npm - @complior/engine - Versions diffs - 0.9.0 - Mend

@complior/engine 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/.well-known/ai-compliance.json +16 -0
package/COMPLIANCE.md +64 -0
package/data/data-integrity.test.ts +75 -0
package/data/eval/eval-mappings.json +33 -0
package/data/llm/model-pricing.json +15 -0
package/data/llm/model-routing.json +36 -0
package/data/onboarding/risk-profile.json +17 -0
package/data/regulations/eu-ai-act/README.md +245 -0
package/data/regulations/eu-ai-act/applicability-tree.json +160 -0
package/data/regulations/eu-ai-act/cross-mapping.json +175 -0
package/data/regulations/eu-ai-act/localization.json +186 -0
package/data/regulations/eu-ai-act/obligations.json +3981 -0
package/data/regulations/eu-ai-act/regulation-meta.json +482 -0
package/data/regulations/eu-ai-act/scoring.json +342 -0
package/data/regulations/eu-ai-act/technical-requirements.json +2590 -0
package/data/regulations/eu-ai-act/timeline.json +160 -0
package/data/regulations/jurisdictions/at.json +15 -0
package/data/regulations/jurisdictions/be.json +15 -0
package/data/regulations/jurisdictions/bg.json +15 -0
package/data/regulations/jurisdictions/cy.json +15 -0
package/data/regulations/jurisdictions/cz.json +15 -0
package/data/regulations/jurisdictions/de.json +15 -0
package/data/regulations/jurisdictions/dk.json +15 -0
package/data/regulations/jurisdictions/ee.json +15 -0
package/data/regulations/jurisdictions/es.json +15 -0
package/data/regulations/jurisdictions/fi.json +15 -0
package/data/regulations/jurisdictions/fr.json +15 -0
package/data/regulations/jurisdictions/gr.json +15 -0
package/data/regulations/jurisdictions/hr.json +15 -0
package/data/regulations/jurisdictions/hu.json +15 -0
package/data/regulations/jurisdictions/ie.json +15 -0
package/data/regulations/jurisdictions/is.json +15 -0
package/data/regulations/jurisdictions/it.json +15 -0
package/data/regulations/jurisdictions/li.json +15 -0
package/data/regulations/jurisdictions/lt.json +15 -0
package/data/regulations/jurisdictions/lu.json +15 -0
package/data/regulations/jurisdictions/lv.json +15 -0
package/data/regulations/jurisdictions/mt.json +15 -0
package/data/regulations/jurisdictions/nl.json +15 -0
package/data/regulations/jurisdictions/no.json +15 -0
package/data/regulations/jurisdictions/pl.json +15 -0
package/data/regulations/jurisdictions/pt.json +15 -0
package/data/regulations/jurisdictions/ro.json +15 -0
package/data/regulations/jurisdictions/se.json +15 -0
package/data/regulations/jurisdictions/si.json +15 -0
package/data/regulations/jurisdictions/sk.json +15 -0
package/data/scanner/check-id-categories.json +81 -0
package/data/scanner/confidence-params.json +16 -0
package/data/scanner/limits.json +4 -0
package/data/schemas/http-contract-sample.json +79 -0
package/data/schemas/http-contract.json +144 -0
package/data/semgrep-rules/bare-call.yaml +37 -0
package/data/semgrep-rules/injection.yaml +73 -0
package/data/semgrep-rules/missing-error-handling.yaml +58 -0
package/data/semgrep-rules/unsafe-deser.yaml +65 -0
package/data/templates/eu-ai-act/ai-literacy.md +184 -0
package/data/templates/eu-ai-act/art5-screening.md +131 -0
package/data/templates/eu-ai-act/data-governance.md +145 -0
package/data/templates/eu-ai-act/declaration-of-conformity.md +161 -0
package/data/templates/eu-ai-act/fria.md +127 -0
package/data/templates/eu-ai-act/gpai-systemic-risk.md +150 -0
package/data/templates/eu-ai-act/gpai-transparency.md +166 -0
package/data/templates/eu-ai-act/incident-report.md +188 -0
package/data/templates/eu-ai-act/instructions-for-use.md +202 -0
package/data/templates/eu-ai-act/monitoring-policy.md +110 -0
package/data/templates/eu-ai-act/qms.md +180 -0
package/data/templates/eu-ai-act/risk-management-system.md +123 -0
package/data/templates/eu-ai-act/technical-documentation.md +287 -0
package/data/templates/eu-ai-act/worker-notification.md +143 -0
package/data/templates/policies/biometrics-ai-policy.md +214 -0
package/data/templates/policies/critical-infra-ai-policy.md +228 -0
package/data/templates/policies/education-ai-policy.md +184 -0
package/data/templates/policies/finance-ai-policy.md +191 -0
package/data/templates/policies/healthcare-ai-policy.md +197 -0
package/data/templates/policies/hr-ai-policy.md +178 -0
package/data/templates/policies/legal-ai-policy.md +189 -0
package/data/templates/policies/migration-ai-policy.md +239 -0
package/engine.log +7 -0
package/package.json +74 -0
package/src/composition-root.ts +791 -0
package/src/data/eval/conformity-tests.test.ts +122 -0
package/src/data/eval/ct-1-transparency.ts +106 -0
package/src/data/eval/ct-10-gpai.ts +25 -0
package/src/data/eval/ct-11-industry.ts +42 -0
package/src/data/eval/ct-2-oversight.ts +41 -0
package/src/data/eval/ct-3-explanation.ts +14 -0
package/src/data/eval/ct-4-bias.ts +83 -0
package/src/data/eval/ct-5-accuracy.ts +41 -0
package/src/data/eval/ct-6-robustness.ts +81 -0
package/src/data/eval/ct-7-prohibited.ts +52 -0
package/src/data/eval/ct-8-logging.ts +68 -0
package/src/data/eval/ct-9-risk-awareness.ts +33 -0
package/src/data/eval/deterministic-evaluator.ts +120 -0
package/src/data/eval/index.ts +55 -0
package/src/data/eval/judge-prompts.ts +146 -0
package/src/data/eval/llm-judged-tests.ts +279 -0
package/src/data/eval/llm-tests.test.ts +83 -0
package/src/data/eval/remediation/ct-1-transparency.ts +91 -0
package/src/data/eval/remediation/ct-10-gpai.ts +94 -0
package/src/data/eval/remediation/ct-11-industry.ts +94 -0
package/src/data/eval/remediation/ct-2-oversight.ts +71 -0
package/src/data/eval/remediation/ct-3-explanation.ts +70 -0
package/src/data/eval/remediation/ct-4-bias.ts +70 -0
package/src/data/eval/remediation/ct-5-accuracy.ts +70 -0
package/src/data/eval/remediation/ct-6-robustness.ts +70 -0
package/src/data/eval/remediation/ct-7-prohibited.ts +94 -0
package/src/data/eval/remediation/ct-8-logging.ts +94 -0
package/src/data/eval/remediation/ct-9-risk-awareness.ts +94 -0
package/src/data/eval/remediation/index.ts +89 -0
package/src/data/eval/remediation/owasp-art5.ts +15 -0
package/src/data/eval/remediation/owasp-llm01.ts +72 -0
package/src/data/eval/remediation/owasp-llm02.ts +72 -0
package/src/data/eval/remediation/owasp-llm03.ts +15 -0
package/src/data/eval/remediation/owasp-llm04.ts +15 -0
package/src/data/eval/remediation/owasp-llm05.ts +15 -0
package/src/data/eval/remediation/owasp-llm06.ts +15 -0
package/src/data/eval/remediation/owasp-llm07.ts +15 -0
package/src/data/eval/remediation/owasp-llm08.ts +15 -0
package/src/data/eval/remediation/owasp-llm09.ts +15 -0
package/src/data/eval/remediation/owasp-llm10.ts +15 -0
package/src/data/eval/remediation/remediation.test.ts +229 -0
package/src/data/eval/remediation/test-mapping.ts +290 -0
package/src/data/eval/security-rubrics.ts +381 -0
package/src/data/finding-explanations.json +453 -0
package/src/data/industry-patterns.ts +161 -0
package/src/data/registry-cards.ts +368 -0
package/src/data/regulation/index.ts +5 -0
package/src/data/regulation/jurisdiction-data.test.ts +73 -0
package/src/data/regulation/jurisdiction-data.ts +65 -0
package/src/data/regulation/regulation-data.ts +19 -0
package/src/data/regulation/regulation-loader.test.ts +107 -0
package/src/data/regulation/regulation-loader.ts +56 -0
package/src/data/scanner-constants.ts +46 -0
package/src/data/schemas/schemas-core.ts +140 -0
package/src/data/schemas/schemas-supplementary.ts +211 -0
package/src/data/schemas/schemas.ts +28 -0
package/src/data/security/attack-probes.test.ts +62 -0
package/src/data/security/attack-probes.ts +496 -0
package/src/data/security/eu-ai-act-security.ts +40 -0
package/src/data/security/index.ts +19 -0
package/src/data/security/mitre-atlas.test.ts +43 -0
package/src/data/security/mitre-atlas.ts +93 -0
package/src/data/security/nist-ai-rmf.ts +43 -0
package/src/data/security/owasp-llm-top10.test.ts +60 -0
package/src/data/security/owasp-llm-top10.ts +138 -0
package/src/data/template-registry.ts +53 -0
package/src/data/tool-versions.json +22 -0
package/src/domain/audit/audit-package.test.ts +152 -0
package/src/domain/audit/audit-package.ts +166 -0
package/src/domain/audit/audit-trail.test.ts +121 -0
package/src/domain/audit/audit-trail.ts +174 -0
package/src/domain/audit/index.ts +8 -0
package/src/domain/audit/permissions-matrix.test.ts +136 -0
package/src/domain/audit/permissions-matrix.ts +121 -0
package/src/domain/certification/adversarial/bias-tests.ts +95 -0
package/src/domain/certification/adversarial/evaluators.ts +304 -0
package/src/domain/certification/adversarial/index.ts +11 -0
package/src/domain/certification/adversarial/prompt-injection.ts +103 -0
package/src/domain/certification/adversarial/safety-boundary.ts +132 -0
package/src/domain/certification/aiuc1-readiness.test.ts +236 -0
package/src/domain/certification/aiuc1-readiness.ts +298 -0
package/src/domain/certification/aiuc1-requirements.ts +235 -0
package/src/domain/certification/index.ts +10 -0
package/src/domain/certification/redteam-runner.test.ts +97 -0
package/src/domain/certification/redteam-runner.ts +205 -0
package/src/domain/certification/test-runner.test.ts +232 -0
package/src/domain/certification/test-runner.ts +289 -0
package/src/domain/cost/cost-estimator.test.ts +187 -0
package/src/domain/cost/cost-estimator.ts +133 -0
package/src/domain/disclaimer.test.ts +52 -0
package/src/domain/disclaimer.ts +39 -0
package/src/domain/documents/ai-enricher.test.ts +120 -0
package/src/domain/documents/ai-enricher.ts +159 -0
package/src/domain/documents/document-generator.test.ts +318 -0
package/src/domain/documents/document-generator.ts +239 -0
package/src/domain/documents/index.ts +9 -0
package/src/domain/documents/passport-helpers.ts +25 -0
package/src/domain/documents/policy-generator.test.ts +252 -0
package/src/domain/documents/policy-generator.ts +94 -0
package/src/domain/documents/worker-notification-generator.test.ts +162 -0
package/src/domain/documents/worker-notification-generator.ts +141 -0
package/src/domain/eval/adapters/adapter-port.ts +94 -0
package/src/domain/eval/adapters/adapters.test.ts +303 -0
package/src/domain/eval/adapters/anthropic-adapter.ts +57 -0
package/src/domain/eval/adapters/auto-detect.ts +104 -0
package/src/domain/eval/adapters/create-chat-adapter.ts +106 -0
package/src/domain/eval/adapters/custom-adapter.ts +74 -0
package/src/domain/eval/adapters/http-adapter.ts +66 -0
package/src/domain/eval/adapters/index.ts +7 -0
package/src/domain/eval/adapters/ollama-adapter.ts +48 -0
package/src/domain/eval/adapters/openai-adapter.ts +58 -0
package/src/domain/eval/adapters/with-timeout.ts +25 -0
package/src/domain/eval/conformity-score.test.ts +161 -0
package/src/domain/eval/conformity-score.ts +135 -0
package/src/domain/eval/eval-constants.ts +55 -0
package/src/domain/eval/eval-evidence.test.ts +85 -0
package/src/domain/eval/eval-evidence.ts +103 -0
package/src/domain/eval/eval-fix-generator.test.ts +421 -0
package/src/domain/eval/eval-fix-generator.ts +205 -0
package/src/domain/eval/eval-passport.test.ts +82 -0
package/src/domain/eval/eval-passport.ts +89 -0
package/src/domain/eval/eval-remediation-report.test.ts +682 -0
package/src/domain/eval/eval-remediation-report.ts +170 -0
package/src/domain/eval/eval-report.ts +108 -0
package/src/domain/eval/eval-runner.test.ts +609 -0
package/src/domain/eval/eval-runner.ts +593 -0
package/src/domain/eval/eval-to-findings.test.ts +293 -0
package/src/domain/eval/eval-to-findings.ts +83 -0
package/src/domain/eval/index.ts +31 -0
package/src/domain/eval/llm-judge.test.ts +139 -0
package/src/domain/eval/llm-judge.ts +168 -0
package/src/domain/eval/remediation-types.ts +90 -0
package/src/domain/eval/security-integration.test.ts +196 -0
package/src/domain/eval/security-integration.ts +136 -0
package/src/domain/eval/types.test.ts +173 -0
package/src/domain/eval/types.ts +244 -0
package/src/domain/eval/verdict-utils.ts +45 -0
package/src/domain/fixer/create-fixer.ts +101 -0
package/src/domain/fixer/diff.ts +70 -0
package/src/domain/fixer/fix-history.ts +23 -0
package/src/domain/fixer/fixer.test.ts +306 -0
package/src/domain/fixer/index.ts +9 -0
package/src/domain/fixer/strategies/bandit-fix.ts +61 -0
package/src/domain/fixer/strategies/bias-testing.ts +49 -0
package/src/domain/fixer/strategies/ci-compliance.ts +57 -0
package/src/domain/fixer/strategies/content-marking.ts +45 -0
package/src/domain/fixer/strategies/cve-upgrade.ts +66 -0
package/src/domain/fixer/strategies/data-governance.ts +65 -0
package/src/domain/fixer/strategies/disclosure.ts +69 -0
package/src/domain/fixer/strategies/doc-code-sync.ts +53 -0
package/src/domain/fixer/strategies/documentation.ts +59 -0
package/src/domain/fixer/strategies/error-handler.ts +63 -0
package/src/domain/fixer/strategies/hitl-gate.ts +67 -0
package/src/domain/fixer/strategies/index.ts +61 -0
package/src/domain/fixer/strategies/kill-switch-test.ts +85 -0
package/src/domain/fixer/strategies/kill-switch.ts +53 -0
package/src/domain/fixer/strategies/license-fix.ts +57 -0
package/src/domain/fixer/strategies/log-retention.ts +40 -0
package/src/domain/fixer/strategies/logging.ts +59 -0
package/src/domain/fixer/strategies/metadata.ts +45 -0
package/src/domain/fixer/strategies/permission-guard.ts +84 -0
package/src/domain/fixer/strategies/record-keeping.ts +69 -0
package/src/domain/fixer/strategies/secret-rotation.ts +52 -0
package/src/domain/fixer/strategies.test.ts +341 -0
package/src/domain/fixer/template-engine.test.ts +64 -0
package/src/domain/fixer/template-engine.ts +38 -0
package/src/domain/fixer/types.ts +88 -0
package/src/domain/frameworks/aiuc1-framework.test.ts +159 -0
package/src/domain/frameworks/aiuc1-framework.ts +126 -0
package/src/domain/frameworks/collect-foundation-metrics.test.ts +96 -0
package/src/domain/frameworks/collect-foundation-metrics.ts +34 -0
package/src/domain/frameworks/eu-ai-act-framework.test.ts +117 -0
package/src/domain/frameworks/eu-ai-act-framework.ts +100 -0
package/src/domain/frameworks/framework-registry.test.ts +91 -0
package/src/domain/frameworks/framework-registry.ts +38 -0
package/src/domain/frameworks/index.ts +8 -0
package/src/domain/frameworks/mitre-atlas-framework.test.ts +53 -0
package/src/domain/frameworks/mitre-atlas-framework.ts +53 -0
package/src/domain/frameworks/owasp-llm-framework.test.ts +77 -0
package/src/domain/frameworks/owasp-llm-framework.ts +54 -0
package/src/domain/frameworks/score-plugin-framework.ts +117 -0
package/src/domain/fria/fria-generator.test.ts +273 -0
package/src/domain/fria/fria-generator.ts +366 -0
package/src/domain/import/promptfoo-importer.test.ts +103 -0
package/src/domain/import/promptfoo-importer.ts +151 -0
package/src/domain/onboarding/guided-onboarding.test.ts +144 -0
package/src/domain/onboarding/guided-onboarding.ts +135 -0
package/src/domain/passport/builder/domain-mapper.ts +9 -0
package/src/domain/passport/builder/manifest-builder.test.ts +546 -0
package/src/domain/passport/builder/manifest-builder.ts +535 -0
package/src/domain/passport/builder/manifest-diff.test.ts +105 -0
package/src/domain/passport/builder/manifest-diff.ts +89 -0
package/src/domain/passport/builder/manifest-files.ts +17 -0
package/src/domain/passport/crypto-signer.test.ts +93 -0
package/src/domain/passport/crypto-signer.ts +157 -0
package/src/domain/passport/discovery/agent-discovery.test.ts +296 -0
package/src/domain/passport/discovery/agent-discovery.ts +325 -0
package/src/domain/passport/discovery/autonomy-analyzer.test.ts +141 -0
package/src/domain/passport/discovery/autonomy-analyzer.ts +113 -0
package/src/domain/passport/discovery/permission-scanner.test.ts +191 -0
package/src/domain/passport/discovery/permission-scanner.ts +414 -0
package/src/domain/passport/export/a2a-mapper.ts +75 -0
package/src/domain/passport/export/aiuc1-mapper.ts +126 -0
package/src/domain/passport/export/export.test.ts +207 -0
package/src/domain/passport/export/index.ts +41 -0
package/src/domain/passport/export/nist-mapper.ts +227 -0
package/src/domain/passport/import/a2a-importer.test.ts +133 -0
package/src/domain/passport/import/a2a-importer.ts +156 -0
package/src/domain/passport/import/index.ts +2 -0
package/src/domain/passport/index.ts +32 -0
package/src/domain/passport/obligation-field-map.test.ts +113 -0
package/src/domain/passport/obligation-field-map.ts +117 -0
package/src/domain/passport/passport-validator.test.ts +156 -0
package/src/domain/passport/passport-validator.ts +126 -0
package/src/domain/passport/scan-to-compliance.test.ts +336 -0
package/src/domain/passport/scan-to-compliance.ts +166 -0
package/src/domain/passport/test-generator.test.ts +93 -0
package/src/domain/passport/test-generator.ts +136 -0
package/src/domain/proxy/index.ts +11 -0
package/src/domain/proxy/json-rpc.test.ts +72 -0
package/src/domain/proxy/json-rpc.ts +53 -0
package/src/domain/proxy/policy-engine.test.ts +259 -0
package/src/domain/proxy/policy-engine.ts +137 -0
package/src/domain/proxy/proxy-bridge.ts +125 -0
package/src/domain/proxy/proxy-interceptor.test.ts +184 -0
package/src/domain/proxy/proxy-interceptor.ts +120 -0
package/src/domain/proxy/proxy-types.ts +35 -0
package/src/domain/registry/compute-agent-score.test.ts +279 -0
package/src/domain/registry/compute-agent-score.ts +162 -0
package/src/domain/reporter/audit-report.test.ts +87 -0
package/src/domain/reporter/audit-report.ts +116 -0
package/src/domain/reporter/badge-generator.test.ts +54 -0
package/src/domain/reporter/badge-generator.ts +40 -0
package/src/domain/reporter/compliance-md.ts +45 -0
package/src/domain/reporter/index.ts +7 -0
package/src/domain/reporter/pdf-renderer.ts +282 -0
package/src/domain/reporter/share.test.ts +92 -0
package/src/domain/reporter/share.ts +80 -0
package/src/domain/scanner/ast/swc-analyzer.test.ts +49 -0
package/src/domain/scanner/ast/swc-analyzer.ts +124 -0
package/src/domain/scanner/attestations.ts +97 -0
package/src/domain/scanner/checks/ai-disclosure.test.ts +90 -0
package/src/domain/scanner/checks/ai-disclosure.ts +54 -0
package/src/domain/scanner/checks/ai-literacy.ts +163 -0
package/src/domain/scanner/checks/behavioral-constraints.test.ts +167 -0
package/src/domain/scanner/checks/behavioral-constraints.ts +86 -0
package/src/domain/scanner/checks/compliance-metadata.ts +63 -0
package/src/domain/scanner/checks/content-marking.ts +74 -0
package/src/domain/scanner/checks/dep-deep-scan.test.ts +318 -0
package/src/domain/scanner/checks/dep-deep-scan.ts +137 -0
package/src/domain/scanner/checks/documentation.test.ts +88 -0
package/src/domain/scanner/checks/documentation.ts +79 -0
package/src/domain/scanner/checks/git-history.test.ts +120 -0
package/src/domain/scanner/checks/git-history.ts +163 -0
package/src/domain/scanner/checks/gpai-systemic-risk.test.ts +84 -0
package/src/domain/scanner/checks/gpai-systemic-risk.ts +98 -0
package/src/domain/scanner/checks/gpai-transparency.ts +94 -0
package/src/domain/scanner/checks/index.ts +28 -0
package/src/domain/scanner/checks/industry/index.ts +40 -0
package/src/domain/scanner/checks/industry/industry.test.ts +287 -0
package/src/domain/scanner/checks/interaction-logging.test.ts +113 -0
package/src/domain/scanner/checks/interaction-logging.ts +142 -0
package/src/domain/scanner/checks/nhi-scanner.test.ts +158 -0
package/src/domain/scanner/checks/nhi-scanner.ts +78 -0
package/src/domain/scanner/checks/passport-completeness.test.ts +127 -0
package/src/domain/scanner/checks/passport-completeness.ts +82 -0
package/src/domain/scanner/checks/passport-presence.test.ts +56 -0
package/src/domain/scanner/checks/passport-presence.ts +78 -0
package/src/domain/scanner/checks/pattern-check-factory.ts +70 -0
package/src/domain/scanner/checks/permission-scanner.test.ts +279 -0
package/src/domain/scanner/checks/permission-scanner.ts +90 -0
package/src/domain/scanner/checks/presence-check-factory.test.ts +124 -0
package/src/domain/scanner/checks/presence-check-factory.ts +275 -0
package/src/domain/scanner/compliance-diff.test.ts +165 -0
package/src/domain/scanner/compliance-diff.ts +138 -0
package/src/domain/scanner/confidence.test.ts +235 -0
package/src/domain/scanner/confidence.ts +156 -0
package/src/domain/scanner/constants.ts +13 -0
package/src/domain/scanner/create-scanner.ts +573 -0
package/src/domain/scanner/cross-layer.test.ts +372 -0
package/src/domain/scanner/cross-layer.ts +232 -0
package/src/domain/scanner/data/ai-packages.ts +82 -0
package/src/domain/scanner/debt-calculator.test.ts +89 -0
package/src/domain/scanner/debt-calculator.ts +111 -0
package/src/domain/scanner/drift.test.ts +191 -0
package/src/domain/scanner/drift.ts +73 -0
package/src/domain/scanner/evidence-store.test.ts +207 -0
package/src/domain/scanner/evidence-store.ts +195 -0
package/src/domain/scanner/evidence.test.ts +104 -0
package/src/domain/scanner/evidence.ts +71 -0
package/src/domain/scanner/external/bandit-runner.test.ts +45 -0
package/src/domain/scanner/external/bandit-runner.ts +90 -0
package/src/domain/scanner/external/checks.ts +321 -0
package/src/domain/scanner/external/dedup.test.ts +79 -0
package/src/domain/scanner/external/dedup.ts +94 -0
package/src/domain/scanner/external/detect-secrets-runner.test.ts +58 -0
package/src/domain/scanner/external/detect-secrets-runner.ts +81 -0
package/src/domain/scanner/external/external-scanner.test.ts +221 -0
package/src/domain/scanner/external/external-scanner.ts +36 -0
package/src/domain/scanner/external/finding-mapper.test.ts +95 -0
package/src/domain/scanner/external/finding-mapper.ts +138 -0
package/src/domain/scanner/external/index.ts +15 -0
package/src/domain/scanner/external/mappings.ts +93 -0
package/src/domain/scanner/external/modelscan-runner.test.ts +35 -0
package/src/domain/scanner/external/modelscan-runner.ts +101 -0
package/src/domain/scanner/external/path-utils.ts +8 -0
package/src/domain/scanner/external/runner-port.ts +45 -0
package/src/domain/scanner/external/semgrep-runner.test.ts +52 -0
package/src/domain/scanner/external/semgrep-runner.ts +94 -0
package/src/domain/scanner/external/types.ts +32 -0
package/src/domain/scanner/finding-attribution.test.ts +444 -0
package/src/domain/scanner/finding-attribution.ts +195 -0
package/src/domain/scanner/finding-explainer.test.ts +157 -0
package/src/domain/scanner/finding-explainer.ts +73 -0
package/src/domain/scanner/fix-diff-builder.test.ts +272 -0
package/src/domain/scanner/fix-diff-builder.ts +477 -0
package/src/domain/scanner/import-graph.test.ts +162 -0
package/src/domain/scanner/import-graph.ts +198 -0
package/src/domain/scanner/languages/adapter.test.ts +105 -0
package/src/domain/scanner/languages/adapter.ts +239 -0
package/src/domain/scanner/layers/index.ts +24 -0
package/src/domain/scanner/layers/layer1-files.ts +54 -0
package/src/domain/scanner/layers/layer2-docs.test.ts +1207 -0
package/src/domain/scanner/layers/layer2-docs.ts +297 -0
package/src/domain/scanner/layers/layer2-parsing.ts +217 -0
package/src/domain/scanner/layers/layer3-config.test.ts +187 -0
package/src/domain/scanner/layers/layer3-config.ts +279 -0
package/src/domain/scanner/layers/layer3-parsers.ts +73 -0
package/src/domain/scanner/layers/layer4-patterns.test.ts +397 -0
package/src/domain/scanner/layers/layer4-patterns.ts +216 -0
package/src/domain/scanner/layers/layer5-docs.test.ts +99 -0
package/src/domain/scanner/layers/layer5-docs.ts +250 -0
package/src/domain/scanner/layers/layer5-llm.test.ts +146 -0
package/src/domain/scanner/layers/layer5-llm.ts +262 -0
package/src/domain/scanner/layers/layer5-targeted.test.ts +93 -0
package/src/domain/scanner/layers/layer5-targeted.ts +233 -0
package/src/domain/scanner/layers/lockfile-parsers.test.ts +320 -0
package/src/domain/scanner/layers/lockfile-parsers.ts +184 -0
package/src/domain/scanner/regulation-version.test.ts +54 -0
package/src/domain/scanner/regulation-version.ts +23 -0
package/src/domain/scanner/role-filter.test.ts +116 -0
package/src/domain/scanner/role-filter.ts +51 -0
package/src/domain/scanner/rules/banned-packages-data.ts +553 -0
package/src/domain/scanner/rules/banned-packages-sdk.ts +65 -0
package/src/domain/scanner/rules/banned-packages.test.ts +249 -0
package/src/domain/scanner/rules/banned-packages.ts +55 -0
package/src/domain/scanner/rules/comment-filter.test.ts +115 -0
package/src/domain/scanner/rules/comment-filter.ts +297 -0
package/src/domain/scanner/rules/index.ts +9 -0
package/src/domain/scanner/rules/nhi-patterns.test.ts +128 -0
package/src/domain/scanner/rules/nhi-patterns.ts +60 -0
package/src/domain/scanner/rules/pattern-rules.ts +1152 -0
package/src/domain/scanner/sbom.test.ts +136 -0
package/src/domain/scanner/sbom.ts +103 -0
package/src/domain/scanner/scan-cache.test.ts +136 -0
package/src/domain/scanner/scan-cache.ts +115 -0
package/src/domain/scanner/scanner.test.ts +125 -0
package/src/domain/scanner/score-calculator.test.ts +363 -0
package/src/domain/scanner/score-calculator.ts +189 -0
package/src/domain/scanner/security-score.test.ts +107 -0
package/src/domain/scanner/security-score.ts +116 -0
package/src/domain/scanner/source-filter.ts +24 -0
package/src/domain/scanner/validators.ts +223 -0
package/src/domain/shared/compliance-constants.ts +48 -0
package/src/domain/shared/disclosure-patterns.ts +16 -0
package/src/domain/shared/index.ts +6 -0
package/src/domain/shared/parse-dependencies.ts +21 -0
package/src/domain/supply-chain/dependency-analyzer.ts +138 -0
package/src/domain/supply-chain/index.ts +3 -0
package/src/domain/supply-chain/supply-chain.test.ts +211 -0
package/src/domain/supply-chain/types.ts +32 -0
package/src/domain/whatif/config-fixer.ts +187 -0
package/src/domain/whatif/index.ts +6 -0
package/src/domain/whatif/scenario-engine.ts +121 -0
package/src/domain/whatif/simulate-actions.test.ts +161 -0
package/src/domain/whatif/simulate-actions.ts +114 -0
package/src/domain/whatif/whatif.test.ts +135 -0
package/src/e2e/gaps-e2e.test.ts +259 -0
package/src/e2e/smoke.test.ts +101 -0
package/src/hooks/hooks-export.test.ts +81 -0
package/src/hooks/installer.ts +113 -0
package/src/http/cors.test.ts +38 -0
package/src/http/create-router.ts +259 -0
package/src/http/routes/agent.route.ts +380 -0
package/src/http/routes/audit.route.ts +66 -0
package/src/http/routes/badge.route.ts +23 -0
package/src/http/routes/cert.route.ts +66 -0
package/src/http/routes/chat.route.ts +228 -0
package/src/http/routes/cost.route.ts +33 -0
package/src/http/routes/debt.route.ts +29 -0
package/src/http/routes/disclaimer.route.ts +64 -0
package/src/http/routes/eval.route.ts +161 -0
package/src/http/routes/events.route.test.ts +108 -0
package/src/http/routes/events.route.ts +71 -0
package/src/http/routes/external-scan.route.ts +24 -0
package/src/http/routes/file.route.ts +54 -0
package/src/http/routes/fix.route.ts +219 -0
package/src/http/routes/frameworks.route.test.ts +66 -0
package/src/http/routes/frameworks.route.ts +36 -0
package/src/http/routes/git.route.ts +27 -0
package/src/http/routes/guided-onboarding.route.ts +65 -0
package/src/http/routes/import.route.ts +64 -0
package/src/http/routes/jurisdiction.route.ts +22 -0
package/src/http/routes/obligations.route.test.ts +122 -0
package/src/http/routes/obligations.route.ts +110 -0
package/src/http/routes/onboarding.route.ts +53 -0
package/src/http/routes/provider.route.ts +42 -0
package/src/http/routes/proxy.route.ts +40 -0
package/src/http/routes/redteam.route.ts +84 -0
package/src/http/routes/report.route.ts +29 -0
package/src/http/routes/scan.route.ts +104 -0
package/src/http/routes/share.route.ts +44 -0
package/src/http/routes/shell.route.ts +27 -0
package/src/http/routes/status.route.ts +66 -0
package/src/http/routes/supply-chain.route.ts +121 -0
package/src/http/routes/sync.route.ts +328 -0
package/src/http/routes/tools.route.ts +29 -0
package/src/http/routes/whatif.route.ts +96 -0
package/src/http/utils/validation.ts +31 -0
package/src/index.ts +1 -0
package/src/infra/bundle-fetcher.ts +77 -0
package/src/infra/cache-storage.ts +34 -0
package/src/infra/event-bus.ts +31 -0
package/src/infra/file-collector.ts +61 -0
package/src/infra/file-ops-adapter.ts +95 -0
package/src/infra/file-watcher.test.ts +90 -0
package/src/infra/file-watcher.ts +106 -0
package/src/infra/git-adapter.ts +93 -0
package/src/infra/git-history-adapter.ts +41 -0
package/src/infra/headless-browser.ts +178 -0
package/src/infra/llm-adapter.test.ts +83 -0
package/src/infra/llm-adapter.ts +86 -0
package/src/infra/logger.ts +27 -0
package/src/infra/project-config.test.ts +74 -0
package/src/infra/project-config.ts +35 -0
package/src/infra/rate-limiter.test.ts +36 -0
package/src/infra/rate-limiter.ts +34 -0
package/src/infra/retry.ts +46 -0
package/src/infra/saas-client.ts +123 -0
package/src/infra/search-adapter.ts +113 -0
package/src/infra/shell-adapter.ts +68 -0
package/src/infra/tool-manager.test.ts +99 -0
package/src/infra/tool-manager.ts +197 -0
package/src/llm/agents/agent-modes.test.ts +44 -0
package/src/llm/agents/modes.ts +68 -0
package/src/llm/routing/cost-routing.test.ts +37 -0
package/src/llm/routing/cost-tracker.ts +74 -0
package/src/llm/routing/model-routing.test.ts +79 -0
package/src/llm/routing/model-routing.ts +38 -0
package/src/llm/routing/pricing.ts +19 -0
package/src/llm/sse-protocol.ts +77 -0
package/src/llm/tool-definitions.ts +83 -0
package/src/llm/tool-executors.ts +80 -0
package/src/llm/tools/types.ts +13 -0
package/src/mcp/create-mcp-stack.ts +82 -0
package/src/mcp/handlers.ts +245 -0
package/src/mcp/index.ts +28 -0
package/src/mcp/mcp-server.test.ts +80 -0
package/src/mcp/server.ts +79 -0
package/src/mcp/tools.ts +48 -0
package/src/onboarding/auto-detect.ts +164 -0
package/src/onboarding/onboarding.test.ts +89 -0
package/src/onboarding/profile.ts +169 -0
package/src/onboarding/questions.ts +112 -0
package/src/onboarding/wizard.ts +66 -0
package/src/output/github-issue.ts +32 -0
package/src/output/json-output.ts +67 -0
package/src/ports/browser.port.ts +23 -0
package/src/ports/events.port.ts +28 -0
package/src/ports/llm.port.ts +23 -0
package/src/ports/logger.port.ts +6 -0
package/src/ports/process.port.ts +6 -0
package/src/ports/scanner.port.ts +15 -0
package/src/server.ts +134 -0
package/src/services/badge-service.ts +67 -0
package/src/services/chat-service.test.ts +162 -0
package/src/services/chat-service.ts +152 -0
package/src/services/cost-service.ts +52 -0
package/src/services/debt-service.ts +65 -0
package/src/services/eval-integration.test.ts +132 -0
package/src/services/eval-service.test.ts +373 -0
package/src/services/eval-service.ts +463 -0
package/src/services/external-scan-service.ts +60 -0
package/src/services/file-service.ts +37 -0
package/src/services/fix-service.test.ts +470 -0
package/src/services/fix-service.ts +648 -0
package/src/services/framework-service.test.ts +159 -0
package/src/services/framework-service.ts +67 -0
package/src/services/onboarding-service.ts +165 -0
package/src/services/passport-audit.ts +244 -0
package/src/services/passport-documents.ts +258 -0
package/src/services/passport-service-utils.ts +72 -0
package/src/services/passport-service.test.ts +251 -0
package/src/services/passport-service.ts +339 -0
package/src/services/proxy-service.ts +81 -0
package/src/services/report-service.ts +72 -0
package/src/services/scan-service.test.ts +470 -0
package/src/services/scan-service.ts +335 -0
package/src/services/share-service.ts +108 -0
package/src/services/shared/backup.ts +23 -0
package/src/services/status-service.ts +38 -0
package/src/services/undo-service.test.ts +190 -0
package/src/services/undo-service.ts +144 -0
package/src/test-helpers/factories.ts +116 -0
package/src/types/common.schemas.ts +147 -0
package/src/types/common.types.ts +292 -0
package/src/types/contract.test.ts +217 -0
package/src/types/errors.ts +52 -0
package/src/types/framework.types.ts +87 -0
package/src/types/passport-schemas.ts +241 -0
package/src/types/passport.types.ts +296 -0
package/src/version.ts +1 -0
package/tsconfig.json +20 -0
package/vitest.config.ts +9 -0

package/src/domain/eval/adapters/adapters.test.ts ADDED Viewed

@@ -0,0 +1,303 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { createHttpAdapter } from './http-adapter.js';
+import { createOpenAIAdapter } from './openai-adapter.js';
+import { createAnthropicAdapter } from './anthropic-adapter.js';
+import { createOllamaAdapter } from './ollama-adapter.js';
+import { createCustomAdapter } from './custom-adapter.js';
+import { autoDetectAdapter } from './auto-detect.js';
+import { safeJsonParse, AdapterError, withRetry } from './adapter-port.js';
+// ── Mock fetch ──────────────────────────────────────────────────
+const mockFetch = vi.fn();
+beforeEach(() => {
+  vi.stubGlobal('fetch', mockFetch);
+});
+afterEach(() => {
+  vi.restoreAllMocks();
+});
+const jsonResponse = (body: unknown, status = 200, headers: Record<string, string> = {}) => ({
+  ok: status >= 200 && status < 300,
+  status,
+  json: async () => body,
+  headers: new Map(Object.entries(headers)),
+});
+// ── HTTP Adapter ────────────────────────────────────────────────
+describe('createHttpAdapter', () => {
+  it('sends probe as {message}', async () => {
+    mockFetch.mockResolvedValue(jsonResponse({ response: 'I am an AI assistant.' }));
+    const adapter = createHttpAdapter('http://localhost:4000/api/chat');
+    const result = await adapter.send('Who are you?');
+    expect(result.text).toBe('I am an AI assistant.');
+    expect(result.status).toBe(200);
+    expect(result.latencyMs).toBeGreaterThanOrEqual(0);
+    const body = JSON.parse(mockFetch.mock.calls[0]![1]!.body as string);
+    expect(body.message).toBe('Who are you?');
+  });
+  it('falls back to JSON.stringify for unknown response shape', async () => {
+    mockFetch.mockResolvedValue(jsonResponse({ data: { text: 'hello' } }));
+    const adapter = createHttpAdapter('http://localhost:4000');
+    const result = await adapter.send('test');
+    expect(result.text).toContain('hello');
+  });
+  it('sendMultiTurn sends sequential probes', async () => {
+    mockFetch
+      .mockResolvedValueOnce(jsonResponse({ response: 'First' }))
+      .mockResolvedValueOnce(jsonResponse({ response: 'Second' }));
+    const adapter = createHttpAdapter('http://localhost:4000');
+    const results = await adapter.sendMultiTurn(['probe1', 'probe2']);
+    expect(results).toHaveLength(2);
+    expect(results[0]!.text).toBe('First');
+    expect(results[1]!.text).toBe('Second');
+  });
+  it('has name "http"', () => {
+    const adapter = createHttpAdapter('http://localhost:4000');
+    expect(adapter.name).toBe('http');
+  });
+});
+// ── OpenAI Adapter ──────────────────────────────────────────────
+describe('createOpenAIAdapter', () => {
+  it('sends to /v1/chat/completions', async () => {
+    mockFetch.mockResolvedValue(jsonResponse({
+      choices: [{ message: { content: 'Hello from GPT' } }],
+    }));
+    const adapter = createOpenAIAdapter('http://localhost:4000', 'gpt-4o', 'sk-test');
+    const result = await adapter.send('Hello');
+    expect(result.text).toBe('Hello from GPT');
+    expect(mockFetch.mock.calls[0]![0]).toBe('http://localhost:4000/v1/chat/completions');
+    const headers = mockFetch.mock.calls[0]![1]!.headers as Record<string, string>;
+    expect(headers['Authorization']).toBe('Bearer sk-test');
+  });
+  it('supports multi-turn with conversation history', async () => {
+    mockFetch
+      .mockResolvedValueOnce(jsonResponse({ choices: [{ message: { content: 'Turn 1' } }] }))
+      .mockResolvedValueOnce(jsonResponse({ choices: [{ message: { content: 'Turn 2' } }] }));
+    const adapter = createOpenAIAdapter('http://localhost:4000');
+    const results = await adapter.sendMultiTurn(['first', 'second']);
+    expect(results).toHaveLength(2);
+    // Second call should include conversation history
+    const body2 = JSON.parse(mockFetch.mock.calls[1]![1]!.body as string);
+    expect(body2.messages).toHaveLength(3); // user, assistant, user
+  });
+  it('has name "openai"', () => {
+    expect(createOpenAIAdapter('http://localhost:4000').name).toBe('openai');
+  });
+});
+// ── Anthropic Adapter ───────────────────────────────────────────
+describe('createAnthropicAdapter', () => {
+  it('sends to /v1/messages with anthropic headers', async () => {
+    mockFetch.mockResolvedValue(jsonResponse({
+      content: [{ type: 'text', text: 'Hello from Claude' }],
+    }));
+    const adapter = createAnthropicAdapter('http://localhost:4000', 'claude-sonnet-4-20250514', 'sk-ant-test');
+    const result = await adapter.send('Hello');
+    expect(result.text).toBe('Hello from Claude');
+    const headers = mockFetch.mock.calls[0]![1]!.headers as Record<string, string>;
+    expect(headers['x-api-key']).toBe('sk-ant-test');
+    expect(headers['anthropic-version']).toBe('2023-06-01');
+  });
+  it('has name "anthropic"', () => {
+    expect(createAnthropicAdapter('http://localhost:4000').name).toBe('anthropic');
+  });
+});
+// ── Ollama Adapter ──────────────────────────────────────────────
+describe('createOllamaAdapter', () => {
+  it('sends to /api/chat with stream:false', async () => {
+    mockFetch.mockResolvedValue(jsonResponse({
+      message: { content: 'Hello from Llama' },
+    }));
+    const adapter = createOllamaAdapter('http://localhost:11434', 'llama3');
+    const result = await adapter.send('Hello');
+    expect(result.text).toBe('Hello from Llama');
+    const body = JSON.parse(mockFetch.mock.calls[0]![1]!.body as string);
+    expect(body.stream).toBe(false);
+    expect(body.model).toBe('llama3');
+  });
+  it('has name "ollama"', () => {
+    expect(createOllamaAdapter('http://localhost:11434').name).toBe('ollama');
+  });
+});
+// ── Custom Adapter ──────────────────────────────────────────────
+describe('createCustomAdapter', () => {
+  it('replaces {{probe}} in template', async () => {
+    mockFetch.mockResolvedValue(jsonResponse({ data: { output: 'Custom response' } }));
+    const adapter = createCustomAdapter(
+      'http://localhost:4000/custom',
+      { input: { text: '{{probe}}' } },
+      'data.output',
+    );
+    const result = await adapter.send('Test probe');
+    expect(result.text).toBe('Custom response');
+    const body = JSON.parse(mockFetch.mock.calls[0]![1]!.body as string);
+    expect(body.input.text).toBe('Test probe');
+  });
+  it('has name "custom"', () => {
+    const adapter = createCustomAdapter('http://localhost:4000', {}, 'response');
+    expect(adapter.name).toBe('custom');
+  });
+});
+// ── Auto-detect ─────────────────────────────────────────────────
+describe('autoDetectAdapter', () => {
+  it('detects openai:// protocol hint', async () => {
+    const adapter = await autoDetectAdapter('openai://localhost:4000', 'gpt-4o', 'sk-test');
+    expect(adapter.name).toBe('openai');
+  });
+  it('detects anthropic:// protocol hint', async () => {
+    const adapter = await autoDetectAdapter('anthropic://localhost:4000');
+    expect(adapter.name).toBe('anthropic');
+  });
+  it('detects ollama:// protocol hint', async () => {
+    const adapter = await autoDetectAdapter('ollama://localhost:11434');
+    expect(adapter.name).toBe('ollama');
+  });
+  it('probes /v1/models for OpenAI', async () => {
+    mockFetch.mockImplementation(async (url: string) => {
+      if (url.includes('/v1/models')) return { status: 200 };
+      return { status: 404 };
+    });
+    const adapter = await autoDetectAdapter('http://localhost:4000');
+    expect(adapter.name).toBe('openai');
+  });
+  it('probes /api/tags for Ollama', async () => {
+    mockFetch.mockImplementation(async (url: string) => {
+      if (url.includes('/v1/models')) throw new Error('not found');
+      if (url.includes('/api/tags')) return { status: 200 };
+      return { status: 404 };
+    });
+    const adapter = await autoDetectAdapter('http://localhost:11434');
+    expect(adapter.name).toBe('ollama');
+  });
+  it('falls back to http adapter', async () => {
+    mockFetch.mockRejectedValue(new Error('connection refused'));
+    const adapter = await autoDetectAdapter('http://localhost:9999');
+    expect(adapter.name).toBe('http');
+  });
+});
+// ── safeJsonParse ──────────────────────────────────────────────
+describe('safeJsonParse', () => {
+  it('parses valid JSON from 200 response', async () => {
+    const res = { ok: true, status: 200, json: async () => ({ data: 'ok' }) } as unknown as Response;
+    const result = await safeJsonParse(res);
+    expect(result).toEqual({ data: 'ok' });
+  });
+  it('throws AdapterError for 429 rate limit', async () => {
+    const res = { ok: false, status: 429, json: async () => { throw new Error('not json'); } } as unknown as Response;
+    await expect(safeJsonParse(res)).rejects.toThrow(AdapterError);
+    await expect(safeJsonParse(res)).rejects.toThrow('429');
+  });
+  it('throws AdapterError for 500 with JSON error body', async () => {
+    const res = { ok: false, status: 500, json: async () => ({ error: { message: 'overloaded' } }) } as unknown as Response;
+    await expect(safeJsonParse(res)).rejects.toThrow('overloaded');
+  });
+  it('AdapterError.retryable is true for 429 and 5xx', () => {
+    expect(new AdapterError(429, 'rate limited').retryable).toBe(true);
+    expect(new AdapterError(500, 'server error').retryable).toBe(true);
+    expect(new AdapterError(502, 'bad gateway').retryable).toBe(true);
+    expect(new AdapterError(400, 'bad request').retryable).toBe(false);
+    expect(new AdapterError(401, 'unauthorized').retryable).toBe(false);
+  });
+});
+// ── withRetry ──────────────────────────────────────────────────
+describe('withRetry', () => {
+  it('returns immediately on success', async () => {
+    const fn = vi.fn().mockResolvedValue('ok');
+    const result = await withRetry(fn, 2, 1);
+    expect(result).toBe('ok');
+    expect(fn).toHaveBeenCalledTimes(1);
+  });
+  it('retries on retryable AdapterError', async () => {
+    const fn = vi.fn()
+      .mockRejectedValueOnce(new AdapterError(429, 'rate limited'))
+      .mockResolvedValue('ok');
+    const result = await withRetry(fn, 2, 1);
+    expect(result).toBe('ok');
+    expect(fn).toHaveBeenCalledTimes(2);
+  });
+  it('does not retry on non-retryable AdapterError', async () => {
+    const fn = vi.fn().mockRejectedValue(new AdapterError(400, 'bad request'));
+    await expect(withRetry(fn, 2, 1)).rejects.toThrow('bad request');
+    expect(fn).toHaveBeenCalledTimes(1);
+  });
+  it('does not retry on non-AdapterError', async () => {
+    const fn = vi.fn().mockRejectedValue(new Error('network error'));
+    await expect(withRetry(fn, 2, 1)).rejects.toThrow('network error');
+    expect(fn).toHaveBeenCalledTimes(1);
+  });
+  it('gives up after max retries', async () => {
+    const fn = vi.fn().mockRejectedValue(new AdapterError(503, 'unavailable'));
+    await expect(withRetry(fn, 2, 1)).rejects.toThrow('unavailable');
+    expect(fn).toHaveBeenCalledTimes(3); // 1 initial + 2 retries
+  });
+});
+// ── Adapter error resilience ───────────────────────────────────
+describe('adapter error resilience', () => {
+  it('openai adapter throws descriptive error on HTML rate-limit response', async () => {
+    mockFetch.mockResolvedValue({
+      ok: false, status: 429,
+      json: async () => { throw new SyntaxError('Unexpected token <'); },
+      headers: new Map(),
+    });
+    const adapter = createOpenAIAdapter('http://localhost:4000', 'gpt-4o', 'sk-test');
+    await expect(adapter.send('test')).rejects.toThrow('API error 429');
+  });
+  it('anthropic adapter throws descriptive error on 500', async () => {
+    mockFetch.mockResolvedValue({
+      ok: false, status: 500,
+      json: async () => ({ error: { message: 'internal error' } }),
+      headers: new Map(),
+    });
+    const adapter = createAnthropicAdapter('http://localhost:4000');
+    await expect(adapter.send('test')).rejects.toThrow('internal error');
+  });
+});

package/src/domain/eval/adapters/anthropic-adapter.ts ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Anthropic-compatible adapter — sends to `/v1/messages` format.
+ */
+import type { TargetAdapter } from './adapter-port.js';
+import { createChatAdapter } from './create-chat-adapter.js';
+const DEFAULT_TIMEOUT = 30_000;
+const DEFAULT_MODEL = 'claude-sonnet-4-20250514';
+export const createAnthropicAdapter = (
+  baseUrl: string,
+  model?: string,
+  apiKey?: string,
+): TargetAdapter => {
+  const endpoint = baseUrl.replace(/\/$/, '') + '/v1/messages';
+  const effectiveModel = model ?? DEFAULT_MODEL;
+  const buildHeaders = (): Record<string, string> => {
+    const h: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'anthropic-version': '2023-06-01',
+    };
+    if (apiKey) h['x-api-key'] = apiKey;
+    return h;
+  };
+  return createChatAdapter({
+    name: 'anthropic',
+    endpoint,
+    defaultTimeout: DEFAULT_TIMEOUT,
+    buildHeaders,
+    // Anthropic: system prompt goes in body, not in messages
+    buildInitialMessages: (probe) => [{ role: 'user', content: probe }],
+    buildMultiTurnPrefix: () => [],
+    buildBody: (messages, options) => {
+      const body: Record<string, unknown> = {
+        model: effectiveModel,
+        max_tokens: options?.maxTokens ?? 2048,
+        messages,
+      };
+      if (options?.systemPrompt) body.system = options.systemPrompt;
+      if (options?.temperature !== undefined) body.temperature = options.temperature;
+      return body;
+    },
+    extractText: (raw) => {
+      const content = raw.content as { type?: string; text?: string }[] | undefined;
+      return content?.find((c) => c.type === 'text')?.text ?? '';
+    },
+    healthCheck: {
+      url: endpoint,
+      method: 'POST',
+      headers: buildHeaders,
+      body: { model: effectiveModel, max_tokens: 1, messages: [{ role: 'user', content: 'ping' }] },
+      isHealthy: (status) => status < 500,
+    },
+  });
+};

package/src/domain/eval/adapters/auto-detect.ts ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * Auto-detect adapter — probes the target URL to determine which adapter to use.
+ *
+ * Detection order:
+ *   1. Custom adapter (if requestTemplate + responsePath provided)
+ *   2. URL protocol hint (openai://, anthropic://, ollama://)
+ *   3. /v1/models → OpenAI-compatible
+ *   4. /api/tags → Ollama
+ *   5. Fallback → Generic HTTP
+ */
+import type { TargetAdapter } from './adapter-port.js';
+import { withTimeout } from './with-timeout.js';
+import { createHttpAdapter } from './http-adapter.js';
+import { createOpenAIAdapter } from './openai-adapter.js';
+import { createAnthropicAdapter } from './anthropic-adapter.js';
+import { createOllamaAdapter } from './ollama-adapter.js';
+import { createCustomAdapter } from './custom-adapter.js';
+export interface AutoDetectOptions {
+  readonly model?: string;
+  readonly apiKey?: string;
+  readonly requestTemplate?: string;
+  readonly responsePath?: string;
+  readonly headers?: string;
+}
+/** Parse protocol-hinted URLs like openai://localhost:4000 → http://localhost:4000 */
+const parseProtocolHint = (url: string): { protocol: string; httpUrl: string } | null => {
+  const match = url.match(/^(openai|anthropic|ollama):\/\/(.+)/);
+  if (!match) return null;
+  const protocol = match[1]!;
+  const rest = match[2]!;
+  const httpUrl = rest.startsWith('http') ? rest : `http://${rest}`;
+  return { protocol, httpUrl };
+};
+const tryFetch = async (url: string, timeout = 3000): Promise<boolean> => {
+  try {
+    return await withTimeout(async (signal) => {
+      const res = await fetch(url, { signal });
+      return res.status === 200;
+    }, timeout);
+  } catch {
+    return false;
+  }
+};
+export const autoDetectAdapter = async (
+  url: string,
+  modelOrOpts?: string | AutoDetectOptions,
+  apiKey?: string,
+): Promise<TargetAdapter> => {
+  // Normalize overloaded params
+  const opts: AutoDetectOptions = typeof modelOrOpts === 'string'
+    ? { model: modelOrOpts, apiKey }
+    : modelOrOpts ?? {};
+  const model = opts.model;
+  const key = opts.apiKey ?? apiKey;
+  // 0. Custom adapter (explicit template)
+  if (opts.requestTemplate && opts.responsePath) {
+    let template: Record<string, unknown>;
+    try {
+      template = JSON.parse(opts.requestTemplate);
+    } catch {
+      throw new Error(`Invalid --request-template JSON: ${opts.requestTemplate}`);
+    }
+    let customHeaders: Record<string, string> | undefined;
+    if (opts.headers) {
+      try {
+        customHeaders = JSON.parse(opts.headers);
+      } catch {
+        throw new Error(`Invalid --headers JSON: ${opts.headers}`);
+      }
+    }
+    return createCustomAdapter(url, template, opts.responsePath, customHeaders);
+  }
+  // 1. Check protocol hints
+  const hint = parseProtocolHint(url);
+  if (hint) {
+    switch (hint.protocol) {
+      case 'openai':    return createOpenAIAdapter(hint.httpUrl, model, key);
+      case 'anthropic': return createAnthropicAdapter(hint.httpUrl, model, key);
+      case 'ollama':    return createOllamaAdapter(hint.httpUrl, model);
+    }
+  }
+  const baseUrl = url.replace(/\/$/, '');
+  // 2. Probe /v1/models (OpenAI-compatible)
+  if (await tryFetch(`${baseUrl}/v1/models`)) {
+    return createOpenAIAdapter(baseUrl, model, key);
+  }
+  // 3. Probe /api/tags (Ollama)
+  if (await tryFetch(`${baseUrl}/api/tags`)) {
+    return createOllamaAdapter(baseUrl, model);
+  }
+  // 4. Fallback to generic HTTP
+  return createHttpAdapter(url);
+};

package/src/domain/eval/adapters/create-chat-adapter.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * Factory for chat-based eval adapters (OpenAI, Anthropic, Ollama).
+ * Eliminates duplicated send/sendMultiTurn/checkHealth boilerplate.
+ * Each adapter provides only: body builder, response parser, health config.
+ */
+import type { TargetAdapter, TargetResponse, ProbeOptions } from './adapter-port.js';
+import { safeJsonParse, withRetry } from './adapter-port.js';
+import { withTimeout, extractResponseHeaders } from './with-timeout.js';
+interface ChatMessage {
+  readonly role: string;
+  readonly content: string;
+}
+interface HealthCheckConfig {
+  readonly url: string;
+  readonly method: 'GET' | 'POST';
+  readonly headers?: () => Record<string, string>;
+  readonly body?: unknown;
+  readonly isHealthy: (status: number) => boolean;
+}
+export interface ChatAdapterConfig {
+  readonly name: string;
+  readonly endpoint: string;
+  readonly defaultTimeout: number;
+  readonly buildHeaders: () => Record<string, string>;
+  /** Build request body from conversation messages + options. */
+  readonly buildBody: (messages: readonly ChatMessage[], options?: ProbeOptions) => unknown;
+  /** Extract response text from parsed JSON. */
+  readonly extractText: (raw: Record<string, unknown>) => string;
+  /** Build initial message list for single send (handles system prompt placement). */
+  readonly buildInitialMessages: (probe: string, options?: ProbeOptions) => ChatMessage[];
+  /** Build initial message list for multi-turn (conversation prefix). */
+  readonly buildMultiTurnPrefix: (options?: ProbeOptions) => ChatMessage[];
+  readonly healthCheck: HealthCheckConfig;
+}
+export const createChatAdapter = (config: ChatAdapterConfig): TargetAdapter => {
+  const { endpoint, defaultTimeout, buildHeaders, buildBody, extractText, buildInitialMessages, buildMultiTurnPrefix, healthCheck } = config;
+  const send = async (probe: string, options?: ProbeOptions): Promise<TargetResponse> => {
+    const start = Date.now();
+    const timeout = options?.timeout ?? defaultTimeout;
+    const messages = buildInitialMessages(probe, options);
+    return withRetry(async () => withTimeout(async (signal) => {
+      const res = await fetch(endpoint, {
+        method: 'POST',
+        headers: buildHeaders(),
+        body: JSON.stringify(buildBody(messages, options)),
+        signal,
+      });
+      const latencyMs = Date.now() - start;
+      const raw = await safeJsonParse(res);
+      const text = extractText(raw);
+      return { text, status: res.status, headers: extractResponseHeaders(res), latencyMs, raw };
+    }, timeout));
+  };
+  const sendMultiTurn = async (probes: readonly string[], options?: ProbeOptions): Promise<readonly TargetResponse[]> => {
+    const results: TargetResponse[] = [];
+    const messages: ChatMessage[] = buildMultiTurnPrefix(options);
+    for (const probe of probes) {
+      messages.push({ role: 'user', content: probe });
+      const start = Date.now();
+      const timeout = options?.timeout ?? defaultTimeout;
+      const result = await withRetry(async () => withTimeout(async (signal) => {
+        const res = await fetch(endpoint, {
+          method: 'POST',
+          headers: buildHeaders(),
+          body: JSON.stringify(buildBody([...messages], options)),
+          signal,
+        });
+        const latencyMs = Date.now() - start;
+        const raw = await safeJsonParse(res);
+        const text = extractText(raw);
+        return { text, status: res.status, headers: extractResponseHeaders(res), latencyMs, raw };
+      }, timeout));
+      messages.push({ role: 'assistant', content: result.text });
+      results.push(result);
+    }
+    return results;
+  };
+  const checkHealth = async (): Promise<boolean> => {
+    try {
+      return await withTimeout(async (signal) => {
+        const fetchOpts: RequestInit = { method: healthCheck.method, signal };
+        if (healthCheck.headers) fetchOpts.headers = healthCheck.headers();
+        if (healthCheck.body) {
+          fetchOpts.body = JSON.stringify(healthCheck.body);
+          fetchOpts.headers = { ...fetchOpts.headers as Record<string, string>, 'Content-Type': 'application/json' };
+        }
+        const res = await fetch(healthCheck.url, fetchOpts);
+        return healthCheck.isHealthy(res.status);
+      }, 5000);
+    } catch {
+      return false;
+    }
+  };
+  return Object.freeze({ send, sendMultiTurn, checkHealth, name: config.name });
+};

package/src/domain/eval/adapters/custom-adapter.ts ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * Custom template-based adapter — sends probes via configurable JSON template
+ * and extracts responses via a dot-path.
+ */
+import type { TargetAdapter, TargetResponse, ProbeOptions } from './adapter-port.js';
+import { safeJsonParse, withRetry } from './adapter-port.js';
+import { withTimeout, extractResponseHeaders } from './with-timeout.js';
+const DEFAULT_TIMEOUT = 30_000;
+/** Resolve a dot-separated path on an object (e.g. "data.choices.0.text"). */
+const resolvePath = (obj: unknown, path: string): unknown => {
+  let current = obj;
+  for (const key of path.split('.')) {
+    if (current == null || typeof current !== 'object') return undefined;
+    current = (current as Record<string, unknown>)[key];
+  }
+  return current;
+};
+export const createCustomAdapter = (
+  url: string,
+  template: Record<string, unknown>,
+  responsePath: string,
+  headers?: Record<string, string>,
+): TargetAdapter => {
+  const send = async (probe: string, options?: ProbeOptions): Promise<TargetResponse> => {
+    const start = Date.now();
+    const timeout = options?.timeout ?? DEFAULT_TIMEOUT;
+    // Replace {{probe}} placeholder in template
+    const body = JSON.parse(
+      JSON.stringify(template).replace(/\{\{probe\}\}/g, probe.replace(/"/g, '\\"')),
+    );
+    return withRetry(async () => withTimeout(async (signal) => {
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', ...headers },
+        body: JSON.stringify(body),
+        signal,
+      });
+      const latencyMs = Date.now() - start;
+      const raw = await safeJsonParse(res);
+      const resolved = resolvePath(raw, responsePath);
+      const text = typeof resolved === 'string' ? resolved : JSON.stringify(resolved ?? '');
+      return { text, status: res.status, headers: extractResponseHeaders(res), latencyMs, raw };
+    }, timeout));
+  };
+  const sendMultiTurn = async (probes: readonly string[], options?: ProbeOptions): Promise<readonly TargetResponse[]> => {
+    const results: TargetResponse[] = [];
+    for (const probe of probes) {
+      results.push(await send(probe, options));
+    }
+    return results;
+  };
+  const checkHealth = async (): Promise<boolean> => {
+    try {
+      return await withTimeout(async (signal) => {
+        const res = await fetch(url, { method: 'GET', signal });
+        return res.status < 500;
+      }, 5000);
+    } catch {
+      return false;
+    }
+  };
+  return Object.freeze({ send, sendMultiTurn, checkHealth, name: 'custom' });
+};