@adammcarter/use-cases 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (704) hide show
  1. package/.agents/skills/migration/SKILL.md +85 -0
  2. package/.agents/skills/showcase/SKILL.md +60 -0
  3. package/.agents/skills/use-cases/SKILL.md +161 -0
  4. package/.agents/skills/walkthrough/SKILL.md +48 -0
  5. package/.claude-plugin/plugin.json +14 -0
  6. package/.codex-plugin/plugin.json +33 -0
  7. package/.mcp.json +8 -0
  8. package/.opencode/plugin/use-cases.js +32 -0
  9. package/CHANGELOG.md +125 -0
  10. package/LICENSE +21 -0
  11. package/README.md +112 -0
  12. package/bootstrap/use-cases.md +60 -0
  13. package/docs/README.md +51 -0
  14. package/docs/acceptance.md +16 -0
  15. package/docs/activation.md +89 -0
  16. package/docs/adr/0001-p0-bootstrap-decisions.md +107 -0
  17. package/docs/adr/0002-p1-schema-contracts.md +136 -0
  18. package/docs/adr/0003-p2-use-case-matrix-contracts.md +67 -0
  19. package/docs/adr/0004-p3-evidence-ledger-contracts.md +85 -0
  20. package/docs/adr/0005-p4-cli-contract.md +70 -0
  21. package/docs/adr/0006-trusted-user-approval-path.md +125 -0
  22. package/docs/cli.md +108 -0
  23. package/docs/data-model.md +56 -0
  24. package/docs/getting-started.md +296 -0
  25. package/docs/hosts.md +30 -0
  26. package/docs/markers-adoption.md +100 -0
  27. package/docs/mcp.md +114 -0
  28. package/docs/migration.md +90 -0
  29. package/docs/reference/error-codes.md +123 -0
  30. package/docs/reference/stability.md +123 -0
  31. package/docs/release.md +26 -0
  32. package/docs/security/ci-hardening.md +144 -0
  33. package/docs/security/key-management.md +158 -0
  34. package/docs/security.md +66 -0
  35. package/docs/showcase.md +39 -0
  36. package/docs/tutorials/python-pytest.md +188 -0
  37. package/examples/basic-product/demo-capsules/product-search.yml +23 -0
  38. package/examples/basic-product/evidence/by-id/ev/evidence-basic-search.jsonl +1 -0
  39. package/examples/basic-product/showcase-runs/run.basic.product.search/events.jsonl +4 -0
  40. package/examples/basic-product/use-cases/product.yml +85 -0
  41. package/examples/basic-product/use-cases.yml +9 -0
  42. package/examples/damaged-product/evidence/broken.jsonl +1 -0
  43. package/examples/damaged-product/use-cases/duplicate-a.yml +28 -0
  44. package/examples/damaged-product/use-cases/duplicate-b.yml +28 -0
  45. package/examples/damaged-product/use-cases/malformed.yml +14 -0
  46. package/examples/damaged-product/use-cases/valid-sibling.yml +28 -0
  47. package/examples/damaged-product/use-cases.yml +9 -0
  48. package/examples/host-projections/use-cases.yml +9 -0
  49. package/examples/python-pytest/README.md +39 -0
  50. package/examples/python-pytest/pytest.ini +8 -0
  51. package/examples/python-pytest/src/coupon.py +32 -0
  52. package/examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py +31 -0
  53. package/examples/python-pytest/use-cases/checkout.yml +47 -0
  54. package/examples/python-pytest/use-cases.yml +19 -0
  55. package/hooks/hooks-codex.json +16 -0
  56. package/hooks/hooks.json +16 -0
  57. package/hooks/session-start +42 -0
  58. package/hosts/claude.yml +29 -0
  59. package/hosts/codex.yml +29 -0
  60. package/hosts/copilot.yml +29 -0
  61. package/hosts/opencode.yml +29 -0
  62. package/package.json +81 -0
  63. package/packages/cli/README.md +37 -0
  64. package/packages/cli/dist/args/parse.d.ts +6 -0
  65. package/packages/cli/dist/args/parse.d.ts.map +1 -0
  66. package/packages/cli/dist/args/parse.js +55 -0
  67. package/packages/cli/dist/args/parse.js.map +1 -0
  68. package/packages/cli/dist/args/validate.d.ts +3 -0
  69. package/packages/cli/dist/args/validate.d.ts.map +1 -0
  70. package/packages/cli/dist/args/validate.js +80 -0
  71. package/packages/cli/dist/args/validate.js.map +1 -0
  72. package/packages/cli/dist/builtins.d.ts +2 -0
  73. package/packages/cli/dist/builtins.d.ts.map +1 -0
  74. package/packages/cli/dist/builtins.js +235 -0
  75. package/packages/cli/dist/builtins.js.map +1 -0
  76. package/packages/cli/dist/command/dispatch.d.ts +4 -0
  77. package/packages/cli/dist/command/dispatch.d.ts.map +1 -0
  78. package/packages/cli/dist/command/dispatch.js +45 -0
  79. package/packages/cli/dist/command/dispatch.js.map +1 -0
  80. package/packages/cli/dist/command/help-catalog.d.ts +13 -0
  81. package/packages/cli/dist/command/help-catalog.d.ts.map +1 -0
  82. package/packages/cli/dist/command/help-catalog.js +42 -0
  83. package/packages/cli/dist/command/help-catalog.js.map +1 -0
  84. package/packages/cli/dist/command/registry.d.ts +3 -0
  85. package/packages/cli/dist/command/registry.d.ts.map +1 -0
  86. package/packages/cli/dist/command/registry.js +33 -0
  87. package/packages/cli/dist/command/registry.js.map +1 -0
  88. package/packages/cli/dist/command/types.d.ts +32 -0
  89. package/packages/cli/dist/command/types.d.ts.map +1 -0
  90. package/packages/cli/dist/command/types.js +6 -0
  91. package/packages/cli/dist/command/types.js.map +1 -0
  92. package/packages/cli/dist/commands/capsule.d.ts +7 -0
  93. package/packages/cli/dist/commands/capsule.d.ts.map +1 -0
  94. package/packages/cli/dist/commands/capsule.js +178 -0
  95. package/packages/cli/dist/commands/capsule.js.map +1 -0
  96. package/packages/cli/dist/commands/common.d.ts +7 -0
  97. package/packages/cli/dist/commands/common.d.ts.map +1 -0
  98. package/packages/cli/dist/commands/common.js +32 -0
  99. package/packages/cli/dist/commands/common.js.map +1 -0
  100. package/packages/cli/dist/commands/doctor.d.ts +6 -0
  101. package/packages/cli/dist/commands/doctor.d.ts.map +1 -0
  102. package/packages/cli/dist/commands/doctor.js +133 -0
  103. package/packages/cli/dist/commands/doctor.js.map +1 -0
  104. package/packages/cli/dist/commands/evidence.d.ts +6 -0
  105. package/packages/cli/dist/commands/evidence.d.ts.map +1 -0
  106. package/packages/cli/dist/commands/evidence.js +191 -0
  107. package/packages/cli/dist/commands/evidence.js.map +1 -0
  108. package/packages/cli/dist/commands/host.d.ts +6 -0
  109. package/packages/cli/dist/commands/host.d.ts.map +1 -0
  110. package/packages/cli/dist/commands/host.js +180 -0
  111. package/packages/cli/dist/commands/host.js.map +1 -0
  112. package/packages/cli/dist/commands/keygen.d.ts +4 -0
  113. package/packages/cli/dist/commands/keygen.d.ts.map +1 -0
  114. package/packages/cli/dist/commands/keygen.js +132 -0
  115. package/packages/cli/dist/commands/keygen.js.map +1 -0
  116. package/packages/cli/dist/commands/markers.d.ts +8 -0
  117. package/packages/cli/dist/commands/markers.d.ts.map +1 -0
  118. package/packages/cli/dist/commands/markers.js +455 -0
  119. package/packages/cli/dist/commands/markers.js.map +1 -0
  120. package/packages/cli/dist/commands/matrix.d.ts +8 -0
  121. package/packages/cli/dist/commands/matrix.d.ts.map +1 -0
  122. package/packages/cli/dist/commands/matrix.js +237 -0
  123. package/packages/cli/dist/commands/matrix.js.map +1 -0
  124. package/packages/cli/dist/commands/migrate.d.ts +4 -0
  125. package/packages/cli/dist/commands/migrate.d.ts.map +1 -0
  126. package/packages/cli/dist/commands/migrate.js +82 -0
  127. package/packages/cli/dist/commands/migrate.js.map +1 -0
  128. package/packages/cli/dist/commands/plan.d.ts +6 -0
  129. package/packages/cli/dist/commands/plan.d.ts.map +1 -0
  130. package/packages/cli/dist/commands/plan.js +129 -0
  131. package/packages/cli/dist/commands/plan.js.map +1 -0
  132. package/packages/cli/dist/commands/recover.d.ts +4 -0
  133. package/packages/cli/dist/commands/recover.d.ts.map +1 -0
  134. package/packages/cli/dist/commands/recover.js +352 -0
  135. package/packages/cli/dist/commands/recover.js.map +1 -0
  136. package/packages/cli/dist/commands/schema.d.ts +5 -0
  137. package/packages/cli/dist/commands/schema.d.ts.map +1 -0
  138. package/packages/cli/dist/commands/schema.js +51 -0
  139. package/packages/cli/dist/commands/schema.js.map +1 -0
  140. package/packages/cli/dist/commands/showcase.d.ts +14 -0
  141. package/packages/cli/dist/commands/showcase.d.ts.map +1 -0
  142. package/packages/cli/dist/commands/showcase.js +638 -0
  143. package/packages/cli/dist/commands/showcase.js.map +1 -0
  144. package/packages/cli/dist/commands/workflow.d.ts +5 -0
  145. package/packages/cli/dist/commands/workflow.d.ts.map +1 -0
  146. package/packages/cli/dist/commands/workflow.js +107 -0
  147. package/packages/cli/dist/commands/workflow.js.map +1 -0
  148. package/packages/cli/dist/coreLoader.d.ts +6 -0
  149. package/packages/cli/dist/coreLoader.d.ts.map +1 -0
  150. package/packages/cli/dist/coreLoader.js +34 -0
  151. package/packages/cli/dist/coreLoader.js.map +1 -0
  152. package/packages/cli/dist/index.d.ts +5 -0
  153. package/packages/cli/dist/index.d.ts.map +1 -0
  154. package/packages/cli/dist/index.js +83 -0
  155. package/packages/cli/dist/index.js.map +1 -0
  156. package/packages/cli/dist/render.d.ts +2 -0
  157. package/packages/cli/dist/render.d.ts.map +1 -0
  158. package/packages/cli/dist/render.js +88 -0
  159. package/packages/cli/dist/render.js.map +1 -0
  160. package/packages/cli/dist/runtime.d.ts +25 -0
  161. package/packages/cli/dist/runtime.d.ts.map +1 -0
  162. package/packages/cli/dist/runtime.js +89 -0
  163. package/packages/cli/dist/runtime.js.map +1 -0
  164. package/packages/cli/package.json +38 -0
  165. package/packages/core/README.md +37 -0
  166. package/packages/core/dist/capsules/index.d.ts +4 -0
  167. package/packages/core/dist/capsules/index.d.ts.map +1 -0
  168. package/packages/core/dist/capsules/index.js +4 -0
  169. package/packages/core/dist/capsules/index.js.map +1 -0
  170. package/packages/core/dist/capsules/loadCapsule.d.ts +11 -0
  171. package/packages/core/dist/capsules/loadCapsule.d.ts.map +1 -0
  172. package/packages/core/dist/capsules/loadCapsule.js +167 -0
  173. package/packages/core/dist/capsules/loadCapsule.js.map +1 -0
  174. package/packages/core/dist/capsules/runCapsule.d.ts +3 -0
  175. package/packages/core/dist/capsules/runCapsule.d.ts.map +1 -0
  176. package/packages/core/dist/capsules/runCapsule.js +333 -0
  177. package/packages/core/dist/capsules/runCapsule.js.map +1 -0
  178. package/packages/core/dist/capsules/types.d.ts +106 -0
  179. package/packages/core/dist/capsules/types.d.ts.map +1 -0
  180. package/packages/core/dist/capsules/types.js +2 -0
  181. package/packages/core/dist/capsules/types.js.map +1 -0
  182. package/packages/core/dist/durableWrite.d.ts +2 -0
  183. package/packages/core/dist/durableWrite.d.ts.map +1 -0
  184. package/packages/core/dist/durableWrite.js +34 -0
  185. package/packages/core/dist/durableWrite.js.map +1 -0
  186. package/packages/core/dist/errors/registry.d.ts +122 -0
  187. package/packages/core/dist/errors/registry.d.ts.map +1 -0
  188. package/packages/core/dist/errors/registry.js +206 -0
  189. package/packages/core/dist/errors/registry.js.map +1 -0
  190. package/packages/core/dist/errors/render.d.ts +3 -0
  191. package/packages/core/dist/errors/render.d.ts.map +1 -0
  192. package/packages/core/dist/errors/render.js +64 -0
  193. package/packages/core/dist/errors/render.js.map +1 -0
  194. package/packages/core/dist/errors.d.ts +5 -0
  195. package/packages/core/dist/errors.d.ts.map +1 -0
  196. package/packages/core/dist/errors.js +9 -0
  197. package/packages/core/dist/errors.js.map +1 -0
  198. package/packages/core/dist/evidence/appendEvidenceEvent.d.ts +27 -0
  199. package/packages/core/dist/evidence/appendEvidenceEvent.d.ts.map +1 -0
  200. package/packages/core/dist/evidence/appendEvidenceEvent.js +218 -0
  201. package/packages/core/dist/evidence/appendEvidenceEvent.js.map +1 -0
  202. package/packages/core/dist/evidence/assurance.d.ts +18 -0
  203. package/packages/core/dist/evidence/assurance.d.ts.map +1 -0
  204. package/packages/core/dist/evidence/assurance.js +38 -0
  205. package/packages/core/dist/evidence/assurance.js.map +1 -0
  206. package/packages/core/dist/evidence/index.d.ts +8 -0
  207. package/packages/core/dist/evidence/index.d.ts.map +1 -0
  208. package/packages/core/dist/evidence/index.js +8 -0
  209. package/packages/core/dist/evidence/index.js.map +1 -0
  210. package/packages/core/dist/evidence/jsonlLedger.d.ts +13 -0
  211. package/packages/core/dist/evidence/jsonlLedger.d.ts.map +1 -0
  212. package/packages/core/dist/evidence/jsonlLedger.js +171 -0
  213. package/packages/core/dist/evidence/jsonlLedger.js.map +1 -0
  214. package/packages/core/dist/evidence/linkEvidence.d.ts +4 -0
  215. package/packages/core/dist/evidence/linkEvidence.d.ts.map +1 -0
  216. package/packages/core/dist/evidence/linkEvidence.js +53 -0
  217. package/packages/core/dist/evidence/linkEvidence.js.map +1 -0
  218. package/packages/core/dist/evidence/replayEvidence.d.ts +6 -0
  219. package/packages/core/dist/evidence/replayEvidence.d.ts.map +1 -0
  220. package/packages/core/dist/evidence/replayEvidence.js +216 -0
  221. package/packages/core/dist/evidence/replayEvidence.js.map +1 -0
  222. package/packages/core/dist/evidence/results.d.ts +4 -0
  223. package/packages/core/dist/evidence/results.d.ts.map +1 -0
  224. package/packages/core/dist/evidence/results.js +32 -0
  225. package/packages/core/dist/evidence/results.js.map +1 -0
  226. package/packages/core/dist/evidence/types.d.ts +149 -0
  227. package/packages/core/dist/evidence/types.d.ts.map +1 -0
  228. package/packages/core/dist/evidence/types.js +2 -0
  229. package/packages/core/dist/evidence/types.js.map +1 -0
  230. package/packages/core/dist/host-profiles/claude.yml +29 -0
  231. package/packages/core/dist/host-profiles/codex.yml +29 -0
  232. package/packages/core/dist/host-profiles/copilot.yml +29 -0
  233. package/packages/core/dist/host-profiles/opencode.yml +29 -0
  234. package/packages/core/dist/hosts/conformanceStatus.d.ts +16 -0
  235. package/packages/core/dist/hosts/conformanceStatus.d.ts.map +1 -0
  236. package/packages/core/dist/hosts/conformanceStatus.js +160 -0
  237. package/packages/core/dist/hosts/conformanceStatus.js.map +1 -0
  238. package/packages/core/dist/hosts/index.d.ts +5 -0
  239. package/packages/core/dist/hosts/index.d.ts.map +1 -0
  240. package/packages/core/dist/hosts/index.js +5 -0
  241. package/packages/core/dist/hosts/index.js.map +1 -0
  242. package/packages/core/dist/hosts/loadHostProfile.d.ts +6 -0
  243. package/packages/core/dist/hosts/loadHostProfile.d.ts.map +1 -0
  244. package/packages/core/dist/hosts/loadHostProfile.js +41 -0
  245. package/packages/core/dist/hosts/loadHostProfile.js.map +1 -0
  246. package/packages/core/dist/hosts/projectHostFiles.d.ts +16 -0
  247. package/packages/core/dist/hosts/projectHostFiles.d.ts.map +1 -0
  248. package/packages/core/dist/hosts/projectHostFiles.js +272 -0
  249. package/packages/core/dist/hosts/projectHostFiles.js.map +1 -0
  250. package/packages/core/dist/hosts/types.d.ts +122 -0
  251. package/packages/core/dist/hosts/types.d.ts.map +1 -0
  252. package/packages/core/dist/hosts/types.js +2 -0
  253. package/packages/core/dist/hosts/types.js.map +1 -0
  254. package/packages/core/dist/index.d.ts +26 -0
  255. package/packages/core/dist/index.d.ts.map +1 -0
  256. package/packages/core/dist/index.js +31 -0
  257. package/packages/core/dist/index.js.map +1 -0
  258. package/packages/core/dist/init/index.d.ts +2 -0
  259. package/packages/core/dist/init/index.d.ts.map +1 -0
  260. package/packages/core/dist/init/index.js +3 -0
  261. package/packages/core/dist/init/index.js.map +1 -0
  262. package/packages/core/dist/init/scaffold.d.ts +28 -0
  263. package/packages/core/dist/init/scaffold.d.ts.map +1 -0
  264. package/packages/core/dist/init/scaffold.js +293 -0
  265. package/packages/core/dist/init/scaffold.js.map +1 -0
  266. package/packages/core/dist/markers/appendOnly.d.ts +23 -0
  267. package/packages/core/dist/markers/appendOnly.d.ts.map +1 -0
  268. package/packages/core/dist/markers/appendOnly.js +75 -0
  269. package/packages/core/dist/markers/appendOnly.js.map +1 -0
  270. package/packages/core/dist/markers/bindingSetHash.d.ts +28 -0
  271. package/packages/core/dist/markers/bindingSetHash.d.ts.map +1 -0
  272. package/packages/core/dist/markers/bindingSetHash.js +33 -0
  273. package/packages/core/dist/markers/bindingSetHash.js.map +1 -0
  274. package/packages/core/dist/markers/canonicalJson.d.ts +4 -0
  275. package/packages/core/dist/markers/canonicalJson.d.ts.map +1 -0
  276. package/packages/core/dist/markers/canonicalJson.js +51 -0
  277. package/packages/core/dist/markers/canonicalJson.js.map +1 -0
  278. package/packages/core/dist/markers/ciAuthority.d.ts +17 -0
  279. package/packages/core/dist/markers/ciAuthority.d.ts.map +1 -0
  280. package/packages/core/dist/markers/ciAuthority.js +131 -0
  281. package/packages/core/dist/markers/ciAuthority.js.map +1 -0
  282. package/packages/core/dist/markers/cli/bind.d.ts +48 -0
  283. package/packages/core/dist/markers/cli/bind.d.ts.map +1 -0
  284. package/packages/core/dist/markers/cli/bind.js +198 -0
  285. package/packages/core/dist/markers/cli/bind.js.map +1 -0
  286. package/packages/core/dist/markers/cli/index.d.ts +9 -0
  287. package/packages/core/dist/markers/cli/index.d.ts.map +1 -0
  288. package/packages/core/dist/markers/cli/index.js +15 -0
  289. package/packages/core/dist/markers/cli/index.js.map +1 -0
  290. package/packages/core/dist/markers/cli/io.d.ts +18 -0
  291. package/packages/core/dist/markers/cli/io.d.ts.map +1 -0
  292. package/packages/core/dist/markers/cli/io.js +62 -0
  293. package/packages/core/dist/markers/cli/io.js.map +1 -0
  294. package/packages/core/dist/markers/cli/precommit.d.ts +32 -0
  295. package/packages/core/dist/markers/cli/precommit.d.ts.map +1 -0
  296. package/packages/core/dist/markers/cli/precommit.js +174 -0
  297. package/packages/core/dist/markers/cli/precommit.js.map +1 -0
  298. package/packages/core/dist/markers/cli/prove.d.ts +69 -0
  299. package/packages/core/dist/markers/cli/prove.d.ts.map +1 -0
  300. package/packages/core/dist/markers/cli/prove.js +381 -0
  301. package/packages/core/dist/markers/cli/prove.js.map +1 -0
  302. package/packages/core/dist/markers/cli/scan.d.ts +63 -0
  303. package/packages/core/dist/markers/cli/scan.d.ts.map +1 -0
  304. package/packages/core/dist/markers/cli/scan.js +233 -0
  305. package/packages/core/dist/markers/cli/scan.js.map +1 -0
  306. package/packages/core/dist/markers/cli/shared.d.ts +25 -0
  307. package/packages/core/dist/markers/cli/shared.d.ts.map +1 -0
  308. package/packages/core/dist/markers/cli/shared.js +123 -0
  309. package/packages/core/dist/markers/cli/shared.js.map +1 -0
  310. package/packages/core/dist/markers/cli/validateLedger.d.ts +38 -0
  311. package/packages/core/dist/markers/cli/validateLedger.d.ts.map +1 -0
  312. package/packages/core/dist/markers/cli/validateLedger.js +81 -0
  313. package/packages/core/dist/markers/cli/validateLedger.js.map +1 -0
  314. package/packages/core/dist/markers/cli/verify.d.ts +65 -0
  315. package/packages/core/dist/markers/cli/verify.d.ts.map +1 -0
  316. package/packages/core/dist/markers/cli/verify.js +245 -0
  317. package/packages/core/dist/markers/cli/verify.js.map +1 -0
  318. package/packages/core/dist/markers/commentPrefix.d.ts +7 -0
  319. package/packages/core/dist/markers/commentPrefix.d.ts.map +1 -0
  320. package/packages/core/dist/markers/commentPrefix.js +79 -0
  321. package/packages/core/dist/markers/commentPrefix.js.map +1 -0
  322. package/packages/core/dist/markers/constants.d.ts +10 -0
  323. package/packages/core/dist/markers/constants.d.ts.map +1 -0
  324. package/packages/core/dist/markers/constants.js +13 -0
  325. package/packages/core/dist/markers/constants.js.map +1 -0
  326. package/packages/core/dist/markers/evidenceLedger.d.ts +150 -0
  327. package/packages/core/dist/markers/evidenceLedger.d.ts.map +1 -0
  328. package/packages/core/dist/markers/evidenceLedger.js +391 -0
  329. package/packages/core/dist/markers/evidenceLedger.js.map +1 -0
  330. package/packages/core/dist/markers/freshness.d.ts +125 -0
  331. package/packages/core/dist/markers/freshness.d.ts.map +1 -0
  332. package/packages/core/dist/markers/freshness.js +605 -0
  333. package/packages/core/dist/markers/freshness.js.map +1 -0
  334. package/packages/core/dist/markers/index.d.ts +26 -0
  335. package/packages/core/dist/markers/index.d.ts.map +1 -0
  336. package/packages/core/dist/markers/index.js +38 -0
  337. package/packages/core/dist/markers/index.js.map +1 -0
  338. package/packages/core/dist/markers/keygen.d.ts +6 -0
  339. package/packages/core/dist/markers/keygen.d.ts.map +1 -0
  340. package/packages/core/dist/markers/keygen.js +18 -0
  341. package/packages/core/dist/markers/keygen.js.map +1 -0
  342. package/packages/core/dist/markers/keyring.d.ts +23 -0
  343. package/packages/core/dist/markers/keyring.d.ts.map +1 -0
  344. package/packages/core/dist/markers/keyring.js +93 -0
  345. package/packages/core/dist/markers/keyring.js.map +1 -0
  346. package/packages/core/dist/markers/markerLine.d.ts +35 -0
  347. package/packages/core/dist/markers/markerLine.d.ts.map +1 -0
  348. package/packages/core/dist/markers/markerLine.js +125 -0
  349. package/packages/core/dist/markers/markerLine.js.map +1 -0
  350. package/packages/core/dist/markers/physicalLines.d.ts +10 -0
  351. package/packages/core/dist/markers/physicalLines.d.ts.map +1 -0
  352. package/packages/core/dist/markers/physicalLines.js +48 -0
  353. package/packages/core/dist/markers/physicalLines.js.map +1 -0
  354. package/packages/core/dist/markers/policyHash.d.ts +4 -0
  355. package/packages/core/dist/markers/policyHash.d.ts.map +1 -0
  356. package/packages/core/dist/markers/policyHash.js +14 -0
  357. package/packages/core/dist/markers/policyHash.js.map +1 -0
  358. package/packages/core/dist/markers/proofSignature.d.ts +29 -0
  359. package/packages/core/dist/markers/proofSignature.d.ts.map +1 -0
  360. package/packages/core/dist/markers/proofSignature.js +106 -0
  361. package/packages/core/dist/markers/proofSignature.js.map +1 -0
  362. package/packages/core/dist/markers/reconcile.d.ts +26 -0
  363. package/packages/core/dist/markers/reconcile.d.ts.map +1 -0
  364. package/packages/core/dist/markers/reconcile.js +52 -0
  365. package/packages/core/dist/markers/reconcile.js.map +1 -0
  366. package/packages/core/dist/markers/registry.d.ts +53 -0
  367. package/packages/core/dist/markers/registry.d.ts.map +1 -0
  368. package/packages/core/dist/markers/registry.js +161 -0
  369. package/packages/core/dist/markers/registry.js.map +1 -0
  370. package/packages/core/dist/markers/rowHash.d.ts +2 -0
  371. package/packages/core/dist/markers/rowHash.d.ts.map +1 -0
  372. package/packages/core/dist/markers/rowHash.js +10 -0
  373. package/packages/core/dist/markers/rowHash.js.map +1 -0
  374. package/packages/core/dist/markers/scanner.d.ts +67 -0
  375. package/packages/core/dist/markers/scanner.d.ts.map +1 -0
  376. package/packages/core/dist/markers/scanner.js +292 -0
  377. package/packages/core/dist/markers/scanner.js.map +1 -0
  378. package/packages/core/dist/markers/schemas/binding-registry-event.schema.json +41 -0
  379. package/packages/core/dist/markers/schemas/freshness-status.schema.json +134 -0
  380. package/packages/core/dist/markers/schemas/proof-event.schema.json +170 -0
  381. package/packages/core/dist/markers/spanCanon.d.ts +4 -0
  382. package/packages/core/dist/markers/spanCanon.d.ts.map +1 -0
  383. package/packages/core/dist/markers/spanCanon.js +42 -0
  384. package/packages/core/dist/markers/spanCanon.js.map +1 -0
  385. package/packages/core/dist/markers/swiftFuncRecognizer.d.ts +36 -0
  386. package/packages/core/dist/markers/swiftFuncRecognizer.d.ts.map +1 -0
  387. package/packages/core/dist/markers/swiftFuncRecognizer.js +638 -0
  388. package/packages/core/dist/markers/swiftFuncRecognizer.js.map +1 -0
  389. package/packages/core/dist/markers/validators.d.ts +13 -0
  390. package/packages/core/dist/markers/validators.d.ts.map +1 -0
  391. package/packages/core/dist/markers/validators.js +64 -0
  392. package/packages/core/dist/markers/validators.js.map +1 -0
  393. package/packages/core/dist/markers/verificationContextHash.d.ts +23 -0
  394. package/packages/core/dist/markers/verificationContextHash.d.ts.map +1 -0
  395. package/packages/core/dist/markers/verificationContextHash.js +96 -0
  396. package/packages/core/dist/markers/verificationContextHash.js.map +1 -0
  397. package/packages/core/dist/markers/verifierPresets.d.ts +18 -0
  398. package/packages/core/dist/markers/verifierPresets.d.ts.map +1 -0
  399. package/packages/core/dist/markers/verifierPresets.js +71 -0
  400. package/packages/core/dist/markers/verifierPresets.js.map +1 -0
  401. package/packages/core/dist/markers/verifierResolver.d.ts +27 -0
  402. package/packages/core/dist/markers/verifierResolver.d.ts.map +1 -0
  403. package/packages/core/dist/markers/verifierResolver.js +151 -0
  404. package/packages/core/dist/markers/verifierResolver.js.map +1 -0
  405. package/packages/core/dist/migration/index.d.ts +2 -0
  406. package/packages/core/dist/migration/index.d.ts.map +1 -0
  407. package/packages/core/dist/migration/index.js +2 -0
  408. package/packages/core/dist/migration/index.js.map +1 -0
  409. package/packages/core/dist/migration/testMatrix.d.ts +42 -0
  410. package/packages/core/dist/migration/testMatrix.d.ts.map +1 -0
  411. package/packages/core/dist/migration/testMatrix.js +351 -0
  412. package/packages/core/dist/migration/testMatrix.js.map +1 -0
  413. package/packages/core/dist/package/index.d.ts +2 -0
  414. package/packages/core/dist/package/index.d.ts.map +1 -0
  415. package/packages/core/dist/package/index.js +2 -0
  416. package/packages/core/dist/package/index.js.map +1 -0
  417. package/packages/core/dist/package/inspectPackage.d.ts +67 -0
  418. package/packages/core/dist/package/inspectPackage.d.ts.map +1 -0
  419. package/packages/core/dist/package/inspectPackage.js +371 -0
  420. package/packages/core/dist/package/inspectPackage.js.map +1 -0
  421. package/packages/core/dist/presentation/candidates.d.ts +13 -0
  422. package/packages/core/dist/presentation/candidates.d.ts.map +1 -0
  423. package/packages/core/dist/presentation/candidates.js +86 -0
  424. package/packages/core/dist/presentation/candidates.js.map +1 -0
  425. package/packages/core/dist/presentation/index.d.ts +8 -0
  426. package/packages/core/dist/presentation/index.d.ts.map +1 -0
  427. package/packages/core/dist/presentation/index.js +8 -0
  428. package/packages/core/dist/presentation/index.js.map +1 -0
  429. package/packages/core/dist/presentation/items.d.ts +18 -0
  430. package/packages/core/dist/presentation/items.d.ts.map +1 -0
  431. package/packages/core/dist/presentation/items.js +228 -0
  432. package/packages/core/dist/presentation/items.js.map +1 -0
  433. package/packages/core/dist/presentation/ordering.d.ts +8 -0
  434. package/packages/core/dist/presentation/ordering.d.ts.map +1 -0
  435. package/packages/core/dist/presentation/ordering.js +31 -0
  436. package/packages/core/dist/presentation/ordering.js.map +1 -0
  437. package/packages/core/dist/presentation/planHelpers.d.ts +26 -0
  438. package/packages/core/dist/presentation/planHelpers.d.ts.map +1 -0
  439. package/packages/core/dist/presentation/planHelpers.js +62 -0
  440. package/packages/core/dist/presentation/planHelpers.js.map +1 -0
  441. package/packages/core/dist/presentation/presentationFormat.d.ts +39 -0
  442. package/packages/core/dist/presentation/presentationFormat.d.ts.map +1 -0
  443. package/packages/core/dist/presentation/presentationFormat.js +58 -0
  444. package/packages/core/dist/presentation/presentationFormat.js.map +1 -0
  445. package/packages/core/dist/presentation/renderCard.d.ts +37 -0
  446. package/packages/core/dist/presentation/renderCard.d.ts.map +1 -0
  447. package/packages/core/dist/presentation/renderCard.js +129 -0
  448. package/packages/core/dist/presentation/renderCard.js.map +1 -0
  449. package/packages/core/dist/presentation/scoring.d.ts +10 -0
  450. package/packages/core/dist/presentation/scoring.d.ts.map +1 -0
  451. package/packages/core/dist/presentation/scoring.js +82 -0
  452. package/packages/core/dist/presentation/scoring.js.map +1 -0
  453. package/packages/core/dist/presentation/selectPlan.d.ts +4 -0
  454. package/packages/core/dist/presentation/selectPlan.d.ts.map +1 -0
  455. package/packages/core/dist/presentation/selectPlan.js +122 -0
  456. package/packages/core/dist/presentation/selectPlan.js.map +1 -0
  457. package/packages/core/dist/presentation/selectShowcasePlan.d.ts +3 -0
  458. package/packages/core/dist/presentation/selectShowcasePlan.d.ts.map +1 -0
  459. package/packages/core/dist/presentation/selectShowcasePlan.js +6 -0
  460. package/packages/core/dist/presentation/selectShowcasePlan.js.map +1 -0
  461. package/packages/core/dist/presentation/selectWalkthroughPlan.d.ts +3 -0
  462. package/packages/core/dist/presentation/selectWalkthroughPlan.d.ts.map +1 -0
  463. package/packages/core/dist/presentation/selectWalkthroughPlan.js +6 -0
  464. package/packages/core/dist/presentation/selectWalkthroughPlan.js.map +1 -0
  465. package/packages/core/dist/presentation/selection.d.ts +7 -0
  466. package/packages/core/dist/presentation/selection.d.ts.map +1 -0
  467. package/packages/core/dist/presentation/selection.js +20 -0
  468. package/packages/core/dist/presentation/selection.js.map +1 -0
  469. package/packages/core/dist/presentation/snapshot.d.ts +12 -0
  470. package/packages/core/dist/presentation/snapshot.d.ts.map +1 -0
  471. package/packages/core/dist/presentation/snapshot.js +53 -0
  472. package/packages/core/dist/presentation/snapshot.js.map +1 -0
  473. package/packages/core/dist/presentation/types.d.ts +172 -0
  474. package/packages/core/dist/presentation/types.d.ts.map +1 -0
  475. package/packages/core/dist/presentation/types.js +2 -0
  476. package/packages/core/dist/presentation/types.js.map +1 -0
  477. package/packages/core/dist/redact.d.ts +11 -0
  478. package/packages/core/dist/redact.d.ts.map +1 -0
  479. package/packages/core/dist/redact.js +17 -0
  480. package/packages/core/dist/redact.js.map +1 -0
  481. package/packages/core/dist/roots.d.ts +81 -0
  482. package/packages/core/dist/roots.d.ts.map +1 -0
  483. package/packages/core/dist/roots.js +220 -0
  484. package/packages/core/dist/roots.js.map +1 -0
  485. package/packages/core/dist/schema/cliResult.d.ts +34 -0
  486. package/packages/core/dist/schema/cliResult.d.ts.map +1 -0
  487. package/packages/core/dist/schema/cliResult.js +35 -0
  488. package/packages/core/dist/schema/cliResult.js.map +1 -0
  489. package/packages/core/dist/schema/diagnostic.d.ts +26 -0
  490. package/packages/core/dist/schema/diagnostic.d.ts.map +1 -0
  491. package/packages/core/dist/schema/diagnostic.js +28 -0
  492. package/packages/core/dist/schema/diagnostic.js.map +1 -0
  493. package/packages/core/dist/schema/index.d.ts +8 -0
  494. package/packages/core/dist/schema/index.d.ts.map +1 -0
  495. package/packages/core/dist/schema/index.js +9 -0
  496. package/packages/core/dist/schema/index.js.map +1 -0
  497. package/packages/core/dist/schema/registry.d.ts +15 -0
  498. package/packages/core/dist/schema/registry.d.ts.map +1 -0
  499. package/packages/core/dist/schema/registry.js +206 -0
  500. package/packages/core/dist/schema/registry.js.map +1 -0
  501. package/packages/core/dist/schema/syntheticContracts.d.ts +3 -0
  502. package/packages/core/dist/schema/syntheticContracts.d.ts.map +1 -0
  503. package/packages/core/dist/schema/syntheticContracts.js +342 -0
  504. package/packages/core/dist/schema/syntheticContracts.js.map +1 -0
  505. package/packages/core/dist/schema/validate.d.ts +21 -0
  506. package/packages/core/dist/schema/validate.d.ts.map +1 -0
  507. package/packages/core/dist/schema/validate.js +210 -0
  508. package/packages/core/dist/schema/validate.js.map +1 -0
  509. package/packages/core/dist/schemas/v1/authority.schema.json +70 -0
  510. package/packages/core/dist/schemas/v1/cli-result.schema.json +30 -0
  511. package/packages/core/dist/schemas/v1/common.schema.json +274 -0
  512. package/packages/core/dist/schemas/v1/demo-capsule.schema.json +78 -0
  513. package/packages/core/dist/schemas/v1/evidence-append-result.schema.json +14 -0
  514. package/packages/core/dist/schemas/v1/evidence-event.schema.json +181 -0
  515. package/packages/core/dist/schemas/v1/evidence-status-result.schema.json +68 -0
  516. package/packages/core/dist/schemas/v1/host-profile.schema.json +94 -0
  517. package/packages/core/dist/schemas/v1/host-status-result.schema.json +49 -0
  518. package/packages/core/dist/schemas/v1/keyring.schema.json +77 -0
  519. package/packages/core/dist/schemas/v1/ledger.schema.json +99 -0
  520. package/packages/core/dist/schemas/v1/marker.schema.json +84 -0
  521. package/packages/core/dist/schemas/v1/matrix-list-result.schema.json +67 -0
  522. package/packages/core/dist/schemas/v1/matrix-mutation-result.schema.json +49 -0
  523. package/packages/core/dist/schemas/v1/matrix-validation-result.schema.json +77 -0
  524. package/packages/core/dist/schemas/v1/mcp-tool-results.schema.json +34 -0
  525. package/packages/core/dist/schemas/v1/migration-test-matrix-result.schema.json +76 -0
  526. package/packages/core/dist/schemas/v1/presentation-plan-result.schema.json +62 -0
  527. package/packages/core/dist/schemas/v1/presentation-plan.schema.json +259 -0
  528. package/packages/core/dist/schemas/v1/release-gate-result.schema.json +136 -0
  529. package/packages/core/dist/schemas/v1/showcase-approval-result.schema.json +5 -0
  530. package/packages/core/dist/schemas/v1/showcase-event-append-result.schema.json +17 -0
  531. package/packages/core/dist/schemas/v1/showcase-event.schema.json +235 -0
  532. package/packages/core/dist/schemas/v1/showcase-finish-result.schema.json +5 -0
  533. package/packages/core/dist/schemas/v1/showcase-run-status-result.schema.json +70 -0
  534. package/packages/core/dist/schemas/v1/showcase-start-result.schema.json +5 -0
  535. package/packages/core/dist/schemas/v1/use-case-file.schema.json +178 -0
  536. package/packages/core/dist/schemas/v1/workflow-mode.schema.json +16 -0
  537. package/packages/core/dist/schemas/v1/workspace-config.schema.json +58 -0
  538. package/packages/core/dist/showcase/appendShowcaseEvent.d.ts +116 -0
  539. package/packages/core/dist/showcase/appendShowcaseEvent.d.ts.map +1 -0
  540. package/packages/core/dist/showcase/appendShowcaseEvent.js +353 -0
  541. package/packages/core/dist/showcase/appendShowcaseEvent.js.map +1 -0
  542. package/packages/core/dist/showcase/approval.d.ts +2 -0
  543. package/packages/core/dist/showcase/approval.d.ts.map +1 -0
  544. package/packages/core/dist/showcase/approval.js +2 -0
  545. package/packages/core/dist/showcase/approval.js.map +1 -0
  546. package/packages/core/dist/showcase/approvalAuthority.d.ts +19 -0
  547. package/packages/core/dist/showcase/approvalAuthority.d.ts.map +1 -0
  548. package/packages/core/dist/showcase/approvalAuthority.js +46 -0
  549. package/packages/core/dist/showcase/approvalAuthority.js.map +1 -0
  550. package/packages/core/dist/showcase/index.d.ts +11 -0
  551. package/packages/core/dist/showcase/index.d.ts.map +1 -0
  552. package/packages/core/dist/showcase/index.js +11 -0
  553. package/packages/core/dist/showcase/index.js.map +1 -0
  554. package/packages/core/dist/showcase/jsonlLedger.d.ts +11 -0
  555. package/packages/core/dist/showcase/jsonlLedger.d.ts.map +1 -0
  556. package/packages/core/dist/showcase/jsonlLedger.js +50 -0
  557. package/packages/core/dist/showcase/jsonlLedger.js.map +1 -0
  558. package/packages/core/dist/showcase/planBinding.d.ts +5 -0
  559. package/packages/core/dist/showcase/planBinding.d.ts.map +1 -0
  560. package/packages/core/dist/showcase/planBinding.js +33 -0
  561. package/packages/core/dist/showcase/planBinding.js.map +1 -0
  562. package/packages/core/dist/showcase/replayRun.d.ts +5 -0
  563. package/packages/core/dist/showcase/replayRun.d.ts.map +1 -0
  564. package/packages/core/dist/showcase/replayRun.js +199 -0
  565. package/packages/core/dist/showcase/replayRun.js.map +1 -0
  566. package/packages/core/dist/showcase/results.d.ts +3 -0
  567. package/packages/core/dist/showcase/results.d.ts.map +1 -0
  568. package/packages/core/dist/showcase/results.js +4 -0
  569. package/packages/core/dist/showcase/results.js.map +1 -0
  570. package/packages/core/dist/showcase/revisionEpochs.d.ts +2 -0
  571. package/packages/core/dist/showcase/revisionEpochs.d.ts.map +1 -0
  572. package/packages/core/dist/showcase/revisionEpochs.js +2 -0
  573. package/packages/core/dist/showcase/revisionEpochs.js.map +1 -0
  574. package/packages/core/dist/showcase/startRun.d.ts +2 -0
  575. package/packages/core/dist/showcase/startRun.d.ts.map +1 -0
  576. package/packages/core/dist/showcase/startRun.js +2 -0
  577. package/packages/core/dist/showcase/startRun.js.map +1 -0
  578. package/packages/core/dist/showcase/types.d.ts +66 -0
  579. package/packages/core/dist/showcase/types.d.ts.map +1 -0
  580. package/packages/core/dist/showcase/types.js +2 -0
  581. package/packages/core/dist/showcase/types.js.map +1 -0
  582. package/packages/core/dist/skills/canonicalSkills.d.ts +3 -0
  583. package/packages/core/dist/skills/canonicalSkills.d.ts.map +1 -0
  584. package/packages/core/dist/skills/canonicalSkills.js +7 -0
  585. package/packages/core/dist/skills/canonicalSkills.js.map +1 -0
  586. package/packages/core/dist/skills/index.d.ts +4 -0
  587. package/packages/core/dist/skills/index.d.ts.map +1 -0
  588. package/packages/core/dist/skills/index.js +4 -0
  589. package/packages/core/dist/skills/index.js.map +1 -0
  590. package/packages/core/dist/skills/types.d.ts +26 -0
  591. package/packages/core/dist/skills/types.d.ts.map +1 -0
  592. package/packages/core/dist/skills/types.js +2 -0
  593. package/packages/core/dist/skills/types.js.map +1 -0
  594. package/packages/core/dist/skills/validateSkillAssets.d.ts +6 -0
  595. package/packages/core/dist/skills/validateSkillAssets.d.ts.map +1 -0
  596. package/packages/core/dist/skills/validateSkillAssets.js +218 -0
  597. package/packages/core/dist/skills/validateSkillAssets.js.map +1 -0
  598. package/packages/core/dist/useCases/integrity.d.ts +11 -0
  599. package/packages/core/dist/useCases/integrity.d.ts.map +1 -0
  600. package/packages/core/dist/useCases/integrity.js +178 -0
  601. package/packages/core/dist/useCases/integrity.js.map +1 -0
  602. package/packages/core/dist/useCases/loadUseCaseMatrix.d.ts +7 -0
  603. package/packages/core/dist/useCases/loadUseCaseMatrix.d.ts.map +1 -0
  604. package/packages/core/dist/useCases/loadUseCaseMatrix.js +74 -0
  605. package/packages/core/dist/useCases/loadUseCaseMatrix.js.map +1 -0
  606. package/packages/core/dist/useCases/mutateUseCaseMatrix.d.ts +25 -0
  607. package/packages/core/dist/useCases/mutateUseCaseMatrix.d.ts.map +1 -0
  608. package/packages/core/dist/useCases/mutateUseCaseMatrix.js +198 -0
  609. package/packages/core/dist/useCases/mutateUseCaseMatrix.js.map +1 -0
  610. package/packages/core/dist/useCases/query.d.ts +12 -0
  611. package/packages/core/dist/useCases/query.d.ts.map +1 -0
  612. package/packages/core/dist/useCases/query.js +47 -0
  613. package/packages/core/dist/useCases/query.js.map +1 -0
  614. package/packages/core/dist/useCases/types.d.ts +149 -0
  615. package/packages/core/dist/useCases/types.d.ts.map +1 -0
  616. package/packages/core/dist/useCases/types.js +2 -0
  617. package/packages/core/dist/useCases/types.js.map +1 -0
  618. package/packages/core/dist/useCases/validateUseCaseFile.d.ts +9 -0
  619. package/packages/core/dist/useCases/validateUseCaseFile.d.ts.map +1 -0
  620. package/packages/core/dist/useCases/validateUseCaseFile.js +107 -0
  621. package/packages/core/dist/useCases/validateUseCaseFile.js.map +1 -0
  622. package/packages/core/dist/version.d.ts +9 -0
  623. package/packages/core/dist/version.d.ts.map +1 -0
  624. package/packages/core/dist/version.js +17 -0
  625. package/packages/core/dist/version.js.map +1 -0
  626. package/packages/core/package.json +39 -0
  627. package/packages/mcp/README.md +48 -0
  628. package/packages/mcp/dist/index.d.ts +20 -0
  629. package/packages/mcp/dist/index.d.ts.map +1 -0
  630. package/packages/mcp/dist/index.js +180 -0
  631. package/packages/mcp/dist/index.js.map +1 -0
  632. package/packages/mcp/dist/prompts.d.ts +32 -0
  633. package/packages/mcp/dist/prompts.d.ts.map +1 -0
  634. package/packages/mcp/dist/prompts.js +199 -0
  635. package/packages/mcp/dist/prompts.js.map +1 -0
  636. package/packages/mcp/dist/resources.d.ts +22 -0
  637. package/packages/mcp/dist/resources.d.ts.map +1 -0
  638. package/packages/mcp/dist/resources.js +342 -0
  639. package/packages/mcp/dist/resources.js.map +1 -0
  640. package/packages/mcp/dist/toolHandlers.d.ts +28 -0
  641. package/packages/mcp/dist/toolHandlers.d.ts.map +1 -0
  642. package/packages/mcp/dist/toolHandlers.js +592 -0
  643. package/packages/mcp/dist/toolHandlers.js.map +1 -0
  644. package/packages/mcp/dist/toolSchemas.d.ts +23 -0
  645. package/packages/mcp/dist/toolSchemas.d.ts.map +1 -0
  646. package/packages/mcp/dist/toolSchemas.js +223 -0
  647. package/packages/mcp/dist/toolSchemas.js.map +1 -0
  648. package/packages/mcp/dist/tools.d.ts +22 -0
  649. package/packages/mcp/dist/tools.d.ts.map +1 -0
  650. package/packages/mcp/dist/tools.js +65 -0
  651. package/packages/mcp/dist/tools.js.map +1 -0
  652. package/packages/mcp/package.json +38 -0
  653. package/plugin.json +6 -0
  654. package/schemas/v1/authority.schema.json +70 -0
  655. package/schemas/v1/cli-result.schema.json +30 -0
  656. package/schemas/v1/common.schema.json +274 -0
  657. package/schemas/v1/demo-capsule.schema.json +78 -0
  658. package/schemas/v1/evidence-append-result.schema.json +14 -0
  659. package/schemas/v1/evidence-event.schema.json +181 -0
  660. package/schemas/v1/evidence-status-result.schema.json +68 -0
  661. package/schemas/v1/host-profile.schema.json +94 -0
  662. package/schemas/v1/host-status-result.schema.json +49 -0
  663. package/schemas/v1/keyring.schema.json +77 -0
  664. package/schemas/v1/ledger.schema.json +99 -0
  665. package/schemas/v1/marker.schema.json +84 -0
  666. package/schemas/v1/matrix-list-result.schema.json +67 -0
  667. package/schemas/v1/matrix-mutation-result.schema.json +49 -0
  668. package/schemas/v1/matrix-validation-result.schema.json +77 -0
  669. package/schemas/v1/mcp-tool-results.schema.json +34 -0
  670. package/schemas/v1/migration-test-matrix-result.schema.json +76 -0
  671. package/schemas/v1/presentation-plan-result.schema.json +62 -0
  672. package/schemas/v1/presentation-plan.schema.json +259 -0
  673. package/schemas/v1/release-gate-result.schema.json +136 -0
  674. package/schemas/v1/showcase-approval-result.schema.json +5 -0
  675. package/schemas/v1/showcase-event-append-result.schema.json +17 -0
  676. package/schemas/v1/showcase-event.schema.json +235 -0
  677. package/schemas/v1/showcase-finish-result.schema.json +5 -0
  678. package/schemas/v1/showcase-run-status-result.schema.json +70 -0
  679. package/schemas/v1/showcase-start-result.schema.json +5 -0
  680. package/schemas/v1/use-case-file.schema.json +178 -0
  681. package/schemas/v1/workflow-mode.schema.json +16 -0
  682. package/schemas/v1/workspace-config.schema.json +58 -0
  683. package/use-cases/capsule/demos.yml +212 -0
  684. package/use-cases/capsule/runner.yml +49 -0
  685. package/use-cases/diagnostics/contracts.yml +239 -0
  686. package/use-cases/evidence/core.yml +32 -0
  687. package/use-cases/evidence/ledger.yml +330 -0
  688. package/use-cases/hosts/profiles.yml +365 -0
  689. package/use-cases/hosts/projections.yml +96 -0
  690. package/use-cases/lifecycle/loop.yml +229 -0
  691. package/use-cases/matrix/core.yml +92 -0
  692. package/use-cases/matrix/product.yml +289 -0
  693. package/use-cases/mcp/surface.yml +257 -0
  694. package/use-cases/mcp/wrapper.yml +100 -0
  695. package/use-cases/migration/importer.yml +171 -0
  696. package/use-cases/migration/test-matrix.yml +32 -0
  697. package/use-cases/planning/cards.yml +215 -0
  698. package/use-cases/release/package.yml +80 -0
  699. package/use-cases/release/proof.yml +180 -0
  700. package/use-cases/roadmap/deferred.yml +184 -0
  701. package/use-cases/showcase/flow.yml +269 -0
  702. package/use-cases/showcase/live.yml +44 -0
  703. package/use-cases/skills/assets.yml +92 -0
  704. package/use-cases.yml +9 -0
@@ -0,0 +1,233 @@
1
+ import { validateEvidenceLedger } from "../evidenceLedger.js";
2
+ import { deriveFreshness } from "../freshness.js";
3
+ import { validateBindingsJsonl } from "../registry.js";
4
+ import { formatInferredSwiftSpanReport, scanFiles } from "../scanner.js";
5
+ import { readBaseRefFile } from "../appendOnly.js";
6
+ import { computeRowVerificationContextHash } from "../verificationContextHash.js";
7
+ import { join } from "node:path";
8
+ import { nodeMarkerFs } from "./io.js";
9
+ import { collectSourceInputs, loadMarkerRows } from "./shared.js";
10
+ // The conventional location of the UNSIGNED verification-results ledger, one row
11
+ // per line, that `verify --out` writes. Scan auto-discovers it here (under the
12
+ // data root's .use-cases dir) so the keyless daily loop — bind -> verify -> scan
13
+ // -> VERIFIED_LOCAL — needs no key, no CI, and no extra flags.
14
+ export const DEFAULT_VERIFICATION_RESULTS_FILENAME = "verification-results.jsonl";
15
+ // Parse the unsigned verification-results ledger (JSONL of
16
+ // `ucase-verification-result-v1` records) into the minimal shape freshness's
17
+ // keyless tier consumes. Unreadable/blank/malformed content yields an empty list
18
+ // (the keyless signal is best-effort and NEVER blocks the read-only scan).
19
+ function loadLocalVerificationResults(text) {
20
+ const results = [];
21
+ for (const raw of text.split("\n")) {
22
+ const line = raw.trim();
23
+ if (line === "") {
24
+ continue;
25
+ }
26
+ let record;
27
+ try {
28
+ record = JSON.parse(line);
29
+ }
30
+ catch {
31
+ continue; // skip a malformed line rather than failing the whole scan
32
+ }
33
+ if (typeof record !== "object" || record === null) {
34
+ continue;
35
+ }
36
+ const value = record;
37
+ const rowId = value.row_id;
38
+ const contextHash = value.verification_context_hash;
39
+ const bindingSetHash = value.binding_set_hash;
40
+ const status = value.status;
41
+ if (typeof rowId !== "string" ||
42
+ typeof contextHash !== "string" ||
43
+ typeof bindingSetHash !== "string" ||
44
+ typeof status !== "string") {
45
+ continue;
46
+ }
47
+ results.push({
48
+ row_id: rowId,
49
+ context_hash: contextHash,
50
+ binding_set_hash: bindingSetHash,
51
+ passed: status === "pass"
52
+ });
53
+ }
54
+ return results;
55
+ }
56
+ // Shared pipeline used by both `scan` and `prove` (prove runs scan first).
57
+ export function prepareScan(options) {
58
+ const fs = options.fs ?? nodeMarkerFs;
59
+ const loaded = loadMarkerRows(options.context);
60
+ // Registry (append-only binding log) -> validate + materialize. Append-only
61
+ // discipline vs a base ref is validate-ledger's authority (spec 8.4); scan only
62
+ // validates the materialized registry here.
63
+ const bindingsText = fs.readText(options.bindingsPath) ?? "";
64
+ const registryResult = validateBindingsJsonl(bindingsText, loaded.rowIds);
65
+ const registryErrors = [...registryResult.errors];
66
+ // Evidence ledger -> validate signatures/schema/policy/internal hashes.
67
+ const evidenceText = fs.readText(options.evidencePath) ?? "";
68
+ const baseRefOldText = options.baseRef !== undefined
69
+ ? readBaseRefFile(options.baseRef, options.evidencePath, {
70
+ cwd: options.repoCwd,
71
+ runner: options.gitRunner
72
+ })
73
+ : undefined;
74
+ const evidenceResult = validateEvidenceLedger(evidenceText, {
75
+ publicKeyResolver: options.publicKeyResolver,
76
+ yamlRowIds: loaded.rowIds,
77
+ baseRefOldText
78
+ });
79
+ // Scan product source for markers.
80
+ const inputs = collectSourceInputs(options.productRoot, {
81
+ fs,
82
+ config: options.commentConfig,
83
+ skipPaths: [options.context.data_root]
84
+ });
85
+ const scan = scanFiles(inputs, { config: options.commentConfig });
86
+ // Derive freshness. Registry/ledger validation failures become global
87
+ // integrity errors so guard_ok flips and they surface in the status object.
88
+ const globalIntegrity = [
89
+ ...registryErrors.map((error) => ({
90
+ code: error.code,
91
+ line: error.line ?? undefined,
92
+ message: error.message,
93
+ binding_slug: error.binding_slug
94
+ })),
95
+ ...evidenceResult.errors.map((error) => ({
96
+ code: error.code,
97
+ line: error.line ?? undefined,
98
+ message: error.message,
99
+ event_id: error.event_id
100
+ }))
101
+ ];
102
+ // Freshly recompute each row's verification context hash from the CURRENT
103
+ // resolved verifier + declared-input contents + lockfile. Threaded into
104
+ // freshness so a proof minted against a now-weakened verifier is no longer
105
+ // FRESH. Computed identically to `prove` (same root + fs), so a just-minted
106
+ // proof's embedded hash matches its recomputed value.
107
+ const contextRoot = options.repoCwd ?? options.productRoot;
108
+ const currentContextHashes = new Map();
109
+ for (const row of loaded.rows) {
110
+ currentContextHashes.set(row.row_id, computeRowVerificationContextHash({
111
+ slug: row.row_id,
112
+ verificationPolicy: row.verification_policy,
113
+ rootDir: contextRoot,
114
+ fs,
115
+ workspaceVerifiers: options.context.verifiers
116
+ }));
117
+ }
118
+ // Keyless local tier: auto-discover the UNSIGNED verification-results ledger
119
+ // (what `verify --out` writes) under the data root, or use the caller override.
120
+ // Read-only and best-effort: an absent/unreadable file simply yields no local
121
+ // results, and the local tier is reported as UNVERIFIED_LOCAL for bound rows.
122
+ const resultsPath = options.resultsPath ??
123
+ join(options.context.data_root, ".use-cases", DEFAULT_VERIFICATION_RESULTS_FILENAME);
124
+ const resultsText = fs.readText(resultsPath);
125
+ const localResults = resultsText == null ? [] : loadLocalVerificationResults(resultsText);
126
+ const status = deriveFreshness({
127
+ rows: loaded.rows,
128
+ registry: registryResult.registry,
129
+ scan,
130
+ evidence: evidenceResult.events,
131
+ policy_mode: options.policyMode,
132
+ generated_at: options.generatedAt,
133
+ product_root: options.productRoot,
134
+ current_context_hashes: currentContextHashes,
135
+ local_results: localResults,
136
+ global_integrity_errors: globalIntegrity,
137
+ // OPTIONAL CI-neutral release-gate authority requirement from workspace
138
+ // config (off by default). Only consulted in release mode by deriveFreshness.
139
+ release_gate: options.context.release_gate
140
+ });
141
+ return {
142
+ loaded,
143
+ registry: registryResult.registry,
144
+ registryErrors,
145
+ evidence: evidenceResult.events,
146
+ evidenceErrors: evidenceResult.errors,
147
+ scan,
148
+ status
149
+ };
150
+ }
151
+ export function runScanCommand(options) {
152
+ const prepared = prepareScan(options);
153
+ const registryValid = prepared.registryErrors.length === 0;
154
+ const evidenceValid = prepared.evidenceErrors.length === 0;
155
+ // Inferred Swift spans, for the CI human report (spec 8.2 "must print").
156
+ const inferredSpans = prepared.scan.bindings
157
+ .map((binding) => formatInferredSwiftSpanReport(binding))
158
+ .filter((report) => report !== null);
159
+ const baseExitCode = scanExitCode(prepared.status, registryValid, evidenceValid);
160
+ // Opt-in gate: escalate an otherwise-passing scan (exit 0) to exit 1 when a
161
+ // required row is below the bar. It NEVER lowers a higher-precedence failure
162
+ // (4 ledger/registry, 3 binding integrity) — those already surface real
163
+ // problems and outrank a freshness gate. Without --gate, nothing changes.
164
+ let gate;
165
+ let exitCode = baseExitCode;
166
+ if (options.gate) {
167
+ gate = evaluateScanGate(prepared.status, options.policyMode);
168
+ if (gate.blocked && exitCode === 0) {
169
+ exitCode = 1;
170
+ }
171
+ }
172
+ return {
173
+ exit_code: exitCode,
174
+ ok: exitCode === 0,
175
+ status: prepared.status,
176
+ registry_valid: registryValid,
177
+ evidence_valid: evidenceValid,
178
+ inferred_spans: inferredSpans,
179
+ registry_errors: prepared.registryErrors,
180
+ evidence_errors: prepared.evidenceErrors,
181
+ ...(gate !== undefined ? { gate } : {})
182
+ };
183
+ }
184
+ // True iff a row meets the acceptable bar for `policyMode`. FRESH always passes
185
+ // (it strictly outranks the keyless local tier).
186
+ function rowMeetsGateBar(row, policyMode) {
187
+ if (row.status === "FRESH") {
188
+ return true;
189
+ }
190
+ if (policyMode === "release") {
191
+ return false; // release bar is FRESH; nothing else clears it.
192
+ }
193
+ return row.local_status === "VERIFIED_LOCAL";
194
+ }
195
+ // Pure gate decision over an already-derived FreshnessStatus. Never mutates the
196
+ // status and never changes the signed `status` — it only reads it.
197
+ export function evaluateScanGate(status, policyMode) {
198
+ const offending = [];
199
+ for (const row of status.rows) {
200
+ if (row.required_for_release !== true) {
201
+ continue; // only required rows are gated
202
+ }
203
+ if (!rowMeetsGateBar(row, policyMode)) {
204
+ offending.push({
205
+ row_id: row.row_id,
206
+ status: row.status,
207
+ local_status: row.local_status ?? null
208
+ });
209
+ }
210
+ }
211
+ return {
212
+ blocked: offending.length > 0,
213
+ policy_mode: policyMode,
214
+ required_bar: policyMode === "release" ? "FRESH" : "VERIFIED_LOCAL",
215
+ offending_rows: offending
216
+ };
217
+ }
218
+ // Exit-code precedence (spec 8.2): 4 ledger/registry > 3 binding integrity (any
219
+ // INVALID row) > 1 freshness policy block (a non-INVALID row the policy blocks).
220
+ export function scanExitCode(status, registryValid, evidenceValid) {
221
+ if (!registryValid || !evidenceValid) {
222
+ return 4;
223
+ }
224
+ if (status.summary.invalid > 0) {
225
+ return 3;
226
+ }
227
+ const policyBlockNonInvalid = status.rows.some((row) => row.policy_block && row.status !== "INVALID");
228
+ if (policyBlockNonInvalid) {
229
+ return 1;
230
+ }
231
+ return 0;
232
+ }
233
+ //# sourceMappingURL=scan.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scan.js","sourceRoot":"","sources":["../../../src/markers/cli/scan.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,sBAAsB,EAGvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,eAAe,EAIhB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,qBAAqB,EAGtB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,6BAA6B,EAC7B,SAAS,EAEV,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,eAAe,EAAkB,MAAM,kBAAkB,CAAC;AACnE,OAAO,EAAE,iCAAiC,EAAE,MAAM,+BAA+B,CAAC;AAClF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAiB,MAAM,SAAS,CAAC;AACtD,OAAO,EACL,mBAAmB,EACnB,cAAc,EAEf,MAAM,aAAa,CAAC;AAErB,iFAAiF;AACjF,+EAA+E;AAC/E,iFAAiF;AACjF,+DAA+D;AAC/D,MAAM,CAAC,MAAM,qCAAqC,GAAG,4BAA4B,CAAC;AAElF,2DAA2D;AAC3D,6EAA6E;AAC7E,iFAAiF;AACjF,2EAA2E;AAC3E,SAAS,4BAA4B,CAAC,IAAY;IAChD,MAAM,OAAO,GAA8B,EAAE,CAAC;IAC9C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,2DAA2D;QACvE,CAAC;QACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAClD,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,MAAiC,CAAC;QAChD,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC;QAC3B,MAAM,WAAW,GAAG,KAAK,CAAC,yBAAyB,CAAC;QACpD,MAAM,cAAc,GAAG,KAAK,CAAC,gBAAgB,CAAC;QAC9C,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;QAC5B,IACE,OAAO,KAAK,KAAK,QAAQ;YACzB,OAAO,WAAW,KAAK,QAAQ;YAC/B,OAAO,cAAc,KAAK,QAAQ;YAClC,OAAO,MAAM,KAAK,QAAQ,EAC1B,CAAC;YACD,SAAS;QACX,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,KAAK;YACb,YAAY,EAAE,WAAW;YACzB,gBAAgB,EAAE,cAAc;YAChC,MAAM,EAAE,MAAM,KAAK,MAAM;SAC1B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAqCD,2EAA2E;AAC3E,MAAM,UAAU,WAAW,CAAC,OAA2B;IACrD,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,IAAI,YAAY,CAAC;IACtC,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,4EAA4E;IAC5E,gFAAgF;IAChF,4CAA4C;IAC5C,MAAM,YAAY,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7D,MAAM,cAAc,GAAG,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1E,MAAM,cAAc,GAAG,CAAC,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAElD,wEAAwE;IACxE,MAAM,YAAY,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7D,MAAM,cAAc,GAClB,OAAO,CAAC,OAAO,KAAK,SAAS;QAC3B,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,EAAE;YACrD,GAAG,EAAE,OAAO,CAAC,OAAO;YACpB,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,cAAc,GAAG,sBAAsB,CAAC,YAAY,EAAE;QAC1D,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,cAAc;KACf,CAAC,CAAC;IAEH,mCAAmC;IACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,OAAO,CAAC,WAAW,EAAE;QACtD,EAAE;QACF,MAAM,EAAE,OAAO,CAAC,aAAa;QAC7B,SAAS,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC;KACvC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAElE,sEAAsE;IACtE,4EAA4E;IAC5E,MAAM,eAAe,GAAG;QACtB,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAChC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,SAAS;YAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;SACjC,CAAC,CAAC;QACH,GAAG,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACvC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,SAAS;YAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC,CAAC;KACJ,CAAC;IAEF,0EAA0E;IAC1E,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,sDAAsD;IACtD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,WAAW,CAAC;IAC3D,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,oBAAoB,CAAC,GAAG,CACtB,GAAG,CAAC,MAAM,EACV,iCAAiC,CAAC;YAChC,IAAI,EAAE,GAAG,CAAC,MAAM;YAChB,kBAAkB,EAAE,GAAG,CAAC,mBAAmB;YAC3C,OAAO,EAAE,WAAW;YACpB,EAAE;YACF,kBAAkB,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS;SAC9C,CAAC,CACH,CAAC;IACJ,CAAC;IAED,6EAA6E;IAC7E,gFAAgF;IAChF,8EAA8E;IAC9E,8EAA8E;IAC9E,MAAM,WAAW,GACf,OAAO,CAAC,WAAW;QACnB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,YAAY,EAAE,qCAAqC,CAAC,CAAC;IACvF,MAAM,WAAW,GAAG,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,YAAY,GAChB,WAAW,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,4BAA4B,CAAC,WAAW,CAAC,CAAC;IAEvE,MAAM,MAAM,GAAG,eAAe,CAAC;QAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,IAAI;QACJ,QAAQ,EAAE,cAAc,CAAC,MAAM;QAC/B,WAAW,EAAE,OAAO,CAAC,UAAU;QAC/B,YAAY,EAAE,OAAO,CAAC,WAAW;QACjC,YAAY,EAAE,OAAO,CAAC,WAAW;QACjC,sBAAsB,EAAE,oBAAoB;QAC5C,aAAa,EAAE,YAAY;QAC3B,uBAAuB,EAAE,eAAe;QACxC,wEAAwE;QACxE,8EAA8E;QAC9E,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,YAAY;KAC3C,CAAC,CAAC;IAEH,OAAO;QACL,MAAM;QACN,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,cAAc;QACd,QAAQ,EAAE,cAAc,CAAC,MAAM;QAC/B,cAAc,EAAE,cAAc,CAAC,MAAM;QACrC,IAAI;QACJ,MAAM;KACP,CAAC;AACJ,CAAC;AAiBD,MAAM,UAAU,cAAc,CAAC,OAA2B;IACxD,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC;IAC3D,MAAM,aAAa,GAAG,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC;IAE3D,yEAAyE;IACzE,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ;SACzC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAC;SACxD,MAAM,CAAC,CAAC,MAAM,EAAoB,EAAE,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;IAEzD,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;IAEjF,4EAA4E;IAC5E,6EAA6E;IAC7E,wEAAwE;IACxE,0EAA0E;IAC1E,IAAI,IAAgC,CAAC;IACrC,IAAI,QAAQ,GAAG,YAAY,CAAC;IAC5B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,GAAG,gBAAgB,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,OAAO,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnC,QAAQ,GAAG,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,QAAQ;QACnB,EAAE,EAAE,QAAQ,KAAK,CAAC;QAClB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,cAAc,EAAE,aAAa;QAC7B,cAAc,EAAE,aAAa;QAC7B,cAAc,EAAE,aAAa;QAC7B,eAAe,EAAE,QAAQ,CAAC,cAAc;QACxC,eAAe,EAAE,QAAQ,CAAC,cAAc;QACxC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AA0BD,gFAAgF;AAChF,iDAAiD;AACjD,SAAS,eAAe,CACtB,GAAoC,EACpC,UAAsB;IAEtB,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC,CAAC,gDAAgD;IAChE,CAAC;IACD,OAAO,GAAG,CAAC,YAAY,KAAK,gBAAgB,CAAC;AAC/C,CAAC;AAED,gFAAgF;AAChF,mEAAmE;AACnE,MAAM,UAAU,gBAAgB,CAC9B,MAAuB,EACvB,UAAsB;IAEtB,MAAM,SAAS,GAAuB,EAAE,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,GAAG,CAAC,oBAAoB,KAAK,IAAI,EAAE,CAAC;YACtC,SAAS,CAAC,+BAA+B;QAC3C,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;YACtC,SAAS,CAAC,IAAI,CAAC;gBACb,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI;aACvC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC;QAC7B,WAAW,EAAE,UAAU;QACvB,YAAY,EAAE,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;QACnE,cAAc,EAAE,SAAS;KAC1B,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,iFAAiF;AACjF,MAAM,UAAU,YAAY,CAC1B,MAAuB,EACvB,aAAsB,EACtB,aAAsB;IAEtB,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,qBAAqB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAC5C,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,CACtD,CAAC;IACF,IAAI,qBAAqB,EAAE,CAAC;QAC1B,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}
@@ -0,0 +1,25 @@
1
+ import type { ResolvedWorkspaceContext } from "../../roots.js";
2
+ import type { MatrixSnapshot } from "../../useCases/types.js";
3
+ import type { FreshnessInputRow } from "../freshness.js";
4
+ import type { PemOrKeyObject, PublicKeyResolver } from "../proofSignature.js";
5
+ import { type CommentPrefixConfig } from "../commentPrefix.js";
6
+ import type { CurrentBindingRecord, ScanInput } from "../scanner.js";
7
+ import { type MarkerFs } from "./io.js";
8
+ export interface LoadedMarkerRows {
9
+ rows: FreshnessInputRow[];
10
+ rowIds: Set<string>;
11
+ snapshot: MatrixSnapshot;
12
+ }
13
+ export declare function loadMarkerRows(context: ResolvedWorkspaceContext): LoadedMarkerRows;
14
+ export declare function findRow(rows: ReadonlyArray<FreshnessInputRow>, rowId: string): FreshnessInputRow | undefined;
15
+ export interface CollectSourceOptions {
16
+ fs?: MarkerFs;
17
+ config?: CommentPrefixConfig;
18
+ skipPaths?: string[];
19
+ }
20
+ export declare function collectSourceInputs(productRoot: string, options?: CollectSourceOptions): ScanInput[];
21
+ export declare function toPosix(path: string): string;
22
+ export declare function resolveUnderRoot(root: string, value: string): string;
23
+ export declare function singleKeyResolver(publicKey: PemOrKeyObject, keyId?: string): PublicKeyResolver;
24
+ export declare function registeredBindingsForRow(bindings: ReadonlyArray<CurrentBindingRecord>, rowId: string, registeredSlugs: ReadonlySet<string>): CurrentBindingRecord[];
25
+ //# sourceMappingURL=shared.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../../../src/markers/cli/shared.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAgB,KAAK,QAAQ,EAAE,MAAM,SAAS,CAAC;AAMtD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,iBAAiB,EAAE,CAAC;IAC1B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpB,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,wBAAwB,GAAG,gBAAgB,CAYlF;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,aAAa,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS,CAE5G;AA4BD,MAAM,WAAW,oBAAoB;IACnC,EAAE,CAAC,EAAE,QAAQ,CAAC;IACd,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAE7B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAMD,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,GAAE,oBAAyB,GAAG,SAAS,EAAE,CA4CxG;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAEpE;AAMD,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAO9F;AAID,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,CAAC,EAC7C,KAAK,EAAE,MAAM,EACb,eAAe,EAAE,WAAW,CAAC,MAAM,CAAC,GACnC,oBAAoB,EAAE,CAIxB"}
@@ -0,0 +1,123 @@
1
+ // Shared inputs for the Phase 7 CLI command cores.
2
+ //
3
+ // Loads marker "rows" from the existing use-case YAML loader (REUSING
4
+ // loadUseCaseMatrix rather than a parallel parser), walks product source for
5
+ // marker-bearing files, and resolves trusted-CI public keys. Everything here is
6
+ // deterministic given its inputs; clocks/ids/verification are injected by callers.
7
+ import { isAbsolute, join, relative } from "node:path";
8
+ import { loadUseCaseMatrix } from "../../useCases/loadUseCaseMatrix.js";
9
+ import { resolveCommentPrefix } from "../commentPrefix.js";
10
+ import { nodeMarkerFs } from "./io.js";
11
+ export function loadMarkerRows(context) {
12
+ const snapshot = loadUseCaseMatrix({ context });
13
+ const rows = snapshot.addressableUseCases.map((useCase) => {
14
+ const value = useCase.value;
15
+ return {
16
+ ...value,
17
+ row_id: useCase.value.id,
18
+ verification_policy: value.verification_policy ?? null,
19
+ approval_policy: value.approval_policy ?? null
20
+ };
21
+ });
22
+ return { rows, rowIds: new Set(rows.map((row) => row.row_id)), snapshot };
23
+ }
24
+ export function findRow(rows, rowId) {
25
+ return rows.find((row) => row.row_id === rowId);
26
+ }
27
+ // Directory names never walked for markers: VCS/deps, the data dir itself, and
28
+ // common build-output dirs. Build output (e.g. tsc's dist/) can carry COPIES of
29
+ // a marker comment from source, which would otherwise read as a duplicate slug.
30
+ const DEFAULT_SKIP_DIRS = new Set([
31
+ ".git",
32
+ // Agent/session state — notably .claude/worktrees holds full repo COPIES whose
33
+ // source markers would otherwise read as duplicate slugs and poison the scan.
34
+ ".claude",
35
+ "node_modules",
36
+ ".use-cases",
37
+ "dist",
38
+ "dist-ts",
39
+ "build",
40
+ "out",
41
+ "coverage",
42
+ ".next",
43
+ ".turbo",
44
+ ".svelte-kit",
45
+ // Sample/nested example projects ship their OWN matrix + markers (a nested
46
+ // workspace). Their markers reference the example's rows, not the parent's, so
47
+ // scanning them from the parent repo would read as INVALID. Skip by default;
48
+ // the example's own `scan --repo examples/<name>` has no `examples/` subtree
49
+ // and is unaffected. (examples/ is not part of the published package either.)
50
+ "examples"
51
+ ]);
52
+ // Walk the product root and read every file that has a configured comment prefix
53
+ // (so the scanner only sees files that could legally carry a marker). Returns
54
+ // ScanInput records keyed by a posix path relative to productRoot, so binding
55
+ // records and span hashes are stable regardless of where the repo lives on disk.
56
+ export function collectSourceInputs(productRoot, options = {}) {
57
+ const fs = options.fs ?? nodeMarkerFs;
58
+ const skip = new Set((options.skipPaths ?? []).map((path) => path));
59
+ const inputs = [];
60
+ const walk = (dir) => {
61
+ let entries;
62
+ try {
63
+ entries = fs.listDir(dir);
64
+ }
65
+ catch {
66
+ return;
67
+ }
68
+ for (const entry of entries) {
69
+ if (entry.isSymlink) {
70
+ continue; // never follow symlinks
71
+ }
72
+ const full = join(dir, entry.name);
73
+ if (entry.isDirectory) {
74
+ if (DEFAULT_SKIP_DIRS.has(entry.name) || skip.has(full)) {
75
+ continue;
76
+ }
77
+ walk(full);
78
+ continue;
79
+ }
80
+ if (!entry.isFile) {
81
+ continue;
82
+ }
83
+ const relPath = toPosix(relative(productRoot, full));
84
+ const contents = fs.readText(full);
85
+ if (contents === null) {
86
+ continue;
87
+ }
88
+ // Resolve with contents so extensionless shebang scripts (e.g.
89
+ // hooks/session-start) are recognised, not silently skipped.
90
+ if (resolveCommentPrefix(relPath, options.config, contents) === null) {
91
+ continue; // no configured prefix => cannot carry a marker
92
+ }
93
+ inputs.push({ file_path: relPath, contents });
94
+ }
95
+ };
96
+ walk(productRoot);
97
+ inputs.sort((left, right) => (left.file_path < right.file_path ? -1 : left.file_path > right.file_path ? 1 : 0));
98
+ return inputs;
99
+ }
100
+ export function toPosix(path) {
101
+ return path.split("\\").join("/");
102
+ }
103
+ export function resolveUnderRoot(root, value) {
104
+ return isAbsolute(value) ? value : join(root, value);
105
+ }
106
+ // Build a PublicKeyResolver from a single trusted public key. Because v1 trusts
107
+ // exactly one key file, any key_id resolves to it (a tampered signature still
108
+ // fails BAD_SIGNATURE; an unknown alg still fails before resolution). Callers that
109
+ // need strict key_id matching can pass `keyId`.
110
+ export function singleKeyResolver(publicKey, keyId) {
111
+ return (requestedKeyId) => {
112
+ if (keyId !== undefined && requestedKeyId !== keyId) {
113
+ return undefined;
114
+ }
115
+ return publicKey;
116
+ };
117
+ }
118
+ // Recompute the current, registered binding records for one row from a scan,
119
+ // filtered to the slugs the registry actually knows (spec 7: C(row)).
120
+ export function registeredBindingsForRow(bindings, rowId, registeredSlugs) {
121
+ return bindings.filter((binding) => binding.row_id === rowId && registeredSlugs.has(binding.binding_slug));
122
+ }
123
+ //# sourceMappingURL=shared.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"shared.js","sourceRoot":"","sources":["../../../src/markers/cli/shared.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,EAAE;AACF,sEAAsE;AACtE,6EAA6E;AAC7E,gFAAgF;AAChF,mFAAmF;AACnF,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAEvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAIxE,OAAO,EACL,oBAAoB,EAErB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAiB,MAAM,SAAS,CAAC;AAYtD,MAAM,UAAU,cAAc,CAAC,OAAiC;IAC9D,MAAM,QAAQ,GAAG,iBAAiB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAChD,MAAM,IAAI,GAAwB,QAAQ,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAgC,CAAC;QACvD,OAAO;YACL,GAAG,KAAK;YACR,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;YACxB,mBAAmB,EAAE,KAAK,CAAC,mBAAmB,IAAI,IAAI;YACtD,eAAe,EAAE,KAAK,CAAC,eAAe,IAAI,IAAI;SAC/C,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAsC,EAAE,KAAa;IAC3E,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC;AAClD,CAAC;AAED,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,MAAM;IACN,+EAA+E;IAC/E,8EAA8E;IAC9E,SAAS;IACT,cAAc;IACd,YAAY;IACZ,MAAM;IACN,SAAS;IACT,OAAO;IACP,KAAK;IACL,UAAU;IACV,OAAO;IACP,QAAQ;IACR,aAAa;IACb,2EAA2E;IAC3E,+EAA+E;IAC/E,6EAA6E;IAC7E,6EAA6E;IAC7E,8EAA8E;IAC9E,UAAU;CACX,CAAC,CAAC;AASH,iFAAiF;AACjF,8EAA8E;AAC9E,8EAA8E;AAC9E,iFAAiF;AACjF,MAAM,UAAU,mBAAmB,CAAC,WAAmB,EAAE,UAAgC,EAAE;IACzF,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,IAAI,YAAY,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACpE,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,MAAM,IAAI,GAAG,CAAC,GAAW,EAAQ,EAAE;QACjC,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpB,SAAS,CAAC,wBAAwB;YACpC,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;gBACtB,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,SAAS;gBACX,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,CAAC;gBACX,SAAS;YACX,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;gBAClB,SAAS;YACX,CAAC;YACD,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtB,SAAS;YACX,CAAC;YACD,+DAA+D;YAC/D,6DAA6D;YAC7D,IAAI,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;gBACrE,SAAS,CAAC,gDAAgD;YAC5D,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC,WAAW,CAAC,CAAC;IAClB,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,KAAa;IAC1D,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvD,CAAC;AAED,gFAAgF;AAChF,8EAA8E;AAC9E,mFAAmF;AACnF,gDAAgD;AAChD,MAAM,UAAU,iBAAiB,CAAC,SAAyB,EAAE,KAAc;IACzE,OAAO,CAAC,cAAsB,EAAE,EAAE;QAChC,IAAI,KAAK,KAAK,SAAS,IAAI,cAAc,KAAK,KAAK,EAAE,CAAC;YACpD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,sEAAsE;AACtE,MAAM,UAAU,wBAAwB,CACtC,QAA6C,EAC7C,KAAa,EACb,eAAoC;IAEpC,OAAO,QAAQ,CAAC,MAAM,CACpB,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,KAAK,IAAI,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CACnF,CAAC;AACJ,CAAC"}
@@ -0,0 +1,38 @@
1
+ import type { ResolvedWorkspaceContext } from "../../roots.js";
2
+ import { type GitRunner } from "../appendOnly.js";
3
+ import type { PublicKeyResolver } from "../proofSignature.js";
4
+ import { type MarkerFs } from "./io.js";
5
+ export interface ValidateLedgerCommandOptions {
6
+ context: ResolvedWorkspaceContext;
7
+ evidencePath: string;
8
+ bindingsPath: string;
9
+ publicKeyResolver: PublicKeyResolver;
10
+ baseRef?: string;
11
+ gitRunner?: GitRunner;
12
+ repoCwd?: string;
13
+ fs?: MarkerFs;
14
+ }
15
+ export interface LedgerErrorOut {
16
+ scope: "evidence" | "registry";
17
+ code: string;
18
+ line: number | null;
19
+ message: string;
20
+ }
21
+ export interface ValidateLedgerCommandResult {
22
+ exit_code: number;
23
+ ok: boolean;
24
+ command: "validate-ledger";
25
+ evidence_valid: boolean;
26
+ registry_valid: boolean;
27
+ append_only: boolean;
28
+ proof_events_checked: number;
29
+ registry_events_checked: number;
30
+ chain: {
31
+ ok: boolean;
32
+ verified_entries: number;
33
+ legacy_prefix_count: number;
34
+ };
35
+ errors: LedgerErrorOut[];
36
+ }
37
+ export declare function runValidateLedgerCommand(options: ValidateLedgerCommandOptions): ValidateLedgerCommandResult;
38
+ //# sourceMappingURL=validateLedger.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"validateLedger.d.ts","sourceRoot":"","sources":["../../../src/markers/cli/validateLedger.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAIL,KAAK,SAAS,EACf,MAAM,kBAAkB,CAAC;AAO1B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAgB,KAAK,QAAQ,EAAE,MAAM,SAAS,CAAC;AAGtD,MAAM,WAAW,4BAA4B;IAC3C,OAAO,EAAE,wBAAwB,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,EAAE,CAAC,EAAE,QAAQ,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,UAAU,GAAG,UAAU,CAAC;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,2BAA2B;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,iBAAiB,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uBAAuB,EAAE,MAAM,CAAC;IAGhC,KAAK,EAAE;QACL,EAAE,EAAE,OAAO,CAAC;QACZ,gBAAgB,EAAE,MAAM,CAAC;QACzB,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;IACF,MAAM,EAAE,cAAc,EAAE,CAAC;CAC1B;AAED,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,4BAA4B,GACpC,2BAA2B,CA8E7B"}
@@ -0,0 +1,81 @@
1
+ import { appendOnly, readBaseRefFile, splitJsonlLines } from "../appendOnly.js";
2
+ import { readEvidenceJsonl, validateEvidenceLedger, verifyLedgerChain } from "../evidenceLedger.js";
3
+ import { validateBindingsJsonl } from "../registry.js";
4
+ import { nodeMarkerFs } from "./io.js";
5
+ import { loadMarkerRows } from "./shared.js";
6
+ export function runValidateLedgerCommand(options) {
7
+ const fs = options.fs ?? nodeMarkerFs;
8
+ const loaded = loadMarkerRows(options.context);
9
+ const errors = [];
10
+ // --- Evidence ledger (spec 8.4 steps 1,3,4,6-9) ---
11
+ const evidenceText = fs.readText(options.evidencePath) ?? "";
12
+ const evidenceBaseText = options.baseRef !== undefined
13
+ ? readBaseRefFile(options.baseRef, options.evidencePath, {
14
+ cwd: options.repoCwd,
15
+ runner: options.gitRunner
16
+ })
17
+ : undefined;
18
+ const evidenceResult = validateEvidenceLedger(evidenceText, {
19
+ publicKeyResolver: options.publicKeyResolver,
20
+ yamlRowIds: loaded.rowIds,
21
+ baseRefOldText: evidenceBaseText
22
+ });
23
+ for (const error of evidenceResult.errors) {
24
+ errors.push({ scope: "evidence", code: error.code, line: error.line, message: error.message });
25
+ }
26
+ // --- Tamper-evident hash chain (v1 ledger chain, Piece 2) ---
27
+ // Verify the contiguous chained suffix, tolerating a leading legacy prefix.
28
+ // Operates over the same parsed-JSONL line ordering the chain was minted on.
29
+ const chainResult = verifyLedgerChain(readEvidenceJsonl(evidenceText).lines);
30
+ for (const error of chainResult.errors) {
31
+ errors.push({ scope: "evidence", code: error.code, line: error.line, message: error.message });
32
+ }
33
+ // --- Binding registry (spec 8.4 steps 2,3,5,10-12) ---
34
+ const bindingsText = fs.readText(options.bindingsPath) ?? "";
35
+ const registryResult = validateBindingsJsonl(bindingsText, loaded.rowIds);
36
+ for (const error of registryResult.errors) {
37
+ errors.push({ scope: "registry", code: error.code, line: error.line, message: error.message });
38
+ }
39
+ // Registry append-only vs base ref (spec 8.4 step 5).
40
+ let registryAppendOnly = true;
41
+ if (options.baseRef !== undefined) {
42
+ const oldText = readBaseRefFile(options.baseRef, options.bindingsPath, {
43
+ cwd: options.repoCwd,
44
+ runner: options.gitRunner
45
+ });
46
+ const check = appendOnly(splitJsonlLines(oldText), splitJsonlLines(bindingsText));
47
+ if (!check.ok) {
48
+ registryAppendOnly = false;
49
+ errors.push({
50
+ scope: "registry",
51
+ code: "APPEND_ONLY_VIOLATION",
52
+ line: check.violation.index + 1,
53
+ message: check.violation.message
54
+ });
55
+ }
56
+ }
57
+ const evidenceValid = evidenceResult.errors.length === 0 && chainResult.ok;
58
+ const registryValid = registryResult.errors.length === 0 && registryAppendOnly;
59
+ const appendOnlyOk = evidenceResult.append_only && registryAppendOnly;
60
+ const ok = evidenceValid && registryValid;
61
+ return {
62
+ exit_code: ok ? 0 : 4,
63
+ ok,
64
+ command: "validate-ledger",
65
+ evidence_valid: evidenceValid,
66
+ registry_valid: registryValid,
67
+ append_only: appendOnlyOk,
68
+ proof_events_checked: evidenceResult.summary.proof_events_checked,
69
+ registry_events_checked: countJsonlLines(bindingsText),
70
+ chain: {
71
+ ok: chainResult.ok,
72
+ verified_entries: chainResult.verified_entries,
73
+ legacy_prefix_count: chainResult.legacy_prefix_count
74
+ },
75
+ errors
76
+ };
77
+ }
78
+ function countJsonlLines(text) {
79
+ return splitJsonlLines(text).filter((line) => line.trim() !== "").length;
80
+ }
81
+ //# sourceMappingURL=validateLedger.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"validateLedger.js","sourceRoot":"","sources":["../../../src/markers/cli/validateLedger.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,UAAU,EACV,eAAe,EACf,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EAClB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAE,YAAY,EAAiB,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAuC7C,MAAM,UAAU,wBAAwB,CACtC,OAAqC;IAErC,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,IAAI,YAAY,CAAC;IACtC,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAqB,EAAE,CAAC;IAEpC,qDAAqD;IACrD,MAAM,YAAY,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7D,MAAM,gBAAgB,GACpB,OAAO,CAAC,OAAO,KAAK,SAAS;QAC3B,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,EAAE;YACrD,GAAG,EAAE,OAAO,CAAC,OAAO;YACpB,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,cAAc,GAAG,sBAAsB,CAAC,YAAY,EAAE;QAC1D,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,cAAc,EAAE,gBAAgB;KACjC,CAAC,CAAC;IACH,KAAK,MAAM,KAAK,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,+DAA+D;IAC/D,4EAA4E;IAC5E,6EAA6E;IAC7E,MAAM,WAAW,GAAG,iBAAiB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC;IAC7E,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,wDAAwD;IACxD,MAAM,YAAY,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7D,MAAM,cAAc,GAAG,qBAAqB,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1E,KAAK,MAAM,KAAK,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,sDAAsD;IACtD,IAAI,kBAAkB,GAAG,IAAI,CAAC;IAC9B,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,EAAE;YACrE,GAAG,EAAE,OAAO,CAAC,OAAO;YACpB,MAAM,EAAE,OAAO,CAAC,SAAS;SAC1B,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,UAAU,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,eAAe,CAAC,YAAY,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YACd,kBAAkB,GAAG,KAAK,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,UAAU;gBACjB,IAAI,EAAE,uBAAuB;gBAC7B,IAAI,EAAE,KAAK,CAAC,SAAS,CAAC,KAAK,GAAG,CAAC;gBAC/B,OAAO,EAAE,KAAK,CAAC,SAAS,CAAC,OAAO;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,CAAC,EAAE,CAAC;IAC3E,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,kBAAkB,CAAC;IAC/E,MAAM,YAAY,GAAG,cAAc,CAAC,WAAW,IAAI,kBAAkB,CAAC;IACtE,MAAM,EAAE,GAAG,aAAa,IAAI,aAAa,CAAC;IAE1C,OAAO;QACL,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrB,EAAE;QACF,OAAO,EAAE,iBAAiB;QAC1B,cAAc,EAAE,aAAa;QAC7B,cAAc,EAAE,aAAa;QAC7B,WAAW,EAAE,YAAY;QACzB,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,oBAAoB;QACjE,uBAAuB,EAAE,eAAe,CAAC,YAAY,CAAC;QACtD,KAAK,EAAE;YACL,EAAE,EAAE,WAAW,CAAC,EAAE;YAClB,gBAAgB,EAAE,WAAW,CAAC,gBAAgB;YAC9C,mBAAmB,EAAE,WAAW,CAAC,mBAAmB;SACrD;QACD,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;AAC3E,CAAC"}
@@ -0,0 +1,65 @@
1
+ import type { ResolvedWorkspaceContext } from "../../roots.js";
2
+ import type { CommentPrefixConfig } from "../commentPrefix.js";
3
+ import type { PublicKeyResolver } from "../proofSignature.js";
4
+ import type { GitRunner } from "../appendOnly.js";
5
+ import { type MarkerFs } from "./io.js";
6
+ export declare const VERIFICATION_RESULT_SCHEMA_ID = "ucase-verification-result-v1";
7
+ export interface VerifySpawnRequest {
8
+ command: string[];
9
+ cwd: string;
10
+ timeout_seconds?: number;
11
+ }
12
+ export interface VerifySpawnResult {
13
+ exit_code: number;
14
+ timed_out: boolean;
15
+ stdout: string;
16
+ stderr: string;
17
+ }
18
+ export type VerifySpawnRunner = (request: VerifySpawnRequest) => VerifySpawnResult;
19
+ export interface VerificationResultRecord {
20
+ schema: typeof VERIFICATION_RESULT_SCHEMA_ID;
21
+ row_id: string;
22
+ slug: string;
23
+ status: "pass" | "fail" | "blocked";
24
+ evidence_kind: string | null;
25
+ verifier_id: string | null;
26
+ verifier_kind: string | null;
27
+ exit_code: number | null;
28
+ row_hash: string;
29
+ binding_set_hash: string;
30
+ span_sha256s: string[];
31
+ verification_context_hash: string;
32
+ stdout_sha256: string | null;
33
+ stderr_sha256: string | null;
34
+ created_at: string;
35
+ }
36
+ export interface VerifyCommandOptions {
37
+ context: ResolvedWorkspaceContext;
38
+ productRoot: string;
39
+ bindingsPath: string;
40
+ evidencePath: string;
41
+ publicKeyResolver: PublicKeyResolver;
42
+ generatedAt: string;
43
+ all?: boolean;
44
+ rowId?: string;
45
+ outPath?: string;
46
+ spawnRunner?: VerifySpawnRunner;
47
+ fs?: MarkerFs;
48
+ commentConfig?: CommentPrefixConfig;
49
+ baseRef?: string;
50
+ gitRunner?: GitRunner;
51
+ repoCwd?: string;
52
+ }
53
+ export interface VerifyCommandResult {
54
+ exit_code: number;
55
+ ok: boolean;
56
+ command: "verify";
57
+ results: VerificationResultRecord[];
58
+ out_path: string | null;
59
+ errors: Array<{
60
+ code: string;
61
+ message: string;
62
+ }>;
63
+ }
64
+ export declare function runVerifyCommand(options: VerifyCommandOptions): VerifyCommandResult;
65
+ //# sourceMappingURL=verify.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../src/markers/cli/verify.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAM/D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAgB,KAAK,QAAQ,EAAE,MAAM,SAAS,CAAC;AAKtD,eAAO,MAAM,6BAA6B,iCAAiC,CAAC;AAG5E,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAGD,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAGD,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,iBAAiB,CAAC;AAMnF,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,OAAO,6BAA6B,CAAC;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IACpC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,yBAAyB,EAAE,MAAM,CAAC;IAClC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,wBAAwB,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,WAAW,EAAE,MAAM,CAAC;IAEpB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,EAAE,CAAC,EAAE,QAAQ,CAAC;IACd,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,OAAO,CAAC;IACZ,OAAO,EAAE,QAAQ,CAAC;IAClB,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACpC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAClD;AAqCD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,oBAAoB,GAAG,mBAAmB,CAuNnF"}