SASVA™ - Generative and Deterministic AI Platform by Persistent Systems

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

  // ../../main/llm/llms/Mistral.ts
  var _Mistral, Mistral2, Mistral_default;
  var init_Mistral = __esm({
    "../../main/llm/llms/Mistral.ts"() {
      "use strict";
      init_importMetaUrl();
      init_codestral();
      init_OpenAI2();
      _Mistral = class extends OpenAI_default {
        async autodetectApiKeyType() {
▶         const mistralResp = await fetch("https://api.mistral.ai/v1/models", {
            method: "GET",
            headers: this._getHeaders()
          });
          if (mistralResp.status === 401) {
            return "codestral";
          }
          return "mistral";
        }
        constructor(options) {
          super(options);

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

        expiration: 0,
        token: ""
      };
      WatsonX = class extends BaseLLM {
        constructor(options) {
          super(options);
        }
        async getBearerToken() {
          if (this.apiBase?.includes("cloud.ibm.com")) {
            const wxToken = await (await this.fetch(
▶             `https://iam.cloud.ibm.com/identity/token?apikey=${this.apiKey}&grant_type=urn:ibm:params:oauth:grant-type:apikey`,
              {
                method: "POST",
                headers: {
                  "Content-Type": "application/x-www-form-urlencoded",
                  Accept: "application/json"
                }
              }
            )).json();
            return {
              token: wxToken["access_token"],

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

  var DeepInfra, DeepInfra_default;
  var init_DeepInfra = __esm({
    "../../main/llm/llms/DeepInfra.ts"() {
      "use strict";
      init_importMetaUrl();
      init_OpenAI2();
      DeepInfra = class extends OpenAI_default {
        maxStopWords = 16;
        async _embed(chunks) {
          const resp = await this.fetch(
▶           `https://api.deepinfra.com/v1/inference/${this.model}`,
            {
              method: "POST",
              headers: {
                Authorization: `bearer ${this.apiKey}`
              },
              body: JSON.stringify({ inputs: chunks })
            }
          );
          const data3 = await resp.json();
          return data3.embeddings;

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

        constructor(config) {
          this.config = config;
          this.apiBase = config.apiBase ?? this.apiBase;
          this.openai = new OpenAI({
            apiKey: config.apiKey,
            baseURL: this.apiBase,
            fetch: customFetch(config.requestOptions)
          });
        }
        modifyChatBody(body2) {
▶         const isOfficialOpenAIAPI = this.apiBase === "https://api.openai.com/v1/";
          if (isOfficialOpenAIAPI) {
            if (body2.model.startsWith("o")) {
              body2.max_completion_tokens = body2.max_tokens;
              body2.max_tokens = void 0;
              body2.messages = body2.messages.map((message) => {
                if (message.role === "system") {
                  return { ...message, role: "developer" };
                }
                return message;
              });

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

     - \`fs.exists(path)\` - Check if file/directory exists
  
  4. **Console:**
     - \`console.log(...)\` - Output captured and returned
  
  5. **Standard JS:** Array, Object, JSON, String, Math, Date, Promise
  
  **Example 1: Search web and create file in project**
  \`\`\`javascript
  // Call MCP server to fetch web content
▶ await mcp.Web_Navigation.browser_navigate({ url: 'https://react.dev/learn' });
  const snapshot = await mcp.Web_Navigation.browser_snapshot();
  
  // Process the data locally (reduces tokens!)
  const summary = \`# React Best Practices\\n\\n\${snapshot.text.slice(0, 2000)}\`;
  
  // Write directly to user's PROJECT (not ~/.sasva/)
  await project.writeFile('REACT_BEST_PRACTICES.md', summary);
  
  console.log('Created REACT_BEST_PRACTICES.md in project!');
  \`\`\`

`{file_path}` issues an HTTP call to `{url}`. Confirm this is a documented integration; outbound calls to arbitrary hosts widen the extension's trust surface.

                  repository: repoName
                }
              ],
              sessionId: extras.config.userToken || "default-session",
              stream: false,
              genius: true
            })
          };
          try {
            const response = await extras.fetch(
▶             "https://api.greptile.com/v2/query",
              options
            );
            const rawText = await response.text();
            if (!response.ok) {
              throw new Error(`HTTP error! status: ${response.status}`);
            }
            const json = JSON.parse(rawText);
            return json.sources.map((source) => ({
              description: source.filepath,
              content: `File: ${source.filepath}

`{file_path}` enumerates the entire process.env object rather than reading a specific variable. Common precursor to exfiltrating GITHUB_TOKEN, AWS_*, and similar credentials.

            208,
            209,
            214,
            215,
            220,
            221
          ];
        }
      } catch (error2) {
      }
▶     exports2.inspectOpts = Object.keys(process.env).filter((key) => {
        return /^debug_/i.test(key);
      }).reduce((obj, key) => {
        const prop2 = key.substring(6).toLowerCase().replace(/_([a-z])/g, (_4, k4) => {
          return k4.toUpperCase();
        });
        let val2 = process.env[key];
        if (/^(yes|on|true|enabled)$/i.test(val2)) {
          val2 = true;
        } else if (/^(no|off|false|disabled)$/i.test(val2)) {
          val2 = false;

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

out/node_modules/@lancedb/vectordb-linux-x64-gnu/index.node  (103,144,712 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

out/node_modules/@lancedb/vectordb-darwin-x64/index.node  (93,134,796 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

bin/napi-v3/linux/arm64/onnxruntime_binding.node  (266,232 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

bin/napi-v3/linux/x64/onnxruntime_binding.node  (278,560 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

out/node_modules/@lancedb/vectordb-linux-arm64-gnu/index.node  (91,012,296 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

bin/napi-v3/win32/x64/onnxruntime_binding.node  (215,448 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

bin/napi-v3/win32/arm64/onnxruntime.dll  (9,301,912 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

out/node_modules/@vscode/ripgrep/bin/rg.exe  (4,667,904 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

bin/napi-v3/win32/arm64/onnxruntime_binding.node  (281,520 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

out/node_modules/@lancedb/vectordb-win32-x64-msvc/index.node  (108,157,952 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

bin/napi-v3/win32/x64/onnxruntime.dll  (9,271,704 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

bin/napi-v3/win32/x64/onnxruntime_providers_shared.dll  (22,432 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

bin/napi-v3/win32/arm64/onnxruntime_providers_shared.dll  (20,888 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

out/node_modules/@esbuild/win32-x64/esbuild.exe  (9,303,552 bytes)

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  var zlib = require("zlib");
  var https = require("https");
  var child_process = require("child_process");
  var versionFromPackageJSON = require(path2.join(__dirname, "package.json")).version;
  var toPath = path2.join(__dirname, "bin", "esbuild");
  var isToPathJS = true;
  function validateBinaryVersion(...command) {
    command.push("--version");
    let stdout;
    try {
▶     stdout = child_process.execFileSync(command.shift(), command, {
        // Without this, this install script strangely crashes with the error
        // "EACCES: permission denied, write" but only on Ubuntu Linux when node is
        // installed from the Snap Store. This is not a problem when you download
        // the official version of node. The problem appears to be that stderr
        // (i.e. file descriptor 2) isn't writable?
        //
        // More info:
        // - https://snapcraft.io/ (what the Snap Store is)
        // - https://nodejs.org/dist/ (download the official version of node)
        // - https://github.com/evanw/esbuild/issues/1711#issuecomment-1027554035

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

out/node_modules/@lancedb/vectordb-darwin-arm64/index.node  (85,547,632 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

bin/napi-v3/darwin/arm64/libonnxruntime.1.14.0.dylib  (21,163,400 bytes)

`{file_path}` is a platform-specific binary ({size_bytes:,} bytes). Confirm it matches what the publisher claims (language server, debugger, etc.) rather than an unexplained executable.

bin/napi-v3/darwin/x64/libonnxruntime.1.14.0.dylib  (23,843,048 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

bin/napi-v3/darwin/arm64/onnxruntime_binding.node  (187,269 bytes)

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

bin/napi-v3/darwin/x64/onnxruntime_binding.node  (171,840 bytes)

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

  // ../../main/node_modules/cross-spawn/index.js
  var require_cross_spawn = __commonJS({
    "../../main/node_modules/cross-spawn/index.js"(exports2, module2) {
      "use strict";
      init_importMetaUrl();
      var cp = require("child_process");
      var parse29 = require_parse4();
      var enoent = require_enoent();
      function spawn5(command2, args2, options) {
        const parsed = parse29(command2, args2, options);
▶       const spawned = cp.spawn(parsed.command, parsed.args, parsed.options);
        enoent.hookChildProcess(spawned, parsed);
        return spawned;
      }
      function spawnSync(command2, args2, options) {
        const parsed = parse29(command2, args2, options);
        const result2 = cp.spawnSync(parsed.command, parsed.args, parsed.options);
        result2.error = result2.error || enoent.verifyENOENTSync(result2.status, parsed);
        return result2;
      }
      module2.exports = spawn5;

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

   * Handle whitespace in filepath as powershell splits path with whitespaces
   * @param {string} path
   */
  function sanitizePathForPowershell(path) {
      path = path.replace(/ /g, '` '); // replace whitespace with "` " as solution provided here https://stackoverflow.com/a/18537344/7374562
      return path;
  }
  
  function untar(zipPath, destinationDir) {
      return new Promise((resolve, reject) => {
▶         const unzipProc = child_process.spawn('tar', ['xvf', zipPath, '-C', destinationDir], { stdio: 'inherit' });
          unzipProc.on('error', err => {
              reject(err);
          });
          unzipProc.on('close', code => {
              console.log(`tar xvf exited with ${code}`);
              if (code !== 0) {
                  reject(new Error(`tar xvf exited with ${code}`));
                  return;
              }
  

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

    ensureServiceIsRunning();
    initializeWasCalled = true;
    return Promise.resolve();
  };
  var defaultWD = process.cwd();
  var longLivedService;
  var ensureServiceIsRunning = () => {
    if (longLivedService)
      return longLivedService;
    let [command, args] = esbuildCommandAndArgs();
▶   let child = child_process.spawn(command, args.concat(`--service=${"0.17.19"}`, "--ping"), {
      windowsHide: true,
      stdio: ["pipe", "pipe", "inherit"],
      cwd: defaultWD
    });
    let { readFromStdout, afterClose, service } = createChannel({
      writeToStdin(bytes) {
        child.stdin.write(bytes, (err) => {
          if (err)
            afterClose(err);
        });

▶ line 110424:         "chars": "\x80\x81\xE9\xE2\x84\xE0\x86\xE7\xEA\xEB\xE8\xEF\xEE\x8D\x8E\x8F\x90\u0651\u0652\xF4\xA4\u0640\xFB\xF9\u0621\u0622\u0623\u0624\xA3\u0625\u0626\u0627\u0628\u0629\u062A\u062B\u062C\u062D\u062E\u062F\u0630\u0631\u0632\u0633\u0634\u0635\xAB\xBB\u2591\u2592\u2593\u2502\u2524\u2561\u2562\u2556\u2555\u2563\u2551\u2557\u255D\u255C\u255B\u2510\u2514\u2534\u252C\u251C\u2500\u253C\u255E\u255F\u255A\u2554\u25…

`{file_path}` is a compiled Node addon ({size_bytes:,} bytes). Native addons run outside the V8 sandbox with arbitrary OS API access and need manual review.

out/build/Release/node_sqlite3.node  (2,059,232 bytes)

`{file_path}` references `{vendor}`. Telemetry isn't malicious on its own; flagged so reviewers know what data leaves the user's machine.

▶ line 523: …tion(s){t.push(s)}))})),t};function J3(t){for(var e=Object.keys(t),n=e.length,r=new Array(n);n--;)r[n]=[e[n],t[e[n]]];return r}var vj=function(t){try{return t()}catch{return}},t9e=function(t){return function(){try{for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return t.apply(this,n)}catch(i){Jt.critical("Implementation error. Please turn on debug mode and open a ticket on https://app.posthog.com/home#panel=support%3Asupport%3A."),Jt.critical(i)}}},WM=function(t){var e={};return Xr(t,(function(n,r){(rs(n)&&n.length>0||wc(n))&&(e[r]=n)})),e};function n9e(t,e){return n=t,r=s=>rs(s)&&!Fu(e)?s.slice(0,e):s,i=new Set,(function s(o,a){return o!==Object(o)?r?r(o,a):o:i.has(o)?void 0:(i.add(o),si(o)?(l=[],Fd(o,(c=>{l.push(s(c))}))):(l={},Xr(o,((c,u)=>{i.has(c)||(l[u]=s(c,u)…

`{file_path}` references `{vendor}`. Telemetry isn't malicious on its own; flagged so reviewers know what data leaves the user's machine.

▶ line 523: …tion(s){t.push(s)}))})),t};function J3(t){for(var e=Object.keys(t),n=e.length,r=new Array(n);n--;)r[n]=[e[n],t[e[n]]];return r}var vj=function(t){try{return t()}catch{return}},t9e=function(t){return function(){try{for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return t.apply(this,n)}catch(i){Jt.critical("Implementation error. Please turn on debug mode and open a ticket on https://app.posthog.com/home#panel=support%3Asupport%3A."),Jt.critical(i)}}},WM=function(t){var e={};return Xr(t,(function(n,r){(rs(n)&&n.length>0||wc(n))&&(e[r]=n)})),e};function n9e(t,e){return n=t,r=s=>rs(s)&&!Fu(e)?s.slice(0,e):s,i=new Set,(function s(o,a){return o!==Object(o)?r?r(o,a):o:i.has(o)?void 0:(i.add(o),si(o)?(l=[],Fd(o,(c=>{l.push(s(c))}))):(l={},Xr(o,((c,u)=>{i.has(c)||(l[u]=s(c,u)…

`{file_path}` references `{vendor}`. Telemetry isn't malicious on its own; flagged so reviewers know what data leaves the user's machine.

▶ line 523: …}):void 0}))),y={$exception_message:((c=p[0])==null?void 0:c.value)||a.message,$exception_type:(u=p[0])==null?void 0:u.type,$exception_level:a.level,$exception_list:m,$sentry_event_id:a.event_id,$sentry_exception:a.exception,$sentry_exception_message:((d=p[0])==null?void 0:d.value)||a.message,$sentry_exception_type:(f=p[0])==null?void 0:f.type,$sentry_tags:a.tags};return n&&r&&(y.$sentry_url=(i||"https://sentry.io/organizations/")+n+"/issues/?project="+r+"&query="+a.event_id),o&&t.exceptions.sendExceptionEvent(y),a}}class O9e{constructor(e,n,r,i,s,o){this.name=ine,this.setupOnce=function(a){a(sne(e,{organization:n,projectId:r,prefix:i,severityAllowList:s,sendExceptionsToPostHog:o==null||o}))}}}var N9e=Ye!=null&&Ye.location?e4(Ye.location.hash,"__posthog")||e4(location.hash,"state"):null,Oj…

`{file_path}` references `{vendor}`. Telemetry isn't malicious on its own; flagged so reviewers know what data leaves the user's machine.

        /** @class */
        function() {
          function PostHogCoreStateless2(apiKey, options) {
            var _a8, _b2, _c2, _d, _e2;
            this.debugMode = false;
            this.disableGeoip = true;
            this.pendingPromises = {};
            this._events = new SimpleEventEmitter();
            assert4(apiKey, "You must pass your PostHog project's api key.");
            this.apiKey = apiKey;
▶           this.host = removeTrailingSlash((options === null || options === void 0 ? void 0 : options.host) || "https://app.posthog.com");
            this.flushAt = (options === null || options === void 0 ? void 0 : options.flushAt) ? Math.max(options === null || options === void 0 ? void 0 : options.flushAt, 1) : 20;
            this.flushInterval = (_a8 = options === null || options === void 0 ? void 0 : options.flushInterval) !== null && _a8 !== void 0 ? _a8 : 1e4;
            this.captureMode = (options === null || options === void 0 ? void 0 : options.captureMode) || "form";
            this._optoutOverride = (options === null || options === void 0 ? void 0 : options.enable) === false;
            this._retryOptions = {
              retryCount: (_b2 = options === null || options === void 0 ? void 0 : options.fetchRetryCount) !== null && _b2 !== void 0 ? _b2 : 3,
              retryDelay: (_c2 = options === null || options === void 0 ? void 0 : options.fetchRetryDelay) !== null && _c2 !== void 0 ? _c2 : 3e3,
              retryCheck: isPostHogFetchError
            };
            this.requestTimeout = (_d = options === null || options === void 0 ? void 0 : options.requestTimeout) !== null && _d !== void 0 ? _d : 1e4;

`{file_path}` references `{vendor}`. Telemetry isn't malicious on its own; flagged so reviewers know what data leaves the user's machine.

                $exception_personURL: event.tags["PostHog Person URL"],
                // Sentry Exception Properties
                $sentry_event_id: event.event_id,
                $sentry_exception: event.exception,
                $sentry_exception_message: (_d = event.exception.values[0]) === null || _d === void 0 ? void 0 : _d.value,
                $sentry_exception_type: (_e2 = event.exception.values[0]) === null || _e2 === void 0 ? void 0 : _e2.type,
                $sentry_tags: event.tags
              };
              var projectId = (_g = (_f = sentry.getClient()) === null || _f === void 0 ? void 0 : _f.getDsn()) === null || _g === void 0 ? void 0 : _g.projectId;
              if (_this.organization !== void 0 && projectId !== void 0 && event.event_id !== void 0) {
▶               properties.$sentry_url = "".concat((_h = _this.prefix) !== null && _h !== void 0 ? _h : "https://sentry.io/organizations", "/").concat(_this.organization, "/issues/?project=").concat(projectId, "&query=").concat(event.event_id);
              }
              _this.posthog.capture({
                event: "$exception",
                distinctId: userId,
                properties
              });
              return event;
            });
          };
          PostHogSentryIntegration2.POSTHOG_ID_TAG = "posthog_distinct_id";

`{file_path}` references `{vendor}`. Telemetry isn't malicious on its own; flagged so reviewers know what data leaves the user's machine.

▶ line 523: …}):void 0}))),y={$exception_message:((c=p[0])==null?void 0:c.value)||a.message,$exception_type:(u=p[0])==null?void 0:u.type,$exception_level:a.level,$exception_list:m,$sentry_event_id:a.event_id,$sentry_exception:a.exception,$sentry_exception_message:((d=p[0])==null?void 0:d.value)||a.message,$sentry_exception_type:(f=p[0])==null?void 0:f.type,$sentry_tags:a.tags};return n&&r&&(y.$sentry_url=(i||"https://sentry.io/organizations/")+n+"/issues/?project="+r+"&query="+a.event_id),o&&t.exceptions.sendExceptionEvent(y),a}}class O9e{constructor(e,n,r,i,s,o){this.name=ine,this.setupOnce=function(a){a(sne(e,{organization:n,projectId:r,prefix:i,severityAllowList:s,sendExceptionsToPostHog:o==null||o}))}}}var N9e=Ye!=null&&Ye.location?e4(Ye.location.hash,"__posthog")||e4(location.hash,"state"):null,Oj…