mustflow 2.75.2 → 2.85.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +40 -3
  2. package/dist/cli/commands/docs.js +86 -2
  3. package/dist/cli/commands/script-pack.js +9 -0
  4. package/dist/cli/i18n/en.js +180 -2
  5. package/dist/cli/i18n/es.js +180 -2
  6. package/dist/cli/i18n/fr.js +180 -2
  7. package/dist/cli/i18n/hi.js +180 -2
  8. package/dist/cli/i18n/ko.js +180 -2
  9. package/dist/cli/i18n/zh.js +180 -2
  10. package/dist/cli/lib/repo-map.js +27 -6
  11. package/dist/cli/lib/run-root-trust.js +15 -1
  12. package/dist/cli/lib/script-pack-registry.js +275 -6
  13. package/dist/cli/lib/validation/index.js +2 -2
  14. package/dist/cli/lib/validation/primitives.js +4 -1
  15. package/dist/cli/script-packs/code-change-impact.js +172 -0
  16. package/dist/cli/script-packs/code-dependency-graph.js +181 -0
  17. package/dist/cli/script-packs/code-export-diff.js +160 -0
  18. package/dist/cli/script-packs/code-outline.js +33 -5
  19. package/dist/cli/script-packs/code-route-outline.js +155 -0
  20. package/dist/cli/script-packs/docs-reference-drift.js +150 -0
  21. package/dist/cli/script-packs/repo-config-chain.js +163 -0
  22. package/dist/cli/script-packs/repo-env-contract.js +156 -0
  23. package/dist/cli/script-packs/repo-related-files.js +161 -0
  24. package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
  25. package/dist/core/change-impact.js +383 -0
  26. package/dist/core/change-verification.js +32 -5
  27. package/dist/core/code-outline.js +460 -79
  28. package/dist/core/config-chain.js +595 -0
  29. package/dist/core/config-loading.js +121 -4
  30. package/dist/core/dependency-graph.js +490 -0
  31. package/dist/core/env-contract.js +450 -0
  32. package/dist/core/export-diff.js +359 -0
  33. package/dist/core/line-endings.js +26 -13
  34. package/dist/core/public-json-contracts.js +126 -0
  35. package/dist/core/reference-drift.js +388 -0
  36. package/dist/core/related-files.js +493 -0
  37. package/dist/core/route-outline.js +964 -0
  38. package/dist/core/script-pack-suggestions.js +131 -5
  39. package/dist/core/secret-risk-scan.js +440 -0
  40. package/dist/core/source-anchors.js +13 -1
  41. package/package.json +1 -1
  42. package/schemas/README.md +44 -6
  43. package/schemas/change-impact-report.schema.json +150 -0
  44. package/schemas/code-outline-report.schema.json +1 -1
  45. package/schemas/code-symbol-read-report.schema.json +64 -4
  46. package/schemas/commands.schema.json +12 -0
  47. package/schemas/config-chain-report.schema.json +187 -0
  48. package/schemas/dependency-graph-report.schema.json +149 -0
  49. package/schemas/env-contract-report.schema.json +203 -0
  50. package/schemas/export-diff-report.schema.json +220 -0
  51. package/schemas/reference-drift-report.schema.json +166 -0
  52. package/schemas/related-files-report.schema.json +145 -0
  53. package/schemas/route-outline-report.schema.json +200 -0
  54. package/schemas/secret-risk-scan-report.schema.json +152 -0
  55. package/templates/default/common/.mustflow/config/commands.toml +21 -0
  56. package/templates/default/i18n.toml +21 -9
  57. package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +1 -1
  58. package/templates/default/locales/en/.mustflow/skills/INDEX.md +8 -2
  59. package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
  60. package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
  61. package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +146 -0
  62. package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
  63. package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
  64. package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
  65. package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
  66. package/templates/default/locales/en/.mustflow/skills/routes.toml +21 -9
  67. package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
  68. package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +314 -0
  69. package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +13 -10
  70. package/templates/default/manifest.toml +15 -1
@@ -0,0 +1,166 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/reference-drift-report.schema.json",
4
+ "title": "mustflow reference-drift report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "policy",
18
+ "input_hash",
19
+ "files",
20
+ "references",
21
+ "summary",
22
+ "findings",
23
+ "issues"
24
+ ],
25
+ "properties": {
26
+ "schema_version": { "const": "1" },
27
+ "command": { "const": "script-pack" },
28
+ "pack_id": { "const": "docs" },
29
+ "script_id": { "const": "reference-drift" },
30
+ "script_ref": { "const": "docs/reference-drift" },
31
+ "action": { "const": "check" },
32
+ "status": { "enum": ["passed", "failed", "error"] },
33
+ "ok": { "type": "boolean" },
34
+ "mustflow_root": { "type": "string" },
35
+ "policy": { "$ref": "#/$defs/policy" },
36
+ "input_hash": { "$ref": "#/$defs/sha256" },
37
+ "files": {
38
+ "type": "array",
39
+ "items": { "$ref": "#/$defs/file" }
40
+ },
41
+ "references": {
42
+ "type": "array",
43
+ "items": { "$ref": "#/$defs/reference" }
44
+ },
45
+ "summary": { "$ref": "#/$defs/summary" },
46
+ "findings": {
47
+ "type": "array",
48
+ "items": { "$ref": "#/$defs/finding" }
49
+ },
50
+ "issues": {
51
+ "type": "array",
52
+ "items": { "type": "string" }
53
+ }
54
+ },
55
+ "$defs": {
56
+ "sha256": {
57
+ "type": "string",
58
+ "pattern": "^sha256:[a-f0-9]{64}$"
59
+ },
60
+ "nullableSha256": {
61
+ "type": ["string", "null"],
62
+ "pattern": "^sha256:[a-f0-9]{64}$"
63
+ },
64
+ "referenceKind": {
65
+ "enum": ["mf_command", "script_pack_ref", "schema_file", "repo_path"]
66
+ },
67
+ "referenceStatus": {
68
+ "enum": ["ok", "missing", "unknown", "skipped"]
69
+ },
70
+ "stringArray": {
71
+ "type": "array",
72
+ "items": { "type": "string" }
73
+ },
74
+ "policy": {
75
+ "type": "object",
76
+ "additionalProperties": false,
77
+ "required": [
78
+ "max_files",
79
+ "max_file_bytes",
80
+ "default_paths",
81
+ "path_filters",
82
+ "checked_reference_kinds"
83
+ ],
84
+ "properties": {
85
+ "max_files": { "type": "integer", "minimum": 1 },
86
+ "max_file_bytes": { "type": "integer", "minimum": 1 },
87
+ "default_paths": { "$ref": "#/$defs/stringArray" },
88
+ "path_filters": { "$ref": "#/$defs/stringArray" },
89
+ "checked_reference_kinds": {
90
+ "type": "array",
91
+ "items": { "$ref": "#/$defs/referenceKind" }
92
+ }
93
+ }
94
+ },
95
+ "file": {
96
+ "type": "object",
97
+ "additionalProperties": false,
98
+ "required": [
99
+ "kind",
100
+ "path",
101
+ "sha256",
102
+ "size_bytes",
103
+ "line_count",
104
+ "reference_count"
105
+ ],
106
+ "properties": {
107
+ "kind": { "const": "document" },
108
+ "path": { "type": "string" },
109
+ "sha256": { "$ref": "#/$defs/nullableSha256" },
110
+ "size_bytes": { "type": ["integer", "null"], "minimum": 0 },
111
+ "line_count": { "type": ["integer", "null"], "minimum": 0 },
112
+ "reference_count": { "type": "integer", "minimum": 0 }
113
+ }
114
+ },
115
+ "reference": {
116
+ "type": "object",
117
+ "additionalProperties": false,
118
+ "required": ["kind", "path", "line", "value", "target", "status", "message"],
119
+ "properties": {
120
+ "kind": { "$ref": "#/$defs/referenceKind" },
121
+ "path": { "type": "string" },
122
+ "line": { "type": "integer", "minimum": 1 },
123
+ "value": { "type": "string" },
124
+ "target": { "type": "string" },
125
+ "status": { "$ref": "#/$defs/referenceStatus" },
126
+ "message": { "type": "string" }
127
+ }
128
+ },
129
+ "summary": {
130
+ "type": "object",
131
+ "additionalProperties": false,
132
+ "required": ["files_checked", "references_checked", "ok", "missing", "unknown", "skipped"],
133
+ "properties": {
134
+ "files_checked": { "type": "integer", "minimum": 0 },
135
+ "references_checked": { "type": "integer", "minimum": 0 },
136
+ "ok": { "type": "integer", "minimum": 0 },
137
+ "missing": { "type": "integer", "minimum": 0 },
138
+ "unknown": { "type": "integer", "minimum": 0 },
139
+ "skipped": { "type": "integer", "minimum": 0 }
140
+ }
141
+ },
142
+ "finding": {
143
+ "type": "object",
144
+ "additionalProperties": false,
145
+ "required": ["code", "severity", "message", "path"],
146
+ "properties": {
147
+ "code": {
148
+ "enum": [
149
+ "reference_drift_path_outside_root",
150
+ "reference_drift_unreadable_path",
151
+ "reference_drift_file_too_large",
152
+ "reference_drift_max_files_exceeded",
153
+ "reference_drift_unknown_command",
154
+ "reference_drift_unknown_script_pack",
155
+ "reference_drift_unknown_schema",
156
+ "reference_drift_missing_path"
157
+ ]
158
+ },
159
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
160
+ "message": { "type": "string" },
161
+ "path": { "type": "string" },
162
+ "line": { "type": "integer", "minimum": 1 }
163
+ }
164
+ }
165
+ }
166
+ }
@@ -0,0 +1,145 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/related-files-report.schema.json",
4
+ "title": "mustflow related-files report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "policy",
18
+ "input_hash",
19
+ "targets",
20
+ "candidates",
21
+ "truncated",
22
+ "findings",
23
+ "issues"
24
+ ],
25
+ "properties": {
26
+ "schema_version": { "const": "1" },
27
+ "command": { "const": "script-pack" },
28
+ "pack_id": { "const": "repo" },
29
+ "script_id": { "const": "related-files" },
30
+ "script_ref": { "const": "repo/related-files" },
31
+ "action": { "const": "map" },
32
+ "status": { "enum": ["passed", "failed", "error"] },
33
+ "ok": { "type": "boolean" },
34
+ "mustflow_root": { "type": "string" },
35
+ "policy": { "$ref": "#/$defs/policy" },
36
+ "input_hash": { "$ref": "#/$defs/sha256" },
37
+ "targets": {
38
+ "type": "array",
39
+ "items": { "$ref": "#/$defs/target" }
40
+ },
41
+ "candidates": {
42
+ "type": "array",
43
+ "items": { "$ref": "#/$defs/candidate" }
44
+ },
45
+ "truncated": { "type": "boolean" },
46
+ "findings": {
47
+ "type": "array",
48
+ "items": { "$ref": "#/$defs/finding" }
49
+ },
50
+ "issues": {
51
+ "type": "array",
52
+ "items": { "type": "string" }
53
+ }
54
+ },
55
+ "$defs": {
56
+ "sha256": {
57
+ "type": "string",
58
+ "pattern": "^sha256:[a-f0-9]{64}$"
59
+ },
60
+ "stringArray": {
61
+ "type": "array",
62
+ "items": { "type": "string" }
63
+ },
64
+ "language": {
65
+ "enum": [
66
+ "typescript",
67
+ "tsx",
68
+ "javascript",
69
+ "jsx",
70
+ "javascript-module",
71
+ "javascript-commonjs",
72
+ "json",
73
+ "other"
74
+ ]
75
+ },
76
+ "relationship": {
77
+ "enum": [
78
+ "import",
79
+ "importer",
80
+ "sibling_test",
81
+ "sibling_docs",
82
+ "sibling_style",
83
+ "sibling_type",
84
+ "config_parent",
85
+ "package_boundary"
86
+ ]
87
+ },
88
+ "policy": {
89
+ "type": "object",
90
+ "additionalProperties": false,
91
+ "required": ["max_file_bytes", "max_files", "max_candidates", "extensions", "ignored_directories"],
92
+ "properties": {
93
+ "max_file_bytes": { "type": "integer", "minimum": 1 },
94
+ "max_files": { "type": "integer", "minimum": 1 },
95
+ "max_candidates": { "type": "integer", "minimum": 1 },
96
+ "extensions": { "$ref": "#/$defs/stringArray" },
97
+ "ignored_directories": { "$ref": "#/$defs/stringArray" }
98
+ }
99
+ },
100
+ "target": {
101
+ "type": "object",
102
+ "additionalProperties": false,
103
+ "required": ["input", "path", "exists", "kind", "language"],
104
+ "properties": {
105
+ "input": { "type": "string" },
106
+ "path": { "type": "string" },
107
+ "exists": { "type": ["boolean", "null"] },
108
+ "kind": { "enum": ["file", "directory", "missing", "other", "unknown"] },
109
+ "language": { "$ref": "#/$defs/language" }
110
+ }
111
+ },
112
+ "candidate": {
113
+ "type": "object",
114
+ "additionalProperties": false,
115
+ "required": ["path", "relationship", "confidence", "reason", "source_path", "target_path", "line"],
116
+ "properties": {
117
+ "path": { "type": "string" },
118
+ "relationship": { "$ref": "#/$defs/relationship" },
119
+ "confidence": { "type": "number", "minimum": 0, "maximum": 1 },
120
+ "reason": { "type": "string" },
121
+ "source_path": { "type": "string" },
122
+ "target_path": { "type": "string" },
123
+ "line": { "type": ["integer", "null"], "minimum": 1 }
124
+ }
125
+ },
126
+ "finding": {
127
+ "type": "object",
128
+ "additionalProperties": false,
129
+ "required": ["code", "severity", "message", "path"],
130
+ "properties": {
131
+ "code": {
132
+ "enum": [
133
+ "related_files_path_outside_root",
134
+ "related_files_unreadable_path",
135
+ "related_files_max_files_exceeded",
136
+ "related_files_max_candidates_exceeded"
137
+ ]
138
+ },
139
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
140
+ "message": { "type": "string" },
141
+ "path": { "type": "string" }
142
+ }
143
+ }
144
+ }
145
+ }
@@ -0,0 +1,200 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/route-outline-report.schema.json",
4
+ "title": "mustflow route-outline report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "policy",
18
+ "input_hash",
19
+ "files",
20
+ "routes",
21
+ "findings",
22
+ "issues"
23
+ ],
24
+ "properties": {
25
+ "schema_version": { "const": "1" },
26
+ "command": { "const": "script-pack" },
27
+ "pack_id": { "const": "code" },
28
+ "script_id": { "const": "route-outline" },
29
+ "script_ref": { "const": "code/route-outline" },
30
+ "action": { "const": "scan" },
31
+ "status": { "enum": ["passed", "failed", "error"] },
32
+ "ok": { "type": "boolean" },
33
+ "mustflow_root": { "type": "string" },
34
+ "policy": { "$ref": "#/$defs/policy" },
35
+ "input_hash": { "$ref": "#/$defs/sha256" },
36
+ "files": {
37
+ "type": "array",
38
+ "items": { "$ref": "#/$defs/file" }
39
+ },
40
+ "routes": {
41
+ "type": "array",
42
+ "items": { "$ref": "#/$defs/route" }
43
+ },
44
+ "findings": {
45
+ "type": "array",
46
+ "items": { "$ref": "#/$defs/finding" }
47
+ },
48
+ "issues": {
49
+ "type": "array",
50
+ "items": { "type": "string" }
51
+ }
52
+ },
53
+ "$defs": {
54
+ "sha256": {
55
+ "type": "string",
56
+ "pattern": "^sha256:[a-f0-9]{64}$"
57
+ },
58
+ "language": {
59
+ "enum": ["typescript", "tsx", "javascript", "jsx", "javascript-module", "javascript-commonjs", "rust"]
60
+ },
61
+ "framework": {
62
+ "enum": ["hono", "elysia", "axum", "nestjs", "unknown"]
63
+ },
64
+ "method": {
65
+ "enum": [
66
+ "get",
67
+ "post",
68
+ "put",
69
+ "patch",
70
+ "delete",
71
+ "options",
72
+ "head",
73
+ "all",
74
+ "any",
75
+ "use",
76
+ "route",
77
+ "nest",
78
+ "merge",
79
+ "fallback"
80
+ ]
81
+ },
82
+ "lifecycle": {
83
+ "enum": [
84
+ "guard",
85
+ "resolve",
86
+ "derive",
87
+ "use",
88
+ "decorate",
89
+ "onBeforeHandle",
90
+ "beforeHandle",
91
+ "onRequest",
92
+ "onAfterHandle",
93
+ "onError",
94
+ "useGuards",
95
+ "useInterceptors",
96
+ "usePipes",
97
+ "useFilters"
98
+ ]
99
+ },
100
+ "stringArray": {
101
+ "type": "array",
102
+ "items": { "type": "string" }
103
+ },
104
+ "policy": {
105
+ "type": "object",
106
+ "additionalProperties": false,
107
+ "required": ["max_file_bytes", "max_files", "extensions", "ignored_directories"],
108
+ "properties": {
109
+ "max_file_bytes": { "type": "integer", "minimum": 1 },
110
+ "max_files": { "type": "integer", "minimum": 1 },
111
+ "extensions": { "$ref": "#/$defs/stringArray" },
112
+ "ignored_directories": { "$ref": "#/$defs/stringArray" }
113
+ }
114
+ },
115
+ "file": {
116
+ "type": "object",
117
+ "additionalProperties": false,
118
+ "required": [
119
+ "kind",
120
+ "path",
121
+ "language",
122
+ "framework_evidence",
123
+ "sha256",
124
+ "size_bytes",
125
+ "line_count",
126
+ "route_count"
127
+ ],
128
+ "properties": {
129
+ "kind": { "const": "source_file" },
130
+ "path": { "type": "string" },
131
+ "language": { "$ref": "#/$defs/language" },
132
+ "framework_evidence": {
133
+ "type": "array",
134
+ "items": { "$ref": "#/$defs/framework" }
135
+ },
136
+ "sha256": { "$ref": "#/$defs/sha256" },
137
+ "size_bytes": { "type": "integer", "minimum": 0 },
138
+ "line_count": { "type": "integer", "minimum": 0 },
139
+ "route_count": { "type": "integer", "minimum": 0 }
140
+ }
141
+ },
142
+ "route": {
143
+ "type": "object",
144
+ "additionalProperties": false,
145
+ "required": [
146
+ "id",
147
+ "path",
148
+ "language",
149
+ "framework",
150
+ "method",
151
+ "route_path",
152
+ "line",
153
+ "chain_start_line",
154
+ "chain_end_line",
155
+ "handler_line",
156
+ "lifecycle",
157
+ "signature",
158
+ "content_sha256"
159
+ ],
160
+ "properties": {
161
+ "id": { "type": "string" },
162
+ "path": { "type": "string" },
163
+ "language": { "$ref": "#/$defs/language" },
164
+ "framework": { "$ref": "#/$defs/framework" },
165
+ "method": { "$ref": "#/$defs/method" },
166
+ "route_path": { "type": ["string", "null"] },
167
+ "line": { "type": "integer", "minimum": 1 },
168
+ "chain_start_line": { "type": "integer", "minimum": 1 },
169
+ "chain_end_line": { "type": "integer", "minimum": 1 },
170
+ "handler_line": { "type": "integer", "minimum": 1 },
171
+ "handler_name": { "type": ["string", "null"] },
172
+ "lifecycle": {
173
+ "type": "array",
174
+ "items": { "$ref": "#/$defs/lifecycle" }
175
+ },
176
+ "signature": { "type": "string" },
177
+ "content_sha256": { "$ref": "#/$defs/sha256" }
178
+ }
179
+ },
180
+ "finding": {
181
+ "type": "object",
182
+ "additionalProperties": false,
183
+ "required": ["code", "severity", "message", "path"],
184
+ "properties": {
185
+ "code": {
186
+ "enum": [
187
+ "code_route_outline_path_outside_root",
188
+ "code_route_outline_unreadable_path",
189
+ "code_route_outline_unsupported_file",
190
+ "code_route_outline_file_too_large",
191
+ "code_route_outline_max_files_exceeded"
192
+ ]
193
+ },
194
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
195
+ "message": { "type": "string" },
196
+ "path": { "type": "string" }
197
+ }
198
+ }
199
+ }
200
+ }
@@ -0,0 +1,152 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mustflow.github.io/schemas/secret-risk-scan-report.schema.json",
4
+ "title": "mustflow secret-risk-scan report",
5
+ "type": "object",
6
+ "additionalProperties": false,
7
+ "required": [
8
+ "schema_version",
9
+ "command",
10
+ "pack_id",
11
+ "script_id",
12
+ "script_ref",
13
+ "action",
14
+ "status",
15
+ "ok",
16
+ "mustflow_root",
17
+ "policy",
18
+ "input_hash",
19
+ "targets",
20
+ "summary",
21
+ "truncated",
22
+ "findings",
23
+ "issues"
24
+ ],
25
+ "properties": {
26
+ "schema_version": { "const": "1" },
27
+ "command": { "const": "script-pack" },
28
+ "pack_id": { "const": "repo" },
29
+ "script_id": { "const": "secret-risk-scan" },
30
+ "script_ref": { "const": "repo/secret-risk-scan" },
31
+ "action": { "const": "scan" },
32
+ "status": { "enum": ["passed", "failed", "error"] },
33
+ "ok": { "type": "boolean" },
34
+ "mustflow_root": { "type": "string" },
35
+ "policy": { "$ref": "#/$defs/policy" },
36
+ "input_hash": { "$ref": "#/$defs/sha256" },
37
+ "targets": {
38
+ "type": "array",
39
+ "items": { "$ref": "#/$defs/target" }
40
+ },
41
+ "summary": { "$ref": "#/$defs/summary" },
42
+ "truncated": { "type": "boolean" },
43
+ "findings": {
44
+ "type": "array",
45
+ "items": { "$ref": "#/$defs/finding" }
46
+ },
47
+ "issues": {
48
+ "type": "array",
49
+ "items": { "type": "string" }
50
+ }
51
+ },
52
+ "$defs": {
53
+ "sha256": {
54
+ "type": "string",
55
+ "pattern": "^sha256:[a-f0-9]{64}$"
56
+ },
57
+ "fingerprint": {
58
+ "type": "string",
59
+ "pattern": "^sha256:[a-f0-9]{16}$"
60
+ },
61
+ "stringArray": {
62
+ "type": "array",
63
+ "items": { "type": "string" }
64
+ },
65
+ "policy": {
66
+ "type": "object",
67
+ "additionalProperties": false,
68
+ "required": [
69
+ "max_file_bytes",
70
+ "max_files",
71
+ "max_findings",
72
+ "extensions",
73
+ "skipped_secret_names",
74
+ "ignored_directories"
75
+ ],
76
+ "properties": {
77
+ "max_file_bytes": { "type": "integer", "minimum": 1 },
78
+ "max_files": { "type": "integer", "minimum": 1 },
79
+ "max_findings": { "type": "integer", "minimum": 1 },
80
+ "extensions": { "$ref": "#/$defs/stringArray" },
81
+ "skipped_secret_names": { "$ref": "#/$defs/stringArray" },
82
+ "ignored_directories": { "$ref": "#/$defs/stringArray" }
83
+ }
84
+ },
85
+ "target": {
86
+ "type": "object",
87
+ "additionalProperties": false,
88
+ "required": ["input", "path", "exists", "kind"],
89
+ "properties": {
90
+ "input": { "type": "string" },
91
+ "path": { "type": "string" },
92
+ "exists": { "type": ["boolean", "null"] },
93
+ "kind": { "enum": ["file", "directory", "missing", "other", "unknown"] }
94
+ }
95
+ },
96
+ "summary": {
97
+ "type": "object",
98
+ "additionalProperties": false,
99
+ "required": [
100
+ "target_count",
101
+ "file_count",
102
+ "finding_count",
103
+ "skipped_secret_file_count",
104
+ "high_or_critical_count"
105
+ ],
106
+ "properties": {
107
+ "target_count": { "type": "integer", "minimum": 0 },
108
+ "file_count": { "type": "integer", "minimum": 0 },
109
+ "finding_count": { "type": "integer", "minimum": 0 },
110
+ "skipped_secret_file_count": { "type": "integer", "minimum": 0 },
111
+ "high_or_critical_count": { "type": "integer", "minimum": 0 }
112
+ }
113
+ },
114
+ "detector": {
115
+ "enum": [
116
+ "private_key_block",
117
+ "bearer_token",
118
+ "provider_token",
119
+ "generic_assignment",
120
+ "realistic_env_example",
121
+ "secret_file_skipped"
122
+ ]
123
+ },
124
+ "finding": {
125
+ "type": "object",
126
+ "additionalProperties": false,
127
+ "required": ["code", "severity", "message", "path"],
128
+ "properties": {
129
+ "code": {
130
+ "enum": [
131
+ "secret_risk_path_outside_root",
132
+ "secret_risk_unreadable_path",
133
+ "secret_risk_secret_file_skipped",
134
+ "secret_risk_max_files_exceeded",
135
+ "secret_risk_max_findings_exceeded",
136
+ "secret_risk_private_key_block",
137
+ "secret_risk_bearer_token",
138
+ "secret_risk_provider_token",
139
+ "secret_risk_generic_assignment",
140
+ "secret_risk_realistic_env_example"
141
+ ]
142
+ },
143
+ "severity": { "enum": ["low", "medium", "high", "critical"] },
144
+ "message": { "type": "string" },
145
+ "path": { "type": "string" },
146
+ "line": { "type": "integer", "minimum": 1 },
147
+ "detector": { "$ref": "#/$defs/detector" },
148
+ "fingerprint": { "$ref": "#/$defs/fingerprint" }
149
+ }
150
+ }
151
+ }
152
+ }