@decantr/verifier 2.4.0 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -15,13 +15,16 @@ npm install @decantr/verifier
15
15
 
16
16
  - `auditProject()` for project-level Decantr audits
17
17
  - `auditBuiltDist()` for built-output runtime verification against emitted HTML, assets, and route hints
18
+ - `scanProject()` for read-only Brownfield reconnaissance of framework, routes, components, styling, static-hosting hints, Decantr presence, and assistant-rule files
19
+ - `resolveGitHubScanInput()` and `probePublishedSite()` for hosted scan inputs and HTML-only published-site metadata probes
18
20
  - `critiqueFile()` for file-level review against compiled review-pack contracts
19
21
  - `createContractAssertions()` for explicit route, shell, accessibility, context, and design-token assertions derived from Essence/context
20
22
  - `createEvidenceBundle()` for privacy-redacted local evidence artifacts used by AI repair loops and CI
21
23
  - schema-backed report types for project audits, Project Health, Decantr CI reports, Evidence Bundles, Workspace Health, file critiques, and showcase verification
22
24
  - `ProjectHealthReport`, `ProjectHealthFinding`, and `ProjectHealthRemediation` types for the CLI's end-user health surface
23
25
  - interaction findings now include scanned file counts, file line ranges, and expected signal evidence where available, so CLI health/check output can point agents at source-grounded remediation
24
- - contract-only Brownfield critique avoids requiring Decantr treatments/decorators when the project keeps its own styling authority
26
+ - contract-only and style-bridge Brownfield critique avoids requiring Decantr treatments/decorators when the project keeps its own styling authority
27
+ - Decantr CI report schemas include accepted style bridge status, mapping count, styling approach, and theme modes alongside local-law findings
25
28
  - project audits check that `pack-manifest.json` references real pack markdown/JSON files on disk
26
29
  - project audits tolerate partial or malformed generated review packs without crashing Project Health, so half-attached Brownfield projects still receive actionable findings
27
30
  - Next.js static/document outputs are treated as framework-rendered documents instead of requiring a Vite-style `id="root"` mount element
@@ -44,9 +47,11 @@ import {
44
47
  createContractAssertions,
45
48
  createEvidenceBundle,
46
49
  critiqueFile,
50
+ scanProject,
47
51
  type ProjectHealthReport,
48
52
  } from '@decantr/verifier';
49
53
 
54
+ const scan = await scanProject(process.cwd());
50
55
  const audit = await auditProject(process.cwd());
51
56
  const assertions = createContractAssertions(process.cwd(), audit);
52
57
  const critique = await critiqueFile('./src/pages/overview.tsx', process.cwd());
@@ -63,13 +68,14 @@ function isBlocking(report: ProjectHealthReport) {
63
68
  - `@decantr/verifier/schema/project-health-report.v1.json`
64
69
  - `@decantr/verifier/schema/decantr-ci-report.v1.json`
65
70
  - `@decantr/verifier/schema/evidence-bundle.v1.json`
71
+ - `@decantr/verifier/schema/scan-report.v1.json`
66
72
  - `@decantr/verifier/schema/workspace-health-report.v1.json`
67
73
  - `@decantr/verifier/schema/file-critique-report.v1.json`
68
74
  - `@decantr/verifier/schema/showcase-shortlist-report.v1.json`
69
75
 
70
76
  ## Security And Permissions
71
77
 
72
- The verifier is a local library. It reads selected project source, Decantr context, and built `dist`/`.next` output when callers request project or runtime audits. Built-output runtime audit starts a temporary loopback static server and fetches from that local server only; it does not contact external hosts. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
78
+ The verifier is a local library. It reads selected project source, Decantr context, read-only scan files, and built `dist`/`.next` output when callers request project or runtime audits. `scanProject()` returns relative evidence and does not write artifacts, install dependencies, build projects, execute scripts, or open pull requests. `probePublishedSite()` fetches HTML metadata over HTTP(S) only and does not execute JavaScript or capture screenshots. Built-output runtime audit starts a temporary loopback static server and fetches from that local server. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
73
79
 
74
80
  ## Compatibility
75
81
 
package/dist/index.d.ts CHANGED
@@ -122,12 +122,154 @@ declare function verifyInteractionsInSource(interactions: string[], sources: Map
122
122
  */
123
123
  declare function listKnownInteractions(): string[];
124
124
 
125
+ type ScanInputKind = 'local' | 'github-repo' | 'github-pages';
126
+ type ScanConfidence = 'high' | 'medium' | 'low';
127
+ type ScanApplicabilityStatus = 'strong_fit' | 'partial_fit' | 'not_applicable' | 'unknown';
128
+ type ScanFindingSeverity = 'success' | 'info' | 'warn' | 'error';
129
+ declare const SCAN_REPORT_SCHEMA_URL = "https://decantr.ai/schemas/scan-report.v1.json";
130
+ interface ScanInputV1 {
131
+ kind: ScanInputKind;
132
+ value: string;
133
+ }
134
+ interface ScanRepositoryV1 {
135
+ owner: string;
136
+ repo: string;
137
+ url: string;
138
+ defaultBranch?: string | null;
139
+ }
140
+ interface PublishedSiteProbeV1 {
141
+ url: string;
142
+ finalUrl: string | null;
143
+ checked: boolean;
144
+ reachable: boolean;
145
+ status: number | null;
146
+ title: string | null;
147
+ description: string | null;
148
+ canonicalUrl: string | null;
149
+ assetHints: {
150
+ rootRelative: number;
151
+ relative: number;
152
+ absolute: number;
153
+ samples: string[];
154
+ };
155
+ routingHints: string[];
156
+ error: string | null;
157
+ }
158
+ interface ScanRouteV1 {
159
+ path: string;
160
+ file: string;
161
+ hasLayout: boolean;
162
+ }
163
+ interface ScanFindingV1 {
164
+ id: string;
165
+ severity: ScanFindingSeverity;
166
+ title: string;
167
+ message: string;
168
+ evidence: string[];
169
+ recommendation?: string;
170
+ }
171
+ interface ScanReportV1 {
172
+ $schema: typeof SCAN_REPORT_SCHEMA_URL;
173
+ schemaVersion: 'scan-report.v1';
174
+ generatedAt: string;
175
+ input: ScanInputV1;
176
+ source: {
177
+ repository: ScanRepositoryV1 | null;
178
+ publishedSiteUrl: string | null;
179
+ };
180
+ confidence: {
181
+ level: ScanConfidence;
182
+ score: number;
183
+ reasons: string[];
184
+ };
185
+ applicability: {
186
+ status: ScanApplicabilityStatus;
187
+ label: string;
188
+ reasons: string[];
189
+ };
190
+ project: {
191
+ framework: string;
192
+ frameworkVersion: string | null;
193
+ packageManager: string;
194
+ primaryLanguage: string;
195
+ hasTypeScript: boolean;
196
+ hasTailwind: boolean;
197
+ hasDecantr: boolean;
198
+ packageName: string | null;
199
+ };
200
+ routes: {
201
+ strategy: string;
202
+ count: number;
203
+ items: ScanRouteV1[];
204
+ };
205
+ components: {
206
+ pageCount: number;
207
+ componentCount: number;
208
+ directories: string[];
209
+ };
210
+ styling: {
211
+ approach: string;
212
+ configFile: string | null;
213
+ cssVariableCount: number;
214
+ colorTokenCount: number;
215
+ darkMode: boolean;
216
+ themeSignals: string[];
217
+ };
218
+ staticHosting: {
219
+ githubPagesLikely: boolean;
220
+ evidence: string[];
221
+ homepageUrl: string | null;
222
+ basePath: string | null;
223
+ hashRouting: boolean;
224
+ };
225
+ assistant: {
226
+ ruleFiles: string[];
227
+ };
228
+ pagesProbe: PublishedSiteProbeV1 | null;
229
+ findings: ScanFindingV1[];
230
+ recommendedCommands: string[];
231
+ privacy: {
232
+ sourceUploaded: boolean;
233
+ persistedByDecantr: boolean;
234
+ notes: string[];
235
+ };
236
+ }
237
+ interface ScanProjectOptions {
238
+ input?: ScanInputV1;
239
+ repository?: ScanRepositoryV1 | null;
240
+ publishedSiteUrl?: string | null;
241
+ pagesProbe?: PublishedSiteProbeV1 | null;
242
+ }
243
+ interface GitHubScanInputResolution {
244
+ inputKind: 'github-repo' | 'github-pages';
245
+ normalizedInput: string;
246
+ repository: ScanRepositoryV1;
247
+ publishedSiteUrl: string | null;
248
+ warnings: string[];
249
+ }
250
+ declare function scanProject(projectRoot: string, options?: ScanProjectOptions): Promise<ScanReportV1>;
251
+ declare function createUnavailableScanReport(input: {
252
+ scanInput: ScanInputV1;
253
+ repository?: ScanRepositoryV1 | null;
254
+ publishedSiteUrl?: string | null;
255
+ pagesProbe?: PublishedSiteProbeV1 | null;
256
+ title: string;
257
+ message: string;
258
+ evidence?: string[];
259
+ }): ScanReportV1;
260
+ declare function probePublishedSite(url: string, options?: {
261
+ timeoutMs?: number;
262
+ fetchImpl?: typeof fetch;
263
+ }): Promise<PublishedSiteProbeV1>;
264
+ declare function resolveGitHubScanInput(input: string): GitHubScanInputResolution;
265
+
125
266
  declare const VERIFICATION_SCHEMA_URLS: {
126
267
  readonly common: "https://decantr.ai/schemas/verification-report.common.v1.json";
127
268
  readonly projectAudit: "https://decantr.ai/schemas/project-audit-report.v1.json";
128
269
  readonly projectHealth: "https://decantr.ai/schemas/project-health-report.v1.json";
129
270
  readonly decantrCi: "https://decantr.ai/schemas/decantr-ci-report.v1.json";
130
271
  readonly evidenceBundle: "https://decantr.ai/schemas/evidence-bundle.v1.json";
272
+ readonly scanReport: "https://decantr.ai/schemas/scan-report.v1.json";
131
273
  readonly workspaceHealth: "https://decantr.ai/schemas/workspace-health-report.v1.json";
132
274
  readonly fileCritique: "https://decantr.ai/schemas/file-critique-report.v1.json";
133
275
  readonly showcaseShortlist: "https://decantr.ai/schemas/showcase-shortlist-report.v1.json";
@@ -473,4 +615,4 @@ declare function auditProject(projectRoot: string): Promise<ProjectAuditReport>;
473
615
  declare function critiqueSource({ filePath, code, reviewPack, packManifest, treatmentsCss, adoptionMode, }: CritiqueSourceInput): FileCritiqueReport;
474
616
  declare function critiqueFile(filePath: string, projectRoot: string): Promise<FileCritiqueReport>;
475
617
 
476
- export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type RuntimeAudit, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, verifyInteractionsInSource };
618
+ export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, type GitHubScanInputResolution, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type PublishedSiteProbeV1, type RuntimeAudit, SCAN_REPORT_SCHEMA_URL, type ScanApplicabilityStatus, type ScanConfidence, type ScanFindingSeverity, type ScanFindingV1, type ScanInputKind, type ScanInputV1, type ScanProjectOptions, type ScanReportV1, type ScanRepositoryV1, type ScanRouteV1, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, createUnavailableScanReport, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, probePublishedSite, resolveGitHubScanInput, scanProject, verifyInteractionsInSource };