@decantr/verifier 2.5.0 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -1
- package/dist/index.d.ts +143 -1
- package/dist/index.js +922 -72
- package/dist/index.js.map +1 -1
- package/package.json +2 -1
- package/schema/scan-report.v1.json +369 -0
package/README.md
CHANGED
|
@@ -15,6 +15,8 @@ npm install @decantr/verifier
|
|
|
15
15
|
|
|
16
16
|
- `auditProject()` for project-level Decantr audits
|
|
17
17
|
- `auditBuiltDist()` for built-output runtime verification against emitted HTML, assets, and route hints
|
|
18
|
+
- `scanProject()` for read-only Brownfield reconnaissance of framework, routes, components, styling, static-hosting hints, Decantr presence, and assistant-rule files
|
|
19
|
+
- `resolveGitHubScanInput()` and `probePublishedSite()` for hosted scan inputs and HTML-only published-site metadata probes
|
|
18
20
|
- `critiqueFile()` for file-level review against compiled review-pack contracts
|
|
19
21
|
- `createContractAssertions()` for explicit route, shell, accessibility, context, and design-token assertions derived from Essence/context
|
|
20
22
|
- `createEvidenceBundle()` for privacy-redacted local evidence artifacts used by AI repair loops and CI
|
|
@@ -45,9 +47,11 @@ import {
|
|
|
45
47
|
createContractAssertions,
|
|
46
48
|
createEvidenceBundle,
|
|
47
49
|
critiqueFile,
|
|
50
|
+
scanProject,
|
|
48
51
|
type ProjectHealthReport,
|
|
49
52
|
} from '@decantr/verifier';
|
|
50
53
|
|
|
54
|
+
const scan = await scanProject(process.cwd());
|
|
51
55
|
const audit = await auditProject(process.cwd());
|
|
52
56
|
const assertions = createContractAssertions(process.cwd(), audit);
|
|
53
57
|
const critique = await critiqueFile('./src/pages/overview.tsx', process.cwd());
|
|
@@ -64,13 +68,14 @@ function isBlocking(report: ProjectHealthReport) {
|
|
|
64
68
|
- `@decantr/verifier/schema/project-health-report.v1.json`
|
|
65
69
|
- `@decantr/verifier/schema/decantr-ci-report.v1.json`
|
|
66
70
|
- `@decantr/verifier/schema/evidence-bundle.v1.json`
|
|
71
|
+
- `@decantr/verifier/schema/scan-report.v1.json`
|
|
67
72
|
- `@decantr/verifier/schema/workspace-health-report.v1.json`
|
|
68
73
|
- `@decantr/verifier/schema/file-critique-report.v1.json`
|
|
69
74
|
- `@decantr/verifier/schema/showcase-shortlist-report.v1.json`
|
|
70
75
|
|
|
71
76
|
## Security And Permissions
|
|
72
77
|
|
|
73
|
-
The verifier is a local library. It reads selected project source, Decantr context, and built `dist`/`.next` output when callers request project or runtime audits. Built-output runtime audit starts a temporary loopback static server and fetches from that local server
|
|
78
|
+
The verifier is a local library. It reads selected project source, Decantr context, read-only scan files, and built `dist`/`.next` output when callers request project or runtime audits. `scanProject()` returns relative evidence and does not write artifacts, install dependencies, build projects, execute scripts, or open pull requests. `probePublishedSite()` fetches HTML metadata over HTTP(S) only and does not execute JavaScript or capture screenshots. Built-output runtime audit starts a temporary loopback static server and fetches from that local server. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
|
|
74
79
|
|
|
75
80
|
## Compatibility
|
|
76
81
|
|
package/dist/index.d.ts
CHANGED
|
@@ -122,12 +122,154 @@ declare function verifyInteractionsInSource(interactions: string[], sources: Map
|
|
|
122
122
|
*/
|
|
123
123
|
declare function listKnownInteractions(): string[];
|
|
124
124
|
|
|
125
|
+
type ScanInputKind = 'local' | 'github-repo' | 'github-pages';
|
|
126
|
+
type ScanConfidence = 'high' | 'medium' | 'low';
|
|
127
|
+
type ScanApplicabilityStatus = 'strong_fit' | 'partial_fit' | 'not_applicable' | 'unknown';
|
|
128
|
+
type ScanFindingSeverity = 'success' | 'info' | 'warn' | 'error';
|
|
129
|
+
declare const SCAN_REPORT_SCHEMA_URL = "https://decantr.ai/schemas/scan-report.v1.json";
|
|
130
|
+
interface ScanInputV1 {
|
|
131
|
+
kind: ScanInputKind;
|
|
132
|
+
value: string;
|
|
133
|
+
}
|
|
134
|
+
interface ScanRepositoryV1 {
|
|
135
|
+
owner: string;
|
|
136
|
+
repo: string;
|
|
137
|
+
url: string;
|
|
138
|
+
defaultBranch?: string | null;
|
|
139
|
+
}
|
|
140
|
+
interface PublishedSiteProbeV1 {
|
|
141
|
+
url: string;
|
|
142
|
+
finalUrl: string | null;
|
|
143
|
+
checked: boolean;
|
|
144
|
+
reachable: boolean;
|
|
145
|
+
status: number | null;
|
|
146
|
+
title: string | null;
|
|
147
|
+
description: string | null;
|
|
148
|
+
canonicalUrl: string | null;
|
|
149
|
+
assetHints: {
|
|
150
|
+
rootRelative: number;
|
|
151
|
+
relative: number;
|
|
152
|
+
absolute: number;
|
|
153
|
+
samples: string[];
|
|
154
|
+
};
|
|
155
|
+
routingHints: string[];
|
|
156
|
+
error: string | null;
|
|
157
|
+
}
|
|
158
|
+
interface ScanRouteV1 {
|
|
159
|
+
path: string;
|
|
160
|
+
file: string;
|
|
161
|
+
hasLayout: boolean;
|
|
162
|
+
}
|
|
163
|
+
interface ScanFindingV1 {
|
|
164
|
+
id: string;
|
|
165
|
+
severity: ScanFindingSeverity;
|
|
166
|
+
title: string;
|
|
167
|
+
message: string;
|
|
168
|
+
evidence: string[];
|
|
169
|
+
recommendation?: string;
|
|
170
|
+
}
|
|
171
|
+
interface ScanReportV1 {
|
|
172
|
+
$schema: typeof SCAN_REPORT_SCHEMA_URL;
|
|
173
|
+
schemaVersion: 'scan-report.v1';
|
|
174
|
+
generatedAt: string;
|
|
175
|
+
input: ScanInputV1;
|
|
176
|
+
source: {
|
|
177
|
+
repository: ScanRepositoryV1 | null;
|
|
178
|
+
publishedSiteUrl: string | null;
|
|
179
|
+
};
|
|
180
|
+
confidence: {
|
|
181
|
+
level: ScanConfidence;
|
|
182
|
+
score: number;
|
|
183
|
+
reasons: string[];
|
|
184
|
+
};
|
|
185
|
+
applicability: {
|
|
186
|
+
status: ScanApplicabilityStatus;
|
|
187
|
+
label: string;
|
|
188
|
+
reasons: string[];
|
|
189
|
+
};
|
|
190
|
+
project: {
|
|
191
|
+
framework: string;
|
|
192
|
+
frameworkVersion: string | null;
|
|
193
|
+
packageManager: string;
|
|
194
|
+
primaryLanguage: string;
|
|
195
|
+
hasTypeScript: boolean;
|
|
196
|
+
hasTailwind: boolean;
|
|
197
|
+
hasDecantr: boolean;
|
|
198
|
+
packageName: string | null;
|
|
199
|
+
};
|
|
200
|
+
routes: {
|
|
201
|
+
strategy: string;
|
|
202
|
+
count: number;
|
|
203
|
+
items: ScanRouteV1[];
|
|
204
|
+
};
|
|
205
|
+
components: {
|
|
206
|
+
pageCount: number;
|
|
207
|
+
componentCount: number;
|
|
208
|
+
directories: string[];
|
|
209
|
+
};
|
|
210
|
+
styling: {
|
|
211
|
+
approach: string;
|
|
212
|
+
configFile: string | null;
|
|
213
|
+
cssVariableCount: number;
|
|
214
|
+
colorTokenCount: number;
|
|
215
|
+
darkMode: boolean;
|
|
216
|
+
themeSignals: string[];
|
|
217
|
+
};
|
|
218
|
+
staticHosting: {
|
|
219
|
+
githubPagesLikely: boolean;
|
|
220
|
+
evidence: string[];
|
|
221
|
+
homepageUrl: string | null;
|
|
222
|
+
basePath: string | null;
|
|
223
|
+
hashRouting: boolean;
|
|
224
|
+
};
|
|
225
|
+
assistant: {
|
|
226
|
+
ruleFiles: string[];
|
|
227
|
+
};
|
|
228
|
+
pagesProbe: PublishedSiteProbeV1 | null;
|
|
229
|
+
findings: ScanFindingV1[];
|
|
230
|
+
recommendedCommands: string[];
|
|
231
|
+
privacy: {
|
|
232
|
+
sourceUploaded: boolean;
|
|
233
|
+
persistedByDecantr: boolean;
|
|
234
|
+
notes: string[];
|
|
235
|
+
};
|
|
236
|
+
}
|
|
237
|
+
interface ScanProjectOptions {
|
|
238
|
+
input?: ScanInputV1;
|
|
239
|
+
repository?: ScanRepositoryV1 | null;
|
|
240
|
+
publishedSiteUrl?: string | null;
|
|
241
|
+
pagesProbe?: PublishedSiteProbeV1 | null;
|
|
242
|
+
}
|
|
243
|
+
interface GitHubScanInputResolution {
|
|
244
|
+
inputKind: 'github-repo' | 'github-pages';
|
|
245
|
+
normalizedInput: string;
|
|
246
|
+
repository: ScanRepositoryV1;
|
|
247
|
+
publishedSiteUrl: string | null;
|
|
248
|
+
warnings: string[];
|
|
249
|
+
}
|
|
250
|
+
declare function scanProject(projectRoot: string, options?: ScanProjectOptions): Promise<ScanReportV1>;
|
|
251
|
+
declare function createUnavailableScanReport(input: {
|
|
252
|
+
scanInput: ScanInputV1;
|
|
253
|
+
repository?: ScanRepositoryV1 | null;
|
|
254
|
+
publishedSiteUrl?: string | null;
|
|
255
|
+
pagesProbe?: PublishedSiteProbeV1 | null;
|
|
256
|
+
title: string;
|
|
257
|
+
message: string;
|
|
258
|
+
evidence?: string[];
|
|
259
|
+
}): ScanReportV1;
|
|
260
|
+
declare function probePublishedSite(url: string, options?: {
|
|
261
|
+
timeoutMs?: number;
|
|
262
|
+
fetchImpl?: typeof fetch;
|
|
263
|
+
}): Promise<PublishedSiteProbeV1>;
|
|
264
|
+
declare function resolveGitHubScanInput(input: string): GitHubScanInputResolution;
|
|
265
|
+
|
|
125
266
|
declare const VERIFICATION_SCHEMA_URLS: {
|
|
126
267
|
readonly common: "https://decantr.ai/schemas/verification-report.common.v1.json";
|
|
127
268
|
readonly projectAudit: "https://decantr.ai/schemas/project-audit-report.v1.json";
|
|
128
269
|
readonly projectHealth: "https://decantr.ai/schemas/project-health-report.v1.json";
|
|
129
270
|
readonly decantrCi: "https://decantr.ai/schemas/decantr-ci-report.v1.json";
|
|
130
271
|
readonly evidenceBundle: "https://decantr.ai/schemas/evidence-bundle.v1.json";
|
|
272
|
+
readonly scanReport: "https://decantr.ai/schemas/scan-report.v1.json";
|
|
131
273
|
readonly workspaceHealth: "https://decantr.ai/schemas/workspace-health-report.v1.json";
|
|
132
274
|
readonly fileCritique: "https://decantr.ai/schemas/file-critique-report.v1.json";
|
|
133
275
|
readonly showcaseShortlist: "https://decantr.ai/schemas/showcase-shortlist-report.v1.json";
|
|
@@ -473,4 +615,4 @@ declare function auditProject(projectRoot: string): Promise<ProjectAuditReport>;
|
|
|
473
615
|
declare function critiqueSource({ filePath, code, reviewPack, packManifest, treatmentsCss, adoptionMode, }: CritiqueSourceInput): FileCritiqueReport;
|
|
474
616
|
declare function critiqueFile(filePath: string, projectRoot: string): Promise<FileCritiqueReport>;
|
|
475
617
|
|
|
476
|
-
export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type RuntimeAudit, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, verifyInteractionsInSource };
|
|
618
|
+
export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, type GitHubScanInputResolution, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type PublishedSiteProbeV1, type RuntimeAudit, SCAN_REPORT_SCHEMA_URL, type ScanApplicabilityStatus, type ScanConfidence, type ScanFindingSeverity, type ScanFindingV1, type ScanInputKind, type ScanInputV1, type ScanProjectOptions, type ScanReportV1, type ScanRepositoryV1, type ScanRouteV1, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, createUnavailableScanReport, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, probePublishedSite, resolveGitHubScanInput, scanProject, verifyInteractionsInSource };
|