vaspera 2.14.0 → 2.16.0

package/dist/scanners/terraform.js.map

@@ -1 +1 @@
-{"version":3,"file":"terraform.js","sourceRoot":"","sources":["../../src/scanners/terraform.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAKjC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAkDlC,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,sEAAsE;SAC9E,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,mBAAmB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3E,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,sDAAsD;SAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACjD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAChC,UAAU,WAAW,4BAA4B,EACjD;YACE,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CACF,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAgB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAA2B,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC/E,OAAO,EAAE,OAAgB;YACzB,MAAM,EAAE,SAAS,MAAM,CAAC,OAAO,EAAE;YACjC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;YAC7D,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU;YAChC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YACjC,OAAO,EAAE,GAAG,MAAM,CAAC,gBAAgB,KAAK,MAAM,CAAC,WAAW,EAAE;YAC5D,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,QAAQ,EAAE,MAAM,CAAC,aAAa;gBAC9B,OAAO,EAAE,MAAM,CAAC,YAAY;gBAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;SACF,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,WAAmB,EACnB,OAAkD;IAElD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,qBAAqB,EAAE,CAAC;QACnD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,SAAS;gBAClB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,GAAG,eAAe,WAAW,qBAAqB,CAAC;QAC9D,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACvB,OAAO,IAAI,gBAAgB,OAAO,CAAC,SAAS,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAC1C,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACjB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAoB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAClD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,SAAkB;oBAC3B,MAAM,EAAE,WAAW,MAAM,CAAC,QAAQ,EAAE;oBACpC,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;oBACrD,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;oBAC/B,OAAO,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;oBAClC,OAAO,EAAE,MAAM,CAAC,UAAU;oBAC1B,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,IAAI,QAAQ,CAAC;oBAClD,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,SAAS,EAAE,MAAM,CAAC,UAAU;wBAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;qBAC5B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACrD,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,UAAU,CAAC,WAAW,EAAE,OAAO,CAAC;KACjC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,aAAa,CAAC,OAAO,CAAC;IAE7D,OAAO;QACL,OAAO,EAAE,WAAW;QACpB,QAAQ;QACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO;QACP,KAAK,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS;KAC1D,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,WAAmB;IACvD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAChC,SAAS,WAAW,uGAAuG,EAC3H,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
+{"version":3,"file":"terraform.js","sourceRoot":"","sources":["../../src/scanners/terraform.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAmD5C,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,sEAAsE;KAC9E,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,CAAC;IAC7C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,sDAAsD;KAC9D,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACjD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,6CAA6C;QAC7C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CACjC,OAAO,EACP,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAC/C;YACE,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CACF,CAAC;QAEF,MAAM,MAAM,GAAG,SAAS,CAAc,MAAM,EAAE,cAAc,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAA2B,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC/E,OAAO,EAAE,OAAgB;YACzB,MAAM,EAAE,SAAS,MAAM,CAAC,OAAO,EAAE;YACjC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;YAC7D,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU;YAChC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YACjC,OAAO,EAAE,GAAG,MAAM,CAAC,gBAAgB,KAAK,MAAM,CAAC,WAAW,EAAE;YAC5D,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,QAAQ,EAAE,MAAM,CAAC,aAAa;gBAC9B,OAAO,EAAE,MAAM,CAAC,YAAY;gBAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;SACF,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,WAAmB,EACnB,OAAkD;IAElD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,qBAAqB,EAAE,CAAC;QACnD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,SAAS;gBAClB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAC5D,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QAED,mEAAmE;QACnE,6CAA6C;QAC7C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE;YACnD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,SAAS,CAAkB,MAAM,EAAE,gBAAgB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAClD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,SAAkB;oBAC3B,MAAM,EAAE,WAAW,MAAM,CAAC,QAAQ,EAAE;oBACpC,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;oBACrD,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;oBAC/B,OAAO,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;oBAClC,OAAO,EAAE,MAAM,CAAC,UAAU;oBAC1B,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,IAAI,QAAQ,CAAC;oBAClD,UAAU,EAAE,GAAG;oBACf,QAAQ,EAAE;wBACR,SAAS,EAAE,MAAM,CAAC,UAAU;wBAC5B,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,SAAS,EAAE,MAAM,CAAC,SAAS;qBAC5B;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACrD,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,UAAU,CAAC,WAAW,EAAE,OAAO,CAAC;KACjC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,aAAa,CAAC,OAAO,CAAC;IAE7D,OAAO;QACL,OAAO,EAAE,WAAW;QACpB,QAAQ;QACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO;QACP,KAAK,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,SAAS;KAC1D,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,WAAmB;IACvD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CACjC,MAAM,EACN;YACE,WAAW;YACX,WAAW;YACX,GAAG;YACH,GAAG;YACH,OAAO;YACP,MAAM;YACN,IAAI;YACJ,OAAO;YACP,UAAU;YACV,IAAI;YACJ,OAAO;YACP,aAAa;YACb,IAAI;YACJ,OAAO;YACP,YAAY;YACZ,GAAG;YACH,QAAQ;SACT,EACD,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/scanners/trivy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"trivy.d.ts","sourceRoot":"","sources":["../../src/scanners/trivy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA6F3F;;GAEG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAkBxE;AASD;;GAEG;AACH,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,IAAI,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB,GACA,OAAO,CAAC,aAAa,CAAC,CA8IxB;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAUrE"}
+{"version":3,"file":"trivy.d.ts","sourceRoot":"","sources":["../../src/scanners/trivy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA2F3F;;GAEG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAexE;AASD;;GAEG;AACH,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,IAAI,GAAG,QAAQ,GAAG,MAAM,CAAC;IACpC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB,GACA,OAAO,CAAC,aAAa,CAAC,CAsIxB;AAED;;GAEG;AACH,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CA+BrE"}

package/dist/scanners/trivy.js

@@ -5,31 +5,27 @@
  *
  * @module scanners/trivy
  */
-import { exec } from "child_process";
-import { promisify } from "util";
+import { runCommand, probeBinary } from "../util/subprocess.js";
+import { parseJson } from "../util/json.js";
 import { SEVERITY_MAPPINGS } from "./types.js";
-const execAsync = promisify(exec);
 /**
  * Check if Trivy is available
  */
 export async function checkTrivyAvailable() {
-    try {
-        const { stdout } = await execAsync("trivy --version", { timeout: 5000 });
-        const match = stdout.match(/Version: ([\d.]+)/);
-        const version = match ? match[1] : stdout.trim().split("\n")[0];
+    const firstLine = await probeBinary("trivy");
+    if (firstLine !== null) {
+        const match = firstLine.match(/Version: ([\d.]+)/);
         return {
             scanner: "trivy",
             available: true,
-            version,
-        };
-    }
-    catch (error) {
-        return {
-            scanner: "trivy",
-            available: false,
-            error: error instanceof Error ? error.message : "Trivy not found",
+            version: match ? match[1] : firstLine,
         };
     }
+    return {
+        scanner: "trivy",
+        available: false,
+        error: "Trivy not found",
+    };
 }
 /**
  * Convert Trivy severity to vaspera severity
@@ -54,28 +50,20 @@ export async function runTrivy(projectPath, options) {
                 error: "Trivy is not installed. Install from: https://aquasecurity.github.io/trivy/",
             };
         }
-        // Build command
         const scanType = options?.scanType || "fs";
-        let command = `trivy ${scanType} --format json`;
+        const args = [scanType, "--format", "json"];
         if (options?.ignoreUnfixed) {
-            command += " --ignore-unfixed";
+            args.push("--ignore-unfixed");
         }
         if (options?.severity && options.severity.length > 0) {
-            command += ` --severity ${options.severity.join(",")}`;
+            args.push("--severity", options.severity.join(","));
         }
-        command += ` "${projectPath}"`;
-        // Run Trivy
-        const { stdout, stderr } = await execAsync(command, {
+        args.push(projectPath);
+        const { stdout } = await runCommand("trivy", args, {
             timeout: options?.timeout || 300000, // 5 minutes for Trivy
             maxBuffer: 50 * 1024 * 1024, // 50MB
-        }).catch((error) => {
-            if (error.stdout) {
-                return { stdout: error.stdout, stderr: error.stderr || "" };
-            }
-            throw error;
         });
-        // Parse JSON output
-        const output = JSON.parse(stdout);
+        const output = parseJson(stdout, "trivy output");
         // Convert to DeterministicFindings
         const findings = [];
         for (const result of output.Results) {
@@ -177,7 +165,27 @@ export async function runTrivy(projectPath, options) {
  */
 export async function detectIaC(projectPath) {
     try {
-        const { stdout } = await execAsync(`find "${projectPath}" -maxdepth 3 \\( -name "Dockerfile*" -o -name "*.tf" -o -name "*.yaml" -name "*compose*.yml" -o -name "kubernetes*.yaml" \\) | head -1`, { timeout: 5000 });
+        const { stdout } = await runCommand("find", [
+            projectPath,
+            "-maxdepth",
+            "3",
+            "(",
+            "-name",
+            "Dockerfile*",
+            "-o",
+            "-name",
+            "*.tf",
+            "-o",
+            "-name",
+            "*.yaml",
+            "-name",
+            "*compose*.yml",
+            "-o",
+            "-name",
+            "kubernetes*.yaml",
+            ")",
+            "-print",
+        ], { timeout: 5000 });
         return stdout.trim().length > 0;
     }
     catch {

package/dist/scanners/trivy.js.map

@@ -1 +1 @@
-{"version":3,"file":"trivy.js","sourceRoot":"","sources":["../../src/scanners/trivy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAEjC,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AA0FlC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,IAAI;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB;SAClE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,QAA4D;IAC/E,OAAO,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAoD,CAAC;AAC9F,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAAmB,EACnB,OAKC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,8BAA8B;QAC9B,MAAM,YAAY,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACjD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,6EAA6E;aACrF,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,IAAI,OAAO,GAAG,SAAS,QAAQ,gBAAgB,CAAC;QAEhD,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,OAAO,IAAI,mBAAmB,CAAC;QACjC,CAAC;QAED,IAAI,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,eAAe,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,KAAK,WAAW,GAAG,CAAC;QAE/B,YAAY;QACZ,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAClD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,sBAAsB;YAC3D,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;SACrC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACjB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,MAAM,GAAgB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE/C,mCAAmC;QACnC,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,0BAA0B;YAC1B,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC3B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC1C,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,OAAgB;wBACzB,MAAM,EAAE,SAAS,IAAI,CAAC,eAAe,EAAE;wBACvC,IAAI,EAAE,MAAM,CAAC,MAAM;wBACnB,IAAI,EAAE,CAAC;wBACP,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;wBACxJ,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;wBACpC,UAAU,EAAE,GAAG;wBACf,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC;wBAC9B,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY;wBACjC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS;wBACtE,QAAQ,EAAE;4BACR,OAAO,EAAE,IAAI,CAAC,OAAO;4BACrB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;4BACvC,YAAY,EAAE,IAAI,CAAC,YAAY;4BAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;yBAC5B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC7B,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;oBACjD,MAAM,SAAS,GAAG,SAAS,CAAC,aAAa,EAAE,SAAS,IAAI,CAAC,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,OAAgB;wBACzB,MAAM,EAAE,SAAS,SAAS,CAAC,EAAE,EAAE;wBAC/B,IAAI,EAAE,MAAM,CAAC,MAAM;wBACnB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,OAAO;wBACzC,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,KAAK,SAAS,CAAC,OAAO,EAAE;wBACnD,QAAQ,EAAE,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC;wBACzC,UAAU,EAAE,GAAG;wBACf,GAAG,EAAE,SAAS,CAAC,UAAU;wBACzB,QAAQ,EAAE,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,KAAK;4BAC5C,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;6BACtB,IAAI,CAAC,IAAI,CAAC;wBACb,QAAQ,EAAE;4BACR,IAAI,EAAE,SAAS,CAAC,IAAI;4BACpB,SAAS,EAAE,SAAS,CAAC,SAAS;4BAC9B,QAAQ,EAAE,SAAS,CAAC,aAAa,EAAE,QAAQ;4BAC3C,QAAQ,EAAE,SAAS,CAAC,aAAa,EAAE,QAAQ;4BAC3C,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,OAAO;4BACzC,UAAU,EAAE,SAAS,CAAC,UAAU;yBACjC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpC,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,OAAgB;wBACzB,MAAM,EAAE,SAAS,MAAM,CAAC,MAAM,EAAE;wBAChC,IAAI,EAAE,MAAM,CAAC,MAAM;wBACnB,IAAI,EAAE,MAAM,CAAC,SAAS;wBACtB,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,OAAO,EAAE,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,QAAQ,EAAE;wBAC9C,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;wBACtC,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,KAAK;4BAC1B,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;6BACtB,IAAI,CAAC,IAAI,CAAC;wBACb,QAAQ,EAAE;4BACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;4BACzB,KAAK,EAAE,MAAM,CAAC,KAAK;yBACpB;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,WAAmB;IACjD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAChC,SAAS,WAAW,yIAAyI,EAC7J,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
+{"version":3,"file":"trivy.js","sourceRoot":"","sources":["../../src/scanners/trivy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AA0F/C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACnD,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;SACtC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,SAAS,EAAE,KAAK;QAChB,KAAK,EAAE,iBAAiB;KACzB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,QAA4D;IAC/E,OAAO,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAoD,CAAC;AAC9F,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAAmB,EACnB,OAKC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,8BAA8B;QAC9B,MAAM,YAAY,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACjD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,6EAA6E;aACrF,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;QAC3C,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAE5C,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,OAAO,EAAE,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEvB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,IAAI,EAAE;YACjD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,sBAAsB;YAC3D,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;SACrC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,SAAS,CAAc,MAAM,EAAE,cAAc,CAAC,CAAC;QAE9D,mCAAmC;QACnC,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,0BAA0B;YAC1B,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC3B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC1C,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,OAAgB;wBACzB,MAAM,EAAE,SAAS,IAAI,CAAC,eAAe,EAAE;wBACvC,IAAI,EAAE,MAAM,CAAC,MAAM;wBACnB,IAAI,EAAE,CAAC;wBACP,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;wBACxJ,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;wBACpC,UAAU,EAAE,GAAG;wBACf,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC;wBAC9B,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,YAAY;wBACjC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS;wBACtE,QAAQ,EAAE;4BACR,OAAO,EAAE,IAAI,CAAC,OAAO;4BACrB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;4BACvC,YAAY,EAAE,IAAI,CAAC,YAAY;4BAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;yBAC5B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;gBAC7B,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;oBACjD,MAAM,SAAS,GAAG,SAAS,CAAC,aAAa,EAAE,SAAS,IAAI,CAAC,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,OAAgB;wBACzB,MAAM,EAAE,SAAS,SAAS,CAAC,EAAE,EAAE;wBAC/B,IAAI,EAAE,MAAM,CAAC,MAAM;wBACnB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,OAAO;wBACzC,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,KAAK,SAAS,CAAC,OAAO,EAAE;wBACnD,QAAQ,EAAE,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC;wBACzC,UAAU,EAAE,GAAG;wBACf,GAAG,EAAE,SAAS,CAAC,UAAU;wBACzB,QAAQ,EAAE,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,KAAK;4BAC5C,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;6BACtB,IAAI,CAAC,IAAI,CAAC;wBACb,QAAQ,EAAE;4BACR,IAAI,EAAE,SAAS,CAAC,IAAI;4BACpB,SAAS,EAAE,SAAS,CAAC,SAAS;4BAC9B,QAAQ,EAAE,SAAS,CAAC,aAAa,EAAE,QAAQ;4BAC3C,QAAQ,EAAE,SAAS,CAAC,aAAa,EAAE,QAAQ;4BAC3C,OAAO,EAAE,SAAS,CAAC,aAAa,EAAE,OAAO;4BACzC,UAAU,EAAE,SAAS,CAAC,UAAU;yBACjC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpC,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,OAAgB;wBACzB,MAAM,EAAE,SAAS,MAAM,CAAC,MAAM,EAAE;wBAChC,IAAI,EAAE,MAAM,CAAC,MAAM;wBACnB,IAAI,EAAE,MAAM,CAAC,SAAS;wBACtB,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,OAAO,EAAE,GAAG,MAAM,CAAC,KAAK,KAAK,MAAM,CAAC,QAAQ,EAAE;wBAC9C,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;wBACtC,UAAU,EAAE,GAAG;wBACf,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,KAAK;4BAC1B,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;6BACtB,IAAI,CAAC,IAAI,CAAC;wBACb,QAAQ,EAAE;4BACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;4BACzB,KAAK,EAAE,MAAM,CAAC,KAAK;yBACpB;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,WAAmB;IACjD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CACjC,MAAM,EACN;YACE,WAAW;YACX,WAAW;YACX,GAAG;YACH,GAAG;YACH,OAAO;YACP,aAAa;YACb,IAAI;YACJ,OAAO;YACP,MAAM;YACN,IAAI;YACJ,OAAO;YACP,QAAQ;YACR,OAAO;YACP,eAAe;YACf,IAAI;YACJ,OAAO;YACP,kBAAkB;YAClB,GAAG;YACH,QAAQ;SACT,EACD,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/telemetry/install-id.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Anonymous installation identifier.
+ *
+ * A random UUID persisted once at ~/.vaspera/install-id, used only to count
+ * unique installations and active installs in aggregate. It is NOT tied to any
+ * user, machine fingerprint, repo, or source code — it is a random value the
+ * install generates for itself. See TELEMETRY.md.
+ *
+ * @module telemetry/install-id
+ */
+export interface InstallIdentity {
+    /** Random anonymous install UUID. */
+    installId: string;
+    /** True only on the run that first created the id (used for the first-run notice). */
+    isFirstRun: boolean;
+}
+/**
+ * Get (or lazily create) the anonymous install id. Idempotent within a process.
+ * Degrades to an ephemeral id if the filesystem is not writable, in which case
+ * isFirstRun is false so we never repeatedly show the notice or imply a new install.
+ */
+export declare function getInstallIdentity(): InstallIdentity;
+/** Convenience accessor for just the id. */
+export declare function getInstallId(): string;
+//# sourceMappingURL=install-id.d.ts.map

package/dist/telemetry/install-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-id.d.ts","sourceRoot":"","sources":["../../src/telemetry/install-id.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAUH,MAAM,WAAW,eAAe;IAC9B,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,sFAAsF;IACtF,UAAU,EAAE,OAAO,CAAC;CACrB;AAID;;;;GAIG;AACH,wBAAgB,kBAAkB,IAAI,eAAe,CAoBpD;AAED,4CAA4C;AAC5C,wBAAgB,YAAY,IAAI,MAAM,CAErC"}

package/dist/telemetry/install-id.js

@@ -0,0 +1,49 @@
+/**
+ * Anonymous installation identifier.
+ *
+ * A random UUID persisted once at ~/.vaspera/install-id, used only to count
+ * unique installations and active installs in aggregate. It is NOT tied to any
+ * user, machine fingerprint, repo, or source code — it is a random value the
+ * install generates for itself. See TELEMETRY.md.
+ *
+ * @module telemetry/install-id
+ */
+import { randomUUID } from "crypto";
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+const VASPERA_DIR = join(process.env.HOME || homedir() || "/tmp", ".vaspera");
+const INSTALL_ID_PATH = join(VASPERA_DIR, "install-id");
+let cached = null;
+/**
+ * Get (or lazily create) the anonymous install id. Idempotent within a process.
+ * Degrades to an ephemeral id if the filesystem is not writable, in which case
+ * isFirstRun is false so we never repeatedly show the notice or imply a new install.
+ */
+export function getInstallIdentity() {
+    if (cached)
+        return cached;
+    try {
+        if (existsSync(INSTALL_ID_PATH)) {
+            const id = readFileSync(INSTALL_ID_PATH, "utf-8").trim();
+            if (id) {
+                cached = { installId: id, isFirstRun: false };
+                return cached;
+            }
+        }
+        const id = randomUUID();
+        mkdirSync(VASPERA_DIR, { recursive: true });
+        writeFileSync(INSTALL_ID_PATH, id, { mode: 0o600 });
+        cached = { installId: id, isFirstRun: true };
+        return cached;
+    }
+    catch {
+        cached = { installId: randomUUID(), isFirstRun: false };
+        return cached;
+    }
+}
+/** Convenience accessor for just the id. */
+export function getInstallId() {
+    return getInstallIdentity().installId;
+}
+//# sourceMappingURL=install-id.js.map

package/dist/telemetry/install-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-id.js","sourceRoot":"","sources":["../../src/telemetry/install-id.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAE7B,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,EAAE,IAAI,MAAM,EAAE,UAAU,CAAC,CAAC;AAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;AASxD,IAAI,MAAM,GAA2B,IAAI,CAAC;AAE1C;;;;GAIG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YAChC,MAAM,EAAE,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YACzD,IAAI,EAAE,EAAE,CAAC;gBACP,MAAM,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;gBAC9C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QACxB,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,aAAa,CAAC,eAAe,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,MAAM,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;AACH,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,YAAY;IAC1B,OAAO,kBAAkB,EAAE,CAAC,SAAS,CAAC;AACxC,CAAC"}

package/dist/telemetry/usage.d.ts

@@ -1,8 +1,11 @@
 /**
  * Usage Telemetry Module
  *
- * Tracks scan events and usage patterns for analytics and case studies.
- * All telemetry is opt-in and respects user privacy preferences.
+ * Tracks anonymous scan/usage events to measure adoption and improve the
+ * product. Telemetry is OPT-OUT: enabled by default, with a first-run notice,
+ * and disabled by DO_NOT_TRACK, VASPERA_TELEMETRY_DISABLED, or
+ * VASPERA_TELEMETRY_ENABLED=false. It never sends source code or secrets — only
+ * anonymized hashes, versions, and aggregate counts. See TELEMETRY.md.
  *
  * @module telemetry/usage
  */
@@ -24,6 +27,11 @@ export interface TelemetryConfig {
     /** Include user email (requires explicit opt-in) */
     includeUserEmail?: boolean;
 }
+/**
+ * Telemetry is opt-OUT: on by default, disabled by any of the standard or
+ * Vaspera-specific opt-out signals, and never sent from automated test runs.
+ */
+export declare function isTelemetryDisabled(): boolean;
 /**
  * Default telemetry configuration (reads from environment)
  */
@@ -42,6 +50,8 @@ export interface BaseTelemetryEvent {
     timestamp: string;
     /** SHA256 hash of project path (anonymized) */
     projectHash: string;
+    /** Anonymous install id (random UUID; counts unique installs) */
+    installId: string;
     /** Vaspera version */
     vasperaVersion: string;
     /** Platform (darwin, linux, win32) */
@@ -139,6 +149,12 @@ export declare function initTelemetry(config: Partial<TelemetryConfig>): void;
  * Check if telemetry is enabled
  */
 export declare function isTelemetryEnabled(): boolean;
+/**
+ * Print the one-time, opt-out telemetry notice to stderr on the first run of a
+ * new install. stderr only — stdout is the MCP JSON-RPC channel and must not be
+ * polluted. No-op when telemetry is disabled or this is not the first run.
+ */
+export declare function maybeShowTelemetryNotice(): void;
 /**
  * Hash a value for anonymization
  */
@@ -185,6 +201,7 @@ export declare function trackScannerRun(projectPath: string, scanner: string, du
 export declare const telemetry: {
     init: typeof initTelemetry;
     isEnabled: typeof isTelemetryEnabled;
+    showNotice: typeof maybeShowTelemetryNotice;
     track: typeof trackEvent;
     flush: typeof flushEvents;
     shutdown: typeof shutdownTelemetry;

package/dist/telemetry/usage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"usage.d.ts","sourceRoot":"","sources":["../../src/telemetry/usage.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAO9E;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IAEjB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,wDAAwD;IACxD,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,2DAA2D;IAC3D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAUD;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,eAOtC,CAAC;AAMF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,uBAAuB,GACvB,yBAAyB,GACzB,sBAAsB,GACtB,oBAAoB,GACpB,kBAAkB,GAClB,aAAa,GACb,iBAAiB,GACjB,gBAAgB,GAChB,6BAA6B,CAAC;AAElC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB;IACjB,SAAS,EAAE,kBAAkB,CAAC;IAE9B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IAEvB,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IAEjB,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,kBAAkB;IACnE,SAAS,EAAE,uBAAuB,CAAC;IAEnC,yBAAyB;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IAEnB,gCAAgC;IAChC,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,kBAAkB;IACrE,SAAS,EAAE,yBAAyB,CAAC;IAErC,uBAAuB;IACvB,eAAe,EAAE,MAAM,CAAC;IAExB,qBAAqB;IACrB,KAAK,EAAE,kBAAkB,CAAC;IAE1B,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IAEd,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IAEjB,iCAAiC;IACjC,cAAc,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEzC,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IAEtB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,SAAS,EAAE,sBAAsB,CAAC;IAElC,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IAErB,qBAAqB;IACrB,aAAa,EAAE,eAAe,GAAG,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;IAExE,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE,SAAS,EAAE,oBAAoB,CAAC;IAEhC,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IAEjB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAEhB,oBAAoB;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,eAAgB,SAAQ,kBAAkB;IACzD,SAAS,EAAE,aAAa,CAAC;IAEzB,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAEhB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IAEjB,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAC;IAEtB,2BAA2B;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,yBAAyB,GACzB,2BAA2B,GAC3B,wBAAwB,GACxB,sBAAsB,GACtB,eAAe,CAAC;AAgBpB;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAWpE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CAE5C;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAmBD;;GAEG;AACH,wBAAsB,UAAU,CAC9B,KAAK,EAAE,IAAI,CAAC,cAAc,EAAE,MAAM,kBAAkB,CAAC,GAAG;IACtD,SAAS,EAAE,kBAAkB,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;CACrB,GACA,OAAO,CAAC,IAAI,CAAC,CA+Bf;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAuCjD;AAED;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CAQvD;AAMD;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAAE,EAClB,UAAU,EAAE,MAAM,EAAE,EACpB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAQf;AAED;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,MAAM,EACnB,eAAe,EAAE,MAAM,EACvB,KAAK,EAAE,kBAAkB,EACzB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,EACxC,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,EAAE,EACpB,YAAY,CAAC,EAAE;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC,IAAI,CAAC,CAaf;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,wBAAwB,CAAC,eAAe,CAAC,EACxD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAef;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC,CASf;AAMD,eAAO,MAAM,SAAS;;;;;;;;;;;CAWrB,CAAC"}
+{"version":3,"file":"usage.d.ts","sourceRoot":"","sources":["../../src/telemetry/usage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAQ9E;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IAEjB,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,wDAAwD;IACxD,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,2DAA2D;IAC3D,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,oDAAoD;IACpD,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAU7C;AAED;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,eAStC,CAAC;AAMF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAC1B,uBAAuB,GACvB,yBAAyB,GACzB,sBAAsB,GACtB,oBAAoB,GACpB,kBAAkB,GAClB,aAAa,GACb,iBAAiB,GACjB,gBAAgB,GAChB,6BAA6B,CAAC;AAElC;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB;IACjB,SAAS,EAAE,kBAAkB,CAAC;IAE9B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;IAEpB,iEAAiE;IACjE,SAAS,EAAE,MAAM,CAAC;IAElB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IAEvB,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IAEjB,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,yBAA0B,SAAQ,kBAAkB;IACnE,SAAS,EAAE,uBAAuB,CAAC;IAEnC,yBAAyB;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IAEnB,gCAAgC;IAChC,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,kBAAkB;IACrE,SAAS,EAAE,yBAAyB,CAAC;IAErC,uBAAuB;IACvB,eAAe,EAAE,MAAM,CAAC;IAExB,qBAAqB;IACrB,KAAK,EAAE,kBAAkB,CAAC;IAE1B,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IAEd,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IAEjB,iCAAiC;IACjC,cAAc,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEzC,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IAEtB,0BAA0B;IAC1B,UAAU,EAAE,MAAM,EAAE,CAAC;IAErB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAClE,SAAS,EAAE,sBAAsB,CAAC;IAElC,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IAErB,qBAAqB;IACrB,aAAa,EAAE,eAAe,GAAG,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;IAExE,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE,SAAS,EAAE,oBAAoB,CAAC;IAEhC,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IAEjB,qBAAqB;IACrB,QAAQ,EAAE,QAAQ,CAAC;IAEnB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;IAEhB,oBAAoB;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,eAAgB,SAAQ,kBAAkB;IACzD,SAAS,EAAE,aAAa,CAAC;IAEzB,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAEhB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IAEjB,yBAAyB;IACzB,aAAa,EAAE,MAAM,CAAC;IAEtB,2BAA2B;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,yBAAyB,GACzB,2BAA2B,GAC3B,wBAAwB,GACxB,sBAAsB,GACtB,eAAe,CAAC;AAgBpB;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAWpE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CAE5C;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAQ/C;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAoBD;;GAEG;AACH,wBAAsB,UAAU,CAC9B,KAAK,EAAE,IAAI,CAAC,cAAc,EAAE,MAAM,kBAAkB,CAAC,GAAG;IACtD,SAAS,EAAE,kBAAkB,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;CACrB,GACA,OAAO,CAAC,IAAI,CAAC,CA+Bf;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAuCjD;AAED;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CAQvD;AAMD;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAAE,EAClB,UAAU,EAAE,MAAM,EAAE,EACpB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAQf;AAED;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,MAAM,EACnB,eAAe,EAAE,MAAM,EACvB,KAAK,EAAE,kBAAkB,EACzB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,EACxC,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,EAAE,EACpB,YAAY,CAAC,EAAE;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC,IAAI,CAAC,CAaf;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,wBAAwB,CAAC,eAAe,CAAC,EACxD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAef;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,EACf,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC,CASf;AAMD,eAAO,MAAM,SAAS;;;;;;;;;;;;CAYrB,CAAC"}

package/dist/telemetry/usage.js

@@ -1,26 +1,46 @@
 /**
  * Usage Telemetry Module
  *
- * Tracks scan events and usage patterns for analytics and case studies.
- * All telemetry is opt-in and respects user privacy preferences.
+ * Tracks anonymous scan/usage events to measure adoption and improve the
+ * product. Telemetry is OPT-OUT: enabled by default, with a first-run notice,
+ * and disabled by DO_NOT_TRACK, VASPERA_TELEMETRY_DISABLED, or
+ * VASPERA_TELEMETRY_ENABLED=false. It never sends source code or secrets — only
+ * anonymized hashes, versions, and aggregate counts. See TELEMETRY.md.
  *
  * @module telemetry/usage
  */
 import { createHash } from "crypto";
 import { logger } from "../logger.js";
+import { getInstallId, getInstallIdentity } from "./install-id.js";
+function isTruthy(v) {
+    return v === "1" || v === "true";
+}
 /**
- * Check if telemetry is enabled via environment variable
+ * Telemetry is opt-OUT: on by default, disabled by any of the standard or
+ * Vaspera-specific opt-out signals, and never sent from automated test runs.
  */
-function getEnvTelemetryEnabled() {
-    const envValue = process.env.VASPERA_TELEMETRY_ENABLED;
-    return envValue === "true" || envValue === "1";
+export function isTelemetryDisabled() {
+    // DO_NOT_TRACK is the cross-tool standard (https://consoledonottrack.com).
+    if (isTruthy(process.env.DO_NOT_TRACK))
+        return true;
+    if (isTruthy(process.env.VASPERA_TELEMETRY_DISABLED))
+        return true;
+    // An explicit ENABLED=false / 0 also opts out.
+    const enabled = process.env.VASPERA_TELEMETRY_ENABLED;
+    if (enabled === "false" || enabled === "0")
+        return true;
+    // Never emit telemetry from test runs.
+    if (process.env.NODE_ENV === "test" || process.env.VITEST)
+        return true;
+    return false;
 }
 /**
  * Default telemetry configuration (reads from environment)
  */
 export const DEFAULT_TELEMETRY_CONFIG = {
-    enabled: getEnvTelemetryEnabled(),
-    endpoint: process.env.VASPERA_TELEMETRY_ENDPOINT || "https://api.vaspera.dev/telemetry",
+    enabled: !isTelemetryDisabled(),
+    endpoint: process.env.VASPERA_TELEMETRY_ENDPOINT ||
+        "https://vaspera-hardening-mcp.vercel.app/api/telemetry",
     apiKey: process.env.VASPERA_TELEMETRY_API_KEY,
     includeRepoUrl: process.env.VASPERA_TELEMETRY_INCLUDE_REPO === "true",
     includeOrgName: process.env.VASPERA_TELEMETRY_INCLUDE_ORG === "true",
@@ -56,6 +76,20 @@ export function initTelemetry(config) {
 export function isTelemetryEnabled() {
     return currentConfig.enabled;
 }
+/**
+ * Print the one-time, opt-out telemetry notice to stderr on the first run of a
+ * new install. stderr only — stdout is the MCP JSON-RPC channel and must not be
+ * polluted. No-op when telemetry is disabled or this is not the first run.
+ */
+export function maybeShowTelemetryNotice() {
+    if (isTelemetryDisabled())
+        return;
+    if (!getInstallIdentity().isFirstRun)
+        return;
+    process.stderr.write("\nVaspera collects anonymous usage metrics (no source code, no secrets) to improve the product.\n" +
+        "Opt out anytime:  export VASPERA_TELEMETRY_DISABLED=1\n" +
+        "What & why:       https://github.com/RCOLKITT/hardening-mcp/blob/main/TELEMETRY.md\n\n");
+}
 /**
  * Hash a value for anonymization
  */
@@ -70,6 +104,7 @@ function createBaseEvent(eventType, projectPath) {
         eventType,
         timestamp: new Date().toISOString(),
         projectHash: hashValue(projectPath),
+        installId: getInstallId(),
         vasperaVersion: process.env.npm_package_version || "unknown",
         platform: process.platform,
         nodeVersion: process.version,
@@ -240,6 +275,7 @@ export async function trackScannerRun(projectPath, scanner, duration, findingsCo
 export const telemetry = {
     init: initTelemetry,
     isEnabled: isTelemetryEnabled,
+    showNotice: maybeShowTelemetryNotice,
     track: trackEvent,
     flush: flushEvents,
     shutdown: shutdownTelemetry,

package/dist/telemetry/usage.js.map

@@ -1 +1 @@
-{"version":3,"file":"usage.js","sourceRoot":"","sources":["../../src/telemetry/usage.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AA6BtC;;GAEG;AACH,SAAS,sBAAsB;IAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACvD,OAAO,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,GAAG,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAoB;IACvD,OAAO,EAAE,sBAAsB,EAAE;IACjC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,mCAAmC;IACvF,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;IAC7C,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,8BAA8B,KAAK,MAAM;IACrE,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,MAAM;IACpE,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B,KAAK,MAAM;CACzE,CAAC;AAgKF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,WAAW,GAAqB,EAAE,CAAC;AACzC,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAEhC,IAAI,UAAU,GAA0B,IAAI,CAAC;AAC7C,IAAI,aAAa,GAAoB,EAAE,GAAG,wBAAwB,EAAE,CAAC;AAErE;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,MAAgC;IAC5D,aAAa,GAAG,EAAE,GAAG,wBAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE3D,IAAI,aAAa,CAAC,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;QACzC,UAAU,GAAG,WAAW,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;QACpC,OAAO,EAAE,aAAa,CAAC,OAAO;QAC9B,QAAQ,EAAE,aAAa,CAAC,QAAQ;KACjC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,aAAa,CAAC,OAAO,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,SAA6B,EAC7B,WAAmB;IAEnB,OAAO;QACL,SAAS;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,WAAW,EAAE,SAAS,CAAC,WAAW,CAAC;QACnC,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS;QAC5D,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,OAAO;KAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,KAGC;IAED,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO;IACT,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC;IACvC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,EAAoB,CAAC;IAE9D,uCAAuC;IACvC,IAAI,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QAC5D,OAAQ,SAAyC,CAAC,OAAO,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QAC5D,OAAQ,SAAyC,CAAC,OAAO,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,gBAAgB,IAAI,WAAW,IAAI,SAAS,EAAE,CAAC;QAChE,OAAQ,SAAyC,CAAC,SAAS,CAAC;IAC9D,CAAC;IAED,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE5B,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,UAAU,EAAE,WAAW,CAAC,MAAM;KAC/B,CAAC,CAAC;IAEH,0BAA0B;IAC1B,IAAI,WAAW,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;QAC1C,MAAM,WAAW,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,CAAC,aAAa,CAAC,OAAO,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC;IAChC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,IAAI,wBAAwB,CAAC,QAAS,CAAC;QAC9E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,GAAG,CAAC,aAAa,CAAC,MAAM,IAAI;oBAC1B,aAAa,EAAE,UAAU,aAAa,CAAC,MAAM,EAAE;iBAChD,CAAC;aACH;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBACpC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,MAAM,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,kDAAkD;YAClD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;YACnC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAC7D,UAAU,EAAE,MAAM,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,gDAAgD;QAChD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,IAAI,UAAU,EAAE,CAAC;QACf,aAAa,CAAC,UAAU,CAAC,CAAC;QAC1B,UAAU,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;AACrC,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,QAAkB,EAClB,UAAoB,EACpB,UAAmB;IAEnB,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,uBAAuB;QAClC,WAAW;QACX,QAAQ;QACR,UAAU;QACV,UAAU;KAC4C,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,WAAmB,EACnB,eAAuB,EACvB,KAAyB,EACzB,KAAa,EACb,QAAgB,EAChB,cAAwC,EACxC,aAAqB,EACrB,UAAoB,EACpB,YAIC;IAED,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,yBAAyB;QACpC,WAAW;QACX,eAAe;QACf,KAAK;QACL,KAAK;QACL,QAAQ;QACR,cAAc;QACd,aAAa;QACb,UAAU;QACV,GAAG,YAAY;KACyC,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,WAAmB,EACnB,YAAoB,EACpB,aAAwD,EACxD,QAAgB;IAEhB,yDAAyD;IACzD,MAAM,cAAc,GAAG,YAAY;SAChC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC;SAC9B,OAAO,CAAC,iDAAiD,EAAE,SAAS,CAAC;SACrE,OAAO,CAAC,uBAAuB,EAAE,SAAS,CAAC;SAC3C,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEjB,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,sBAAsB;QACjC,WAAW;QACX,YAAY,EAAE,cAAc;QAC5B,aAAa;QACb,QAAQ;KAC6C,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,QAAgB,EAChB,QAAkB,EAClB,OAAe,EACf,MAAe;IAEf,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,oBAAoB;QAC/B,WAAW;QACX,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,MAAM;KAC6C,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,OAAe,EACf,QAAgB,EAChB,aAAqB,EACrB,OAAgB;IAEhB,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,aAAa;QACxB,WAAW;QACX,OAAO;QACP,QAAQ;QACR,aAAa;QACb,OAAO;KACqC,CAAC,CAAC;AAClD,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,IAAI,EAAE,aAAa;IACnB,SAAS,EAAE,kBAAkB;IAC7B,KAAK,EAAE,UAAU;IACjB,KAAK,EAAE,WAAW;IAClB,QAAQ,EAAE,iBAAiB;IAC3B,yBAAyB;IACzB,2BAA2B;IAC3B,wBAAwB;IACxB,sBAAsB;IACtB,eAAe;CAChB,CAAC"}
+{"version":3,"file":"usage.js","sourceRoot":"","sources":["../../src/telemetry/usage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AA6BnE,SAAS,QAAQ,CAAC,CAAU;IAC1B,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,MAAM,CAAC;AACnC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,2EAA2E;IAC3E,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,+CAA+C;IAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACtD,IAAI,OAAO,KAAK,OAAO,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxD,uCAAuC;IACvC,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACvE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAoB;IACvD,OAAO,EAAE,CAAC,mBAAmB,EAAE;IAC/B,QAAQ,EACN,OAAO,CAAC,GAAG,CAAC,0BAA0B;QACtC,wDAAwD;IAC1D,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;IAC7C,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,8BAA8B,KAAK,MAAM;IACrE,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,MAAM;IACpE,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B,KAAK,MAAM;CACzE,CAAC;AAmKF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,WAAW,GAAqB,EAAE,CAAC;AACzC,MAAM,eAAe,GAAG,GAAG,CAAC;AAC5B,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAEhC,IAAI,UAAU,GAA0B,IAAI,CAAC;AAC7C,IAAI,aAAa,GAAoB,EAAE,GAAG,wBAAwB,EAAE,CAAC;AAErE;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,MAAgC;IAC5D,aAAa,GAAG,EAAE,GAAG,wBAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IAE3D,IAAI,aAAa,CAAC,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;QACzC,UAAU,GAAG,WAAW,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE;QACpC,OAAO,EAAE,aAAa,CAAC,OAAO;QAC9B,QAAQ,EAAE,aAAa,CAAC,QAAQ;KACjC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,aAAa,CAAC,OAAO,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,mBAAmB,EAAE;QAAE,OAAO;IAClC,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU;QAAE,OAAO;IAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mGAAmG;QACjG,yDAAyD;QACzD,wFAAwF,CAC3F,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,SAA6B,EAC7B,WAAmB;IAEnB,OAAO;QACL,SAAS;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,WAAW,EAAE,SAAS,CAAC,WAAW,CAAC;QACnC,SAAS,EAAE,YAAY,EAAE;QACzB,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,SAAS;QAC5D,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,OAAO;KAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,KAGC;IAED,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO;IACT,CAAC;IAED,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC;IACvC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,EAAE,GAAG,SAAS,EAAE,GAAG,IAAI,EAAoB,CAAC;IAE9D,uCAAuC;IACvC,IAAI,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QAC5D,OAAQ,SAAyC,CAAC,OAAO,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QAC5D,OAAQ,SAAyC,CAAC,OAAO,CAAC;IAC5D,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,gBAAgB,IAAI,WAAW,IAAI,SAAS,EAAE,CAAC;QAChE,OAAQ,SAAyC,CAAC,SAAS,CAAC;IAC9D,CAAC;IAED,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE5B,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,UAAU,EAAE,WAAW,CAAC,MAAM;KAC/B,CAAC,CAAC;IAEH,0BAA0B;IAC1B,IAAI,WAAW,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;QAC1C,MAAM,WAAW,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,CAAC,aAAa,CAAC,OAAO,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC;IAChC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,IAAI,wBAAwB,CAAC,QAAS,CAAC;QAC9E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,GAAG,CAAC,aAAa,CAAC,MAAM,IAAI;oBAC1B,aAAa,EAAE,UAAU,aAAa,CAAC,MAAM,EAAE;iBAChD,CAAC;aACH;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;gBACpC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,MAAM,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,kDAAkD;YAClD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;YACnC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;YAC7D,UAAU,EAAE,MAAM,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,gDAAgD;QAChD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,IAAI,UAAU,EAAE,CAAC;QACf,aAAa,CAAC,UAAU,CAAC,CAAC;QAC1B,UAAU,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;AACrC,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,WAAmB,EACnB,QAAkB,EAClB,UAAoB,EACpB,UAAmB;IAEnB,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,uBAAuB;QAClC,WAAW;QACX,QAAQ;QACR,UAAU;QACV,UAAU;KAC4C,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,WAAmB,EACnB,eAAuB,EACvB,KAAyB,EACzB,KAAa,EACb,QAAgB,EAChB,cAAwC,EACxC,aAAqB,EACrB,UAAoB,EACpB,YAIC;IAED,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,yBAAyB;QACpC,WAAW;QACX,eAAe;QACf,KAAK;QACL,KAAK;QACL,QAAQ;QACR,cAAc;QACd,aAAa;QACb,UAAU;QACV,GAAG,YAAY;KACyC,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,WAAmB,EACnB,YAAoB,EACpB,aAAwD,EACxD,QAAgB;IAEhB,yDAAyD;IACzD,MAAM,cAAc,GAAG,YAAY;SAChC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC;SAC9B,OAAO,CAAC,iDAAiD,EAAE,SAAS,CAAC;SACrE,OAAO,CAAC,uBAAuB,EAAE,SAAS,CAAC;SAC3C,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEjB,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,sBAAsB;QACjC,WAAW;QACX,YAAY,EAAE,cAAc;QAC5B,aAAa;QACb,QAAQ;KAC6C,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,QAAgB,EAChB,QAAkB,EAClB,OAAe,EACf,MAAe;IAEf,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,oBAAoB;QAC/B,WAAW;QACX,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,MAAM;KAC6C,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,OAAe,EACf,QAAgB,EAChB,aAAqB,EACrB,OAAgB;IAEhB,MAAM,UAAU,CAAC;QACf,SAAS,EAAE,aAAa;QACxB,WAAW;QACX,OAAO;QACP,QAAQ;QACR,aAAa;QACb,OAAO;KACqC,CAAC,CAAC;AAClD,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,IAAI,EAAE,aAAa;IACnB,SAAS,EAAE,kBAAkB;IAC7B,UAAU,EAAE,wBAAwB;IACpC,KAAK,EAAE,UAAU;IACjB,KAAK,EAAE,WAAW;IAClB,QAAQ,EAAE,iBAAiB;IAC3B,yBAAyB;IACzB,2BAA2B;IAC3B,wBAAwB;IACxB,sBAAsB;IACtB,eAAe;CAChB,CAAC"}

package/dist/tool-guard.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Tool registration guard.
+ *
+ * Enforces CONSTITUTION rule 3 — "every project_path input goes through
+ * validateProjectPath()" — by construction rather than by convention:
+ * once applied, ANY registered tool whose arguments include a string
+ * `project_path` has it validated and canonicalised before the handler
+ * runs, so individual handlers cannot forget the check. Handlers always
+ * receive a resolved, existing directory path.
+ *
+ * @module tool-guard
+ */
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export interface ProjectPathGuardOptions {
+    /**
+     * When set, every project_path must resolve inside this directory
+     * (symlinks included). Wire to VASPERA_PATH_BOUNDARY for deployments
+     * that should never scan outside a workspace root.
+     */
+    basePath?: string;
+}
+type ToolHandler = (...handlerArgs: unknown[]) => unknown;
+export interface ToolAnnotationsSummary {
+    readOnlyHint?: boolean;
+    destructiveHint?: boolean;
+}
+/**
+ * Registry of every registered tool's annotations, populated as tools
+ * are registered. The HTTP transport uses it to decide which tools may
+ * be invoked remotely (read-only by default).
+ */
+export declare const toolAnnotations: Map<string, ToolAnnotationsSummary>;
+/** Minimal structural view of McpServer used by the guard (method syntax
+ * keeps it bivariant so both real and fake servers are accepted). */
+export interface ToolRegistrar {
+    registerTool(name: string, config: unknown, handler: ToolHandler): unknown;
+}
+export declare function applyProjectPathGuard(server: McpServer | ToolRegistrar, options?: ProjectPathGuardOptions): void;
+export {};
+//# sourceMappingURL=tool-guard.d.ts.map

package/dist/tool-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-guard.d.ts","sourceRoot":"","sources":["../src/tool-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAGzE,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,KAAK,WAAW,GAAG,CAAC,GAAG,WAAW,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;AAE1D,MAAM,WAAW,sBAAsB;IACrC,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;;;GAIG;AACH,eAAO,MAAM,eAAe,qCAA4C,CAAC;AAEzE;qEACqE;AACrE,MAAM,WAAW,aAAa;IAC5B,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC;CAC5E;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,SAAS,GAAG,aAAa,EACjC,OAAO,GAAE,uBAA4B,GACpC,IAAI,CAwCN"}

package/dist/tool-guard.js

@@ -0,0 +1,55 @@
+/**
+ * Tool registration guard.
+ *
+ * Enforces CONSTITUTION rule 3 — "every project_path input goes through
+ * validateProjectPath()" — by construction rather than by convention:
+ * once applied, ANY registered tool whose arguments include a string
+ * `project_path` has it validated and canonicalised before the handler
+ * runs, so individual handlers cannot forget the check. Handlers always
+ * receive a resolved, existing directory path.
+ *
+ * @module tool-guard
+ */
+import { validateProjectPath, PathValidationError } from "./util/paths.js";
+/**
+ * Registry of every registered tool's annotations, populated as tools
+ * are registered. The HTTP transport uses it to decide which tools may
+ * be invoked remotely (read-only by default).
+ */
+export const toolAnnotations = new Map();
+export function applyProjectPathGuard(server, options = {}) {
+    const registrar = server;
+    const original = registrar.registerTool.bind(registrar);
+    const patched = (name, config, handler) => {
+        const annotations = config
+            ?.annotations;
+        toolAnnotations.set(name, {
+            readOnlyHint: annotations?.readOnlyHint,
+            destructiveHint: annotations?.destructiveHint,
+        });
+        const guarded = async (first, ...rest) => {
+            if (first &&
+                typeof first === "object" &&
+                typeof first.project_path === "string") {
+                const args = first;
+                try {
+                    const validated = await validateProjectPath(args.project_path, options.basePath ? { basePath: options.basePath } : {});
+                    first = { ...args, project_path: validated };
+                }
+                catch (error) {
+                    if (error instanceof PathValidationError) {
+                        return {
+                            content: [{ type: "text", text: `Error: ${error.message}` }],
+                            isError: true,
+                        };
+                    }
+                    throw error;
+                }
+            }
+            return handler(first, ...rest);
+        };
+        return original(name, config, guarded);
+    };
+    registrar.registerTool = patched;
+}
+//# sourceMappingURL=tool-guard.js.map

package/dist/tool-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-guard.js","sourceRoot":"","sources":["../src/tool-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAkB3E;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkC,CAAC;AAQzE,MAAM,UAAU,qBAAqB,CACnC,MAAiC,EACjC,UAAmC,EAAE;IAErC,MAAM,SAAS,GAAG,MAAuB,CAAC;IAC1C,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAExD,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,MAAe,EAAE,OAAoB,EAAE,EAAE;QACtE,MAAM,WAAW,GAAI,MAA0D;YAC7E,EAAE,WAAW,CAAC;QAChB,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE;YACxB,YAAY,EAAE,WAAW,EAAE,YAAY;YACvC,eAAe,EAAE,WAAW,EAAE,eAAe;SAC9C,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,EAAE,KAAc,EAAE,GAAG,IAAe,EAAE,EAAE;YAC3D,IACE,KAAK;gBACL,OAAO,KAAK,KAAK,QAAQ;gBACzB,OAAQ,KAAiC,CAAC,YAAY,KAAK,QAAQ,EACnE,CAAC;gBACD,MAAM,IAAI,GAAG,KAAgC,CAAC;gBAC9C,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,MAAM,mBAAmB,CACzC,IAAI,CAAC,YAAsB,EAC3B,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CACvD,CAAC;oBACF,KAAK,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;gBAC/C,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,IAAI,KAAK,YAAY,mBAAmB,EAAE,CAAC;wBACzC,OAAO;4BACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;4BACrE,OAAO,EAAE,IAAI;yBACd,CAAC;oBACJ,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAsB,CAAC,CAAC;IACxD,CAAC,CAAC;IAED,SAAuC,CAAC,YAAY,GAAG,OAAO,CAAC;AAClE,CAAC"}

package/dist/util/index.d.ts

@@ -5,8 +5,9 @@
  *
  * @module util
  */
-export { validateProjectPath, validateFilePath, isPathSafe, sanitizePathForLogging, PathValidationError, type ValidatePathOptions, } from "./paths.js";
+export { validateProjectPath, validateFilePath, isPathSafe, resolveContainedFile, sanitizePathForLogging, PathValidationError, type ValidatePathOptions, } from "./paths.js";
 export { parseJson, tryParseJson, parseJsonOrDefault, isValidJson, safeStringify, JsonParseError, type ParseJsonOptions, } from "./json.js";
 export { withRetry, withRetryAndCircuitBreaker, createRetryWrapper, classifyError, CircuitBreaker, RetryError, CircuitOpenError, type RetryOptions, type CircuitBreakerOptions, type ErrorType, type CircuitState, } from "./retry.js";
+export { runCommand, probeBinary, CommandError, type RunCommandOptions, type RunCommandResult, } from "./subprocess.js";
 export { PromiseQueue, runConcurrent, runConcurrentValues, mapConcurrent, throttle, batchConcurrent, getConcurrencyLevel, DEFAULT_CONCURRENCY, type QueueOptions, type QueueTask, type TaskResult, type QueueStats, } from "./concurrency.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/util/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/util/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,mBAAmB,EACnB,KAAK,mBAAmB,GACzB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,WAAW,EACX,aAAa,EACb,cAAc,EACd,KAAK,gBAAgB,GACtB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,SAAS,EACT,0BAA0B,EAC1B,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,SAAS,EACd,KAAK,YAAY,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,YAAY,EACZ,aAAa,EACb,mBAAmB,EACnB,aAAa,EACb,QAAQ,EACR,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/util/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,EACnB,KAAK,mBAAmB,GACzB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,WAAW,EACX,aAAa,EACb,cAAc,EACd,KAAK,gBAAgB,GACtB,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,SAAS,EACT,0BAA0B,EAC1B,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,SAAS,EACd,KAAK,YAAY,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,UAAU,EACV,WAAW,EACX,YAAY,EACZ,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,GACtB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,YAAY,EACZ,aAAa,EACb,mBAAmB,EACnB,aAAa,EACb,QAAQ,EACR,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC"}

package/dist/util/index.js

@@ -5,8 +5,9 @@
  *
  * @module util
  */
-export { validateProjectPath, validateFilePath, isPathSafe, sanitizePathForLogging, PathValidationError, } from "./paths.js";
+export { validateProjectPath, validateFilePath, isPathSafe, resolveContainedFile, sanitizePathForLogging, PathValidationError, } from "./paths.js";
 export { parseJson, tryParseJson, parseJsonOrDefault, isValidJson, safeStringify, JsonParseError, } from "./json.js";
 export { withRetry, withRetryAndCircuitBreaker, createRetryWrapper, classifyError, CircuitBreaker, RetryError, CircuitOpenError, } from "./retry.js";
+export { runCommand, probeBinary, CommandError, } from "./subprocess.js";
 export { PromiseQueue, runConcurrent, runConcurrentValues, mapConcurrent, throttle, batchConcurrent, getConcurrencyLevel, DEFAULT_CONCURRENCY, } from "./concurrency.js";
 //# sourceMappingURL=index.js.map

package/dist/util/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/util/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,mBAAmB,GAEpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,WAAW,EACX,aAAa,EACb,cAAc,GAEf,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,SAAS,EACT,0BAA0B,EAC1B,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,GAKjB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,YAAY,EACZ,aAAa,EACb,mBAAmB,EACnB,aAAa,EACb,QAAQ,EACR,eAAe,EACf,mBAAmB,EACnB,mBAAmB,GAKpB,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/util/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,UAAU,EACV,oBAAoB,EACpB,sBAAsB,EACtB,mBAAmB,GAEpB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,WAAW,EACX,aAAa,EACb,cAAc,GAEf,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,SAAS,EACT,0BAA0B,EAC1B,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,GAKjB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,UAAU,EACV,WAAW,EACX,YAAY,GAGb,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,YAAY,EACZ,aAAa,EACb,mBAAmB,EACnB,aAAa,EACb,QAAQ,EACR,eAAe,EACf,mBAAmB,EACnB,mBAAmB,GAKpB,MAAM,kBAAkB,CAAC"}