@agentlighthouse/core 0.1.0-alpha.0

package/dist/analyzers/tasks.d.ts

@@ -0,0 +1,3 @@
+import type { Finding, ProjectSignals } from "../schemas/types.js";
+export declare function analyzeTaskBenchmarks(signals: ProjectSignals): Finding[];
+//# sourceMappingURL=tasks.d.ts.map

package/dist/analyzers/tasks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tasks.d.ts","sourceRoot":"","sources":["../../src/analyzers/tasks.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAkBnE,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,EAAE,CA2FxE"}

package/dist/analyzers/tasks.js

@@ -0,0 +1,140 @@
+import { parse as parseYaml } from "yaml";
+import { finding } from "../findings/helpers.js";
+export function analyzeTaskBenchmarks(signals) {
+    if (signals.benchmarkFiles.length === 0) {
+        return [
+            finding({
+                id: "TASK_BENCHMARK_MISSING",
+                title: "Missing agent task benchmark file",
+                severity: "medium",
+                category: "task_benchmarks",
+                description: "The project has no agentlighthouse.tasks.yaml or benchmark task file.",
+                evidence: ["No agent task benchmark file was found."],
+                recommendation: "Add agentlighthouse.tasks.yaml with realistic, verifiable agent workflows.",
+                agentFailureMode: "A team cannot tell whether agents can complete common workflows because no deterministic task set exists.",
+                fixExample: "Add tasks for installing the project, running tests, adding a small feature, and using the public API.",
+                affectedFile: "agentlighthouse.tasks.yaml",
+                suggestedFixType: "create_file"
+            })
+        ];
+    }
+    const tasks = signals.benchmarkFiles.flatMap((file) => parseTasks(file, signals.textByPath[file]));
+    const findings = [];
+    pushTaskFinding(findings, {
+        id: "TASK_OBJECTIVE_TOO_VAGUE",
+        title: "Benchmark tasks have vague objectives",
+        severity: "medium",
+        tasks: tasks.filter((task) => !task.objective || task.objective.length < 30),
+        recommendation: "Write task objectives as concrete user goals with project-specific context.",
+        agentFailureMode: "A coding agent may optimize for the wrong outcome because the task goal is underspecified.",
+        fixExample: "Objective: Add cursor pagination to GET /customers and update the SDK example."
+    });
+    pushTaskFinding(findings, {
+        id: "TASK_SUCCESS_CRITERIA_MISSING",
+        title: "Benchmark tasks lack success criteria",
+        severity: "medium",
+        tasks: tasks.filter((task) => task.successCriteria.length === 0),
+        recommendation: "Add successCriteria items that can be checked by humans or deterministic commands.",
+        agentFailureMode: "A task may look complete even when tests, docs, or expected files are missing.",
+        fixExample: "Success criteria: unit tests pass, docs mention the new flag, and output includes next_cursor."
+    });
+    pushTaskFinding(findings, {
+        id: "TASK_VERIFICATION_MISSING",
+        title: "Benchmark tasks lack verification commands",
+        severity: "medium",
+        tasks: tasks.filter((task) => task.verificationCommands.length === 0),
+        recommendation: "Add verificationCommands for tests, typecheck, lint, build, or smoke checks.",
+        agentFailureMode: "Agent success cannot be validated without a repeatable command or inspection step.",
+        fixExample: "verificationCommands: ['pnpm test', 'pnpm typecheck']"
+    });
+    pushTaskFinding(findings, {
+        id: "TASK_RISK_UNMARKED",
+        title: "Risky benchmark tasks do not mark risk level",
+        severity: "low",
+        tasks: tasks.filter((task) => taskLooksRisky(task) && !task.riskLevel),
+        recommendation: "Set riskLevel for tasks that touch auth, secrets, writes, deletes, billing, or external APIs.",
+        agentFailureMode: "A coding agent may perform risky operations without extra review expectations.",
+        fixExample: "riskLevel: high for tasks that mutate production-like data or handle credentials."
+    });
+    pushTaskFinding(findings, {
+        id: "TASK_REQUIRED_DOCS_MISSING",
+        title: "Benchmark tasks do not name required docs",
+        severity: "low",
+        tasks: tasks.filter((task) => task.requiredDocs.length === 0),
+        recommendation: "List requiredDocs so agents know which instructions and docs should be sufficient.",
+        agentFailureMode: "A task may pass only because an agent guessed from source code instead of using intended docs.",
+        fixExample: "requiredDocs: ['README.md', 'docs/API.md', 'AGENTS.md']"
+    });
+    pushTaskFinding(findings, {
+        id: "TASK_FAILURE_MODES_MISSING",
+        title: "Benchmark tasks lack common failure modes",
+        severity: "low",
+        tasks: tasks.filter((task) => task.commonFailureModes.length === 0),
+        recommendation: "Document common mistakes agents make on each task.",
+        agentFailureMode: "Reviewers cannot distinguish robust task completion from lucky partial completion.",
+        fixExample: "commonFailureModes: ['forgets auth header', 'updates generated files directly']"
+    });
+    return findings;
+}
+function parseTasks(file, content) {
+    if (!content)
+        return [];
+    try {
+        const parsed = parseYaml(content);
+        const rawTasks = Array.isArray(parsed.tasks) ? parsed.tasks : [];
+        return rawTasks
+            .filter((task) => Boolean(task) && typeof task === "object")
+            .map((task, index) => ({
+            file,
+            id: stringValue(task.id) ?? `task-${index + 1}`,
+            title: stringValue(task.title),
+            persona: stringValue(task.persona),
+            objective: stringValue(task.objective) ?? stringValue(task.prompt),
+            requiredDocs: stringArray(task.requiredDocs),
+            expectedOutputs: stringArray(task.expectedOutputs),
+            successCriteria: stringArray(task.successCriteria).concat(stringArray(task.success_criteria)),
+            verificationCommands: stringArray(task.verificationCommands),
+            riskLevel: stringValue(task.riskLevel),
+            commonFailureModes: stringArray(task.commonFailureModes)
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+function pushTaskFinding(findings, input) {
+    if (input.tasks.length === 0)
+        return;
+    findings.push(finding({
+        id: input.id,
+        title: input.title,
+        severity: input.severity,
+        category: "task_benchmarks",
+        description: `${input.tasks.length} benchmark task(s) need stronger verification metadata.`,
+        evidence: input.tasks.slice(0, 8).map((task) => `${task.file}: ${task.id}`),
+        recommendation: input.recommendation,
+        agentFailureMode: input.agentFailureMode,
+        fixExample: input.fixExample,
+        affectedFile: input.tasks[0]?.file,
+        suggestedFixType: "update_file"
+    }));
+}
+function taskLooksRisky(task) {
+    const haystack = [
+        task.title,
+        task.objective,
+        task.expectedOutputs.join(" "),
+        task.successCriteria.join(" ")
+    ]
+        .join(" ")
+        .toLowerCase();
+    return /(delete|write|secret|token|auth|billing|payment|external|production|customer)/i.test(haystack);
+}
+function stringArray(value) {
+    return Array.isArray(value)
+        ? value.filter((entry) => typeof entry === "string")
+        : [];
+}
+function stringValue(value) {
+    return typeof value === "string" ? value : undefined;
+}

package/dist/changes/files.d.ts

@@ -0,0 +1,5 @@
+import type { ChangedFile, ChangedFileSource } from "../schemas/types.js";
+export declare function normalizeChangedPath(filePath: string): string;
+export declare function parseChangedFilesText(content: string, source?: ChangedFileSource): ChangedFile[];
+export declare function parseGitNameStatus(output: string, source?: ChangedFileSource): ChangedFile[];
+//# sourceMappingURL=files.d.ts.map

package/dist/changes/files.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"files.d.ts","sourceRoot":"","sources":["../../src/changes/files.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAqB,MAAM,qBAAqB,CAAC;AAU7F,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAK7D;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,iBAA8B,GACrC,WAAW,EAAE,CAOf;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,MAAM,GAAE,iBAAyB,GAChC,WAAW,EAAE,CAKf"}

package/dist/changes/files.js

@@ -0,0 +1,71 @@
+const gitStatusMap = {
+    A: "added",
+    M: "modified",
+    D: "deleted",
+    R: "renamed",
+    C: "copied"
+};
+export function normalizeChangedPath(filePath) {
+    return filePath
+        .trim()
+        .replaceAll("\\", "/")
+        .replace(/^\.\/+/, "");
+}
+export function parseChangedFilesText(content, source = "explicit") {
+    return content
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter(Boolean)
+        .map((line) => parseChangedFileLine(line, source))
+        .filter((file) => file.path);
+}
+export function parseGitNameStatus(output, source = "git") {
+    if (output.includes("\0")) {
+        return parseNullDelimitedNameStatus(output, source);
+    }
+    return parseChangedFilesText(output, source);
+}
+function parseNullDelimitedNameStatus(output, source) {
+    const tokens = output.split("\0").filter(Boolean);
+    const files = [];
+    for (let index = 0; index < tokens.length; index += 1) {
+        const statusToken = tokens[index] ?? "";
+        const status = mapStatus(statusToken);
+        if (status === "renamed" || status === "copied") {
+            files.push({
+                path: normalizeChangedPath(tokens[index + 2] ?? ""),
+                oldPath: normalizeChangedPath(tokens[index + 1] ?? ""),
+                status,
+                source
+            });
+            index += 2;
+            continue;
+        }
+        files.push({
+            path: normalizeChangedPath(tokens[index + 1] ?? statusToken),
+            status,
+            source
+        });
+        index += 1;
+    }
+    return files.filter((file) => file.path);
+}
+function parseChangedFileLine(line, source) {
+    const parts = line.split("\t");
+    if (parts.length >= 2) {
+        const status = mapStatus(parts[0] ?? "");
+        if ((status === "renamed" || status === "copied") && parts.length >= 3) {
+            return {
+                path: normalizeChangedPath(parts[2] ?? ""),
+                oldPath: normalizeChangedPath(parts[1] ?? ""),
+                status,
+                source
+            };
+        }
+        return { path: normalizeChangedPath(parts[1] ?? ""), status, source };
+    }
+    return { path: normalizeChangedPath(line), status: "modified", source };
+}
+function mapStatus(statusToken) {
+    return gitStatusMap[statusToken.charAt(0).toUpperCase()] ?? "unknown";
+}

package/dist/comparison/compare.d.ts

@@ -0,0 +1,14 @@
+import type { ChangedFile, ComparisonFinding, ComparisonResult, Finding, PrImpact, ScanResult } from "../schemas/types.js";
+export declare const comparisonModelVersion = "0.1.0";
+export declare function compareScanResults(baseline: ScanResult, current: ScanResult, options?: {
+    changedFiles?: ChangedFile[];
+}): ComparisonResult;
+export declare function classifyPrImpact(changedFiles: ChangedFile[], findings: {
+    newFindings: ComparisonFinding[];
+    resolvedFindings: ComparisonFinding[];
+    unchangedFindings: ComparisonFinding[];
+    worsenedFindings: ComparisonFinding[];
+    improvedFindings: ComparisonFinding[];
+}): PrImpact;
+export declare function ensureFindingIdentity(finding: Finding): ComparisonFinding;
+//# sourceMappingURL=compare.d.ts.map

package/dist/comparison/compare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compare.d.ts","sourceRoot":"","sources":["../../src/comparison/compare.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,iBAAiB,EACjB,gBAAgB,EAEhB,OAAO,EACP,QAAQ,EACR,UAAU,EAEX,MAAM,qBAAqB,CAAC;AAG7B,eAAO,MAAM,sBAAsB,UAAU,CAAC;AAI9C,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,UAAU,EACpB,OAAO,EAAE,UAAU,EACnB,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,WAAW,EAAE,CAAA;CAAO,GAC7C,gBAAgB,CAgHlB;AAED,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,WAAW,EAAE,EAC3B,QAAQ,EAAE;IACR,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACjC,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;IACtC,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;IACtC,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;CACvC,GACA,QAAQ,CAkDV;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,iBAAiB,CAmBzE"}

package/dist/comparison/compare.js

@@ -0,0 +1,323 @@
+import { deriveFindingIdentity, stableFingerprint } from "../findings/helpers.js";
+import { normalizeChangedPath } from "../changes/files.js";
+import { confidenceRank, severityRank } from "../reporters/shared.js";
+export const comparisonModelVersion = "0.1.0";
+const severities = ["critical", "high", "medium", "low", "info"];
+export function compareScanResults(baseline, current, options = {}) {
+    const baselineFindings = baseline.findings.map(ensureFindingIdentity);
+    const currentFindings = current.findings.map(ensureFindingIdentity);
+    const baselineByFingerprint = mapByFingerprint(baselineFindings);
+    const currentByFingerprint = mapByFingerprint(currentFindings);
+    const newFindings = [];
+    const resolvedFindings = [];
+    const unchangedFindings = [];
+    const worsenedFindings = [];
+    const improvedFindings = [];
+    for (const finding of currentFindings) {
+        const previous = baselineByFingerprint.get(finding.fingerprint ?? "");
+        if (!previous) {
+            newFindings.push(finding);
+            continue;
+        }
+        if (severityRank(finding.severity) > severityRank(previous.severity)) {
+            worsenedFindings.push({
+                ...finding,
+                previousSeverity: previous.severity,
+                currentSeverity: finding.severity
+            });
+        }
+        else if (severityRank(finding.severity) < severityRank(previous.severity)) {
+            improvedFindings.push({
+                ...finding,
+                previousSeverity: previous.severity,
+                currentSeverity: finding.severity
+            });
+        }
+        else {
+            unchangedFindings.push(finding);
+        }
+    }
+    for (const finding of baselineFindings) {
+        if (!currentByFingerprint.has(finding.fingerprint ?? "")) {
+            resolvedFindings.push(finding);
+        }
+    }
+    const scoreDelta = current.score - baseline.score;
+    const confidenceDelta = current.scoreConfidenceScore - baseline.scoreConfidenceScore;
+    const coverageDelta = current.coverage.coveragePercent - baseline.coverage.coveragePercent;
+    const severityCountDeltas = severityDeltas(baselineFindings, currentFindings);
+    const caveats = comparisonCaveats(baseline, current, baselineFindings, currentFindings);
+    const regressionDetected = scoreDelta < 0 ||
+        coverageDelta < 0 ||
+        confidenceDelta < 0 ||
+        newFindings.some((finding) => severityRank(finding.severity) >= severityRank("high")) ||
+        worsenedFindings.length > 0;
+    const improvementDetected = scoreDelta > 0 || resolvedFindings.length > 0 || improvedFindings.length > 0;
+    const prImpact = options.changedFiles && options.changedFiles.length > 0
+        ? classifyPrImpact(options.changedFiles, {
+            newFindings,
+            resolvedFindings,
+            unchangedFindings,
+            worsenedFindings,
+            improvedFindings
+        })
+        : undefined;
+    const verdict = caveats.some((caveat) => caveat.includes("incompatible")) ||
+        (baselineFindings.length + currentFindings.length > 0 &&
+            [...baselineFindings, ...currentFindings].some((finding) => !finding.fingerprint))
+        ? "inconclusive"
+        : regressionDetected && improvementDetected
+            ? scoreDelta >= 0
+                ? "mixed"
+                : "regressed"
+            : regressionDetected
+                ? "regressed"
+                : improvementDetected
+                    ? "improved"
+                    : "unchanged";
+    return {
+        comparisonId: createComparisonId(baseline, current),
+        baseline: scanSnapshot(baseline),
+        current: scanSnapshot(current),
+        deltas: {
+            scoreDelta,
+            confidenceDelta,
+            coverageDelta,
+            findingCountDelta: currentFindings.length - baselineFindings.length,
+            severityCountDeltas
+        },
+        findings: {
+            new: sortFindings(newFindings),
+            resolved: sortFindings(resolvedFindings),
+            unchanged: sortFindings(unchangedFindings),
+            worsened: sortFindings(worsenedFindings),
+            improved: sortFindings(improvedFindings)
+        },
+        ...(prImpact ? { prImpact } : {}),
+        summary: {
+            verdict,
+            regressionDetected,
+            improvementDetected,
+            topRegressions: topRegressions(newFindings, worsenedFindings, scoreDelta, coverageDelta),
+            topImprovements: topImprovements(resolvedFindings, improvedFindings, scoreDelta),
+            recommendedActions: recommendedActions(newFindings, worsenedFindings, scoreDelta),
+            caveats
+        },
+        metadata: {
+            agentLighthouseVersion: current.agentLighthouseVersion,
+            comparisonModelVersion
+        }
+    };
+}
+export function classifyPrImpact(changedFiles, findings) {
+    const normalizedChangedFiles = changedFiles.map((file) => ({
+        ...file,
+        path: normalizeChangedPath(file.path),
+        ...(file.oldPath ? { oldPath: normalizeChangedPath(file.oldPath) } : {})
+    }));
+    const changedPathSet = new Set(normalizedChangedFiles.flatMap((file) => [file.path, file.oldPath].filter(Boolean)));
+    const classify = (finding) => ({
+        ...finding,
+        prImpactClassification: classifyFinding(finding, changedPathSet)
+    });
+    const newClassified = findings.newFindings.map(classify);
+    const resolvedClassified = findings.resolvedFindings.map(classify);
+    const unchangedClassified = findings.unchangedFindings.map(classify);
+    const changedNew = newClassified.filter(isChangedImpact);
+    const changedResolved = resolvedClassified.filter(isChangedImpact);
+    const changedUnchanged = unchangedClassified.filter(isChangedImpact);
+    const globalNew = newClassified.filter((finding) => finding.prImpactClassification === "global");
+    const globalResolved = resolvedClassified.filter((finding) => finding.prImpactClassification === "global");
+    const unknown = [...newClassified, ...resolvedClassified, ...unchangedClassified].filter((finding) => finding.prImpactClassification === "unknown");
+    const unrelatedExisting = unchangedClassified.filter((finding) => finding.prImpactClassification === "unrelated");
+    const impactedFiles = [...changedNew, ...changedResolved, ...changedUnchanged]
+        .map((finding) => normalizeFindingFile(finding))
+        .filter((file) => Boolean(file));
+    const highestChangedFileSeverity = [...changedNew, ...changedResolved]
+        .map((finding) => finding.severity)
+        .sort((a, b) => severityRank(b) - severityRank(a))[0];
+    return {
+        changedFiles: normalizedChangedFiles,
+        changedFileCount: normalizedChangedFiles.length,
+        newFindingsOnChangedFiles: sortFindings(changedNew),
+        resolvedFindingsOnChangedFiles: sortFindings(changedResolved),
+        unchangedFindingsOnChangedFiles: sortFindings(changedUnchanged),
+        globalNewFindings: sortFindings(globalNew),
+        globalResolvedFindings: sortFindings(globalResolved),
+        unknownLocationFindings: sortFindings(unknown),
+        unrelatedExistingFindings: sortFindings(unrelatedExisting),
+        filesWithAgentReadinessImpact: [...new Set(impactedFiles)].sort(),
+        ...(highestChangedFileSeverity ? { highestChangedFileSeverity } : {}),
+        summary: summarizePrImpact(changedNew, globalNew, unknown, normalizedChangedFiles.length)
+    };
+}
+export function ensureFindingIdentity(finding) {
+    if (finding.fingerprint && finding.identityParts && finding.locationKey && finding.subject) {
+        return finding;
+    }
+    const identity = deriveFindingIdentity({
+        ruleId: finding.ruleId,
+        affectedFile: finding.affectedFile,
+        evidence: finding.evidence,
+        subject: finding.subject,
+        locationKey: finding.locationKey,
+        identityParts: finding.identityParts
+    });
+    return {
+        ...finding,
+        identityParts: finding.identityParts ?? identity.identityParts,
+        locationKey: finding.locationKey ?? identity.locationKey,
+        subject: finding.subject ?? identity.subject,
+        fingerprint: finding.fingerprint ?? stableFingerprint(identity.identityParts)
+    };
+}
+function scanSnapshot(result) {
+    return {
+        scanId: result.scanId,
+        scannedPath: result.scannedPath,
+        score: result.score,
+        confidence: result.scoreConfidence,
+        confidenceScore: result.scoreConfidenceScore,
+        coverage: result.coverage.coveragePercent,
+        profile: result.profile,
+        completedAt: result.completedAt
+    };
+}
+function mapByFingerprint(findings) {
+    const map = new Map();
+    for (const finding of findings) {
+        if (finding.fingerprint) {
+            map.set(finding.fingerprint, finding);
+        }
+    }
+    return map;
+}
+function severityDeltas(baseline, current) {
+    const baselineCounts = severityCounts(baseline);
+    const currentCounts = severityCounts(current);
+    return Object.fromEntries(severities.map((severity) => [severity, currentCounts[severity] - baselineCounts[severity]]));
+}
+function severityCounts(findings) {
+    return severities.reduce((counts, severity) => ({
+        ...counts,
+        [severity]: findings.filter((f) => f.severity === severity).length
+    }), { critical: 0, high: 0, medium: 0, low: 0, info: 0 });
+}
+function sortFindings(findings) {
+    return [...findings].sort((a, b) => {
+        const severityDelta = severityRank(b.severity) - severityRank(a.severity);
+        if (severityDelta !== 0)
+            return severityDelta;
+        return (a.ruleId + (a.locationKey ?? "")).localeCompare(b.ruleId + (b.locationKey ?? ""));
+    });
+}
+function comparisonCaveats(baseline, current, baselineFindings, currentFindings) {
+    const caveats = [];
+    if (baseline.profile !== current.profile) {
+        caveats.push(`Different profiles: baseline ${baseline.profile}, current ${current.profile}.`);
+    }
+    if (baseline.scoringModelVersion !== current.scoringModelVersion) {
+        caveats.push(`Different scoring model versions: baseline ${baseline.scoringModelVersion}, current ${current.scoringModelVersion}.`);
+    }
+    if (baseline.agentLighthouseVersion !== current.agentLighthouseVersion) {
+        caveats.push(`Different AgentLighthouse versions: baseline ${baseline.agentLighthouseVersion}, current ${current.agentLighthouseVersion}.`);
+    }
+    if (Math.abs(current.coverage.coveragePercent - baseline.coverage.coveragePercent) >= 25) {
+        caveats.push("Coverage changed substantially; score deltas may reflect changed analyzability.");
+    }
+    if (confidenceRank(baseline.scoreConfidence) === 0 ||
+        confidenceRank(current.scoreConfidence) === 0) {
+        caveats.push("One or both scans have low confidence.");
+    }
+    if ([...baselineFindings, ...currentFindings].some((finding) => !finding.fingerprint)) {
+        caveats.push("Some findings have missing fingerprints, making comparison incomplete.");
+    }
+    return caveats;
+}
+function topRegressions(newFindings, worsenedFindings, scoreDelta, coverageDelta) {
+    const messages = [
+        ...sortFindings(newFindings)
+            .filter((finding) => severityRank(finding.severity) >= severityRank("medium"))
+            .slice(0, 3)
+            .map((finding) => `New ${finding.severity} finding: ${finding.title}`),
+        ...sortFindings(worsenedFindings)
+            .slice(0, 3)
+            .map((finding) => `Worsened finding: ${finding.title} (${finding.previousSeverity} -> ${finding.currentSeverity})`)
+    ];
+    if (scoreDelta < 0)
+        messages.push(`Score dropped by ${Math.abs(scoreDelta)} point(s).`);
+    if (coverageDelta < 0)
+        messages.push(`Coverage dropped by ${Math.abs(coverageDelta)} point(s).`);
+    return messages.slice(0, 5);
+}
+function topImprovements(resolvedFindings, improvedFindings, scoreDelta) {
+    const messages = [
+        ...sortFindings(resolvedFindings)
+            .slice(0, 3)
+            .map((finding) => `Resolved ${finding.severity} finding: ${finding.title}`),
+        ...sortFindings(improvedFindings)
+            .slice(0, 3)
+            .map((finding) => `Improved finding: ${finding.title} (${finding.previousSeverity} -> ${finding.currentSeverity})`)
+    ];
+    if (scoreDelta > 0)
+        messages.push(`Score improved by ${scoreDelta} point(s).`);
+    return messages.slice(0, 5);
+}
+function recommendedActions(newFindings, worsenedFindings, scoreDelta) {
+    const actions = [];
+    if (newFindings.some((finding) => severityRank(finding.severity) >= severityRank("high"))) {
+        actions.push("Fix new high-severity agent-readiness findings before merging.");
+    }
+    if (worsenedFindings.length > 0) {
+        actions.push("Review worsened findings and restore the clearer baseline behavior.");
+    }
+    if (scoreDelta < 0) {
+        actions.push("Compare the changed files with the baseline report and recover lost context.");
+    }
+    for (const finding of sortFindings(newFindings).slice(0, 3)) {
+        if (!actions.includes(finding.recommendation)) {
+            actions.push(finding.recommendation);
+        }
+    }
+    return actions.slice(0, 5);
+}
+function createComparisonId(baseline, current) {
+    const input = `${baseline.scanId}:${current.scanId}:${baseline.completedAt}:${current.completedAt}`;
+    let hash = 2166136261;
+    for (const character of input) {
+        hash ^= character.charCodeAt(0);
+        hash = Math.imul(hash, 16777619);
+    }
+    return `cmp_${(hash >>> 0).toString(16).padStart(8, "0")}`;
+}
+function classifyFinding(finding, changedPathSet) {
+    const file = normalizeFindingFile(finding);
+    if (file && changedPathSet.has(file))
+        return "touched";
+    if (file &&
+        [...changedPathSet].some((changedFile) => finding.locationKey?.includes(changedFile))) {
+        return "related";
+    }
+    if (isGlobalFinding(finding))
+        return "global";
+    if (!file)
+        return "unknown";
+    return "unrelated";
+}
+function normalizeFindingFile(finding) {
+    const file = finding.location?.file ?? finding.affectedFile;
+    if (!file || file === "n/a")
+        return undefined;
+    return normalizeChangedPath(file);
+}
+function isChangedImpact(finding) {
+    return (finding.prImpactClassification === "touched" || finding.prImpactClassification === "related");
+}
+function isGlobalFinding(finding) {
+    if (!finding.affectedFile && !finding.location?.file)
+        return true;
+    return /^(COMMAND_VERIFICATION_SKIPPED|api\.openapi-not-detected|mcp\.not-evaluated)$/.test(finding.ruleId);
+}
+function summarizePrImpact(changedNew, globalNew, unknown, changedFileCount) {
+    return `${changedFileCount} changed file(s) analyzed; ${changedNew.length} new finding(s) on changed files, ${globalNew.length} new global finding(s), ${unknown.length} unknown-location finding(s).`;
+}

package/dist/config/profile.d.ts

@@ -0,0 +1,16 @@
+import type { ProjectSignals, ScanOptions, ScanProfile } from "../schemas/types.js";
+export interface AgentLighthouseConfig {
+    profile?: ScanProfile;
+    probes?: {
+        commands?: boolean;
+        timeoutMs?: number;
+        allowedScripts?: string[];
+    };
+}
+export interface ResolvedProfile {
+    profile: ScanProfile;
+    source: "cli" | "config" | "inferred";
+}
+export declare function resolveProfile(signals: ProjectSignals, options?: ScanOptions): ResolvedProfile;
+export declare function resolveConfig(signals: ProjectSignals): AgentLighthouseConfig;
+//# sourceMappingURL=profile.d.ts.map

package/dist/config/profile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../../src/config/profile.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGpF,MAAM,WAAW,qBAAqB;IACpC,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE;QACP,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,KAAK,GAAG,QAAQ,GAAG,UAAU,CAAC;CACvC;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,cAAc,EACvB,OAAO,GAAE,WAAgB,GACxB,eAAe,CAgBjB;AA0BD,wBAAgB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,qBAAqB,CAE5E"}

package/dist/config/profile.js

@@ -0,0 +1,47 @@
+import { detectProject } from "../detection/project.js";
+export function resolveProfile(signals, options = {}) {
+    if (options.profile) {
+        return { profile: options.profile, source: "cli" };
+    }
+    const configured = parseConfig(signals.textByPath["agentlighthouse.config.json"]);
+    if (configured?.profile) {
+        return { profile: configured.profile, source: "config" };
+    }
+    const detected = detectProject(signals);
+    if (detected.type === "mcp_project")
+        return { profile: "mcp", source: "inferred" };
+    if (detected.type === "openapi_project")
+        return { profile: "api", source: "inferred" };
+    if (detected.type === "docs_only")
+        return { profile: "docs", source: "inferred" };
+    if (detected.type === "node_typescript" || detected.type === "node_javascript") {
+        return { profile: "library", source: "inferred" };
+    }
+    return { profile: "default", source: "inferred" };
+}
+function parseConfig(content) {
+    if (!content)
+        return undefined;
+    try {
+        const parsed = JSON.parse(content);
+        if (parsed.profile === "default" ||
+            parsed.profile === "devtool" ||
+            parsed.profile === "api" ||
+            parsed.profile === "mcp" ||
+            parsed.profile === "docs" ||
+            parsed.profile === "library" ||
+            parsed.profile === "internal") {
+            return {
+                profile: parsed.profile,
+                probes: parsed.probes
+            };
+        }
+    }
+    catch {
+        return undefined;
+    }
+    return undefined;
+}
+export function resolveConfig(signals) {
+    return parseConfig(signals.textByPath["agentlighthouse.config.json"]) ?? {};
+}

package/dist/detection/project.d.ts

@@ -0,0 +1,4 @@
+import type { DetectedArtifact, DetectedProject, ProjectSignals } from "../schemas/types.js";
+export declare function detectProject(signals: ProjectSignals): DetectedProject;
+export declare function detectedArtifacts(signals: ProjectSignals): DetectedArtifact[];
+//# sourceMappingURL=project.d.ts.map

package/dist/detection/project.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.d.ts","sourceRoot":"","sources":["../../src/detection/project.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,eAAe,EACf,cAAc,EAEf,MAAM,qBAAqB,CAAC;AAY7B,wBAAgB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,eAAe,CAsEtE;AAED,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,cAAc,GAAG,gBAAgB,EAAE,CAY7E"}