npm - tryassay - Versions diffs - 0.29.0 → 0.31.0 - Mend

tryassay 0.29.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/dist/cli.js +21 -0
package/dist/cli.js.map +1 -1
package/dist/commands/catalog-push.d.ts +7 -0
package/dist/commands/catalog-push.js +47 -0
package/dist/commands/catalog-push.js.map +1 -0
package/dist/commands/generate.js +1 -0
package/dist/commands/generate.js.map +1 -1
package/dist/commands/harvest.d.ts +9 -0
package/dist/commands/harvest.js +76 -0
package/dist/commands/harvest.js.map +1 -0
package/dist/lib/__tests__/learned-rules.test.d.ts +1 -0
package/dist/lib/__tests__/learned-rules.test.js +260 -0
package/dist/lib/__tests__/learned-rules.test.js.map +1 -0
package/dist/lib/__tests__/pr-harvester-types.test.d.ts +1 -0
package/dist/lib/__tests__/pr-harvester-types.test.js +43 -0
package/dist/lib/__tests__/pr-harvester-types.test.js.map +1 -0
package/dist/lib/__tests__/pr-harvester.test.d.ts +1 -0
package/dist/lib/__tests__/pr-harvester.test.js +341 -0
package/dist/lib/__tests__/pr-harvester.test.js.map +1 -0
package/dist/lib/__tests__/rule-harvester.test.d.ts +1 -0
package/dist/lib/__tests__/rule-harvester.test.js +526 -0
package/dist/lib/__tests__/rule-harvester.test.js.map +1 -0
package/dist/lib/learned-rules/category-map.d.ts +28 -0
package/dist/lib/learned-rules/category-map.js +110 -0
package/dist/lib/learned-rules/category-map.js.map +1 -0
package/dist/lib/learned-rules/index.d.ts +107 -0
package/dist/lib/learned-rules/index.js +198 -0
package/dist/lib/learned-rules/index.js.map +1 -0
package/dist/lib/learned-rules/learned-catalog.d.ts +62 -0
package/dist/lib/learned-rules/learned-catalog.js +161 -0
package/dist/lib/learned-rules/learned-catalog.js.map +1 -0
package/dist/lib/learned-rules/pattern-extractor.d.ts +25 -0
package/dist/lib/learned-rules/pattern-extractor.js +351 -0
package/dist/lib/learned-rules/pattern-extractor.js.map +1 -0
package/dist/lib/learned-rules/rule-codifier.d.ts +41 -0
package/dist/lib/learned-rules/rule-codifier.js +138 -0
package/dist/lib/learned-rules/rule-codifier.js.map +1 -0
package/dist/lib/learned-rules/starter-catalog.d.ts +16 -0
package/dist/lib/learned-rules/starter-catalog.js +402 -0
package/dist/lib/learned-rules/starter-catalog.js.map +1 -0
package/dist/lib/learned-rules/types.d.ts +196 -0
package/dist/lib/learned-rules/types.js +9 -0
package/dist/lib/learned-rules/types.js.map +1 -0
package/dist/lib/learned-rules/validation-harness.d.ts +26 -0
package/dist/lib/learned-rules/validation-harness.js +260 -0
package/dist/lib/learned-rules/validation-harness.js.map +1 -0
package/dist/lib/rule-harvester/diff-parser.d.ts +9 -0
package/dist/lib/rule-harvester/diff-parser.js +77 -0
package/dist/lib/rule-harvester/diff-parser.js.map +1 -0
package/dist/lib/rule-harvester/file-selector.d.ts +10 -0
package/dist/lib/rule-harvester/file-selector.js +59 -0
package/dist/lib/rule-harvester/file-selector.js.map +1 -0
package/dist/lib/rule-harvester/ground-truth.d.ts +19 -0
package/dist/lib/rule-harvester/ground-truth.js +156 -0
package/dist/lib/rule-harvester/ground-truth.js.map +1 -0
package/dist/lib/rule-harvester/harvest.d.ts +26 -0
package/dist/lib/rule-harvester/harvest.js +307 -0
package/dist/lib/rule-harvester/harvest.js.map +1 -0
package/dist/lib/rule-harvester/pr-discovery.d.ts +49 -0
package/dist/lib/rule-harvester/pr-discovery.js +168 -0
package/dist/lib/rule-harvester/pr-discovery.js.map +1 -0
package/dist/lib/rule-harvester/pr-harvest.d.ts +53 -0
package/dist/lib/rule-harvester/pr-harvest.js +326 -0
package/dist/lib/rule-harvester/pr-harvest.js.map +1 -0
package/dist/lib/rule-harvester/progress.d.ts +13 -0
package/dist/lib/rule-harvester/progress.js +50 -0
package/dist/lib/rule-harvester/progress.js.map +1 -0
package/dist/lib/rule-harvester/reporter.d.ts +35 -0
package/dist/lib/rule-harvester/reporter.js +46 -0
package/dist/lib/rule-harvester/reporter.js.map +1 -0
package/dist/lib/rule-harvester/rule-generalizer.d.ts +25 -0
package/dist/lib/rule-harvester/rule-generalizer.js +135 -0
package/dist/lib/rule-harvester/rule-generalizer.js.map +1 -0
package/dist/lib/rule-harvester/scanner.d.ts +20 -0
package/dist/lib/rule-harvester/scanner.js +37 -0
package/dist/lib/rule-harvester/scanner.js.map +1 -0
package/dist/sdk/api-client.d.ts +65 -0
package/dist/sdk/api-client.js +41 -0
package/dist/sdk/api-client.js.map +1 -0
package/dist/sdk/forward-verify.d.ts +3 -1
package/dist/sdk/forward-verify.js +138 -5
package/dist/sdk/forward-verify.js.map +1 -1
package/dist/sdk/index.d.ts +1 -1
package/dist/sdk/types.d.ts +21 -0
package/package.json +1 -1

package/dist/lib/learned-rules/pattern-extractor.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Pattern Extractor — extracts generalizable detection patterns from confirmed LLM findings.
+ *
+ * This is the core of Phase 1: Self-Expanding Formal Verification.
+ * When the LLM finds a real bug and it's confirmed, this module
+ * analyzes the code and finding to extract a regex pattern that
+ * would catch the same class of bug deterministically.
+ *
+ * The extracted pattern becomes a formal rule — no LLM needed for
+ * future instances of the same bug class.
+ */
+import type { PatternExtractionInput, PatternExtractionResult } from './types.js';
+/** Reset counter (for testing). */
+export declare function resetPatternCounter(start?: number): void;
+/**
+ * Extract a generalizable detection pattern from a confirmed LLM finding.
+ *
+ * @param input - The confirmed finding with code context.
+ * @returns The extraction result with pattern or failure reason.
+ */
+export declare function extractPattern(input: PatternExtractionInput): PatternExtractionResult;
+/**
+ * Get the list of claim categories that have extraction strategies.
+ */
+export declare function getSupportedCategories(): string[];

package/dist/lib/learned-rules/pattern-extractor.js ADDED Viewed

@@ -0,0 +1,351 @@
+/**
+ * Pattern Extractor — extracts generalizable detection patterns from confirmed LLM findings.
+ *
+ * This is the core of Phase 1: Self-Expanding Formal Verification.
+ * When the LLM finds a real bug and it's confirmed, this module
+ * analyzes the code and finding to extract a regex pattern that
+ * would catch the same class of bug deterministically.
+ *
+ * The extracted pattern becomes a formal rule — no LLM needed for
+ * future instances of the same bug class.
+ */
+// ── Language Helpers ──────────────────────────────────────────
+function langGroup(language) {
+    const lang = language.toLowerCase();
+    if (['typescript', 'ts', 'tsx'].includes(lang))
+        return ['ts', 'tsx', 'typescript'];
+    if (['javascript', 'js', 'jsx'].includes(lang))
+        return ['js', 'jsx', 'javascript'];
+    if (['python', 'py'].includes(lang))
+        return ['py', 'python'];
+    if (['go', 'golang'].includes(lang))
+        return ['go', 'golang'];
+    return [lang];
+}
+function fileGlobForLang(language) {
+    const lang = language.toLowerCase();
+    if (['typescript', 'ts', 'tsx', 'javascript', 'js', 'jsx'].includes(lang)) {
+        return '**/*.{ts,tsx,js,jsx}';
+    }
+    if (['python', 'py'].includes(lang))
+        return '**/*.py';
+    if (['go', 'golang'].includes(lang))
+        return '**/*.go';
+    if (['rust', 'rs'].includes(lang))
+        return '**/*.rs';
+    if (['java'].includes(lang))
+        return '**/*.java';
+    return '**/*';
+}
+// ── ID Generation ────────────────────────────────────────────
+let patternCounter = 0;
+function nextPatternId() {
+    patternCounter++;
+    return `lp_${String(patternCounter).padStart(4, '0')}`;
+}
+/** Reset counter (for testing). */
+export function resetPatternCounter(start = 0) {
+    patternCounter = start;
+}
+// ── Extraction Strategies ────────────────────────────────────
+/**
+ * Strategy: Missing error handling.
+ * If the LLM found that error handling is missing, extract a pattern
+ * that checks for try/catch, .catch(), or error callbacks near
+ * async operations.
+ */
+const missingErrorHandling = {
+    categories: ['error-handling'],
+    extract(input) {
+        const { claim, code, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        // Only handle "missing error handling" findings
+        if (!/(?:missing|no|lacks?|without|absent)\s+(?:error|exception)\s+(?:handling|catching|recovery)/i.test(text) &&
+            !/(?:does\s+not|doesn't)\s+(?:handle|catch)\s+(?:errors?|exceptions?|failures?)/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        // Extract the specific operation that needs error handling
+        const asyncOpMatch = code.match(/(?:await\s+(\w+(?:\.\w+)*)\s*\()|(?:(\w+(?:\.\w+)*)\s*\(\s*\)\.then)/);
+        let pattern;
+        let description;
+        if (asyncOpMatch) {
+            const op = asyncOpMatch[1] || asyncOpMatch[2];
+            // Pattern: this specific async call without surrounding try/catch
+            pattern = `(?:await\\s+${escapeRegex(op)}\\s*\\()`;
+            description = `Async call to '${op}' without error handling`;
+        }
+        else if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Generic: any fetch/API call without error handling nearby
+            pattern = '\\bfetch\\s*\\([^)]*\\)(?![\\s\\S]{0,200}(?:\\.catch|try\\s*\\{|catch\\s*\\())';
+            description = 'Fetch call without error handling within 200 characters';
+        }
+        else if (['py', 'python'].includes(lang)) {
+            pattern = '(?:requests\\.(?:get|post|put|delete|patch)\\s*\\()(?![\\s\\S]{0,200}(?:except|try\\s*:))';
+            description = 'HTTP request without error handling within 200 characters';
+        }
+        else {
+            return null; // Can't generalize for this language
+        }
+        return {
+            id: nextPatternId(),
+            description,
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'error-handling',
+            severity: claim.severity === 'low' ? 'medium' : claim.severity,
+            evidenceTemplate: `Missing error handling: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: SQL injection via string concatenation.
+ * Extracts patterns for detecting SQL built from string concatenation.
+ */
+const sqlInjection = {
+    categories: ['security'],
+    extract(input) {
+        const { claim, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/sql\s+injection|string\s+concatenat.*sql|unsanitized.*sql|sql.*interpolat/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        let pattern;
+        if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Template literals with SQL keywords and interpolation
+            pattern = '`[^`]*(?:SELECT|INSERT|UPDATE|DELETE|DROP|ALTER)\\s[^`]*\\$\\{(?!\\d)';
+        }
+        else if (['py', 'python'].includes(lang)) {
+            // f-strings or .format() with SQL
+            pattern = '(?:f[\'"][^\'"]*(?:SELECT|INSERT|UPDATE|DELETE)|\\.format\\s*\\([^)]*\\).*(?:SELECT|INSERT|UPDATE|DELETE))';
+        }
+        else {
+            // Generic string concat with SQL
+            pattern = '(?:SELECT|INSERT|UPDATE|DELETE|DROP)\\s[^"\']*\\+\\s*\\w+';
+        }
+        return {
+            id: nextPatternId(),
+            description: 'SQL query built with string interpolation/concatenation',
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'security',
+            severity: 'critical',
+            evidenceTemplate: `SQL injection risk: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Missing null/undefined check.
+ * When LLM finds that a function doesn't validate its inputs for null.
+ */
+const missingNullCheck = {
+    categories: ['edge-case', 'correctness'],
+    extract(input) {
+        const { claim, code, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:null|undefined|nil|none)\s+(?:check|guard|validation|handling)/i.test(text) &&
+            !/(?:does\s+not|doesn't)\s+(?:check|validate|guard|handle)\s+(?:null|undefined|nil|none)/i.test(text)) {
+            return null;
+        }
+        // Try to extract the specific function/variable name
+        const funcMatch = code.match(/(?:function|const|let|var)\s+(\w+)\s*(?:=\s*(?:async\s+)?)?(?:\([^)]*\)|=>|\{)/);
+        if (!funcMatch)
+            return null;
+        const funcName = funcMatch[1];
+        const lang = language.toLowerCase();
+        let pattern;
+        if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Function that takes params but doesn't check for null/undefined
+            pattern = `(?:function\\s+${escapeRegex(funcName)}|(?:const|let|var)\\s+${escapeRegex(funcName)}\\s*=)\\s*(?:async\\s+)?\\([^)]+\\)[^{]*\\{(?![\\s\\S]{0,300}(?:!==?\\s*(?:null|undefined)|===?\\s*(?:null|undefined)|\\?\\.))`;
+        }
+        else {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: `Function '${funcName}' does not validate inputs for null/undefined`,
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: claim.category,
+            severity: claim.severity === 'low' ? 'medium' : claim.severity,
+            evidenceTemplate: `Missing null check in function '{match}' in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Hardcoded secrets/credentials.
+ * When LLM finds API keys, tokens, or passwords hardcoded in source.
+ */
+const hardcodedSecrets = {
+    categories: ['security'],
+    extract(input) {
+        const { claim } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:hardcod|embed|literal)\w*\s+(?:secret|key|token|password|credential|api.?key)/i.test(text) &&
+            !/(?:secret|key|token|password|credential|api.?key)\s+(?:hardcod|embed|literal)/i.test(text)) {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: 'Hardcoded secret, API key, token, or password in source code',
+            kind: 'regex',
+            languages: [], // All languages
+            regexPattern: "(?:api[_-]?key|secret|password|token|auth)\\s*[:=]\\s*['\"`][A-Za-z0-9+/=_-]{20,}['\"`]",
+            fileGlob: '**/*.{ts,tsx,js,jsx,py,go,java,rs}',
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'security',
+            severity: 'critical',
+            evidenceTemplate: `Hardcoded secret found: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Missing input validation.
+ * When LLM finds that user input isn't validated before use.
+ */
+const missingInputValidation = {
+    categories: ['security', 'correctness'],
+    extract(input) {
+        const { claim, code, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:missing|no|lacks?|without)\s+(?:input|user|request)\s+validation/i.test(text) &&
+            !/(?:does\s+not|doesn't)\s+(?:validate|sanitize|check)\s+(?:input|user|request)/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        let pattern;
+        if (['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            // Express/Node: req.body used without validation
+            if (code.includes('req.body') || code.includes('req.params') || code.includes('req.query')) {
+                pattern = '(?:req\\.(?:body|params|query))(?![\\s\\S]{0,100}(?:validate|parse|schema|zod|joi|yup))';
+            }
+            else {
+                return null;
+            }
+        }
+        else if (['py', 'python'].includes(lang)) {
+            // Flask/Django: request data used without validation
+            pattern = '(?:request\\.(?:json|form|args|data))(?![\\s\\S]{0,100}(?:validate|schema|marshmallow|pydantic))';
+        }
+        else {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: 'User input used without validation or sanitization',
+            kind: 'regex',
+            languages: langGroup(language),
+            regexPattern: pattern,
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'security',
+            severity: 'high',
+            evidenceTemplate: `Unvalidated input: {match} in {file}`,
+        };
+    },
+};
+/**
+ * Strategy: Unhandled promise rejection.
+ * When LLM finds async operations without await or .catch().
+ */
+const unhandledPromise = {
+    categories: ['error-handling', 'correctness'],
+    extract(input) {
+        const { claim, language } = input;
+        const text = `${claim.description} ${claim.assertion}`.toLowerCase();
+        if (!/(?:unhandled|floating|detached)\s+promise/i.test(text) &&
+            !/promise\s+(?:not\s+)?(?:awaited|handled|caught)/i.test(text)) {
+            return null;
+        }
+        const lang = language.toLowerCase();
+        if (!['ts', 'tsx', 'typescript', 'js', 'jsx', 'javascript'].includes(lang)) {
+            return null;
+        }
+        return {
+            id: nextPatternId(),
+            description: 'Promise-returning call without await or .catch()',
+            kind: 'regex',
+            languages: langGroup(language),
+            // Match function calls that likely return promises but aren't awaited
+            // Look for common async patterns without await
+            regexPattern: '(?<!await\\s)(?<!return\\s)\\b(?:fetch|axios\\.\\w+|\\w+\\.save|\\w+\\.delete|\\w+\\.update)\\s*\\([^)]*\\)(?!\\s*\\.(?:then|catch))',
+            fileGlob: fileGlobForLang(language),
+            matchBehavior: 'presence_is_bad',
+            claimCategory: 'error-handling',
+            severity: 'high',
+            evidenceTemplate: `Unhandled promise: {match} in {file}`,
+        };
+    },
+};
+// ── Registry ─────────────────────────────────────────────────
+const STRATEGIES = [
+    missingErrorHandling,
+    sqlInjection,
+    missingNullCheck,
+    hardcodedSecrets,
+    missingInputValidation,
+    unhandledPromise,
+];
+// ── Helpers ──────────────────────────────────────────────────
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+// ── Public API ───────────────────────────────────────────────
+/**
+ * Extract a generalizable detection pattern from a confirmed LLM finding.
+ *
+ * @param input - The confirmed finding with code context.
+ * @returns The extraction result with pattern or failure reason.
+ */
+export function extractPattern(input) {
+    // Only process confirmed failures
+    if (input.verification.verdict !== 'FAIL') {
+        return {
+            success: false,
+            failureReason: `Verdict is '${input.verification.verdict}', not 'FAIL'. Only confirmed failures can generate rules.`,
+        };
+    }
+    // Try each strategy in order
+    for (const strategy of STRATEGIES) {
+        if (!strategy.categories.includes(input.claim.category))
+            continue;
+        const pattern = strategy.extract(input);
+        if (pattern) {
+            // Validate the regex compiles
+            try {
+                new RegExp(pattern.regexPattern);
+            }
+            catch {
+                continue; // Skip patterns that don't compile
+            }
+            return { success: true, pattern };
+        }
+    }
+    return {
+        success: false,
+        failureReason: `No extraction strategy matched claim category '${input.claim.category}' with description: ${input.claim.description}`,
+    };
+}
+/**
+ * Get the list of claim categories that have extraction strategies.
+ */
+export function getSupportedCategories() {
+    const categories = new Set();
+    for (const strategy of STRATEGIES) {
+        for (const cat of strategy.categories) {
+            categories.add(cat);
+        }
+    }
+    return [...categories];
+}
+//# sourceMappingURL=pattern-extractor.js.map

package/dist/lib/learned-rules/pattern-extractor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pattern-extractor.js","sourceRoot":"","sources":["../../../src/lib/learned-rules/pattern-extractor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAqBH,iEAAiE;AAEjE,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnF,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACnF,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1E,OAAO,sBAAsB,CAAC;IAChC,CAAC;IACD,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACtD,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,WAAW,CAAC;IAChD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gEAAgE;AAEhE,IAAI,cAAc,GAAG,CAAC,CAAC;AAEvB,SAAS,aAAa;IACpB,cAAc,EAAE,CAAC;IACjB,OAAO,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,mBAAmB,CAAC,KAAK,GAAG,CAAC;IAC3C,cAAc,GAAG,KAAK,CAAC;AACzB,CAAC;AAED,gEAAgE;AAEhE;;;;;GAKG;AACH,MAAM,oBAAoB,GAAuB;IAC/C,UAAU,EAAE,CAAC,gBAAgB,CAAC;IAC9B,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,gDAAgD;QAChD,IAAI,CAAC,8FAA8F,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1G,CAAC,gFAAgF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAEpC,2DAA2D;QAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAC7B,sEAAsE,CACvE,CAAC;QAEF,IAAI,OAAe,CAAC;QACpB,IAAI,WAAmB,CAAC;QAExB,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9C,kEAAkE;YAClE,OAAO,GAAG,eAAe,WAAW,CAAC,EAAE,CAAC,UAAU,CAAC;YACnD,WAAW,GAAG,kBAAkB,EAAE,0BAA0B,CAAC;QAC/D,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,4DAA4D;YAC5D,OAAO,GAAG,gFAAgF,CAAC;YAC3F,WAAW,GAAG,yDAAyD,CAAC;QAC1E,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,OAAO,GAAG,2FAA2F,CAAC;YACtG,WAAW,GAAG,2DAA2D,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,CAAC,qCAAqC;QACpD,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW;YACX,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,gBAAgB;YAC/B,QAAQ,EAAE,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAA0C;YAChG,gBAAgB,EAAE,2CAA2C;SAC9D,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,YAAY,GAAuB;IACvC,UAAU,EAAE,CAAC,UAAU,CAAC;IACxB,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,4EAA4E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7F,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,OAAe,CAAC;QAEpB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1E,wDAAwD;YACxD,OAAO,GAAG,uEAAuE,CAAC;QACpF,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,kCAAkC;YAClC,OAAO,GAAG,4GAA4G,CAAC;QACzH,CAAC;aAAM,CAAC;YACN,iCAAiC;YACjC,OAAO,GAAG,2DAA2D,CAAC;QACxE,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,yDAAyD;YACtE,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,UAAU;YACzB,QAAQ,EAAE,UAAU;YACpB,gBAAgB,EAAE,uCAAuC;SAC1D,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,UAAU,EAAE,CAAC,WAAW,EAAE,aAAa,CAAC;IACxC,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC;YAChF,CAAC,yFAAyF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1G,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qDAAqD;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAC1B,gFAAgF,CACjF,CAAC;QAEF,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QAEpC,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1E,kEAAkE;YAClE,OAAO,GAAG,kBAAkB,WAAW,CAAC,QAAQ,CAAC,yBAAyB,WAAW,CAAC,QAAQ,CAAC,gIAAgI,CAAC;QAClO,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,aAAa,QAAQ,+CAA+C;YACjF,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,KAAK,CAAC,QAAQ;YAC7B,QAAQ,EAAE,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAA0C;YAChG,gBAAgB,EAAE,oDAAoD;SACvE,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,UAAU,EAAE,CAAC,UAAU,CAAC;IACxB,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QACxB,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,mFAAmF,CAAC,IAAI,CAAC,IAAI,CAAC;YAC/F,CAAC,gFAAgF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,8DAA8D;YAC3E,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,EAAE,EAAG,gBAAgB;YAChC,YAAY,EAAE,yFAAyF;YACvG,QAAQ,EAAE,oCAAoC;YAC9C,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,UAAU;YACzB,QAAQ,EAAE,UAAU;YACpB,gBAAgB,EAAE,2CAA2C;SAC9D,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAuB;IACjD,UAAU,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC;IACvC,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACxC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,sEAAsE,CAAC,IAAI,CAAC,IAAI,CAAC;YAClF,CAAC,gFAAgF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,OAAe,CAAC;QAEpB,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1E,iDAAiD;YACjD,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3F,OAAO,GAAG,yFAAyF,CAAC;YACtG,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,qDAAqD;YACrD,OAAO,GAAG,kGAAkG,CAAC;QAC/G,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,oDAAoD;YACjE,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,YAAY,EAAE,OAAO;YACrB,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,UAAU;YACzB,QAAQ,EAAE,MAAM;YAChB,gBAAgB,EAAE,sCAAsC;SACzD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAuB;IAC3C,UAAU,EAAE,CAAC,gBAAgB,EAAE,aAAa,CAAC;IAC7C,OAAO,CAAC,KAAK;QACX,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC;QAErE,IAAI,CAAC,4CAA4C,CAAC,IAAI,CAAC,IAAI,CAAC;YACxD,CAAC,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,EAAE,EAAE,aAAa,EAAE;YACnB,WAAW,EAAE,kDAAkD;YAC/D,IAAI,EAAE,OAAO;YACb,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC;YAC9B,sEAAsE;YACtE,+CAA+C;YAC/C,YAAY,EAAE,sIAAsI;YACpJ,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,aAAa,EAAE,iBAAiB;YAChC,aAAa,EAAE,gBAAgB;YAC/B,QAAQ,EAAE,MAAM;YAChB,gBAAgB,EAAE,sCAAsC;SACzD,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,gEAAgE;AAEhE,MAAM,UAAU,GAAkC;IAChD,oBAAoB;IACpB,YAAY;IACZ,gBAAgB;IAChB,gBAAgB;IAChB,sBAAsB;IACtB,gBAAgB;CACjB,CAAC;AAEF,gEAAgE;AAEhE,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED,gEAAgE;AAEhE;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,KAA6B;IAC1D,kCAAkC;IAClC,IAAI,KAAK,CAAC,YAAY,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;QAC1C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,aAAa,EAAE,eAAe,KAAK,CAAC,YAAY,CAAC,OAAO,4DAA4D;SACrH,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC;YAAE,SAAS;QAElE,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,OAAO,EAAE,CAAC;YACZ,8BAA8B;YAC9B,IAAI,CAAC;gBACH,IAAI,MAAM,CAAC,OAAO,CAAC,YAAa,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,mCAAmC;YAC/C,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,aAAa,EAAE,kDAAkD,KAAK,CAAC,KAAK,CAAC,QAAQ,uBAAuB,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;KACtI,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACtC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,UAAU,CAAC,CAAC;AACzB,CAAC"}

package/dist/lib/learned-rules/rule-codifier.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Rule Codifier — converts extracted patterns into executable formal checks.
+ *
+ * Takes an ExtractedPattern and produces a LearnedRule that can run
+ * alongside hand-crafted rules in the formal verifier.
+ *
+ * Current implementation: regex-based rules only.
+ * Future: AST patterns (tree-sitter), type constraints (ts-morph).
+ */
+import type { ExtractedPattern, LearnedRule, PatternExtractionInput } from './types.js';
+/** Reset counter (for testing). */
+export declare function resetRuleCounter(start?: number): void;
+/**
+ * Create a new learned rule from an extracted pattern and its source finding.
+ *
+ * The rule starts in 'candidate' status and must pass validation
+ * before being promoted to 'validated' and then 'promoted'.
+ */
+export declare function codifyRule(pattern: ExtractedPattern, input: PatternExtractionInput): LearnedRule;
+/**
+ * Execute a learned rule against a code string.
+ *
+ * Returns true if the rule fires (detects a potential issue).
+ */
+export declare function executeRule(rule: LearnedRule, code: string, language: string): {
+    fires: boolean;
+    matches: string[];
+};
+/**
+ * Merge a new source finding into an existing rule.
+ * This happens when the same pattern is extracted from a different finding.
+ */
+export declare function mergeSourceFinding(rule: LearnedRule, input: PatternExtractionInput): LearnedRule;
+/**
+ * Update rule status through the lifecycle.
+ */
+export declare function updateRuleStatus(rule: LearnedRule, status: LearnedRule['status']): LearnedRule;
+/**
+ * Record that a rule fired and was confirmed/rejected by a human or auto-confirmation.
+ */
+export declare function recordRuleFire(rule: LearnedRule, wasCorrect: boolean): LearnedRule;

package/dist/lib/learned-rules/rule-codifier.js ADDED Viewed

@@ -0,0 +1,138 @@
+/**
+ * Rule Codifier — converts extracted patterns into executable formal checks.
+ *
+ * Takes an ExtractedPattern and produces a LearnedRule that can run
+ * alongside hand-crafted rules in the formal verifier.
+ *
+ * Current implementation: regex-based rules only.
+ * Future: AST patterns (tree-sitter), type constraints (ts-morph).
+ */
+// ── Rule ID Generation ───────────────────────────────────────
+let ruleCounter = 0;
+function nextRuleId() {
+    ruleCounter++;
+    return `lr_${String(ruleCounter).padStart(4, '0')}`;
+}
+/** Reset counter (for testing). */
+export function resetRuleCounter(start = 0) {
+    ruleCounter = start;
+}
+// ── Rule Creation ────────────────────────────────────────────
+/**
+ * Create a new learned rule from an extracted pattern and its source finding.
+ *
+ * The rule starts in 'candidate' status and must pass validation
+ * before being promoted to 'validated' and then 'promoted'.
+ */
+export function codifyRule(pattern, input) {
+    const now = new Date().toISOString();
+    const sourceFinding = {
+        claimId: input.claim.id,
+        claimDescription: input.claim.description,
+        codeSnippet: truncateCode(input.code, 500),
+        filePath: input.filePath,
+        language: input.language,
+        timestamp: now,
+    };
+    return {
+        id: nextRuleId(),
+        pattern,
+        status: 'candidate',
+        createdAt: now,
+        updatedAt: now,
+        fireCount: 0,
+        truePositiveCount: 0,
+        falsePositiveCount: 0,
+        sourceFindings: [sourceFinding],
+    };
+}
+/**
+ * Execute a learned rule against a code string.
+ *
+ * Returns true if the rule fires (detects a potential issue).
+ */
+export function executeRule(rule, code, language) {
+    const pattern = rule.pattern;
+    // Check language applicability
+    if (pattern.languages.length > 0) {
+        const langLower = language.toLowerCase();
+        if (!pattern.languages.some(l => l.toLowerCase() === langLower)) {
+            return { fires: false, matches: [] };
+        }
+    }
+    // Currently only regex patterns are supported
+    if (pattern.kind !== 'regex' || !pattern.regexPattern) {
+        return { fires: false, matches: [] };
+    }
+    try {
+        const regex = new RegExp(pattern.regexPattern, 'gi');
+        const matches = [];
+        let match;
+        while ((match = regex.exec(code)) !== null) {
+            matches.push(match[0]);
+            // Prevent infinite loops on zero-length matches
+            if (match[0].length === 0)
+                regex.lastIndex++;
+        }
+        if (pattern.matchBehavior === 'presence_is_bad') {
+            return { fires: matches.length > 0, matches };
+        }
+        else {
+            // absence_is_bad: fires when pattern is NOT found
+            return { fires: matches.length === 0, matches: [] };
+        }
+    }
+    catch {
+        // Invalid regex — rule should be rejected
+        return { fires: false, matches: [] };
+    }
+}
+/**
+ * Merge a new source finding into an existing rule.
+ * This happens when the same pattern is extracted from a different finding.
+ */
+export function mergeSourceFinding(rule, input) {
+    const now = new Date().toISOString();
+    const newFinding = {
+        claimId: input.claim.id,
+        claimDescription: input.claim.description,
+        codeSnippet: truncateCode(input.code, 500),
+        filePath: input.filePath,
+        language: input.language,
+        timestamp: now,
+    };
+    return {
+        ...rule,
+        updatedAt: now,
+        sourceFindings: [...rule.sourceFindings, newFinding],
+    };
+}
+/**
+ * Update rule status through the lifecycle.
+ */
+export function updateRuleStatus(rule, status) {
+    return {
+        ...rule,
+        status,
+        updatedAt: new Date().toISOString(),
+    };
+}
+/**
+ * Record that a rule fired and was confirmed/rejected by a human or auto-confirmation.
+ */
+export function recordRuleFire(rule, wasCorrect) {
+    return {
+        ...rule,
+        fireCount: rule.fireCount + 1,
+        truePositiveCount: rule.truePositiveCount + (wasCorrect ? 1 : 0),
+        falsePositiveCount: rule.falsePositiveCount + (wasCorrect ? 0 : 1),
+        updatedAt: new Date().toISOString(),
+    };
+}
+// ── Helpers ──────────────────────────────────────────────────
+function truncateCode(code, maxLength) {
+    if (code.length <= maxLength)
+        return code;
+    return code.slice(0, maxLength) + '\n// ... truncated';
+}
+//# sourceMappingURL=rule-codifier.js.map

package/dist/lib/learned-rules/rule-codifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rule-codifier.js","sourceRoot":"","sources":["../../../src/lib/learned-rules/rule-codifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,gEAAgE;AAEhE,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,SAAS,UAAU;IACjB,WAAW,EAAE,CAAC;IACd,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;AACtD,CAAC;AAED,mCAAmC;AACnC,MAAM,UAAU,gBAAgB,CAAC,KAAK,GAAG,CAAC;IACxC,WAAW,GAAG,KAAK,CAAC;AACtB,CAAC;AAED,gEAAgE;AAEhE;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CACxB,OAAyB,EACzB,KAA6B;IAE7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;QACvB,gBAAgB,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW;QACzC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC;QAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,UAAU,EAAE;QAChB,OAAO;QACP,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,CAAC;QACZ,iBAAiB,EAAE,CAAC;QACpB,kBAAkB,EAAE,CAAC;QACrB,cAAc,EAAE,CAAC,aAAa,CAAC;KAChC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CACzB,IAAiB,EACjB,IAAY,EACZ,QAAgB;IAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAE7B,+BAA+B;IAC/B,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,EAAE,CAAC;YAChE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACvC,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,KAA6B,CAAC;QAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,gDAAgD;YAChD,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,KAAK,CAAC,SAAS,EAAE,CAAC;QAC/C,CAAC;QAED,IAAI,OAAO,CAAC,aAAa,KAAK,iBAAiB,EAAE,CAAC;YAChD,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,OAAO,EAAE,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,kDAAkD;YAClD,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,IAAiB,EACjB,KAA6B;IAE7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,MAAM,UAAU,GAAkB;QAChC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE;QACvB,gBAAgB,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW;QACzC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC;QAC1C,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,GAAG;KACf,CAAC;IAEF,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,GAAG;QACd,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,EAAE,UAAU,CAAC;KACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAiB,EACjB,MAA6B;IAE7B,OAAO;QACL,GAAG,IAAI;QACP,MAAM;QACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,IAAiB,EACjB,UAAmB;IAEnB,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,IAAI,CAAC,SAAS,GAAG,CAAC;QAC7B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChE,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED,gEAAgE;AAEhE,SAAS,YAAY,CAAC,IAAY,EAAE,SAAiB;IACnD,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,oBAAoB,CAAC;AACzD,CAAC"}

package/dist/lib/learned-rules/starter-catalog.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Starter Catalog — ~15 high-signal learned rules that ship with the npm package.
+ *
+ * These rules were curated from 214 rules harvested from real PR diffs in
+ * popular open-source TypeScript projects. Selection criteria:
+ *   - Valid, compilable regex
+ *   - High or critical severity preferred
+ *   - General-purpose (not tied to a specific project)
+ *   - Good coverage across categories (security, error handling, etc.)
+ *   - Useful fixDescription
+ *
+ * All starter rules have `source: "bundled"` to distinguish them from
+ * user-harvested rules. Local rules with the same ID take precedence.
+ */
+import type { LearnedRule } from './types.js';
+export declare const STARTER_RULES: readonly LearnedRule[];