stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/scanner/design/deno-analyzer-scope.md
StellaOps Bot 108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
sm-remote-ci / build-and-test (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
up
2025-12-09 09:38:09 +02:00

2.0 KiB
Raw Blame History

Deno Analyzer Scope Note (2025-12-09)

Goals

  • Define deterministic, offline-friendly scope for the Deno analyzer to move readiness from “status mismatch” to planned execution.
  • Enumerate fixtures and evidence needed to mark Amber→Green once implemented.

Inputs

  • deno.json / deno.jsonc (config and import maps).
  • deno.lock (v2) with integrity hashes.
  • Source tree for import/export graph; node_modules/ when npm: specifiers are used (npm compatibility mode).
  • Optional: cache dir (~/.cache/deno) when present in extracted images.

Outputs

  • Inventory of modules:
    • pkg:deno/<specifier>@<version> for remote modules (normalize to URL without fragment).
    • pkg:npm/<name>@<version> for npm: dependencies with lock hash.
    • pkg:file/<path> for local modules (relative POSIX paths).
  • Dependency edges:
    • From importer to imported specifier with resolved path/URL.
    • Include type (remote/local/npm), integrity (sha256 from lock), and media type when available.
  • Metadata:
    • Deno version (from lock/config if present).
    • Import map path and hash.
    • NPM compatibility flag + resolved registry scope when npm used.

Determinism & Offline

  • Never fetch network resources; rely solely on deno.lock + on-disk files.
  • Normalize paths to POSIX; stable sorting (source path, then target).
  • Hashes: prefer lock integrity; otherwise SHA-256 over file bytes for local modules.

Fixtures / Backlog

  1. Remote-only project with deno.lock (http imports) and import map.
  2. Mixed project using npm: specifiers with node_modules/ present.
  3. Local-only project (relative imports) without lockfile → expect finding + no inventory.
  4. Image/extracted cache with populated ~/.cache/deno to verify offline reuse.

Status & Next Steps

  • Implement parser to ingest deno.lock v2 and import map; add graph builder over source files.
  • Add fixtures under src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Deno.Tests/Fixtures/** with goldens; keep hashes stable.
  • Update readiness checkpoints once fixtures land and TRX/binlogs captured.