tryassay 0.33.2 → 0.35.0

package/dist/realtime/__tests__/entropy-detector.test.js

@@ -0,0 +1,200 @@
+import { describe, it, expect } from 'vitest';
+import { EntropyDetector, computeEntropy } from '../entropy-detector.js';
+describe('computeEntropy', () => {
+    it('returns 0 for empty input', () => {
+        expect(computeEntropy([])).toBe(0);
+    });
+    it('returns 0 for single token with all probability', () => {
+        expect(computeEntropy([{ logprob: 0 }])).toBe(0);
+    });
+    it('returns max entropy for uniform distribution', () => {
+        const uniform = [
+            { logprob: Math.log(0.25) },
+            { logprob: Math.log(0.25) },
+            { logprob: Math.log(0.25) },
+            { logprob: Math.log(0.25) },
+        ];
+        expect(computeEntropy(uniform)).toBeCloseTo(2.0, 3);
+    });
+    it('returns low entropy for confident prediction', () => {
+        const confident = [
+            { logprob: Math.log(0.95) },
+            { logprob: Math.log(0.03) },
+            { logprob: Math.log(0.01) },
+            { logprob: Math.log(0.01) },
+        ];
+        const e = computeEntropy(confident);
+        expect(e).toBeLessThan(0.5);
+        expect(e).toBeGreaterThan(0);
+    });
+    it('returns higher entropy for uncertain prediction', () => {
+        const uncertain = [
+            { logprob: Math.log(0.3) },
+            { logprob: Math.log(0.25) },
+            { logprob: Math.log(0.25) },
+            { logprob: Math.log(0.2) },
+        ];
+        expect(computeEntropy(uncertain)).toBeGreaterThan(1.5);
+    });
+});
+describe('EntropyDetector', () => {
+    function makeToken(token, topProbs) {
+        return {
+            token,
+            logprob: Math.log(topProbs[0]),
+            topLogprobs: topProbs.map((p, i) => ({
+                token: `t${i}`,
+                logprob: Math.log(p),
+            })),
+        };
+    }
+    // Confident token: entropy ≈ 0.29 (below 0.5 threshold)
+    const confidentToken = () => makeToken('x', [0.95, 0.03, 0.01, 0.01]);
+    // Uncertain token: entropy ≈ 2.32 (above 0.5 threshold)
+    const uncertainToken = () => makeToken('?', [0.2, 0.2, 0.2, 0.2, 0.2]);
+    it('does not fire on confident tokens', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.35,
+            windowSize: 8,
+            minTokens: 4,
+        });
+        for (let i = 0; i < 20; i++) {
+            const event = detector.pushToken(confidentToken());
+            expect(event).toBeNull();
+        }
+        expect(detector.getStats().alerts).toBe(0);
+    });
+    it('fires when enough tokens are uncertain (fraction-only, dynamics disabled)', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.35,
+            windowSize: 8,
+            minTokens: 4,
+            dynamicsThreshold: 1.1, // Disable dynamics to test fraction path
+        });
+        // Push 8 uncertain tokens — all high entropy, fraction = 100% > 35%
+        const events = [];
+        for (let i = 0; i < 20; i++) {
+            const event = detector.pushToken(uncertainToken());
+            if (event)
+                events.push(event);
+        }
+        expect(events.length).toBeGreaterThan(0);
+        expect(events[0].checkId).toBe('entropy_hallucination');
+        expect(events[0].verdict).toBe('FAIL');
+        expect(events[0].evidence).toMatch(/high entropy/);
+    });
+    it('respects minTokens — no alert before enough tokens', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.35,
+            windowSize: 8,
+            minTokens: 10,
+            dynamicsThreshold: 1.1, // Disable dynamics to test fraction minTokens
+        });
+        // Push 9 uncertain tokens — should NOT fire (minTokens=10)
+        for (let i = 0; i < 9; i++) {
+            const event = detector.pushToken(uncertainToken());
+            expect(event).toBeNull();
+        }
+        // 10th should fire
+        const event = detector.pushToken(uncertainToken());
+        expect(event).not.toBeNull();
+    });
+    it('does not fire when fraction is below threshold and dynamics disabled', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.5, // Need >50% high-entropy tokens
+            windowSize: 8,
+            minTokens: 1,
+            dynamicsThreshold: 1.1, // Disable dynamics detection
+        });
+        // Alternate: confident, uncertain — fraction ≈ 50% (not > 50%)
+        for (let i = 0; i < 16; i++) {
+            const token = i % 2 === 0 ? confidentToken() : uncertainToken();
+            const event = detector.pushToken(token);
+            expect(event).toBeNull();
+        }
+    });
+    it('dynamics detector fires on high-variance alternating pattern', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 1.0, // Disable fraction detection
+            windowSize: 8,
+            minTokens: 4,
+            dynamicsThreshold: 0.5,
+        });
+        // Alternate confident/uncertain — creates high entropy variance
+        const events = [];
+        for (let i = 0; i < 20; i++) {
+            const token = i % 2 === 0 ? confidentToken() : uncertainToken();
+            const event = detector.pushToken(token);
+            if (event)
+                events.push(event);
+        }
+        // High variance from alternation should trigger dynamics
+        expect(events.length).toBeGreaterThan(0);
+        expect(events[0].evidence).toContain('Dynamics score');
+    });
+    it('debounces alerts — one per window', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.35,
+            windowSize: 8,
+            minTokens: 4,
+            dynamicsThreshold: 1.1, // Disable dynamics to test fraction debouncing
+        });
+        const events = [];
+        // Push 40 uncertain tokens — should only get a few alerts (debounced)
+        for (let i = 0; i < 40; i++) {
+            const event = detector.pushToken(uncertainToken());
+            if (event)
+                events.push(event);
+        }
+        // With window=8 and debounce, should fire at most ~4 times in 40 tokens
+        expect(events.length).toBeLessThanOrEqual(5);
+        expect(events.length).toBeGreaterThan(0);
+    });
+    it('resets state correctly', () => {
+        const detector = new EntropyDetector();
+        for (let i = 0; i < 20; i++) {
+            detector.pushToken(uncertainToken());
+        }
+        expect(detector.getStats().tokensProcessed).toBe(20);
+        detector.reset();
+        expect(detector.getStats().tokensProcessed).toBe(0);
+        expect(detector.getStats().alerts).toBe(0);
+    });
+    it('fires onEntropy callback for every token', () => {
+        const measurements = [];
+        const detector = new EntropyDetector({
+            onEntropy: (info) => measurements.push(info),
+            minTokens: 1,
+            windowSize: 4,
+        });
+        detector.pushToken(confidentToken());
+        detector.pushToken(uncertainToken());
+        expect(measurements).toHaveLength(2);
+    });
+    it('includes severity in events', () => {
+        const detector = new EntropyDetector({
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.1,
+            windowSize: 4,
+            minTokens: 1,
+            severity: 'high',
+            dynamicsThreshold: 1.1, // Disable dynamics to test fraction severity
+        });
+        // Push enough uncertain tokens
+        let event = null;
+        for (let i = 0; i < 5; i++) {
+            event = detector.pushToken(uncertainToken());
+            if (event)
+                break;
+        }
+        expect(event).not.toBeNull();
+        expect(event.severity).toBe('high');
+    });
+});
+//# sourceMappingURL=entropy-detector.test.js.map

package/dist/realtime/__tests__/entropy-detector.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy-detector.test.js","sourceRoot":"","sources":["../../../src/realtime/__tests__/entropy-detector.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAEzE,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,OAAO,GAAG;YACd,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;SAC5B,CAAC;QACF,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,SAAS,GAAG;YAChB,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;SAC5B,CAAC;QACF,MAAM,CAAC,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,SAAS,GAAG;YAChB,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YAC1B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YAC3B,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;SAC3B,CAAC;QACF,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,SAAS,SAAS,CAAC,KAAa,EAAE,QAAkB;QAClD,OAAO;YACL,KAAK;YACL,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC9B,WAAW,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;gBACnC,KAAK,EAAE,IAAI,CAAC,EAAE;gBACd,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;aACrB,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,wDAAwD;IACxD,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IACtE,wDAAwD;IACxD,MAAM,cAAc,GAAG,GAAG,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAEvE,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;SACb,CAAC,CAAC;QAEH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,iBAAiB,EAAE,GAAG,EAAE,yCAAyC;SAClE,CAAC,CAAC;QAEH,oEAAoE;QACpE,MAAM,MAAM,GAAG,EAAE,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;YACnD,IAAI,KAAK;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,EAAE;YACb,iBAAiB,EAAE,GAAG,EAAE,8CAA8C;SACvE,CAAC,CAAC;QAEH,2DAA2D;QAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,mBAAmB;QACnB,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;QACnD,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,GAAG,EAAE,gCAAgC;YACxD,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,iBAAiB,EAAE,GAAG,EAAE,6BAA6B;SACtD,CAAC,CAAC;QAEH,+DAA+D;QAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;YAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,GAAG,EAAE,6BAA6B;YACrD,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,iBAAiB,EAAE,GAAG;SACvB,CAAC,CAAC;QAEH,gEAAgE;QAChE,MAAM,MAAM,GAAG,EAAE,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;YAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACxC,IAAI,KAAK;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,yDAAyD;QACzD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,iBAAiB,EAAE,GAAG,EAAE,+CAA+C;SACxE,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,EAAE,CAAC;QAClB,sEAAsE;QACtE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;YACnD,IAAI,KAAK;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,wEAAwE;QACxE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;QAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAErD,QAAQ,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,YAAY,GAAc,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,SAAS,EAAE,CAAC;YACZ,UAAU,EAAE,CAAC;SACd,CAAC,CAAC;QAEH,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;QACrC,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;QAErC,MAAM,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;YACnC,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,GAAG;YACtB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,iBAAiB,EAAE,GAAG,EAAE,6CAA6C;SACtE,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC,CAAC;YAC7C,IAAI,KAAK;gBAAE,MAAM;QACnB,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,CAAC,KAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/realtime/__tests__/entropy-live-demo.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/realtime/__tests__/entropy-live-demo.js

@@ -0,0 +1,103 @@
+/**
+ * Live "Confident Liar" demo — runs real vs fake prompts through GPT-5.4
+ * and writes results to /tmp/entropy-results.json for the dashboard.
+ */
+import { createVerifiedStreamAuto } from '../stream-interceptor.js';
+import { writeFileSync } from 'fs';
+const RESULTS_FILE = '/tmp/entropy-results.json';
+const tests = [
+    {
+        label: 'Real API — Express REST endpoints',
+        prompt: 'Write a TypeScript Express REST API with GET /users, POST /users, and DELETE /users/:id endpoints. Use an in-memory array as the data store. Include proper status codes and JSON responses. Just the code, no explanation.',
+        expectHallucination: false,
+    },
+    {
+        label: 'Fake API — Supabase .withGraphQL() + .connectMesh()',
+        prompt: 'Write TypeScript code using the Supabase JS client that calls supabase.from("users").select().withGraphQL({ depth: 3, fragments: true }) to fetch nested user relationships. Use supabase.realtime.connectMesh() to set up peer-to-peer sync between browser tabs. Just the code, no explanation.',
+        expectHallucination: true,
+    },
+    {
+        label: 'Real API — React useState counter',
+        prompt: 'Write a React TypeScript component called Counter with increment/decrement buttons and a display. Use useState. Just the code, no explanation.',
+        expectHallucination: false,
+    },
+    {
+        label: 'Fake API — Node.js fs.createSecureWriteStream()',
+        prompt: 'Write TypeScript code that uses Node.js fs.createSecureWriteStream() with encryption options { algorithm: "aes-256-gcm", keyDerivation: "argon2" } to write an encrypted file. Use the stream.pipeline() autoRetry option with maxRetries: 3 and backoffMs: 1000. Include the onIntegrityCheck callback. Just the code, no explanation.',
+        expectHallucination: true,
+    },
+    {
+        label: 'Mixed — Next.js + invented next/ai/guards',
+        prompt: 'Write a Next.js API route at /api/analyze that uses the next/ai package\'s streamInference() function with model "gpt-4o" and the built-in hallucination guard middleware next/ai/guards. Call guards.factCheck() on the response before returning. Just the code, no explanation.',
+        expectHallucination: true,
+    },
+];
+function writeResults(results, done) {
+    writeFileSync(RESULTS_FILE, JSON.stringify({
+        tests: results,
+        done,
+        totalTests: tests.length,
+    }, null, 2));
+}
+async function runTest(test) {
+    console.log(`\n>>> Running: ${test.label}`);
+    const start = Date.now();
+    let dynamicsScore;
+    let confidence;
+    let evidenceText = '';
+    const result = await createVerifiedStreamAuto({
+        provider: 'openai',
+        model: 'gpt-5.4',
+        language: 'typescript',
+        userPrompt: test.prompt,
+        maxTokens: 400,
+        entropyDetector: {
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.35,
+            windowSize: 32,
+            minTokens: 16,
+            severity: 'medium',
+            onEntropy: () => { },
+        },
+        onVerification: (event) => {
+            if (event.verdict === 'FAIL') {
+                if (event.entropyContext) {
+                    dynamicsScore = event.entropyContext.dynamicsScore;
+                    confidence = event.entropyContext.confidence;
+                }
+                evidenceText += event.evidence.slice(0, 200) + '\n';
+            }
+        },
+    });
+    const entropyAlerts = result.findings.filter(f => f.checkId === 'entropy_hallucination').length;
+    const dynamicsAlerts = result.findings.filter(f => f.checkId === 'entropy_hallucination' && f.evidence?.includes('dynamics')).length;
+    const reviewFlags = result.findings.filter(f => f.checkId === 'entropy_review').length;
+    const elapsed = Date.now() - start;
+    console.log(`    Tokens: ${result.outputTokens}, Entropy: ${entropyAlerts}, Dynamics: ${dynamicsAlerts}, Review: ${reviewFlags}, ${elapsed}ms`);
+    return {
+        label: test.label,
+        expectHallucination: test.expectHallucination,
+        tokens: result.outputTokens,
+        entropyAlerts,
+        dynamicsAlerts,
+        reviewFlags,
+        durationMs: elapsed,
+        dynamicsScore,
+        confidence,
+        evidence: evidenceText || undefined,
+    };
+}
+async function main() {
+    // Clear previous results
+    writeResults([], false);
+    const results = [];
+    for (const test of tests) {
+        const r = await runTest(test);
+        results.push(r);
+        writeResults(results, false);
+    }
+    writeResults(results, true);
+    console.log('\n✅ All tests complete. Dashboard updated.');
+}
+main().catch(console.error);
+//# sourceMappingURL=entropy-live-demo.js.map

package/dist/realtime/__tests__/entropy-live-demo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy-live-demo.js","sourceRoot":"","sources":["../../../src/realtime/__tests__/entropy-live-demo.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAEnC,MAAM,YAAY,GAAG,2BAA2B,CAAC;AAqBjD,MAAM,KAAK,GAAe;IACxB;QACE,KAAK,EAAE,mCAAmC;QAC1C,MAAM,EAAE,6NAA6N;QACrO,mBAAmB,EAAE,KAAK;KAC3B;IACD;QACE,KAAK,EAAE,qDAAqD;QAC5D,MAAM,EAAE,mSAAmS;QAC3S,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,KAAK,EAAE,mCAAmC;QAC1C,MAAM,EAAE,gJAAgJ;QACxJ,mBAAmB,EAAE,KAAK;KAC3B;IACD;QACE,KAAK,EAAE,iDAAiD;QACxD,MAAM,EAAE,yUAAyU;QACjV,mBAAmB,EAAE,IAAI;KAC1B;IACD;QACE,KAAK,EAAE,2CAA2C;QAClD,MAAM,EAAE,oRAAoR;QAC5R,mBAAmB,EAAE,IAAI;KAC1B;CACF,CAAC;AAEF,SAAS,YAAY,CAAC,OAAqB,EAAE,IAAa;IACxD,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC;QACzC,KAAK,EAAE,OAAO;QACd,IAAI;QACJ,UAAU,EAAE,KAAK,CAAC,MAAM;KACzB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACf,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAAc;IACnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,IAAI,aAAiC,CAAC;IACtC,IAAI,UAA8B,CAAC;IACnC,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC;QAC5C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,YAAY;QACtB,UAAU,EAAE,IAAI,CAAC,MAAM;QACvB,SAAS,EAAE,GAAG;QACd,eAAe,EAAE;YACf,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,GAAG,EAAE,GAAE,CAAC;SACpB;QACD,cAAc,EAAE,CAAC,KAAK,EAAE,EAAE;YACxB,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;gBAC7B,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;oBACzB,aAAa,GAAG,KAAK,CAAC,cAAc,CAAC,aAAa,CAAC;oBACnD,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC;gBAC/C,CAAC;gBACD,YAAY,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC;YACtD,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,uBAAuB,CAAC,CAAC,MAAM,CAAC;IAChG,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAChD,CAAC,CAAC,OAAO,KAAK,uBAAuB,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,CAC1E,CAAC,MAAM,CAAC;IACT,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC,MAAM,CAAC;IAEvF,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,YAAY,cAAc,aAAa,eAAe,cAAc,aAAa,WAAW,KAAK,OAAO,IAAI,CAAC,CAAC;IAEhJ,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;QAC7C,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,aAAa;QACb,cAAc;QACd,WAAW;QACX,UAAU,EAAE,OAAO;QACnB,aAAa;QACb,UAAU;QACV,QAAQ,EAAE,YAAY,IAAI,SAAS;KACpC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,yBAAyB;IACzB,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAExB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;AAC5D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC"}

package/dist/realtime/__tests__/entropy-live.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Quick live test of the entropy hallucination detector through the
+ * full streaming verifier pipeline.
+ *
+ * Usage:
+ *   OPENAI_API_KEY=sk-... npx tsx src/realtime/__tests__/entropy-live.ts
+ */
+export {};

package/dist/realtime/__tests__/entropy-live.js

@@ -0,0 +1,114 @@
+/**
+ * Quick live test of the entropy hallucination detector through the
+ * full streaming verifier pipeline.
+ *
+ * Usage:
+ *   OPENAI_API_KEY=sk-... npx tsx src/realtime/__tests__/entropy-live.ts
+ */
+import { createVerifiedStreamAuto } from '../stream-interceptor.js';
+const GREEN = '\x1b[32m';
+const YELLOW = '\x1b[33m';
+const RED = '\x1b[31m';
+const BOLD = '\x1b[1m';
+const DIM = '\x1b[2m';
+const RESET = '\x1b[0m';
+async function runTest(label, prompt) {
+    console.log(`\n${BOLD}${'='.repeat(70)}${RESET}`);
+    console.log(`${BOLD}  ${label}${RESET}`);
+    console.log(`${BOLD}${'='.repeat(70)}${RESET}`);
+    console.log(`${DIM}Prompt: ${prompt.slice(0, 80)}...${RESET}\n`);
+    let tokenCount = 0;
+    const result = await createVerifiedStreamAuto({
+        provider: 'openai',
+        model: 'gpt-5.4',
+        language: 'typescript',
+        userPrompt: prompt,
+        maxTokens: 400,
+        entropyDetector: {
+            tokenThreshold: 0.5,
+            fractionThreshold: 0.35,
+            windowSize: 32,
+            minTokens: 16,
+            severity: 'medium',
+            onEntropy: (info) => {
+                tokenCount++;
+                if (tokenCount % 20 === 0) {
+                    const color = info.exceedsThreshold ? RED : info.windowEntropy > 0.25 ? YELLOW : GREEN;
+                    process.stdout.write(`${DIM}[${tokenCount}]${RESET} ` +
+                        `frac=${color}${(info.windowEntropy * 100).toFixed(0)}%${RESET} ` +
+                        `e=${info.entropy.toFixed(2)} ` +
+                        `${DIM}${info.token}${RESET}\n`);
+                }
+            },
+        },
+        onVerification: (event) => {
+            if (event.verdict === 'FAIL') {
+                const icon = event.checkId === 'entropy_hallucination' ? '🧠'
+                    : event.checkId === 'entropy_review' ? '👀'
+                        : '🔍';
+                const ctx = event.entropyContext
+                    ? ` [confidence=${event.entropyContext.confidence}, entropy_frac=${(event.entropyContext.highEntropyFraction * 100).toFixed(0)}%]`
+                    : '';
+                console.log(`\n${RED}${icon} ${event.checkName} (${event.severity})${ctx}${RESET}`);
+                console.log(`   ${event.evidence.slice(0, 150)}`);
+            }
+        },
+    });
+    // Summary
+    const entropyFindings = result.findings.filter(f => f.checkId === 'entropy_hallucination');
+    const reviewFindings = result.findings.filter(f => f.checkId === 'entropy_review');
+    const patternFindings = result.findings.filter(f => f.checkId !== 'entropy_hallucination' && f.checkId !== 'entropy_review');
+    console.log(`\n${BOLD}--- Results ---${RESET}`);
+    console.log(`Tokens: ${result.outputTokens}`);
+    console.log(`Pattern findings: ${patternFindings.length}`);
+    console.log(`Entropy alerts: ${entropyFindings.length}`);
+    console.log(`Review flags: ${reviewFindings.length}`);
+    console.log(`Duration: ${result.durationMs}ms`);
+    return {
+        entropyFindings: entropyFindings.length,
+        reviewFindings: reviewFindings.length,
+        patternFindings: patternFindings.length,
+    };
+}
+async function main() {
+    const tests = [
+        {
+            label: 'CONFIDENT — Express REST API (well-known pattern)',
+            prompt: 'Write a TypeScript Express REST API with GET /users, POST /users, and DELETE /users/:id endpoints. Use an in-memory array as the data store. Include proper status codes and JSON responses. Just the code, no explanation.',
+        },
+        {
+            label: 'SUBTLE HALLUCINATION — real library, wrong API',
+            prompt: 'Write TypeScript code using the Supabase JS client that calls supabase.from("users").select().withGraphQL({ depth: 3, fragments: true }) to fetch nested user relationships. Use supabase.realtime.connectMesh() to set up peer-to-peer sync between browser tabs. Just the code, no explanation.',
+        },
+        {
+            label: 'CONFIDENT — React useState counter',
+            prompt: 'Write a React TypeScript component called Counter with increment/decrement buttons and a display. Use useState. Just the code, no explanation.',
+        },
+        {
+            label: 'HARD HALLUCINATION — plausible but wrong Node.js APIs',
+            prompt: 'Write TypeScript code that uses Node.js fs.createSecureWriteStream() with encryption options { algorithm: "aes-256-gcm", keyDerivation: "argon2" } to write an encrypted file. Use the stream.pipeline() autoRetry option with maxRetries: 3 and backoffMs: 1000. Include the onIntegrityCheck callback. Just the code, no explanation.',
+        },
+        {
+            label: 'MIXED — real framework, invented plugin',
+            prompt: 'Write a Next.js API route at /api/analyze that uses the next/ai package\'s streamInference() function with model "gpt-4o" and the built-in hallucination guard middleware next/ai/guards. Call guards.factCheck() on the response before returning. Just the code, no explanation.',
+        },
+    ];
+    const results = [];
+    for (const test of tests) {
+        const r = await runTest(test.label, test.prompt);
+        results.push({ label: test.label, entropy: r.entropyFindings, review: r.reviewFindings, pattern: r.patternFindings });
+    }
+    // Comparison
+    console.log(`\n${BOLD}${'='.repeat(78)}${RESET}`);
+    console.log(`${BOLD}  COMPARISON${RESET}`);
+    console.log(`${BOLD}${'='.repeat(78)}${RESET}`);
+    console.log('Test                                        Entropy  Review  Pattern  Total');
+    console.log('-'.repeat(78));
+    for (const r of results) {
+        const short = r.label.length > 42 ? r.label.slice(0, 39) + '...' : r.label;
+        const total = r.entropy + r.review + r.pattern;
+        console.log(`${short.padEnd(44)} ${String(r.entropy).padStart(7)} ${String(r.review).padStart(7)} ${String(r.pattern).padStart(8)} ${String(total).padStart(6)}`);
+    }
+}
+main().catch(console.error);
+//# sourceMappingURL=entropy-live.js.map

package/dist/realtime/__tests__/entropy-live.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy-live.js","sourceRoot":"","sources":["../../../src/realtime/__tests__/entropy-live.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAEpE,MAAM,KAAK,GAAG,UAAU,CAAC;AACzB,MAAM,MAAM,GAAG,UAAU,CAAC;AAC1B,MAAM,GAAG,GAAG,UAAU,CAAC;AACvB,MAAM,IAAI,GAAG,SAAS,CAAC;AACvB,MAAM,GAAG,GAAG,SAAS,CAAC;AACtB,MAAM,KAAK,GAAG,SAAS,CAAC;AAExB,KAAK,UAAU,OAAO,CAAC,KAAa,EAAE,MAAc;IAClD,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,KAAK,KAAK,GAAG,KAAK,EAAE,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,WAAW,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;IAEjE,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAAC;QAC5C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,YAAY;QACtB,UAAU,EAAE,MAAM;QAClB,SAAS,EAAE,GAAG;QACd,eAAe,EAAE;YACf,cAAc,EAAE,GAAG;YACnB,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;YACb,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;gBAClB,UAAU,EAAE,CAAC;gBACb,IAAI,UAAU,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;oBAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;oBACvF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,GAAG,GAAG,IAAI,UAAU,IAAI,KAAK,GAAG;wBAChC,QAAQ,KAAK,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG;wBACjE,KAAK,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;wBAC/B,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,CAChC,CAAC;gBACJ,CAAC;YACH,CAAC;SACF;QACD,cAAc,EAAE,CAAC,KAAK,EAAE,EAAE;YACxB,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;gBAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,KAAK,uBAAuB,CAAC,CAAC,CAAC,IAAI;oBAC3D,CAAC,CAAC,KAAK,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC,CAAC,IAAI;wBAC3C,CAAC,CAAC,IAAI,CAAC;gBACT,MAAM,GAAG,GAAG,KAAK,CAAC,cAAc;oBAC9B,CAAC,CAAC,gBAAgB,KAAK,CAAC,cAAc,CAAC,UAAU,kBAAkB,CAAC,KAAK,CAAC,cAAc,CAAC,mBAAmB,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI;oBAClI,CAAC,CAAC,EAAE,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,GAAG,IAAI,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,QAAQ,IAAI,GAAG,GAAG,KAAK,EAAE,CAAC,CAAC;gBACpF,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;KACF,CAAC,CAAC;IAEH,UAAU;IACV,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,uBAAuB,CAAC,CAAC;IAC3F,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC;IACnF,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CACjD,CAAC,CAAC,OAAO,KAAK,uBAAuB,IAAI,CAAC,CAAC,OAAO,KAAK,gBAAgB,CACxE,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,kBAAkB,KAAK,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,qBAAqB,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,mBAAmB,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,iBAAiB,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;IAEhD,OAAO;QACL,eAAe,EAAE,eAAe,CAAC,MAAM;QACvC,cAAc,EAAE,cAAc,CAAC,MAAM;QACrC,eAAe,EAAE,eAAe,CAAC,MAAM;KACxC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,KAAK,GAA6C;QACtD;YACE,KAAK,EAAE,mDAAmD;YAC1D,MAAM,EAAE,6NAA6N;SACtO;QACD;YACE,KAAK,EAAE,gDAAgD;YACvD,MAAM,EAAE,mSAAmS;SAC5S;QACD;YACE,KAAK,EAAE,oCAAoC;YAC3C,MAAM,EAAE,gJAAgJ;SACzJ;QACD;YACE,KAAK,EAAE,uDAAuD;YAC9D,MAAM,EAAE,yUAAyU;SAClV;QACD;YACE,KAAK,EAAE,yCAAyC;YAChD,MAAM,EAAE,oRAAoR;SAC7R;KACF,CAAC;IAEF,MAAM,OAAO,GAA+E,EAAE,CAAC;IAE/F,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IACxH,CAAC;IAED,aAAa;IACb,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,eAAe,KAAK,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC3E,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC;QAC/C,OAAO,CAAC,GAAG,CACT,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CACrJ,CAAC;IACJ,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC"}

package/dist/realtime/__tests__/stream-interceptor.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/realtime/__tests__/stream-interceptor.test.js

@@ -0,0 +1,193 @@
+import { describe, it, expect } from 'vitest';
+import { createVerifiedStreamFromTokens } from '../stream-interceptor.js';
+// ── Helpers ─────────────────────────────────────────────────────
+/**
+ * Split a string into token-like chunks (3-5 chars each) to simulate
+ * realistic streaming granularity.
+ */
+function tokenize(code, chunkSize = 4) {
+    const tokens = [];
+    for (let i = 0; i < code.length; i += chunkSize) {
+        tokens.push(code.slice(i, i + chunkSize));
+    }
+    return tokens;
+}
+// ── Tests ─────────────────────────────────────────────────────────
+describe('StreamInterceptor', () => {
+    // 1. Clean code stream
+    it('produces 0 findings for clean code', () => {
+        const code = 'const x = 1;\nconst y = 2;\n';
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        expect(result.findings).toHaveLength(0);
+        expect(result.text).toBe(code);
+    });
+    // 2. SQL injection detected
+    it('detects SQL injection via string concatenation', () => {
+        const code = 'const q = "SELECT * FROM users WHERE id = " + userId;\n';
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        expect(result.findings.length).toBeGreaterThanOrEqual(1);
+        const sqlFinding = result.findings.find(e => e.checkId.includes('sql'));
+        expect(sqlFinding).toBeDefined();
+        expect(sqlFinding.severity).toBe('critical');
+    });
+    // 3. onText callback fires for each chunk
+    it('fires onText callback for every token chunk', () => {
+        const code = 'const x = 1;\n';
+        const chunks = tokenize(code);
+        const received = [];
+        createVerifiedStreamFromTokens(chunks, {
+            language: 'typescript',
+            onText: (text) => received.push(text),
+        });
+        expect(received).toEqual(chunks);
+    });
+    // 4. onVerification callback fires for findings
+    it('fires onVerification callback for findings', () => {
+        const code = 'const q = "SELECT * FROM users WHERE id = " + userId;\n';
+        const verificationEvents = [];
+        createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+            onVerification: (event) => verificationEvents.push(event),
+        });
+        const findings = verificationEvents.filter(e => e.verdict === 'FAIL');
+        expect(findings.length).toBeGreaterThanOrEqual(1);
+        expect(findings[0].checkId).toContain('sql');
+    });
+    // 5. Stats populated
+    it('populates stats with non-zero values for non-empty streams', () => {
+        const code = 'const x = 1;\nconst y = 2;\n';
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        expect(result.stats.unitsProcessed).toBeGreaterThan(0);
+        expect(result.stats.checksRun).toBeGreaterThan(0);
+        expect(result.stats.totalTimeMs).toBeGreaterThanOrEqual(0);
+    });
+    // 6. Flush catches trailing code without structural boundary
+    it('catches findings in trailing code via flush', () => {
+        // No trailing newline or semicolon — the secret must be caught by flush
+        const code = 'const secret = "sk-abc123456789abcdef"';
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        const secretFinding = result.findings.find(e => e.checkId.includes('secret'));
+        expect(secretFinding).toBeDefined();
+        expect(secretFinding.severity).toBe('critical');
+    });
+    // 7. Multiple statements — mix of clean and bad
+    it('handles a mix of clean and bad statements', () => {
+        const code = [
+            'const name = "Alice";',
+            'const q = "SELECT * FROM users WHERE id = " + userId;',
+            'const y = 42;',
+            'const token = "sk-ant-secret1234567890";',
+            '',
+        ].join('\n');
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        // Should have at least 2 findings: SQL injection + hardcoded secret
+        expect(result.findings.length).toBeGreaterThanOrEqual(2);
+        const sqlFinding = result.findings.find(e => e.checkId.includes('sql'));
+        const secretFinding = result.findings.find(e => e.checkId.includes('secret'));
+        expect(sqlFinding).toBeDefined();
+        expect(secretFinding).toBeDefined();
+    });
+    // 8. Result shape — all fields present and correctly typed
+    it('returns a correctly shaped VerifiedStreamResult', () => {
+        const code = 'const x = 1;\n';
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        // All required fields exist
+        expect(typeof result.text).toBe('string');
+        expect(Array.isArray(result.events)).toBe(true);
+        expect(Array.isArray(result.findings)).toBe(true);
+        expect(typeof result.stats).toBe('object');
+        expect(typeof result.inputTokens).toBe('number');
+        expect(typeof result.outputTokens).toBe('number');
+        expect(typeof result.durationMs).toBe('number');
+        // Stats shape
+        expect(typeof result.stats.unitsProcessed).toBe('number');
+        expect(typeof result.stats.checksRun).toBe('number');
+        expect(typeof result.stats.findings).toBe('number');
+        expect(typeof result.stats.avgLatencyMs).toBe('number');
+        expect(typeof result.stats.maxLatencyMs).toBe('number');
+        expect(typeof result.stats.totalTimeMs).toBe('number');
+        // Token counts are 0 for the test helper (no real API)
+        expect(result.inputTokens).toBe(0);
+        expect(result.outputTokens).toBe(0);
+        // Duration is a non-negative number
+        expect(result.durationMs).toBeGreaterThanOrEqual(0);
+    });
+    // 9. Empty stream
+    it('handles an empty token stream gracefully', () => {
+        const result = createVerifiedStreamFromTokens([], {
+            language: 'typescript',
+        });
+        expect(result.text).toBe('');
+        expect(result.findings).toHaveLength(0);
+        expect(result.events).toHaveLength(0);
+        expect(result.stats.unitsProcessed).toBe(0);
+    });
+    // 10. Function with bug inside
+    it('detects SQL injection inside a complete function', () => {
+        const code = [
+            'function getUser(userId: string) {',
+            '  const query = "SELECT * FROM users WHERE id = " + userId;',
+            '  return db.execute(query);',
+            '}',
+            '',
+        ].join('\n');
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        const sqlFinding = result.findings.find(e => e.checkId.includes('sql'));
+        expect(sqlFinding).toBeDefined();
+        expect(sqlFinding.verdict).toBe('FAIL');
+    });
+    // ── Auto-correction callback ──────────────────────────────────
+    it('fires onCorrection for high+ severity findings when autoCorrect is enabled', () => {
+        const code = 'const q = "SELECT * FROM users WHERE id = " + userId;\n';
+        const corrections = [];
+        createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+            autoCorrect: true,
+            minCorrectionSeverity: 'high',
+            onCorrection: (info) => corrections.push(info),
+        });
+        expect(corrections.length).toBeGreaterThanOrEqual(1);
+        expect(corrections[0].finding.verdict).toBe('FAIL');
+        expect(corrections[0].generatedSoFar.length).toBeGreaterThan(0);
+    });
+    it('does not fire onCorrection when autoCorrect is false', () => {
+        const code = 'const q = "SELECT * FROM users WHERE id = " + userId;\n';
+        const corrections = [];
+        createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+            autoCorrect: false,
+            onCorrection: (info) => corrections.push(info),
+        });
+        expect(corrections).toHaveLength(0);
+    });
+    // ── Findings is a strict subset of events ──────────────────────
+    it('findings array contains only FAIL events from events array', () => {
+        const code = 'const q = "SELECT * FROM users WHERE id = " + userId;\n';
+        const result = createVerifiedStreamFromTokens(tokenize(code), {
+            language: 'typescript',
+        });
+        // Every finding should be in events
+        for (const finding of result.findings) {
+            expect(result.events).toContain(finding);
+            expect(finding.verdict).toBe('FAIL');
+        }
+        // findings count should match FAIL events in events array
+        const failEvents = result.events.filter(e => e.verdict === 'FAIL');
+        expect(result.findings).toHaveLength(failEvents.length);
+    });
+});
+//# sourceMappingURL=stream-interceptor.test.js.map