tryassay 0.31.0 → 0.33.0

package/dist/lib/chain-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chain-analyzer.js","sourceRoot":"","sources":["../../src/lib/chain-analyzer.ts"],"names":[],"mappings":"AA0BA,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,CAAC;QAC5D,KAAK,EAAE,CAAC,eAAe,EAAE,8BAA8B,EAAE,gBAAgB,CAAC;QAC1E,MAAM,EAAE,gDAAgD;QACxD,gBAAgB,EAAE,UAAU;KAC7B;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,iBAAiB,EAAE,sBAAsB,EAAE,8BAA8B,CAAC;QAClF,KAAK,EAAE,CAAC,kBAAkB,EAAE,kBAAkB,EAAE,sBAAsB,CAAC;QACvE,MAAM,EAAE,uCAAuC;QAC/C,gBAAgB,EAAE,UAAU;KAC7B;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,aAAa,EAAE,eAAe,EAAE,WAAW,CAAC;QACpD,KAAK,EAAE,CAAC,eAAe,EAAE,SAAS,EAAE,uBAAuB,CAAC;QAC5D,MAAM,EAAE,yCAAyC;QACjD,gBAAgB,EAAE,MAAM;KACzB;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,eAAe,EAAE,oBAAoB,EAAE,oBAAoB,CAAC;QACpE,KAAK,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,cAAc,CAAC;QAC/C,MAAM,EAAE,sBAAsB;QAC9B,gBAAgB,EAAE,UAAU;KAC7B;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,kBAAkB,EAAE,SAAS,EAAE,YAAY,CAAC;QACpD,KAAK,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC;QACvD,MAAM,EAAE,qCAAqC;QAC7C,gBAAgB,EAAE,MAAM;KACzB;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,kBAAkB,EAAE,uBAAuB,EAAE,SAAS,CAAC;QAC/D,KAAK,EAAE,CAAC,aAAa,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;QAC/D,MAAM,EAAE,kCAAkC;QAC1C,gBAAgB,EAAE,UAAU;KAC7B;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,CAAC,MAAM,EAAE,sBAAsB,EAAE,iBAAiB,CAAC;QAC1D,KAAK,EAAE,CAAC,aAAa,EAAE,YAAY,EAAE,iBAAiB,EAAE,4BAA4B,CAAC;QACrF,MAAM,EAAE,6CAA6C;QACrD,gBAAgB,EAAE,UAAU;KAC7B;CACF,CAAC;AAEF,SAAS,WAAW,CAAC,OAAoB,EAAE,QAAkB;IAC3D,MAAM,IAAI,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IACrD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAuB;IAClD,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC;IAChE,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC;gBAAE,SAAS;YAClC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC;gBAAE,SAAS;YAE7C,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;gBAC7B,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC;oBAAE,SAAS;gBAC7C,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC;oBAAE,SAAS;gBAE7C,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EAAE,OAAO,CAAC,EAAE;oBACnB,QAAQ,EAAE,CAAC;oBACX,QAAQ,EAAE,CAAC;oBACX,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;iBAC3C,CAAC,CAAC;gBACH,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBACpB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,GAAG,EAAyB,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC;YAAE,SAAS;QAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,WAAW;gBACpB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;gBACtB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;gBACtB,MAAM,EAAE,qDAAqD;gBAC7D,gBAAgB,EAAE,MAAM;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/lib/change-classifier.d.ts

@@ -0,0 +1,3 @@
+export type ChangeCategory = 'string_literal' | 'comment' | 'css_style' | 'numeric_constant' | 'import_export' | 'type_definition' | 'logic' | 'unknown';
+export declare function classifyChange(oldText: string, newText: string, filePath: string): ChangeCategory;
+export declare function mapExperimentCategory(experimentCategory: string): ChangeCategory;

package/dist/lib/change-classifier.js

@@ -0,0 +1,97 @@
+const PRIORITY = {
+    string_literal: 0, comment: 1, css_style: 2, numeric_constant: 3,
+    logic: 4, type_definition: 5, import_export: 6, unknown: 4,
+};
+export function classifyChange(oldText, newText, filePath) {
+    if (!oldText && !newText)
+        return 'unknown';
+    // Diff-level check: if texts are structurally identical except for values, classify by content type
+    const oldNormalized = oldText.replace(/\d+/g, 'NUM');
+    const newNormalized = newText.replace(/\d+/g, 'NUM');
+    const onlyNumericDiff = oldNormalized === newNormalized && oldText !== newText;
+    const oldStrNorm = oldText.replace(/"[^"]*"/g, '"STR"').replace(/'[^']*'/g, "'STR'");
+    const newStrNorm = newText.replace(/"[^"]*"/g, '"STR"').replace(/'[^']*'/g, "'STR'");
+    const onlyStringDiff = oldStrNorm === newStrNorm && oldText !== newText;
+    if (onlyNumericDiff || onlyStringDiff) {
+        // Check if context is CSS before returning generic category
+        const isCssContext = /\b(Height|Width|Margin|Padding|Size|Color|Border|Font|Display|Position|style|className)\b/i.test(oldText) ||
+            /\d+(px|em|rem|%|vh|vw)/.test(oldText) || /\d+(px|em|rem|%|vh|vw)/.test(newText);
+        if (isCssContext)
+            return 'css_style';
+        if (onlyNumericDiff)
+            return 'numeric_constant';
+        return 'string_literal';
+    }
+    const oldLines = oldText.split('\n');
+    const newLines = newText.split('\n');
+    const addedLines = newLines.filter(l => !oldLines.includes(l));
+    const removedLines = oldLines.filter(l => !newLines.includes(l));
+    const changedContent = [...addedLines, ...removedLines].join('\n');
+    if (!changedContent.trim())
+        return 'unknown';
+    const categories = new Set();
+    for (const line of [...addedLines, ...removedLines]) {
+        const trimmed = line.trim();
+        if (!trimmed)
+            continue;
+        categories.add(classifyLine(trimmed, filePath));
+    }
+    if (categories.size === 0)
+        return 'unknown';
+    let highest = 'string_literal';
+    let highestPriority = -1;
+    for (const cat of categories) {
+        if (PRIORITY[cat] > highestPriority) {
+            highest = cat;
+            highestPriority = PRIORITY[cat];
+        }
+    }
+    return highest;
+}
+function classifyLine(line, filePath) {
+    if (/^\s*(import\s|export\s|from\s)/.test(line))
+        return 'import_export';
+    if (/^\s*export\s+(default\s+)?/.test(line))
+        return 'import_export';
+    if (/^\s*(type|interface)\s+\w+/.test(line))
+        return 'type_definition';
+    if (/:\s*(string|number|boolean|null|undefined|void|never|any)\s*[;,}]?\s*$/.test(line) && !line.includes('=') && !line.includes('('))
+        return 'type_definition';
+    if (/^\s*(\/\/|\/\*|\*\/|\*)/.test(line))
+        return 'comment';
+    if (/^\s*\w*(Height|Width|Margin|Padding|Size|Color|Border|Font|Display|Position)\s*[:=]/.test(line) ||
+        /^\s*(min|max)?(Height|Width)\s*[:=]/.test(line) ||
+        /^\s*style\s*[:=]/.test(line) ||
+        /^\s*className\s*[:=]/.test(line))
+        return 'css_style';
+    if (/^\s*['"]?\w+['"]?\s*:\s*['"]?\d+(px|em|rem|%|vh|vw)['"]?\s*[,;}]?$/.test(line))
+        return 'css_style';
+    if (/`[^`]*\$\{/.test(line))
+        return 'logic';
+    if (/^\s*"[^"]*"\s*[;,]?\s*$/.test(line) || /^\s*'[^']*'\s*[;,]?\s*$/.test(line))
+        return 'string_literal';
+    if (/^\s*(return\s+)?"[^"]*"\s*;?\s*$/.test(line) || /^\s*(return\s+)?'[^']*'\s*;?\s*$/.test(line))
+        return 'string_literal';
+    if (/^\s*(const|let|var)?\s*\w+\s*=\s*"[^"]*"\s*;?\s*$/.test(line) || /^\s*(const|let|var)?\s*\w+\s*=\s*'[^']*'\s*;?\s*$/.test(line))
+        return 'string_literal';
+    if (/^\s*(const|let|var)?\s*\w+\s*=\s*\d+/.test(line))
+        return 'numeric_constant';
+    if (/\b\d+\b/.test(line) && !/[a-zA-Z_]\w*\s*\(/.test(line) && !line.includes('import') && !line.includes('export')) {
+        const stripped = line.replace(/\d+/g, 'NUM');
+        if (/^\s*(return\s+)?.*NUM.*$/.test(stripped))
+            return 'numeric_constant';
+    }
+    if (/console\.(log|warn|error|info|debug)/.test(line))
+        return 'logic';
+    return 'logic';
+}
+export function mapExperimentCategory(experimentCategory) {
+    const mapping = {
+        string_constant: 'string_literal', css_styling: 'css_style', console_log: 'logic',
+        numeric_constant: 'numeric_constant', comment: 'comment',
+        missing_module: 'import_export', renamed_export: 'import_export', removed_export: 'import_export',
+        type_deletion: 'type_definition', type_incompatible: 'type_definition', generic_constraint: 'type_definition',
+    };
+    return mapping[experimentCategory] ?? 'unknown';
+}
+//# sourceMappingURL=change-classifier.js.map

package/dist/lib/change-classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"change-classifier.js","sourceRoot":"","sources":["../../src/lib/change-classifier.ts"],"names":[],"mappings":"AAEA,MAAM,QAAQ,GAAmC;IAC/C,cAAc,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAChE,KAAK,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;CAC3D,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,OAAe,EAAE,QAAgB;IAC/E,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAE3C,oGAAoG;IACpG,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,aAAa,KAAK,aAAa,IAAI,OAAO,KAAK,OAAO,CAAC;IAE/E,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACrF,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACrF,MAAM,cAAc,GAAG,UAAU,KAAK,UAAU,IAAI,OAAO,KAAK,OAAO,CAAC;IAExE,IAAI,eAAe,IAAI,cAAc,EAAE,CAAC;QACtC,4DAA4D;QAC5D,MAAM,YAAY,GAAG,4FAA4F,CAAC,IAAI,CAAC,OAAO,CAAC;YAC1G,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtG,IAAI,YAAY;YAAE,OAAO,WAAW,CAAC;QACrC,IAAI,eAAe;YAAE,OAAO,kBAAkB,CAAC;QAC/C,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,cAAc,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnE,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE;QAAE,OAAO,SAAS,CAAC;IAE7C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC7C,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAE5C,IAAI,OAAO,GAAmB,gBAAgB,CAAC;IAC/C,IAAI,eAAe,GAAG,CAAC,CAAC,CAAC;IACzB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,eAAe,EAAE,CAAC;YAAC,OAAO,GAAG,GAAG,CAAC;YAAC,eAAe,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAAC,CAAC;IAC1F,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,QAAgB;IAClD,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,eAAe,CAAC;IACxE,IAAI,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,eAAe,CAAC;IACpE,IAAI,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,iBAAiB,CAAC;IACtE,IAAI,wEAAwE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,iBAAiB,CAAC;IAChK,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAC3D,IAAI,qFAAqF,CAAC,IAAI,CAAC,IAAI,CAAC;QAChG,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC;QAChD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;QAC7B,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,WAAW,CAAC;IAC1D,IAAI,oEAAoE,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,WAAW,CAAC;IACxG,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5C,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC1G,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC5H,IAAI,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,mDAAmD,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAC9J,IAAI,sCAAsC,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACjF,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpH,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAI,0BAA0B,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,kBAAkB,CAAC;IAC3E,CAAC;IACD,IAAI,sCAAsC,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IACtE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,kBAA0B;IAC9D,MAAM,OAAO,GAAmC;QAC9C,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO;QACjF,gBAAgB,EAAE,kBAAkB,EAAE,OAAO,EAAE,SAAS;QACxD,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe;QACjG,aAAa,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,iBAAiB;KAC9G,CAAC;IACF,OAAO,OAAO,CAAC,kBAAkB,CAAC,IAAI,SAAS,CAAC;AAClD,CAAC"}

package/dist/lib/finding-dedup.d.ts

@@ -0,0 +1,2 @@
+export declare function hashFinding(repo: string, file: string, claimText: string): string;
+export declare function isDuplicate(hash: string, reportedFindings: string[]): boolean;

package/dist/lib/finding-dedup.js

@@ -0,0 +1,9 @@
+import { createHash } from 'node:crypto';
+export function hashFinding(repo, file, claimText) {
+    const normalized = [repo, file, claimText.replace(/\s+/g, ' ').trim().toLowerCase()].join('|');
+    return createHash('sha256').update(normalized).digest('hex').slice(0, 16);
+}
+export function isDuplicate(hash, reportedFindings) {
+    return reportedFindings.includes(hash);
+}
+//# sourceMappingURL=finding-dedup.js.map

package/dist/lib/finding-dedup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-dedup.js","sourceRoot":"","sources":["../../src/lib/finding-dedup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,IAAY,EAAE,SAAiB;IACvE,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/F,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,gBAA0B;IAClE,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC"}

package/dist/lib/issue-reporter.d.ts

@@ -0,0 +1,13 @@
+export interface FindingIssue {
+    repo: string;
+    program: string;
+    asset: string;
+    file: string;
+    claim: string;
+    severity: string;
+    reasoning: string;
+    chainId?: string;
+    chainImpact?: string;
+}
+export declare function findExistingIssue(hashPrefix: string): boolean;
+export declare function createFindingIssue(finding: FindingIssue, hashPrefix: string): void;

package/dist/lib/issue-reporter.js

@@ -0,0 +1,51 @@
+import { safeExecSync } from '../runtime/safe-executor.js';
+export function findExistingIssue(hashPrefix) {
+    const result = safeExecSync('gh', [
+        'issue', 'list',
+        '--label', 'bounty-finding',
+        '--state', 'open',
+        '--search', `[BOUNTY-${hashPrefix}]`,
+        '--json', 'number',
+        '--jq', 'length',
+    ]);
+    if (result.exitCode !== 0)
+        return false;
+    return parseInt(result.stdout.trim(), 10) > 0;
+}
+export function createFindingIssue(finding, hashPrefix) {
+    const labels = ['bounty-finding'];
+    if (finding.chainId)
+        labels.push('chain-finding');
+    const chainLine = finding.chainId
+        ? `**Chain:** ${finding.chainId} — ${finding.chainImpact}\n`
+        : '';
+    const body = `## [BOUNTY-${hashPrefix}] ${finding.claim.slice(0, 60)}
+
+**Program:** ${finding.program}
+**Asset:** ${finding.asset}
+**Severity:** ${finding.severity}
+${chainLine}
+### Finding
+**File:** \`${finding.file}\`
+**Claim:** ${finding.claim}
+**Reasoning:** ${finding.reasoning}
+
+### HackerOne Form Fields
+| Field | Value |
+|-------|-------|
+| Asset | ${finding.asset} |
+| Severity | ${finding.severity} |
+
+### Next Steps
+1. Run \`npx tryassay bounty-check\` for Layer 2 verification
+2. Run \`/bounty-report\` to generate submission-ready markdown
+3. Submit to HackerOne`;
+    const title = `[BOUNTY-${hashPrefix}] ${finding.severity.toUpperCase()}: ${finding.claim.slice(0, 70)}`;
+    safeExecSync('gh', [
+        'issue', 'create',
+        '--title', title,
+        '--body', body,
+        '--label', labels.join(','),
+    ]);
+}
+//# sourceMappingURL=issue-reporter.js.map

package/dist/lib/issue-reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"issue-reporter.js","sourceRoot":"","sources":["../../src/lib/issue-reporter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAc3D,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE;QAChC,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,gBAAgB;QAC3B,SAAS,EAAE,MAAM;QACjB,UAAU,EAAE,WAAW,UAAU,GAAG;QACpC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAqB,EAAE,UAAkB;IAC1E,MAAM,MAAM,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAClC,IAAI,OAAO,CAAC,OAAO;QAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAElD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO;QAC/B,CAAC,CAAC,cAAc,OAAO,CAAC,OAAO,MAAM,OAAO,CAAC,WAAW,IAAI;QAC5D,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,IAAI,GAAG,cAAc,UAAU,KAAK,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;;eAEvD,OAAO,CAAC,OAAO;aACjB,OAAO,CAAC,KAAK;gBACV,OAAO,CAAC,QAAQ;EAC9B,SAAS;;cAEG,OAAO,CAAC,IAAI;aACb,OAAO,CAAC,KAAK;iBACT,OAAO,CAAC,SAAS;;;;;YAKtB,OAAO,CAAC,KAAK;eACV,OAAO,CAAC,QAAQ;;;;;uBAKR,CAAC;IAEtB,MAAM,KAAK,GAAG,WAAW,UAAU,KAAK,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAExG,YAAY,CAAC,IAAI,EAAE;QACjB,OAAO,EAAE,QAAQ;QACjB,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,IAAI;QACd,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;KAC5B,CAAC,CAAC;AACL,CAAC"}

package/dist/lib/novelty-checker.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Novelty Checker — determines if a bounty finding has already been reported/patched.
+ *
+ * Layer 1 (fast, local): Git recency + release notes keyword scan.
+ * Layer 2 (deep, API): GitHub Security Advisories + code comparison.
+ */
+export type NoveltyStatus = 'likely-novel' | 'likely-patched' | 'check-manually';
+export interface NoveltyResult {
+    status: NoveltyStatus;
+    reason: string;
+}
+export interface GitSecurityResult {
+    hasSecurityFixes: boolean;
+    matchingCommits: string[];
+}
+export interface DeepCheckResult {
+    status: NoveltyStatus;
+    reason: string;
+    advisories: string[];
+    hacktivityMatches: string[];
+    codeStillVulnerable: boolean | null;
+}
+/**
+ * Extract security-relevant keywords from a claim description.
+ */
+export declare function extractSecurityKeywords(claim: string): string[];
+/**
+ * Parse git log output and check for security-related commits
+ * that mention any of the given keywords.
+ */
+export declare function parseGitLogForSecurityFixes(gitLog: string, keywords: string[]): GitSecurityResult;
+/**
+ * Parse git tag output into a clean array of tag names.
+ */
+export declare function parseGitTags(output: string): string[];
+/**
+ * Layer 1: Quick novelty check using only local git data.
+ */
+export declare function checkNoveltyLocal(targetPath: string, file: string, claim: string): NoveltyResult;
+/**
+ * Check GitHub Security Advisories for a repo.
+ * Requires `gh` CLI to be installed and authenticated.
+ */
+export declare function checkGitHubAdvisories(owner: string, repo: string, keywords: string[]): {
+    found: boolean;
+    matches: string[];
+};
+/**
+ * Check if the vulnerable code still exists on the main branch.
+ * Now actually checks file existence + optionally greps for claim pattern.
+ */
+export declare function checkCodeOnMain(targetPath: string, file: string, claimKeywords?: string[]): {
+    exists: boolean;
+    lastModified: string | null;
+    reason: string;
+};
+/**
+ * Layer 2: Full deep novelty check with API calls.
+ */
+export declare function deepNoveltyCheck(targetPath: string, file: string, claim: string, repoUrl: string): DeepCheckResult;

package/dist/lib/novelty-checker.js

@@ -0,0 +1,223 @@
+/**
+ * Novelty Checker — determines if a bounty finding has already been reported/patched.
+ *
+ * Layer 1 (fast, local): Git recency + release notes keyword scan.
+ * Layer 2 (deep, API): GitHub Security Advisories + code comparison.
+ */
+import { safeExecSync } from '../runtime/safe-executor.js';
+// ── Security Keywords ────────────────────────────────────────
+const SECURITY_TERMS = new Set([
+    'fix', 'vuln', 'vulnerability', 'security', 'cve', 'patch',
+    'csrf', 'xss', 'ssrf', 'injection', 'bypass', 'sanitize',
+    'sanitization', 'auth', 'authentication', 'authorization',
+    'token', 'session', 'cookie', 'cors', 'origin', 'redirect',
+    'traversal', 'overflow', 'exploit', 'attack', 'malicious',
+    'rce', 'dos', 'denial', 'privilege', 'escalation', 'sqli',
+]);
+/**
+ * Extract security-relevant keywords from a claim description.
+ */
+export function extractSecurityKeywords(claim) {
+    const words = claim.toLowerCase()
+        .replace(/[^a-z0-9\s-]/g, ' ')
+        .split(/\s+/)
+        .filter(w => w.length > 2);
+    const commonWords = new Set([
+        'the', 'and', 'for', 'that', 'this', 'with', 'from', 'are', 'was',
+        'not', 'but', 'has', 'have', 'does', 'can', 'may', 'should', 'would',
+        'will', 'all', 'any', 'each', 'when', 'where', 'which', 'while',
+        'function', 'method', 'class', 'file', 'code', 'value', 'return',
+        'input', 'output', 'error', 'check', 'use', 'using', 'used',
+    ]);
+    return [...new Set(words.filter(w => SECURITY_TERMS.has(w) || (!commonWords.has(w) && w.length > 3)))];
+}
+// ── Layer 1: Git-Based Checks ────────────────────────────────
+/**
+ * Parse git log output and check for security-related commits
+ * that mention any of the given keywords.
+ */
+export function parseGitLogForSecurityFixes(gitLog, keywords) {
+    if (!gitLog.trim()) {
+        return { hasSecurityFixes: false, matchingCommits: [] };
+    }
+    const lines = gitLog.trim().split('\n');
+    const matchingCommits = [];
+    const keywordsLower = keywords.map(k => k.toLowerCase());
+    for (const line of lines) {
+        const lineLower = line.toLowerCase();
+        const hasKeyword = keywordsLower.some(kw => lineLower.includes(kw));
+        const hasSecurityIndicator = lineLower.includes('fix') ||
+            lineLower.includes('security') ||
+            lineLower.includes('cve') ||
+            lineLower.includes('patch') ||
+            lineLower.includes('vuln');
+        if (hasKeyword || (hasSecurityIndicator && hasKeyword)) {
+            matchingCommits.push(lineLower.trim());
+        }
+    }
+    return {
+        hasSecurityFixes: matchingCommits.length > 0,
+        matchingCommits,
+    };
+}
+/**
+ * Parse git tag output into a clean array of tag names.
+ */
+export function parseGitTags(output) {
+    if (!output.trim())
+        return [];
+    return output.trim().split('\n').map(t => t.trim()).filter(t => t.length > 0);
+}
+/**
+ * Layer 1: Quick novelty check using only local git data.
+ */
+export function checkNoveltyLocal(targetPath, file, claim) {
+    const keywords = extractSecurityKeywords(claim);
+    // Check 1: Recent commits touching this file
+    const logResult = safeExecSync('git', [
+        '-C', targetPath,
+        'log', '--since=90 days ago', '--oneline', '--', file,
+    ]);
+    if (logResult.exitCode === 0 && logResult.stdout.trim()) {
+        const gitCheck = parseGitLogForSecurityFixes(logResult.stdout, keywords);
+        if (gitCheck.hasSecurityFixes) {
+            return {
+                status: 'likely-patched',
+                reason: `Security-related commit found: ${gitCheck.matchingCommits[0]}`,
+            };
+        }
+    }
+    // Check 2: Recent release tags mentioning security keywords
+    const tagsResult = safeExecSync('git', [
+        '-C', targetPath,
+        'tag', '--sort=-creatordate',
+    ]);
+    if (tagsResult.exitCode === 0 && tagsResult.stdout.trim()) {
+        const tags = parseGitTags(tagsResult.stdout).slice(0, 5);
+        for (const tag of tags) {
+            const tagMsgResult = safeExecSync('git', [
+                '-C', targetPath,
+                'tag', '-l', '--format=%(contents:subject)', tag,
+            ]);
+            if (tagMsgResult.exitCode === 0) {
+                const tagMsg = tagMsgResult.stdout.toLowerCase();
+                const hasMatch = keywords.some(kw => tagMsg.includes(kw));
+                if (hasMatch) {
+                    return {
+                        status: 'likely-patched',
+                        reason: `Release ${tag} mentions: ${keywords.filter(kw => tagMsg.includes(kw)).join(', ')}`,
+                    };
+                }
+            }
+        }
+    }
+    return {
+        status: 'likely-novel',
+        reason: 'No recent security commits or releases match this finding',
+    };
+}
+// ── Layer 2: Deep Checks (API-based) ─────────────────────────
+/**
+ * Check GitHub Security Advisories for a repo.
+ * Requires `gh` CLI to be installed and authenticated.
+ */
+export function checkGitHubAdvisories(owner, repo, keywords) {
+    const result = safeExecSync('gh', [
+        'api', `repos/${owner}/${repo}/security-advisories`,
+        '--jq', '.[].summary',
+    ]);
+    if (result.exitCode !== 0) {
+        return { found: false, matches: [] };
+    }
+    const summaries = result.stdout.trim().split('\n').filter(s => s.length > 0);
+    const keywordsLower = keywords.map(k => k.toLowerCase());
+    const matches = summaries.filter(summary => {
+        const summaryLower = summary.toLowerCase();
+        return keywordsLower.some(kw => summaryLower.includes(kw));
+    });
+    return { found: matches.length > 0, matches };
+}
+/**
+ * Check if the vulnerable code still exists on the main branch.
+ * Now actually checks file existence + optionally greps for claim pattern.
+ */
+export function checkCodeOnMain(targetPath, file, claimKeywords) {
+    // Check if file exists in working tree
+    const catResult = safeExecSync('git', [
+        '-C', targetPath,
+        'show', `HEAD:${file}`,
+    ]);
+    if (catResult.exitCode !== 0) {
+        return { exists: false, lastModified: null, reason: 'File not found on HEAD' };
+    }
+    // File exists — check last modification
+    const logResult = safeExecSync('git', [
+        '-C', targetPath,
+        'log', '-1', '--format=%H %ai %s', '--', file,
+    ]);
+    const lastModified = logResult.exitCode === 0 ? logResult.stdout.trim() : null;
+    // If keywords provided, grep for them in current file content
+    if (claimKeywords && claimKeywords.length > 0) {
+        const fileContent = catResult.stdout.toLowerCase();
+        const hasPattern = claimKeywords.some(kw => fileContent.includes(kw.toLowerCase()));
+        if (!hasPattern) {
+            return {
+                exists: false,
+                lastModified,
+                reason: 'File exists but vulnerable pattern not found in current HEAD',
+            };
+        }
+    }
+    return { exists: true, lastModified, reason: 'File exists and pattern present' };
+}
+/**
+ * Layer 2: Full deep novelty check with API calls.
+ */
+export function deepNoveltyCheck(targetPath, file, claim, repoUrl) {
+    const keywords = extractSecurityKeywords(claim);
+    // Parse owner/repo from URL
+    let owner = '';
+    let repo = '';
+    const ghMatch = repoUrl.match(/github\.com\/([^/]+)\/([^/.]+)/);
+    if (ghMatch) {
+        owner = ghMatch[1];
+        repo = ghMatch[2];
+    }
+    // Check 1: GitHub Security Advisories
+    let advisories = [];
+    if (owner && repo) {
+        const advisory = checkGitHubAdvisories(owner, repo, keywords);
+        advisories = advisory.matches;
+    }
+    // Check 2: Code still exists on main
+    const codeCheck = checkCodeOnMain(targetPath, file, keywords);
+    // Check 3: Git recency (reuse Layer 1)
+    const localCheck = checkNoveltyLocal(targetPath, file, claim);
+    // Synthesize verdict
+    if (advisories.length > 0) {
+        return {
+            status: 'likely-patched',
+            reason: `GitHub advisory matches: ${advisories[0]}`,
+            advisories,
+            hacktivityMatches: [],
+            codeStillVulnerable: codeCheck.exists,
+        };
+    }
+    if (localCheck.status === 'likely-patched') {
+        return {
+            status: 'likely-patched',
+            reason: localCheck.reason,
+            advisories: [],
+            hacktivityMatches: [],
+            codeStillVulnerable: codeCheck.exists,
+        };
+    }
+    return {
+        status: 'likely-novel',
+        reason: 'No advisories found, no security commits match, code unchanged',
+        advisories: [],
+        hacktivityMatches: [],
+        codeStillVulnerable: codeCheck.exists,
+    };
+}
+//# sourceMappingURL=novelty-checker.js.map

package/dist/lib/novelty-checker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"novelty-checker.js","sourceRoot":"","sources":["../../src/lib/novelty-checker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAwB3D,gEAAgE;AAEhE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC1D,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU;IACxD,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE,eAAe;IACzD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU;IAC1D,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW;IACzD,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM;CAC1D,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACnD,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE;SAC9B,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC;SAC7B,KAAK,CAAC,KAAK,CAAC;SACZ,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE7B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;QAC1B,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;QACjE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO;QACpE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;QAC/D,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;QAChE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM;KAC5D,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAClC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAC/D,CAAC,CAAC,CAAC;AACN,CAAC;AAED,gEAAgE;AAEhE;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAc,EACd,QAAkB;IAElB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACnB,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAEzD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAEpE,MAAM,oBAAoB,GACxB,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;YACzB,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;YACzB,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC3B,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE7B,IAAI,UAAU,IAAI,CAAC,oBAAoB,IAAI,UAAU,CAAC,EAAE,CAAC;YACvD,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,OAAO;QACL,gBAAgB,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;QAC5C,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,CAAC;IAC9B,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAAkB,EAClB,IAAY,EACZ,KAAa;IAEb,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;IAEhD,6CAA6C;IAC7C,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE;QACpC,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI;KACtD,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,QAAQ,KAAK,CAAC,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,2BAA2B,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACzE,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE,gBAAgB;gBACxB,MAAM,EAAE,kCAAkC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE;aACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,EAAE;QACrC,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,qBAAqB;KAC7B,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,QAAQ,KAAK,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAEzD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE;gBACvC,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,IAAI,EAAE,8BAA8B,EAAE,GAAG;aACjD,CAAC,CAAC;YAEH,IAAI,YAAY,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBACjD,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC1D,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO;wBACL,MAAM,EAAE,gBAAgB;wBACxB,MAAM,EAAE,WAAW,GAAG,cAAc,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;qBAC5F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,MAAM,EAAE,2DAA2D;KACpE,CAAC;AACJ,CAAC;AAED,gEAAgE;AAEhE;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAa,EACb,IAAY,EACZ,QAAkB;IAElB,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,SAAS,KAAK,IAAI,IAAI,sBAAsB;QACnD,MAAM,EAAE,aAAa;KACtB,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7E,MAAM,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACzD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE;QACzC,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAC3C,OAAO,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,OAAO,EAAE,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAkB,EAClB,IAAY,EACZ,aAAwB;IAExB,uCAAuC;IACvC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE;QACpC,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,QAAQ,IAAI,EAAE;KACvB,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;IACjF,CAAC;IAED,wCAAwC;IACxC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE;QACpC,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,IAAI;KAC9C,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,SAAS,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAE/E,8DAA8D;IAC9D,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,YAAY;gBACZ,MAAM,EAAE,8DAA8D;aACvE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;AACnF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,UAAkB,EAClB,IAAY,EACZ,KAAa,EACb,OAAe;IAEf,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;IAEhD,4BAA4B;IAC5B,IAAI,KAAK,GAAG,EAAE,CAAC;IACf,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAChE,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAED,sCAAsC;IACtC,IAAI,UAAU,GAAa,EAAE,CAAC;IAC9B,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,qBAAqB,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC9D,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE9D,uCAAuC;IACvC,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAE9D,qBAAqB;IACrB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,4BAA4B,UAAU,CAAC,CAAC,CAAC,EAAE;YACnD,UAAU;YACV,iBAAiB,EAAE,EAAE;YACrB,mBAAmB,EAAE,SAAS,CAAC,MAAM;SACtC,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;QAC3C,OAAO;YACL,MAAM,EAAE,gBAAgB;YACxB,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,UAAU,EAAE,EAAE;YACd,iBAAiB,EAAE,EAAE;YACrB,mBAAmB,EAAE,SAAS,CAAC,MAAM;SACtC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,MAAM,EAAE,gEAAgE;QACxE,UAAU,EAAE,EAAE;QACd,iBAAiB,EAAE,EAAE;QACrB,mBAAmB,EAAE,SAAS,CAAC,MAAM;KACtC,CAAC;AACJ,CAAC"}

package/dist/lib/program-registry.d.ts

@@ -0,0 +1,12 @@
+import type { WatchlistRepo } from './watchlist.js';
+export interface BountyProgram {
+    handle: string;
+    name: string;
+    repos: string[];
+    asset: string;
+}
+export interface ProgramRegistry {
+    programs: BountyProgram[];
+}
+export declare function loadPrograms(path: string): Promise<ProgramRegistry>;
+export declare function findNewRepos(registry: ProgramRegistry, existingUrls: string[]): WatchlistRepo[];

package/dist/lib/program-registry.js

@@ -0,0 +1,18 @@
+import { readFile } from 'node:fs/promises';
+export async function loadPrograms(path) {
+    const raw = await readFile(path, 'utf-8');
+    return JSON.parse(raw);
+}
+export function findNewRepos(registry, existingUrls) {
+    const existing = new Set(existingUrls);
+    const newRepos = [];
+    for (const program of registry.programs) {
+        for (const repoUrl of program.repos) {
+            if (!existing.has(repoUrl)) {
+                newRepos.push({ url: repoUrl, program: program.handle, asset: program.asset, source: 'program-discovery', priority: 'fresh' });
+            }
+        }
+    }
+    return newRepos;
+}
+//# sourceMappingURL=program-registry.js.map

package/dist/lib/program-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"program-registry.js","sourceRoot":"","sources":["../../src/lib/program-registry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAc5C,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,QAAyB,EACzB,YAAsB;IAEtB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxC,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACpC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACjI,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/lib/retry.d.ts

@@ -0,0 +1,5 @@
+export interface RetryOptions {
+    maxRetries?: number;
+    baseDelayMs?: number;
+}
+export declare function retryWithBackoff<T>(fn: () => Promise<T>, options?: RetryOptions): Promise<T>;

package/dist/lib/retry.js

@@ -0,0 +1,19 @@
+export async function retryWithBackoff(fn, options) {
+    const maxRetries = options?.maxRetries ?? 3;
+    const baseDelay = options?.baseDelayMs ?? 1000;
+    let lastError;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            return await fn();
+        }
+        catch (err) {
+            lastError = err instanceof Error ? err : new Error(String(err));
+            if (attempt < maxRetries) {
+                const delay = baseDelay * Math.pow(4, attempt);
+                await new Promise(resolve => setTimeout(resolve, delay));
+            }
+        }
+    }
+    throw lastError;
+}
+//# sourceMappingURL=retry.js.map

package/dist/lib/retry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.js","sourceRoot":"","sources":["../../src/lib/retry.ts"],"names":[],"mappings":"AAKA,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAoB,EACpB,OAAsB;IAEtB,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,OAAO,EAAE,WAAW,IAAI,IAAI,CAAC;IAC/C,IAAI,SAA4B,CAAC;IAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;gBACzB,MAAM,KAAK,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,SAAS,CAAC;AAClB,CAAC"}

package/dist/lib/watchlist.d.ts

@@ -0,0 +1,23 @@
+export interface WatchlistRepo {
+    url: string;
+    program: string;
+    asset: string;
+    source: 'seed' | 'program-discovery' | 'manual';
+    priority: 'normal' | 'fresh';
+}
+export interface WatchlistConfig {
+    repos: WatchlistRepo[];
+}
+export interface RepoState {
+    lastSha: string;
+    lastScanned: string;
+}
+export interface ScanState {
+    repoStates: Record<string, RepoState>;
+    reportedFindings: string[];
+}
+export declare function loadWatchlist(path: string): Promise<WatchlistConfig>;
+export declare function loadScanState(path: string): Promise<ScanState>;
+export declare function saveScanState(path: string, state: ScanState): Promise<void>;
+export declare function addRepo(configPath: string, repo: WatchlistRepo): Promise<void>;
+export declare function removeRepo(configPath: string, url: string): Promise<void>;

package/dist/lib/watchlist.js

@@ -0,0 +1,31 @@
+import { readFile, writeFile } from 'node:fs/promises';
+export async function loadWatchlist(path) {
+    const raw = await readFile(path, 'utf-8');
+    return JSON.parse(raw);
+}
+export async function loadScanState(path) {
+    try {
+        const raw = await readFile(path, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return { repoStates: {}, reportedFindings: [] };
+    }
+}
+export async function saveScanState(path, state) {
+    await writeFile(path, JSON.stringify(state, null, 2));
+}
+export async function addRepo(configPath, repo) {
+    const config = await loadWatchlist(configPath);
+    const exists = config.repos.some(r => r.url === repo.url);
+    if (exists)
+        return;
+    config.repos.push(repo);
+    await writeFile(configPath, JSON.stringify(config, null, 2));
+}
+export async function removeRepo(configPath, url) {
+    const config = await loadWatchlist(configPath);
+    config.repos = config.repos.filter(r => r.url !== url);
+    await writeFile(configPath, JSON.stringify(config, null, 2));
+}
+//# sourceMappingURL=watchlist.js.map

package/dist/lib/watchlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"watchlist.js","sourceRoot":"","sources":["../../src/lib/watchlist.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAwBvD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY;IAC9C,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY;IAC9C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAc,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC;IAClD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY,EAAE,KAAgB;IAChE,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,UAAkB,EAAE,IAAmB;IACnE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1D,IAAI,MAAM;QAAE,OAAO;IACnB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB,EAAE,GAAW;IAC9D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;IACvD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC/D,CAAC"}