sigmap 1.5.0

package/src/routing/classifier.js

@@ -0,0 +1,102 @@
+'use strict';
+
+/**
+ * Classify files by complexity tier for model routing hints.
+ *
+ * Tiers:
+ *   'fast'     — simple files: config, markup, templates, trivial utilities
+ *   'balanced' — standard application code: moderate functions and classes
+ *   'powerful' — complex files: large classes, many exports, security-critical paths
+ *
+ * @param {string} filePath - absolute path to the file
+ * @param {string[]} sigs   - extracted signatures for the file
+ * @returns {'fast'|'balanced'|'powerful'}
+ */
+function classify(filePath, sigs) {
+  const lower = filePath.toLowerCase();
+  const sigCount = sigs.length;
+
+  // ── Fast tier heuristics ────────────────────────────────────────────────
+  // Configuration, markup, templates, and trivial utilities are small tasks
+  if (
+    lower.endsWith('.json') ||
+    lower.endsWith('.yml') ||
+    lower.endsWith('.yaml') ||
+    lower.endsWith('.toml') ||
+    lower.endsWith('.env') ||
+    lower.endsWith('.html') ||
+    lower.endsWith('.htm') ||
+    lower.endsWith('.css') ||
+    lower.endsWith('.scss') ||
+    lower.endsWith('.sass') ||
+    lower.endsWith('.less') ||
+    /dockerfile/i.test(lower) ||
+    lower.endsWith('.sh') ||
+    lower.endsWith('.bash') ||
+    lower.endsWith('.zsh') ||
+    lower.endsWith('.fish')
+  ) {
+    return 'fast';
+  }
+
+  // Config-like directories
+  if (
+    lower.includes('/config/') ||
+    lower.includes('/configs/') ||
+    lower.includes('/fixtures/') ||
+    lower.includes('/migrations/') ||
+    lower.includes('/seeds/')
+  ) {
+    return sigCount > 4 ? 'balanced' : 'fast';
+  }
+
+  // Test files — usually standard complexity
+  if (/\.(test|spec)\.[a-z]+$/.test(lower) || /_test\.[a-z]+$/.test(lower)) {
+    return 'balanced';
+  }
+
+  // ── Powerful tier heuristics — high-signal keywords in the path ─────────
+  if (
+    lower.includes('/security/') ||
+    lower.includes('/auth/') ||
+    lower.includes('/crypto/') ||
+    lower.includes('/core/') ||
+    lower.includes('/engine/') ||
+    lower.includes('/compiler/') ||
+    lower.includes('/parser/') ||
+    lower.includes('/scheduler/') ||
+    lower.includes('/orchestrat')
+  ) {
+    return 'powerful';
+  }
+
+  // Many exports → complex file
+  if (sigCount >= 12) return 'powerful';
+
+  // Large number of class-level methods (indented 2-space sigs)
+  const methodCount = sigs.filter((s) => s.startsWith('  ')).length;
+  if (methodCount >= 8) return 'powerful';
+
+  // ── Balanced covers everything else ────────────────────────────────────
+  if (sigCount <= 2) return 'fast';
+  return 'balanced';
+}
+
+/**
+ * Classify all file entries and group them by tier.
+ *
+ * @param {Array<{filePath: string, sigs: string[]}>} fileEntries
+ * @returns {{ fast: string[], balanced: string[], powerful: string[] }}
+ *   Each array contains relative paths (relative to cwd).
+ */
+function classifyAll(fileEntries, cwd) {
+  const path = require('path');
+  const result = { fast: [], balanced: [], powerful: [] };
+  for (const { filePath, sigs } of fileEntries) {
+    const tier = classify(filePath, sigs);
+    result[tier].push(path.relative(cwd, filePath));
+  }
+  return result;
+}
+
+module.exports = { classify, classifyAll };

package/src/routing/hints.js

@@ -0,0 +1,103 @@
+'use strict';
+
+/**
+ * Model routing hint definitions for SigMap.
+ *
+ * Maps complexity tiers to:
+ *   - example model names (vendor-agnostic labels used as hints)
+ *   - task types that belong to each tier
+ *   - estimated per-1K-token API cost (USD, illustrative — update as needed)
+ *
+ * These are embedded in the generated context file when `routing: true`
+ * so that AI agents and developers know which model tier to invoke.
+ */
+
+const TIERS = {
+  fast: {
+    label: 'Fast (low-cost)',
+    examples: 'claude-haiku-4-5, gpt-5-1-codex-mini, gemini-3-flash',
+    tasks: [
+      'Autocomplete and inline suggestions',
+      'Edit config or markup files',
+      'Fix typos and rename symbols',
+      'Format, lint, and trivial style changes',
+      'Explain a short utility function',
+      'Generate simple shell scripts or Dockerfiles',
+    ],
+    costHint: '~$0.0008 / 1K tokens',
+  },
+
+  balanced: {
+    label: 'Balanced (mid-tier)',
+    examples: 'claude-sonnet-4-6, gpt-5-2, gemini-3-1-pro',
+    tasks: [
+      'Write unit or integration tests',
+      'Implement a well-scoped feature function',
+      'Debug a runtime error with stack trace',
+      'Refactor a module (< 200 lines)',
+      'Generate a PR description',
+      'Explain a multi-function module',
+    ],
+    costHint: '~$0.003 / 1K tokens',
+  },
+
+  powerful: {
+    label: 'Powerful (high-cost)',
+    examples: 'claude-opus-4-6, gpt-5-4, gemini-2-5-pro',
+    tasks: [
+      'Cross-cutting architecture decisions',
+      'Multi-file refactor spanning 5+ files',
+      'Security audit (OWASP Top 10)',
+      'Complex debugging across async boundaries',
+      'Migration plan for a library/framework upgrade',
+      'Designing a new module from requirements',
+    ],
+    costHint: '~$0.015 / 1K tokens',
+  },
+};
+
+/**
+ * Format the routing section as markdown to append to the context file.
+ *
+ * @param {{ fast: string[], balanced: string[], powerful: string[] }} groups
+ *   Relative file paths grouped by tier (from classifier.classifyAll).
+ * @returns {string} Markdown block to embed in the context output.
+ */
+function formatRoutingSection(groups) {
+  const lines = [
+    '',
+    '---',
+    '',
+    '## Model routing hints',
+    '<!-- Generated by SigMap routing module — update gen-context.config.json to disable -->',
+    '',
+    'Select the model tier based on the task complexity and the files involved.',
+    '',
+  ];
+
+  for (const [tier, info] of Object.entries(TIERS)) {
+    const files = groups[tier] || [];
+    lines.push(`### ${info.label}`);
+    lines.push(`**Examples:** ${info.examples}  `);
+    lines.push(`**Cost:** ${info.costHint}`);
+    lines.push('');
+    lines.push('**Use for tasks like:**');
+    for (const task of info.tasks) lines.push(`- ${task}`);
+    lines.push('');
+    if (files.length > 0) {
+      lines.push('**Files in this tier:**');
+      for (const f of files.slice(0, 15)) lines.push(`- \`${f}\``);
+      if (files.length > 15) lines.push(`- … and ${files.length - 15} more`);
+    } else {
+      lines.push('**Files in this tier:** _(none detected)_');
+    }
+    lines.push('');
+  }
+
+  lines.push('> **Tip:** Run `node gen-context.js --routing` to regenerate routing hints.');
+  lines.push('> See `docs/MODEL_ROUTING.md` for full routing guide and cost optimisation tips.');
+
+  return lines.join('\n');
+}
+
+module.exports = { TIERS, formatRoutingSection };

package/src/security/patterns.js

@@ -0,0 +1,51 @@
+'use strict';
+
+/**
+ * Secret detection patterns for SigMap scanner.
+ * Each pattern has a name and a regex tested against signature strings.
+ */
+const PATTERNS = [
+  {
+    name: 'AWS Access Key',
+    regex: /AKIA[0-9A-Z]{16}/,
+  },
+  {
+    name: 'AWS Secret Key',
+    // 40-char base64-like string following common AWS secret key assignment patterns
+    regex: /(?:aws_secret|secret_access_key|SecretAccessKey)\s*[:=]\s*['"]?[0-9a-zA-Z/+]{40}/i,
+  },
+  {
+    name: 'GCP API Key',
+    regex: /AIza[0-9A-Za-z\-_]{35}/,
+  },
+  {
+    name: 'GitHub Token',
+    regex: /gh[pousr]_[A-Za-z0-9_]{36,}/,
+  },
+  {
+    name: 'JWT Token',
+    regex: /eyJ[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+/,
+  },
+  {
+    name: 'DB Connection String',
+    regex: /(mongodb|postgres|postgresql|mysql|redis):\/\/[^:]+:[^@]+@/i,
+  },
+  {
+    name: 'SSH Private Key',
+    regex: /-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----/,
+  },
+  {
+    name: 'Stripe Key',
+    regex: /sk_(live|test)_[0-9a-zA-Z]{24,}/,
+  },
+  {
+    name: 'Twilio Key',
+    regex: /SK[0-9a-fA-F]{32}/,
+  },
+  {
+    name: 'Generic Secret',
+    regex: /(secret|password|passwd|api_key|apikey|auth_token|access_token)\s*[:=]\s*['"][^'"]{8,}['"]/i,
+  },
+];
+
+module.exports = { PATTERNS };

package/src/security/scanner.js

@@ -0,0 +1,36 @@
+'use strict';
+
+const { PATTERNS } = require('./patterns');
+
+/**
+ * Scan an array of signature strings for secrets.
+ *
+ * @param {string[]} signatures - Array of extracted signature strings
+ * @param {string} filePath - Source file path (used in redaction message)
+ * @returns {{ safe: string[], redacted: boolean }}
+ *   safe      — signatures with any secret-containing entries replaced
+ *   redacted  — true if at least one signature was redacted
+ */
+function scan(signatures, filePath) {
+  if (!Array.isArray(signatures)) return { safe: [], redacted: false };
+
+  try {
+    let redacted = false;
+    const safe = signatures.map((sig) => {
+      if (typeof sig !== 'string') return sig;
+      for (const pattern of PATTERNS) {
+        if (pattern.regex.test(sig)) {
+          redacted = true;
+          return `[REDACTED — ${pattern.name} detected in ${filePath}]`;
+        }
+      }
+      return sig;
+    });
+    return { safe, redacted };
+  } catch (_) {
+    // Never throw — return original signatures on any error
+    return { safe: signatures, redacted: false };
+  }
+}
+
+module.exports = { scan };

package/src/tracking/logger.js

@@ -0,0 +1,115 @@
+'use strict';
+
+/**
+ * SigMap usage logger (v0.9)
+ *
+ * Writes an append-only newline-delimited JSON (NDJSON) log at
+ *   .context/usage.ndjson
+ *
+ * Each line is one JSON object describing a gen-context run.
+ * Zero npm dependencies — pure Node.js fs.
+ *
+ * Enabled by:
+ *   config.tracking: true   (gen-context.config.json)
+ *   --track CLI flag
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const LOG_FILE = path.join('.context', 'usage.ndjson');
+
+/**
+ * Append one run entry to the usage log.
+ * @param {object} entry - Run metrics from runGenerate()
+ * @param {string} cwd   - Project root (absolute path)
+ */
+function logRun(entry, cwd) {
+  try {
+    const logPath = path.join(cwd, LOG_FILE);
+    const dir = path.dirname(logPath);
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+
+    const record = {
+      ts: new Date().toISOString(),
+      version: entry.version || '0.9.0',
+      fileCount: entry.fileCount || 0,
+      droppedCount: entry.droppedCount || 0,
+      rawTokens: entry.rawTokens || 0,
+      finalTokens: entry.finalTokens || 0,
+      reductionPct: entry.rawTokens > 0
+        ? parseFloat((100 - (entry.finalTokens / entry.rawTokens) * 100).toFixed(1))
+        : 0,
+      overBudget: entry.overBudget || false,
+      budgetLimit: entry.budgetLimit || 6000,
+    };
+
+    fs.appendFileSync(logPath, JSON.stringify(record) + '\n', 'utf8');
+  } catch (err) {
+    // Never crash the main process — tracking is optional
+    process.stderr.write(`[sigmap] tracking: could not write log: ${err.message}\n`);
+  }
+}
+
+/**
+ * Read and parse all usage log entries.
+ * @param {string} cwd - Project root (absolute path)
+ * @returns {object[]} Array of parsed log records (oldest first)
+ */
+function readLog(cwd) {
+  try {
+    const logPath = path.join(cwd, LOG_FILE);
+    if (!fs.existsSync(logPath)) return [];
+    const raw = fs.readFileSync(logPath, 'utf8');
+    return raw
+      .split('\n')
+      .filter(Boolean)
+      .map((line) => {
+        try { return JSON.parse(line); } catch (_) { return null; }
+      })
+      .filter(Boolean);
+  } catch (_) {
+    return [];
+  }
+}
+
+/**
+ * Compute summary statistics from an array of log records.
+ * @param {object[]} entries
+ * @returns {object} Summary stats
+ */
+function summarize(entries) {
+  if (!entries || entries.length === 0) {
+    return {
+      totalRuns: 0,
+      avgReductionPct: 0,
+      avgFinalTokens: 0,
+      avgRawTokens: 0,
+      minFinalTokens: 0,
+      maxFinalTokens: 0,
+      firstRun: null,
+      lastRun: null,
+      overBudgetRuns: 0,
+    };
+  }
+
+  const reductions = entries.map((e) => e.reductionPct || 0);
+  const finals = entries.map((e) => e.finalTokens || 0);
+  const raws = entries.map((e) => e.rawTokens || 0);
+
+  const avg = (arr) => arr.reduce((a, b) => a + b, 0) / arr.length;
+
+  return {
+    totalRuns: entries.length,
+    avgReductionPct: parseFloat(avg(reductions).toFixed(1)),
+    avgFinalTokens: Math.round(avg(finals)),
+    avgRawTokens: Math.round(avg(raws)),
+    minFinalTokens: Math.min(...finals),
+    maxFinalTokens: Math.max(...finals),
+    firstRun: entries[0].ts || null,
+    lastRun: entries[entries.length - 1].ts || null,
+    overBudgetRuns: entries.filter((e) => e.overBudget).length,
+  };
+}
+
+module.exports = { logRun, readLog, summarize };