tryassay 0.33.1 → 0.34.0

package/dist/realtime/streaming-checks.js

@@ -0,0 +1,452 @@
+/**
+ * Streaming Checks — stateless, pre-compiled pattern matchers for real-time verification.
+ *
+ * Extracts the regex-based formal verification checks from the existing
+ * formal-verifier.ts into standalone StreamingCheck objects. Also loads
+ * learned rules from the catalog and compiles them into the same format.
+ *
+ * All regex patterns are created once at module load time and reused across
+ * invocations. The `runChecks` function targets <10ms for the full check set
+ * against a single code unit.
+ */
+import { readFileSync } from 'node:fs';
+import { join } from 'node:path';
+// ── Formal Checks (hand-crafted) ────────────────────────────────
+const JS_LANGS = ['typescript', 'javascript', 'ts', 'js', 'tsx', 'jsx'];
+const PY_LANGS = ['python', 'py'];
+const ALL_LANGS = []; // empty = applies to all
+/**
+ * Returns all hand-crafted formal checks as StreamingCheck objects.
+ *
+ * These cover the key vulnerability patterns from formal-verifier.ts,
+ * adapted for streaming (line/statement-level) detection during generation.
+ */
+export function getFormalChecks() {
+    return FORMAL_CHECKS;
+}
+const FORMAL_CHECKS = [
+    // 1. SQL injection — string concatenation in queries
+    {
+        id: 'sql_concat_injection',
+        name: 'SQL string concatenation',
+        languages: [...JS_LANGS, ...PY_LANGS],
+        pattern: /(?:SELECT|INSERT|UPDATE|DELETE)\s[^;]*["'`]\s*\+\s*\w+/i,
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'SQL query uses string concatenation: $0',
+        suggestion: 'Use parameterized queries ($1, ?, or :named placeholders) instead of string concatenation.',
+        source: 'formal',
+    },
+    {
+        id: 'sql_template_injection',
+        name: 'SQL template literal injection',
+        languages: JS_LANGS,
+        pattern: /`[^`]*(?:SELECT|INSERT|UPDATE|DELETE)[^`]*\$\{(?!\d)/i,
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'SQL query uses template literal interpolation: $0',
+        suggestion: 'Use parameterized queries instead of template literal interpolation in SQL strings.',
+        source: 'formal',
+    },
+    // 2. Missing error handling — unhandled promise chains
+    {
+        id: 'unhandled_promise',
+        name: 'Unhandled promise (no .catch)',
+        languages: JS_LANGS,
+        pattern: /(?:fetch|axios\.\w+)\s*\([^)]*\)\s*\.then\s*\([^)]*\)(?![\s\S]*\.catch)/,
+        verdict: 'FAIL',
+        severity: 'high',
+        evidenceTemplate: 'Promise chain without .catch() handler: $0',
+        suggestion: 'Add a .catch() handler or use try/catch with await.',
+        source: 'formal',
+    },
+    // 3. Hardcoded credentials/secrets
+    {
+        id: 'hardcoded_secret',
+        name: 'Hardcoded secret or API key',
+        languages: ALL_LANGS,
+        pattern: /(?:const|let|var|=)\s*(?:\w+)?\s*(?:api[_-]?key|secret|password|token|auth)\s*=\s*["'`](?:sk-|pk-|ghp_|gho_|github_pat_|xox[bpors]-|AIza|AKIA|bearer\s).{8,}/i,
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'Hardcoded secret detected: $0',
+        suggestion: 'Use environment variables or a secrets manager instead of hardcoding credentials.',
+        source: 'formal',
+    },
+    // 4. Unsafe eval / Function constructor
+    {
+        id: 'unsafe_eval',
+        name: 'Unsafe eval() usage',
+        languages: JS_LANGS,
+        pattern: /\beval\s*\(\s*(?!\s*['"`][\s\S]*['"`]\s*\))/, // eval( but not eval("literal")
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'Unsafe eval() call detected: $0',
+        suggestion: 'Replace eval() with a safer alternative like JSON.parse() or a sandboxed evaluator.',
+        source: 'formal',
+    },
+    {
+        id: 'unsafe_function_constructor',
+        name: 'Unsafe Function constructor',
+        languages: JS_LANGS,
+        pattern: /new\s+Function\s*\(/,
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'Unsafe new Function() call detected: $0',
+        suggestion: 'Avoid new Function(). Use static code paths or a sandboxed evaluator.',
+        source: 'formal',
+    },
+    // 5. Insecure randomness (Math.random for security)
+    {
+        id: 'insecure_random',
+        name: 'Math.random() used for security',
+        languages: JS_LANGS,
+        pattern: /(?:token|secret|key|nonce|csrf|session|password|salt|hash)\s*(?:=|:)\s*.*Math\.random/i,
+        verdict: 'FAIL',
+        severity: 'high',
+        evidenceTemplate: 'Math.random() used in security-sensitive context: $0',
+        suggestion: 'Use crypto.randomUUID() or crypto.getRandomValues() for security-sensitive random values.',
+        source: 'formal',
+    },
+    {
+        id: 'insecure_random_token',
+        name: 'Math.random() token generation',
+        languages: JS_LANGS,
+        pattern: /Math\.random\(\)\.toString\(36\)/,
+        verdict: 'FAIL',
+        severity: 'high',
+        evidenceTemplate: 'Insecure token generation using Math.random(): $0',
+        suggestion: 'Use crypto.randomUUID() or crypto.randomBytes() for token generation.',
+        source: 'formal',
+    },
+    // 6. Prototype pollution patterns
+    {
+        id: 'prototype_pollution',
+        name: 'Prototype pollution risk',
+        languages: JS_LANGS,
+        pattern: /\w+\[(?:\w+|\w+\[\w+\])\]\s*=\s*(?!\s*(?:null|undefined|false|true|0|''|""|``)\s*[;,)])/,
+        verdict: 'FAIL',
+        severity: 'high',
+        evidenceTemplate: 'Dynamic property assignment may allow prototype pollution: $0',
+        suggestion: 'Validate property names against __proto__, constructor, and prototype before dynamic assignment.',
+        source: 'formal',
+    },
+    // 7. Path traversal
+    {
+        id: 'path_traversal',
+        name: 'Path traversal vulnerability',
+        languages: [...JS_LANGS, ...PY_LANGS],
+        pattern: /(?:readFile|readFileSync|createReadStream|writeFile|writeFileSync|open)\s*\(\s*(?:req\.(?:params|query|body)|request\.(?:args|form|json))\s*[\[.]/,
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'User input passed directly to filesystem operation: $0',
+        suggestion: 'Sanitize file paths with path.resolve() and verify they stay within the intended directory.',
+        source: 'formal',
+    },
+    // 8. Command injection
+    {
+        id: 'command_injection',
+        name: 'Command injection vulnerability',
+        languages: [...JS_LANGS, ...PY_LANGS],
+        pattern: /(?:exec|execSync|spawn|spawnSync|system|popen)\s*\(\s*(?:["'`][^"'`]*["'`]\s*\+|`[^`]*\$\{)/,
+        verdict: 'FAIL',
+        severity: 'critical',
+        evidenceTemplate: 'Command injection risk — shell command built with concatenation: $0',
+        suggestion: 'Use execFile() or spawn() with an argument array instead of exec() with string concatenation.',
+        source: 'formal',
+    },
+    // 9. Null/undefined access without check
+    {
+        id: 'unchecked_array_index',
+        name: 'Unchecked array index access',
+        languages: JS_LANGS,
+        pattern: /\w+\[0\]\.\w+(?!\s*\?\.)/, // arr[0].prop without optional chaining
+        verdict: 'FAIL',
+        severity: 'medium',
+        evidenceTemplate: 'Array element accessed without null check: $0',
+        suggestion: 'Check array length before accessing elements, or use optional chaining (arr[0]?.prop).',
+        source: 'formal',
+    },
+    // 10. Input validation missing — direct use of request params in DB queries
+    {
+        id: 'unvalidated_input_to_query',
+        name: 'Unvalidated input passed to database query',
+        languages: JS_LANGS,
+        pattern: /\.(?:query|execute|findOne|find|delete|update)\s*\(\s*\{[^}]*(?:req\.(?:params|query|body)|request\.\w+)/,
+        verdict: 'FAIL',
+        severity: 'high',
+        evidenceTemplate: 'Request input passed directly to database query without validation: $0',
+        suggestion: 'Validate and sanitize request input with zod, joi, or manual type checks before passing to queries.',
+        source: 'formal',
+    },
+];
+// ── Learned Rule Conversion ─────────────────────────────────────
+/**
+ * Keyword map: maps keyword triggers found in rule name/description/category
+ * to context keywords that must appear in code for the rule to be relevant.
+ *
+ * When a rule's name, description, or category contains a trigger (left side),
+ * the associated keywords (right side) are assigned. The check only runs if
+ * at least one keyword is found in the code unit text.
+ */
+const CONTEXT_KEYWORD_MAP = [
+    // React / JSX
+    {
+        triggers: /\b(?:react|jsx|tsx|component|hook|use[A-Z]\w+|memo(?:iz)|useEffect|useState|useRef|useCallback|useMemo)\b/i,
+        keywords: ['React', 'useState', 'useEffect', 'useRef', 'useCallback', 'useMemo', 'jsx', 'tsx', 'import react', 'from \'react', 'from "react'],
+    },
+    // OpenAPI / Swagger / NestJS decorators
+    {
+        triggers: /\b(?:openapi|swagger|@Api\w*|@Controller|@Get|@Post|@Put|@Delete|@Patch|decorator|NestJS)\b/i,
+        keywords: ['@Api', '@Controller', '@Get(', '@Post(', '@Put(', '@Delete(', '@Patch(', 'swagger', 'openapi', '@nestjs'],
+    },
+    // Canvas / Drawing / 2D rendering
+    {
+        triggers: /\b(?:canvas|drawImage|getContext|2d\s*context|fillRect|strokeRect|beginPath|WebGL)\b/i,
+        keywords: ['canvas', 'drawImage', 'getContext', 'fillRect', 'strokeRect', 'beginPath', 'CanvasRenderingContext', 'webgl'],
+    },
+    // Stripe
+    {
+        triggers: /\b(?:stripe|payment.?intent|checkout.?session|subscription)\b/i,
+        keywords: ['stripe', 'Stripe', 'payment_intent', 'checkout.sessions', 'PaymentIntent'],
+    },
+    // GraphQL
+    {
+        triggers: /\b(?:graphql|resolver|mutation|gql`|@Query|@Mutation|@Resolver)\b/i,
+        keywords: ['graphql', 'GraphQL', 'gql`', '@Query', '@Mutation', '@Resolver', 'typeDefs', 'resolvers'],
+    },
+    // Docker / Container
+    {
+        triggers: /\b(?:docker|dockerfile|container|ENTRYPOINT|CMD\s)\b/i,
+        keywords: ['FROM ', 'ENTRYPOINT', 'CMD [', 'EXPOSE ', 'Dockerfile', 'docker-compose'],
+    },
+    // Redis
+    {
+        triggers: /\b(?:redis|HSET|HGET|ZADD|pub.?sub|ioredis)\b/i,
+        keywords: ['redis', 'Redis', 'ioredis', 'HSET', 'HGET', 'createClient'],
+    },
+    // MongoDB / Mongoose
+    {
+        triggers: /\b(?:mongo(?:db|ose)?|Schema\.Types|ObjectId|aggregate)\b/i,
+        keywords: ['mongoose', 'MongoDB', 'MongoClient', 'Schema.Types', 'ObjectId', '.aggregate('],
+    },
+    // Django
+    {
+        triggers: /\b(?:django|models\.Model|views\.py|urls\.py|INSTALLED_APPS)\b/i,
+        keywords: ['django', 'Django', 'models.Model', 'INSTALLED_APPS', 'urlpatterns', 'from django'],
+    },
+    // Flask
+    {
+        triggers: /\b(?:flask|@app\.route|Blueprint|Jinja)\b/i,
+        keywords: ['flask', 'Flask', '@app.route', 'Blueprint', 'from flask'],
+    },
+    // Vue
+    {
+        triggers: /\b(?:vue|v-model|v-bind|v-if|defineComponent|ref\(\)|computed\(\))\b/i,
+        keywords: ['vue', 'Vue', 'v-model', 'v-bind', 'defineComponent', 'from \'vue', 'from "vue'],
+    },
+    // Angular
+    {
+        triggers: /\b(?:angular|@Component|@Injectable|@NgModule|ngOnInit)\b/i,
+        keywords: ['@Component', '@Injectable', '@NgModule', 'ngOnInit', '@angular', 'from \'@angular'],
+    },
+    // WebSocket
+    {
+        triggers: /\b(?:websocket|ws:\/\/|wss:\/\/|socket\.io|onmessage)\b/i,
+        keywords: ['WebSocket', 'ws://', 'wss://', 'socket.io', 'onmessage', 'Socket('],
+    },
+    // AWS SDK
+    {
+        triggers: /\b(?:aws.?sdk|S3Client|DynamoDB|Lambda|SQS|SNS|@aws-sdk)\b/i,
+        keywords: ['aws-sdk', '@aws-sdk', 'S3Client', 'DynamoDB', 'LambdaClient', 'SQSClient'],
+    },
+    // Prisma
+    {
+        triggers: /\b(?:prisma|PrismaClient|prisma\.\$|findUnique|findMany)\b/i,
+        keywords: ['prisma', 'Prisma', 'PrismaClient', 'prisma.', '@prisma/client'],
+    },
+];
+/**
+ * Derive context keywords for a learned rule based on its name, description,
+ * and category. Returns undefined if no specific context can be inferred
+ * (the rule will run against all code units).
+ */
+function deriveContextKeywords(rule) {
+    const searchText = [
+        rule.pattern.description,
+        rule.pattern.claimCategory,
+        rule.id,
+        rule.fixDescription ?? '',
+    ].join(' ');
+    for (const entry of CONTEXT_KEYWORD_MAP) {
+        if (entry.triggers.test(searchText)) {
+            return entry.keywords;
+        }
+    }
+    // Fallback: try to extract literal strings from the regex pattern itself.
+    // Sequences of 4+ alphanumeric chars (likely meaningful identifiers).
+    if (rule.pattern.regexPattern) {
+        const literals = extractRegexLiterals(rule.pattern.regexPattern);
+        if (literals.length > 0) {
+            return literals;
+        }
+    }
+    return undefined;
+}
+/**
+ * Extract literal substrings (4+ alphanumeric chars) from a regex pattern.
+ * These are likely the actual identifiers the rule is looking for.
+ */
+function extractRegexLiterals(regexStr) {
+    // Match sequences of word chars that are at least 4 chars long,
+    // excluding common regex syntax fragments
+    const REGEX_NOISE = new Set([
+        'true', 'false', 'null', 'undefined', 'this', 'that',
+        'with', 'from', 'each', 'some', 'every', 'filter',
+    ]);
+    const matches = regexStr.match(/[a-zA-Z_][a-zA-Z0-9_]{3,}/g) ?? [];
+    const unique = [...new Set(matches)].filter(m => !REGEX_NOISE.has(m.toLowerCase()));
+    return unique.length <= 10 ? unique : unique.slice(0, 10);
+}
+/**
+ * Load learned rules from the catalog and convert them to StreamingCheck format.
+ *
+ * Default path: `.assay/learned/rules.json` relative to process.cwd().
+ * Falls back to an empty set if the file doesn't exist (starter rules
+ * are loaded separately by getFormalChecks equivalent in the catalog).
+ *
+ * Each rule is assigned contextKeywords for relevance filtering — the check
+ * only runs on code units that contain at least one keyword.
+ */
+export function loadLearnedChecks(catalogPath) {
+    const filePath = catalogPath ?? join(process.cwd(), '.assay', 'learned', 'rules.json');
+    let rules;
+    try {
+        const content = readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(content);
+        rules = Array.isArray(parsed) ? parsed : [];
+    }
+    catch {
+        // No catalog on disk — return empty (starter rules are part of formal checks)
+        return [];
+    }
+    return rules
+        .filter(r => r.status === 'promoted' || r.status === 'validated')
+        .filter(r => r.pattern.kind === 'regex' && r.pattern.regexPattern)
+        .map(r => learnedRuleToCheck(r));
+}
+function learnedRuleToCheck(rule) {
+    let pattern;
+    try {
+        pattern = new RegExp(rule.pattern.regexPattern, 'i');
+    }
+    catch {
+        // Invalid regex — create a pattern that never matches
+        pattern = /(?!)/;
+    }
+    return {
+        id: `learned_${rule.id}`,
+        name: rule.pattern.description.slice(0, 80),
+        languages: [...rule.pattern.languages],
+        pattern,
+        verdict: rule.pattern.matchBehavior === 'presence_is_bad' ? 'FAIL' : 'PASS',
+        severity: rule.pattern.severity,
+        evidenceTemplate: rule.pattern.evidenceTemplate,
+        suggestion: rule.fixDescription,
+        source: 'learned',
+        contextKeywords: deriveContextKeywords(rule),
+    };
+}
+// Exported for testing
+export { deriveContextKeywords as _deriveContextKeywords, extractRegexLiterals as _extractRegexLiterals };
+// ── Compilation ─────────────────────────────────────────────────
+/**
+ * Filter checks by language and return a pre-compiled set ready for fast execution.
+ *
+ * If no checks are provided, uses the built-in formal checks.
+ */
+export function compileCheckSet(language, checks) {
+    const start = performance.now();
+    const allChecks = checks ?? FORMAL_CHECKS;
+    const langLower = language.toLowerCase();
+    const filtered = allChecks.filter(check => {
+        if (check.languages.length === 0)
+            return true; // applies to all languages
+        return check.languages.some(l => l.toLowerCase() === langLower);
+    });
+    const compileTimeMs = performance.now() - start;
+    return {
+        checks: filtered,
+        language: langLower,
+        compileTimeMs,
+    };
+}
+// ── Execution ───────────────────────────────────────────────────
+/**
+ * Run all checks in the set against a code unit. Returns verification events.
+ *
+ * Designed to complete in <10ms for the full check set against a typical code unit.
+ */
+export function runChecks(unit, checkSet) {
+    const events = [];
+    const unitStart = performance.now();
+    const textLower = unit.text.toLowerCase();
+    for (const check of checkSet.checks) {
+        // Level 2 filtering: skip checks whose contextKeywords don't match the code
+        if (check.contextKeywords && check.contextKeywords.length > 0) {
+            const hasRelevantKeyword = check.contextKeywords.some(kw => textLower.includes(kw.toLowerCase()));
+            if (!hasRelevantKeyword)
+                continue;
+        }
+        const checkStart = performance.now();
+        // Reset lastIndex for patterns with the global flag
+        check.pattern.lastIndex = 0;
+        const match = check.pattern.exec(unit.text);
+        const latencyMs = performance.now() - checkStart;
+        if (match && check.verdict === 'FAIL') {
+            // Pattern matched and that means a failure
+            const evidence = formatEvidence(check.evidenceTemplate, match);
+            events.push({
+                type: 'finding',
+                codeUnit: unit,
+                checkId: check.id,
+                checkName: check.name,
+                verdict: 'FAIL',
+                evidence,
+                severity: check.severity,
+                suggestion: check.suggestion,
+                latencyMs,
+            });
+        }
+        else if (!match && check.verdict === 'PASS') {
+            // Pattern was supposed to match (PASS means "match = good") but didn't
+            // This is the absence_is_bad case from learned rules
+            events.push({
+                type: 'finding',
+                codeUnit: unit,
+                checkId: check.id,
+                checkName: check.name,
+                verdict: 'FAIL',
+                evidence: formatEvidence(check.evidenceTemplate, null),
+                severity: check.severity,
+                suggestion: check.suggestion,
+                latencyMs,
+            });
+        }
+        // Other cases: match+PASS (good) or no-match+FAIL (no problem found) — no event
+    }
+    return events;
+}
+// ── Helpers ─────────────────────────────────────────────────────
+function formatEvidence(template, match) {
+    if (!match)
+        return template;
+    let result = template;
+    // Replace $0 with full match
+    result = result.replace(/\$0/g, match[0]);
+    // Replace $1, $2, etc. with capture groups
+    for (let i = 1; i < match.length; i++) {
+        result = result.replace(new RegExp(`\\$${i}`, 'g'), match[i] ?? '');
+    }
+    return result;
+}
+//# sourceMappingURL=streaming-checks.js.map

package/dist/realtime/streaming-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"streaming-checks.js","sourceRoot":"","sources":["../../src/realtime/streaming-checks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAUjC,mEAAmE;AAEnE,MAAM,QAAQ,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AACxE,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AAClC,MAAM,SAAS,GAAa,EAAE,CAAC,CAAC,yBAAyB;AAEzD;;;;;GAKG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,MAAM,aAAa,GAAqB;IACtC,qDAAqD;IACrD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,0BAA0B;QAChC,SAAS,EAAE,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,EAAE,yDAAyD;QAClE,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,yCAAyC;QAC3D,UAAU,EAAE,4FAA4F;QACxG,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,gCAAgC;QACtC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,uDAAuD;QAChE,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,mDAAmD;QACrE,UAAU,EAAE,qFAAqF;QACjG,MAAM,EAAE,QAAQ;KACjB;IAED,uDAAuD;IACvD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,+BAA+B;QACrC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,yEAAyE;QAClF,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,MAAM;QAChB,gBAAgB,EAAE,4CAA4C;QAC9D,UAAU,EAAE,qDAAqD;QACjE,MAAM,EAAE,QAAQ;KACjB;IAED,mCAAmC;IACnC;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,6BAA6B;QACnC,SAAS,EAAE,SAAS;QACpB,OAAO,EAAE,+JAA+J;QACxK,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,+BAA+B;QACjD,UAAU,EAAE,mFAAmF;QAC/F,MAAM,EAAE,QAAQ;KACjB;IAED,wCAAwC;IACxC;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,qBAAqB;QAC3B,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,6CAA6C,EAAE,gCAAgC;QACxF,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,iCAAiC;QACnD,UAAU,EAAE,qFAAqF;QACjG,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,EAAE,EAAE,6BAA6B;QACjC,IAAI,EAAE,6BAA6B;QACnC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,qBAAqB;QAC9B,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,yCAAyC;QAC3D,UAAU,EAAE,uEAAuE;QACnF,MAAM,EAAE,QAAQ;KACjB;IAED,oDAAoD;IACpD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,iCAAiC;QACvC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,wFAAwF;QACjG,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,MAAM;QAChB,gBAAgB,EAAE,sDAAsD;QACxE,UAAU,EAAE,2FAA2F;QACvG,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,gCAAgC;QACtC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,kCAAkC;QAC3C,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,MAAM;QAChB,gBAAgB,EAAE,mDAAmD;QACrE,UAAU,EAAE,uEAAuE;QACnF,MAAM,EAAE,QAAQ;KACjB;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,0BAA0B;QAChC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,yFAAyF;QAClG,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,MAAM;QAChB,gBAAgB,EAAE,+DAA+D;QACjF,UAAU,EAAE,kGAAkG;QAC9G,MAAM,EAAE,QAAQ;KACjB;IAED,oBAAoB;IACpB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,SAAS,EAAE,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,EAAE,mJAAmJ;QAC5J,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,wDAAwD;QAC1E,UAAU,EAAE,6FAA6F;QACzG,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,SAAS,EAAE,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QACrC,OAAO,EAAE,6FAA6F;QACtG,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,UAAU;QACpB,gBAAgB,EAAE,qEAAqE;QACvF,UAAU,EAAE,+FAA+F;QAC3G,MAAM,EAAE,QAAQ;KACjB;IAED,yCAAyC;IACzC;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,8BAA8B;QACpC,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,0BAA0B,EAAE,wCAAwC;QAC7E,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,QAAQ;QAClB,gBAAgB,EAAE,+CAA+C;QACjE,UAAU,EAAE,wFAAwF;QACpG,MAAM,EAAE,QAAQ;KACjB;IAED,4EAA4E;IAC5E;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,4CAA4C;QAClD,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,0GAA0G;QACnH,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE,MAAM;QAChB,gBAAgB,EAAE,wEAAwE;QAC1F,UAAU,EAAE,qGAAqG;QACjH,MAAM,EAAE,QAAQ;KACjB;CACF,CAAC;AAEF,mEAAmE;AAEnE;;;;;;;GAOG;AACH,MAAM,mBAAmB,GAAoD;IAC3E,cAAc;IACd;QACE,QAAQ,EAAE,4GAA4G;QACtH,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,CAAC;KAC9I;IACD,wCAAwC;IACxC;QACE,QAAQ,EAAE,8FAA8F;QACxG,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;KACtH;IACD,kCAAkC;IAClC;QACE,QAAQ,EAAE,uFAAuF;QACjG,QAAQ,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,wBAAwB,EAAE,OAAO,CAAC;KAC1H;IACD,SAAS;IACT;QACE,QAAQ,EAAE,gEAAgE;QAC1E,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,eAAe,CAAC;KACvF;IACD,UAAU;IACV;QACE,QAAQ,EAAE,oEAAoE;QAC9E,QAAQ,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC;KACtG;IACD,qBAAqB;IACrB;QACE,QAAQ,EAAE,uDAAuD;QACjE,QAAQ,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,gBAAgB,CAAC;KACtF;IACD,QAAQ;IACR;QACE,QAAQ,EAAE,gDAAgD;QAC1D,QAAQ,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,CAAC;KACxE;IACD,qBAAqB;IACrB;QACE,QAAQ,EAAE,4DAA4D;QACtE,QAAQ,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,CAAC;KAC5F;IACD,SAAS;IACT;QACE,QAAQ,EAAE,iEAAiE;QAC3E,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,CAAC;KAC/F;IACD,QAAQ;IACR;QACE,QAAQ,EAAE,4CAA4C;QACtD,QAAQ,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,CAAC;KACtE;IACD,MAAM;IACN;QACE,QAAQ,EAAE,uEAAuE;QACjF,QAAQ,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,YAAY,EAAE,WAAW,CAAC;KAC5F;IACD,UAAU;IACV;QACE,QAAQ,EAAE,4DAA4D;QACtE,QAAQ,EAAE,CAAC,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,CAAC;KAChG;IACD,YAAY;IACZ;QACE,QAAQ,EAAE,0DAA0D;QACpE,QAAQ,EAAE,CAAC,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC;KAChF;IACD,UAAU;IACV;QACE,QAAQ,EAAE,6DAA6D;QACvE,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;KACvF;IACD,SAAS;IACT;QACE,QAAQ,EAAE,6DAA6D;QACvE,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,SAAS,EAAE,gBAAgB,CAAC;KAC5E;CACF,CAAC;AAEF;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,IAAiB;IAC9C,MAAM,UAAU,GAAG;QACjB,IAAI,CAAC,OAAO,CAAC,WAAW;QACxB,IAAI,CAAC,OAAO,CAAC,aAAa;QAC1B,IAAI,CAAC,EAAE;QACP,IAAI,CAAC,cAAc,IAAI,EAAE;KAC1B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,KAAK,MAAM,KAAK,IAAI,mBAAmB,EAAE,CAAC;QACxC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC,QAAQ,CAAC;QACxB,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACjE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,gEAAgE;IAChE,0CAA0C;IAC1C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;QAC1B,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM;QACpD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ;KAClD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,4BAA4B,CAAC,IAAI,EAAE,CAAC;IACnE,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACpF,OAAO,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC5D,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAoB;IACpD,MAAM,QAAQ,GAAG,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;IAEvF,IAAI,KAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,8EAA8E;QAC9E,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,KAAK;SACT,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC;SAChE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;SACjE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAiB;IAC3C,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAa,EAAE,GAAG,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,sDAAsD;QACtD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAED,OAAO;QACL,EAAE,EAAE,WAAW,IAAI,CAAC,EAAE,EAAE;QACxB,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAC3C,SAAS,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QACtC,OAAO;QACP,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,KAAK,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC3E,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,QAAyB;QAChD,gBAAgB,EAAE,IAAI,CAAC,OAAO,CAAC,gBAAgB;QAC/C,UAAU,EAAE,IAAI,CAAC,cAAc;QAC/B,MAAM,EAAE,SAAS;QACjB,eAAe,EAAE,qBAAqB,CAAC,IAAI,CAAC;KAC7C,CAAC;AACJ,CAAC;AAED,uBAAuB;AACvB,OAAO,EAAE,qBAAqB,IAAI,sBAAsB,EAAE,oBAAoB,IAAI,qBAAqB,EAAE,CAAC;AAE1G,mEAAmE;AAEnE;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,MAAyB;IAEzB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAChC,MAAM,SAAS,GAAG,MAAM,IAAI,aAAa,CAAC;IAC1C,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAEzC,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;QACxC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,CAAC,2BAA2B;QAC1E,OAAO,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;IAEhD,OAAO;QACL,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,SAAS;QACnB,aAAa;KACd,CAAC;AACJ,CAAC;AAED,mEAAmE;AAEnE;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,IAAc,EACd,QAA0B;IAE1B,MAAM,MAAM,GAAwB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAE1C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,4EAA4E;QAC5E,IAAI,KAAK,CAAC,eAAe,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,MAAM,kBAAkB,GAAG,KAAK,CAAC,eAAe,CAAC,IAAI,CACnD,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAC3C,CAAC;YACF,IAAI,CAAC,kBAAkB;gBAAE,SAAS;QACpC,CAAC;QAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAErC,oDAAoD;QACpD,KAAK,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE5C,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;QAEjD,IAAI,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YACtC,2CAA2C;YAC3C,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,OAAO,EAAE,MAAM;gBACf,QAAQ;gBACR,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS;aACV,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9C,uEAAuE;YACvE,qDAAqD;YACrD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,KAAK,CAAC,EAAE;gBACjB,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,cAAc,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAI,CAAC;gBACtD,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QACD,gFAAgF;IAClF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,mEAAmE;AAEnE,SAAS,cAAc,CAAC,QAAgB,EAAE,KAA6B;IACrE,IAAI,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAE5B,IAAI,MAAM,GAAG,QAAQ,CAAC;IACtB,6BAA6B;IAC7B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,2CAA2C;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/realtime/streaming-verifier.d.ts

@@ -0,0 +1,57 @@
+/**
+ * StreamingVerifier — orchestrator for the real-time verification pipeline.
+ *
+ * Wires CodeBuffer (token accumulation + code unit detection) with
+ * StreamingChecks (pattern-based formal + learned checks) into a single
+ * stateful pipeline. Feed it tokens, it buffers them, detects completed
+ * code units, runs checks, and emits verification events.
+ */
+import type { CheckSeverity, StreamingVerifierStats, VerificationEvent } from './types.js';
+export interface StreamingVerifierOptions {
+    language: string;
+    /** Path to project root for loading learned rules catalog */
+    projectPath?: string;
+    /** Callback fired for each verification event */
+    onEvent?: (event: VerificationEvent) => void;
+    /** Only auto-correct findings at or above this severity. Default: 'high' */
+    minCorrectionSeverity?: CheckSeverity;
+}
+export declare class StreamingVerifier {
+    private readonly codeBuffer;
+    private readonly checkSet;
+    private readonly onEvent?;
+    private events;
+    private unitsProcessed;
+    private checksRun;
+    private findingsCount;
+    private totalTimeMs;
+    private maxLatencyMs;
+    /**
+     * Tracks the highest endOffset from any code unit we have processed.
+     * Used by flush() to know where unchecked trailing code begins.
+     */
+    private coveredOffset;
+    constructor(options: StreamingVerifierOptions);
+    /**
+     * Feed tokens from the LLM stream. Returns any verification events triggered.
+     */
+    push(tokens: string): VerificationEvent[];
+    /**
+     * Flush the buffer — run checks on any remaining buffered code.
+     * Call at the end of the stream to verify trailing code that never
+     * reached a structural boundary (closing brace, semicolon, etc.).
+     */
+    flush(): VerificationEvent[];
+    /** Get cumulative statistics. */
+    getStats(): StreamingVerifierStats;
+    /** Get all findings (FAIL events) accumulated so far. */
+    getFindings(): VerificationEvent[];
+    /** Get the full generated code accumulated so far. */
+    getGeneratedCode(): string;
+    /** Reset all state — buffer, events, stats. */
+    reset(): void;
+    /**
+     * Run checks against a list of code units, accumulate stats, fire callbacks.
+     */
+    private processUnits;
+}

package/dist/realtime/streaming-verifier.js

@@ -0,0 +1,134 @@
+/**
+ * StreamingVerifier — orchestrator for the real-time verification pipeline.
+ *
+ * Wires CodeBuffer (token accumulation + code unit detection) with
+ * StreamingChecks (pattern-based formal + learned checks) into a single
+ * stateful pipeline. Feed it tokens, it buffers them, detects completed
+ * code units, runs checks, and emits verification events.
+ */
+import { CodeBuffer } from './code-buffer.js';
+import { getFormalChecks, loadLearnedChecks, compileCheckSet, runChecks, } from './streaming-checks.js';
+// ---------------------------------------------------------------------------
+// StreamingVerifier
+// ---------------------------------------------------------------------------
+export class StreamingVerifier {
+    codeBuffer;
+    checkSet;
+    onEvent;
+    // Accumulated state
+    events = [];
+    unitsProcessed = 0;
+    checksRun = 0;
+    findingsCount = 0;
+    totalTimeMs = 0;
+    maxLatencyMs = 0;
+    /**
+     * Tracks the highest endOffset from any code unit we have processed.
+     * Used by flush() to know where unchecked trailing code begins.
+     */
+    coveredOffset = 0;
+    constructor(options) {
+        this.codeBuffer = new CodeBuffer(options.language);
+        this.onEvent = options.onEvent;
+        // Load formal checks
+        const formal = getFormalChecks();
+        // Optionally load learned rules from the project catalog
+        let learned = [];
+        if (options.projectPath) {
+            const catalogPath = `${options.projectPath}/.assay/learned/rules.json`;
+            learned = loadLearnedChecks(catalogPath);
+        }
+        // Compile into a single check set filtered by language
+        this.checkSet = compileCheckSet(options.language, [...formal, ...learned]);
+    }
+    // -- Public API -----------------------------------------------------------
+    /**
+     * Feed tokens from the LLM stream. Returns any verification events triggered.
+     */
+    push(tokens) {
+        const units = this.codeBuffer.push(tokens);
+        return this.processUnits(units);
+    }
+    /**
+     * Flush the buffer — run checks on any remaining buffered code.
+     * Call at the end of the stream to verify trailing code that never
+     * reached a structural boundary (closing brace, semicolon, etc.).
+     */
+    flush() {
+        const fullBuffer = this.codeBuffer.getFullBuffer();
+        const remaining = fullBuffer.slice(this.coveredOffset).trim();
+        if (remaining.length === 0) {
+            return [];
+        }
+        const trailingUnit = {
+            text: remaining,
+            kind: 'line',
+            startOffset: this.coveredOffset,
+            endOffset: fullBuffer.length,
+            language: this.codeBuffer.getLanguage(),
+        };
+        return this.processUnits([trailingUnit]);
+    }
+    /** Get cumulative statistics. */
+    getStats() {
+        return {
+            unitsProcessed: this.unitsProcessed,
+            checksRun: this.checksRun,
+            findings: this.findingsCount,
+            avgLatencyMs: this.unitsProcessed > 0 ? this.totalTimeMs / this.unitsProcessed : 0,
+            maxLatencyMs: this.maxLatencyMs,
+            totalTimeMs: this.totalTimeMs,
+        };
+    }
+    /** Get all findings (FAIL events) accumulated so far. */
+    getFindings() {
+        return this.events.filter(e => e.verdict === 'FAIL');
+    }
+    /** Get the full generated code accumulated so far. */
+    getGeneratedCode() {
+        return this.codeBuffer.getFullBuffer();
+    }
+    /** Reset all state — buffer, events, stats. */
+    reset() {
+        this.codeBuffer.reset();
+        this.events = [];
+        this.unitsProcessed = 0;
+        this.checksRun = 0;
+        this.findingsCount = 0;
+        this.totalTimeMs = 0;
+        this.maxLatencyMs = 0;
+        this.coveredOffset = 0;
+    }
+    // -- Private helpers ------------------------------------------------------
+    /**
+     * Run checks against a list of code units, accumulate stats, fire callbacks.
+     */
+    processUnits(units) {
+        const batchEvents = [];
+        for (const unit of units) {
+            const unitStart = performance.now();
+            const unitEvents = runChecks(unit, this.checkSet);
+            const unitLatency = performance.now() - unitStart;
+            // Track coverage regardless of whether events were produced
+            if (unit.endOffset > this.coveredOffset) {
+                this.coveredOffset = unit.endOffset;
+            }
+            this.unitsProcessed++;
+            this.checksRun += this.checkSet.checks.length;
+            this.totalTimeMs += unitLatency;
+            if (unitLatency > this.maxLatencyMs) {
+                this.maxLatencyMs = unitLatency;
+            }
+            for (const event of unitEvents) {
+                this.events.push(event);
+                batchEvents.push(event);
+                if (event.verdict === 'FAIL') {
+                    this.findingsCount++;
+                }
+                this.onEvent?.(event);
+            }
+        }
+        return batchEvents;
+    }
+}
+//# sourceMappingURL=streaming-verifier.js.map

package/dist/realtime/streaming-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"streaming-verifier.js","sourceRoot":"","sources":["../../src/realtime/streaming-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,SAAS,GACV,MAAM,uBAAuB,CAAC;AAuB/B,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,OAAO,iBAAiB;IACX,UAAU,CAAa;IACvB,QAAQ,CAAmB;IAC3B,OAAO,CAAsC;IAE9D,oBAAoB;IACZ,MAAM,GAAwB,EAAE,CAAC;IACjC,cAAc,GAAG,CAAC,CAAC;IACnB,SAAS,GAAG,CAAC,CAAC;IACd,aAAa,GAAG,CAAC,CAAC;IAClB,WAAW,GAAG,CAAC,CAAC;IAChB,YAAY,GAAG,CAAC,CAAC;IAEzB;;;OAGG;IACK,aAAa,GAAG,CAAC,CAAC;IAE1B,YAAY,OAAiC;QAC3C,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAE/B,qBAAqB;QACrB,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;QAEjC,yDAAyD;QACzD,IAAI,OAAO,GAAyC,EAAE,CAAC;QACvD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,MAAM,WAAW,GAAG,GAAG,OAAO,CAAC,WAAW,4BAA4B,CAAC;YACvE,OAAO,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;QAC3C,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,IAAI,CAAC,MAAc;QACjB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAED;;;;OAIG;IACH,KAAK;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC;QAE9D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,YAAY,GAAa;YAC7B,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,IAAI,CAAC,aAAa;YAC/B,SAAS,EAAE,UAAU,CAAC,MAAM;YAC5B,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;SACxC,CAAC;QAEF,OAAO,IAAI,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,iCAAiC;IACjC,QAAQ;QACN,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;YAC5B,YAAY,EACV,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;YACtE,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,WAAW;QACT,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC;IACvD,CAAC;IAED,sDAAsD;IACtD,gBAAgB;QACd,OAAO,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;IACzC,CAAC;IAED,+CAA+C;IAC/C,KAAK;QACH,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QACjB,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;QACnB,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACK,YAAY,CAAC,KAAiB;QACpC,MAAM,WAAW,GAAwB,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YACpC,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAElD,4DAA4D;YAC5D,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC;YACtC,CAAC;YAED,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YAC9C,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC;YAChC,IAAI,WAAW,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpC,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;YAClC,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACxB,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;oBAC7B,IAAI,CAAC,aAAa,EAAE,CAAC;gBACvB,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF"}