npm - ghagga-core - Versions diffs - 2.9.1 → 3.0.0 - Mend

ghagga-core 2.9.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/LICENSE +21 -0
package/dist/agents/consensus.d.ts.map +1 -1
package/dist/agents/consensus.js +7 -2
package/dist/agents/consensus.js.map +1 -1
package/dist/agents/diagnostic.d.ts.map +1 -1
package/dist/agents/diagnostic.js +7 -2
package/dist/agents/diagnostic.js.map +1 -1
package/dist/agents/fan-out-lenses.d.ts.map +1 -1
package/dist/agents/fan-out-lenses.js +7 -2
package/dist/agents/fan-out-lenses.js.map +1 -1
package/dist/agents/prompts.d.ts +49 -1
package/dist/agents/prompts.d.ts.map +1 -1
package/dist/agents/prompts.js +133 -5
package/dist/agents/prompts.js.map +1 -1
package/dist/agents/simple.d.ts +1 -1
package/dist/agents/simple.d.ts.map +1 -1
package/dist/agents/simple.js +6 -4
package/dist/agents/simple.js.map +1 -1
package/dist/agents/workflow.d.ts.map +1 -1
package/dist/agents/workflow.js +13 -4
package/dist/agents/workflow.js.map +1 -1
package/dist/critique/critique.d.ts.map +1 -1
package/dist/critique/critique.js +14 -6
package/dist/critique/critique.js.map +1 -1
package/dist/diff/index.d.ts +12 -0
package/dist/diff/index.d.ts.map +1 -0
package/dist/diff/index.js +11 -0
package/dist/diff/index.js.map +1 -0
package/dist/diff/parse.d.ts +41 -0
package/dist/diff/parse.d.ts.map +1 -0
package/dist/diff/parse.js +303 -0
package/dist/diff/parse.js.map +1 -0
package/dist/diff/types.d.ts +106 -0
package/dist/diff/types.d.ts.map +1 -0
package/dist/diff/types.js +23 -0
package/dist/diff/types.js.map +1 -0
package/dist/embed.d.ts +5 -2
package/dist/embed.d.ts.map +1 -1
package/dist/embed.js +7 -3
package/dist/embed.js.map +1 -1
package/dist/enhance/prompt.d.ts +5 -1
package/dist/enhance/prompt.d.ts.map +1 -1
package/dist/enhance/prompt.js +9 -2
package/dist/enhance/prompt.js.map +1 -1
package/dist/format.d.ts +31 -0
package/dist/format.d.ts.map +1 -1
package/dist/format.js +256 -15
package/dist/format.js.map +1 -1
package/dist/index.d.ts +2 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/index.js.map +1 -1
package/dist/memory/pageindex/index.d.ts +2 -2
package/dist/memory/pageindex/index.d.ts.map +1 -1
package/dist/memory/pageindex/index.js.map +1 -1
package/dist/memory/pageindex/service.d.ts +10 -1
package/dist/memory/pageindex/service.d.ts.map +1 -1
package/dist/memory/pageindex/service.js +2 -2
package/dist/memory/pageindex/service.js.map +1 -1
package/dist/memory/persist.d.ts.map +1 -1
package/dist/memory/persist.js +10 -3
package/dist/memory/persist.js.map +1 -1
package/dist/memory/privacy.d.ts.map +1 -1
package/dist/memory/privacy.js +45 -6
package/dist/memory/privacy.js.map +1 -1
package/dist/memory/sqlite.d.ts +1 -13
package/dist/memory/sqlite.d.ts.map +1 -1
package/dist/memory/sqlite.js +45 -27
package/dist/memory/sqlite.js.map +1 -1
package/dist/memory/taxonomy.d.ts.map +1 -1
package/dist/memory/taxonomy.js +6 -1
package/dist/memory/taxonomy.js.map +1 -1
package/dist/pipeline/degrade.d.ts +61 -0
package/dist/pipeline/degrade.d.ts.map +1 -0
package/dist/pipeline/degrade.js +58 -0
package/dist/pipeline/degrade.js.map +1 -0
package/dist/pipeline/enrich.d.ts +29 -0
package/dist/pipeline/enrich.d.ts.map +1 -0
package/dist/pipeline/enrich.js +271 -0
package/dist/pipeline/enrich.js.map +1 -0
package/dist/pipeline/execute.d.ts +22 -0
package/dist/pipeline/execute.d.ts.map +1 -0
package/dist/pipeline/execute.js +250 -0
package/dist/pipeline/execute.js.map +1 -0
package/dist/pipeline/finalize.d.ts +26 -0
package/dist/pipeline/finalize.d.ts.map +1 -0
package/dist/pipeline/finalize.js +52 -0
package/dist/pipeline/finalize.js.map +1 -0
package/dist/pipeline/gather-context.d.ts +25 -0
package/dist/pipeline/gather-context.d.ts.map +1 -0
package/dist/pipeline/gather-context.js +169 -0
package/dist/pipeline/gather-context.js.map +1 -0
package/dist/pipeline/gather-safe.d.ts +39 -0
package/dist/pipeline/gather-safe.d.ts.map +1 -0
package/dist/pipeline/gather-safe.js +127 -0
package/dist/pipeline/gather-safe.js.map +1 -0
package/dist/pipeline/prepare-graph.d.ts +54 -0
package/dist/pipeline/prepare-graph.d.ts.map +1 -0
package/dist/pipeline/prepare-graph.js +174 -0
package/dist/pipeline/prepare-graph.js.map +1 -0
package/dist/pipeline/prepare.d.ts +40 -0
package/dist/pipeline/prepare.d.ts.map +1 -0
package/dist/pipeline/prepare.js +233 -0
package/dist/pipeline/prepare.js.map +1 -0
package/dist/pipeline/providers.d.ts +54 -0
package/dist/pipeline/providers.d.ts.map +1 -0
package/dist/pipeline/providers.js +163 -0
package/dist/pipeline/providers.js.map +1 -0
package/dist/pipeline/results.d.ts +35 -0
package/dist/pipeline/results.d.ts.map +1 -0
package/dist/pipeline/results.js +122 -0
package/dist/pipeline/results.js.map +1 -0
package/dist/pipeline/state.d.ts +92 -0
package/dist/pipeline/state.d.ts.map +1 -0
package/dist/pipeline/state.js +13 -0
package/dist/pipeline/state.js.map +1 -0
package/dist/pipeline.d.ts +10 -9
package/dist/pipeline.d.ts.map +1 -1
package/dist/pipeline.js +36 -1213
package/dist/pipeline.js.map +1 -1
package/dist/providers/gateway.d.ts.map +1 -1
package/dist/providers/gateway.js +8 -0
package/dist/providers/gateway.js.map +1 -1
package/dist/recursive/index.d.ts +1 -0
package/dist/recursive/index.d.ts.map +1 -1
package/dist/recursive/index.js +7 -3
package/dist/recursive/index.js.map +1 -1
package/dist/recursive/patch-extractor.d.ts +58 -6
package/dist/recursive/patch-extractor.d.ts.map +1 -1
package/dist/recursive/patch-extractor.js +207 -26
package/dist/recursive/patch-extractor.js.map +1 -1
package/dist/sanitize.d.ts +51 -0
package/dist/sanitize.d.ts.map +1 -0
package/dist/sanitize.js +90 -0
package/dist/sanitize.js.map +1 -0
package/dist/scope/diff-mapper.d.ts +12 -0
package/dist/scope/diff-mapper.d.ts.map +1 -1
package/dist/scope/diff-mapper.js +25 -18
package/dist/scope/diff-mapper.js.map +1 -1
package/dist/scope/entity-diff.d.ts +21 -4
package/dist/scope/entity-diff.d.ts.map +1 -1
package/dist/scope/entity-diff.js +132 -34
package/dist/scope/entity-diff.js.map +1 -1
package/dist/scope/types.d.ts +10 -0
package/dist/scope/types.d.ts.map +1 -1
package/dist/semantic-diff/index.d.ts +25 -2
package/dist/semantic-diff/index.d.ts.map +1 -1
package/dist/semantic-diff/index.js +147 -53
package/dist/semantic-diff/index.js.map +1 -1
package/dist/tools/gitleaks-config.toml +35 -0
package/dist/tools/plugins/gitleaks.d.ts +10 -0
package/dist/tools/plugins/gitleaks.d.ts.map +1 -1
package/dist/tools/plugins/gitleaks.js +29 -2
package/dist/tools/plugins/gitleaks.js.map +1 -1
package/dist/tools/plugins/semgrep.d.ts +11 -0
package/dist/tools/plugins/semgrep.d.ts.map +1 -1
package/dist/tools/plugins/semgrep.js +30 -1
package/dist/tools/plugins/semgrep.js.map +1 -1
package/dist/tools/semgrep-rules.yml +305 -0
package/dist/types.d.ts +51 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/utils/diff.d.ts +22 -2
package/dist/utils/diff.d.ts.map +1 -1
package/dist/utils/diff.js +36 -40
package/dist/utils/diff.js.map +1 -1
package/package.json +21 -22
package/dist/providers/fallback.d.ts +0 -54
package/dist/providers/fallback.d.ts.map +0 -1
package/dist/providers/fallback.js +0 -102
package/dist/providers/fallback.js.map +0 -1
package/dist/providers/index.d.ts +0 -49
package/dist/providers/index.d.ts.map +0 -1
package/dist/providers/index.js +0 -146
package/dist/providers/index.js.map +0 -1

package/dist/semantic-diff/index.d.ts CHANGED Viewed

@@ -4,9 +4,29 @@
  * Instead of raw line diffs, extracts WHAT changed at the entity level:
  * function renamed, class added, method signature changed, etc.
  *
- * Implementation is regex-based — no tree-sitter required.
+ * Implementation is regex-based — no tree-sitter required. File sectioning
+ * is delegated to the unified diff parser (`src/diff/parse.ts`); declaration
+ * detection stays local.
+ *
+ * WIRED TO PRODUCTION (SDD wire-semantic-diff, 2026-06-13).
+ * `extractSemanticDiff` runs in the enrich phase (`pipeline/enrich.ts`),
+ * its result lands on `ReviewResult.semanticDiff`, and that feeds the
+ * "What changed" section of the PR comment via `formatSemanticDiffSection`
+ * (`format.ts`). This is no longer an unwired re-export.
+ *
+ * Known limitations (real, by design — the extractor is regex-based, not a
+ * parser, and matches single-line declarations only; all pinned in
+ * `index.test.ts`):
+ *   - a multiline arrow whose `=>` lands on the next line is not detected;
+ *   - a generic constraint CONTAINING parens (`<T extends () => void>`) is
+ *     not detected (the `[^(]*` guard that keeps comparisons out excludes it);
+ *   - declarations spanning multiple lines are matched only by their first
+ *     line.
+ * The presentation layer (`format.ts`) drops `method_*` noise and gates to
+ * TS/JS files, so these misses degrade the cosmetic comment section only —
+ * never the review verdict.
  */
-export type EntityChangeKind = 'function_added' | 'function_removed' | 'function_modified' | 'class_added' | 'class_removed' | 'method_added' | 'method_removed' | 'method_modified' | 'import_added' | 'import_removed' | 'export_added' | 'export_removed' | 'type_added' | 'type_removed' | 'type_modified';
+export type EntityChangeKind = 'function_added' | 'function_removed' | 'function_modified' | 'class_added' | 'class_removed' | 'class_modified' | 'method_added' | 'method_removed' | 'method_modified' | 'import_added' | 'import_removed' | 'import_modified' | 'export_added' | 'export_removed' | 'export_modified' | 'type_added' | 'type_removed' | 'type_modified';
 export interface EntityChange {
     kind: EntityChangeKind;
     name: string;
@@ -26,6 +46,9 @@ export interface SemanticDiff {
  *
  * Returns a SemanticDiff with individual EntityChange items and a
  * human-readable summary string.
+ *
+ * Wired into the review pipeline (enrich phase → `ReviewResult.semanticDiff`
+ * → "What changed" PR comment section). See the module header.
  */
 export declare function extractSemanticDiff(unifiedDiff: string): SemanticDiff;
 //# sourceMappingURL=index.d.ts.map

package/dist/semantic-diff/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic-diff/index.ts"],"names":[],"mappings":"AAAA~~;;;;;;;GAOG~~;~~AAIH~~,MAAM,MAAM,gBAAgB,GACxB,gBAAgB,GAChB,kBAAkB,GAClB,mBAAmB,GACnB,aAAa,GACb,eAAe,GACf,cAAc,GACd,gBAAgB,GAChB,iBAAiB,GACjB,cAAc,GACd,gBAAgB,GAChB,cAAc,GACd,gBAAgB,GAChB,YAAY,GACZ,cAAc,GACd,eAAe,CAAC;AAEpB,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,yEAAyE;IACzE,OAAO,EAAE,MAAM,CAAC;CACjB;~~AAqJD;;;;;GAKG~~;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,YAAY,CAiCrE"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/semantic-diff/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAMH,MAAM,MAAM,gBAAgB,GACxB,gBAAgB,GAChB,kBAAkB,GAClB,mBAAmB,GACnB,aAAa,GACb,eAAe,GACf,gBAAgB,GAChB,cAAc,GACd,gBAAgB,GAChB,iBAAiB,GACjB,cAAc,GACd,gBAAgB,GAChB,iBAAiB,GACjB,cAAc,GACd,gBAAgB,GAChB,iBAAiB,GACjB,YAAY,GACZ,cAAc,GACd,eAAe,CAAC;AAEpB,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,yEAAyE;IACzE,OAAO,EAAE,MAAM,CAAC;CACjB;AA+MD;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,YAAY,CAiCrE"}

package/dist/semantic-diff/index.js CHANGED Viewed

@@ -4,25 +4,48 @@
  * Instead of raw line diffs, extracts WHAT changed at the entity level:
  * function renamed, class added, method signature changed, etc.
  *
- * Implementation is regex-based — no tree-sitter required.
+ * Implementation is regex-based — no tree-sitter required. File sectioning
+ * is delegated to the unified diff parser (`src/diff/parse.ts`); declaration
+ * detection stays local.
+ *
+ * WIRED TO PRODUCTION (SDD wire-semantic-diff, 2026-06-13).
+ * `extractSemanticDiff` runs in the enrich phase (`pipeline/enrich.ts`),
+ * its result lands on `ReviewResult.semanticDiff`, and that feeds the
+ * "What changed" section of the PR comment via `formatSemanticDiffSection`
+ * (`format.ts`). This is no longer an unwired re-export.
+ *
+ * Known limitations (real, by design — the extractor is regex-based, not a
+ * parser, and matches single-line declarations only; all pinned in
+ * `index.test.ts`):
+ *   - a multiline arrow whose `=>` lands on the next line is not detected;
+ *   - a generic constraint CONTAINING parens (`<T extends () => void>`) is
+ *     not detected (the `[^(]*` guard that keeps comparisons out excludes it);
+ *   - declarations spanning multiple lines are matched only by their first
+ *     line.
+ * The presentation layer (`format.ts`) drops `method_*` noise and gates to
+ * TS/JS files, so these misses degrade the cosmetic comment section only —
+ * never the review verdict.
  */
+import { parseUnifiedDiff } from '../diff/index.js';
 // ─── Regex Patterns ──────────────────────────────────────────────
 /**
  * Patterns that match declaration lines.
  * Each entry includes the entity category for grouping (function|class|method|import|export|type).
  */
 const DECLARATION_PATTERNS = [
+    // NOTE: ORDER MATTERS. The generic "export <name>" pattern is intentionally
+    // listed LAST so that more specific declarations — `export function foo`,
+    // `export class Foo`, `export const fn = () => …`, `export type Foo` — are
+    // classified by their real entity kind (function/class/type) instead of being
+    // swallowed by a catch-all `export` rule. Only plain value re-exports
+    // (e.g. `export const VERSION = '1.0'`, `export default expr`) fall through
+    // to the `export` kind.
     // import statements — match before export/function to avoid conflicts
     {
         kind: 'import',
         pattern: /^\s*import\s+(?:type\s+)?(?:\{[^}]*\}|[\w*]+(?:\s+as\s+\w+)?)\s+from\s+['"][^'"]+['"]/,
     },
-    // export default / named
-    {
-        kind: 'export',
-        pattern: /^\s*export\s+(?:default\s+)?(?:const|let|var|function\*?|async\s+function\*?)\s+(\w+)/,
-    },
-    // export type / interface
+    // export type / interface / enum (before the generic export rule)
     {
         kind: 'type',
         pattern: /^\s*export\s+(?:type|interface|enum)\s+(\w+)/,
@@ -32,30 +55,47 @@ const DECLARATION_PATTERNS = [
         kind: 'type',
         pattern: /^\s*(?:type|interface|enum)\s+(\w+)/,
     },
-    // class declaration
+    // class declaration (handles `export class` and `export abstract class`)
     {
         kind: 'class',
-        pattern: /^\s*(?:export\s+)?(?:abstract\s+)?class\s+(\w+)/,
+        pattern: /^\s*(?:export\s+)?(?:default\s+)?(?:abstract\s+)?class\s+(\w+)/,
     },
-    // method inside class (indented + no leading "function" keyword, has "()")
+    // top-level function declaration (handles `export function` / `export async function`)
     {
-        kind: 'method',
-        pattern: /^[ \t]+(?:(?:public|private|protected|static|async|override|readonly)\s+)*(\w+)\s*\(/,
+        kind: 'function',
+        pattern: /^\s*(?:export\s+)?(?:default\s+)?(?:async\s+)?function\*?\s+(\w+)\s*\(/,
     },
-    // top-level function declaration
+    // arrow / function-expression assigned to const/let/var (handles `export const fn = () =>`,
+    // optionally typed: `export const fn: Foo = async () =>`).
+    // The RHS must be a real function: `function` keyword, or arrow params
+    // (paren-params — with an optional generic prefix `<T>` / `<T extends X>` —
+    // bare single param, optional return-type annotation) followed by `=>`
+    // ON THE SAME LINE. A bare `(` is NOT enough — that misclassified
+    // parenthesized non-function initializers (e.g.
+    // `const x = (row.metadata as Foo).bar`) as function_added.
+    // The generic prefix `<[^(]*>` is anchored to paren-params only (a bare
+    // param after a generic is not valid TS) and cannot contain `(` — so a
+    // `<` comparison initializer (`const a = x < y`) never enters this branch,
+    // and the cast false positive stays closed. Nested generics without parens
+    // (`<T extends Record<string, K>>`) resolve via the greedy last-`>`.
+    // Known limitations (accepted, pinned in index.test.ts):
+    //   - a multiline arrow whose `=>` lands on the next line is not detected;
+    //   - a generic constraint CONTAINING parens (`<T extends () => void>`)
+    //     is not detected (the `[^(]*` guard that keeps comparisons out
+    //     excludes it).
     {
         kind: 'function',
-        pattern: /^\s*(?:export\s+)?(?:async\s+)?function\*?\s+(\w+)\s*\(/,
+        pattern: /^\s*(?:export\s+)?(?:const|let|var)\s+(\w+)\s*(?::\s*[\w<>,\s|[\]]+?)?\s*=\s*(?:async\s+)?(?:function\b|(?:(?:<[^(]*>\s*)?\([^)]*\)|[\w$]+)\s*(?::[^=]*)?=>)/,
     },
-    // arrow function / const fn = ...
+    // method inside class (indented + no leading "function" keyword, has "()")
     {
-        kind: 'function',
-        pattern: /^\s*(?:export\s+)?(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s*)?\(/,
+        kind: 'method',
+        pattern: /^[ \t]+(?:(?:public|private|protected|static|async|override|readonly)\s+)*(\w+)\s*\(/,
     },
-    // const fn = async () => or const fn = () =>
+    // generic export of a plain value — LAST so the rules above win first
     {
-        kind: 'function',
-        pattern: /^\s*(?:export\s+)?(?:const|let|var)\s+(\w+)\s*(?::\s*\w[\w<>,\s]*?)?\s*=\s*(?:async\s+)?\(/,
+        kind: 'export',
+        pattern: /^\s*export\s+(?:default\s+)?(?:const|let|var)\s+(\w+)/,
     },
 ];
 /**
@@ -80,37 +120,75 @@ function extractDeclaration(line) {
     return null;
 }
 /**
- * Parse a unified diff and split added/removed declaration lines per file.
+ * FROZEN LEGACY BEHAVIOR — path resolution for the pre-header
+ * pseudo-section. The historical splitter (`split(/^diff --git /m)`) kept
+ * everything before the first file header as a section of its own and
+ * resolved its "path" by running this tail regex over the FIRST line
+ * (almost always yielding `unknown`). Reachable via arbitrary ACP input
+ * and bare diff fragments, so it is preserved verbatim. This is NOT a
+ * file-header or hunk-header regex (spec R8 keeps those solely in
+ * `src/diff/`): it matches the tail of an already-isolated line.
  */
-function parseHunks(unifiedDiff) {
-    const result = [];
-    const filePattern = /^diff --git a\/.+ b\/(.+)$/m;
-    const sections = unifiedDiff.split(/^diff --git /m).filter(Boolean);
-    for (const section of sections) {
-        const pathMatch = /a\/.+ b\/(.+)$/.exec(section.split('\n')[0] ?? '');
-        const filePath = pathMatch?.[1] ?? 'unknown';
-        const added = new Map();
-        const removed = new Map();
-        for (const line of section.split('\n')) {
-            if (line.startsWith('+') && !line.startsWith('+++')) {
-                const content = line.slice(1);
-                const decl = extractDeclaration(content);
-                if (decl) {
-                    added.set(decl.name, { name: decl.name, signature: content.trim(), kind: decl.kind });
-                }
+const LEGACY_SECTION_PATH_RE = /a\/.+ b\/(.+)$/;
+/** Scan a section's raw lines for added/removed declaration lines. */
+function scanSection(lines, filePath) {
+    const added = new Map();
+    const removed = new Map();
+    for (const line of lines) {
+        if (line.startsWith('+') && !line.startsWith('+++')) {
+            const content = line.slice(1);
+            const decl = extractDeclaration(content);
+            if (decl) {
+                added.set(decl.name, { name: decl.name, signature: content.trim(), kind: decl.kind });
             }
-            else if (line.startsWith('-') && !line.startsWith('---')) {
-                const content = line.slice(1);
-                const decl = extractDeclaration(content);
-                if (decl) {
-                    removed.set(decl.name, { name: decl.name, signature: content.trim(), kind: decl.kind });
-                }
+        }
+        else if (line.startsWith('-') && !line.startsWith('---')) {
+            const content = line.slice(1);
+            const decl = extractDeclaration(content);
+            if (decl) {
+                removed.set(decl.name, { name: decl.name, signature: content.trim(), kind: decl.kind });
             }
         }
-        result.push({ filePath, added, removed });
     }
-    // Suppress unused import warning — filePattern is used for documentation only
-    void filePattern;
+    return { filePath, added, removed };
+}
+/**
+ * Split added/removed declaration lines per file.
+ *
+ * Thin adapter over the unified parser (`src/diff/parse.ts`) — replaces the
+ * historical local `parseHunks` that re-split the diff with its own
+ * `/^diff --git /m` regex. Sections scan `rawLines` (NOT the structured
+ * `hunk.lines`): the historical scanner looked at EVERY section line with
+ * the +/- prefix checks, including metadata regions and orphan +/- tails
+ * after a genuine empty line mid-hunk, which structured hunks do not carry.
+ *
+ * Path authority per file = the b-side of the `diff --git` header itself
+ * (`headerNewPath`), which equals the historical regex capture for every
+ * plain header (last ` b/` boundary included). Documented deltas vs the
+ * historical splitter, pinned in
+ * `src/diff/__tests__/parity-extract-semantic-diff.test.ts`:
+ *   - quoted headers (CORE-M6 umbrella): historically the section existed
+ *     but its path never matched the legacy regex → `unknown`; now the real
+ *     unescaped path is resolved.
+ *   - synthetic-only malformed headers (`diff --git <garbage>` mid-diff,
+ *     mixed-quoted forms): the historical splitter opened a new section at
+ *     ANY line starting with `diff --git `; the model only does so for
+ *     parseable headers, so declarations after a garbage header line stay
+ *     attributed to the previous file. Unreachable in git/GitHub/truncateDiff
+ *     output.
+ */
+function collectHunkSets(unifiedDiff) {
+    const { preamble, files } = parseUnifiedDiff(unifiedDiff);
+    const result = [];
+    // Legacy pre-header pseudo-section (see LEGACY_SECTION_PATH_RE). The
+    // historical splitter dropped it only when empty (`filter(Boolean)`).
+    if (preamble.length > 0 && preamble.join('\n') !== '') {
+        const pathMatch = LEGACY_SECTION_PATH_RE.exec(preamble[0] ?? '');
+        result.push(scanSection(preamble, pathMatch?.[1] ?? 'unknown'));
+    }
+    for (const file of files) {
+        result.push(scanSection(file.rawLines, file.headerNewPath || 'unknown'));
+    }
     return result;
 }
 // ─── Main Export ─────────────────────────────────────────────────
@@ -119,9 +197,12 @@ function parseHunks(unifiedDiff) {
  *
  * Returns a SemanticDiff with individual EntityChange items and a
  * human-readable summary string.
+ *
+ * Wired into the review pipeline (enrich phase → `ReviewResult.semanticDiff`
+ * → "What changed" PR comment section). See the module header.
  */
 export function extractSemanticDiff(unifiedDiff) {
-    const hunkSets = parseHunks(unifiedDiff);
+    const hunkSets = collectHunkSets(unifiedDiff);
     const changes = [];
     for (const { filePath, added, removed } of hunkSets) {
         // Entities in both added and removed → modified
@@ -166,17 +247,30 @@ function mapToChangeKind(category, direction) {
                 ? 'class_added'
                 : direction === 'removed'
                     ? 'class_removed'
-                    : 'function_modified'; // classes cannot be "modified" at entity level, treat as function_modified
+                    : 'class_modified';
         case 'method':
             return direction === 'added'
                 ? 'method_added'
                 : direction === 'removed'
                     ? 'method_removed'
                     : 'method_modified';
+        // Modified imports/exports ARE reachable: a declaration whose name (for
+        // imports, the from-module) appears on both the +/- sides of a section is
+        // derived with direction 'modified'. Historically these fell into the
+        // false branch of a two-way ternary and were misreported as
+        // import_removed/export_removed (with both signatures set).
         case 'import':
-            return direction === 'added' ? 'import_added' : 'import_removed';
+            return direction === 'added'
+                ? 'import_added'
+                : direction === 'removed'
+                    ? 'import_removed'
+                    : 'import_modified';
         case 'export':
-            return direction === 'added' ? 'export_added' : 'export_removed';
+            return direction === 'added'
+                ? 'export_added'
+                : direction === 'removed'
+                    ? 'export_removed'
+                    : 'export_modified';
         case 'type':
             return direction === 'added'
                 ? 'type_added'
@@ -203,10 +297,10 @@ function buildSummary(changes) {
             parts.push(`${modified} ${label} modified`);
     };
     groupSummary('function_added', 'function_removed', 'function_modified', 'function');
-    groupSummary('class_added', 'class_removed', 'function_modified', 'class');
+    groupSummary('class_added', 'class_removed', 'class_modified', 'class');
     groupSummary('method_added', 'method_removed', 'method_modified', 'method');
-    groupSummary('import_added', 'import_removed', 'import_added', 'import');
-    groupSummary('export_added', 'export_removed', 'export_added', 'export');
+    groupSummary('import_added', 'import_removed', 'import_modified', 'import');
+    groupSummary('export_added', 'export_removed', 'export_modified', 'export');
     groupSummary('type_added', 'type_removed', 'type_modified', 'type');
     if (parts.length === 0)
         return 'no entity-level changes detected';

package/dist/semantic-diff/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic-diff/index.ts"],"names":[],"mappings":"AAAA~~;;;;;;;GAOG~~;~~AAqCH~~,oEAAoE;AAEpE;;;GAGG;AACH,MAAM,oBAAoB,GAGrB;IACH,~~sEAAsE~~;~~IACtE~~;~~QACE~~,~~IAAI~~,~~EAAE~~,~~QAAQ~~;~~QACd~~,~~OAAO~~,~~EACL,uFAAuF~~;~~KAC1F;IACD~~,~~yBAAyB~~;~~IACzB~~;QACE,IAAI,EAAE,QAAQ;QACd,OAAO,EACL,uFAAuF;KAC1F;IACD,~~0BAA0B~~;~~IAC1B~~;QACE,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,8CAA8C;KACxD;IACD,qCAAqC;IACrC;QACE,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,qCAAqC;KAC/C;IACD,~~oBAAoB~~;~~IACpB~~;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,~~iDAAiD~~;~~KAC3D~~;IACD,~~2EAA2E~~;~~IAC3E~~;QACE,IAAI,EAAE,~~QAAQ~~;~~QACd~~,OAAO,EAAE,~~sFAAsF~~;~~KAChG~~;IACD,~~iCAAiC~~;~~IACjC~~;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,~~EAAE~~,~~yDAAyD~~;~~KACnE~~;IACD,~~kCAAkC~~;~~IAClC~~;QACE,IAAI,EAAE,~~UAAU~~;~~QAChB~~,OAAO,EAAE,~~mEAAmE~~;~~KAC7E~~;IACD,~~6CAA6C~~;~~IAC7C~~;QACE,IAAI,EAAE,~~UAAU~~;~~QAChB~~,OAAO,~~EACL~~,~~4FAA4F~~;~~KAC/F~~;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,kBAAkB,CACzB,IAAY;IAEZ,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,oBAAoB,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtB,mEAAmE;gBACnE,MAAM,SAAS,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACpE,CAAC;YACD,4DAA4D;YAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,IAAI;gBAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAwBD~~;;GAEG~~;AACH,SAAS,~~UAAU~~,CAAC,~~WAAmB~~;~~IACrC~~,MAAM,~~MAAM~~,~~GAAc~~,EAAE,CAAC;~~IAC7B~~,MAAM,~~WAAW~~,GAAG,~~6BAA6B~~,CAAC;~~IAClD~~,MAAM,~~QAAQ~~,~~GAAG~~,~~WAAW~~,CAAC,~~KAAK~~,CAAC,~~eAAe~~,CAAC,CAAC,~~MAAM~~,CAAC,~~OAAO~~,CAAC,CAAC~~;IAEpE~~,KAAK,~~MAAM~~,~~OAAO,IAAI,QAAQ,~~EAAE,CAAC;~~QAC/B~~,MAAM,~~SAAS~~,GAAG,~~gBAAgB~~,CAAC,~~IAAI~~,CAAC,~~OAAO~~,CAAC,~~KAAK,~~CAAC,IAAI,~~CAAC~~,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC~~,CAAC~~;~~QACtE~~,~~MAAM~~,~~QAAQ~~,GAAG,~~SAAS,EAAE,~~CAAC,~~CAAC~~,CAAC,IAAI,~~SAAS~~,~~CAAC;QAE7C~~,~~MAAM~~,~~KAAK~~,~~GAAqB~~,IAAI,~~GAAG,~~EAAE,~~CAAC;QAC1C~~,~~MAAM~~,OAAO,~~GAAuB~~,IAAI,~~GAAG~~,EAAE,~~CAAC;QAE9C~~,~~KAAK~~,~~MAAM,~~IAAI,IAAI,~~OAAO~~,CAAC,~~KAAK,~~CAAC,~~IAAI,~~CAAC,~~EAAE,~~CAAC;~~YACvC~~,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;~~gBACpD~~,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;~~gBAC9B~~,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;~~gBACzC~~,IAAI,IAAI,EAAE,CAAC;~~oBACT~~,~~KAAK~~,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;~~gBACxF~~,CAAC;~~YACH~~,CAAC;~~iBAAM~~,~~IAAI~~,~~IAAI~~,~~CAAC~~,~~UAAU~~,~~CAAC~~,~~GAAG~~,~~CAAC~~,~~IAAI~~,CAAC,~~IAAI,~~CAAC,~~UAAU~~,CAAC,~~KAAK~~,~~CAAC~~,EAAE,~~CAAC;gBAC3D~~,~~MAAM~~,~~OAAO~~,GAAG,~~IAAI~~,CAAC,~~KAAK~~,CAAC,CAAC,~~CAAC~~,CAAC;~~gBAC9B~~,~~MAAM~~,IAAI,~~GAAG~~,~~kBAAkB,~~CAAC,~~OAAO~~,CAAC,CAAC~~;gBACzC~~,IAAI,IAAI,EAAE,CAAC;~~oBACT~~,~~OAAO~~,~~CAAC~~,GAAG,CAAC,IAAI,CAAC,~~IAAI~~,~~EAAE~~,~~EAAE~~,IAAI,EAAE,~~IAAI~~,CAAC,~~IAAI~~,~~EAAE~~,~~SAAS~~,~~EAAE~~,~~OAAO~~,CAAC,~~IAAI~~,EAAE,~~EAAE~~,~~IAAI,~~EAAE,~~IAAI~~,CAAC,IAAI,~~EAAE~~,CAAC,CAAC~~;gBAC1F~~,CAAC;~~YACH~~,CAAC;~~QACH~~,CAAC;~~QAED~~,MAAM,CAAC,IAAI,CAAC,~~EAAE~~,QAAQ,EAAE,~~KAAK~~,~~EAAE~~,~~OAAO~~,~~EAAE~~,CAAC,CAAC~~;IAC5C~~,CAAC;~~IAED~~,~~8EAA8E;IAC9E,KAAK,WAAW,~~CAAC;~~IAEjB~~,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,oEAAoE;AAEpE~~;;;;;GAKG~~;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAmB;IACrD,MAAM,QAAQ,GAAG,~~UAAU~~,CAAC,WAAW,CAAC,CAAC;~~IACzC~~,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,KAAK,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;QACpD,gDAAgD;QAChD,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,KAAK,EAAE,CAAC;YACtC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACtC,MAAM,IAAI,GAAG,eAAe,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACzD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,IAAI;oBACJ,QAAQ;oBACR,YAAY,EAAE,WAAW,EAAE,SAAS;oBACpC,YAAY,EAAE,SAAS,CAAC,SAAS;iBAClC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,eAAe,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,OAAO,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,eAAe,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAC1D,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,oEAAoE;AAEpE,SAAS,eAAe,CACtB,QAAwE,EACxE,SAA2C;IAE3C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,gBAAgB;gBAClB,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,kBAAkB;oBACpB,CAAC,CAAC,mBAAmB,CAAC;QAC5B,KAAK,OAAO;YACV,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,aAAa;gBACf,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,~~mBAAmB~~,CAAC~~,CAAC,2EAA2E~~;~~QACxG~~,KAAK,QAAQ;YACX,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,gBAAgB;oBAClB,CAAC,CAAC,iBAAiB,CAAC;QAC1B,KAAK,QAAQ;YACX,OAAO,SAAS,KAAK,OAAO,CAAC,CAAC,~~CAAC,~~cAAc,CAAC,CAAC,CAAC,gBAAgB,CAAC;~~QACnE~~,KAAK,QAAQ;YACX,OAAO,SAAS,KAAK,OAAO,CAAC,CAAC,~~CAAC,~~cAAc,CAAC,CAAC,CAAC,gBAAgB,CAAC;~~QACnE~~,KAAK,MAAM;YACT,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,cAAc;oBAChB,CAAC,CAAC,eAAe,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,OAAuB;IAC3C,MAAM,MAAM,GAA8C,EAAE,CAAC;IAC7D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,YAAY,GAAG,CACnB,SAA2B,EAC3B,WAA6B,EAC7B,YAA8B,EAC9B,KAAa,EACb,EAAE;QACF,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,KAAK,QAAQ,CAAC,CAAC;QACjD,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,CAAC;QACvD,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,KAAK,WAAW,CAAC,CAAC;IAC5D,CAAC,CAAC;IAEF,YAAY,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,UAAU,CAAC,CAAC;IACpF,YAAY,CAAC,aAAa,EAAE,eAAe,EAAE,~~mBAAmB~~,EAAE,OAAO,CAAC,CAAC;~~IAC3E~~,YAAY,CAAC,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC5E,YAAY,CAAC,cAAc,EAAE,gBAAgB,EAAE,~~cAAc~~,EAAE,QAAQ,CAAC,CAAC;~~IACzE~~,YAAY,CAAC,cAAc,EAAE,gBAAgB,EAAE,~~cAAc~~,EAAE,QAAQ,CAAC,CAAC;~~IACzE~~,YAAY,CAAC,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;IAEpE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,kCAAkC,CAAC;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/semantic-diff/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAwCpD,oEAAoE;AAEpE;;;GAGG;AACH,MAAM,oBAAoB,GAGrB;IACH,4EAA4E;IAC5E,0EAA0E;IAC1E,2EAA2E;IAC3E,8EAA8E;IAC9E,sEAAsE;IACtE,4EAA4E;IAC5E,wBAAwB;IAExB,sEAAsE;IACtE;QACE,IAAI,EAAE,QAAQ;QACd,OAAO,EACL,uFAAuF;KAC1F;IACD,kEAAkE;IAClE;QACE,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,8CAA8C;KACxD;IACD,qCAAqC;IACrC;QACE,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,qCAAqC;KAC/C;IACD,yEAAyE;IACzE;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,gEAAgE;KAC1E;IACD,uFAAuF;IACvF;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,wEAAwE;KAClF;IACD,4FAA4F;IAC5F,2DAA2D;IAC3D,uEAAuE;IACvE,4EAA4E;IAC5E,uEAAuE;IACvE,kEAAkE;IAClE,gDAAgD;IAChD,4DAA4D;IAC5D,wEAAwE;IACxE,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,qEAAqE;IACrE,yDAAyD;IACzD,2EAA2E;IAC3E,wEAAwE;IACxE,oEAAoE;IACpE,oBAAoB;IACpB;QACE,IAAI,EAAE,UAAU;QAChB,OAAO,EACL,8JAA8J;KACjK;IACD,2EAA2E;IAC3E;QACE,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,sFAAsF;KAChG;IACD,sEAAsE;IACtE;QACE,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,uDAAuD;KACjE;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,kBAAkB,CACzB,IAAY;IAEZ,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,oBAAoB,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtB,mEAAmE;gBACnE,MAAM,SAAS,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACpE,CAAC;YACD,4DAA4D;YAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,IAAI;gBAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAwBD;;;;;;;;;GASG;AACH,MAAM,sBAAsB,GAAG,gBAAgB,CAAC;AAEhD,sEAAsE;AACtE,SAAS,WAAW,CAAC,KAAe,EAAE,QAAgB;IACpD,MAAM,KAAK,GAAqB,IAAI,GAAG,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAuB,IAAI,GAAG,EAAE,CAAC;IAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,EAAE,CAAC;gBACT,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AACtC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAS,eAAe,CAAC,WAAmB;IAC1C,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAc,EAAE,CAAC;IAE7B,qEAAqE;IACrE,sEAAsE;IACtE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACjE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,IAAI,SAAS,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,oEAAoE;AAEpE;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAmB;IACrD,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,KAAK,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;QACpD,gDAAgD;QAChD,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,KAAK,EAAE,CAAC;YACtC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACtC,MAAM,IAAI,GAAG,eAAe,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACzD,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,IAAI;oBACJ,QAAQ;oBACR,YAAY,EAAE,WAAW,EAAE,SAAS;oBACpC,YAAY,EAAE,SAAS,CAAC,SAAS;iBAClC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,eAAe,CAAC,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,OAAO,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,eAAe,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAC1D,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,oEAAoE;AAEpE,SAAS,eAAe,CACtB,QAAwE,EACxE,SAA2C;IAE3C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,gBAAgB;gBAClB,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,kBAAkB;oBACpB,CAAC,CAAC,mBAAmB,CAAC;QAC5B,KAAK,OAAO;YACV,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,aAAa;gBACf,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,eAAe;oBACjB,CAAC,CAAC,gBAAgB,CAAC;QACzB,KAAK,QAAQ;YACX,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,gBAAgB;oBAClB,CAAC,CAAC,iBAAiB,CAAC;QAC1B,wEAAwE;QACxE,0EAA0E;QAC1E,sEAAsE;QACtE,4DAA4D;QAC5D,4DAA4D;QAC5D,KAAK,QAAQ;YACX,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,gBAAgB;oBAClB,CAAC,CAAC,iBAAiB,CAAC;QAC1B,KAAK,QAAQ;YACX,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,gBAAgB;oBAClB,CAAC,CAAC,iBAAiB,CAAC;QAC1B,KAAK,MAAM;YACT,OAAO,SAAS,KAAK,OAAO;gBAC1B,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,SAAS,KAAK,SAAS;oBACvB,CAAC,CAAC,cAAc;oBAChB,CAAC,CAAC,eAAe,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,OAAuB;IAC3C,MAAM,MAAM,GAA8C,EAAE,CAAC;IAC7D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,YAAY,GAAG,CACnB,SAA2B,EAC3B,WAA6B,EAC7B,YAA8B,EAC9B,KAAa,EACb,EAAE;QACF,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,KAAK;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,KAAK,QAAQ,CAAC,CAAC;QACjD,IAAI,OAAO;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,CAAC;QACvD,IAAI,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,KAAK,WAAW,CAAC,CAAC;IAC5D,CAAC,CAAC;IAEF,YAAY,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,UAAU,CAAC,CAAC;IACpF,YAAY,CAAC,aAAa,EAAE,eAAe,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACxE,YAAY,CAAC,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC5E,YAAY,CAAC,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC5E,YAAY,CAAC,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC5E,YAAY,CAAC,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;IAEpE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,kCAAkC,CAAC;IAClE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/tools/gitleaks-config.toml ADDED Viewed

@@ -0,0 +1,35 @@
+# =============================================================================
+# GHAGGA bundled Gitleaks configuration
+# =============================================================================
+# Extends the gitleaks built-in default ruleset and adds a conservative
+# path-based allowlist for test files / fixtures.
+#
+# Tradeoff (accepted by maintainer): this reduces noise from fake tokens in
+# test fixtures at the cost of potentially missing a REAL secret that is
+# hardcoded inside a test/fixture file. Production source is unaffected.
+#
+# NOTE: pinned gitleaks version is 8.21.2 (< 8.25.0), which uses the singular
+# `[allowlist]` table with `paths = [...]` regexes. Do NOT switch to the
+# `[[allowlists]]` array form unless the pinned version is bumped to >= 8.25.0.
+# =============================================================================
+title = "GHAGGA Gitleaks configuration"
+[extend]
+# Keep all of gitleaks' built-in default rules.
+useDefault = true
+[allowlist]
+description = "Ignore secrets found in test files and fixtures (conservative)"
+# Go (RE2) regexes matched against the file path. A finding whose path matches
+# ANY of these is suppressed.
+paths = [
+  '''.*\.test\.[tj]sx?$''',
+  '''.*\.spec\.[tj]sx?$''',
+  '''.*_test\.(py|go)$''',
+  '''.*test_.*\.py$''',
+  '''.*/__tests__/.*''',
+  '''.*/tests?/.*''',
+  '''.*/fixtures?/.*''',
+  '''.*/testdata/.*''',
+]

package/dist/tools/plugins/gitleaks.d.ts CHANGED Viewed

@@ -8,6 +8,16 @@
  */
 import type { ReviewFinding } from '../../types.js';
 import type { RawToolOutput, ToolDefinition } from '../types.js';
+/**
+ * Resolve the bundled gitleaks config (extends defaults + test-file allowlist).
+ *
+ * Works in BOTH dev (src/tools/plugins/gitleaks.ts -> src/tools/gitleaks-config.toml)
+ * and the published build (dist/tools/plugins/gitleaks.js -> dist/tools/gitleaks-config.toml),
+ * provided the build copies the .toml into dist/tools/ (see package.json `build` script).
+ *
+ * Returns undefined if missing so the plugin degrades gracefully to default rules.
+ */
+export declare function resolveGitleaksConfigPath(): string | undefined;
 /**
  * Parse Gitleaks JSON output into ReviewFinding[].
  * Gitleaks writes results to a report file; we read from stdout or the report.

package/dist/tools/plugins/gitleaks.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"gitleaks.d.ts","sourceRoot":"","sources":["../../../src/tools/plugins/gitleaks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;~~AAEH~~,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,EAAoB,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;~~AAanF~~;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,GAAG,aAAa,EAAE,CAiBxF;AAED,eAAO,MAAM,cAAc,EAAE,~~cAgE5B~~,CAAC"}
1	+ {"version":3,"file":"gitleaks.d.ts","sourceRoot":"","sources":["../../../src/tools/plugins/gitleaks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,KAAK,EAAoB,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAKnF;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,GAAG,SAAS,CAI9D;AAUD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,GAAG,aAAa,EAAE,CAiBxF;AAED,eAAO,MAAM,cAAc,EAAE,cAuE5B,CAAC"}

package/dist/tools/plugins/gitleaks.js CHANGED Viewed

@@ -6,8 +6,25 @@
  *
  * Uses ExecutionContext for DI instead of direct child_process.
  */
+import { existsSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 const GITLEAKS_VERSION = '8.21.2';
 const GITLEAKS_BIN = '/usr/local/bin/gitleaks';
+/**
+ * Resolve the bundled gitleaks config (extends defaults + test-file allowlist).
+ *
+ * Works in BOTH dev (src/tools/plugins/gitleaks.ts -> src/tools/gitleaks-config.toml)
+ * and the published build (dist/tools/plugins/gitleaks.js -> dist/tools/gitleaks-config.toml),
+ * provided the build copies the .toml into dist/tools/ (see package.json `build` script).
+ *
+ * Returns undefined if missing so the plugin degrades gracefully to default rules.
+ */
+export function resolveGitleaksConfigPath() {
+    const here = dirname(fileURLToPath(import.meta.url));
+    const configPath = join(here, '..', 'gitleaks-config.toml');
+    return existsSync(configPath) ? configPath : undefined;
+}
 /**
  * Parse Gitleaks JSON output into ReviewFinding[].
  * Gitleaks writes results to a report file; we read from stdout or the report.
@@ -60,14 +77,24 @@ export const gitleaksPlugin = {
     },
     async run(ctx, repoDir, _files, timeout) {
         const reportPath = '/tmp/gitleaks-result.json';
-        await ctx.exec('gitleaks', [
+        const detectArgs = [
             'detect',
             `--source=${repoDir}`,
             '--report-format=json',
             `--report-path=${reportPath}`,
             '--no-git',
             '--exit-code=0',
-        ], {
+        ];
+        // Apply ghagga's bundled config (default rules + test-file allowlist) when
+        // available. Degrade gracefully to gitleaks' built-in defaults if missing.
+        const configPath = resolveGitleaksConfigPath();
+        if (configPath) {
+            detectArgs.push(`--config=${configPath}`);
+        }
+        else {
+            ctx.log('warn', 'gitleaks: bundled gitleaks-config.toml not found, using default rules only');
+        }
+        await ctx.exec('gitleaks', detectArgs, {
             timeoutMs: timeout,
         });
         // Read the report file and return it as stdout

package/dist/tools/plugins/gitleaks.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/tools/plugins/gitleaks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;~~AAKH~~,MAAM,gBAAgB,GAAG,QAAQ,CAAC;AAClC,MAAM,YAAY,GAAG,yBAAyB,CAAC;~~AAU~~/C;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAkB,EAAE,OAAe;IACrE,IAAI,GAAG,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAE5B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAsB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1B,QAAQ,EAAE,UAAmB;YAC7B,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,GAAG,EAAE,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,OAAO,EAAE,GAAG,CAAC,CAAC,WAAW,WAAW,CAAC,CAAC,MAAM,GAAG;YAC/C,MAAM,EAAE,UAAmB;SAC5B,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,UAAU;IACvB,QAAQ,EAAE,SAAS;IACnB,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,gBAAgB;IACzB,YAAY,EAAE,MAAM;IACpB,UAAU,EAAE,CAAC,YAAY,CAAC;IAE1B,KAAK,CAAC,OAAO,CAAC,GAAqB;QACjC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,iEAAiE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,MAAM,GAAG,CAAC,IAAI,CACZ,MAAM,EACN;YACE,IAAI;YACJ,qEAAqE,gBAAgB,aAAa,gBAAgB,wDAAwD;SAC3K,EACD,EAAE,SAAS,EAAE,OAAO,EAAE,CACvB,CAAC;QACF,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/D,MAAM,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAqB,EACrB,OAAe,EACf,MAAgB,EAChB,OAAe;QAEf,MAAM,UAAU,GAAG,2BAA2B,CAAC;QAE/C,MAAM,~~GAAG,CAAC,IAAI,CACZ,~~UAAU,~~EACV~~;~~YACE~~,QAAQ;YACR,YAAY,OAAO,EAAE;YACrB,sBAAsB;YACtB,iBAAiB,UAAU,EAAE;YAC7B,UAAU;YACV,eAAe;SAChB,~~EACD~~;~~YACE~~,SAAS,EAAE,OAAO;SACnB,~~CACF~~,CAAC;~~QAEF~~,+CAA+C;QAC/C,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,EAAE;YACnC,SAAS,EAAE,MAAM;YACjB,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,mCAAmC;SACzD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,EAAE,mBAAmB;CAC3B,CAAC"}
1	+ {"version":3,"file":"gitleaks.js","sourceRoot":"","sources":["../../../src/tools/plugins/gitleaks.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,MAAM,gBAAgB,GAAG,QAAQ,CAAC;AAClC,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAE/C;;;;;;;;GAQG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,sBAAsB,CAAC,CAAC;IAC5D,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAUD;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAkB,EAAE,OAAe;IACrE,IAAI,GAAG,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAE5B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAsB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC1B,QAAQ,EAAE,UAAmB;YAC7B,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,GAAG,EAAE,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC,CAAC,SAAS;YACjB,OAAO,EAAE,GAAG,CAAC,CAAC,WAAW,WAAW,CAAC,CAAC,MAAM,GAAG;YAC/C,MAAM,EAAE,UAAmB;SAC5B,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,UAAU;IACvB,QAAQ,EAAE,SAAS;IACnB,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,gBAAgB;IACzB,YAAY,EAAE,MAAM;IACpB,UAAU,EAAE,CAAC,YAAY,CAAC;IAE1B,KAAK,CAAC,OAAO,CAAC,GAAqB;QACjC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC/D,OAAO;YACT,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,iEAAiE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,MAAM,GAAG,CAAC,IAAI,CACZ,MAAM,EACN;YACE,IAAI;YACJ,qEAAqE,gBAAgB,aAAa,gBAAgB,wDAAwD;SAC3K,EACD,EAAE,SAAS,EAAE,OAAO,EAAE,CACvB,CAAC;QACF,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/D,MAAM,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAqB,EACrB,OAAe,EACf,MAAgB,EAChB,OAAe;QAEf,MAAM,UAAU,GAAG,2BAA2B,CAAC;QAE/C,MAAM,UAAU,GAAG;YACjB,QAAQ;YACR,YAAY,OAAO,EAAE;YACrB,sBAAsB;YACtB,iBAAiB,UAAU,EAAE;YAC7B,UAAU;YACV,eAAe;SAChB,CAAC;QAEF,2EAA2E;QAC3E,2EAA2E;QAC3E,MAAM,UAAU,GAAG,yBAAyB,EAAE,CAAC;QAC/C,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,4EAA4E,CAAC,CAAC;QAChG,CAAC;QAED,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE;YACrC,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QAEH,+CAA+C;QAC/C,OAAO,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,UAAU,CAAC,EAAE;YACnC,SAAS,EAAE,MAAM;YACjB,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,mCAAmC;SACzD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,EAAE,mBAAmB;CAC3B,CAAC"}

package/dist/tools/plugins/semgrep.d.ts CHANGED Viewed

@@ -9,6 +9,17 @@
  */
 import type { FindingSeverity, ReviewFinding } from '../../types.js';
 import type { RawToolOutput, ToolDefinition } from '../types.js';
+/**
+ * Resolve the bundled curated ruleset path relative to this plugin's location.
+ *
+ * Works in BOTH dev (src/tools/plugins/semgrep.ts -> src/tools/semgrep-rules.yml)
+ * and the published build (dist/tools/plugins/semgrep.js -> dist/tools/semgrep-rules.yml),
+ * provided the build copies the .yml into dist/tools/ (see package.json `build` script).
+ *
+ * Returns undefined if the file is not present so the plugin degrades gracefully
+ * to `--config auto` only.
+ */
+export declare function resolveSemgrepRulesPath(): string | undefined;
 /**
  * Map Semgrep severity to GHAGGA FindingSeverity.
  * ERROR -> high, WARNING -> medium, INFO -> info, default -> low

package/dist/tools/plugins/semgrep.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/tools/plugins/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;~~AAEH~~,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,KAAK,EAAoB,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAInF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,eAAe,EAAE,MAAM,GAAG,eAAe,CAW3E;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,GAAG,aAAa,EAAE,CAuBvF;AAED,eAAO,MAAM,aAAa,EAAE,~~cAwC3B~~,CAAC"}
1	+ {"version":3,"file":"semgrep.d.ts","sourceRoot":"","sources":["../../../src/tools/plugins/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,KAAK,EAAoB,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAInF;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,GAAG,SAAS,CAI5D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,eAAe,EAAE,MAAM,GAAG,eAAe,CAW3E;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,GAAG,aAAa,EAAE,CAuBvF;AAED,eAAO,MAAM,aAAa,EAAE,cAmD3B,CAAC"}

package/dist/tools/plugins/semgrep.js CHANGED Viewed

@@ -7,7 +7,25 @@
  *
  * Uses ExecutionContext for DI instead of direct child_process.
  */
+import { existsSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 const SEMGREP_VERSION = '1.90.0';
+/**
+ * Resolve the bundled curated ruleset path relative to this plugin's location.
+ *
+ * Works in BOTH dev (src/tools/plugins/semgrep.ts -> src/tools/semgrep-rules.yml)
+ * and the published build (dist/tools/plugins/semgrep.js -> dist/tools/semgrep-rules.yml),
+ * provided the build copies the .yml into dist/tools/ (see package.json `build` script).
+ *
+ * Returns undefined if the file is not present so the plugin degrades gracefully
+ * to `--config auto` only.
+ */
+export function resolveSemgrepRulesPath() {
+    const here = dirname(fileURLToPath(import.meta.url));
+    const rulesPath = join(here, '..', 'semgrep-rules.yml');
+    return existsSync(rulesPath) ? rulesPath : undefined;
+}
 /**
  * Map Semgrep severity to GHAGGA FindingSeverity.
  * ERROR -> high, WARNING -> medium, INFO -> info, default -> low
@@ -72,7 +90,18 @@ export const semgrepPlugin = {
         await ctx.cacheSave('semgrep', ['/usr/local/bin/semgrep']);
     },
     async run(ctx, repoDir, _files, timeout) {
-        return ctx.exec('semgrep', ['--json', '--config', 'auto', '--quiet', repoDir], {
+        // Always run the broad registry ruleset (`auto`) AND, when available, ghagga's
+        // own curated rules bundled with the package. Semgrep unions multiple --config
+        // flags, so the curated rules run even offline. Degrade gracefully if missing.
+        const configArgs = ['--config', 'auto'];
+        const rulesPath = resolveSemgrepRulesPath();
+        if (rulesPath) {
+            configArgs.push('--config', rulesPath);
+        }
+        else {
+            ctx.log('warn', 'semgrep: bundled semgrep-rules.yml not found, using --config auto only');
+        }
+        return ctx.exec('semgrep', ['--json', ...configArgs, '--quiet', repoDir], {
             timeoutMs: timeout,
             allowExitCodes: [1], // semgrep returns 1 when findings are present
         });

package/dist/tools/plugins/semgrep.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"semgrep.js","sourceRoot":"","sources":["../../../src/tools/plugins/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;~~AAKH~~,MAAM,eAAe,GAAG,QAAQ,CAAC;AAEjC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,eAAuB;IACxD,QAAQ,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;QACtC,KAAK,OAAO;YACV,OAAO,MAAM,CAAC;QAChB,KAAK,SAAS;YACZ,OAAO,QAAQ,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAkB,EAAE,OAAe;IACpE,IAAI,GAAG,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAE5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAMnC,CAAC;QAEF,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxC,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC;YAC9C,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,GAAG,EAAE,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI;YAClB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;YACxB,MAAM,EAAE,SAAkB;SAC3B,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,SAAS;IACtB,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,eAAe;IACxB,YAAY,EAAE,MAAM;IACpB,UAAU,EAAE,CAAC,wBAAwB,CAAC;IAEtC,KAAK,CAAC,OAAO,CAAC,GAAqB;QACjC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC7E,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;gBAChE,OAAO;YACT,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,gEAAgE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,eAAe,EAAE,CAAC,EAAE;YAC3E,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;QAChE,MAAM,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAqB,EACrB,OAAe,EACf,MAAgB,EAChB,OAAe;QAEf,~~OAAO~~,GAAG,CAAC,~~IAAI~~,CAAC,SAAS,EAAE,CAAC,~~QAAQ~~,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE;~~YAC7E~~,SAAS,EAAE,OAAO;YAClB,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,8CAA8C;SACpE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,EAAE,kBAAkB;CAC1B,CAAC"}
1	+ {"version":3,"file":"semgrep.js","sourceRoot":"","sources":["../../../src/tools/plugins/semgrep.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,MAAM,eAAe,GAAG,QAAQ,CAAC;AAEjC;;;;;;;;;GASG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,mBAAmB,CAAC,CAAC;IACxD,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,eAAuB;IACxD,QAAQ,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;QACtC,KAAK,OAAO;YACV,OAAO,MAAM,CAAC;QAChB,KAAK,SAAS;YACZ,OAAO,QAAQ,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAkB,EAAE,OAAe;IACpE,IAAI,GAAG,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAE5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAMnC,CAAC;QAEF,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxC,QAAQ,EAAE,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC;YAC9C,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,GAAG,EAAE,EAAE,CAAC;YACvC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI;YAClB,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO;YACxB,MAAM,EAAE,SAAkB;SAC3B,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C,IAAI,EAAE,SAAS;IACf,WAAW,EAAE,SAAS;IACtB,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,eAAe;IACxB,YAAY,EAAE,MAAM;IACpB,UAAU,EAAE,CAAC,wBAAwB,CAAC;IAEtC,KAAK,CAAC,OAAO,CAAC,GAAqB;QACjC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC7E,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;gBAChE,OAAO;YACT,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,gEAAgE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,eAAe,EAAE,CAAC,EAAE;YAC3E,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;QAChE,MAAM,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAqB,EACrB,OAAe,EACf,MAAgB,EAChB,OAAe;QAEf,+EAA+E;QAC/E,+EAA+E;QAC/E,+EAA+E;QAC/E,MAAM,UAAU,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;QAC5C,IAAI,SAAS,EAAE,CAAC;YACd,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE;YACxE,SAAS,EAAE,OAAO;YAClB,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,8CAA8C;SACpE,CAAC,CAAC;IACL,CAAC;IAED,KAAK,EAAE,kBAAkB;CAC1B,CAAC"}