
+            return 0;
+        const idx = Math.min(sortedLatencies.length - 1, Math.floor((sortedLatencies.length - 1) * p));
+        return sortedLatencies[idx];
+    };
+    const mean = (xs) => (xs.length ? xs.reduce((a, b) => a + b, 0) / xs.length : 0);
+    const verdictDist = {
+        allow: { count: counts.allow, pct: total ? counts.allow / total : 0 },
+        warn: { count: counts.warn, pct: total ? counts.warn / total : 0 },
+        block: { count: counts.block, pct: total ? counts.block / total : 0 },
+    };
+    return {
+        source: "audit.jsonl",
+        total_runs: total,
+        since: sinceMs ? new Date(sinceMs).toISOString() : null,
+        until: total ? filtered[filtered.length - 1].ts : null,
+        verdict_distribution: verdictDist,
+        latency_ms: {
+            p50: Math.round(pct(0.5)),
+            p95: Math.round(pct(0.95)),
+            p99: Math.round(pct(0.99)),
+            max: sortedLatencies.length ? sortedLatencies[sortedLatencies.length - 1] : 0,
+            mean: Math.round(mean(latencies)),
+        },
+        truncated_count: truncated,
+        truncated_pct: total ? truncated / total : 0,
+        findings_per_run: {
+            mean: total ? Math.round((findingsTotal / total) * 10) / 10 : 0,
+            max: findingsMax,
+        },
+        top_engines: topMap(engines, topN).map(([k, v]) => ({ engine: k, count: v })),
+        top_rules: topMap(rules, topN).map(([k, v]) => ({ rule_id: k, count: v })),
+        top_files: [...fileStats.entries()]
+            .sort((a, b) => b[1].blocks - a[1].blocks || b[1].runs - a[1].runs)
+            .slice(0, topN)
+            .map(([file, s]) => ({ file, blocks: s.blocks, runs: s.runs })),
+    };
+}
+function topMap(m, n) {
+    return [...m.entries()].sort((a, b) => b[1] - a[1]).slice(0, n);
+}
+// ── Human-readable formatter ─────────────────────────────────────────────
+export function formatHuman(s) {
+    const lines = [];
+    lines.push("Aegis-v2 stats");
+    lines.push("==============");
+    lines.push(`Source: ${s.source}`);
+    lines.push(`Window: ${s.since ?? "all-time"} → ${s.until ?? "(none)"}`);
+    lines.push(`Total runs: ${s.total_runs}`);
+    lines.push("");
+    lines.push("Verdict distribution:");
+    for (const v of ["allow", "warn", "block"]) {
+        const d = s.verdict_distribution[v];
+        lines.push(`  ${v.padEnd(6)}  ${String(d.count).padStart(6)}  (${(d.pct * 100).toFixed(1)}%)`);
+    }
+    lines.push("");
+    lines.push("Latency (ms):");
+    lines.push(`  p50  ${s.latency_ms.p50}`);
+    lines.push(`  p95  ${s.latency_ms.p95}`);
+    lines.push(`  p99  ${s.latency_ms.p99}`);
+    lines.push(`  max  ${s.latency_ms.max}`);
+    lines.push(`  mean ${s.latency_ms.mean}`);
+    lines.push("");
+    lines.push(`Truncated (timeout): ${s.truncated_count} (${(s.truncated_pct * 100).toFixed(1)}%)`);
+    lines.push(`Findings per run: mean=${s.findings_per_run.mean}, max=${s.findings_per_run.max}`);
+    lines.push("");
+    if (s.top_engines.length) {
+        lines.push("Top driving engines:");
+        for (const e of s.top_engines)
+            lines.push(`  ${e.engine.padEnd(20)} ${e.count}`);
+        lines.push("");
+    }
+    if (s.top_rules.length) {
+        lines.push("Top driving rules:");
+        for (const r of s.top_rules)
+            lines.push(`  ${r.rule_id.padEnd(40)} ${r.count}`);
+        lines.push("");
+    }
+    if (s.top_files.length) {
+        lines.push("Top files (by blocks):");
+        for (const f of s.top_files) {
+            lines.push(`  ${String(f.blocks).padStart(4)} blocks / ${String(f.runs).padStart(4)} runs  ${f.file}`);
+        }
+    }
+    return lines.join("\n");
+}
+//# sourceMappingURL=stats.js.map

package/dist/stats.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stats.js","sourceRoot":"","sources":["../src/stats.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAE7C,MAAM,GAAG,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;AA0CrC,6EAA6E;AAE7E,MAAM,UAAU,SAAS,CAAC,WAAmB;IAC3C,OAAO,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;AACpD,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,aAAa,CAAC,WAAmB;IAC/C,MAAM,CAAC,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACjC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpE,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,GAAG,GAAe,EAAE,CAAC;IAC3B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;YAC3D,IACE,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ;gBAC1B,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;gBAC5B,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ;gBAC9B,CAAC,GAAG,CAAC,MAAM,KAAK,OAAO,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO,CAAC;gBAC3E,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,EACnC,CAAC;gBACD,GAAG,CAAC,IAAI,CAAC,GAA0B,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6EAA6E;AAE7E;;8DAE8D;AAC9D,MAAM,UAAU,UAAU,CAAC,KAAgC;IACzD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAChD,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC;QACzE,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;IAC7B,CAAC;IACD,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9B,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACjC,OAAO,IAAI,CAAC;AACd,CAAC;AASD,MAAM,UAAU,YAAY,CAAC,IAAgB,EAAE,IAAkB;IAC/D,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,IAAI,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC;IAE9B,mBAAmB;IACnB,MAAM,QAAQ,GAAG,OAAO,KAAK,IAAI;QAC/B,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3B,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC;QAC5C,CAAC,CAAC,CAAC;IAEP,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC9B,MAAM,MAAM,GAA4B,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IACxE,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,GAAG,EAA4C,CAAC;IACtE,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;QACnB,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;YAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAClE,IAAI,CAAC,CAAC,SAAS;YAAE,SAAS,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC;QAC7B,aAAa,IAAI,EAAE,CAAC;QACpB,IAAI,EAAE,GAAG,WAAW;YAAE,WAAW,GAAG,EAAE,CAAC;QAEvC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YACvB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC3D,EAAE,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO;YAAE,EAAE,CAAC,MAAM,EAAE,CAAC;QACtC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,eAAe,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,CAAC,CAAS,EAAU,EAAE;QAChC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAClB,eAAe,CAAC,MAAM,GAAG,CAAC,EAC1B,IAAI,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAC7C,CAAC;QACF,OAAO,eAAe,CAAC,GAAG,CAAE,CAAC;IAC/B,CAAC,CAAC;IACF,MAAM,IAAI,GAAG,CAAC,EAAY,EAAU,EAAE,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnG,MAAM,WAAW,GAAoD;QACnE,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QACrE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QAClE,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;KACtE,CAAC;IAEF,OAAO;QACL,MAAM,EAAE,aAAa;QACrB,UAAU,EAAE,KAAK;QACjB,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;QACvD,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;QACvD,oBAAoB,EAAE,WAAW;QACjC,UAAU,EAAE;YACV,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1B,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC1B,GAAG,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC;YAC9E,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;SAClC;QACD,eAAe,EAAE,SAAS;QAC1B,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC5C,gBAAgB,EAAE;YAChB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,aAAa,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/D,GAAG,EAAE,WAAW;SACjB;QACD,WAAW,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7E,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC1E,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC;aAChC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;aAClE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;aACd,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;KAClE,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CAAC,CAAsB,EAAE,CAAS;IAC/C,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,4EAA4E;AAE5E,MAAM,UAAU,WAAW,CAAC,CAAc;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,KAAK,IAAI,UAAU,MAAM,CAAC,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC,CAAC;IACxE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAU,EAAE,CAAC;QACpD,MAAM,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACjG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5B,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,eAAe,KAAK,CAAC,CAAC,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACjG,KAAK,CAAC,IAAI,CACR,0BAA0B,CAAC,CAAC,gBAAgB,CAAC,IAAI,SAAS,CAAC,CAAC,gBAAgB,CAAC,GAAG,EAAE,CACnF,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QACjF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAChF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/telemetry/collector.d.ts

@@ -0,0 +1,10 @@
+import type { UploadedFeedback } from "./types.js";
+import type { GateReport } from "../orchestrator.js";
+export declare function enqueueReport(content: string, report: GateReport): void;
+export declare function enqueueFeedback(fb: UploadedFeedback): void;
+export declare function flush(): Promise<void>;
+export declare function stats(): {
+    buffered_findings: number;
+    buffered_feedback: number;
+};
+//# sourceMappingURL=collector.d.ts.map

package/dist/telemetry/collector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"collector.d.ts","sourceRoot":"","sources":["../../src/telemetry/collector.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,gBAAgB,EAAmB,MAAM,YAAY,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAWrD,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,IAAI,CA0BvE;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,gBAAgB,GAAG,IAAI,CAI1D;AAgBD,wBAAsB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAQ3C;AAED,wBAAgB,KAAK,IAAI;IAAE,iBAAiB,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAA;CAAE,CAEhF"}

package/dist/telemetry/collector.js

@@ -0,0 +1,75 @@
+// In-process buffer for findings + feedback. Flushes when:
+//   - buffer size reaches FLUSH_AT_FINDINGS
+//   - last-flush > FLUSH_INTERVAL_MS ago
+//   - explicit flush() (called on shutdown)
+import { isTelemetryEnabled } from "./consent.js";
+import { hashPath, redactSecrets, snippetAround, classifyFileKind } from "./sanitizer.js";
+const FLUSH_AT_FINDINGS = Number(process.env.AEGIS_TELEMETRY_FLUSH_AT ?? "25");
+const FLUSH_INTERVAL_MS = Number(process.env.AEGIS_TELEMETRY_FLUSH_MS ?? "60000");
+const _findings = [];
+const _feedback = [];
+const _durations = [];
+let _lastFlush = Date.now();
+let _flushScheduled = false;
+export function enqueueReport(content, report) {
+    if (!isTelemetryEnabled())
+        return;
+    const file_hash = hashPath(report.filePath);
+    const file_kind = classifyFileKind(report.filePath);
+    for (const f of report.findings) {
+        const finding = {
+            id: f.id,
+            engine: f.engine,
+            rule_id: f.rule_id,
+            severity: f.severity,
+            confidence: f.confidence,
+            lang: report.lang,
+            verdict: report.decision.action,
+            file_hash,
+            snippet: snippetAround(content, f.line ?? 1, 30),
+            message: redactSecrets(f.message),
+            file_kind,
+            stage: f.engine === "llm-critic" ? 2 : 1,
+            ...(f.cwe !== undefined ? { cwe: f.cwe } : {}),
+            ...(f.line !== undefined ? { line: 31 } : {}),
+            ...(f.remediation !== undefined ? { remediation: redactSecrets(f.remediation) } : {}),
+        };
+        _findings.push(finding);
+    }
+    _durations.push(report.durationMs);
+    _maybeFlush();
+}
+export function enqueueFeedback(fb) {
+    if (!isTelemetryEnabled())
+        return;
+    _feedback.push(fb);
+    _maybeFlush();
+}
+function _maybeFlush() {
+    if (_findings.length >= FLUSH_AT_FINDINGS) {
+        void flush();
+        return;
+    }
+    if (_flushScheduled)
+        return;
+    const due = Math.max(0, FLUSH_INTERVAL_MS - (Date.now() - _lastFlush));
+    _flushScheduled = true;
+    setTimeout(() => {
+        _flushScheduled = false;
+        void flush();
+    }, due).unref();
+}
+export async function flush() {
+    if (_findings.length === 0 && _feedback.length === 0)
+        return;
+    const { uploadBatch } = await import("./uploader.js");
+    const drained_findings = _findings.splice(0);
+    const drained_feedback = _feedback.splice(0);
+    const drained_durations = _durations.splice(0);
+    _lastFlush = Date.now();
+    await uploadBatch(drained_findings, drained_feedback, drained_durations);
+}
+export function stats() {
+    return { buffered_findings: _findings.length, buffered_feedback: _feedback.length };
+}
+//# sourceMappingURL=collector.js.map

package/dist/telemetry/collector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"collector.js","sourceRoot":"","sources":["../../src/telemetry/collector.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,4CAA4C;AAC5C,yCAAyC;AACzC,4CAA4C;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAI1F,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,IAAI,CAAC,CAAC;AAC/E,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,OAAO,CAAC,CAAC;AAElF,MAAM,SAAS,GAAsB,EAAE,CAAC;AACxC,MAAM,SAAS,GAAuB,EAAE,CAAC;AACzC,MAAM,UAAU,GAAa,EAAE,CAAC;AAChC,IAAI,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAC5B,IAAI,eAAe,GAAG,KAAK,CAAC;AAE5B,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,MAAkB;IAC/D,IAAI,CAAC,kBAAkB,EAAE;QAAE,OAAO;IAClC,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,OAAO,GAAoB;YAC/B,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;YAC/B,SAAS;YACT,OAAO,EAAE,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YAChD,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC;YACjC,SAAS;YACT,KAAK,EAAE,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9C,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7C,GAAG,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACtF,CAAC;QACF,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1B,CAAC;IACD,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACnC,WAAW,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,EAAoB;IAClD,IAAI,CAAC,kBAAkB,EAAE;QAAE,OAAO;IAClC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnB,WAAW,EAAE,CAAC;AAChB,CAAC;AAED,SAAS,WAAW;IAClB,IAAI,SAAS,CAAC,MAAM,IAAI,iBAAiB,EAAE,CAAC;QAC1C,KAAK,KAAK,EAAE,CAAC;QACb,OAAO;IACT,CAAC;IACD,IAAI,eAAe;QAAE,OAAO;IAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,iBAAiB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC;IACvE,eAAe,GAAG,IAAI,CAAC;IACvB,UAAU,CAAC,GAAG,EAAE;QACd,eAAe,GAAG,KAAK,CAAC;QACxB,KAAK,KAAK,EAAE,CAAC;IACf,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,KAAK;IACzB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAC7D,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;IACtD,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC7C,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC7C,MAAM,iBAAiB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC/C,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACxB,MAAM,WAAW,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,iBAAiB,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,KAAK;IACnB,OAAO,EAAE,iBAAiB,EAAE,SAAS,CAAC,MAAM,EAAE,iBAAiB,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC;AACtF,CAAC"}

package/dist/telemetry/consent.d.ts

@@ -0,0 +1,9 @@
+export interface ConsentState {
+    enabled: boolean | null;
+    consented_at?: string;
+    source?: "first_run_prompt" | "cli" | "env_var";
+}
+export declare function readConsent(): ConsentState;
+export declare function writeConsent(enabled: boolean, source?: ConsentState["source"]): void;
+export declare function isTelemetryEnabled(): boolean;
+//# sourceMappingURL=consent.d.ts.map

package/dist/telemetry/consent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent.d.ts","sourceRoot":"","sources":["../../src/telemetry/consent.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,kBAAkB,GAAG,KAAK,GAAG,SAAS,CAAC;CACjD;AAED,wBAAgB,WAAW,IAAI,YAAY,CAe1C;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,GAAE,YAAY,CAAC,QAAQ,CAAS,GAAG,IAAI,CAQ3F;AAED,wBAAgB,kBAAkB,IAAI,OAAO,CAM5C"}

package/dist/telemetry/consent.js

@@ -0,0 +1,42 @@
+// Telemetry on/off state, persisted to ~/.aegis/telemetry.json.
+// Default: not-yet-decided (null). First-run prompt sets it.
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { resolve } from "node:path";
+const AEGIS_HOME = process.env.AEGIS_HOME ?? resolve(homedir(), ".aegis");
+const CONSENT_FILE = resolve(AEGIS_HOME, "telemetry.json");
+export function readConsent() {
+    // Env override wins (CI / corporate disable).
+    const env = process.env.AEGIS_TELEMETRY;
+    if (env === "off" || env === "false" || env === "0") {
+        return { enabled: false, source: "env_var" };
+    }
+    if (env === "on" || env === "true" || env === "1") {
+        return { enabled: true, source: "env_var" };
+    }
+    if (!existsSync(CONSENT_FILE))
+        return { enabled: null };
+    try {
+        return JSON.parse(readFileSync(CONSENT_FILE, "utf8"));
+    }
+    catch {
+        return { enabled: null };
+    }
+}
+export function writeConsent(enabled, source = "cli") {
+    mkdirSync(AEGIS_HOME, { recursive: true });
+    const state = {
+        enabled,
+        consented_at: new Date().toISOString(),
+        source,
+    };
+    writeFileSync(CONSENT_FILE, JSON.stringify(state, null, 2), "utf8");
+}
+export function isTelemetryEnabled() {
+    const s = readConsent();
+    // Default ON when never asked AND not explicitly disabled — per product
+    // decision; the first-run prompt in the hook flips this to a recorded ON
+    // (with source=first_run_prompt) on the first invocation.
+    return s.enabled !== false;
+}
+//# sourceMappingURL=consent.js.map

package/dist/telemetry/consent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent.js","sourceRoot":"","sources":["../../src/telemetry/consent.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,6DAA6D;AAC7D,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC1E,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;AAQ3D,MAAM,UAAU,WAAW;IACzB,8CAA8C;IAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IACxC,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;QACpD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;QAClD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACxD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAiB,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAgB,EAAE,SAAiC,KAAK;IACnF,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAiB;QAC1B,OAAO;QACP,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtC,MAAM;KACP,CAAC;IACF,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,wEAAwE;IACxE,yEAAyE;IACzE,0DAA0D;IAC1D,OAAO,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC;AAC7B,CAAC"}

package/dist/telemetry/installation.d.ts

@@ -0,0 +1,2 @@
+export declare function getInstallationId(): string;
+//# sourceMappingURL=installation.d.ts.map

package/dist/telemetry/installation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"installation.d.ts","sourceRoot":"","sources":["../../src/telemetry/installation.ts"],"names":[],"mappings":"AAeA,wBAAgB,iBAAiB,IAAI,MAAM,CAU1C"}

package/dist/telemetry/installation.js

@@ -0,0 +1,32 @@
+// Generate + persist a per-installation UUID. Anonymous by default.
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { resolve } from "node:path";
+import { randomUUID } from "node:crypto";
+const AEGIS_HOME = process.env.AEGIS_HOME ?? resolve(homedir(), ".aegis");
+const INSTALLATION_FILE = resolve(AEGIS_HOME, "installation.json");
+export function getInstallationId() {
+    if (existsSync(INSTALLATION_FILE)) {
+        try {
+            const s = JSON.parse(readFileSync(INSTALLATION_FILE, "utf8"));
+            if (s.id && /^[0-9a-f-]{36}$/i.test(s.id))
+                return s.id;
+        }
+        catch {
+            // fall through to regenerate
+        }
+    }
+    return _create();
+}
+function _create() {
+    const id = randomUUID();
+    try {
+        mkdirSync(AEGIS_HOME, { recursive: true });
+        writeFileSync(INSTALLATION_FILE, JSON.stringify({ id, created_at: new Date().toISOString() }, null, 2), "utf8");
+    }
+    catch {
+        // best-effort; in-memory id still returned
+    }
+    return id;
+}
+//# sourceMappingURL=installation.js.map

package/dist/telemetry/installation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"installation.js","sourceRoot":"","sources":["../../src/telemetry/installation.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC1E,MAAM,iBAAiB,GAAG,OAAO,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAQnE,MAAM,UAAU,iBAAiB;IAC/B,IAAI,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAsB,CAAC;YACnF,IAAI,CAAC,CAAC,EAAE,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAE,OAAO,CAAC,CAAC,EAAE,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,OAAO,EAAE,CAAC;AACnB,CAAC;AAED,SAAS,OAAO;IACd,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,CAAC;QACH,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,aAAa,CACX,iBAAiB,EACjB,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EACrE,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,2CAA2C;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/telemetry/sanitizer.d.ts

@@ -0,0 +1,5 @@
+export declare function redactSecrets(text: string): string;
+export declare function hashPath(absPath: string): string;
+export declare function snippetAround(content: string, targetLine: number, window?: number): string;
+export declare function classifyFileKind(absPath: string): string;
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/telemetry/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/telemetry/sanitizer.ts"],"names":[],"mappings":"AAwBA,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAUlD;AAED,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,SAAK,GAAG,MAAM,CAKtF;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CASxD"}

package/dist/telemetry/sanitizer.js

@@ -0,0 +1,60 @@
+// Strip secrets + PII before uploading to the flywheel API.
+// Conservative — when in doubt, redact. The server-side sanitizer ALSO
+// scans and will REJECT a batch with unredacted secrets.
+import { createHash } from "node:crypto";
+const SECRET_PATTERNS = [
+    /\bghp_[A-Za-z0-9]{36,255}\b/g,
+    /\bgho_[A-Za-z0-9]{36,255}\b/g,
+    /\bghu_[A-Za-z0-9]{36,255}\b/g,
+    /\bAKIA[A-Z0-9]{16}\b/g,
+    /\bsk-(?:proj-|ant-|live-)?[A-Za-z0-9_-]{30,}\b/g,
+    /\bsk-ant-(?:api03-)?[A-Za-z0-9_-]{30,}\b/g,
+    /\bAIza[A-Za-z0-9_-]{30,}\b/g,
+    /\bxox[abprs]-[A-Za-z0-9-]{10,}\b/g,
+    /\bsk_(?:live|test)_[A-Za-z0-9]{24,}\b/g,
+    /\bSK[a-f0-9]{32}\b/g,
+    /-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----[\s\S]*?-----END/g,
+    /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g,
+];
+const EMAIL = /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/g;
+const PHONE = /\b\+?\d{1,3}[-.\s]?\(?\d{2,4}\)?[-.\s]?\d{3,4}[-.\s]?\d{4}\b/g;
+const IPV4 = /\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b/g;
+export function redactSecrets(text) {
+    let out = text;
+    for (const re of SECRET_PATTERNS)
+        out = out.replace(re, "<REDACTED_SECRET>");
+    out = out.replace(EMAIL, "<email>");
+    out = out.replace(PHONE, "<phone>");
+    out = out.replace(IPV4, (ip) => {
+        if (/^(?:10|127|192\.168|172\.(?:1[6-9]|2\d|3[01]))\./.test(ip))
+            return "<private_ip>";
+        return ip;
+    });
+    return out;
+}
+export function hashPath(absPath) {
+    return createHash("sha256").update(absPath).digest("hex").slice(0, 16);
+}
+export function snippetAround(content, targetLine, window = 30) {
+    const lines = content.split(/\r?\n/);
+    const start = Math.max(0, targetLine - 1 - window);
+    const end = Math.min(lines.length, targetLine + window);
+    return redactSecrets(lines.slice(start, end).join("\n"));
+}
+export function classifyFileKind(absPath) {
+    const p = absPath.replace(/\\/g, "/").toLowerCase();
+    if (/\/tests?\/|\/__tests__\/|\.test\.|\.spec\./.test(p))
+        return "test";
+    if (/\/routes?\/|\/handlers?\/|\/controllers?\/|\/views?\//.test(p))
+        return "route";
+    if (/\/models?\/|\/entities?\/|\/schemas?\//.test(p))
+        return "model";
+    if (/\/(?:settings|config|configs)\.|\.config\.|\.env/.test(p))
+        return "config";
+    if (/\/migrations?\/|\.sql$/.test(p))
+        return "migration";
+    if (/\/utils?\/|\/helpers?\/|\/lib\//.test(p))
+        return "util";
+    return "generic";
+}
+//# sourceMappingURL=sanitizer.js.map

package/dist/telemetry/sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.js","sourceRoot":"","sources":["../../src/telemetry/sanitizer.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,uEAAuE;AACvE,yDAAyD;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,eAAe,GAAa;IAChC,8BAA8B;IAC9B,8BAA8B;IAC9B,8BAA8B;IAC9B,uBAAuB;IACvB,iDAAiD;IACjD,2CAA2C;IAC3C,6BAA6B;IAC7B,mCAAmC;IACnC,wCAAwC;IACxC,qBAAqB;IACrB,8EAA8E;IAC9E,oEAAoE;CACrE,CAAC;AAEF,MAAM,KAAK,GAAG,qDAAqD,CAAC;AACpE,MAAM,KAAK,GAAG,+DAA+D,CAAC;AAC9E,MAAM,IAAI,GAAG,8EAA8E,CAAC;AAE5F,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,EAAE,IAAI,eAAe;QAAE,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,mBAAmB,CAAC,CAAC;IAC7E,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACpC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACpC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;QAC7B,IAAI,kDAAkD,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,cAAc,CAAC;QACvF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,OAAe;IACtC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,UAAkB,EAAE,MAAM,GAAG,EAAE;IAC5E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAAC,CAAC;IACxD,OAAO,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;IACpD,IAAI,4CAA4C,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IACxE,IAAI,uDAAuD,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,OAAO,CAAC;IACpF,IAAI,wCAAwC,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,OAAO,CAAC;IACrE,IAAI,kDAAkD,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,QAAQ,CAAC;IAChF,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,WAAW,CAAC;IACzD,IAAI,iCAAiC,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IAC7D,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/telemetry/types.d.ts

@@ -0,0 +1,39 @@
+export declare const SCHEMA_VERSION = "1.0.0";
+export interface UploadedFinding {
+    id: string;
+    engine: string;
+    rule_id: string;
+    cwe?: string;
+    severity: "info" | "low" | "medium" | "high" | "critical";
+    confidence: number;
+    lang: string;
+    verdict: "allow" | "warn" | "block";
+    file_hash: string;
+    line?: number;
+    snippet: string;
+    message: string;
+    remediation?: string;
+    file_kind?: string;
+    stage?: 1 | 2;
+}
+export interface UploadedFeedback {
+    finding_id: string;
+    signal: "agree" | "dismiss" | "fixed" | "false_positive";
+    reason?: string;
+}
+export interface UploadBatch {
+    schema_version: string;
+    installation_id: string;
+    client_version: string;
+    platform: string;
+    sent_at: number;
+    findings: UploadedFinding[];
+    feedback?: UploadedFeedback[];
+    stats?: {
+        durations_ms: number[];
+        lang_counts: Record<string, number>;
+        engine_counts: Record<string, number>;
+        verdict_counts: Record<string, number>;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/telemetry/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/telemetry/types.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,cAAc,UAAU,CAAC;AAEtC,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;CACf;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,OAAO,GAAG,gBAAgB,CAAC;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC9B,KAAK,CAAC,EAAE;QACN,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACpC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACxC,CAAC;CACH"}

package/dist/telemetry/types.js

@@ -0,0 +1,4 @@
+// Mirror of aegis-cloud/src/types.ts — keep in sync, bump SCHEMA_VERSION on
+// any breaking change.
+export const SCHEMA_VERSION = "1.0.0";
+//# sourceMappingURL=types.js.map

package/dist/telemetry/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/telemetry/types.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,uBAAuB;AAEvB,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC"}

package/dist/telemetry/uploader.d.ts

@@ -0,0 +1,12 @@
+import type { UploadedFeedback, UploadedFinding } from "./types.js";
+export declare function uploadBatch(findings: UploadedFinding[], feedback: UploadedFeedback[], durations: number[]): Promise<{
+    ok: boolean;
+    reason?: string;
+}>;
+export declare function postOptOut(reason?: string): Promise<{
+    ok: boolean;
+}>;
+export declare function deleteAllData(): Promise<{
+    ok: boolean;
+}>;
+//# sourceMappingURL=uploader.d.ts.map

package/dist/telemetry/uploader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uploader.d.ts","sourceRoot":"","sources":["../../src/telemetry/uploader.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAe,gBAAgB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAMjF,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,eAAe,EAAE,EAC3B,QAAQ,EAAE,gBAAgB,EAAE,EAC5B,SAAS,EAAE,MAAM,EAAE,GAClB,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA6C3C;AAYD,wBAAsB,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC,CAW1E;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAA;CAAE,CAAC,CAU9D"}