@decantr/verifier 2.4.0 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -2
- package/dist/index.d.ts +143 -1
- package/dist/index.js +939 -89
- package/dist/index.js.map +1 -1
- package/package.json +2 -1
- package/schema/decantr-ci-report.v1.json +46 -0
- package/schema/scan-report.v1.json +369 -0
package/README.md
CHANGED
|
@@ -15,13 +15,16 @@ npm install @decantr/verifier
|
|
|
15
15
|
|
|
16
16
|
- `auditProject()` for project-level Decantr audits
|
|
17
17
|
- `auditBuiltDist()` for built-output runtime verification against emitted HTML, assets, and route hints
|
|
18
|
+
- `scanProject()` for read-only Brownfield reconnaissance of framework, routes, components, styling, static-hosting hints, Decantr presence, and assistant-rule files
|
|
19
|
+
- `resolveGitHubScanInput()` and `probePublishedSite()` for hosted scan inputs and HTML-only published-site metadata probes
|
|
18
20
|
- `critiqueFile()` for file-level review against compiled review-pack contracts
|
|
19
21
|
- `createContractAssertions()` for explicit route, shell, accessibility, context, and design-token assertions derived from Essence/context
|
|
20
22
|
- `createEvidenceBundle()` for privacy-redacted local evidence artifacts used by AI repair loops and CI
|
|
21
23
|
- schema-backed report types for project audits, Project Health, Decantr CI reports, Evidence Bundles, Workspace Health, file critiques, and showcase verification
|
|
22
24
|
- `ProjectHealthReport`, `ProjectHealthFinding`, and `ProjectHealthRemediation` types for the CLI's end-user health surface
|
|
23
25
|
- interaction findings now include scanned file counts, file line ranges, and expected signal evidence where available, so CLI health/check output can point agents at source-grounded remediation
|
|
24
|
-
- contract-only Brownfield critique avoids requiring Decantr treatments/decorators when the project keeps its own styling authority
|
|
26
|
+
- contract-only and style-bridge Brownfield critique avoids requiring Decantr treatments/decorators when the project keeps its own styling authority
|
|
27
|
+
- Decantr CI report schemas include accepted style bridge status, mapping count, styling approach, and theme modes alongside local-law findings
|
|
25
28
|
- project audits check that `pack-manifest.json` references real pack markdown/JSON files on disk
|
|
26
29
|
- project audits tolerate partial or malformed generated review packs without crashing Project Health, so half-attached Brownfield projects still receive actionable findings
|
|
27
30
|
- Next.js static/document outputs are treated as framework-rendered documents instead of requiring a Vite-style `id="root"` mount element
|
|
@@ -44,9 +47,11 @@ import {
|
|
|
44
47
|
createContractAssertions,
|
|
45
48
|
createEvidenceBundle,
|
|
46
49
|
critiqueFile,
|
|
50
|
+
scanProject,
|
|
47
51
|
type ProjectHealthReport,
|
|
48
52
|
} from '@decantr/verifier';
|
|
49
53
|
|
|
54
|
+
const scan = await scanProject(process.cwd());
|
|
50
55
|
const audit = await auditProject(process.cwd());
|
|
51
56
|
const assertions = createContractAssertions(process.cwd(), audit);
|
|
52
57
|
const critique = await critiqueFile('./src/pages/overview.tsx', process.cwd());
|
|
@@ -63,13 +68,14 @@ function isBlocking(report: ProjectHealthReport) {
|
|
|
63
68
|
- `@decantr/verifier/schema/project-health-report.v1.json`
|
|
64
69
|
- `@decantr/verifier/schema/decantr-ci-report.v1.json`
|
|
65
70
|
- `@decantr/verifier/schema/evidence-bundle.v1.json`
|
|
71
|
+
- `@decantr/verifier/schema/scan-report.v1.json`
|
|
66
72
|
- `@decantr/verifier/schema/workspace-health-report.v1.json`
|
|
67
73
|
- `@decantr/verifier/schema/file-critique-report.v1.json`
|
|
68
74
|
- `@decantr/verifier/schema/showcase-shortlist-report.v1.json`
|
|
69
75
|
|
|
70
76
|
## Security And Permissions
|
|
71
77
|
|
|
72
|
-
The verifier is a local library. It reads selected project source, Decantr context, and built `dist`/`.next` output when callers request project or runtime audits. Built-output runtime audit starts a temporary loopback static server and fetches from that local server
|
|
78
|
+
The verifier is a local library. It reads selected project source, Decantr context, read-only scan files, and built `dist`/`.next` output when callers request project or runtime audits. `scanProject()` returns relative evidence and does not write artifacts, install dependencies, build projects, execute scripts, or open pull requests. `probePublishedSite()` fetches HTML metadata over HTTP(S) only and does not execute JavaScript or capture screenshots. Built-output runtime audit starts a temporary loopback static server and fetches from that local server. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
|
|
73
79
|
|
|
74
80
|
## Compatibility
|
|
75
81
|
|
package/dist/index.d.ts
CHANGED
|
@@ -122,12 +122,154 @@ declare function verifyInteractionsInSource(interactions: string[], sources: Map
|
|
|
122
122
|
*/
|
|
123
123
|
declare function listKnownInteractions(): string[];
|
|
124
124
|
|
|
125
|
+
type ScanInputKind = 'local' | 'github-repo' | 'github-pages';
|
|
126
|
+
type ScanConfidence = 'high' | 'medium' | 'low';
|
|
127
|
+
type ScanApplicabilityStatus = 'strong_fit' | 'partial_fit' | 'not_applicable' | 'unknown';
|
|
128
|
+
type ScanFindingSeverity = 'success' | 'info' | 'warn' | 'error';
|
|
129
|
+
declare const SCAN_REPORT_SCHEMA_URL = "https://decantr.ai/schemas/scan-report.v1.json";
|
|
130
|
+
interface ScanInputV1 {
|
|
131
|
+
kind: ScanInputKind;
|
|
132
|
+
value: string;
|
|
133
|
+
}
|
|
134
|
+
interface ScanRepositoryV1 {
|
|
135
|
+
owner: string;
|
|
136
|
+
repo: string;
|
|
137
|
+
url: string;
|
|
138
|
+
defaultBranch?: string | null;
|
|
139
|
+
}
|
|
140
|
+
interface PublishedSiteProbeV1 {
|
|
141
|
+
url: string;
|
|
142
|
+
finalUrl: string | null;
|
|
143
|
+
checked: boolean;
|
|
144
|
+
reachable: boolean;
|
|
145
|
+
status: number | null;
|
|
146
|
+
title: string | null;
|
|
147
|
+
description: string | null;
|
|
148
|
+
canonicalUrl: string | null;
|
|
149
|
+
assetHints: {
|
|
150
|
+
rootRelative: number;
|
|
151
|
+
relative: number;
|
|
152
|
+
absolute: number;
|
|
153
|
+
samples: string[];
|
|
154
|
+
};
|
|
155
|
+
routingHints: string[];
|
|
156
|
+
error: string | null;
|
|
157
|
+
}
|
|
158
|
+
interface ScanRouteV1 {
|
|
159
|
+
path: string;
|
|
160
|
+
file: string;
|
|
161
|
+
hasLayout: boolean;
|
|
162
|
+
}
|
|
163
|
+
interface ScanFindingV1 {
|
|
164
|
+
id: string;
|
|
165
|
+
severity: ScanFindingSeverity;
|
|
166
|
+
title: string;
|
|
167
|
+
message: string;
|
|
168
|
+
evidence: string[];
|
|
169
|
+
recommendation?: string;
|
|
170
|
+
}
|
|
171
|
+
interface ScanReportV1 {
|
|
172
|
+
$schema: typeof SCAN_REPORT_SCHEMA_URL;
|
|
173
|
+
schemaVersion: 'scan-report.v1';
|
|
174
|
+
generatedAt: string;
|
|
175
|
+
input: ScanInputV1;
|
|
176
|
+
source: {
|
|
177
|
+
repository: ScanRepositoryV1 | null;
|
|
178
|
+
publishedSiteUrl: string | null;
|
|
179
|
+
};
|
|
180
|
+
confidence: {
|
|
181
|
+
level: ScanConfidence;
|
|
182
|
+
score: number;
|
|
183
|
+
reasons: string[];
|
|
184
|
+
};
|
|
185
|
+
applicability: {
|
|
186
|
+
status: ScanApplicabilityStatus;
|
|
187
|
+
label: string;
|
|
188
|
+
reasons: string[];
|
|
189
|
+
};
|
|
190
|
+
project: {
|
|
191
|
+
framework: string;
|
|
192
|
+
frameworkVersion: string | null;
|
|
193
|
+
packageManager: string;
|
|
194
|
+
primaryLanguage: string;
|
|
195
|
+
hasTypeScript: boolean;
|
|
196
|
+
hasTailwind: boolean;
|
|
197
|
+
hasDecantr: boolean;
|
|
198
|
+
packageName: string | null;
|
|
199
|
+
};
|
|
200
|
+
routes: {
|
|
201
|
+
strategy: string;
|
|
202
|
+
count: number;
|
|
203
|
+
items: ScanRouteV1[];
|
|
204
|
+
};
|
|
205
|
+
components: {
|
|
206
|
+
pageCount: number;
|
|
207
|
+
componentCount: number;
|
|
208
|
+
directories: string[];
|
|
209
|
+
};
|
|
210
|
+
styling: {
|
|
211
|
+
approach: string;
|
|
212
|
+
configFile: string | null;
|
|
213
|
+
cssVariableCount: number;
|
|
214
|
+
colorTokenCount: number;
|
|
215
|
+
darkMode: boolean;
|
|
216
|
+
themeSignals: string[];
|
|
217
|
+
};
|
|
218
|
+
staticHosting: {
|
|
219
|
+
githubPagesLikely: boolean;
|
|
220
|
+
evidence: string[];
|
|
221
|
+
homepageUrl: string | null;
|
|
222
|
+
basePath: string | null;
|
|
223
|
+
hashRouting: boolean;
|
|
224
|
+
};
|
|
225
|
+
assistant: {
|
|
226
|
+
ruleFiles: string[];
|
|
227
|
+
};
|
|
228
|
+
pagesProbe: PublishedSiteProbeV1 | null;
|
|
229
|
+
findings: ScanFindingV1[];
|
|
230
|
+
recommendedCommands: string[];
|
|
231
|
+
privacy: {
|
|
232
|
+
sourceUploaded: boolean;
|
|
233
|
+
persistedByDecantr: boolean;
|
|
234
|
+
notes: string[];
|
|
235
|
+
};
|
|
236
|
+
}
|
|
237
|
+
interface ScanProjectOptions {
|
|
238
|
+
input?: ScanInputV1;
|
|
239
|
+
repository?: ScanRepositoryV1 | null;
|
|
240
|
+
publishedSiteUrl?: string | null;
|
|
241
|
+
pagesProbe?: PublishedSiteProbeV1 | null;
|
|
242
|
+
}
|
|
243
|
+
interface GitHubScanInputResolution {
|
|
244
|
+
inputKind: 'github-repo' | 'github-pages';
|
|
245
|
+
normalizedInput: string;
|
|
246
|
+
repository: ScanRepositoryV1;
|
|
247
|
+
publishedSiteUrl: string | null;
|
|
248
|
+
warnings: string[];
|
|
249
|
+
}
|
|
250
|
+
declare function scanProject(projectRoot: string, options?: ScanProjectOptions): Promise<ScanReportV1>;
|
|
251
|
+
declare function createUnavailableScanReport(input: {
|
|
252
|
+
scanInput: ScanInputV1;
|
|
253
|
+
repository?: ScanRepositoryV1 | null;
|
|
254
|
+
publishedSiteUrl?: string | null;
|
|
255
|
+
pagesProbe?: PublishedSiteProbeV1 | null;
|
|
256
|
+
title: string;
|
|
257
|
+
message: string;
|
|
258
|
+
evidence?: string[];
|
|
259
|
+
}): ScanReportV1;
|
|
260
|
+
declare function probePublishedSite(url: string, options?: {
|
|
261
|
+
timeoutMs?: number;
|
|
262
|
+
fetchImpl?: typeof fetch;
|
|
263
|
+
}): Promise<PublishedSiteProbeV1>;
|
|
264
|
+
declare function resolveGitHubScanInput(input: string): GitHubScanInputResolution;
|
|
265
|
+
|
|
125
266
|
declare const VERIFICATION_SCHEMA_URLS: {
|
|
126
267
|
readonly common: "https://decantr.ai/schemas/verification-report.common.v1.json";
|
|
127
268
|
readonly projectAudit: "https://decantr.ai/schemas/project-audit-report.v1.json";
|
|
128
269
|
readonly projectHealth: "https://decantr.ai/schemas/project-health-report.v1.json";
|
|
129
270
|
readonly decantrCi: "https://decantr.ai/schemas/decantr-ci-report.v1.json";
|
|
130
271
|
readonly evidenceBundle: "https://decantr.ai/schemas/evidence-bundle.v1.json";
|
|
272
|
+
readonly scanReport: "https://decantr.ai/schemas/scan-report.v1.json";
|
|
131
273
|
readonly workspaceHealth: "https://decantr.ai/schemas/workspace-health-report.v1.json";
|
|
132
274
|
readonly fileCritique: "https://decantr.ai/schemas/file-critique-report.v1.json";
|
|
133
275
|
readonly showcaseShortlist: "https://decantr.ai/schemas/showcase-shortlist-report.v1.json";
|
|
@@ -473,4 +615,4 @@ declare function auditProject(projectRoot: string): Promise<ProjectAuditReport>;
|
|
|
473
615
|
declare function critiqueSource({ filePath, code, reviewPack, packManifest, treatmentsCss, adoptionMode, }: CritiqueSourceInput): FileCritiqueReport;
|
|
474
616
|
declare function critiqueFile(filePath: string, projectRoot: string): Promise<FileCritiqueReport>;
|
|
475
617
|
|
|
476
|
-
export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type RuntimeAudit, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, verifyInteractionsInSource };
|
|
618
|
+
export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, type GitHubScanInputResolution, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type PublishedSiteProbeV1, type RuntimeAudit, SCAN_REPORT_SCHEMA_URL, type ScanApplicabilityStatus, type ScanConfidence, type ScanFindingSeverity, type ScanFindingV1, type ScanInputKind, type ScanInputV1, type ScanProjectOptions, type ScanReportV1, type ScanRepositoryV1, type ScanRouteV1, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, createUnavailableScanReport, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, probePublishedSite, resolveGitHubScanInput, scanProject, verifyInteractionsInSource };
|