@ai-dossier/core 1.0.1 → 1.0.3

package/README.md

@@ -0,0 +1,232 @@
+# @ai-dossier/core
+
+Core parsing, verification, and linting logic for the [Dossier](https://github.com/imboard-ai/ai-dossier) automation standard.
+
+## Installation
+
+```bash
+npm install @ai-dossier/core
+```
+
+Requires Node.js >= 18.0.0.
+
+## Quick Start
+
+```typescript
+import {
+  parseDossierContent,
+  verifyIntegrity,
+  lintDossier,
+} from '@ai-dossier/core';
+
+// 1. Parse a dossier
+const dossier = parseDossierContent(rawContent);
+console.log(dossier.frontmatter.title); // => "My Dossier"
+
+// 2. Verify integrity
+const integrity = verifyIntegrity(
+  dossier.body,
+  dossier.frontmatter.checksum?.hash
+);
+console.log(integrity.status); // => "valid" | "invalid" | "missing"
+
+// 3. Lint for issues
+const result = lintDossier(rawContent);
+console.log(result.errorCount, result.warningCount);
+```
+
+## API
+
+### Parsing
+
+```typescript
+import {
+  parseDossierContent,
+  parseDossierFile,
+  validateFrontmatter,
+} from '@ai-dossier/core';
+```
+
+#### `parseDossierContent(content: string): ParsedDossier`
+
+Parse a dossier content string into frontmatter and body. Accepts both `---dossier` (JSON/YAML) and standard `---` (YAML) delimiters.
+
+```typescript
+const { frontmatter, body, raw } = parseDossierContent(content);
+```
+
+#### `parseDossierFile(filePath: string): ParsedDossier`
+
+Read and parse a dossier file from disk.
+
+```typescript
+const parsed = parseDossierFile('./path/to/dossier.ds.md');
+```
+
+#### `validateFrontmatter(frontmatter: DossierFrontmatter): string[]`
+
+Validate required fields and enum values. Returns an array of error messages (empty if valid).
+
+```typescript
+const errors = validateFrontmatter(parsed.frontmatter);
+if (errors.length > 0) {
+  console.error('Validation errors:', errors);
+}
+```
+
+### Checksum Verification
+
+```typescript
+import { calculateChecksum, verifyIntegrity } from '@ai-dossier/core';
+```
+
+#### `calculateChecksum(body: string): string`
+
+Calculate the SHA-256 hash of dossier body content (excluding frontmatter).
+
+#### `verifyIntegrity(body: string, expectedHash: string | undefined): IntegrityResult`
+
+Compare the computed hash against the expected hash from frontmatter.
+
+```typescript
+const result = verifyIntegrity(body, frontmatter.checksum?.hash);
+// result.status: "valid" | "invalid" | "missing"
+```
+
+### Signature Verification
+
+```typescript
+import {
+  verifySignature,
+  verifyWithEd25519,
+  verifyWithKms,
+  loadTrustedKeys,
+} from '@ai-dossier/core';
+```
+
+#### `verifySignature(content: string, signature: SignatureResult): Promise<VerifyResult>`
+
+Verify a signature using the verifier registry. Automatically selects the correct verifier based on `signature.algorithm`.
+
+```typescript
+const result = await verifySignature(body, frontmatter.signature);
+console.log(result.valid); // true | false
+```
+
+#### `verifyWithEd25519(content: string, signature: string, publicKey: string): VerifyResult`
+
+Verify an Ed25519 signature directly.
+
+#### `verifyWithKms(content: string, signature: string, keyId: string, region?: string): Promise<VerifyResult>`
+
+Verify an ECDSA-SHA-256 signature using AWS KMS.
+
+#### `loadTrustedKeys(filePath?: string): Map<string, string>`
+
+Load trusted public keys from a file (default: `~/.dossier/trusted-keys.txt`). Returns a map of public key to key ID.
+
+### Linting
+
+```typescript
+import { lintDossier, lintDossierFile } from '@ai-dossier/core';
+```
+
+#### `lintDossier(content: string, config?: LintConfig): LintResult`
+
+Lint dossier content against built-in rules (checksum validity, schema validation, required sections, semver version, etc.).
+
+```typescript
+const result = lintDossier(content);
+for (const d of result.diagnostics) {
+  console.log(`[${d.severity}] ${d.ruleId}: ${d.message}`);
+}
+```
+
+#### `lintDossierFile(filePath: string, config?: LintConfig): LintResult`
+
+Lint a dossier file from disk.
+
+### Formatting
+
+```typescript
+import { formatDossierContent, formatDossierFile } from '@ai-dossier/core';
+```
+
+#### `formatDossierContent(content: string, options?: Partial<FormatOptions>): FormatResult`
+
+Format dossier content (sort keys, update checksum). Returns `{ formatted, changed }`.
+
+```typescript
+const { formatted, changed } = formatDossierContent(rawContent, {
+  sortKeys: true,
+  updateChecksum: true,
+});
+```
+
+#### `formatDossierFile(filePath: string, options?: Partial<FormatOptions>): FormatResult`
+
+Format a dossier file in place. Only writes if changes were made.
+
+### Signer/Verifier Interfaces
+
+The package exports extensible interfaces for signing and verification:
+
+```typescript
+import type { Signer, Verifier, SignatureResult, VerifyResult } from '@ai-dossier/core';
+```
+
+Built-in implementations:
+- `Ed25519Signer` / `Ed25519Verifier` — Ed25519 key pair signing
+- `KmsSigner` / `KmsVerifier` — AWS KMS ECDSA-SHA-256 signing
+
+Registry for algorithm dispatch:
+```typescript
+import { getVerifierRegistry, VerifierRegistry } from '@ai-dossier/core';
+
+const registry = getVerifierRegistry();
+const verifier = registry.get('ed25519');
+const result = await verifier.verify(content, signature);
+```
+
+## Types
+
+All TypeScript types are exported from the package root:
+
+```typescript
+import type {
+  // Core types
+  DossierFrontmatter,   // Frontmatter fields (title, version, checksum, signature, ...)
+  ParsedDossier,        // { frontmatter, body, raw }
+  DossierStatus,        // "Draft" | "Stable" | "Deprecated" | "Experimental"
+  DossierListItem,      // Summary for listing dossiers
+
+  // Verification
+  IntegrityResult,      // Checksum verification result
+  AuthenticityResult,   // Signature verification result
+  RiskAssessment,       // Risk level, factors, destructive ops
+  VerificationResult,   // Combined verification report
+  TrustedKey,           // { publicKey, keyId }
+
+  // Signing
+  Signer,               // Sign interface
+  Verifier,             // Verify interface
+  SignatureResult,       // Signature metadata
+  VerifyResult,          // { valid, error? }
+  VerifierRegistry,     // Algorithm → verifier dispatch
+
+  // Linting
+  LintResult,           // { diagnostics, errorCount, warningCount, infoCount }
+  LintDiagnostic,       // { ruleId, severity, message, field? }
+  LintRule,             // Custom rule interface
+  LintConfig,           // { rules: Record<string, severity> }
+  LintSeverity,         // "error" | "warning" | "info"
+
+  // Formatting
+  FormatOptions,        // { indent, sortKeys, updateChecksum }
+  FormatResult,         // { formatted, changed }
+} from '@ai-dossier/core';
+```
+
+## License
+
+[AGPL-3.0](https://github.com/imboard-ai/ai-dossier/blob/main/LICENSE)

package/dist/formatter/formatter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAiG3D,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,YAAY,CAmCd"}
+{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAmG3D,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,YAAY,CAmCd"}

package/dist/formatter/formatter.js

@@ -25,6 +25,8 @@ const KEY_ORDER = [
     'risk_factors',
     'requires_approval',
     'destructive_operations',
+    'content_scope',
+    'external_references',
     'prerequisites',
     'inputs',
     'outputs',

package/dist/formatter/formatter.js.map

@@ -1 +1 @@
-{"version":3,"file":"formatter.js","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":";;AAmGA,oDAsCC;AAzID,0CAAgD;AAChD,sCAAgD;AAEhD,mCAA+C;AAE/C;;;;GAIG;AACH,MAAM,SAAS,GAAa;IAC1B,wBAAwB;IACxB,OAAO;IACP,SAAS;IACT,kBAAkB;IAClB,QAAQ;IACR,cAAc;IACd,WAAW;IACX,UAAU;IACV,MAAM;IACN,gBAAgB;IAChB,oBAAoB;IACpB,YAAY;IACZ,cAAc;IACd,mBAAmB;IACnB,wBAAwB;IACxB,eAAe;IACf,QAAQ;IACR,SAAS;IACT,eAAe;IACf,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,SAAS;IACT,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,iBAAiB;IACjB,eAAe;IACf,UAAU;IACV,WAAW;CACZ,CAAC;AAEF,SAAS,mBAAmB,CAAC,WAAoC;IAC/D,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAEpC,0BAA0B;IAC1B,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;SACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC/B,IAAI,EAAE,CAAC;IACV,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,mCAAmC;QACnC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,sFAAsF;IACtF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;gBAChB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,IAAI;SACR,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;SAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,oBAAoB,CAClC,OAAe,EACf,OAAgC;IAEhC,MAAM,IAAI,GAAkB,EAAE,GAAG,4BAAoB,EAAE,GAAG,OAAO,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAA,4BAAmB,EAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,WAAW,GAA4B,MAAM,CAAC,WAAsC,CAAC;IAEzF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,2FAA2F;IAC3F,MAAM,IAAI,GAAG,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErE,6BAA6B;IAC7B,IAAI,IAAI,CAAC,cAAc,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,WAAW,CAAC,QAAmC,CAAC;QACpE,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAA,4BAAiB,EAAC,IAAI,CAAC,CAAC;YACxC,WAAW,CAAC,QAAQ,GAAG,EAAE,GAAG,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAE/D,6BAA6B;IAC7B,IAAI,MAAM,GAAG,eAAe,OAAO,UAAU,IAAI,EAAE,CAAC;IAEpD,uBAAuB;IACvB,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,MAAM,KAAK,OAAO;KAC5B,CAAC;AACJ,CAAC"}
+{"version":3,"file":"formatter.js","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":";;AAqGA,oDAsCC;AA3ID,0CAAgD;AAChD,sCAAgD;AAEhD,mCAA+C;AAE/C;;;;GAIG;AACH,MAAM,SAAS,GAAa;IAC1B,wBAAwB;IACxB,OAAO;IACP,SAAS;IACT,kBAAkB;IAClB,QAAQ;IACR,cAAc;IACd,WAAW;IACX,UAAU;IACV,MAAM;IACN,gBAAgB;IAChB,oBAAoB;IACpB,YAAY;IACZ,cAAc;IACd,mBAAmB;IACnB,wBAAwB;IACxB,eAAe;IACf,qBAAqB;IACrB,eAAe;IACf,QAAQ;IACR,SAAS;IACT,eAAe;IACf,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,SAAS;IACT,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,iBAAiB;IACjB,eAAe;IACf,UAAU;IACV,WAAW;CACZ,CAAC;AAEF,SAAS,mBAAmB,CAAC,WAAoC;IAC/D,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAEpC,0BAA0B;IAC1B,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;SACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC/B,IAAI,EAAE,CAAC;IACV,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,mCAAmC;QACnC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,sFAAsF;IACtF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;gBAChB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,IAAI;SACR,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;SAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,oBAAoB,CAClC,OAAe,EACf,OAAgC;IAEhC,MAAM,IAAI,GAAkB,EAAE,GAAG,4BAAoB,EAAE,GAAG,OAAO,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAA,4BAAmB,EAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,WAAW,GAA4B,MAAM,CAAC,WAAsC,CAAC;IAEzF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,2FAA2F;IAC3F,MAAM,IAAI,GAAG,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErE,6BAA6B;IAC7B,IAAI,IAAI,CAAC,cAAc,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,WAAW,CAAC,QAAmC,CAAC;QACpE,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAA,4BAAiB,EAAC,IAAI,CAAC,CAAC;YACxC,WAAW,CAAC,QAAQ,GAAG,EAAE,GAAG,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAE/D,6BAA6B;IAC7B,IAAI,MAAM,GAAG,eAAe,OAAO,UAAU,IAAI,EAAE,CAAC;IAEpD,uBAAuB;IACvB,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,MAAM,KAAK,OAAO;KAC5B,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -12,12 +12,15 @@ export type { FormatOptions, FormatResult } from './formatter';
 export { formatDossierContent, formatDossierFile } from './formatter';
 export type { LintConfig, LintDiagnostic, LintResult, LintRule, LintRuleContext, LintSeverity, RuleSeverityOverride, } from './linter';
 export { defaultRules, LintRuleRegistry, lintDossier, lintDossierFile, loadLintConfig, } from './linter';
-export { parseDossierContent, parseDossierFile, validateFrontmatter } from './parser';
+export { parseDossierContent, parseDossierFile, RECOMMENDED_FIELDS, REQUIRED_FIELDS, VALID_RISK_LEVELS, VALID_STATUSES, validateFrontmatter, } from './parser';
+export type { ChecksumStatus, ContentRiskResult, SignatureStatus, VerificationRiskLevel, VerificationRiskResult, } from './risk-assessment';
+export { assessContentRisk, assessVerificationRisk } from './risk-assessment';
 export { loadTrustedKeys, verifySignature, verifyWithEd25519, verifyWithKms } from './signature';
-export { Ed25519Signer, Ed25519Verifier, getVerifierRegistry, KmsSigner, KmsVerifier, SignatureResult, Signer, Verifier, VerifierRegistry, } from './signers';
+export { Ed25519Signer, Ed25519Verifier, getVerifierRegistry, KmsSigner, KmsVerifier, SignatureResult, Signer, Verifier, VerifierRegistry, VerifyResult, } from './signers';
 export * from './types';
 export { sha256Hash, sha256Hex } from './utils/crypto';
 export { getErrorMessage, getErrorStack } from './utils/errors';
 export { readFileIfExists } from './utils/fs';
+export { collectDeclaredUrls, findStaleReferences, findUndeclaredUrls, isPlaceholderUrl, isUrlCoveredByDeclared, scanBodyForUrls, } from './utils/url-scanner';
 export { createDefaultVerificationResult } from './utils/verification';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAChE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACtE,YAAY,EACV,UAAU,EACV,cAAc,EACd,UAAU,EACV,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEtF,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjG,OAAO,EACL,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,SAAS,EACT,WAAW,EACX,eAAe,EACf,MAAM,EACN,QAAQ,EACR,gBAAgB,GACjB,MAAM,WAAW,CAAC;AAEnB,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EAAE,+BAA+B,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAChE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACtE,YAAY,EACV,UAAU,EACV,cAAc,EACd,UAAU,EACV,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAClB,YAAY,EACV,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE9E,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjG,OAAO,EACL,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,SAAS,EACT,WAAW,EACX,eAAe,EACf,MAAM,EACN,QAAQ,EACR,gBAAgB,EAChB,YAAY,GACb,MAAM,WAAW,CAAC;AAEnB,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EAChB,sBAAsB,EACtB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,+BAA+B,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/index.js

@@ -23,7 +23,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createDefaultVerificationResult = exports.readFileIfExists = exports.getErrorStack = exports.getErrorMessage = exports.sha256Hex = exports.sha256Hash = exports.VerifierRegistry = exports.KmsVerifier = exports.KmsSigner = exports.getVerifierRegistry = exports.Ed25519Verifier = exports.Ed25519Signer = exports.verifyWithKms = exports.verifyWithEd25519 = exports.verifySignature = exports.loadTrustedKeys = exports.validateFrontmatter = exports.parseDossierFile = exports.parseDossierContent = exports.loadLintConfig = exports.lintDossierFile = exports.lintDossier = exports.LintRuleRegistry = exports.defaultRules = exports.formatDossierFile = exports.formatDossierContent = exports.verifyIntegrity = exports.calculateChecksum = void 0;
+exports.createDefaultVerificationResult = exports.scanBodyForUrls = exports.isUrlCoveredByDeclared = exports.isPlaceholderUrl = exports.findUndeclaredUrls = exports.findStaleReferences = exports.collectDeclaredUrls = exports.readFileIfExists = exports.getErrorStack = exports.getErrorMessage = exports.sha256Hex = exports.sha256Hash = exports.VerifierRegistry = exports.KmsVerifier = exports.KmsSigner = exports.getVerifierRegistry = exports.Ed25519Verifier = exports.Ed25519Signer = exports.verifyWithKms = exports.verifyWithEd25519 = exports.verifySignature = exports.loadTrustedKeys = exports.assessVerificationRisk = exports.assessContentRisk = exports.validateFrontmatter = exports.VALID_STATUSES = exports.VALID_RISK_LEVELS = exports.REQUIRED_FIELDS = exports.RECOMMENDED_FIELDS = exports.parseDossierFile = exports.parseDossierContent = exports.loadLintConfig = exports.lintDossierFile = exports.lintDossier = exports.LintRuleRegistry = exports.defaultRules = exports.formatDossierFile = exports.formatDossierContent = exports.verifyIntegrity = exports.calculateChecksum = void 0;
 // Checksum exports
 var checksum_1 = require("./checksum");
 Object.defineProperty(exports, "calculateChecksum", { enumerable: true, get: function () { return checksum_1.calculateChecksum; } });
@@ -43,7 +43,15 @@ Object.defineProperty(exports, "loadLintConfig", { enumerable: true, get: functi
 var parser_1 = require("./parser");
 Object.defineProperty(exports, "parseDossierContent", { enumerable: true, get: function () { return parser_1.parseDossierContent; } });
 Object.defineProperty(exports, "parseDossierFile", { enumerable: true, get: function () { return parser_1.parseDossierFile; } });
+Object.defineProperty(exports, "RECOMMENDED_FIELDS", { enumerable: true, get: function () { return parser_1.RECOMMENDED_FIELDS; } });
+Object.defineProperty(exports, "REQUIRED_FIELDS", { enumerable: true, get: function () { return parser_1.REQUIRED_FIELDS; } });
+Object.defineProperty(exports, "VALID_RISK_LEVELS", { enumerable: true, get: function () { return parser_1.VALID_RISK_LEVELS; } });
+Object.defineProperty(exports, "VALID_STATUSES", { enumerable: true, get: function () { return parser_1.VALID_STATUSES; } });
 Object.defineProperty(exports, "validateFrontmatter", { enumerable: true, get: function () { return parser_1.validateFrontmatter; } });
+// Risk assessment exports
+var risk_assessment_1 = require("./risk-assessment");
+Object.defineProperty(exports, "assessContentRisk", { enumerable: true, get: function () { return risk_assessment_1.assessContentRisk; } });
+Object.defineProperty(exports, "assessVerificationRisk", { enumerable: true, get: function () { return risk_assessment_1.assessVerificationRisk; } });
 // Signature exports
 var signature_1 = require("./signature");
 Object.defineProperty(exports, "loadTrustedKeys", { enumerable: true, get: function () { return signature_1.loadTrustedKeys; } });
@@ -71,6 +79,14 @@ Object.defineProperty(exports, "getErrorStack", { enumerable: true, get: functio
 // File system utilities
 var fs_1 = require("./utils/fs");
 Object.defineProperty(exports, "readFileIfExists", { enumerable: true, get: function () { return fs_1.readFileIfExists; } });
+// URL scanning utilities
+var url_scanner_1 = require("./utils/url-scanner");
+Object.defineProperty(exports, "collectDeclaredUrls", { enumerable: true, get: function () { return url_scanner_1.collectDeclaredUrls; } });
+Object.defineProperty(exports, "findStaleReferences", { enumerable: true, get: function () { return url_scanner_1.findStaleReferences; } });
+Object.defineProperty(exports, "findUndeclaredUrls", { enumerable: true, get: function () { return url_scanner_1.findUndeclaredUrls; } });
+Object.defineProperty(exports, "isPlaceholderUrl", { enumerable: true, get: function () { return url_scanner_1.isPlaceholderUrl; } });
+Object.defineProperty(exports, "isUrlCoveredByDeclared", { enumerable: true, get: function () { return url_scanner_1.isUrlCoveredByDeclared; } });
+Object.defineProperty(exports, "scanBodyForUrls", { enumerable: true, get: function () { return url_scanner_1.scanBodyForUrls; } });
 // Verification utilities
 var verification_1 = require("./utils/verification");
 Object.defineProperty(exports, "createDefaultVerificationResult", { enumerable: true, get: function () { return verification_1.createDefaultVerificationResult; } });

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;AAEH,mBAAmB;AACnB,uCAAgE;AAAvD,6GAAA,iBAAiB,OAAA;AAAE,2GAAA,eAAe,OAAA;AAE3C,oBAAoB;AACpB,yCAAsE;AAA7D,iHAAA,oBAAoB,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAUhD,iBAAiB;AACjB,mCAMkB;AALhB,sGAAA,YAAY,OAAA;AACZ,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,yGAAA,eAAe,OAAA;AACf,wGAAA,cAAc,OAAA;AAEhB,iBAAiB;AACjB,mCAAsF;AAA7E,6GAAA,mBAAmB,OAAA;AAAE,0GAAA,gBAAgB,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AACnE,oBAAoB;AACpB,yCAAiG;AAAxF,4GAAA,eAAe,OAAA;AAAE,4GAAA,eAAe,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAAE,0GAAA,aAAa,OAAA;AAC3E,iDAAiD;AACjD,qCAUmB;AATjB,wGAAA,aAAa,OAAA;AACb,0GAAA,eAAe,OAAA;AACf,8GAAA,mBAAmB,OAAA;AACnB,oGAAA,SAAS,OAAA;AACT,sGAAA,WAAW,OAAA;AAIX,2GAAA,gBAAgB,OAAA;AAElB,eAAe;AACf,0CAAwB;AACxB,mBAAmB;AACnB,yCAAuD;AAA9C,oGAAA,UAAU,OAAA;AAAE,mGAAA,SAAS,OAAA;AAC9B,kBAAkB;AAClB,yCAAgE;AAAvD,yGAAA,eAAe,OAAA;AAAE,uGAAA,aAAa,OAAA;AACvC,wBAAwB;AACxB,iCAA8C;AAArC,sGAAA,gBAAgB,OAAA;AACzB,yBAAyB;AACzB,qDAAuE;AAA9D,+HAAA,+BAA+B,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;AAEH,mBAAmB;AACnB,uCAAgE;AAAvD,6GAAA,iBAAiB,OAAA;AAAE,2GAAA,eAAe,OAAA;AAE3C,oBAAoB;AACpB,yCAAsE;AAA7D,iHAAA,oBAAoB,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAUhD,iBAAiB;AACjB,mCAMkB;AALhB,sGAAA,YAAY,OAAA;AACZ,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,yGAAA,eAAe,OAAA;AACf,wGAAA,cAAc,OAAA;AAEhB,iBAAiB;AACjB,mCAQkB;AAPhB,6GAAA,mBAAmB,OAAA;AACnB,0GAAA,gBAAgB,OAAA;AAChB,4GAAA,kBAAkB,OAAA;AAClB,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA;AACjB,wGAAA,cAAc,OAAA;AACd,6GAAA,mBAAmB,OAAA;AASrB,0BAA0B;AAC1B,qDAA8E;AAArE,oHAAA,iBAAiB,OAAA;AAAE,yHAAA,sBAAsB,OAAA;AAClD,oBAAoB;AACpB,yCAAiG;AAAxF,4GAAA,eAAe,OAAA;AAAE,4GAAA,eAAe,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAAE,0GAAA,aAAa,OAAA;AAC3E,iDAAiD;AACjD,qCAWmB;AAVjB,wGAAA,aAAa,OAAA;AACb,0GAAA,eAAe,OAAA;AACf,8GAAA,mBAAmB,OAAA;AACnB,oGAAA,SAAS,OAAA;AACT,sGAAA,WAAW,OAAA;AAIX,2GAAA,gBAAgB,OAAA;AAGlB,eAAe;AACf,0CAAwB;AACxB,mBAAmB;AACnB,yCAAuD;AAA9C,oGAAA,UAAU,OAAA;AAAE,mGAAA,SAAS,OAAA;AAC9B,kBAAkB;AAClB,yCAAgE;AAAvD,yGAAA,eAAe,OAAA;AAAE,uGAAA,aAAa,OAAA;AACvC,wBAAwB;AACxB,iCAA8C;AAArC,sGAAA,gBAAgB,OAAA;AACzB,yBAAyB;AACzB,mDAO6B;AAN3B,kHAAA,mBAAmB,OAAA;AACnB,kHAAA,mBAAmB,OAAA;AACnB,iHAAA,kBAAkB,OAAA;AAClB,+GAAA,gBAAgB,OAAA;AAChB,qHAAA,sBAAsB,OAAA;AACtB,8GAAA,eAAe,OAAA;AAEjB,yBAAyB;AACzB,qDAAuE;AAA9D,+HAAA,+BAA+B,OAAA"}

package/dist/linter/rules/external-references-declared.d.ts

@@ -0,0 +1,3 @@
+import type { LintRule } from '../types';
+export declare const externalReferencesDeclaredRule: LintRule;
+//# sourceMappingURL=external-references-declared.d.ts.map

package/dist/linter/rules/external-references-declared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-references-declared.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/external-references-declared.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAkB,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzD,eAAO,MAAM,8BAA8B,EAAE,QAgD5C,CAAC"}

package/dist/linter/rules/external-references-declared.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.externalReferencesDeclaredRule = void 0;
+const url_scanner_1 = require("../../utils/url-scanner");
+exports.externalReferencesDeclaredRule = {
+    id: 'external-references-declared',
+    description: 'External URLs in body must be declared in external_references',
+    defaultSeverity: 'error',
+    run(context) {
+        const { frontmatter, body } = context;
+        const diagnostics = [];
+        const bodyUrls = (0, url_scanner_1.scanBodyForUrls)(body);
+        if (bodyUrls.length === 0) {
+            return diagnostics;
+        }
+        const declaredUrls = (0, url_scanner_1.collectDeclaredUrls)(frontmatter);
+        const undeclaredUrls = (0, url_scanner_1.findUndeclaredUrls)(bodyUrls, declaredUrls);
+        for (const url of undeclaredUrls) {
+            diagnostics.push({
+                ruleId: 'external-references-declared',
+                severity: 'error',
+                message: `Undeclared external URL in body: ${url} — add it to external_references`,
+                field: 'external_references',
+            });
+        }
+        if (bodyUrls.length > 0 && frontmatter.content_scope !== 'references-external') {
+            diagnostics.push({
+                ruleId: 'external-references-declared',
+                severity: 'error',
+                message: `Body contains ${bodyUrls.length} external URL(s) but content_scope is not "references-external"`,
+                field: 'content_scope',
+            });
+        }
+        if (Array.isArray(frontmatter.external_references)) {
+            const stale = (0, url_scanner_1.findStaleReferences)(frontmatter.external_references, bodyUrls);
+            for (const ref of stale) {
+                diagnostics.push({
+                    ruleId: 'external-references-declared',
+                    severity: 'info',
+                    message: `Declared external reference not found in body (possibly stale): ${ref.url}`,
+                    field: 'external_references',
+                });
+            }
+        }
+        return diagnostics;
+    },
+};
+//# sourceMappingURL=external-references-declared.js.map

package/dist/linter/rules/external-references-declared.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-references-declared.js","sourceRoot":"","sources":["../../../src/linter/rules/external-references-declared.ts"],"names":[],"mappings":";;;AAAA,yDAKiC;AAGpB,QAAA,8BAA8B,GAAa;IACtD,EAAE,EAAE,8BAA8B;IAClC,WAAW,EAAE,+DAA+D;IAC5E,eAAe,EAAE,OAAO;IACxB,GAAG,CAAC,OAAO;QACT,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QACtC,MAAM,WAAW,GAAqB,EAAE,CAAC;QAEzC,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;QACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,iCAAmB,EAAC,WAAW,CAAC,CAAC;QACtD,MAAM,cAAc,GAAG,IAAA,gCAAkB,EAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAElE,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;YACjC,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,8BAA8B;gBACtC,QAAQ,EAAE,OAAgB;gBAC1B,OAAO,EAAE,oCAAoC,GAAG,kCAAkC;gBAClF,KAAK,EAAE,qBAAqB;aAC7B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,aAAa,KAAK,qBAAqB,EAAE,CAAC;YAC/E,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,8BAA8B;gBACtC,QAAQ,EAAE,OAAgB;gBAC1B,OAAO,EAAE,iBAAiB,QAAQ,CAAC,MAAM,iEAAiE;gBAC1G,KAAK,EAAE,eAAe;aACvB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,IAAA,iCAAmB,EAAC,WAAW,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;YAC7E,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,8BAA8B;oBACtC,QAAQ,EAAE,MAAe;oBACzB,OAAO,EAAE,mEAAmE,GAAG,CAAC,GAAG,EAAE;oBACrF,KAAK,EAAE,qBAAqB;iBAC7B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}

package/dist/linter/rules/index.d.ts

@@ -1,11 +1,12 @@
 import type { LintRule } from '../types';
 import { checksumValidRule } from './checksum-valid';
+import { externalReferencesDeclaredRule } from './external-references-declared';
 import { objectiveQualityRule } from './objective-quality';
 import { requiredSectionsRule } from './required-sections';
 import { riskLevelConsistencyRule } from './risk-level-consistency';
 import { schemaValidRule } from './schema-valid';
 import { semverVersionRule } from './semver-version';
 import { toolsCheckCommandRule } from './tools-check-command';
-export { checksumValidRule, objectiveQualityRule, requiredSectionsRule, riskLevelConsistencyRule, schemaValidRule, semverVersionRule, toolsCheckCommandRule, };
+export { checksumValidRule, externalReferencesDeclaredRule, objectiveQualityRule, requiredSectionsRule, riskLevelConsistencyRule, schemaValidRule, semverVersionRule, toolsCheckCommandRule, };
 export declare const defaultRules: LintRule[];
 //# sourceMappingURL=index.d.ts.map

package/dist/linter/rules/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,QAAQ,EAQlC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EACL,iBAAiB,EACjB,8BAA8B,EAC9B,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,QAAQ,EASlC,CAAC"}

package/dist/linter/rules/index.js

@@ -1,8 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultRules = exports.toolsCheckCommandRule = exports.semverVersionRule = exports.schemaValidRule = exports.riskLevelConsistencyRule = exports.requiredSectionsRule = exports.objectiveQualityRule = exports.checksumValidRule = void 0;
+exports.defaultRules = exports.toolsCheckCommandRule = exports.semverVersionRule = exports.schemaValidRule = exports.riskLevelConsistencyRule = exports.requiredSectionsRule = exports.objectiveQualityRule = exports.externalReferencesDeclaredRule = exports.checksumValidRule = void 0;
 const checksum_valid_1 = require("./checksum-valid");
 Object.defineProperty(exports, "checksumValidRule", { enumerable: true, get: function () { return checksum_valid_1.checksumValidRule; } });
+const external_references_declared_1 = require("./external-references-declared");
+Object.defineProperty(exports, "externalReferencesDeclaredRule", { enumerable: true, get: function () { return external_references_declared_1.externalReferencesDeclaredRule; } });
 const objective_quality_1 = require("./objective-quality");
 Object.defineProperty(exports, "objectiveQualityRule", { enumerable: true, get: function () { return objective_quality_1.objectiveQualityRule; } });
 const required_sections_1 = require("./required-sections");
@@ -23,5 +25,6 @@ exports.defaultRules = [
     tools_check_command_1.toolsCheckCommandRule,
     objective_quality_1.objectiveQualityRule,
     required_sections_1.requiredSectionsRule,
+    external_references_declared_1.externalReferencesDeclaredRule,
 ];
 //# sourceMappingURL=index.js.map

package/dist/linter/rules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":";;;AACA,qDAAqD;AASnD,kGATO,kCAAiB,OASP;AARnB,2DAA2D;AASzD,qGATO,wCAAoB,OASP;AARtB,2DAA2D;AASzD,qGATO,wCAAoB,OASP;AARtB,qEAAoE;AASlE,yGATO,iDAAwB,OASP;AAR1B,iDAAiD;AAS/C,gGATO,8BAAe,OASP;AARjB,qDAAqD;AASnD,kGATO,kCAAiB,OASP;AARnB,+DAA8D;AAS5D,sGATO,2CAAqB,OASP;AAGV,QAAA,YAAY,GAAe;IACtC,8BAAe;IACf,kCAAiB;IACjB,kCAAiB;IACjB,iDAAwB;IACxB,2CAAqB;IACrB,wCAAoB;IACpB,wCAAoB;CACrB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":";;;AACA,qDAAqD;AAUnD,kGAVO,kCAAiB,OAUP;AATnB,iFAAgF;AAU9E,+GAVO,6DAA8B,OAUP;AAThC,2DAA2D;AAUzD,qGAVO,wCAAoB,OAUP;AATtB,2DAA2D;AAUzD,qGAVO,wCAAoB,OAUP;AATtB,qEAAoE;AAUlE,yGAVO,iDAAwB,OAUP;AAT1B,iDAAiD;AAU/C,gGAVO,8BAAe,OAUP;AATjB,qDAAqD;AAUnD,kGAVO,kCAAiB,OAUP;AATnB,+DAA8D;AAU5D,sGAVO,2CAAqB,OAUP;AAGV,QAAA,YAAY,GAAe;IACtC,8BAAe;IACf,kCAAiB;IACjB,kCAAiB;IACjB,iDAAwB;IACxB,2CAAqB;IACrB,wCAAoB;IACpB,wCAAoB;IACpB,6DAA8B;CAC/B,CAAC"}

package/dist/linter/rules/risk-level-consistency.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"risk-level-consistency.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,wBAAwB,EAAE,QAuBtC,CAAC"}
+{"version":3,"file":"risk-level-consistency.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAkB,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzD,eAAO,MAAM,wBAAwB,EAAE,QAqCtC,CAAC"}

package/dist/linter/rules/risk-level-consistency.js

@@ -3,10 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.riskLevelConsistencyRule = void 0;
 exports.riskLevelConsistencyRule = {
     id: 'risk-level-consistency',
-    description: 'Risk level should be consistent with destructive operations',
+    description: 'Risk level should be consistent with destructive operations and external references',
     defaultSeverity: 'warning',
     run(context) {
-        const { risk_level, destructive_operations } = context.frontmatter;
+        const { risk_level, destructive_operations, external_references, risk_factors } = context.frontmatter;
         const diagnostics = [];
         if (risk_level === 'low' &&
             Array.isArray(destructive_operations) &&
@@ -18,6 +18,16 @@ exports.riskLevelConsistencyRule = {
                 field: 'risk_level',
             });
         }
+        if (Array.isArray(external_references) && external_references.length > 0) {
+            if (!Array.isArray(risk_factors) || !risk_factors.includes('network_access')) {
+                diagnostics.push({
+                    ruleId: 'risk-level-consistency',
+                    severity: 'warning',
+                    message: 'external_references declared but risk_factors does not include "network_access"',
+                    field: 'risk_factors',
+                });
+            }
+        }
         return diagnostics;
     },
 };

package/dist/linter/rules/risk-level-consistency.js.map

@@ -1 +1 @@
-{"version":3,"file":"risk-level-consistency.js","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":";;;AAEa,QAAA,wBAAwB,GAAa;IAChD,EAAE,EAAE,wBAAwB;IAC5B,WAAW,EAAE,6DAA6D;IAC1E,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,EAAE,UAAU,EAAE,sBAAsB,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;QACnE,MAAM,WAAW,GAAG,EAAE,CAAC;QAEvB,IACE,UAAU,KAAK,KAAK;YACpB,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;YACrC,sBAAsB,CAAC,MAAM,GAAG,CAAC,EACjC,CAAC;YACD,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,wBAAwB;gBAChC,QAAQ,EAAE,SAAkB;gBAC5B,OAAO,EAAE,2BAA2B,sBAAsB,CAAC,MAAM,kEAAkE;gBACnI,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}
+{"version":3,"file":"risk-level-consistency.js","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":";;;AAEa,QAAA,wBAAwB,GAAa;IAChD,EAAE,EAAE,wBAAwB;IAC5B,WAAW,EACT,qFAAqF;IACvF,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,EAAE,UAAU,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAC7E,OAAO,CAAC,WAAW,CAAC;QACtB,MAAM,WAAW,GAAqB,EAAE,CAAC;QAEzC,IACE,UAAU,KAAK,KAAK;YACpB,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;YACrC,sBAAsB,CAAC,MAAM,GAAG,CAAC,EACjC,CAAC;YACD,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,wBAAwB;gBAChC,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,2BAA2B,sBAAsB,CAAC,MAAM,kEAAkE;gBACnI,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC7E,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,wBAAwB;oBAChC,QAAQ,EAAE,SAAS;oBACnB,OAAO,EACL,iFAAiF;oBACnF,KAAK,EAAE,cAAc;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}

package/dist/linter/rules/tools-check-command.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools-check-command.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAOzC,eAAO,MAAM,qBAAqB,EAAE,QA0BnC,CAAC"}
+{"version":3,"file":"tools-check-command.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,qBAAqB,EAAE,QA0BnC,CAAC"}

package/dist/linter/rules/tools-check-command.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-check-command.js","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":";;;AAOa,QAAA,qBAAqB,GAAa;IAC7C,EAAE,EAAE,qBAAqB;IACzB,WAAW,EAAE,oDAAoD;IACjE,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,cAA4C,CAAC;QAE/E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,WAAW,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,SAAkB;oBAC5B,OAAO,EAAE,SAAS,IAAI,CAAC,IAAI,+DAA+D;oBAC1F,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}
+{"version":3,"file":"tools-check-command.js","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":";;;AAEa,QAAA,qBAAqB,GAAa;IAC7C,EAAE,EAAE,qBAAqB;IACzB,WAAW,EAAE,oDAAoD;IACjE,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC;QAEjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,WAAW,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,SAAkB;oBAC5B,OAAO,EAAE,SAAS,IAAI,CAAC,IAAI,+DAA+D;oBAC1F,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}

package/dist/parser.d.ts

@@ -1,10 +1,23 @@
 /**
- * Dossier parser - extracts frontmatter and body from dossier files
+ * Dossier parser - extracts frontmatter and body from dossier files.
+ *
+ * Supports two frontmatter formats:
+ *   1. ---dossier\n{JSON or YAML}\n---  (dossier-specific delimiter)
+ *   2. ---\n{YAML}\n---                 (standard markdown frontmatter)
  */
 import type { DossierFrontmatter, ParsedDossier } from './types';
+/** Required fields for a valid dossier frontmatter. */
+export declare const REQUIRED_FIELDS: readonly ["dossier_schema_version", "title", "version"];
+/** Recommended (but optional) fields. */
+export declare const RECOMMENDED_FIELDS: readonly ["objective", "risk_level", "status"];
+/** Valid values for the status field (Title Case, matching DossierStatus type and schema). */
+export declare const VALID_STATUSES: readonly ["Draft", "Stable", "Deprecated", "Experimental"];
+/** Valid values for the risk_level field. */
+export declare const VALID_RISK_LEVELS: readonly ["low", "medium", "high", "critical"];
 /**
- * Parse dossier content into frontmatter and body
- * Format: ---dossier\n{JSON}\n---\n[body]
+ * Parse dossier content into frontmatter and body.
+ *
+ * Accepts both `---dossier` (JSON/YAML) and standard `---` (YAML) frontmatter.
  */
 export declare function parseDossierContent(content: string): ParsedDossier;
 /**
@@ -12,7 +25,10 @@ export declare function parseDossierContent(content: string): ParsedDossier;
  */
 export declare function parseDossierFile(filePath: string): ParsedDossier;
 /**
- * Validate required frontmatter fields
+ * Validate required frontmatter fields.
+ *
+ * Checks for required fields (dossier_schema_version, title, version),
+ * and validates enum values for status and risk_level.
  */
 export declare function validateFrontmatter(frontmatter: DossierFrontmatter): string[];
 //# sourceMappingURL=parser.d.ts.map

package/dist/parser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAIjE;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,CAuBlE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAGhE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,kBAAkB,GAAG,MAAM,EAAE,CAmC7E"}
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAIjE,uDAAuD;AACvD,eAAO,MAAM,eAAe,yDAA0D,CAAC;AAEvF,yCAAyC;AACzC,eAAO,MAAM,kBAAkB,gDAAiD,CAAC;AAEjF,8FAA8F;AAC9F,eAAO,MAAM,cAAc,4DAA6D,CAAC;AAEzF,6CAA6C;AAC7C,eAAO,MAAM,iBAAiB,gDAAiD,CAAC;AAEhF;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,aAAa,CA2ClE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAGhE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,kBAAkB,GAAG,MAAM,EAAE,CAgC7E"}