@decantr/verifier 3.1.0 → 3.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -85,18 +85,24 @@ function isBlocking(report: ProjectHealthReport) {
85
85
  - `@decantr/verifier/schema/project-health-report.v1.json`
86
86
  - `@decantr/verifier/schema/decantr-ci-report.v1.json`
87
87
  - `@decantr/verifier/schema/evidence-bundle.v1.json`
88
+ - `@decantr/verifier/schema/evidence-bundle.v2.json`
89
+ - `@decantr/verifier/schema/runtime-probe-payload.v2.json`
88
90
  - `@decantr/verifier/schema/scan-report.v1.json`
89
91
  - `@decantr/verifier/schema/workspace-health-report.v1.json`
90
92
  - `@decantr/verifier/schema/file-critique-report.v1.json`
91
93
  - `@decantr/verifier/schema/showcase-shortlist-report.v1.json`
92
94
 
95
+ The v2 schema assets support the Decantr 3 proof-train dashboard and runtime probe lanes.
96
+
97
+ v1 schemas remain the active emitted contracts until a command explicitly changes its `$schema` URL. See [Report Schemas](https://decantr.ai/reference/report-schemas.md).
98
+
93
99
  ## Security And Permissions
94
100
 
95
101
  The verifier is a local library. It reads selected project source, Decantr context, read-only scan files, and built `dist`/`.next` output when callers request project or runtime audits. `scanProject()` returns relative evidence and does not write artifacts, install dependencies, build projects, execute scripts, or open pull requests. `probePublishedSite()` fetches HTML metadata over HTTP(S) only and does not execute JavaScript or capture screenshots. Built-output runtime audit starts a temporary loopback static server and fetches from that local server. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See [security permissions](https://decantr.ai/reference/security-permissions.md).
96
102
 
97
103
  ## Compatibility
98
104
 
99
- `@decantr/verifier` is stable in the `2.x` line for the documented verifier APIs and published report-schema exports.
105
+ `@decantr/verifier` is stable in the Decantr 3 line for the documented verifier APIs and published report-schema assets.
100
106
 
101
107
  - new checks and additive report fields may appear in compatible releases
102
108
  - breaking report-shape or exported API changes require a major version
package/dist/index.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { ReviewExecutionPack } from '@decantr/core';
2
2
  import { EssenceFile } from '@decantr/essence-spec';
3
+ import * as ts from 'typescript';
3
4
 
4
5
  interface VerificationRepairAction {
5
6
  id: string;
@@ -41,6 +42,16 @@ declare const KNOWN_VERIFICATION_DIAGNOSTICS: readonly [{
41
42
  readonly code: "VISUAL003";
42
43
  readonly repairId: "fix-route-render";
43
44
  readonly family: "VISUAL";
45
+ }, {
46
+ readonly rule: "browser-runtime-probes-failed";
47
+ readonly code: "RUNTIME010";
48
+ readonly repairId: "repair-browser-runtime-probes";
49
+ readonly family: "RUNTIME";
50
+ }, {
51
+ readonly rule: "browser-axe-violations";
52
+ readonly code: "A11Y020";
53
+ readonly repairId: "fix-rendered-accessibility";
54
+ readonly family: "A11Y";
44
55
  }, {
45
56
  readonly rule: "visual-baseline-screenshot-drift";
46
57
  readonly code: "VISUAL010";
@@ -593,6 +604,126 @@ declare function probePublishedSite(url: string, options?: {
593
604
  }): Promise<PublishedSiteProbeV1>;
594
605
  declare function resolveGitHubScanInput(input: string): GitHubScanInputResolution;
595
606
 
607
+ type SourceStringLiteralContext = 'import-specifier' | 'export-specifier' | 'require-specifier' | 'dynamic-import-specifier' | 'jsx-attribute' | 'property-name' | 'string-literal' | 'template-literal';
608
+ interface SourceLocation {
609
+ file: string;
610
+ line: number;
611
+ column: number;
612
+ }
613
+ interface SourceStringLiteral {
614
+ value: string;
615
+ rawText: string;
616
+ context: SourceStringLiteralContext;
617
+ location: SourceLocation;
618
+ attributeName?: string;
619
+ }
620
+ interface ExtractSourceStringLiteralOptions {
621
+ includeImportSpecifiers?: boolean;
622
+ includeObjectPropertyNames?: boolean;
623
+ }
624
+ declare function sourceLocationForNode(sourceFile: ts.SourceFile, node: ts.Node): SourceLocation;
625
+ declare function extractSourceStringLiterals(sourceFile: ts.SourceFile, options?: ExtractSourceStringLiteralOptions): SourceStringLiteral[];
626
+
627
+ type ProjectSourceLanguage = 'typescript' | 'javascript';
628
+ type ProjectSourceKind = 'ts' | 'tsx' | 'mts' | 'cts' | 'js' | 'jsx' | 'mjs' | 'cjs';
629
+ type SourceInventorySkipReason = 'ignored-directory' | 'ignored-file' | 'oversized' | 'symlink' | 'walk-limit';
630
+ interface SourceInventorySkippedPath {
631
+ path: string;
632
+ reason: SourceInventorySkipReason;
633
+ }
634
+ interface ProjectSourceFile {
635
+ absolutePath: string;
636
+ relativePath: string;
637
+ extension: string;
638
+ kind: ProjectSourceKind;
639
+ language: ProjectSourceLanguage;
640
+ scriptKind: ts.ScriptKind;
641
+ jsx: boolean;
642
+ sizeBytes: number;
643
+ }
644
+ interface SourceInventoryOptions {
645
+ roots?: readonly string[];
646
+ extensions?: readonly string[];
647
+ includeTests?: boolean;
648
+ includeFixtures?: boolean;
649
+ maxFiles?: number;
650
+ maxFileSizeBytes?: number;
651
+ }
652
+ interface SourceInventory {
653
+ projectRoot: string;
654
+ files: ProjectSourceFile[];
655
+ skipped: SourceInventorySkippedPath[];
656
+ hasTypeScript: boolean;
657
+ hasJavaScript: boolean;
658
+ primaryLanguage: ProjectSourceLanguage | 'mixed' | 'unknown';
659
+ }
660
+ declare function normalizeSourcePath(path: string): string;
661
+ declare function isPathInsideProject(projectRoot: string, absolutePath: string): boolean;
662
+ declare function isSupportedSourceExtension(extension: string, extensions?: readonly string[]): boolean;
663
+ declare function sourceKindFromPath(path: string): ProjectSourceKind | null;
664
+ declare function sourceScriptKindFromPath(path: string): ts.ScriptKind;
665
+ declare function sourceLanguageFromPath(path: string): ProjectSourceLanguage | null;
666
+ declare function createSourceInventory(projectRoot: string, options?: SourceInventoryOptions): SourceInventory;
667
+
668
+ type SourceImportKind = 'static-import' | 're-export' | 'require' | 'dynamic-import' | 'import-equals';
669
+ type SourceImportResolutionKind = 'project-local' | 'external' | 'unresolved';
670
+ interface SourceImportResolution {
671
+ source: string;
672
+ importer: string;
673
+ kind: SourceImportResolutionKind;
674
+ resolvedFileName: string | null;
675
+ relativePath: string | null;
676
+ extension: string | null;
677
+ isProjectLocal: boolean;
678
+ isExternal: boolean;
679
+ failed: boolean;
680
+ }
681
+ interface SourceImportReference {
682
+ file: string;
683
+ source: string;
684
+ kind: SourceImportKind;
685
+ line: number;
686
+ column: number;
687
+ defaultImport?: string;
688
+ namespaceImport?: string;
689
+ imported: string[];
690
+ localNames: string[];
691
+ typeOnly: boolean;
692
+ resolved: SourceImportResolution;
693
+ }
694
+ interface ProjectSourceProgramOptions extends SourceInventoryOptions {
695
+ tsconfigPath?: string | null;
696
+ compilerOptions?: ts.CompilerOptions;
697
+ }
698
+ interface ProjectSourceProgram {
699
+ projectRoot: string;
700
+ tsconfigPath: string | null;
701
+ inventory: SourceInventory;
702
+ program: ts.Program;
703
+ compilerOptions: ts.CompilerOptions;
704
+ diagnostics: readonly ts.Diagnostic[];
705
+ }
706
+ interface ResolveSourceSymbolOriginOptions {
707
+ position?: number;
708
+ includeExternal?: boolean;
709
+ }
710
+ interface SourceSymbolOrigin {
711
+ name: string;
712
+ localName: string;
713
+ file: string;
714
+ absolutePath: string;
715
+ location: SourceLocation;
716
+ declarationKind: string;
717
+ importedFrom?: string;
718
+ importSource?: string;
719
+ isProjectLocal: boolean;
720
+ }
721
+ declare function createProjectSourceProgram(projectRoot: string, options?: ProjectSourceProgramOptions): ProjectSourceProgram;
722
+ declare function getProjectSourceFile(context: ProjectSourceProgram, pathOrSourceFile: string | ts.SourceFile): ts.SourceFile | undefined;
723
+ declare function resolveSourceImport(context: ProjectSourceProgram, importer: string | ts.SourceFile, source: string): SourceImportResolution;
724
+ declare function collectSourceImports(context: ProjectSourceProgram, pathOrSourceFile: string | ts.SourceFile): SourceImportReference[];
725
+ declare function resolveSourceSymbolOrigin(context: ProjectSourceProgram, pathOrSourceFile: string | ts.SourceFile, localName: string, options?: ResolveSourceSymbolOriginOptions): SourceSymbolOrigin | null;
726
+
596
727
  declare const STYLE_BRIDGE_ARBITRARY_VALUE_RULE_ID = "style-bridge-arbitrary-value";
597
728
  interface StyleBridgeDriftFinding {
598
729
  id: string;
@@ -603,6 +734,8 @@ interface StyleBridgeDriftFinding {
603
734
  source: 'className' | 'inline-style' | 'stylesheet';
604
735
  property?: string;
605
736
  bridgeMappingIds: string[];
737
+ bridgeConfidence: number | null;
738
+ bridgeSources: string[];
606
739
  tokenHints: string[];
607
740
  classHints: string[];
608
741
  evidence: string[];
@@ -1029,4 +1162,4 @@ declare function auditProject(projectRoot: string): Promise<ProjectAuditReport>;
1029
1162
  declare function critiqueSource({ filePath, code, reviewPack, packManifest, treatmentsCss, adoptionMode, }: CritiqueSourceInput): FileCritiqueReport;
1030
1163
  declare function critiqueFile(filePath: string, projectRoot: string): Promise<FileCritiqueReport>;
1031
1164
 
1032
- export { type BuiltDistAuditOptions, COMPONENT_REUSE_RULE_ID, type CodeComponentDeclaration, type CodeImportReference, type ComponentReuseAudit, type ComponentReuseFinding, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type EvidenceRepairPlan, type EvidenceRepairPlanAction, type FileCritiqueReport, type GitHubScanInputResolution, type GraphAnchorEdge, type GraphAnchorFindingInput, type GraphAnchorNode, type GraphAnchorSnapshot, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, KNOWN_VERIFICATION_DIAGNOSTICS, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthGraphSummary, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type PublishedSiteProbeV1, RAW_CONTROL_REUSE_RULE_ID, type RawControlReuseFinding, type RuntimeAudit, SCAN_REPORT_SCHEMA_URL, STYLE_BRIDGE_ARBITRARY_VALUE_RULE_ID, type ScanApplicabilityStatus, type ScanConfidence, type ScanFindingSeverity, type ScanFindingV1, type ScanInputKind, type ScanInputV1, type ScanProjectOptions, type ScanReportV1, type ScanRepositoryV1, type ScanRouteV1, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, type StyleBridgeDriftAudit, type StyleBridgeDriftFinding, VERIFICATION_SCHEMA_URLS, type VerificationDiagnosticCatalogEntry, type VerificationDiagnosticInput, type VerificationDiagnosticMetadata, type VerificationFinding, type VerificationGraphAnchor, type VerificationGraphAnchorConfidence, type VerificationRepairAction, type VerificationScore, type VerificationSeverity, anchorFindingsToGraph, auditBuiltDist, auditComponentReuse, auditProject, auditStyleBridgeDrift, buildProjectHealthRepairPlan, collectMissingPackManifestFiles, collectProjectSourceFiles, createContractAssertions, createEvidenceBundle, createUnavailableScanReport, critiqueFile, critiqueSource, deriveVerificationDiagnostic, emptyRuntimeAudit, extractRouteHintsFromEssence, listKnownInteractions, probePublishedSite, resolveGitHubScanInput, resolveGraphAnchorForFinding, scanProject, verifyInteractionsInSource };
1165
+ export { type BuiltDistAuditOptions, COMPONENT_REUSE_RULE_ID, type CodeComponentDeclaration, type CodeImportReference, type ComponentReuseAudit, type ComponentReuseFinding, type ContractAssertion, type ContractAssertionCategory, type CritiqueSourceInput, EVIDENCE_BUNDLE_SCHEMA_URL, type EvidenceBundle, type EvidenceBundleInput, type EvidenceProvenanceEntry, type EvidenceRepairPlan, type EvidenceRepairPlanAction, type ExtractSourceStringLiteralOptions, type FileCritiqueReport, type GitHubScanInputResolution, type GraphAnchorEdge, type GraphAnchorFindingInput, type GraphAnchorNode, type GraphAnchorSnapshot, INTERACTION_SIGNALS, type InteractionMissingFinding, type InteractionRequirement, type InteractionSignal, KNOWN_VERIFICATION_DIAGNOSTICS, type MissingPackManifestFile, type PackManifest, type ProjectAuditReport, type ProjectHealthFinding, type ProjectHealthFindingSource, type ProjectHealthGraphSummary, type ProjectHealthPackSummary, type ProjectHealthRemediation, type ProjectHealthReport, type ProjectHealthRouteSummary, type ProjectHealthStatus, type ProjectSourceFile, type ProjectSourceKind, type ProjectSourceLanguage, type ProjectSourceProgram, type ProjectSourceProgramOptions, type PublishedSiteProbeV1, RAW_CONTROL_REUSE_RULE_ID, type RawControlReuseFinding, type ResolveSourceSymbolOriginOptions, type RuntimeAudit, SCAN_REPORT_SCHEMA_URL, STYLE_BRIDGE_ARBITRARY_VALUE_RULE_ID, type ScanApplicabilityStatus, type ScanConfidence, type ScanFindingSeverity, type ScanFindingV1, type ScanInputKind, type ScanInputV1, type ScanProjectOptions, type ScanReportV1, type ScanRepositoryV1, type ScanRouteV1, type ShowcaseShortlistVerificationEntry, type ShowcaseShortlistVerificationReport, type SourceImportKind, type SourceImportReference, type SourceImportResolution, type SourceImportResolutionKind, type SourceInventory, type SourceInventoryOptions, type SourceInventorySkipReason, type SourceInventorySkippedPath, type SourceLocation, type SourceStringLiteral, type SourceStringLiteralContext, type SourceSymbolOrigin, type StyleBridgeDriftAudit, type StyleBridgeDriftFinding, VERIFICATION_SCHEMA_URLS, type VerificationDiagnosticCatalogEntry, type VerificationDiagnosticInput, type VerificationDiagnosticMetadata, type VerificationFinding, type VerificationGraphAnchor, type VerificationGraphAnchorConfidence, type VerificationRepairAction, type VerificationScore, type VerificationSeverity, anchorFindingsToGraph, auditBuiltDist, auditComponentReuse, auditProject, auditStyleBridgeDrift, buildProjectHealthRepairPlan, collectMissingPackManifestFiles, collectProjectSourceFiles, collectSourceImports, createContractAssertions, createEvidenceBundle, createProjectSourceProgram, createSourceInventory, createUnavailableScanReport, critiqueFile, critiqueSource, deriveVerificationDiagnostic, emptyRuntimeAudit, extractRouteHintsFromEssence, extractSourceStringLiterals, getProjectSourceFile, isPathInsideProject, isSupportedSourceExtension, listKnownInteractions, normalizeSourcePath, probePublishedSite, resolveGitHubScanInput, resolveGraphAnchorForFinding, resolveSourceImport, resolveSourceSymbolOrigin, scanProject, sourceKindFromPath, sourceLanguageFromPath, sourceLocationForNode, sourceScriptKindFromPath, verifyInteractionsInSource };