@ai-dossier/core 1.0.2 → 1.1.0

package/README.md

@@ -1,5 +1,9 @@
 # @ai-dossier/core
 
+[![npm version](https://img.shields.io/npm/v/@ai-dossier/core)](https://www.npmjs.com/package/@ai-dossier/core)
+[![npm downloads](https://img.shields.io/npm/dm/@ai-dossier/core)](https://www.npmjs.com/package/@ai-dossier/core)
+[![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](https://github.com/imboard-ai/ai-dossier/blob/main/LICENSE)
+
 Core parsing, verification, and linting logic for the [Dossier](https://github.com/imboard-ai/ai-dossier) automation standard.
 
 ## Installation
@@ -8,65 +12,235 @@ Core parsing, verification, and linting logic for the [Dossier](https://github.c
 npm install @ai-dossier/core
 ```
 
+Requires Node.js >= 20.0.0.
+
+## Quick Start
+
+```typescript
+import {
+  parseDossierContent,
+  verifyIntegrity,
+  lintDossier,
+} from '@ai-dossier/core';
+
+// 1. Parse a dossier
+const dossier = parseDossierContent(rawContent);
+console.log(dossier.frontmatter.title); // => "My Dossier"
+
+// 2. Verify integrity
+const integrity = verifyIntegrity(
+  dossier.body,
+  dossier.frontmatter.checksum?.hash
+);
+console.log(integrity.status); // => "valid" | "invalid" | "missing"
+
+// 3. Lint for issues
+const result = lintDossier(rawContent);
+console.log(result.errorCount, result.warningCount);
+```
+
 ## API
 
 ### Parsing
 
 ```typescript
-import { parseDossierContent, parseDossierFile, validateFrontmatter } from '@ai-dossier/core';
+import {
+  parseDossierContent,
+  parseDossierFile,
+  validateFrontmatter,
+} from '@ai-dossier/core';
+```
+
+#### `parseDossierContent(content: string): ParsedDossier`
+
+Parse a dossier content string into frontmatter and body. Accepts both `---dossier` (JSON/YAML) and standard `---` (YAML) delimiters.
+
+```typescript
+const { frontmatter, body, raw } = parseDossierContent(content);
+```
+
+#### `parseDossierFile(filePath: string): ParsedDossier`
+
+Read and parse a dossier file from disk.
+
+```typescript
+const parsed = parseDossierFile('./path/to/dossier.ds.md');
+```
 
-// Parse dossier content string
-const { frontmatter, body } = parseDossierContent(content);
+#### `validateFrontmatter(frontmatter: DossierFrontmatter): string[]`
 
-// Parse from file path
-const parsed = parseDossierFile('./my-dossier.ds.md');
+Validate required fields and enum values. Returns an array of error messages (empty if valid).
 
-// Validate required fields
+```typescript
 const errors = validateFrontmatter(parsed.frontmatter);
+if (errors.length > 0) {
+  console.error('Validation errors:', errors);
+}
 ```
 
 ### Checksum Verification
 
 ```typescript
 import { calculateChecksum, verifyIntegrity } from '@ai-dossier/core';
+```
+
+#### `calculateChecksum(body: string): string`
+
+Calculate the SHA-256 hash of dossier body content (excluding frontmatter).
 
-const hash = calculateChecksum(body);
-const isValid = verifyIntegrity(body, expectedHash);
+#### `verifyIntegrity(body: string, expectedHash: string | undefined): IntegrityResult`
+
+Compare the computed hash against the expected hash from frontmatter.
+
+```typescript
+const result = verifyIntegrity(body, frontmatter.checksum?.hash);
+// result.status: "valid" | "invalid" | "missing"
 ```
 
 ### Signature Verification
 
 ```typescript
-import { verifySignature, verifyWithEd25519, loadTrustedKeys } from '@ai-dossier/core';
+import {
+  verifySignature,
+  verifyWithEd25519,
+  verifyWithKms,
+  loadTrustedKeys,
+} from '@ai-dossier/core';
+```
 
-// Verify using trusted keys
-const result = await verifySignature(frontmatter, body);
+#### `verifySignature(content: string, signature: SignatureResult): Promise<VerifyResult>`
 
-// Verify with a specific Ed25519 public key
-const valid = verifyWithEd25519(data, signature, publicKeyPem);
+Verify a signature using the verifier registry. Automatically selects the correct verifier based on `signature.algorithm`.
+
+```typescript
+const result = await verifySignature(body, frontmatter.signature);
+console.log(result.valid); // true | false
 ```
 
+#### `verifyWithEd25519(content: string, signature: string, publicKey: string): VerifyResult`
+
+Verify an Ed25519 signature directly.
+
+#### `verifyWithKms(content: string, signature: string, keyId: string, region?: string): Promise<VerifyResult>`
+
+Verify an ECDSA-SHA-256 signature using AWS KMS.
+
+#### `loadTrustedKeys(filePath?: string): Map<string, string>`
+
+Load trusted public keys from a file (default: `~/.dossier/trusted-keys.txt`). Returns a map of public key to key ID.
+
 ### Linting
 
 ```typescript
 import { lintDossier, lintDossierFile } from '@ai-dossier/core';
+```
+
+#### `lintDossier(content: string, config?: LintConfig): LintResult`
 
-const results = lintDossier(content);
-// or
-const results = lintDossierFile('./my-dossier.ds.md');
+Lint dossier content against built-in rules (checksum validity, schema validation, required sections, semver version, etc.).
+
+```typescript
+const result = lintDossier(content);
+for (const d of result.diagnostics) {
+  console.log(`[${d.severity}] ${d.ruleId}: ${d.message}`);
+}
 ```
 
+#### `lintDossierFile(filePath: string, config?: LintConfig): LintResult`
+
+Lint a dossier file from disk.
+
 ### Formatting
 
 ```typescript
-import { formatDossierContent } from '@ai-dossier/core';
+import { formatDossierContent, formatDossierFile } from '@ai-dossier/core';
+```
+
+#### `formatDossierContent(content: string, options?: Partial<FormatOptions>): FormatResult`
 
-const { content, changed } = formatDossierContent(rawContent, {
+Format dossier content (sort keys, update checksum). Returns `{ formatted, changed }`.
+
+```typescript
+const { formatted, changed } = formatDossierContent(rawContent, {
   sortKeys: true,
   updateChecksum: true,
 });
 ```
 
+#### `formatDossierFile(filePath: string, options?: Partial<FormatOptions>): FormatResult`
+
+Format a dossier file in place. Only writes if changes were made.
+
+### Signer/Verifier Interfaces
+
+The package exports extensible interfaces for signing and verification:
+
+```typescript
+import type { Signer, Verifier, SignatureResult, VerifyResult } from '@ai-dossier/core';
+```
+
+Built-in implementations:
+- `Ed25519Signer` / `Ed25519Verifier` — Ed25519 key pair signing
+- `KmsSigner` / `KmsVerifier` — AWS KMS ECDSA-SHA-256 signing
+
+Registry for algorithm dispatch:
+```typescript
+import { getVerifierRegistry, VerifierRegistry } from '@ai-dossier/core';
+
+const registry = getVerifierRegistry();
+const verifier = registry.get('ed25519');
+const result = await verifier.verify(content, signature);
+```
+
+## Types
+
+All TypeScript types are exported from the package root:
+
+```typescript
+import type {
+  // Core types
+  DossierFrontmatter,   // Frontmatter fields (title, version, checksum, signature, ...)
+  ParsedDossier,        // { frontmatter, body, raw }
+  DossierStatus,        // "Draft" | "Stable" | "Deprecated" | "Experimental"
+  DossierListItem,      // Summary for listing dossiers
+
+  // Verification
+  IntegrityResult,      // Checksum verification result
+  AuthenticityResult,   // Signature verification result
+  RiskAssessment,       // Risk level, factors, destructive ops
+  VerificationResult,   // Combined verification report
+  TrustedKey,           // { publicKey, keyId }
+
+  // Signing
+  Signer,               // Sign interface
+  Verifier,             // Verify interface
+  SignatureResult,       // Signature metadata
+  VerifyResult,          // { valid, error? }
+  VerifierRegistry,     // Algorithm → verifier dispatch
+
+  // Linting
+  LintResult,           // { diagnostics, errorCount, warningCount, infoCount }
+  LintDiagnostic,       // { ruleId, severity, message, field? }
+  LintRule,             // Custom rule interface
+  LintConfig,           // { rules: Record<string, severity> }
+  LintSeverity,         // "error" | "warning" | "info"
+
+  // Formatting
+  FormatOptions,        // { indent, sortKeys, updateChecksum }
+  FormatResult,         // { formatted, changed }
+} from '@ai-dossier/core';
+```
+
+## Development
+
+Part of the [ai-dossier](https://github.com/imboard-ai/ai-dossier) monorepo.
+
+```bash
+npm run build -w packages/core    # build
+npm run test -w packages/core     # test
+make build-core                   # build via Makefile
+```
+
 ## License
 
 [AGPL-3.0](https://github.com/imboard-ai/ai-dossier/blob/main/LICENSE)

package/dist/formatter/formatter.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAiG3D,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,YAAY,CAmCd"}
+{"version":3,"file":"formatter.d.ts","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAmG3D,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAC/B,YAAY,CAmCd"}

package/dist/formatter/formatter.js

@@ -25,6 +25,8 @@ const KEY_ORDER = [
     'risk_factors',
     'requires_approval',
     'destructive_operations',
+    'content_scope',
+    'external_references',
     'prerequisites',
     'inputs',
     'outputs',

package/dist/formatter/formatter.js.map

@@ -1 +1 @@
-{"version":3,"file":"formatter.js","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":";;AAmGA,oDAsCC;AAzID,0CAAgD;AAChD,sCAAgD;AAEhD,mCAA+C;AAE/C;;;;GAIG;AACH,MAAM,SAAS,GAAa;IAC1B,wBAAwB;IACxB,OAAO;IACP,SAAS;IACT,kBAAkB;IAClB,QAAQ;IACR,cAAc;IACd,WAAW;IACX,UAAU;IACV,MAAM;IACN,gBAAgB;IAChB,oBAAoB;IACpB,YAAY;IACZ,cAAc;IACd,mBAAmB;IACnB,wBAAwB;IACxB,eAAe;IACf,QAAQ;IACR,SAAS;IACT,eAAe;IACf,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,SAAS;IACT,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,iBAAiB;IACjB,eAAe;IACf,UAAU;IACV,WAAW;CACZ,CAAC;AAEF,SAAS,mBAAmB,CAAC,WAAoC;IAC/D,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAEpC,0BAA0B;IAC1B,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;SACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC/B,IAAI,EAAE,CAAC;IACV,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,mCAAmC;QACnC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,sFAAsF;IACtF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;gBAChB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,IAAI;SACR,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;SAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,oBAAoB,CAClC,OAAe,EACf,OAAgC;IAEhC,MAAM,IAAI,GAAkB,EAAE,GAAG,4BAAoB,EAAE,GAAG,OAAO,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAA,4BAAmB,EAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,WAAW,GAA4B,MAAM,CAAC,WAAsC,CAAC;IAEzF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,2FAA2F;IAC3F,MAAM,IAAI,GAAG,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErE,6BAA6B;IAC7B,IAAI,IAAI,CAAC,cAAc,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,WAAW,CAAC,QAAmC,CAAC;QACpE,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAA,4BAAiB,EAAC,IAAI,CAAC,CAAC;YACxC,WAAW,CAAC,QAAQ,GAAG,EAAE,GAAG,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAE/D,6BAA6B;IAC7B,IAAI,MAAM,GAAG,eAAe,OAAO,UAAU,IAAI,EAAE,CAAC;IAEpD,uBAAuB;IACvB,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,MAAM,KAAK,OAAO;KAC5B,CAAC;AACJ,CAAC"}
+{"version":3,"file":"formatter.js","sourceRoot":"","sources":["../../src/formatter/formatter.ts"],"names":[],"mappings":";;AAqGA,oDAsCC;AA3ID,0CAAgD;AAChD,sCAAgD;AAEhD,mCAA+C;AAE/C;;;;GAIG;AACH,MAAM,SAAS,GAAa;IAC1B,wBAAwB;IACxB,OAAO;IACP,SAAS;IACT,kBAAkB;IAClB,QAAQ;IACR,cAAc;IACd,WAAW;IACX,UAAU;IACV,MAAM;IACN,gBAAgB;IAChB,oBAAoB;IACpB,YAAY;IACZ,cAAc;IACd,mBAAmB;IACnB,wBAAwB;IACxB,eAAe;IACf,qBAAqB;IACrB,eAAe;IACf,QAAQ;IACR,SAAS;IACT,eAAe;IACf,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,SAAS;IACT,UAAU;IACV,YAAY;IACZ,QAAQ;IACR,iBAAiB;IACjB,eAAe;IACf,UAAU;IACV,WAAW;CACZ,CAAC;AAEF,SAAS,mBAAmB,CAAC,WAAoC;IAC/D,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAEpC,0BAA0B;IAC1B,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC;SACzC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SAC/B,IAAI,EAAE,CAAC;IACV,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,mCAAmC;QACnC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,sFAAsF;IACtF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;gBAChB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,IAAI;SACR,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;SAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,IAAI,IAAI,CAAC;IACrB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,oBAAoB,CAClC,OAAe,EACf,OAAgC;IAEhC,MAAM,IAAI,GAAkB,EAAE,GAAG,4BAAoB,EAAE,GAAG,OAAO,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAA,4BAAmB,EAAC,OAAO,CAAC,CAAC;IAE5C,IAAI,WAAW,GAA4B,MAAM,CAAC,WAAsC,CAAC;IAEzF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,WAAW,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED,2FAA2F;IAC3F,MAAM,IAAI,GAAG,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErE,6BAA6B;IAC7B,IAAI,IAAI,CAAC,cAAc,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,WAAW,CAAC,QAAmC,CAAC;QACpE,IAAI,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAA,4BAAiB,EAAC,IAAI,CAAC,CAAC;YACxC,WAAW,CAAC,QAAQ,GAAG,EAAE,GAAG,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAE/D,6BAA6B;IAC7B,IAAI,MAAM,GAAG,eAAe,OAAO,UAAU,IAAI,EAAE,CAAC;IAEpD,uBAAuB;IACvB,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO;QACL,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,MAAM,KAAK,OAAO;KAC5B,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -13,11 +13,14 @@ export { formatDossierContent, formatDossierFile } from './formatter';
 export type { LintConfig, LintDiagnostic, LintResult, LintRule, LintRuleContext, LintSeverity, RuleSeverityOverride, } from './linter';
 export { defaultRules, LintRuleRegistry, lintDossier, lintDossierFile, loadLintConfig, } from './linter';
 export { parseDossierContent, parseDossierFile, RECOMMENDED_FIELDS, REQUIRED_FIELDS, VALID_RISK_LEVELS, VALID_STATUSES, validateFrontmatter, } from './parser';
+export type { ChecksumStatus, ContentRiskResult, SignatureStatus, VerificationRiskLevel, VerificationRiskResult, } from './risk-assessment';
+export { assessContentRisk, assessVerificationRisk } from './risk-assessment';
 export { loadTrustedKeys, verifySignature, verifyWithEd25519, verifyWithKms } from './signature';
 export { Ed25519Signer, Ed25519Verifier, getVerifierRegistry, KmsSigner, KmsVerifier, SignatureResult, Signer, Verifier, VerifierRegistry, VerifyResult, } from './signers';
 export * from './types';
 export { sha256Hash, sha256Hex } from './utils/crypto';
 export { getErrorMessage, getErrorStack } from './utils/errors';
 export { readFileIfExists } from './utils/fs';
+export { collectDeclaredUrls, findStaleReferences, findUndeclaredUrls, isPlaceholderUrl, isUrlCoveredByDeclared, scanBodyForUrls, } from './utils/url-scanner';
 export { createDefaultVerificationResult } from './utils/verification';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAChE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACtE,YAAY,EACV,UAAU,EACV,cAAc,EACd,UAAU,EACV,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjG,OAAO,EACL,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,SAAS,EACT,WAAW,EACX,eAAe,EACf,MAAM,EACN,QAAQ,EACR,gBAAgB,EAChB,YAAY,GACb,MAAM,WAAW,CAAC;AAEnB,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EAAE,+BAA+B,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAChE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACtE,YAAY,EACV,UAAU,EACV,cAAc,EACd,UAAU,EACV,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAClB,YAAY,EACV,cAAc,EACd,iBAAiB,EACjB,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE9E,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAEjG,OAAO,EACL,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,SAAS,EACT,WAAW,EACX,eAAe,EACf,MAAM,EACN,QAAQ,EACR,gBAAgB,EAChB,YAAY,GACb,MAAM,WAAW,CAAC;AAEnB,cAAc,SAAS,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EAChB,sBAAsB,EACtB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,+BAA+B,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/index.js

@@ -23,7 +23,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createDefaultVerificationResult = exports.readFileIfExists = exports.getErrorStack = exports.getErrorMessage = exports.sha256Hex = exports.sha256Hash = exports.VerifierRegistry = exports.KmsVerifier = exports.KmsSigner = exports.getVerifierRegistry = exports.Ed25519Verifier = exports.Ed25519Signer = exports.verifyWithKms = exports.verifyWithEd25519 = exports.verifySignature = exports.loadTrustedKeys = exports.validateFrontmatter = exports.VALID_STATUSES = exports.VALID_RISK_LEVELS = exports.REQUIRED_FIELDS = exports.RECOMMENDED_FIELDS = exports.parseDossierFile = exports.parseDossierContent = exports.loadLintConfig = exports.lintDossierFile = exports.lintDossier = exports.LintRuleRegistry = exports.defaultRules = exports.formatDossierFile = exports.formatDossierContent = exports.verifyIntegrity = exports.calculateChecksum = void 0;
+exports.createDefaultVerificationResult = exports.scanBodyForUrls = exports.isUrlCoveredByDeclared = exports.isPlaceholderUrl = exports.findUndeclaredUrls = exports.findStaleReferences = exports.collectDeclaredUrls = exports.readFileIfExists = exports.getErrorStack = exports.getErrorMessage = exports.sha256Hex = exports.sha256Hash = exports.VerifierRegistry = exports.KmsVerifier = exports.KmsSigner = exports.getVerifierRegistry = exports.Ed25519Verifier = exports.Ed25519Signer = exports.verifyWithKms = exports.verifyWithEd25519 = exports.verifySignature = exports.loadTrustedKeys = exports.assessVerificationRisk = exports.assessContentRisk = exports.validateFrontmatter = exports.VALID_STATUSES = exports.VALID_RISK_LEVELS = exports.REQUIRED_FIELDS = exports.RECOMMENDED_FIELDS = exports.parseDossierFile = exports.parseDossierContent = exports.loadLintConfig = exports.lintDossierFile = exports.lintDossier = exports.LintRuleRegistry = exports.defaultRules = exports.formatDossierFile = exports.formatDossierContent = exports.verifyIntegrity = exports.calculateChecksum = void 0;
 // Checksum exports
 var checksum_1 = require("./checksum");
 Object.defineProperty(exports, "calculateChecksum", { enumerable: true, get: function () { return checksum_1.calculateChecksum; } });
@@ -48,6 +48,10 @@ Object.defineProperty(exports, "REQUIRED_FIELDS", { enumerable: true, get: funct
 Object.defineProperty(exports, "VALID_RISK_LEVELS", { enumerable: true, get: function () { return parser_1.VALID_RISK_LEVELS; } });
 Object.defineProperty(exports, "VALID_STATUSES", { enumerable: true, get: function () { return parser_1.VALID_STATUSES; } });
 Object.defineProperty(exports, "validateFrontmatter", { enumerable: true, get: function () { return parser_1.validateFrontmatter; } });
+// Risk assessment exports
+var risk_assessment_1 = require("./risk-assessment");
+Object.defineProperty(exports, "assessContentRisk", { enumerable: true, get: function () { return risk_assessment_1.assessContentRisk; } });
+Object.defineProperty(exports, "assessVerificationRisk", { enumerable: true, get: function () { return risk_assessment_1.assessVerificationRisk; } });
 // Signature exports
 var signature_1 = require("./signature");
 Object.defineProperty(exports, "loadTrustedKeys", { enumerable: true, get: function () { return signature_1.loadTrustedKeys; } });
@@ -75,6 +79,14 @@ Object.defineProperty(exports, "getErrorStack", { enumerable: true, get: functio
 // File system utilities
 var fs_1 = require("./utils/fs");
 Object.defineProperty(exports, "readFileIfExists", { enumerable: true, get: function () { return fs_1.readFileIfExists; } });
+// URL scanning utilities
+var url_scanner_1 = require("./utils/url-scanner");
+Object.defineProperty(exports, "collectDeclaredUrls", { enumerable: true, get: function () { return url_scanner_1.collectDeclaredUrls; } });
+Object.defineProperty(exports, "findStaleReferences", { enumerable: true, get: function () { return url_scanner_1.findStaleReferences; } });
+Object.defineProperty(exports, "findUndeclaredUrls", { enumerable: true, get: function () { return url_scanner_1.findUndeclaredUrls; } });
+Object.defineProperty(exports, "isPlaceholderUrl", { enumerable: true, get: function () { return url_scanner_1.isPlaceholderUrl; } });
+Object.defineProperty(exports, "isUrlCoveredByDeclared", { enumerable: true, get: function () { return url_scanner_1.isUrlCoveredByDeclared; } });
+Object.defineProperty(exports, "scanBodyForUrls", { enumerable: true, get: function () { return url_scanner_1.scanBodyForUrls; } });
 // Verification utilities
 var verification_1 = require("./utils/verification");
 Object.defineProperty(exports, "createDefaultVerificationResult", { enumerable: true, get: function () { return verification_1.createDefaultVerificationResult; } });

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;AAEH,mBAAmB;AACnB,uCAAgE;AAAvD,6GAAA,iBAAiB,OAAA;AAAE,2GAAA,eAAe,OAAA;AAE3C,oBAAoB;AACpB,yCAAsE;AAA7D,iHAAA,oBAAoB,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAUhD,iBAAiB;AACjB,mCAMkB;AALhB,sGAAA,YAAY,OAAA;AACZ,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,yGAAA,eAAe,OAAA;AACf,wGAAA,cAAc,OAAA;AAEhB,iBAAiB;AACjB,mCAQkB;AAPhB,6GAAA,mBAAmB,OAAA;AACnB,0GAAA,gBAAgB,OAAA;AAChB,4GAAA,kBAAkB,OAAA;AAClB,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA;AACjB,wGAAA,cAAc,OAAA;AACd,6GAAA,mBAAmB,OAAA;AAErB,oBAAoB;AACpB,yCAAiG;AAAxF,4GAAA,eAAe,OAAA;AAAE,4GAAA,eAAe,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAAE,0GAAA,aAAa,OAAA;AAC3E,iDAAiD;AACjD,qCAWmB;AAVjB,wGAAA,aAAa,OAAA;AACb,0GAAA,eAAe,OAAA;AACf,8GAAA,mBAAmB,OAAA;AACnB,oGAAA,SAAS,OAAA;AACT,sGAAA,WAAW,OAAA;AAIX,2GAAA,gBAAgB,OAAA;AAGlB,eAAe;AACf,0CAAwB;AACxB,mBAAmB;AACnB,yCAAuD;AAA9C,oGAAA,UAAU,OAAA;AAAE,mGAAA,SAAS,OAAA;AAC9B,kBAAkB;AAClB,yCAAgE;AAAvD,yGAAA,eAAe,OAAA;AAAE,uGAAA,aAAa,OAAA;AACvC,wBAAwB;AACxB,iCAA8C;AAArC,sGAAA,gBAAgB,OAAA;AACzB,yBAAyB;AACzB,qDAAuE;AAA9D,+HAAA,+BAA+B,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;AAEH,mBAAmB;AACnB,uCAAgE;AAAvD,6GAAA,iBAAiB,OAAA;AAAE,2GAAA,eAAe,OAAA;AAE3C,oBAAoB;AACpB,yCAAsE;AAA7D,iHAAA,oBAAoB,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAUhD,iBAAiB;AACjB,mCAMkB;AALhB,sGAAA,YAAY,OAAA;AACZ,0GAAA,gBAAgB,OAAA;AAChB,qGAAA,WAAW,OAAA;AACX,yGAAA,eAAe,OAAA;AACf,wGAAA,cAAc,OAAA;AAEhB,iBAAiB;AACjB,mCAQkB;AAPhB,6GAAA,mBAAmB,OAAA;AACnB,0GAAA,gBAAgB,OAAA;AAChB,4GAAA,kBAAkB,OAAA;AAClB,yGAAA,eAAe,OAAA;AACf,2GAAA,iBAAiB,OAAA;AACjB,wGAAA,cAAc,OAAA;AACd,6GAAA,mBAAmB,OAAA;AASrB,0BAA0B;AAC1B,qDAA8E;AAArE,oHAAA,iBAAiB,OAAA;AAAE,yHAAA,sBAAsB,OAAA;AAClD,oBAAoB;AACpB,yCAAiG;AAAxF,4GAAA,eAAe,OAAA;AAAE,4GAAA,eAAe,OAAA;AAAE,8GAAA,iBAAiB,OAAA;AAAE,0GAAA,aAAa,OAAA;AAC3E,iDAAiD;AACjD,qCAWmB;AAVjB,wGAAA,aAAa,OAAA;AACb,0GAAA,eAAe,OAAA;AACf,8GAAA,mBAAmB,OAAA;AACnB,oGAAA,SAAS,OAAA;AACT,sGAAA,WAAW,OAAA;AAIX,2GAAA,gBAAgB,OAAA;AAGlB,eAAe;AACf,0CAAwB;AACxB,mBAAmB;AACnB,yCAAuD;AAA9C,oGAAA,UAAU,OAAA;AAAE,mGAAA,SAAS,OAAA;AAC9B,kBAAkB;AAClB,yCAAgE;AAAvD,yGAAA,eAAe,OAAA;AAAE,uGAAA,aAAa,OAAA;AACvC,wBAAwB;AACxB,iCAA8C;AAArC,sGAAA,gBAAgB,OAAA;AACzB,yBAAyB;AACzB,mDAO6B;AAN3B,kHAAA,mBAAmB,OAAA;AACnB,kHAAA,mBAAmB,OAAA;AACnB,iHAAA,kBAAkB,OAAA;AAClB,+GAAA,gBAAgB,OAAA;AAChB,qHAAA,sBAAsB,OAAA;AACtB,8GAAA,eAAe,OAAA;AAEjB,yBAAyB;AACzB,qDAAuE;AAA9D,+HAAA,+BAA+B,OAAA"}

package/dist/linter/rules/external-references-declared.d.ts

@@ -0,0 +1,3 @@
+import type { LintRule } from '../types';
+export declare const externalReferencesDeclaredRule: LintRule;
+//# sourceMappingURL=external-references-declared.d.ts.map

package/dist/linter/rules/external-references-declared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-references-declared.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/external-references-declared.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAkB,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzD,eAAO,MAAM,8BAA8B,EAAE,QAgD5C,CAAC"}

package/dist/linter/rules/external-references-declared.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.externalReferencesDeclaredRule = void 0;
+const url_scanner_1 = require("../../utils/url-scanner");
+exports.externalReferencesDeclaredRule = {
+    id: 'external-references-declared',
+    description: 'External URLs in body must be declared in external_references',
+    defaultSeverity: 'error',
+    run(context) {
+        const { frontmatter, body } = context;
+        const diagnostics = [];
+        const bodyUrls = (0, url_scanner_1.scanBodyForUrls)(body);
+        if (bodyUrls.length === 0) {
+            return diagnostics;
+        }
+        const declaredUrls = (0, url_scanner_1.collectDeclaredUrls)(frontmatter);
+        const undeclaredUrls = (0, url_scanner_1.findUndeclaredUrls)(bodyUrls, declaredUrls);
+        for (const url of undeclaredUrls) {
+            diagnostics.push({
+                ruleId: 'external-references-declared',
+                severity: 'error',
+                message: `Undeclared external URL in body: ${url} — add it to external_references`,
+                field: 'external_references',
+            });
+        }
+        if (bodyUrls.length > 0 && frontmatter.content_scope !== 'references-external') {
+            diagnostics.push({
+                ruleId: 'external-references-declared',
+                severity: 'error',
+                message: `Body contains ${bodyUrls.length} external URL(s) but content_scope is not "references-external"`,
+                field: 'content_scope',
+            });
+        }
+        if (Array.isArray(frontmatter.external_references)) {
+            const stale = (0, url_scanner_1.findStaleReferences)(frontmatter.external_references, bodyUrls);
+            for (const ref of stale) {
+                diagnostics.push({
+                    ruleId: 'external-references-declared',
+                    severity: 'info',
+                    message: `Declared external reference not found in body (possibly stale): ${ref.url}`,
+                    field: 'external_references',
+                });
+            }
+        }
+        return diagnostics;
+    },
+};
+//# sourceMappingURL=external-references-declared.js.map

package/dist/linter/rules/external-references-declared.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-references-declared.js","sourceRoot":"","sources":["../../../src/linter/rules/external-references-declared.ts"],"names":[],"mappings":";;;AAAA,yDAKiC;AAGpB,QAAA,8BAA8B,GAAa;IACtD,EAAE,EAAE,8BAA8B;IAClC,WAAW,EAAE,+DAA+D;IAC5E,eAAe,EAAE,OAAO;IACxB,GAAG,CAAC,OAAO;QACT,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;QACtC,MAAM,WAAW,GAAqB,EAAE,CAAC;QAEzC,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;QACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,iCAAmB,EAAC,WAAW,CAAC,CAAC;QACtD,MAAM,cAAc,GAAG,IAAA,gCAAkB,EAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAElE,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;YACjC,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,8BAA8B;gBACtC,QAAQ,EAAE,OAAgB;gBAC1B,OAAO,EAAE,oCAAoC,GAAG,kCAAkC;gBAClF,KAAK,EAAE,qBAAqB;aAC7B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,aAAa,KAAK,qBAAqB,EAAE,CAAC;YAC/E,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,8BAA8B;gBACtC,QAAQ,EAAE,OAAgB;gBAC1B,OAAO,EAAE,iBAAiB,QAAQ,CAAC,MAAM,iEAAiE;gBAC1G,KAAK,EAAE,eAAe;aACvB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,IAAA,iCAAmB,EAAC,WAAW,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;YAC7E,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,8BAA8B;oBACtC,QAAQ,EAAE,MAAe;oBACzB,OAAO,EAAE,mEAAmE,GAAG,CAAC,GAAG,EAAE;oBACrF,KAAK,EAAE,qBAAqB;iBAC7B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}

package/dist/linter/rules/index.d.ts

@@ -1,11 +1,12 @@
 import type { LintRule } from '../types';
 import { checksumValidRule } from './checksum-valid';
+import { externalReferencesDeclaredRule } from './external-references-declared';
 import { objectiveQualityRule } from './objective-quality';
 import { requiredSectionsRule } from './required-sections';
 import { riskLevelConsistencyRule } from './risk-level-consistency';
 import { schemaValidRule } from './schema-valid';
 import { semverVersionRule } from './semver-version';
 import { toolsCheckCommandRule } from './tools-check-command';
-export { checksumValidRule, objectiveQualityRule, requiredSectionsRule, riskLevelConsistencyRule, schemaValidRule, semverVersionRule, toolsCheckCommandRule, };
+export { checksumValidRule, externalReferencesDeclaredRule, objectiveQualityRule, requiredSectionsRule, riskLevelConsistencyRule, schemaValidRule, semverVersionRule, toolsCheckCommandRule, };
 export declare const defaultRules: LintRule[];
 //# sourceMappingURL=index.d.ts.map

package/dist/linter/rules/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,QAAQ,EAQlC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EACL,iBAAiB,EACjB,8BAA8B,EAC9B,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,CAAC;AAEF,eAAO,MAAM,YAAY,EAAE,QAAQ,EASlC,CAAC"}

package/dist/linter/rules/index.js

@@ -1,8 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultRules = exports.toolsCheckCommandRule = exports.semverVersionRule = exports.schemaValidRule = exports.riskLevelConsistencyRule = exports.requiredSectionsRule = exports.objectiveQualityRule = exports.checksumValidRule = void 0;
+exports.defaultRules = exports.toolsCheckCommandRule = exports.semverVersionRule = exports.schemaValidRule = exports.riskLevelConsistencyRule = exports.requiredSectionsRule = exports.objectiveQualityRule = exports.externalReferencesDeclaredRule = exports.checksumValidRule = void 0;
 const checksum_valid_1 = require("./checksum-valid");
 Object.defineProperty(exports, "checksumValidRule", { enumerable: true, get: function () { return checksum_valid_1.checksumValidRule; } });
+const external_references_declared_1 = require("./external-references-declared");
+Object.defineProperty(exports, "externalReferencesDeclaredRule", { enumerable: true, get: function () { return external_references_declared_1.externalReferencesDeclaredRule; } });
 const objective_quality_1 = require("./objective-quality");
 Object.defineProperty(exports, "objectiveQualityRule", { enumerable: true, get: function () { return objective_quality_1.objectiveQualityRule; } });
 const required_sections_1 = require("./required-sections");
@@ -23,5 +25,6 @@ exports.defaultRules = [
     tools_check_command_1.toolsCheckCommandRule,
     objective_quality_1.objectiveQualityRule,
     required_sections_1.requiredSectionsRule,
+    external_references_declared_1.externalReferencesDeclaredRule,
 ];
 //# sourceMappingURL=index.js.map

package/dist/linter/rules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":";;;AACA,qDAAqD;AASnD,kGATO,kCAAiB,OASP;AARnB,2DAA2D;AASzD,qGATO,wCAAoB,OASP;AARtB,2DAA2D;AASzD,qGATO,wCAAoB,OASP;AARtB,qEAAoE;AASlE,yGATO,iDAAwB,OASP;AAR1B,iDAAiD;AAS/C,gGATO,8BAAe,OASP;AARjB,qDAAqD;AASnD,kGATO,kCAAiB,OASP;AARnB,+DAA8D;AAS5D,sGATO,2CAAqB,OASP;AAGV,QAAA,YAAY,GAAe;IACtC,8BAAe;IACf,kCAAiB;IACjB,kCAAiB;IACjB,iDAAwB;IACxB,2CAAqB;IACrB,wCAAoB;IACpB,wCAAoB;CACrB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/linter/rules/index.ts"],"names":[],"mappings":";;;AACA,qDAAqD;AAUnD,kGAVO,kCAAiB,OAUP;AATnB,iFAAgF;AAU9E,+GAVO,6DAA8B,OAUP;AAThC,2DAA2D;AAUzD,qGAVO,wCAAoB,OAUP;AATtB,2DAA2D;AAUzD,qGAVO,wCAAoB,OAUP;AATtB,qEAAoE;AAUlE,yGAVO,iDAAwB,OAUP;AAT1B,iDAAiD;AAU/C,gGAVO,8BAAe,OAUP;AATjB,qDAAqD;AAUnD,kGAVO,kCAAiB,OAUP;AATnB,+DAA8D;AAU5D,sGAVO,2CAAqB,OAUP;AAGV,QAAA,YAAY,GAAe;IACtC,8BAAe;IACf,kCAAiB;IACjB,kCAAiB;IACjB,iDAAwB;IACxB,2CAAqB;IACrB,wCAAoB;IACpB,wCAAoB;IACpB,6DAA8B;CAC/B,CAAC"}

package/dist/linter/rules/risk-level-consistency.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"risk-level-consistency.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,wBAAwB,EAAE,QAuBtC,CAAC"}
+{"version":3,"file":"risk-level-consistency.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAkB,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzD,eAAO,MAAM,wBAAwB,EAAE,QAqCtC,CAAC"}

package/dist/linter/rules/risk-level-consistency.js

@@ -3,10 +3,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.riskLevelConsistencyRule = void 0;
 exports.riskLevelConsistencyRule = {
     id: 'risk-level-consistency',
-    description: 'Risk level should be consistent with destructive operations',
+    description: 'Risk level should be consistent with destructive operations and external references',
     defaultSeverity: 'warning',
     run(context) {
-        const { risk_level, destructive_operations } = context.frontmatter;
+        const { risk_level, destructive_operations, external_references, risk_factors } = context.frontmatter;
         const diagnostics = [];
         if (risk_level === 'low' &&
             Array.isArray(destructive_operations) &&
@@ -18,6 +18,16 @@ exports.riskLevelConsistencyRule = {
                 field: 'risk_level',
             });
         }
+        if (Array.isArray(external_references) && external_references.length > 0) {
+            if (!Array.isArray(risk_factors) || !risk_factors.includes('network_access')) {
+                diagnostics.push({
+                    ruleId: 'risk-level-consistency',
+                    severity: 'warning',
+                    message: 'external_references declared but risk_factors does not include "network_access"',
+                    field: 'risk_factors',
+                });
+            }
+        }
         return diagnostics;
     },
 };

package/dist/linter/rules/risk-level-consistency.js.map

@@ -1 +1 @@
-{"version":3,"file":"risk-level-consistency.js","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":";;;AAEa,QAAA,wBAAwB,GAAa;IAChD,EAAE,EAAE,wBAAwB;IAC5B,WAAW,EAAE,6DAA6D;IAC1E,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,EAAE,UAAU,EAAE,sBAAsB,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC;QACnE,MAAM,WAAW,GAAG,EAAE,CAAC;QAEvB,IACE,UAAU,KAAK,KAAK;YACpB,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;YACrC,sBAAsB,CAAC,MAAM,GAAG,CAAC,EACjC,CAAC;YACD,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,wBAAwB;gBAChC,QAAQ,EAAE,SAAkB;gBAC5B,OAAO,EAAE,2BAA2B,sBAAsB,CAAC,MAAM,kEAAkE;gBACnI,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}
+{"version":3,"file":"risk-level-consistency.js","sourceRoot":"","sources":["../../../src/linter/rules/risk-level-consistency.ts"],"names":[],"mappings":";;;AAEa,QAAA,wBAAwB,GAAa;IAChD,EAAE,EAAE,wBAAwB;IAC5B,WAAW,EACT,qFAAqF;IACvF,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,EAAE,UAAU,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,YAAY,EAAE,GAC7E,OAAO,CAAC,WAAW,CAAC;QACtB,MAAM,WAAW,GAAqB,EAAE,CAAC;QAEzC,IACE,UAAU,KAAK,KAAK;YACpB,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;YACrC,sBAAsB,CAAC,MAAM,GAAG,CAAC,EACjC,CAAC;YACD,WAAW,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,wBAAwB;gBAChC,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,2BAA2B,sBAAsB,CAAC,MAAM,kEAAkE;gBACnI,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC7E,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,wBAAwB;oBAChC,QAAQ,EAAE,SAAS;oBACnB,OAAO,EACL,iFAAiF;oBACnF,KAAK,EAAE,cAAc;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}

package/dist/linter/rules/tools-check-command.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools-check-command.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAOzC,eAAO,MAAM,qBAAqB,EAAE,QA0BnC,CAAC"}
+{"version":3,"file":"tools-check-command.d.ts","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzC,eAAO,MAAM,qBAAqB,EAAE,QA0BnC,CAAC"}

package/dist/linter/rules/tools-check-command.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-check-command.js","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":";;;AAOa,QAAA,qBAAqB,GAAa;IAC7C,EAAE,EAAE,qBAAqB;IACzB,WAAW,EAAE,oDAAoD;IACjE,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,cAA4C,CAAC;QAE/E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,WAAW,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,SAAkB;oBAC5B,OAAO,EAAE,SAAS,IAAI,CAAC,IAAI,+DAA+D;oBAC1F,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}
+{"version":3,"file":"tools-check-command.js","sourceRoot":"","sources":["../../../src/linter/rules/tools-check-command.ts"],"names":[],"mappings":";;;AAEa,QAAA,qBAAqB,GAAa;IAC7C,EAAE,EAAE,qBAAqB;IACzB,WAAW,EAAE,oDAAoD;IACjE,eAAe,EAAE,SAAS;IAC1B,GAAG,CAAC,OAAO;QACT,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC;QAEjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,WAAW,GAAG,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC;oBACf,MAAM,EAAE,qBAAqB;oBAC7B,QAAQ,EAAE,SAAkB;oBAC5B,OAAO,EAAE,SAAS,IAAI,CAAC,IAAI,+DAA+D;oBAC1F,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF,CAAC"}

package/dist/risk-assessment.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Verification risk assessment for dossiers.
+ *
+ * Evaluates checksum, signature, and declared risk level
+ * to produce a recommendation (ALLOW or BLOCK).
+ */
+import type { DossierFrontmatter } from './types';
+export interface ChecksumStatus {
+    passed: boolean;
+}
+export interface SignatureStatus {
+    present: boolean;
+    verified: boolean;
+    trusted: boolean;
+}
+export type VerificationRiskLevel = 'low' | 'medium' | 'high' | 'critical';
+export interface VerificationRiskResult {
+    level: VerificationRiskLevel;
+    issues: string[];
+    recommendation: 'ALLOW' | 'BLOCK';
+}
+export declare function assessVerificationRisk(declaredRiskLevel: string | undefined, checksumResult: ChecksumStatus, signatureResult: SignatureStatus): VerificationRiskResult;
+export interface ContentRiskResult {
+    level: VerificationRiskLevel;
+    issues: string[];
+    undeclaredUrls: string[];
+}
+export declare function assessContentRisk(frontmatter: DossierFrontmatter, body: string): ContentRiskResult;
+//# sourceMappingURL=risk-assessment.d.ts.map

package/dist/risk-assessment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-assessment.d.ts","sourceRoot":"","sources":["../src/risk-assessment.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAGlD,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,MAAM,qBAAqB,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE3E,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,OAAO,GAAG,OAAO,CAAC;CACnC;AAED,wBAAgB,sBAAsB,CACpC,iBAAiB,EAAE,MAAM,GAAG,SAAS,EACrC,cAAc,EAAE,cAAc,EAC9B,eAAe,EAAE,eAAe,GAC/B,sBAAsB,CA2CxB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,kBAAkB,EAC/B,IAAI,EAAE,MAAM,GACX,iBAAiB,CAuCnB"}

package/dist/risk-assessment.js

@@ -0,0 +1,83 @@
+"use strict";
+/**
+ * Verification risk assessment for dossiers.
+ *
+ * Evaluates checksum, signature, and declared risk level
+ * to produce a recommendation (ALLOW or BLOCK).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assessVerificationRisk = assessVerificationRisk;
+exports.assessContentRisk = assessContentRisk;
+const url_scanner_1 = require("./utils/url-scanner");
+function assessVerificationRisk(declaredRiskLevel, checksumResult, signatureResult) {
+    const issues = [];
+    let riskLevel = 'low';
+    let shouldBlock = false;
+    // Checksum failure is critical
+    if (!checksumResult.passed) {
+        issues.push('Checksum verification FAILED - content has been tampered with');
+        riskLevel = 'critical';
+        shouldBlock = true;
+    }
+    // Signature issues
+    if (signatureResult.present && !signatureResult.verified) {
+        issues.push('Signature verification FAILED or could not be verified');
+        if (riskLevel !== 'critical')
+            riskLevel = 'high';
+        shouldBlock = true;
+    }
+    // Valid signature but not trusted - BLOCK execution
+    if (signatureResult.present && signatureResult.verified && !signatureResult.trusted) {
+        issues.push('Signature is valid but signer is not in your trusted keys list');
+        issues.push('Add the public key to ~/.dossier/trusted-keys.txt to trust this signer');
+        if (riskLevel === 'low')
+            riskLevel = 'medium';
+        shouldBlock = true;
+    }
+    // No signature on high-risk dossier
+    if (!signatureResult.present && declaredRiskLevel === 'high') {
+        issues.push('High-risk dossier without signature');
+        if (riskLevel === 'low')
+            riskLevel = 'medium';
+    }
+    if (!signatureResult.present && declaredRiskLevel === 'critical') {
+        issues.push('Critical-risk dossier without signature');
+        if (riskLevel !== 'critical')
+            riskLevel = 'high';
+    }
+    return {
+        level: riskLevel,
+        issues,
+        recommendation: shouldBlock ? 'BLOCK' : 'ALLOW',
+    };
+}
+function assessContentRisk(frontmatter, body) {
+    const issues = [];
+    let level = 'low';
+    const bodyUrls = (0, url_scanner_1.scanBodyForUrls)(body);
+    if (bodyUrls.length === 0) {
+        return { level, issues, undeclaredUrls: [] };
+    }
+    const declaredUrls = (0, url_scanner_1.collectDeclaredUrls)(frontmatter);
+    const undeclaredUrls = (0, url_scanner_1.findUndeclaredUrls)(bodyUrls, declaredUrls);
+    if (undeclaredUrls.length > 0) {
+        issues.push(`Body contains ${undeclaredUrls.length} undeclared external URL(s): ${undeclaredUrls.join(', ')}`);
+        if (level === 'low')
+            level = 'medium';
+    }
+    if (Array.isArray(frontmatter.external_references)) {
+        for (const ref of frontmatter.external_references) {
+            if (ref.type === 'script' && ref.trust_level === 'unknown') {
+                issues.push(`External script with unknown trust level: ${ref.url} — requires user approval`);
+                level = 'high';
+            }
+        }
+    }
+    if (bodyUrls.length > 0 &&
+        Array.isArray(frontmatter.risk_factors) &&
+        !frontmatter.risk_factors.includes('network_access')) {
+        issues.push('Body contains external URLs but risk_factors does not include "network_access"');
+    }
+    return { level, issues, undeclaredUrls };
+}
+//# sourceMappingURL=risk-assessment.js.map

package/dist/risk-assessment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-assessment.js","sourceRoot":"","sources":["../src/risk-assessment.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAuBH,wDA+CC;AAQD,8CA0CC;AArHD,qDAA+F;AAoB/F,SAAgB,sBAAsB,CACpC,iBAAqC,EACrC,cAA8B,EAC9B,eAAgC;IAEhC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS,GAA0B,KAAK,CAAC;IAC7C,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,+BAA+B;IAC/B,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;QAC7E,SAAS,GAAG,UAAU,CAAC;QACvB,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,mBAAmB;IACnB,IAAI,eAAe,CAAC,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,UAAU;YAAE,SAAS,GAAG,MAAM,CAAC;QACjD,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,oDAAoD;IACpD,IAAI,eAAe,CAAC,OAAO,IAAI,eAAe,CAAC,QAAQ,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;QACpF,MAAM,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;QACtF,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;QAC9C,WAAW,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,oCAAoC;IACpC,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI,iBAAiB,KAAK,MAAM,EAAE,CAAC;QAC7D,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,IAAI,SAAS,KAAK,KAAK;YAAE,SAAS,GAAG,QAAQ,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,OAAO,IAAI,iBAAiB,KAAK,UAAU,EAAE,CAAC;QACjE,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACvD,IAAI,SAAS,KAAK,UAAU;YAAE,SAAS,GAAG,MAAM,CAAC;IACnD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,SAAS;QAChB,MAAM;QACN,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;KAChD,CAAC;AACJ,CAAC;AAQD,SAAgB,iBAAiB,CAC/B,WAA+B,EAC/B,IAAY;IAEZ,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,GAA0B,KAAK,CAAC;IAEzC,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;IACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC/C,CAAC;IAED,MAAM,YAAY,GAAG,IAAA,iCAAmB,EAAC,WAAW,CAAC,CAAC;IACtD,MAAM,cAAc,GAAG,IAAA,gCAAkB,EAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAElE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CACT,iBAAiB,cAAc,CAAC,MAAM,gCAAgC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClG,CAAC;QACF,IAAI,KAAK,KAAK,KAAK;YAAE,KAAK,GAAG,QAAQ,CAAC;IACxC,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACnD,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAClD,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC3D,MAAM,CAAC,IAAI,CACT,6CAA6C,GAAG,CAAC,GAAG,2BAA2B,CAChF,CAAC;gBACF,KAAK,GAAG,MAAM,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED,IACE,QAAQ,CAAC,MAAM,GAAG,CAAC;QACnB,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC;QACvC,CAAC,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EACpD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAC3C,CAAC"}

package/dist/schema/dossier-schema.json

@@ -168,6 +168,53 @@
                 "minLength": 10
             }
         },
+        "content_scope": {
+            "type": "string",
+            "description": "Whether the dossier body is self-contained or references external URLs",
+            "enum": ["self-contained", "references-external"]
+        },
+        "external_references": {
+            "type": "array",
+            "description": "Manifest of all external resources referenced in the dossier body",
+            "items": {
+                "type": "object",
+                "required": ["url", "description", "type", "trust_level", "required"],
+                "properties": {
+                    "url": {
+                        "type": "string",
+                        "description": "URL or URL prefix of the external resource",
+                        "format": "uri"
+                    },
+                    "description": {
+                        "type": "string",
+                        "description": "What this external resource is used for"
+                    },
+                    "type": {
+                        "type": "string",
+                        "description": "Type of external resource",
+                        "enum": [
+                            "download",
+                            "api",
+                            "documentation",
+                            "script",
+                            "config",
+                            "image",
+                            "dossier",
+                            "other"
+                        ]
+                    },
+                    "trust_level": {
+                        "type": "string",
+                        "description": "Trust level of the external resource",
+                        "enum": ["trusted", "user-verified", "unknown"]
+                    },
+                    "required": {
+                        "type": "boolean",
+                        "description": "Whether this external resource is required for execution"
+                    }
+                }
+            }
+        },
         "checksum": {
             "type": "object",
             "description": "Content integrity hash (REQUIRED for security - verifies dossier hasn't been tampered with)",

package/dist/types.d.ts

@@ -2,6 +2,27 @@
  * TypeScript type definitions for Dossier format
  */
 export type DossierStatus = 'Draft' | 'Stable' | 'Deprecated' | 'Experimental';
+export type ContentScope = 'self-contained' | 'references-external';
+export type ExternalReferenceType = 'download' | 'api' | 'documentation' | 'script' | 'config' | 'image' | 'dossier' | 'other';
+export type ExternalTrustLevel = 'trusted' | 'user-verified' | 'unknown';
+export interface ExternalReference {
+    url: string;
+    description: string;
+    type: ExternalReferenceType;
+    trust_level: ExternalTrustLevel;
+    required: boolean;
+}
+export interface ToolRequired {
+    name: string;
+    version?: string;
+    check_command?: string;
+    install_url?: string;
+}
+export interface DossierAuthor {
+    name?: string;
+    email?: string;
+    url?: string;
+}
 export interface DossierFrontmatter {
     dossier_schema_version?: string;
     name?: string;
@@ -16,6 +37,10 @@ export interface DossierFrontmatter {
     risk_level?: 'low' | 'medium' | 'high' | 'critical';
     risk_factors?: string[];
     destructive_operations?: string[];
+    content_scope?: ContentScope;
+    external_references?: ExternalReference[];
+    tools_required?: ToolRequired[];
+    authors?: DossierAuthor[];
     requires_approval?: boolean;
     checksum?: {
         algorithm: string;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,QAAQ,GAAG,YAAY,GAAG,cAAc,CAAC;AAE/E,MAAM,WAAW,kBAAkB;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,UAAU,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,SAAS,CAAC,EAAE;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,kBAAkB,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,GAAG,gBAAgB,GAAG,UAAU,GAAG,SAAS,GAAG,OAAO,CAAC;IACzE,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;IAC9D,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,kBAAkB,CAAC;IACjC,cAAc,EAAE,cAAc,CAAC;IAC/B,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,QAAQ,GAAG,YAAY,GAAG,cAAc,CAAC;AAE/E,MAAM,MAAM,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,CAAC;AAEpE,MAAM,MAAM,qBAAqB,GAC7B,UAAU,GACV,KAAK,GACL,eAAe,GACf,QAAQ,GACR,QAAQ,GACR,OAAO,GACP,SAAS,GACT,OAAO,CAAC;AAEZ,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,eAAe,GAAG,SAAS,CAAC;AAEzE,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,WAAW,EAAE,kBAAkB,CAAC;IAChC,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,kBAAkB;IACjC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,UAAU,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACpD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,mBAAmB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC1C,cAAc,CAAC,EAAE,YAAY,EAAE,CAAC;IAChC,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAC1B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,QAAQ,CAAC,EAAE;QACT,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,SAAS,CAAC,EAAE;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,kBAAkB,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,GAAG,gBAAgB,GAAG,UAAU,GAAG,SAAS,GAAG,OAAO,CAAC;IACzE,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;IAC9D,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,qBAAqB,EAAE,MAAM,EAAE,CAAC;IAChC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,eAAe,CAAC;IAC3B,YAAY,EAAE,kBAAkB,CAAC;IACjC,cAAc,EAAE,cAAc,CAAC;IAC/B,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/utils/url-scanner.d.ts

@@ -0,0 +1,8 @@
+import type { DossierFrontmatter, ExternalReference } from '../types';
+export declare function isPlaceholderUrl(url: string): boolean;
+export declare function scanBodyForUrls(body: string): string[];
+export declare function collectDeclaredUrls(frontmatter: DossierFrontmatter): string[];
+export declare function isUrlCoveredByDeclared(url: string, declaredUrls: string[]): boolean;
+export declare function findUndeclaredUrls(bodyUrls: string[], declaredUrls: string[]): string[];
+export declare function findStaleReferences(externalRefs: ExternalReference[], bodyUrls: string[]): ExternalReference[];
+//# sourceMappingURL=url-scanner.d.ts.map

package/dist/utils/url-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-scanner.d.ts","sourceRoot":"","sources":["../../src/utils/url-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAsBtE,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAErD;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAKtD;AAED,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,kBAAkB,GAAG,MAAM,EAAE,CAkC7E;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,OAAO,CAEnF;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAEvF;AAED,wBAAgB,mBAAmB,CACjC,YAAY,EAAE,iBAAiB,EAAE,EACjC,QAAQ,EAAE,MAAM,EAAE,GACjB,iBAAiB,EAAE,CAIrB"}

package/dist/utils/url-scanner.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPlaceholderUrl = isPlaceholderUrl;
+exports.scanBodyForUrls = scanBodyForUrls;
+exports.collectDeclaredUrls = collectDeclaredUrls;
+exports.isUrlCoveredByDeclared = isUrlCoveredByDeclared;
+exports.findUndeclaredUrls = findUndeclaredUrls;
+exports.findStaleReferences = findStaleReferences;
+// Matches http/https URLs, stopping at whitespace and common delimiters
+// that typically surround URLs in markdown/text (quotes, angle brackets,
+// parentheses, commas, semicolons, backticks).
+const URL_REGEX = /https?:\/\/[^\s"'<>\])|,;`]+/g;
+// Strip trailing periods and closing parens that are often part of
+// surrounding prose rather than the URL itself (e.g. "see https://x.com).")
+const TRAILING_PUNCTUATION = /[.)]+$/;
+const PLACEHOLDER_PATTERNS = [
+    /^https?:\/\/example\.(com|org|net)/,
+    /^https?:\/\/localhost/,
+    /^https?:\/\/127\.0\.0\.\d/,
+    /^https?:\/\/\[::1\]/,
+    /^https?:\/\/0\.0\.0\.0/,
+    /<[^>]+>/,
+    /\$\{[^}]+\}/,
+    /\{\{[^}]+\}\}/,
+];
+function isPlaceholderUrl(url) {
+    return PLACEHOLDER_PATTERNS.some((pattern) => pattern.test(url));
+}
+function scanBodyForUrls(body) {
+    const matches = body.match(URL_REGEX) || [];
+    const cleaned = matches.map((url) => url.replace(TRAILING_PUNCTUATION, ''));
+    const unique = [...new Set(cleaned)];
+    return unique.filter((url) => !isPlaceholderUrl(url));
+}
+function collectDeclaredUrls(frontmatter) {
+    const urls = [];
+    if (frontmatter.external_references) {
+        for (const ref of frontmatter.external_references) {
+            urls.push(ref.url);
+        }
+    }
+    if (frontmatter.tools_required) {
+        for (const tool of frontmatter.tools_required) {
+            if (tool.install_url) {
+                urls.push(tool.install_url);
+            }
+        }
+    }
+    if (typeof frontmatter.homepage === 'string') {
+        urls.push(frontmatter.homepage);
+    }
+    if (typeof frontmatter.repository === 'string') {
+        urls.push(frontmatter.repository);
+    }
+    if (frontmatter.authors) {
+        for (const author of frontmatter.authors) {
+            if (author.url) {
+                urls.push(author.url);
+            }
+        }
+    }
+    return urls;
+}
+function isUrlCoveredByDeclared(url, declaredUrls) {
+    return declaredUrls.some((declared) => url === declared || url.startsWith(declared));
+}
+function findUndeclaredUrls(bodyUrls, declaredUrls) {
+    return bodyUrls.filter((url) => !isUrlCoveredByDeclared(url, declaredUrls));
+}
+function findStaleReferences(externalRefs, bodyUrls) {
+    return externalRefs.filter((ref) => !bodyUrls.some((bodyUrl) => bodyUrl === ref.url || bodyUrl.startsWith(ref.url)));
+}
+//# sourceMappingURL=url-scanner.js.map

package/dist/utils/url-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-scanner.js","sourceRoot":"","sources":["../../src/utils/url-scanner.ts"],"names":[],"mappings":";;AAsBA,4CAEC;AAED,0CAKC;AAED,kDAkCC;AAED,wDAEC;AAED,gDAEC;AAED,kDAOC;AAlFD,wEAAwE;AACxE,yEAAyE;AACzE,+CAA+C;AAC/C,MAAM,SAAS,GAAG,+BAA+B,CAAC;AAElD,mEAAmE;AACnE,4EAA4E;AAC5E,MAAM,oBAAoB,GAAG,QAAQ,CAAC;AAEtC,MAAM,oBAAoB,GAAG;IAC3B,oCAAoC;IACpC,uBAAuB;IACvB,2BAA2B;IAC3B,qBAAqB;IACrB,wBAAwB;IACxB,SAAS;IACT,aAAa;IACb,eAAe;CAChB,CAAC;AAEF,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5E,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,SAAgB,mBAAmB,CAAC,WAA+B;IACjE,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;QACpC,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;YAClD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,OAAO,WAAW,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,WAAW,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACzC,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;gBACf,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,sBAAsB,CAAC,GAAW,EAAE,YAAsB;IACxE,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAgB,kBAAkB,CAAC,QAAkB,EAAE,YAAsB;IAC3E,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,mBAAmB,CACjC,YAAiC,EACjC,QAAkB;IAElB,OAAO,YAAY,CAAC,MAAM,CACxB,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,GAAG,CAAC,GAAG,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CACzF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ai-dossier/core",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Core verification and parsing logic for dossier automation standard",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",