@clementine-solutions/jane-io 1.0.1 → 1.0.3

package/dist/core/scanners/array/array-is-heterogenous.js

@@ -0,0 +1,39 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Array Is Heterogeneous
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Warns when an array contains mixed structural types,
+ *                  indicating inconsistent data shape.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Internal Modules                                                          *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+import { detectStructuralType } from '../../../core/pipeline';
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags arrays whose length exceeds a conservative safety threshold.
+ *
+ * Emits a warning when the list is unusually large, helping prevent
+ * excessive memory usage or pathological input shapes during scanning.
+ */
+export const arrayIsHeterogeneous = (raw, path) => {
+    if (!Array.isArray(raw))
+        return [];
+    if (raw.length < 2)
+        return [];
+    const firstType = detectStructuralType(raw[0]);
+    for (let i = 1; i < raw.length; i++) {
+        if (detectStructuralType(raw[i]) !== firstType) {
+            return [
+                scanEvent('warn', 'array.is.heterogeneous', path, 'Array contains mixed element types.', 'This list contains different kinds of values.', { firstType, mixedType: detectStructuralType(raw[i]) }),
+            ];
+        }
+    }
+    return [];
+};

package/dist/core/scanners/array/array-is-large.js

@@ -0,0 +1,32 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Array Is Large
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Flags arrays whose length exceeds a conservative safety
+ *                  threshold.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Detects containment sentinels produced during safe‑clone operations.
+ *
+ * Flags any sentinel string as a fatal structural hazard, emitting a
+ * scan event that identifies the hazard code and the original sentinel
+ * value for downstream analysis and policy decisions.
+ */
+export const arrayIsLarge = (raw, path) => {
+    if (!Array.isArray(raw))
+        return [];
+    const max = 10_000;
+    if (raw.length > max) {
+        return [
+            scanEvent('warn', 'array.is.large', path, `Array length ${raw.length} exceeds safe threshold ${max}.`, 'This list is very large.', { length: raw.length, max }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/bigint/bigint-is-large.js

@@ -0,0 +1,34 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Bigint Is Large
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Flags BigInt values that fall outside JavaScript’s safe
+ *                  integer range, surfacing numbers that cannot be reliably
+ *                  represented or compared using standard numeric APIs.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags `BigInt` values whose bit‑length exceeds a safe structural boundary.
+ *
+ * Extremely large integers can stress memory, break downstream serializers,
+ * and indicate adversarial or malformed input. This rule surfaces oversized
+ * values early so validators and policy layers can decide how to handle them.
+ */
+export const bigintIsLarge = (raw, path) => {
+    if (typeof raw !== 'bigint')
+        return [];
+    const maxBits = 2048;
+    const bitLength = raw === 0n ? 1 : raw.toString(2).length;
+    if (bitLength > maxBits) {
+        return [
+            scanEvent('warn', 'bigint.is.large', path, `BigInt exceeds safe bit-length threshold ${maxBits} bits.`, 'This number is too large to safely handle.', { bitLength, maxBits }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/bigint/bigint-not-safe.js

@@ -0,0 +1,34 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Bigint Not Safe
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Detects BigInt values whose bit-length exceeds a safe
+ *                  structural threshold, highlighting oversized or adversarial
+ *                  integers before deeper validation occurs.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags `BigInt` values that fall outside JavaScript’s safe integer range.
+ *
+ * While `BigInt` itself is unbounded, many systems assume values remain within
+ * the safe `number` range for interoperability. This rule highlights integers
+ * that cannot be safely represented or compared using standard numeric APIs.
+ */
+export const bigintNotSafe = (raw, path) => {
+    if (typeof raw !== 'bigint')
+        return [];
+    const maxSafe = BigInt(Number.MAX_SAFE_INTEGER);
+    const minSafe = BigInt(Number.MIN_SAFE_INTEGER);
+    if (raw > maxSafe || raw < minSafe) {
+        return [
+            scanEvent('warn', 'bigint.not.safe', path, 'BigInt exceeds JavaScript safe integer range.', 'This number is outside the safe range.', { value: raw.toString(), maxSafe, minSafe }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/date/date-is-before-epoch.js

@@ -0,0 +1,32 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Date Is Before Epoch
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Flags Date values that occur before the Unix epoch,
+ *                  surfacing malformed or legacy timestamps early in scanning.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags Date values that occur before the Unix epoch (1970‑01‑01).
+ *
+ * Dates earlier than the epoch often indicate malformed input, legacy
+ * serialization issues, or unexpected coercions. This rule surfaces those
+ * anomalies early so downstream validators can respond appropriately.
+ */
+export const dateIsBeforeEpoch = (raw, path) => {
+    if (!(raw instanceof Date))
+        return [];
+    const epoch = 0;
+    if (raw.getTime() < epoch) {
+        return [
+            scanEvent('warn', 'date.is.before-epoch', path, 'Date occurs before Unix epoch (1970-01-01).', 'This date is earlier than 1970.', { timestamp: raw.getTime(), epoch }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/date/date-is-far-future.js

@@ -0,0 +1,32 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Date Is Far Future
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Detects Date values that fall far beyond a safe future
+ *                  boundary, highlighting unrealistic or adversarial timestamps.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Detects Date values that fall far beyond a conservative future boundary.
+ *
+ * Extremely future‑dated timestamps can signal corrupted data, unrealistic
+ * scheduling values, or adversarial input. This rule highlights such values
+ * before they propagate into business logic or policy layers.
+ */
+export const dateIsFarFuture = (raw, path) => {
+    if (!(raw instanceof Date))
+        return [];
+    const max = new Date('2100-01-01T00:00:00.000Z').getTime();
+    if (raw.getTime() > max) {
+        return [
+            scanEvent('warn', 'date.is.far-future', path, 'Date occurs far in the future beyond safe bounds.', 'This date is far in the future.', { timestamp: raw.getTime(), max }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/date/date-is-invalid.js

@@ -0,0 +1,31 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Date Is Invalid
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Warns when a Date instance resolves to an invalid timestamp,
+ *                  ensuring parsing failures are surfaced explicitly.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Warns when a Date instance resolves to an invalid (NaN) timestamp.
+ *
+ * Invalid Date objects commonly arise from parsing failures or unexpected
+ * transformations. This rule ensures they are surfaced explicitly rather than
+ * silently passing through the scan pipeline.
+ */
+export const dateIsInvalid = (raw, path) => {
+    if (!(raw instanceof Date))
+        return [];
+    if (Number.isNaN(raw.getTime())) {
+        return [
+            scanEvent('warn', 'date.is.invalid', path, 'Date value is invalid (NaN timestamp).', 'This date is not valid.', { value: raw }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/index.js

@@ -0,0 +1,58 @@
+/**
+ * ----------------------------------------------------------------------------
+ *  Scanners | Barrel File
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Re‑exports all scanner modules, providing a single,
+ *                  consolidated entry point for the scanning subsystem.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* All Values                                                                *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { scanForSentinels } from './any/scan-for-sentinels';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Array Values                                                              *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { arrayIsDeep } from './array/array-is-deep';
+export { arrayIsHeterogeneous } from './array/array-is-heterogenous';
+export { arrayIsLarge } from './array/array-is-large';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Bigint Values                                                             *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { bigintIsLarge } from './bigint/bigint-is-large';
+export { bigintNotSafe } from './bigint/bigint-not-safe';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Date Values                                                               *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { dateIsBeforeEpoch } from './date/date-is-before-epoch';
+export { dateIsFarFuture } from './date/date-is-far-future';
+export { dateIsInvalid } from './date/date-is-invalid';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Number Values                                                             *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { numberIsInfinite } from './number/number-is-infinite';
+export { numberIsNaN } from './number/number-is-nan';
+export { numberIsTooLarge } from './number/number-is-too-large';
+export { numberIsUnsafeInteger } from './number/number-is-unsafe-integer';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Object Values                                                             *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { objectHasCircularReferences } from './object/object-has-circular-references';
+export { objectHasManyKeys } from './object/object-has-many-keys';
+export { objectIsDeep } from './object/object-is-deep';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* String Values                                                             *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { stringHasUnsafeUnicode } from './string/string-has-unsafe-unicode';
+export { stringHasWhitespaceEdges } from './string/string-has-whitespace-edges';
+export { stringIsLong } from './string/string-is-long';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Unknown Values                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { unknownNotScannable } from './unknown/unknown-not-scannable';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Registry                                                                  *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+export { scanRuleRegistry } from './scanner-registry';

package/dist/core/scanners/number/number-is-infinite.js

@@ -0,0 +1,31 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Number Is Infinite
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Flags numeric values that resolve to Infinity, surfacing
+ *                  calculation errors or malformed inputs before they propagate.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags numeric values that are infinite rather than finite.
+ *
+ * Infinite values often indicate upstream calculation errors, division
+ * anomalies, or malformed input. This rule surfaces them early so downstream
+ * logic never assumes a safe, bounded number.
+ */
+export const numberIsInfinite = (raw, path) => {
+    if (typeof raw !== 'number')
+        return [];
+    if (!Number.isFinite(raw)) {
+        return [
+            scanEvent('warn', 'number.not.finite', path, 'Value is infinite, which is not a safe numeric value.', 'This number is infinite.', { value: raw }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/number/number-is-nan.js

@@ -0,0 +1,31 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Number Is NaN
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Detects numeric values that evaluate to NaN, ensuring failed
+ *                  arithmetic or parsing does not silently pass through scanning.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Detects numeric values that resolve to NaN.
+ *
+ * NaN commonly arises from failed arithmetic, invalid parsing, or unexpected
+ * coercions. This rule ensures such values are treated as structurally unsafe
+ * rather than silently propagating through the scan pipeline.
+ */
+export const numberIsNaN = (raw, path) => {
+    if (typeof raw !== 'number')
+        return [];
+    if (Number.isNaN(raw)) {
+        return [
+            scanEvent('warn', 'number.not.number', path, 'Value is NaN, which is not a safe numeric value.', 'This number is not valid.', { value: raw }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/number/number-is-too-large.js

@@ -0,0 +1,33 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Number Is Too Large
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Warns when a number exceeds a conservative magnitude limit,
+ *                  highlighting values that may indicate corrupted or adversarial
+ *                  input.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Warns when a numeric value exceeds a conservative magnitude threshold.
+ *
+ * Extremely large numbers can signal corrupted data, unrealistic inputs, or
+ * adversarial payloads. This rule highlights values that may cause overflow,
+ * precision loss, or performance issues in downstream systems.
+ */
+export const numberIsTooLarge = (raw, path) => {
+    if (typeof raw !== 'number')
+        return [];
+    const max = 1e15;
+    if (Math.abs(raw) > max) {
+        return [
+            scanEvent('warn', 'number.is.too-large', path, `Number magnitude ${raw} exceeds safe threshold ${max}.`, 'This number is extremely large.', { value: raw, max }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/number/number-is-unsafe-integer.js

@@ -0,0 +1,31 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Number Is Unsafe Integer
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Flags integers outside JavaScript’s safe integer range,
+ *                  preventing precision‑loss issues in comparisons or arithmetic.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags integers that fall outside JavaScript’s safe integer range.
+ *
+ * Values beyond the safe range cannot be represented precisely using standard
+ * numeric operations. This rule surfaces whole numbers that may behave
+ * unpredictably in comparisons, arithmetic, or serialization.
+ */
+export const numberIsUnsafeInteger = (raw, path) => {
+    if (typeof raw !== 'number')
+        return [];
+    if (Number.isInteger(raw) && !Number.isSafeInteger(raw)) {
+        return [
+            scanEvent('warn', 'number.not.safe-integer', path, `Integer ${raw} exceeds JavaScript's safe integer range.`, 'This whole number is outside the safe range.', { value: raw }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/object/object-has-circular-references.js

@@ -0,0 +1,43 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Object Has Circular References
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Detects self‑referential object graphs that can break
+ *                  serializers, confuse diffing logic, or trigger unbounded
+ *                  recursion during analysis.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Detects objects that contain circular references.
+ *
+ * Cyclic structures can break serializers, confuse diffing logic, and cause
+ * unbounded recursion during analysis. This rule surfaces self‑referential
+ * shapes early so containment and policy layers can respond safely.
+ */
+export const objectHasCircularReferences = (raw, path) => {
+    if (raw === null || typeof raw !== 'object' || Array.isArray(raw))
+        return [];
+    const seen = new WeakSet();
+    const stack = [raw];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        if (seen.has(current)) {
+            return [
+                scanEvent('warn', 'object.has.circular-references', path, 'Object contains circular references.', 'This object refers to itself.', {}),
+            ];
+        }
+        seen.add(current);
+        for (const value of Object.values(current)) {
+            if (value && typeof value === 'object') {
+                stack.push(value);
+            }
+        }
+    }
+    return [];
+};

package/dist/core/scanners/object/object-has-many-keys.js

@@ -0,0 +1,33 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Object Has Many Keys
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Flags objects whose number of own properties exceeds a safe
+ *                  threshold, surfacing unusually wide or adversarial shapes.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Flags objects whose number of own enumerable keys exceeds a safe limit.
+ *
+ * Extremely wide objects often indicate malformed payloads, accidental
+ * fan‑out, or adversarial input. This rule highlights unusually large
+ * property maps before they stress memory or downstream processing.
+ */
+export const objectHasManyKeys = (raw, path) => {
+    if (raw === null || typeof raw !== 'object' || Array.isArray(raw))
+        return [];
+    const maxKeys = 500;
+    const count = Object.keys(raw).length;
+    if (count > maxKeys) {
+        return [
+            scanEvent('warn', 'object.has.many-keys', path, `Object has ${count} keys, exceeding safe threshold ${maxKeys}.`, 'This object has many properties.', { count, maxKeys }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/object/object-is-deep.js

@@ -0,0 +1,38 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | Object Is Deep
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Warns when an object’s nesting depth surpasses a conservative
+ *                  structural limit, highlighting shapes that may cause stack
+ *                  pressure or pathological traversal costs.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Internal Modules                                                          *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+import { measureDepth } from '../../../core/pipeline';
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Warns when an object’s nesting depth exceeds a conservative structural bound.
+ *
+ * Deeply nested shapes can cause stack pressure, slow traversal, and
+ * pathological input patterns. This rule surfaces excessive depth early so
+ * containment can replace or constrain hazardous structures.
+ */
+export const objectIsDeep = (raw, path) => {
+    if (typeof raw !== 'object' || raw === null || Array.isArray(raw))
+        return [];
+    const depth = measureDepth(raw);
+    const max = 50;
+    if (depth > max) {
+        return [
+            scanEvent('warn', 'object.is.deep', path, `Object depth ${depth} exceeds safe threshold ${max}.`, 'This object is deeply nested.', { depth, max }),
+        ];
+    }
+    return [];
+};

package/dist/core/scanners/scanner-registry.js

@@ -0,0 +1,36 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Public | Scanner Registry
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Exposes the full mapping of structural types to their
+ *                  associated scan rules, defining Jane’s public scanning
+ *                  configuration surface.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { arrayIsDeep, arrayIsHeterogeneous, arrayIsLarge, bigintIsLarge, bigintNotSafe, dateIsBeforeEpoch, dateIsFarFuture, dateIsInvalid, numberIsInfinite, numberIsNaN, numberIsTooLarge, numberIsUnsafeInteger, objectHasCircularReferences, objectHasManyKeys, objectIsDeep, scanForSentinels, stringHasUnsafeUnicode, stringHasWhitespaceEdges, stringIsLong, unknownNotScannable, } from '.';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Scan Rule Registry                                                       *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Central registry mapping structural types to the scan rules that evaluate
+ * them. This defines the composition and ordering of Jane’s scanning pipeline,
+ * ensuring each detected type is checked against the appropriate structural,
+ * safety, and shape‑integrity rules.
+ */
+export const scanRuleRegistry = {
+    all: [scanForSentinels],
+    string: [stringIsLong, stringHasUnsafeUnicode, stringHasWhitespaceEdges],
+    number: [numberIsInfinite, numberIsNaN, numberIsTooLarge, numberIsUnsafeInteger],
+    boolean: [],
+    array: [arrayIsLarge, arrayIsDeep, arrayIsHeterogeneous],
+    object: [objectIsDeep, objectHasCircularReferences, objectHasManyKeys],
+    date: [dateIsInvalid, dateIsBeforeEpoch, dateIsFarFuture],
+    unknown: [unknownNotScannable],
+    /**
+     * The following types can only be accepted by explicitly setting the
+     * `bigint`, `set`, or `map` property (in `exceptions`)  to `true`.
+     */
+    bigint: [bigintIsLarge, bigintNotSafe],
+};

package/dist/core/scanners/string/string-has-unsafe-unicode.js

@@ -0,0 +1,32 @@
+/**
+ * ----------------------------------------------------------------------------
+ * Scanners | String Has Unsafe Unicode
+ * ----------------------------------------------------------------------------
+ * @package         @clementine-solutions/jane
+ * @description     Detects Unicode bidi control characters that can obscure
+ *                  text rendering or introduce security‑relevant ambiguity.
+ * @see             https://jane-io.com
+ * ----------------------------------------------------------------------------
+ */
+import { scanEvent } from '../../pipeline';
+/* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— *\
+|* Implementation                                                            *|
+\* ——— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ————— * ——— */
+/**
+ * Detects the presence of Unicode bidi control characters.
+ *
+ * These invisible characters can alter text rendering, obscure intent, or
+ * introduce security risks. This rule surfaces unsafe Unicode so downstream
+ * layers never operate on misleading or adversarial text.
+ */
+export const stringHasUnsafeUnicode = (raw, path) => {
+    if (typeof raw !== 'string')
+        return [];
+    const unsafe = /[\u202A\u202B\u202D\u202E\u202C\u2066\u2067\u2068\u2069]/;
+    if (unsafe.test(raw)) {
+        return [
+            scanEvent('warn', 'string.has.unsafe-unicode', path, 'String contains unsafe Unicode bidi control characters.', 'This text contains unsafe Unicode characters.', {}),
+        ];
+    }
+    return [];
+};