tryassay 0.29.0 → 0.30.1

package/dist/lib/learned-rules/pattern-extractor.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Pattern Extractor — extracts generalizable detection patterns from confirmed LLM findings.
+ *
+ * This is the core of Phase 1: Self-Expanding Formal Verification.
+ * When the LLM finds a real bug and it's confirmed, this module
+ * analyzes the code and finding to extract a regex pattern that
+ * would catch the same class of bug deterministically.
+ *
+ * The extracted pattern becomes a formal rule — no LLM needed for
+ * future instances of the same bug class.
+ */
+import type { PatternExtractionInput, PatternExtractionResult } from './types.js';
+/** Reset counter (for testing). */
+export declare function resetPatternCounter(start?: number): void;
+/**
+ * Extract a generalizable detection pattern from a confirmed LLM finding.
+ *
+ * @param input - The confirmed finding with code context.
+ * @returns The extraction result with pattern or failure reason.
+ */
+export declare function extractPattern(input: PatternExtractionInput): PatternExtractionResult;
+/**
+ * Get the list of claim categories that have extraction strategies.
+ */
+export declare function getSupportedCategories(): string[];

package/dist/lib/learned-rules/pattern-extractor.js

@@ -0,0 +1,351 @@
+/**
+ * Pattern Extractor — extracts generalizable detection patterns from confirmed LLM findings.
+ *
+ * This is the core of Phase 1: Self-Expanding Formal Verification.
+ * When the LLM finds a real bug and it's confirmed, this module
+ * analyzes the code and finding to extract a regex pattern that
+ * would catch the same class of bug deterministically.
+ *
+ * The extracted pattern becomes a formal rule — no LLM needed for
+ * future instances of the same bug class.
+ */
+// ── Language Helpers ──────────────────────────────────────────
+function langGroup(language) {
+    const lang = language.toLowerCase();
+    if (['typescript', 'ts', 'tsx'].includes(lang))
+        return ['ts', 'tsx', 'typescript'];
+    if (['javascript', 'js', 'jsx'].includes(lang))
+        return ['js', 'jsx', 'javascript'];
+    if (['python', 'py'].includes(lang))
+        return ['py', 'python'];
+    if (['go', 'golang'].includes(lang))
+        return ['go', 'golang'];
+    return [lang];
+}
+function fileGlobForLang(language) {
+    const lang = language.toLowerCase();
+    if (['typescript', 'ts', 'tsx', 'javascript', 'js', 'jsx'].includes(lang)) {
+        return '**/*.{ts,tsx,js,jsx}';
+    }
+    if (['python', 'py'].includes(lang))
+        return '**/*.py';
+    if (['go', 'golang'].includes(lang))
+        return '**/*.go';
+    if (['rust', 'rs'].includes(lang))
+        return '**/*.rs';
+    if (['java'].includes(lang))
+        return '**/*.java';
+    return '**/*';
+}
+// ── ID Generation ────────────────────────────────────────────
+let patternCounter = 0;
+function nextPatternId() {
+    patternCounter++;
+    return `lp_${String(patternCounter).padStart(4, '0')}`;
+}
+/** Reset counter (for testing). */
+export function resetPatternCounter(start = 0) {
+    patternCounter = start;
+}
+// ── Extraction Strategies ────────────────────────────────────
+/**
+ * Strategy: Missing error handling.
+ * If the LLM found that error handling is missing, extract a pattern
+ * that checks for try/catch, .catch(), or error callbacks near
+ * async operations.
+ */
+const missingErrorHandling = {
+    categories: ['error-handling'],
+    extract(input) {
+        const { claim, code, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        // Only handle "missing error handling" findings
+        if (!/(?:missing|no|lacks?|without|absent)\s+(?:error|exception)\s+(?:handling|catching|recovery)/i.test(text) &&
+            !/(?:does\s+not|doesn't)\s+(?:handle|catch)\s+(?:errors?|exceptions?|failures?)/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        // Extract the specific operation that needs error handling
+        const asyncOpMatch = code.match(/(?:await\s+(\w+(?:\.\w+)*)\s*\()|(?:(\w+(?:\.\w+)*)\s*\(\s*\)\.then)/);
+        let pattern;
+        let description;
+        if (asyncOpMatch) {
+            const op = asyncOpMatch[1] || asyncOpMatch[2];
+            // Pattern: this specific async call without surrounding try/catch
+            pattern = `(?:await\\s+${escapeRegex(op)}\\s*\\()`;
+            description = `Async call to '${op}' without error handling`;
+        }
+        else if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Generic: any fetch/API call without error handling nearby
+            pattern = '\\bfetch\\s*\\([^)]*\\)(?![\\s\\S]{0,200}(?:\\.catch|try\\s*\\{|catch\\s*\\())';
+            description = 'Fetch call without error handling within 200 characters';
+        }
+        else if (['py', 'python'].includes(lang)) {
+            pattern = '(?:requests\\.(?:get|post|put|delete|patch)\\s*\\()(?![\\s\\S]{0,200}(?:except|try\\s*:))';
+            description = 'HTTP request without error handling within 200 characters';
+        }
+        else {
+            return null; // Can't generalize for this language
+        }
+        return {
+            id: nextPatternId(),
+            description,
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'error-handling',
+            severity: claim.severity === 'low' ? 'medium' : claim.severity,
+            evidenceTemplate: `Missing error handling: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: SQL injection via string concatenation.
+ * Extracts patterns for detecting SQL built from string concatenation.
+ */
+const sqlInjection = {
+    categories: ['security'],
+    extract(input) {
+        const { claim, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/sql\s+injection|string\s+concatenat.*sql|unsanitized.*sql|sql.*interpolat/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        let pattern;
+        if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Template literals with SQL keywords and interpolation
+            pattern = '`[^`]*(?:SELECT|INSERT|UPDATE|DELETE|DROP|ALTER)\\s[^`]*\\$\\{(?!\\d)';
+        }
+        else if (['py', 'python'].includes(lang)) {
+            // f-strings or .format() with SQL
+            pattern = '(?:f[\'"][^\'"]*(?:SELECT|INSERT|UPDATE|DELETE)|\\.format\\s*\\([^)]*\\).*(?:SELECT|INSERT|UPDATE|DELETE))';
+        }
+        else {
+            // Generic string concat with SQL
+            pattern = '(?:SELECT|INSERT|UPDATE|DELETE|DROP)\\s[^"\']*\\+\\s*\\w+';
+        }
+        return {
+            id: nextPatternId(),
+            description: 'SQL query built with string interpolation/concatenation',
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'security',
+            severity: 'critical',
+            evidenceTemplate: `SQL injection risk: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Missing null/undefined check.
+ * When LLM finds that a function doesn't validate its inputs for null.
+ */
+const missingNullCheck = {
+    categories: ['edge-case', 'correctness'],
+    extract(input) {
+        const { claim, code, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:null|undefined|nil|none)\s+(?:check|guard|validation|handling)/i.test(text) &&
+            !/(?:does\s+not|doesn't)\s+(?:check|validate|guard|handle)\s+(?:null|undefined|nil|none)/i.test(text)) {
+            return null;
+        }
+        // Try to extract the specific function/variable name
+        const funcMatch = code.match(/(?:function|const|let|var)\s+(\w+)\s*(?:=\s*(?:async\s+)?)?(?:\([^)]*\)|=>|\{)/);
+        if (!funcMatch)
+            return null;
+        const funcName = funcMatch[1];
+        const lang = language.toLowerCase();
+        let pattern;
+        if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Function that takes params but doesn't check for null/undefined
+            pattern = `(?:function\\s+${escapeRegex(funcName)}|(?:const|let|var)\\s+${escapeRegex(funcName)}\\s*=)\\s*(?:async\\s+)?\\([^)]+\\)[^{]*\\{(?![\\s\\S]{0,300}(?:!==?\\s*(?:null|undefined)|===?\\s*(?:null|undefined)|\\?\\.))`;
+        }
+        else {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: `Function '${funcName}' does not validate inputs for null/undefined`,
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: claim.category,
+            severity: claim.severity === 'low' ? 'medium' : claim.severity,
+            evidenceTemplate: `Missing null check in function '{match}' in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Hardcoded secrets/credentials.
+ * When LLM finds API keys, tokens, or passwords hardcoded in source.
+ */
+const hardcodedSecrets = {
+    categories: ['security'],
+    extract(input) {
+        const { claim } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:hardcod|embed|literal)\w*\s+(?:secret|key|token|password|credential|api.?key)/i.test(text) &&
+            !/(?:secret|key|token|password|credential|api.?key)\s+(?:hardcod|embed|literal)/i.test(text)) {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: 'Hardcoded secret, API key, token, or password in source code',
+            kind: 'regex',
+            languages: [], // All languages
+            regexPattern: "(?:api[_-]?key|secret|password|token|auth)\\s*[:=]\\s*['\"`][A-Za-z0-9+/=_-]{20,}['\"`]",
+            fileGlob: '**/*.{ts,tsx,js,jsx,py,go,java,rs}',
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'security',
+            severity: 'critical',
+            evidenceTemplate: `Hardcoded secret found: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Missing input validation.
+ * When LLM finds that user input isn't validated before use.
+ */
+const missingInputValidation = {
+    categories: ['security', 'correctness'],
+    extract(input) {
+        const { claim, code, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:missing|no|lacks?|without)\s+(?:input|user|request)\s+validation/i.test(text) &&
+            !/(?:does\s+not|doesn't)\s+(?:validate|sanitize|check)\s+(?:input|user|request)/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        let pattern;
+        if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Express/Node: req.body used without validation
+            if (code.includes('req.body') || code.includes('req.params') || code.includes('req.query')) {
+                pattern = '(?:req\\.(?:body|params|query))(?![\\s\\S]{0,100}(?:validate|parse|schema|zod|joi|yup))';
+            }
+            else {
+                return null;
+            }
+        }
+        else if (['py', 'python'].includes(lang)) {
+            // Flask/Django: request data used without validation
+            pattern = '(?:request\\.(?:json|form|args|data))(?![\\s\\S]{0,100}(?:validate|schema|marshmallow|pydantic))';
+        }
+        else {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: 'User input used without validation or sanitization',
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'security',
+            severity: 'high',
+            evidenceTemplate: `Unvalidated input: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Unhandled promise rejection.
+ * When LLM finds async operations without await or .catch().
+ */
+const unhandledPromise = {
+    categories: ['error-handling', 'correctness'],
+    extract(input) {
+        const { claim, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:unhandled|floating|detached)\s+promise/i.test(text) &&
+            !/promise\s+(?:not\s+)?(?:awaited|handled|caught)/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        if (!['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: 'Promise-returning call without await or .catch()',
+            kind: 'regex',
+            languages: langGroup(language),
+            // Match function calls that likely return promises but aren't awaited
+            // Look for common async patterns without await
+            regexPattern: '(?<!await\\s)(?<!return\\s)\\b(?:fetch|axios\\.\\w+|\\w+\\.save|\\w+\\.delete|\\w+\\.update)\\s*\\([^)]*\\)(?!\\s*\\.(?:then|catch))',
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'error-handling',
+            severity: 'high',
+            evidenceTemplate: `Unhandled promise: {match} in {file}`,
+        };
+    },
+};
+// ── Registry ─────────────────────────────────────────────────
+const STRATEGIES = [
+    missingErrorHandling,
+    sqlInjection,
+    missingNullCheck,
+    hardcodedSecrets,
+    missingInputValidation,
+    unhandledPromise,
+];
+// ── Helpers ──────────────────────────────────────────────────
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+// ── Public API ───────────────────────────────────────────────
+/**
+ * Extract a generalizable detection pattern from a confirmed LLM finding.
+ *
+ * @param input - The confirmed finding with code context.
+ * @returns The extraction result with pattern or failure reason.
+ */
+export function extractPattern(input) {
+    // Only process confirmed failures
+    if (input.verification.verdict !== 'FAIL') {
+        return {
+            success: false,
+            failureReason: `Verdict is '${input.verification.verdict}', not 'FAIL'. Only confirmed failures can generate rules.`,
+        };
+    }
+    // Try each strategy in order
+    for (const strategy of STRATEGIES) {
+        if (!strategy.categories.includes(input.claim.category))
+            continue;
+        const pattern = strategy.extract(input);
+        if (pattern) {
+            // Validate the regex compiles
+            try {
+                new RegExp(pattern.regexPattern);
+            }
+            catch {
+                continue; // Skip patterns that don't compile
+            }
+            return { success: true, pattern };
+        }
+    }
+    return {
+        success: false,
+        failureReason: `No extraction strategy matched claim category '${input.claim.category}' with description: ${input.claim.description}`,
+    };
+}
+/**
+ * Get the list of claim categories that have extraction strategies.
+ */
+export function getSupportedCategories() {
+    const categories = new Set();
+    for (const strategy of STRATEGIES) {
+        for (const cat of strategy.categories) {
+            categories.add(cat);
+        }
+    }
+    return [...categories];
+}
+//# sourceMappingURL=pattern-extractor.js.map

package/dist/lib/learned-rules/pattern-extractor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pattern-extractor.js","sourceRoot":"","sources":["../../../src/lib/learned-rules/pattern-extractor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAqBH,iEAAiE;AAEjE,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnF,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnF,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1E,OAAO,sBAAsB,CAAC;IAChC,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACtD,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,WAAW,CAAC;IAChD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gEAAgE;AAEhE,IAAI,cAAc,GAAG,CAAC,CAAC;AAEvB,SAAS,aAAa;IACpB,cAAc,EAAE,CAAC;IACjB,OAAO,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,mBAAmB,CAAC,KAAK,GAAG,CAAC;IAC3C,cAAc,GAAG,KAAK,CAAC;AACzB,CAAC;AAED,gEAAgE;AAEhE;;;;;GAKG;AACH,MAAM,oBAAoB,GAAuB;IAC/C,UAAU,EAAE,CAAC,gBAAgB,CAAC;IAC9B,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,gDAAgD;QAChD,IAAI,CAAC,8FAA8F,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1G,CAAC,gFAAgF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAEpC,2DAA2D;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAC7B,sEAAsE,CACvE,CAAC;QAEF,IAAI,OAAe,CAAC;QACpB,IAAI,WAAmB,CAAC;QAExB,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9C,kEAAkE;YAClE,OAAO,GAAG,eAAe,WAAW,CAAC,EAAE,CAAC,UAAU,CAAC;YACnD,WAAW,GAAG,kBAAkB,EAAE,0BAA0B,CAAC;QAC/D,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,4DAA4D;YAC5D,OAAO,GAAG,gFAAgF,CAAC;YAC3F,WAAW,GAAG,yDAAyD,CAAC;QAC1E,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO,GAAG,2FAA2F,CAAC;YACtG,WAAW,GAAG,2DAA2D,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,CAAC,qCAAqC;QACpD,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW;YACX,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,gBAAgB;YAC/B,QAAQ,EAAE,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAA0C;YAChG,gBAAgB,EAAE,2CAA2C;SAC9D,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,YAAY,GAAuB;IACvC,UAAU,EAAE,CAAC,UAAU,CAAC;IACxB,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,4EAA4E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7F,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,OAAe,CAAC;QAEpB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1E,wDAAwD;YACxD,OAAO,GAAG,uEAAuE,CAAC;QACpF,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,kCAAkC;YAClC,OAAO,GAAG,4GAA4G,CAAC;QACzH,CAAC;aAAM,CAAC;YACN,iCAAiC;YACjC,OAAO,GAAG,2DAA2D,CAAC;QACxE,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,yDAAyD;YACtE,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,UAAU;YACzB,QAAQ,EAAE,UAAU;YACpB,gBAAgB,EAAE,uCAAuC;SAC1D,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,UAAU,EAAE,CAAC,WAAW,EAAE,aAAa,CAAC;IACxC,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC;YAChF,CAAC,yFAAyF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1G,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qDAAqD;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAC1B,gFAAgF,CACjF,CAAC;QAEF,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1E,kEAAkE;YAClE,OAAO,GAAG,kBAAkB,WAAW,CAAC,QAAQ,CAAC,yBAAyB,WAAW,CAAC,QAAQ,CAAC,gIAAgI,CAAC;QAClO,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,aAAa,QAAQ,+CAA+C;YACjF,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,KAAK,CAAC,QAAQ;YAC7B,QAAQ,EAAE,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAA0C;YAChG,gBAAgB,EAAE,oDAAoD;SACvE,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,UAAU,EAAE,CAAC,UAAU,CAAC;IACxB,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QACxB,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,mFAAmF,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/F,CAAC,gFAAgF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,8DAA8D;YAC3E,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,EAAE,EAAG,gBAAgB;YAChC,YAAY,EAAE,yFAAyF;YACvG,QAAQ,EAAE,oCAAoC;YAC9C,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,UAAU;YACzB,QAAQ,EAAE,UAAU;YACpB,gBAAgB,EAAE,2CAA2C;SAC9D,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAuB;IACjD,UAAU,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC;IACvC,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,sEAAsE,CAAC,IAAI,CAAC,IAAI,CAAC;YAClF,CAAC,gFAAgF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,OAAe,CAAC;QAEpB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1E,iDAAiD;YACjD,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3F,OAAO,GAAG,yFAAyF,CAAC;YACtG,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,qDAAqD;YACrD,OAAO,GAAG,kGAAkG,CAAC;QAC/G,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,oDAAoD;YACjE,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,UAAU;YACzB,QAAQ,EAAE,MAAM;YAChB,gBAAgB,EAAE,sCAAsC;SACzD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,UAAU,EAAE,CAAC,gBAAgB,EAAE,aAAa,CAAC;IAC7C,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,4CAA4C,CAAC,IAAI,CAAC,IAAI,CAAC;YACxD,CAAC,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,kDAAkD;YAC/D,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,sEAAsE;YACtE,+CAA+C;YAC/C,YAAY,EAAE,sIAAsI;YACpJ,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,gBAAgB;YAC/B,QAAQ,EAAE,MAAM;YAChB,gBAAgB,EAAE,sCAAsC;SACzD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,gEAAgE;AAEhE,MAAM,UAAU,GAAkC;IAChD,oBAAoB;IACpB,YAAY;IACZ,gBAAgB;IAChB,gBAAgB;IAChB,sBAAsB;IACtB,gBAAgB;CACjB,CAAC;AAEF,gEAAgE;AAEhE,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED,gEAAgE;AAEhE;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAA6B;IAC1D,kCAAkC;IAClC,IAAI,KAAK,CAAC,YAAY,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC1C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,eAAe,KAAK,CAAC,YAAY,CAAC,OAAO,4DAA4D;SACrH,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC;YAAE,SAAS;QAElE,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,OAAO,EAAE,CAAC;YACZ,8BAA8B;YAC9B,IAAI,CAAC;gBACH,IAAI,MAAM,CAAC,OAAO,CAAC,YAAa,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,mCAAmC;YAC/C,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,aAAa,EAAE,kDAAkD,KAAK,CAAC,KAAK,CAAC,QAAQ,uBAAuB,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;KACtI,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACtC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,UAAU,CAAC,CAAC;AACzB,CAAC"}

package/dist/lib/learned-rules/rule-codifier.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Rule Codifier — converts extracted patterns into executable formal checks.
+ *
+ * Takes an ExtractedPattern and produces a LearnedRule that can run
+ * alongside hand-crafted rules in the formal verifier.
+ *
+ * Current implementation: regex-based rules only.
+ * Future: AST patterns (tree-sitter), type constraints (ts-morph).
+ */
+import type { ExtractedPattern, LearnedRule, PatternExtractionInput } from './types.js';
+/** Reset counter (for testing). */
+export declare function resetRuleCounter(start?: number): void;
+/**
+ * Create a new learned rule from an extracted pattern and its source finding.
+ *
+ * The rule starts in 'candidate' status and must pass validation
+ * before being promoted to 'validated' and then 'promoted'.
+ */
+export declare function codifyRule(pattern: ExtractedPattern, input: PatternExtractionInput): LearnedRule;
+/**
+ * Execute a learned rule against a code string.
+ *
+ * Returns true if the rule fires (detects a potential issue).
+ */
+export declare function executeRule(rule: LearnedRule, code: string, language: string): {
+    fires: boolean;
+    matches: string[];
+};
+/**
+ * Merge a new source finding into an existing rule.
+ * This happens when the same pattern is extracted from a different finding.
+ */
+export declare function mergeSourceFinding(rule: LearnedRule, input: PatternExtractionInput): LearnedRule;
+/**
+ * Update rule status through the lifecycle.
+ */
+export declare function updateRuleStatus(rule: LearnedRule, status: LearnedRule['status']): LearnedRule;
+/**
+ * Record that a rule fired and was confirmed/rejected by a human or auto-confirmation.
+ */
+export declare function recordRuleFire(rule: LearnedRule, wasCorrect: boolean): LearnedRule;

package/dist/lib/learned-rules/rule-codifier.js

@@ -0,0 +1,138 @@
+/**
+ * Rule Codifier — converts extracted patterns into executable formal checks.
+ *
+ * Takes an ExtractedPattern and produces a LearnedRule that can run
+ * alongside hand-crafted rules in the formal verifier.
+ *
+ * Current implementation: regex-based rules only.
+ * Future: AST patterns (tree-sitter), type constraints (ts-morph).
+ */
+// ── Rule ID Generation ───────────────────────────────────────
+let ruleCounter = 0;
+function nextRuleId() {
+    ruleCounter++;
+    return `lr_${String(ruleCounter).padStart(4, '0')}`;
+}
+/** Reset counter (for testing). */
+export function resetRuleCounter(start = 0) {
+    ruleCounter = start;
+}
+// ── Rule Creation ────────────────────────────────────────────
+/**
+ * Create a new learned rule from an extracted pattern and its source finding.
+ *
+ * The rule starts in 'candidate' status and must pass validation
+ * before being promoted to 'validated' and then 'promoted'.
+ */
+export function codifyRule(pattern, input) {
+    const now = new Date().toISOString();
+    const sourceFinding = {
+        claimId: input.claim.id,
+        claimDescription: input.claim.description,
+        codeSnippet: truncateCode(input.code, 500),
+        filePath: input.filePath,
+        language: input.language,
+        timestamp: now,
+    };
+    return {
+        id: nextRuleId(),
+        pattern,
+        status: 'candidate',
+        createdAt: now,
+        updatedAt: now,
+        fireCount: 0,
+        truePositiveCount: 0,
+        falsePositiveCount: 0,
+        sourceFindings: [sourceFinding],
+    };
+}
+/**
+ * Execute a learned rule against a code string.
+ *
+ * Returns true if the rule fires (detects a potential issue).
+ */
+export function executeRule(rule, code, language) {
+    const pattern = rule.pattern;
+    // Check language applicability
+    if (pattern.languages.length > 0) {
+        const langLower = language.toLowerCase();
+        if (!pattern.languages.some(l => l.toLowerCase() === langLower)) {
+            return { fires: false, matches: [] };
+        }
+    }
+    // Currently only regex patterns are supported
+    if (pattern.kind !== 'regex' || !pattern.regexPattern) {
+        return { fires: false, matches: [] };
+    }
+    try {
+        const regex = new RegExp(pattern.regexPattern, 'gi');
+        const matches = [];
+        let match;
+        while ((match = regex.exec(code)) !== null) {
+            matches.push(match[0]);
+            // Prevent infinite loops on zero-length matches
+            if (match[0].length === 0)
+                regex.lastIndex++;
+        }
+        if (pattern.matchBehavior === 'presence_is_bad') {
+            return { fires: matches.length > 0, matches };
+        }
+        else {
+            // absence_is_bad: fires when pattern is NOT found
+            return { fires: matches.length === 0, matches: [] };
+        }
+    }
+    catch {
+        // Invalid regex — rule should be rejected
+        return { fires: false, matches: [] };
+    }
+}
+/**
+ * Merge a new source finding into an existing rule.
+ * This happens when the same pattern is extracted from a different finding.
+ */
+export function mergeSourceFinding(rule, input) {
+    const now = new Date().toISOString();
+    const newFinding = {
+        claimId: input.claim.id,
+        claimDescription: input.claim.description,
+        codeSnippet: truncateCode(input.code, 500),
+        filePath: input.filePath,
+        language: input.language,
+        timestamp: now,
+    };
+    return {
+        ...rule,
+        updatedAt: now,
+        sourceFindings: [...rule.sourceFindings, newFinding],
+    };
+}
+/**
+ * Update rule status through the lifecycle.
+ */
+export function updateRuleStatus(rule, status) {
+    return {
+        ...rule,
+        status,
+        updatedAt: new Date().toISOString(),
+    };
+}
+/**
+ * Record that a rule fired and was confirmed/rejected by a human or auto-confirmation.
+ */
+export function recordRuleFire(rule, wasCorrect) {
+    return {
+        ...rule,
+        fireCount: rule.fireCount + 1,
+        truePositiveCount: rule.truePositiveCount + (wasCorrect ? 1 : 0),
+        falsePositiveCount: rule.falsePositiveCount + (wasCorrect ? 0 : 1),
+        updatedAt: new Date().toISOString(),
+    };
+}
+// ── Helpers ──────────────────────────────────────────────────
+function truncateCode(code, maxLength) {
+    if (code.length <= maxLength)
+        return code;
+    return code.slice(0, maxLength) + '\n// ... truncated';
+}
+//# sourceMappingURL=rule-codifier.js.map

package/dist/lib/learned-rules/rule-codifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule-codifier.js","sourceRoot":"","sources":["../../../src/lib/learned-rules/rule-codifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,gEAAgE;AAEhE,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,SAAS,UAAU;IACjB,WAAW,EAAE,CAAC;IACd,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACtD,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,gBAAgB,CAAC,KAAK,GAAG,CAAC;IACxC,WAAW,GAAG,KAAK,CAAC;AACtB,CAAC;AAED,gEAAgE;AAEhE;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CACxB,OAAyB,EACzB,KAA6B;IAE7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;QACvB,gBAAgB,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW;QACzC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC;QAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,UAAU,EAAE;QAChB,OAAO;QACP,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC;QACpB,kBAAkB,EAAE,CAAC;QACrB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,IAAiB,EACjB,IAAY,EACZ,QAAgB;IAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAE7B,+BAA+B;IAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,EAAE,CAAC;YAChE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,KAA6B,CAAC;QAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,gDAAgD;YAChD,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,KAAK,CAAC,SAAS,EAAE,CAAC;QAC/C,CAAC;QAED,IAAI,OAAO,CAAC,aAAa,KAAK,iBAAiB,EAAE,CAAC;YAChD,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,OAAO,EAAE,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,kDAAkD;YAClD,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAAiB,EACjB,KAA6B;IAE7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,UAAU,GAAkB;QAChC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;QACvB,gBAAgB,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW;QACzC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC;QAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,GAAG;QACd,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,EAAE,UAAU,CAAC;KACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAiB,EACjB,MAA6B;IAE7B,OAAO;QACL,GAAG,IAAI;QACP,MAAM;QACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,IAAiB,EACjB,UAAmB;IAEnB,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,IAAI,CAAC,SAAS,GAAG,CAAC;QAC7B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChE,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED,gEAAgE;AAEhE,SAAS,YAAY,CAAC,IAAY,EAAE,SAAiB;IACnD,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,oBAAoB,CAAC;AACzD,CAAC"}

package/dist/lib/learned-rules/starter-catalog.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Starter Catalog — ~15 high-signal learned rules that ship with the npm package.
+ *
+ * These rules were curated from 214 rules harvested from real PR diffs in
+ * popular open-source TypeScript projects. Selection criteria:
+ *   - Valid, compilable regex
+ *   - High or critical severity preferred
+ *   - General-purpose (not tied to a specific project)
+ *   - Good coverage across categories (security, error handling, etc.)
+ *   - Useful fixDescription
+ *
+ * All starter rules have `source: "bundled"` to distinguish them from
+ * user-harvested rules. Local rules with the same ID take precedence.
+ */
+import type { LearnedRule } from './types.js';
+export declare const STARTER_RULES: readonly LearnedRule[];