npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/infra/bundle-fetcher.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import { readFile, writeFile, mkdir } from 'node:fs/promises';
+import { join, dirname } from 'node:path';
+import { createSaasClient } from './saas-client.js';
+import { createLogger } from './logger.js';
+const log = createLogger('bundle');
+export interface BundleFetcher {
+  readonly fetchIfUpdated: () => Promise<Record<string, unknown> | null>;
+  readonly getBundle: () => Promise<Record<string, unknown> | null>;
+}
+export const createBundleFetcher = (saasUrl: string, cacheDir: string): BundleFetcher => {
+  const client = createSaasClient(saasUrl);
+  const bundlePath = join(cacheDir, 'bundle.json');
+  const etagPath = join(cacheDir, 'bundle.etag');
+  const readEtag = async (): Promise<string | undefined> => {
+    try {
+      return (await readFile(etagPath, 'utf-8')).trim();
+    } catch {
+      return undefined;
+    }
+  };
+  const saveBundle = async (data: Record<string, unknown>, etag?: string): Promise<void> => {
+    await mkdir(dirname(bundlePath), { recursive: true });
+    await writeFile(bundlePath, JSON.stringify(data), 'utf-8');
+    if (etag) {
+      await writeFile(etagPath, etag, 'utf-8');
+    }
+  };
+  const loadCachedBundle = async (): Promise<Record<string, unknown> | null> => {
+    try {
+      const content = await readFile(bundlePath, 'utf-8');
+      const data: Record<string, unknown> = JSON.parse(content);
+      return data;
+    } catch {
+      return null;
+    }
+  };
+  return Object.freeze({
+    fetchIfUpdated: async () => {
+      try {
+        const etag = await readEtag();
+        const result = await client.fetchDataBundle(etag);
+        if (result.data === null) {
+          log.debug('Bundle not modified (304)');
+          return null;
+        }
+        await saveBundle(result.data, result.etag);
+        log.info('Bundle updated from SaaS');
+        return result.data;
+      } catch (err) {
+        log.warn('Bundle fetch failed:', err);
+        return null;
+      }
+    },
+    getBundle: async () => {
+      // Try fetch first, fallback to cache
+      try {
+        const etag = await readEtag();
+        const result = await client.fetchDataBundle(etag);
+        if (result.data !== null) {
+          await saveBundle(result.data, result.etag);
+          return result.data;
+        }
+      } catch {
+        log.debug('Online fetch failed, using cache');
+      }
+      return loadCachedBundle();
+    },
+  });
+};

package/src/infra/cache-storage.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Infra adapter for CacheStorage port.
+ * File-based persistence for scan cache.
+ * Domain port defined in: domain/scanner/scan-cache.ts
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import type { CacheStorage, ScanCacheData } from '../domain/scanner/scan-cache.js';
+export const createFileCacheStorage = (projectPath: string): CacheStorage => {
+  const path = join(projectPath, '.complior', 'cache', 'scan-cache.json');
+  return Object.freeze({
+    load: (): ScanCacheData | undefined => {
+      if (!existsSync(path)) return undefined;
+      try {
+        const raw = readFileSync(path, 'utf-8');
+        const parsed: unknown = JSON.parse(raw);
+        // Basic shape validation (Zod would be ideal for full validation)
+        if (typeof parsed === 'object' && parsed !== null && 'version' in parsed && 'entries' in parsed) {
+          return parsed as ScanCacheData;
+        }
+        return undefined;
+      } catch {
+        return undefined;
+      }
+    },
+    save: (data: ScanCacheData): void => {
+      mkdirSync(dirname(path), { recursive: true });
+      writeFileSync(path, JSON.stringify(data), 'utf-8');
+    },
+  });
+};

package/src/infra/event-bus.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import type { EventMap, EventHandler, EventBusPort } from '../ports/events.port.js';
+export const createEventBus = (): EventBusPort => {
+  // Handlers stored as (payload: never) => void exploiting contravariance:
+  // (payload: T) => void is assignable to (payload: never) => void for all T
+  const listeners = new Map<string, Set<(payload: never) => void>>();
+  const on = <K extends keyof EventMap>(event: K, handler: EventHandler<EventMap[K]>): void => {
+    if (!listeners.has(event)) {
+      listeners.set(event, new Set());
+    }
+    listeners.get(event)!.add(handler);
+  };
+  const off = <K extends keyof EventMap>(event: K, handler: EventHandler<EventMap[K]>): void => {
+    listeners.get(event)?.delete(handler);
+  };
+  const emit = <K extends keyof EventMap>(event: K, payload: EventMap[K]): void => {
+    const handlers = listeners.get(event);
+    if (handlers !== undefined) {
+      for (const handler of handlers) {
+        Reflect.apply(handler, undefined, [payload]);
+      }
+    }
+  };
+  return Object.freeze({ on, off, emit });
+};
+export type EventBus = ReturnType<typeof createEventBus>;

package/src/infra/file-collector.ts ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Infrastructure adapter for file collection.
+ * Reads filesystem to build ScanContext. Domain stays I/O-free (Clean Architecture).
+ */
+import { readdir, readFile, stat } from 'node:fs/promises';
+import { join, extname, relative } from 'node:path';
+import type { ScanContext, FileInfo } from '../ports/scanner.port.js';
+import { ALL_SCANNABLE_EXTENSIONS, EXCLUDED_DIRS } from '../data/scanner-constants.js';
+import limitsData from '../../data/scanner/limits.json' with { type: 'json' };
+const MAX_FILES = limitsData.max_files;
+const MAX_FILE_SIZE = limitsData.max_file_size_bytes;
+const collectFilesRecursive = async (
+  dirPath: string,
+  projectPath: string,
+  accumulated: FileInfo[],
+): Promise<void> => {
+  if (accumulated.length >= MAX_FILES) return;
+  const entries = await readdir(dirPath, { withFileTypes: true });
+  for (const entry of entries) {
+    if (accumulated.length >= MAX_FILES) return;
+    const fullPath = join(dirPath, entry.name);
+    if (entry.isDirectory()) {
+      if (!EXCLUDED_DIRS.has(entry.name)) {
+        await collectFilesRecursive(fullPath, projectPath, accumulated);
+      }
+      continue;
+    }
+    if (!entry.isFile()) continue;
+    const ext = extname(entry.name).toLowerCase();
+    if (!ALL_SCANNABLE_EXTENSIONS.has(ext)) continue;
+    const fileStat = await stat(fullPath);
+    if (fileStat.size > MAX_FILE_SIZE) continue;
+    const content = await readFile(fullPath, 'utf-8');
+    accumulated.push({
+      path: fullPath,
+      content,
+      extension: ext,
+      relativePath: relative(projectPath, fullPath),
+    });
+  }
+};
+export const collectFiles = async (projectPath: string): Promise<ScanContext> => {
+  const files: FileInfo[] = [];
+  await collectFilesRecursive(projectPath, projectPath, files);
+  return {
+    files,
+    projectPath,
+  };
+};

package/src/infra/file-ops-adapter.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { readFile as fsReadFile, writeFile, readdir, mkdir } from 'node:fs/promises';
+import { join, resolve, relative, extname } from 'node:path';
+import { ToolError, NotFoundError } from '../types/errors.js';
+const BLOCKED_PATHS = ['/etc', '/usr', '/bin', '/sbin', '/var', '/proc', '/sys', '/dev'];
+const validatePath = (filePath: string): string => {
+  const resolved = resolve(filePath);
+  for (const blocked of BLOCKED_PATHS) {
+    if (resolved.startsWith(blocked)) {
+      throw new ToolError(`Access denied: path ${resolved} is in a protected directory`);
+    }
+  }
+  return resolved;
+};
+export const createFile = async (filePath: string, content: string): Promise<void> => {
+  const resolved = validatePath(filePath);
+  const dir = resolve(resolved, '..');
+  await mkdir(dir, { recursive: true });
+  await writeFile(resolved, content, 'utf-8');
+};
+export const editFile = async (
+  filePath: string,
+  oldContent: string,
+  newContent: string,
+): Promise<void> => {
+  const resolved = validatePath(filePath);
+  const existing = await fsReadFile(resolved, 'utf-8').catch(() => {
+    throw new NotFoundError(`File not found: ${filePath}`);
+  });
+  if (!existing.includes(oldContent)) {
+    throw new ToolError('oldContent not found in file');
+  }
+  const updated = existing.replace(oldContent, newContent);
+  await writeFile(resolved, updated, 'utf-8');
+};
+export const readFile = async (filePath: string): Promise<string> => {
+  const resolved = validatePath(filePath);
+  return fsReadFile(resolved, 'utf-8').catch(() => {
+    throw new NotFoundError(`File not found: ${filePath}`);
+  });
+};
+const RELEVANT_EXTENSIONS = new Set([
+  '.ts', '.tsx', '.js', '.jsx', '.json', '.md',
+  '.yaml', '.yml', '.py', '.html', '.css', '.toml',
+]);
+export const listFiles = async (
+  dirPath: string,
+  pattern?: string,
+): Promise<readonly string[]> => {
+  const resolved = validatePath(dirPath);
+  const results: string[] = [];
+  const walk = async (dir: string, depth: number): Promise<void> => {
+    if (depth > 10 || results.length > 1000) return;
+    const entries = await readdir(dir, { withFileTypes: true }).catch(() => []);
+    for (const entry of entries) {
+      const fullPath = join(dir, entry.name);
+      const relPath = relative(resolved, fullPath);
+      if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist') {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        await walk(fullPath, depth + 1);
+      } else if (entry.isFile()) {
+        const ext = extname(entry.name);
+        if (pattern !== undefined) {
+          if (entry.name.includes(pattern) || relPath.includes(pattern)) {
+            results.push(relPath);
+          }
+        } else if (RELEVANT_EXTENSIONS.has(ext)) {
+          results.push(relPath);
+        }
+      }
+    }
+  };
+  await walk(resolved, 0);
+  return results;
+};

package/src/infra/file-watcher.test.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * US-S0202: File Watcher — named tests
+ *
+ * Tests for the chokidar-based file watcher that drives the Compliance Gate.
+ * The watcher emits `file.changed` events on the shared event bus.
+ */
+import { describe, it, expect } from 'vitest';
+import { EXCLUDED_DIRS } from '../data/scanner-constants.js';
+// --- Helpers ---
+/** Reproduces the extension filter from file-watcher.ts */
+const WATCHED_EXTENSIONS = /\.(ts|tsx|js|jsx|mjs|cjs|json|yaml|yml|md)$/i;
+function isWatched(filePath: string): boolean {
+  return WATCHED_EXTENSIONS.test(filePath);
+}
+function isIgnoredDir(filePath: string): boolean {
+  const segments = filePath.split('/');
+  return segments.some((s) => EXCLUDED_DIRS.has(s));
+}
+// US-S0202: named tests
+describe('FileWatcher — extension filter', () => {
+  it('test_file_watcher_filters_extensions', () => {
+    expect(isWatched('src/app.ts')).toBe(true);
+    expect(isWatched('src/app.tsx')).toBe(true);
+    expect(isWatched('src/app.js')).toBe(true);
+    expect(isWatched('config.json')).toBe(true);
+    expect(isWatched('README.md')).toBe(true);
+    expect(isWatched('policy.yaml')).toBe(true);
+    // Non-compliance files should NOT be watched
+    expect(isWatched('image.png')).toBe(false);
+    expect(isWatched('data.csv')).toBe(false);
+    expect(isWatched('binary.exe')).toBe(false);
+  });
+});
+describe('FileWatcher — ignored directories', () => {
+  it('test_file_watcher_ignores_node_modules', () => {
+    expect(isIgnoredDir('node_modules/lodash/index.js')).toBe(true);
+    expect(isIgnoredDir('src/node_modules/foo/bar.ts')).toBe(true);
+    expect(isIgnoredDir('.git/config')).toBe(true);
+    expect(isIgnoredDir('dist/index.js')).toBe(true);
+    // .complior internal files should be ignored
+    expect(isIgnoredDir('.complior/evidence/chain.json')).toBe(true);
+    expect(isIgnoredDir('.complior/reports/fria-agent.json')).toBe(true);
+    expect(isIgnoredDir('.complior/agents/my-agent-manifest.json')).toBe(true);
+    expect(isIgnoredDir('/home/user/project/.complior/evidence/chain.json')).toBe(true);
+    // Regular source files should NOT be ignored
+    expect(isIgnoredDir('src/app.ts')).toBe(false);
+    expect(isIgnoredDir('docs/compliance/fria.md')).toBe(false);
+  });
+});
+describe('FileWatcher — debounce logic', () => {
+  it('test_file_watcher_debounce', async () => {
+    // Simulate rapid events — only the last one should fire
+    const emitted: string[] = [];
+    const DEBOUNCE_MS = 200;
+    let timer: ReturnType<typeof setTimeout> | null = null;
+    let pendingFile: string | null = null;
+    const scheduleEmit = (filePath: string): void => {
+      pendingFile = filePath;
+      if (timer !== null) clearTimeout(timer);
+      timer = setTimeout(() => {
+        if (pendingFile !== null) {
+          emitted.push(pendingFile);
+          pendingFile = null;
+        }
+        timer = null;
+      }, DEBOUNCE_MS);
+    };
+    // Fire 3 rapid events
+    scheduleEmit('src/a.ts');
+    scheduleEmit('src/b.ts');
+    scheduleEmit('src/c.ts');
+    // Wait for debounce to settle
+    await new Promise((r) => setTimeout(r, DEBOUNCE_MS + 50));
+    expect(emitted).toHaveLength(1);
+    expect(emitted[0]).toBe('src/c.ts'); // last one wins
+  });
+});

package/src/infra/file-watcher.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * File Watcher — watches project files and emits `file.changed` events.
+ *
+ * US-S0202: JS/TS/JSON file change → debounce 200 ms → compliance gate re-scan.
+ *
+ * Uses chokidar for cross-platform fs watching (Linux inotify / macOS FSEvents).
+ * Ignores node_modules, .git, dist, build, coverage, and hidden directories.
+ */
+import chokidar, { type FSWatcher } from 'chokidar';
+import { createLogger } from './logger.js';
+import type { EventBus } from './event-bus.js';
+import { EXCLUDED_DIRS } from '../data/scanner-constants.js';
+const log = createLogger('file-watcher');
+/** File extensions that can affect compliance score. */
+const WATCHED_EXTENSIONS = /\.(ts|tsx|js|jsx|mjs|cjs|json|yaml|yml|md)$/i;
+/** Check if a file path should be ignored (any segment matches EXCLUDED_DIRS). */
+const isIgnored = (filePath: string): boolean => {
+  const segments = filePath.split('/');
+  return segments.some((s) => EXCLUDED_DIRS.has(s));
+};
+/** Debounce interval matching the 200ms Compliance Gate requirement. */
+const DEBOUNCE_MS = 200;
+export interface FileWatcher {
+  start: () => void;
+  stop: () => Promise<void>;
+}
+/**
+ * Create a file watcher for the given project directory.
+ *
+ * Call `start()` to begin watching; the watcher emits `file.changed` on the
+ * shared event bus whenever a relevant file is created or modified.
+ */
+export const createFileWatcher = (
+  projectPath: string,
+  events: EventBus,
+): FileWatcher => {
+  let watcher: FSWatcher | null = null;
+  let debounceTimer: ReturnType<typeof setTimeout> | null = null;
+  let pendingFile: string | null = null;
+  const scheduleEmit = (filePath: string): void => {
+    pendingFile = filePath;
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+    }
+    debounceTimer = setTimeout(() => {
+      if (pendingFile !== null) {
+        log.info(`File changed: ${pendingFile} — triggering compliance gate`);
+        events.emit('file.changed', { path: pendingFile, action: 'edit' });
+        pendingFile = null;
+      }
+      debounceTimer = null;
+    }, DEBOUNCE_MS);
+  };
+  const start = (): void => {
+    if (watcher !== null) {
+      log.warn('File watcher already running');
+      return;
+    }
+    watcher = chokidar.watch(projectPath, {
+      ignored: isIgnored,
+      persistent: true,
+      ignoreInitial: true,       // don't fire on startup
+      awaitWriteFinish: {
+        stabilityThreshold: 100, // wait 100 ms after last write
+        pollInterval: 50,
+      },
+    });
+    watcher
+      .on('add', (filePath: string) => {
+        if (WATCHED_EXTENSIONS.test(filePath) && !isIgnored(filePath)) scheduleEmit(filePath);
+      })
+      .on('change', (filePath: string) => {
+        if (WATCHED_EXTENSIONS.test(filePath) && !isIgnored(filePath)) scheduleEmit(filePath);
+      })
+      .on('error', (err: unknown) => {
+        log.error('File watcher error:', err);
+      })
+      .on('ready', () => {
+        log.info(`Watching ${projectPath} for compliance-relevant changes`);
+      });
+  };
+  const stop = async (): Promise<void> => {
+    if (debounceTimer !== null) {
+      clearTimeout(debounceTimer);
+      debounceTimer = null;
+    }
+    if (watcher !== null) {
+      await watcher.close();
+      watcher = null;
+      log.info('File watcher stopped');
+    }
+  };
+  return { start, stop };
+};

package/src/infra/git-adapter.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import simpleGit from 'simple-git';
+import { ToolError } from '../types/errors.js';
+export interface GitResult {
+  readonly action: string;
+  readonly data: unknown;
+}
+export const gitOperation = async (
+  action: string,
+  args?: Record<string, unknown>,
+  cwd?: string,
+): Promise<GitResult> => {
+  const git = simpleGit(cwd);
+  switch (action) {
+    case 'status': {
+      const status = await git.status();
+      return {
+        action: 'status',
+        data: {
+          current: status.current,
+          tracking: status.tracking,
+          files: status.files.map((f) => ({
+            path: f.path,
+            index: f.index,
+            working_dir: f.working_dir,
+          })),
+          ahead: status.ahead,
+          behind: status.behind,
+        },
+      };
+    }
+    case 'diff': {
+      const staged = typeof args?.['staged'] === 'boolean' && args['staged'];
+      const diff = staged ? await git.diff(['--staged']) : await git.diff();
+      return { action: 'diff', data: { diff } };
+    }
+    case 'log': {
+      const maxCount = typeof args?.['maxCount'] === 'number' ? args['maxCount'] : 10;
+      const log = await git.log({ maxCount });
+      return {
+        action: 'log',
+        data: {
+          all: log.all.map((entry) => ({
+            hash: entry.hash,
+            date: entry.date,
+            message: entry.message,
+            author_name: entry.author_name,
+          })),
+        },
+      };
+    }
+    case 'add': {
+      const files = args?.['files'];
+      if (Array.isArray(files) && files.every((f): f is string => typeof f === 'string')) {
+        await git.add(files);
+      } else {
+        await git.add('.');
+      }
+      return { action: 'add', data: { success: true } };
+    }
+    case 'commit': {
+      const message = args?.['message'];
+      if (typeof message !== 'string' || message.length === 0) {
+        throw new ToolError('Commit message is required');
+      }
+      const result = await git.commit(message);
+      return {
+        action: 'commit',
+        data: { hash: result.commit, summary: result.summary },
+      };
+    }
+    case 'branch': {
+      const branches = await git.branch();
+      return {
+        action: 'branch',
+        data: {
+          current: branches.current,
+          all: branches.all,
+        },
+      };
+    }
+    default:
+      throw new ToolError(`Unknown git action: ${action}`);
+  }
+};

package/src/infra/git-history-adapter.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Infra adapter for GitHistoryPort.
+ * Uses child_process.execSync for git log analysis.
+ * Domain port defined in: domain/scanner/checks/git-history.ts
+ */
+import { execSync } from 'node:child_process';
+import type { GitHistoryPort } from '../domain/scanner/checks/git-history.js';
+export const createGitHistoryAdapter = (): GitHistoryPort => Object.freeze({
+  isGitRepo: (projectPath) => {
+    try {
+      execSync('git rev-parse --is-inside-work-tree', { cwd: projectPath, stdio: 'pipe' });
+      return true;
+    } catch {
+      return false;
+    }
+  },
+  listTrackedFiles: (projectPath) => {
+    try {
+      const output = execSync('git ls-files', { cwd: projectPath, encoding: 'utf-8' });
+      return output.trim().split('\n').filter(Boolean);
+    } catch {
+      return [];
+    }
+  },
+  getFileLog: (projectPath, filePath) => {
+    try {
+      const output = execSync(
+        `git log --follow --format="%H|%aI|%an" -- "${filePath}"`,
+        { cwd: projectPath, encoding: 'utf-8', timeout: 5000 },
+      );
+      return output.trim().split('\n').filter(Boolean).map((line) => {
+        const [hash = '', date = '', author = ''] = line.split('|');
+        return { hash, date, author };
+      });
+    } catch {
+      return [];
+    }
+  },
+});