@decantr/verifier 2.5.0 → 3.0.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -15,11 +15,19 @@ npm install @decantr/verifier
15
15
 
16
16
  - `auditProject()` for project-level Decantr audits
17
17
  - `auditBuiltDist()` for built-output runtime verification against emitted HTML, assets, and route hints
18
+ - `scanProject()` for read-only Brownfield reconnaissance of framework, routes, components, styling, static-hosting hints, Decantr presence, and assistant-rule files
19
+ - `auditComponentReuse()` for the first AST-derived component reuse drift slice, focused on AI reimplementing common UI primitives instead of importing project-owned components, plus local import references that the typed graph can turn into source-to-source impact edges
20
+ - `auditStyleBridgeDrift()` for accepted style bridge drift, focused on production `className`, common class-helper values, stylesheet declarations, and hardcoded inline color styles that bypass project-owned token/class authority
21
+ - `collectProjectSourceFiles()` for the shared production-source file selection used by Project Health, component reuse drift, style bridge drift, and typed graph source provenance
22
+ - `resolveGitHubScanInput()` and `probePublishedSite()` for hosted scan inputs and HTML-only published-site metadata probes
18
23
  - `critiqueFile()` for file-level review against compiled review-pack contracts
19
24
  - `createContractAssertions()` for explicit route, shell, accessibility, context, and design-token assertions derived from Essence/context
20
25
  - `createEvidenceBundle()` for privacy-redacted local evidence artifacts used by AI repair loops and CI
26
+ - `resolveGraphAnchorForFinding()` and `anchorFindingsToGraph()` for attaching verifier/Project Health findings to typed Contract graph nodes when a graph snapshot exists
27
+ - `deriveVerificationDiagnostic()` and `KNOWN_VERIFICATION_DIAGNOSTICS` for stable finding codes and typed repair IDs used by Project Health, MCP health, and Evidence Bundles
21
28
  - schema-backed report types for project audits, Project Health, Decantr CI reports, Evidence Bundles, Workspace Health, file critiques, and showcase verification
22
29
  - `ProjectHealthReport`, `ProjectHealthFinding`, and `ProjectHealthRemediation` types for the CLI's end-user health surface
30
+ - Project Health and Evidence Bundle finding schemas include optional `code`, `repair`, `repairPlan`, and `graph` fields so agents can identify, anchor, and act on findings without parsing prose; Evidence Bundle provenance also records graph snapshot, manifest, diff, and contract-capsule hashes when present
23
31
  - interaction findings now include scanned file counts, file line ranges, and expected signal evidence where available, so CLI health/check output can point agents at source-grounded remediation
24
32
  - contract-only and style-bridge Brownfield critique avoids requiring Decantr treatments/decorators when the project keeps its own styling authority
25
33
  - Decantr CI report schemas include accepted style bridge status, mapping count, styling approach, and theme modes alongside local-law findings
@@ -27,6 +35,9 @@ npm install @decantr/verifier
27
35
  - project audits tolerate partial or malformed generated review packs without crashing Project Health, so half-attached Brownfield projects still receive actionable findings
28
36
  - Next.js static/document outputs are treated as framework-rendered documents instead of requiring a Vite-style `id="root"` mount element
29
37
  - project source audits ignore test, spec, story, fixture, and mock files for production drift warnings such as localhost endpoints and unsafe rendering patterns
38
+ - project audits emit `COMP001` / `import-existing-component` findings when a production source file locally redeclares a primitive such as `Button`, `Card`, or `Dialog` while an exported reusable primitive already exists under common component paths
39
+ - project audits emit `COMP010` / `replace-raw-control-with-local-component` findings when production JSX renders raw controls such as `<button>` or `<input>` while a project-owned primitive already exists
40
+ - project audits emit `TOKEN010` / `replace-arbitrary-style-with-bridge-token` findings when an accepted `.decantr/style-bridge.json` exists and production JSX uses arbitrary Tailwind values such as `bg-[#0f172a]`, values inside `cn()`, `clsx()`, `classnames()`, `cva()`, and `tv()` calls, hardcoded inline color styles such as `style={{ backgroundColor: "#0f172a" }}`, or hardcoded visual values in production CSS/module stylesheets
30
41
  - published verifier report schemas are exercised by AJV-backed round-trip tests against real audit, critique, and shortlist-report outputs
31
42
  - project audits include runtime evidence when a built `dist/` output is present:
32
43
  - root document
@@ -45,9 +56,11 @@ import {
45
56
  createContractAssertions,
46
57
  createEvidenceBundle,
47
58
  critiqueFile,
59
+ scanProject,
48
60
  type ProjectHealthReport,
49
61
  } from '@decantr/verifier';
50
62
 
63
+ const scan = await scanProject(process.cwd());
51
64
  const audit = await auditProject(process.cwd());
52
65
  const assertions = createContractAssertions(process.cwd(), audit);
53
66
  const critique = await critiqueFile('./src/pages/overview.tsx', process.cwd());
@@ -64,13 +77,14 @@ function isBlocking(report: ProjectHealthReport) {
64
77
  - `@decantr/verifier/schema/project-health-report.v1.json`
65
78
  - `@decantr/verifier/schema/decantr-ci-report.v1.json`
66
79
  - `@decantr/verifier/schema/evidence-bundle.v1.json`
80
+ - `@decantr/verifier/schema/scan-report.v1.json`
67
81
  - `@decantr/verifier/schema/workspace-health-report.v1.json`
68
82
  - `@decantr/verifier/schema/file-critique-report.v1.json`
69
83
  - `@decantr/verifier/schema/showcase-shortlist-report.v1.json`
70
84
 
71
85
  ## Security And Permissions
72
86
 
73
- The verifier is a local library. It reads selected project source, Decantr context, and built `dist`/`.next` output when callers request project or runtime audits. Built-output runtime audit starts a temporary loopback static server and fetches from that local server only; it does not contact external hosts. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
87
+ The verifier is a local library. It reads selected project source, Decantr context, read-only scan files, and built `dist`/`.next` output when callers request project or runtime audits. `scanProject()` returns relative evidence and does not write artifacts, install dependencies, build projects, execute scripts, or open pull requests. `probePublishedSite()` fetches HTML metadata over HTTP(S) only and does not execute JavaScript or capture screenshots. Built-output runtime audit starts a temporary loopback static server and fetches from that local server. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
74
88
 
75
89
  ## Compatibility
76
90
 
package/dist/index.d.ts CHANGED
@@ -1,6 +1,197 @@
1
1
  import { ReviewExecutionPack } from '@decantr/core';
2
2
  import { EssenceFile } from '@decantr/essence-spec';
3
3
 
4
+ interface VerificationRepairAction {
5
+ id: string;
6
+ payload?: Record<string, unknown>;
7
+ }
8
+ interface VerificationDiagnosticInput {
9
+ id: string;
10
+ category: string;
11
+ message: string;
12
+ source?: string;
13
+ rule?: string;
14
+ target?: string;
15
+ file?: string;
16
+ suggestedFix?: string;
17
+ evidence?: string[];
18
+ }
19
+ interface VerificationDiagnosticMetadata {
20
+ code: string;
21
+ repair: VerificationRepairAction;
22
+ }
23
+ interface VerificationDiagnosticCatalogEntry {
24
+ rule: string;
25
+ code: string;
26
+ repairId: string;
27
+ family: string;
28
+ }
29
+ declare const KNOWN_VERIFICATION_DIAGNOSTICS: readonly [{
30
+ readonly rule: "browser-base-url-missing";
31
+ readonly code: "VISUAL002";
32
+ readonly repairId: "provide-browser-base-url";
33
+ readonly family: "VISUAL";
34
+ }, {
35
+ readonly rule: "browser-playwright-missing";
36
+ readonly code: "VISUAL001";
37
+ readonly repairId: "install-browser-verifier";
38
+ readonly family: "VISUAL";
39
+ }, {
40
+ readonly rule: "browser-route-verification-failed";
41
+ readonly code: "VISUAL003";
42
+ readonly repairId: "fix-route-render";
43
+ readonly family: "VISUAL";
44
+ }, {
45
+ readonly rule: "visual-baseline-screenshot-drift";
46
+ readonly code: "VISUAL010";
47
+ readonly repairId: "review-visual-baseline-drift";
48
+ readonly family: "VISUAL";
49
+ }, {
50
+ readonly rule: "brownfield-route-drift";
51
+ readonly code: "ROUTE001";
52
+ readonly repairId: "reconcile-brownfield-routes";
53
+ readonly family: "ROUTE";
54
+ }, {
55
+ readonly rule: "check-failed";
56
+ readonly code: "CHECK001";
57
+ readonly repairId: "repair-contract-check";
58
+ readonly family: "CHECK";
59
+ }, {
60
+ readonly rule: "component-reuse-raw-control";
61
+ readonly code: "COMP010";
62
+ readonly repairId: "replace-raw-control-with-local-component";
63
+ readonly family: "COMP";
64
+ }, {
65
+ readonly rule: "component-reuse-primitive-reimplemented";
66
+ readonly code: "COMP001";
67
+ readonly repairId: "import-existing-component";
68
+ readonly family: "COMP";
69
+ }, {
70
+ readonly rule: "declared-route-resolves";
71
+ readonly code: "STRUCT002";
72
+ readonly repairId: "repair-route-binding";
73
+ readonly family: "STRUCT";
74
+ }, {
75
+ readonly rule: "design-token-coverage";
76
+ readonly code: "TOKEN002";
77
+ readonly repairId: "repair-design-token-coverage";
78
+ readonly family: "TOKEN";
79
+ }, {
80
+ readonly rule: "style-bridge-arbitrary-value";
81
+ readonly code: "TOKEN010";
82
+ readonly repairId: "replace-arbitrary-style-with-bridge-token";
83
+ readonly family: "TOKEN";
84
+ }, {
85
+ readonly rule: "essence-present";
86
+ readonly code: "CONTRACT001";
87
+ readonly repairId: "restore-essence-contract";
88
+ readonly family: "CONTRACT";
89
+ }, {
90
+ readonly rule: "essence-v4";
91
+ readonly code: "CONTRACT002";
92
+ readonly repairId: "migrate-essence-v4";
93
+ readonly family: "CONTRACT";
94
+ }, {
95
+ readonly rule: "focus-visible-enabled";
96
+ readonly code: "A11Y001";
97
+ readonly repairId: "enable-focus-visible";
98
+ readonly family: "A11Y";
99
+ }, {
100
+ readonly rule: "pack-manifest-present";
101
+ readonly code: "CTX002";
102
+ readonly repairId: "hydrate-execution-packs";
103
+ readonly family: "CTX";
104
+ }, {
105
+ readonly rule: "pack-manifest-missing";
106
+ readonly code: "CTX002";
107
+ readonly repairId: "hydrate-execution-packs";
108
+ readonly family: "CTX";
109
+ }, {
110
+ readonly rule: "page-pack-count-mismatch";
111
+ readonly code: "CTX001";
112
+ readonly repairId: "regenerate-context-packs";
113
+ readonly family: "CTX";
114
+ }, {
115
+ readonly rule: "page-route-required";
116
+ readonly code: "STRUCT001";
117
+ readonly repairId: "add-page-route";
118
+ readonly family: "STRUCT";
119
+ }, {
120
+ readonly rule: "project-audit-invalid";
121
+ readonly code: "AUDIT001";
122
+ readonly repairId: "repair-project-audit";
123
+ readonly family: "AUDIT";
124
+ }, {
125
+ readonly rule: "review-pack-present";
126
+ readonly code: "CTX003";
127
+ readonly repairId: "hydrate-review-pack";
128
+ readonly family: "CTX";
129
+ }, {
130
+ readonly rule: "review-pack-file-missing";
131
+ readonly code: "CTX003";
132
+ readonly repairId: "hydrate-review-pack";
133
+ readonly family: "CTX";
134
+ }, {
135
+ readonly rule: "section-shell-concrete";
136
+ readonly code: "STRUCT003";
137
+ readonly repairId: "assign-section-shell";
138
+ readonly family: "STRUCT";
139
+ }, {
140
+ readonly rule: "tokens-file-present";
141
+ readonly code: "TOKEN001";
142
+ readonly repairId: "restore-design-token-file";
143
+ readonly family: "TOKEN";
144
+ }, {
145
+ readonly rule: "typed-graph-current";
146
+ readonly code: "GRAPH001";
147
+ readonly repairId: "regenerate-typed-graph";
148
+ readonly family: "GRAPH";
149
+ }];
150
+ declare function deriveVerificationDiagnostic(input: VerificationDiagnosticInput): VerificationDiagnosticMetadata;
151
+
152
+ type VerificationGraphAnchorConfidence = 'exact' | 'inferred' | 'fallback';
153
+ interface GraphAnchorNode {
154
+ id: string;
155
+ type: string;
156
+ payload?: unknown;
157
+ }
158
+ interface GraphAnchorEdge {
159
+ src: string;
160
+ dst: string;
161
+ relation: string;
162
+ payload?: unknown;
163
+ idx?: number;
164
+ }
165
+ interface GraphAnchorSnapshot {
166
+ id: string;
167
+ project_id: string;
168
+ source_hash: string;
169
+ nodes: GraphAnchorNode[];
170
+ edges: GraphAnchorEdge[];
171
+ }
172
+ interface VerificationGraphAnchor {
173
+ snapshot_id: string;
174
+ source_hash: string;
175
+ node_id: string;
176
+ node_type: string;
177
+ route?: string;
178
+ confidence: VerificationGraphAnchorConfidence;
179
+ reason: string;
180
+ }
181
+ interface GraphAnchorFindingInput {
182
+ id: string;
183
+ category: string;
184
+ message: string;
185
+ evidence?: string[];
186
+ target?: string;
187
+ file?: string;
188
+ rule?: string;
189
+ }
190
+ declare function resolveGraphAnchorForFinding(snapshot: GraphAnchorSnapshot | null | undefined, finding: GraphAnchorFindingInput): VerificationGraphAnchor | undefined;
191
+ declare function anchorFindingsToGraph<TFinding extends GraphAnchorFindingInput>(snapshot: GraphAnchorSnapshot | null | undefined, findings: TFinding[]): Array<TFinding & {
192
+ graph?: VerificationGraphAnchor;
193
+ }>;
194
+
4
195
  interface RuntimeAudit {
5
196
  distPresent: boolean;
6
197
  indexPresent: boolean;
@@ -53,6 +244,89 @@ interface BuiltDistAuditOptions {
53
244
  declare function emptyRuntimeAudit(failures?: string[]): RuntimeAudit;
54
245
  declare function auditBuiltDist(projectRoot: string, options?: BuiltDistAuditOptions): Promise<RuntimeAudit>;
55
246
 
247
+ declare const COMPONENT_REUSE_RULE_ID = "component-reuse-primitive-reimplemented";
248
+ declare const RAW_CONTROL_REUSE_RULE_ID = "component-reuse-raw-control";
249
+ declare const RAW_CONTROL_COMPONENT_BY_ELEMENT: {
250
+ readonly button: "Button";
251
+ readonly dialog: "Dialog";
252
+ readonly input: "Input";
253
+ readonly select: "Select";
254
+ readonly table: "Table";
255
+ readonly textarea: "Textarea";
256
+ };
257
+ type RawControlElement = keyof typeof RAW_CONTROL_COMPONENT_BY_ELEMENT;
258
+ interface CodeComponentDeclaration {
259
+ id: string;
260
+ name: string;
261
+ file: string;
262
+ line: number;
263
+ exported: boolean;
264
+ reusable: boolean;
265
+ kind: 'function' | 'variable' | 'class';
266
+ }
267
+ interface ComponentReuseFinding {
268
+ id: string;
269
+ name: string;
270
+ file: string;
271
+ line: number;
272
+ canonicalFile: string;
273
+ canonicalLine: number;
274
+ evidence: string[];
275
+ }
276
+ interface RawControlReuseFinding {
277
+ id: string;
278
+ element: RawControlElement;
279
+ component: string;
280
+ file: string;
281
+ line: number;
282
+ canonicalFile: string;
283
+ canonicalLine: number;
284
+ containingComponent?: string;
285
+ evidence: string[];
286
+ }
287
+ interface CodeImportReference {
288
+ file: string;
289
+ source: string;
290
+ line: number;
291
+ defaultImport?: string;
292
+ namespaceImport?: string;
293
+ imported: string[];
294
+ localNames: string[];
295
+ }
296
+ interface ComponentReuseAudit {
297
+ filesChecked: number;
298
+ declarations: CodeComponentDeclaration[];
299
+ imports: CodeImportReference[];
300
+ reusableComponentCount: number;
301
+ localRedeclarationCount: number;
302
+ rawControlCount: number;
303
+ findings: ComponentReuseFinding[];
304
+ rawControlFindings: RawControlReuseFinding[];
305
+ }
306
+ declare function auditComponentReuse(projectRoot: string, sourceFiles: string[]): ComponentReuseAudit;
307
+
308
+ declare const STYLE_BRIDGE_ARBITRARY_VALUE_RULE_ID = "style-bridge-arbitrary-value";
309
+ interface StyleBridgeDriftFinding {
310
+ id: string;
311
+ file: string;
312
+ line: number;
313
+ className: string;
314
+ value: string;
315
+ source: 'className' | 'inline-style' | 'stylesheet';
316
+ property?: string;
317
+ bridgeMappingIds: string[];
318
+ tokenHints: string[];
319
+ classHints: string[];
320
+ evidence: string[];
321
+ }
322
+ interface StyleBridgeDriftAudit {
323
+ filesChecked: number;
324
+ bridgeMappingCount: number;
325
+ arbitraryValueCount: number;
326
+ findings: StyleBridgeDriftFinding[];
327
+ }
328
+ declare function auditStyleBridgeDrift(projectRoot: string, sourceFiles: string[]): StyleBridgeDriftAudit;
329
+
56
330
  /**
57
331
  * Experiential interaction verifier.
58
332
  *
@@ -122,21 +396,202 @@ declare function verifyInteractionsInSource(interactions: string[], sources: Map
122
396
  */
123
397
  declare function listKnownInteractions(): string[];
124
398
 
399
+ type ScanInputKind = 'local' | 'github-repo' | 'github-pages';
400
+ type ScanConfidence = 'high' | 'medium' | 'low';
401
+ type ScanApplicabilityStatus = 'strong_fit' | 'partial_fit' | 'not_applicable' | 'unknown';
402
+ type ScanFindingSeverity = 'success' | 'info' | 'warn' | 'error';
403
+ declare const SCAN_REPORT_SCHEMA_URL = "https://decantr.ai/schemas/scan-report.v1.json";
404
+ interface ScanInputV1 {
405
+ kind: ScanInputKind;
406
+ value: string;
407
+ }
408
+ interface ScanRepositoryV1 {
409
+ owner: string;
410
+ repo: string;
411
+ url: string;
412
+ defaultBranch?: string | null;
413
+ }
414
+ interface PublishedSiteProbeV1 {
415
+ url: string;
416
+ finalUrl: string | null;
417
+ checked: boolean;
418
+ reachable: boolean;
419
+ status: number | null;
420
+ title: string | null;
421
+ description: string | null;
422
+ canonicalUrl: string | null;
423
+ assetHints: {
424
+ rootRelative: number;
425
+ relative: number;
426
+ absolute: number;
427
+ samples: string[];
428
+ };
429
+ routingHints: string[];
430
+ error: string | null;
431
+ }
432
+ interface ScanRouteV1 {
433
+ path: string;
434
+ file: string;
435
+ hasLayout: boolean;
436
+ }
437
+ interface ScanFindingV1 {
438
+ id: string;
439
+ severity: ScanFindingSeverity;
440
+ title: string;
441
+ message: string;
442
+ evidence: string[];
443
+ recommendation?: string;
444
+ }
445
+ type ScanGraphPreviewStatus = 'not_attached' | 'current' | 'stale' | 'needs_migration' | 'unavailable';
446
+ interface ScanGraphPreviewV1 {
447
+ status: ScanGraphPreviewStatus;
448
+ canPreview: boolean;
449
+ readOnly: true;
450
+ message: string;
451
+ nextCommand: string | null;
452
+ staleArtifacts: string[];
453
+ snapshot: {
454
+ id: string;
455
+ schemaVersion: string;
456
+ sourceHash: string;
457
+ nodes: number;
458
+ edges: number;
459
+ findings: number;
460
+ evidence: number;
461
+ sourceArtifacts: number;
462
+ } | null;
463
+ capsule: {
464
+ cacheKey: string;
465
+ routes: number;
466
+ components: number;
467
+ tokens: number;
468
+ localRules: number;
469
+ styleBridge: number;
470
+ sourceArtifacts: number;
471
+ sourceArtifactLimit: number;
472
+ sourceArtifactsTruncated: boolean;
473
+ openFindings: number;
474
+ } | null;
475
+ diff: {
476
+ ops: number;
477
+ findingsAdded: number;
478
+ findingsResolved: number;
479
+ evidenceAdded: number;
480
+ } | null;
481
+ }
482
+ interface ScanReportV1 {
483
+ $schema: typeof SCAN_REPORT_SCHEMA_URL;
484
+ schemaVersion: 'scan-report.v1';
485
+ generatedAt: string;
486
+ input: ScanInputV1;
487
+ source: {
488
+ repository: ScanRepositoryV1 | null;
489
+ publishedSiteUrl: string | null;
490
+ };
491
+ confidence: {
492
+ level: ScanConfidence;
493
+ score: number;
494
+ reasons: string[];
495
+ };
496
+ applicability: {
497
+ status: ScanApplicabilityStatus;
498
+ label: string;
499
+ reasons: string[];
500
+ };
501
+ project: {
502
+ framework: string;
503
+ frameworkVersion: string | null;
504
+ packageManager: string;
505
+ primaryLanguage: string;
506
+ hasTypeScript: boolean;
507
+ hasTailwind: boolean;
508
+ hasDecantr: boolean;
509
+ packageName: string | null;
510
+ };
511
+ routes: {
512
+ strategy: string;
513
+ count: number;
514
+ items: ScanRouteV1[];
515
+ };
516
+ components: {
517
+ pageCount: number;
518
+ componentCount: number;
519
+ directories: string[];
520
+ };
521
+ styling: {
522
+ approach: string;
523
+ configFile: string | null;
524
+ cssVariableCount: number;
525
+ colorTokenCount: number;
526
+ darkMode: boolean;
527
+ themeSignals: string[];
528
+ };
529
+ staticHosting: {
530
+ githubPagesLikely: boolean;
531
+ evidence: string[];
532
+ homepageUrl: string | null;
533
+ basePath: string | null;
534
+ hashRouting: boolean;
535
+ };
536
+ assistant: {
537
+ ruleFiles: string[];
538
+ };
539
+ graphPreview?: ScanGraphPreviewV1;
540
+ pagesProbe: PublishedSiteProbeV1 | null;
541
+ findings: ScanFindingV1[];
542
+ recommendedCommands: string[];
543
+ privacy: {
544
+ sourceUploaded: boolean;
545
+ persistedByDecantr: boolean;
546
+ notes: string[];
547
+ };
548
+ }
549
+ interface ScanProjectOptions {
550
+ input?: ScanInputV1;
551
+ repository?: ScanRepositoryV1 | null;
552
+ publishedSiteUrl?: string | null;
553
+ pagesProbe?: PublishedSiteProbeV1 | null;
554
+ }
555
+ interface GitHubScanInputResolution {
556
+ inputKind: 'github-repo' | 'github-pages';
557
+ normalizedInput: string;
558
+ repository: ScanRepositoryV1;
559
+ publishedSiteUrl: string | null;
560
+ warnings: string[];
561
+ }
562
+ declare function scanProject(projectRoot: string, options?: ScanProjectOptions): Promise<ScanReportV1>;
563
+ declare function createUnavailableScanReport(input: {
564
+ scanInput: ScanInputV1;
565
+ repository?: ScanRepositoryV1 | null;
566
+ publishedSiteUrl?: string | null;
567
+ pagesProbe?: PublishedSiteProbeV1 | null;
568
+ title: string;
569
+ message: string;
570
+ evidence?: string[];
571
+ }): ScanReportV1;
572
+ declare function probePublishedSite(url: string, options?: {
573
+ timeoutMs?: number;
574
+ fetchImpl?: typeof fetch;
575
+ }): Promise<PublishedSiteProbeV1>;
576
+ declare function resolveGitHubScanInput(input: string): GitHubScanInputResolution;
577
+
125
578
  declare const VERIFICATION_SCHEMA_URLS: {
126
579
  readonly common: "https://decantr.ai/schemas/verification-report.common.v1.json";
127
580
  readonly projectAudit: "https://decantr.ai/schemas/project-audit-report.v1.json";
128
581
  readonly projectHealth: "https://decantr.ai/schemas/project-health-report.v1.json";
129
582
  readonly decantrCi: "https://decantr.ai/schemas/decantr-ci-report.v1.json";
130
583
  readonly evidenceBundle: "https://decantr.ai/schemas/evidence-bundle.v1.json";
584
+ readonly scanReport: "https://decantr.ai/schemas/scan-report.v1.json";
131
585
  readonly workspaceHealth: "https://decantr.ai/schemas/workspace-health-report.v1.json";
132
586
  readonly fileCritique: "https://decantr.ai/schemas/file-critique-report.v1.json";
133
587
  readonly showcaseShortlist: "https://decantr.ai/schemas/showcase-shortlist-report.v1.json";
134
588
  };
135
589
  type VerificationSeverity = 'error' | 'warn' | 'info';
136
590
  type ProjectHealthStatus = 'healthy' | 'warning' | 'error';
137
- type ProjectHealthFindingSource = 'audit' | 'assertion' | 'browser' | 'check' | 'brownfield' | 'design-token' | 'runtime' | 'pack' | 'interaction';
591
+ type ProjectHealthFindingSource = 'audit' | 'assertion' | 'browser' | 'check' | 'brownfield' | 'design-token' | 'style-bridge' | 'graph' | 'runtime' | 'pack' | 'interaction';
138
592
  interface VerificationFinding {
139
593
  id: string;
594
+ code?: string;
140
595
  category: string;
141
596
  severity: VerificationSeverity;
142
597
  message: string;
@@ -145,6 +600,8 @@ interface VerificationFinding {
145
600
  file?: string;
146
601
  rule?: string;
147
602
  suggestedFix?: string;
603
+ graph?: VerificationGraphAnchor;
604
+ repair?: VerificationRepairAction;
148
605
  }
149
606
  interface VerificationScore {
150
607
  category: string;
@@ -208,8 +665,35 @@ interface ProjectHealthRemediation {
208
665
  prompt: string;
209
666
  commands: string[];
210
667
  }
668
+ interface EvidenceRepairPlanAction {
669
+ id: string;
670
+ kind: string;
671
+ target?: string | null;
672
+ description: string;
673
+ payload?: Record<string, unknown>;
674
+ }
675
+ interface EvidenceRepairPlan {
676
+ id: string;
677
+ findingId: string;
678
+ diagnosticCode?: string | null;
679
+ repairId?: string | null;
680
+ severity: VerificationSeverity;
681
+ source: ProjectHealthFindingSource;
682
+ category: string;
683
+ graphAnchor?: VerificationGraphAnchor | null;
684
+ actions: EvidenceRepairPlanAction[];
685
+ evidence: Array<{
686
+ id: string;
687
+ text: string;
688
+ }>;
689
+ readTargets: string[];
690
+ preserve: string[];
691
+ avoid: string[];
692
+ commands: string[];
693
+ }
211
694
  interface ProjectHealthFinding {
212
695
  id: string;
696
+ code?: string;
213
697
  source: ProjectHealthFindingSource;
214
698
  category: string;
215
699
  severity: VerificationSeverity;
@@ -219,6 +703,9 @@ interface ProjectHealthFinding {
219
703
  file?: string;
220
704
  rule?: string;
221
705
  suggestedFix?: string;
706
+ graph?: VerificationGraphAnchor;
707
+ repair?: VerificationRepairAction;
708
+ repairPlan?: EvidenceRepairPlan;
222
709
  remediation: ProjectHealthRemediation;
223
710
  }
224
711
  interface ProjectHealthRouteSummary {
@@ -237,6 +724,24 @@ interface ProjectHealthPackSummary {
237
724
  mutationPackCount: number;
238
725
  generatedAt: string | null;
239
726
  }
727
+ interface ProjectHealthGraphSummary {
728
+ present: boolean;
729
+ ready: boolean;
730
+ current: boolean | null;
731
+ snapshotPresent: boolean;
732
+ manifestPresent: boolean;
733
+ diffPresent: boolean;
734
+ capsulePresent: boolean;
735
+ snapshotId: string | null;
736
+ sourceHash: string | null;
737
+ contractHash: string | null;
738
+ contractCacheKey: string | null;
739
+ sourceArtifactCount: number;
740
+ capsuleSourceArtifactLimit: number | null;
741
+ capsuleSourceArtifactsTruncated: boolean | null;
742
+ staleArtifacts: string[];
743
+ error: string | null;
744
+ }
240
745
  interface ProjectHealthReport {
241
746
  $schema: string;
242
747
  generatedAt: string;
@@ -259,6 +764,7 @@ interface ProjectHealthReport {
259
764
  };
260
765
  routes: ProjectHealthRouteSummary;
261
766
  packs: ProjectHealthPackSummary;
767
+ graph: ProjectHealthGraphSummary;
262
768
  ci: {
263
769
  recommendedCommand: string;
264
770
  failOn: 'error' | 'warn' | 'none';
@@ -310,12 +816,17 @@ interface EvidenceBundle {
310
816
  essence: EvidenceProvenanceEntry;
311
817
  packManifest: EvidenceProvenanceEntry;
312
818
  reviewPack: EvidenceProvenanceEntry;
819
+ graphSnapshot: EvidenceProvenanceEntry;
820
+ graphManifest: EvidenceProvenanceEntry;
821
+ graphDiff: EvidenceProvenanceEntry;
822
+ contractCapsule: EvidenceProvenanceEntry;
313
823
  workspaceConfig?: EvidenceProvenanceEntry;
314
824
  designTokens?: EvidenceProvenanceEntry;
315
825
  };
316
826
  assertions: ContractAssertion[];
317
827
  findings: Array<{
318
828
  id: string;
829
+ code?: string;
319
830
  source: ProjectHealthFindingSource;
320
831
  category: string;
321
832
  severity: VerificationSeverity;
@@ -324,6 +835,9 @@ interface EvidenceBundle {
324
835
  target?: string;
325
836
  rule?: string;
326
837
  suggestedFix?: string;
838
+ graph?: VerificationGraphAnchor;
839
+ repair?: VerificationRepairAction;
840
+ repairPlan?: EvidenceRepairPlan;
327
841
  remediationSummary: string;
328
842
  commands: string[];
329
843
  promptCommand: string;
@@ -355,6 +869,7 @@ interface EvidenceBundleInput {
355
869
  designTokens?: EvidenceBundle['designTokens'];
356
870
  }
357
871
  declare const EVIDENCE_BUNDLE_SCHEMA_URL = "https://decantr.ai/schemas/evidence-bundle.v1.json";
872
+ declare function buildProjectHealthRepairPlan(projectRoot: string, finding: ProjectHealthFinding): EvidenceRepairPlan;
358
873
  declare function createContractAssertions(projectRoot: string, audit?: ProjectAuditReport | null): ContractAssertion[];
359
874
  declare function createEvidenceBundle(input: EvidenceBundleInput): EvidenceBundle;
360
875
  interface FileCritiqueReport {
@@ -468,9 +983,10 @@ interface ShowcaseShortlistVerificationReport {
468
983
  results: ShowcaseShortlistVerificationEntry[];
469
984
  }
470
985
  declare function collectMissingPackManifestFiles(projectRoot: string, packManifest?: PackManifest | null): MissingPackManifestFile[];
986
+ declare function collectProjectSourceFiles(projectRoot: string): string[];
471
987
  declare function extractRouteHintsFromEssence(essence: EssenceFile | null): string[];
472
988
  declare function auditProject(projectRoot: string): Promise<ProjectAuditReport>;
473
989
  declare function critiqueSource({ filePath, code, reviewPack, packManifest, treatmentsCss, adoptionMode, }: CritiqueSourceInput): FileCritiqueReport;
474
990
  declare function critiqueFile(filePath: string, projectRoot: string): Promise<FileCritiqueReport>;
475
991
 
476
- export { type BuiltDistAuditOptions, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type FileCritiqueReport, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type RuntimeAudit, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, VERIFICATION_SCHEMA_URLS, type VerificationFinding, type VerificationScore, type VerificationSeverity, auditBuiltDist, auditProject, collectMissingPackManifestFiles, createContractAssertions, createEvidenceBundle, critiqueFile, critiqueSource, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, verifyInteractionsInSource };
992
+ export { type BuiltDistAuditOptions, COMPONENT_REUSE_RULE_ID, type CodeComponentDeclaration, type CodeImportReference, type ComponentReuseAudit, type ComponentReuseFinding, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type EvidenceRepairPlan, type EvidenceRepairPlanAction, type FileCritiqueReport, type GitHubScanInputResolution, type GraphAnchorEdge, type GraphAnchorFindingInput, type GraphAnchorNode, type GraphAnchorSnapshot, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, KNOWN_VERIFICATION_DIAGNOSTICS, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthGraphSummary, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type PublishedSiteProbeV1, RAW_CONTROL_REUSE_RULE_ID, type RawControlReuseFinding, type RuntimeAudit, SCAN_REPORT_SCHEMA_URL, STYLE_BRIDGE_ARBITRARY_VALUE_RULE_ID, type ScanApplicabilityStatus, type ScanConfidence, type ScanFindingSeverity, type ScanFindingV1, type ScanInputKind, type ScanInputV1, type ScanProjectOptions, type ScanReportV1, type ScanRepositoryV1, type ScanRouteV1, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, type StyleBridgeDriftAudit, type StyleBridgeDriftFinding, VERIFICATION_SCHEMA_URLS, type VerificationDiagnosticCatalogEntry, type VerificationDiagnosticInput, type VerificationDiagnosticMetadata, type VerificationFinding, type VerificationGraphAnchor, type VerificationGraphAnchorConfidence, type VerificationRepairAction, type VerificationScore, type VerificationSeverity, anchorFindingsToGraph, auditBuiltDist, auditComponentReuse, auditProject, auditStyleBridgeDrift, buildProjectHealthRepairPlan, collectMissingPackManifestFiles, collectProjectSourceFiles, createContractAssertions, createEvidenceBundle, createUnavailableScanReport, critiqueFile, critiqueSource, deriveVerificationDiagnostic, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, probePublishedSite, resolveGitHubScanInput, resolveGraphAnchorForFinding, scanProject, verifyInteractionsInSource };