@dereekb/dbx-cli 13.11.18 → 13.12.0

package/src/lib/mcp-scan/scan/actions-build-manifest.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Orchestrator for the `scan-actions` generator.
+ *
+ * Composes a complete {@link ActionManifest} from a project root by reading
+ * `dbx-mcp.scan.json`, `package.json`, resolving include/exclude globs,
+ * feeding files into a ts-morph project, extracting entries via
+ * {@link extractActionEntries}, and assembling the manifest envelope.
+ */
+import { ActionManifest } from '../manifest/actions-schema.js';
+import { type ActionExtractWarning } from './actions-extract.js';
+import { type ScanGlobber, type ScanReadFile } from '../../scan-helpers/scan-io.js';
+export type BuildActionsReadFile = ScanReadFile;
+export type BuildActionsGlobber = ScanGlobber;
+export interface BuildActionsManifestInput {
+    readonly projectRoot: string;
+    readonly generator: string;
+    readonly now?: () => Date;
+    readonly readFile?: BuildActionsReadFile;
+    readonly globber?: BuildActionsGlobber;
+}
+export type BuildActionsManifestOutcome = {
+    readonly kind: 'success';
+    readonly manifest: ActionManifest;
+    readonly outPath: string;
+    readonly scannedFileCount: number;
+    readonly extractWarnings: readonly ActionExtractWarning[];
+} | {
+    readonly kind: 'no-config';
+    readonly configPath: string;
+} | {
+    readonly kind: 'invalid-scan-config';
+    readonly configPath: string;
+    readonly error: string;
+} | {
+    readonly kind: 'no-package';
+    readonly packagePath: string;
+} | {
+    readonly kind: 'invalid-package';
+    readonly packagePath: string;
+    readonly error: string;
+} | {
+    readonly kind: 'invalid-manifest';
+    readonly error: string;
+};
+/**
+ * Loads the project's actions scan config, scans the configured files, extracts every action directive/store/state, and builds a validated {@link ActionManifest}.
+ *
+ * @param input - Build options including the project root, generator metadata, and optional file/glob/clock overrides.
+ * @returns A discriminated outcome describing success or the specific failure that occurred.
+ */
+export declare function buildActionsManifest(input: BuildActionsManifestInput): Promise<BuildActionsManifestOutcome>;
+/**
+ * Serializes a validated action manifest as pretty-printed JSON terminated with a newline.
+ *
+ * @param manifest - The validated action manifest to serialize.
+ * @returns A JSON string suitable for writing to disk.
+ */
+export declare function serializeActionManifest(manifest: ActionManifest): string;

package/src/lib/mcp-scan/scan/actions-cli.d.ts

@@ -0,0 +1,38 @@
+/**
+ * `scan-actions` subcommand entry point.
+ *
+ * Thin wrapper around {@link runScanCliBase} that supplies the actions
+ * domain config — USAGE block, `buildActionsManifest` build function,
+ * `serializeActionManifest` serializer, and the per-warning formatter.
+ */
+import { type BuildActionsGlobber } from './actions-build-manifest.js';
+import { type RunScanCliBaseInput, type RunScanCliResult, type ScanCliBaseLogger, type ScanCliBaseReadFile, type ScanCliBaseWriteFile } from './scan-cli-base.js';
+/**
+ * Function shape used to read text files during `--check`.
+ */
+export type ActionsScanCliReadFile = ScanCliBaseReadFile;
+/**
+ * Function shape used to write the produced manifest in write mode.
+ */
+export type ActionsScanCliWriteFile = ScanCliBaseWriteFile;
+/**
+ * Console-shaped sink for stdout and stderr lines.
+ */
+export type ActionsScanCliLogger = ScanCliBaseLogger;
+/**
+ * Input to {@link runActionsScanCli}.
+ */
+export type RunActionsScanCliInput = RunScanCliBaseInput<BuildActionsGlobber>;
+/**
+ * Result of one CLI invocation.
+ */
+export type RunActionsScanCliResult = RunScanCliResult;
+/**
+ * Runs one invocation of `scan-actions`. Never throws on user errors —
+ * every failure path returns a structured exit code so callers can wire
+ * this into `process.exit` without try/catch.
+ *
+ * @param input - Argv plus injectable I/O hooks.
+ * @returns The CLI's exit code (0 on success, 1 on drift / build failure, 2 on usage error)
+ */
+export declare function runActionsScanCli(input: RunActionsScanCliInput): Promise<RunActionsScanCliResult>;

package/src/lib/mcp-scan/scan/actions-extract.d.ts

@@ -0,0 +1,99 @@
+/**
+ * AST extraction for the `scan-actions` generator.
+ *
+ * Walks every source file in the supplied ts-morph `Project` looking for
+ * three entry shapes:
+ *
+ *   - Classes with `@Directive()` decorator and `@dbxAction` JSDoc marker → directive entries
+ *   - Classes with `@dbxAction` JSDoc marker and `@dbxActionRole store` tag → store entries
+ *   - Enum declarations with `@dbxActionStateEnum` JSDoc marker → one state entry per member
+ */
+import { type Project } from 'ts-morph';
+import type { ActionInputEntry, ActionOutputEntry, ActionStoreMethodEntry, ActionStoreObservableEntry, DbxActionStateValue } from '../manifest/actions-schema.js';
+/**
+ * One action entry extracted from a source file. `module` is supplied by the
+ * build phase. `filePath` and `line` are kept here for in-process warnings
+ * and never persisted to the manifest.
+ */
+export type ExtractedActionEntry = ExtractedActionDirective | ExtractedActionStore | ExtractedActionState;
+export interface ExtractedActionDirective {
+    readonly role: 'directive';
+    readonly slug: string;
+    readonly selector: string;
+    readonly className: string;
+    readonly description: string;
+    readonly inputs: readonly ActionInputEntry[];
+    readonly outputs: readonly ActionOutputEntry[];
+    readonly producesContext: boolean;
+    readonly consumesContext: boolean;
+    readonly stateInteraction: readonly DbxActionStateValue[];
+    readonly skillRefs: readonly string[];
+    readonly example: string;
+    readonly filePath: string;
+    readonly line: number;
+}
+export interface ExtractedActionStore {
+    readonly role: 'store';
+    readonly slug: string;
+    readonly className: string;
+    readonly description: string;
+    readonly methods: readonly ActionStoreMethodEntry[];
+    readonly observables: readonly ActionStoreObservableEntry[];
+    readonly disabledKeyDefaults: readonly string[];
+    readonly skillRefs: readonly string[];
+    readonly example: string;
+    readonly filePath: string;
+    readonly line: number;
+}
+export interface ExtractedActionState {
+    readonly role: 'state';
+    readonly slug: string;
+    readonly stateValue: DbxActionStateValue;
+    readonly literal: string;
+    readonly description: string;
+    readonly transitionsFrom: readonly DbxActionStateValue[];
+    readonly transitionsTo: readonly DbxActionStateValue[];
+    readonly skillRefs: readonly string[];
+    readonly example: string;
+    readonly filePath: string;
+    readonly line: number;
+}
+export type ActionExtractWarning = {
+    readonly kind: 'missing-required-tag';
+    readonly className: string;
+    readonly tag: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'unknown-role';
+    readonly className: string;
+    readonly role: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'unknown-state-value';
+    readonly className: string;
+    readonly stateValue: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'missing-directive-decorator';
+    readonly className: string;
+    readonly filePath: string;
+    readonly line: number;
+};
+export interface ExtractActionEntriesInput {
+    readonly project: Project;
+}
+export interface ExtractActionEntriesResult {
+    readonly entries: readonly ExtractedActionEntry[];
+    readonly warnings: readonly ActionExtractWarning[];
+}
+/**
+ * Walks the supplied project and returns every action entry. Order is stable.
+ *
+ * @param input - The extraction context.
+ * @param input.project - The ts-morph project containing source files to scan.
+ * @returns The collected action entries and any non-fatal warnings encountered during extraction.
+ */
+export declare function extractActionEntries(input: ExtractActionEntriesInput): ExtractActionEntriesResult;

package/src/lib/mcp-scan/scan/actions-scan-config-schema.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Arktype schema for the `actions` section of `dbx-mcp.scan.json`.
+ */
+/**
+ * Inner config that drives one actions scan run.
+ */
+export declare const ActionsScanSection: import("arktype/internal/variants/object.ts").ObjectType<{
+    include: string[];
+    source?: string | undefined;
+    module?: string | undefined;
+    exclude?: string[] | undefined;
+    out?: string | undefined;
+}, {}>;
+/**
+ * Static type inferred from {@link ActionsScanSection}.
+ */
+export type ActionsScanSection = typeof ActionsScanSection.infer;
+/**
+ * Top-level shape used by the actions builder.
+ */
+export declare const ActionsScanConfig: import("arktype/internal/variants/object.ts").ObjectType<{
+    version: 1;
+    actions: {
+        include: string[];
+        source?: string | undefined;
+        module?: string | undefined;
+        exclude?: string[] | undefined;
+        out?: string | undefined;
+    };
+}, {}>;
+/**
+ * Static type inferred from {@link ActionsScanConfig}.
+ */
+export type ActionsScanConfig = typeof ActionsScanConfig.infer;
+/**
+ * Default value used when the scan config does not specify `out`.
+ */
+export declare const DEFAULT_ACTIONS_SCAN_OUT_PATH = "actions.mcp.generated.json";
+/**
+ * Filename the loader looks for at `${projectRoot}/`.
+ */
+export declare const ACTIONS_SCAN_CONFIG_FILENAME = "dbx-mcp.scan.json";

package/src/lib/mcp-scan/scan/auth-extract.d.ts

@@ -0,0 +1,120 @@
+/**
+ * AST extraction for the auth catalog.
+ *
+ * Walks the supplied ts-morph `Project` looking for:
+ *
+ *   - Type aliases / interfaces tagged with `@dbxAuthClaimsApp <slug>` —
+ *     each becomes one {@link ExtractedAuthApp} plus zero-or-more
+ *     {@link ExtractedAuthClaim} entries (one per property tagged with
+ *     `@dbxAuthClaim`).
+ *
+ *   - Variable declarations tagged with `@dbxAuthClaimsService <slug>` —
+ *     each provides the role-mapping payload for the matching app's
+ *     claims by inspecting the call to `authRoleClaimsService({ ... })`.
+ *
+ * The extractor is intentionally syntactic — no type checker calls — so it
+ * runs cheaply on in-memory fixtures and the demo's `claims.ts`. Role
+ * constants like `AUTH_ADMIN_ROLE` are resolved through the supplied
+ * {@link AuthExtractKnownRoles} map; unresolved identifiers fall through as
+ * the identifier text so callers can still see them in registry output.
+ */
+import { type Project } from 'ts-morph';
+import type { AuthClaimRoleMappingInfo } from '../registry/auth-runtime.js';
+/**
+ * One claim extracted from an app's `*ApiAuthClaims` interface.
+ */
+export interface ExtractedAuthClaim {
+    readonly key: string;
+    readonly type: string;
+    readonly description: string;
+    readonly app: string;
+    readonly interfaceName: string;
+    readonly tags: readonly string[];
+    readonly mapping: AuthClaimRoleMappingInfo;
+    readonly filePath: string;
+    readonly line: number;
+}
+/**
+ * One app-level entry extracted from a downstream claims module. Mirrors
+ * {@link AuthAppInfo} but uses workspace-relative file paths populated by
+ * the loader.
+ */
+export interface ExtractedAuthApp {
+    readonly app: string;
+    readonly claimsInterfaceName: string;
+    readonly serviceConstName?: string;
+    readonly inheritedInterfaceNames: readonly string[];
+    readonly ownClaimKeys: readonly string[];
+    readonly filePath: string;
+    readonly line: number;
+}
+/**
+ * Discriminated union of non-fatal events the extractor emits when a
+ * tagged decl can't be assembled into a complete entry. The loader
+ * forwards these to the server bootstrap so operators can spot
+ * mis-tagged downstream files at startup.
+ */
+export type AuthExtractWarning = {
+    readonly kind: 'app-missing-slug';
+    readonly interfaceName: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'service-missing-slug';
+    readonly constName: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'service-without-app';
+    readonly constName: string;
+    readonly slug: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'claim-missing-mapping';
+    readonly app: string;
+    readonly key: string;
+    readonly filePath: string;
+    readonly line: number;
+} | {
+    readonly kind: 'unresolved-role-const';
+    readonly app: string;
+    readonly key: string;
+    readonly constName: string;
+    readonly filePath: string;
+    readonly line: number;
+};
+/**
+ * Map from role-constant name (e.g. `AUTH_ADMIN_ROLE`) to its resolved
+ * role string (`'admin'`). The built-in roles populate this; downstream
+ * apps that introduce their own role constants can extend the map at the
+ * loader layer once that becomes a workflow.
+ */
+export type AuthExtractKnownRoles = ReadonlyMap<string, string>;
+/**
+ * Input to {@link extractAuthEntries}. The caller is responsible for adding
+ * source files to `project` (either from disk, in-memory fixtures, or
+ * a tsconfig). `knownRoles` is consulted when resolving identifier-style
+ * role references like `AUTH_ADMIN_ROLE`.
+ */
+export interface ExtractAuthEntriesInput {
+    readonly project: Project;
+    readonly knownRoles: AuthExtractKnownRoles;
+}
+/**
+ * Aggregated outcome of {@link extractAuthEntries}.
+ */
+export interface ExtractAuthEntriesResult {
+    readonly apps: readonly ExtractedAuthApp[];
+    readonly claims: readonly ExtractedAuthClaim[];
+    readonly warnings: readonly AuthExtractWarning[];
+}
+/**
+ * Walks the supplied project and returns every app/claim entry tagged with
+ * the auth JSDoc markers. Order is stable: source files in the order
+ * ts-morph reports them, declarations within a file in source order.
+ *
+ * @param input - The ts-morph project plus the known-roles resolution map.
+ * @returns The extracted apps, claims, and any non-fatal warnings.
+ */
+export declare function extractAuthEntries(input: ExtractAuthEntriesInput): ExtractAuthEntriesResult;

package/src/lib/mcp-scan/scan/build-manifest.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Orchestrator for the `scan-semantic-types` generator.
+ *
+ * Composes a complete {@link SemanticTypeManifest} from a project root by
+ *
+ *   1. reading `dbx-mcp.scan.json` against {@link SemanticTypeScanConfig}
+ *   2. reading `package.json` to derive the entry-level `package` field
+ *   3. resolving include/exclude globs against the project root
+ *   4. feeding matched files into a ts-morph project
+ *   5. extracting entries via {@link extractEntries}
+ *   6. assembling the manifest envelope and validating it against
+ *      {@link SemanticTypeManifest}
+ *
+ * I/O is fully injectable so tests drive every code path without
+ * touching the real filesystem.
+ */
+import { SemanticTypeManifest } from '../manifest/semantic-types-schema.js';
+import { type ScanGlobber, type ScanReadFile } from '../../scan-helpers/scan-io.js';
+export type BuildManifestReadFile = ScanReadFile;
+export type BuildManifestGlobber = ScanGlobber;
+/**
+ * Input to {@link buildManifest}.
+ */
+export interface BuildManifestInput {
+    readonly projectRoot: string;
+    readonly generator: string;
+    readonly now?: () => Date;
+    readonly readFile?: BuildManifestReadFile;
+    readonly globber?: BuildManifestGlobber;
+}
+/**
+ * Outcome of one generator run. The success payload carries everything
+ * the caller needs to write the manifest to disk or run a freshness
+ * diff against an existing on-disk version.
+ */
+export type BuildManifestOutcome = {
+    readonly kind: 'success';
+    readonly manifest: SemanticTypeManifest;
+    readonly outPath: string;
+    readonly scannedFileCount: number;
+} | {
+    readonly kind: 'no-config';
+    readonly configPath: string;
+} | {
+    readonly kind: 'invalid-scan-config';
+    readonly configPath: string;
+    readonly error: string;
+} | {
+    readonly kind: 'no-package';
+    readonly packagePath: string;
+} | {
+    readonly kind: 'invalid-package';
+    readonly packagePath: string;
+    readonly error: string;
+} | {
+    readonly kind: 'invalid-manifest';
+    readonly error: string;
+};
+/**
+ * Builds a {@link SemanticTypeManifest} from the supplied project root.
+ * The function is pure with respect to the injected I/O hooks, so unit
+ * tests can drive every branch without disk access.
+ *
+ * @param input - The project root + injection hooks for testing.
+ * @returns A discriminated outcome describing the result.
+ */
+export declare function buildManifest(input: BuildManifestInput): Promise<BuildManifestOutcome>;
+/**
+ * JSON-stringifies a manifest with stable key ordering and trailing
+ * newline so `--check` mode can byte-compare against a committed file
+ * without false-positive diffs from key reordering.
+ *
+ * @param manifest - The manifest to serialise.
+ * @returns The canonical string form.
+ */
+export declare function serializeManifest(manifest: SemanticTypeManifest): string;

package/src/lib/mcp-scan/scan/cli.d.ts

@@ -0,0 +1,60 @@
+/**
+ * `scan-semantic-types` subcommand entry point.
+ *
+ * Parses argv, runs {@link buildManifest}, and either writes the
+ * resulting JSON to disk or compares it to the existing on-disk
+ * manifest (`--check` mode) and exits non-zero on drift.
+ *
+ * The CLI is exposed via the `dbx-components-mcp` binary's argv
+ * dispatcher in `bin/dbx-components-mcp.ts`. All I/O is injectable so
+ * unit tests can drive the entire control flow without disk access.
+ */
+import { type BuildManifestGlobber } from './build-manifest.js';
+/**
+ * Function shape used to read text files during `--check`.
+ */
+export type ScanCliReadFile = (absolutePath: string) => Promise<string>;
+/**
+ * Function shape used to write the produced manifest in write mode.
+ */
+export type ScanCliWriteFile = (absolutePath: string, data: string) => Promise<void>;
+/**
+ * Console-shaped sink for stdout and stderr lines. Tests inject a
+ * collecting implementation.
+ */
+export type ScanCliLogger = (message: string) => void;
+/**
+ * Input to {@link runScanCli}. `argv` is `process.argv` after the
+ * subcommand token (so `['--project', 'apps/hellosubs']`). When
+ * `readFile` / `writeFile` / `globber` are supplied they are also
+ * forwarded into {@link buildManifest} so unit tests can drive the
+ * full pipeline without disk access.
+ */
+export interface RunScanCliInput {
+    readonly argv: readonly string[];
+    readonly cwd: string;
+    readonly generator: string;
+    readonly readFile?: ScanCliReadFile;
+    readonly writeFile?: ScanCliWriteFile;
+    readonly globber?: BuildManifestGlobber;
+    readonly now?: () => Date;
+    readonly log?: ScanCliLogger;
+    readonly errorLog?: ScanCliLogger;
+}
+/**
+ * Result of one CLI invocation. The returned `exitCode` is what the
+ * `bin/` shim should pass to `process.exit`.
+ */
+export interface RunScanCliResult {
+    readonly exitCode: number;
+}
+/**
+ * Runs one invocation of `scan-semantic-types`. The function never
+ * throws on user errors — every failure path returns a structured
+ * exit code so callers can wire this into `process.exit` without
+ * try/catch.
+ *
+ * @param input - Argv plus injectable I/O hooks.
+ * @returns The CLI's exit code (0 on success, 1 on drift / build failure, 2 on usage error)
+ */
+export declare function runScanCli(input: RunScanCliInput): Promise<RunScanCliResult>;

package/src/lib/mcp-scan/scan/css-utilities-build-manifest.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Orchestrator for the `scan-css-utilities` generator.
+ *
+ * Composes a complete {@link CssUtilityManifest} from a project root by
+ *
+ *   1. reading `dbx-mcp.scan.json` against {@link CssUtilitiesScanConfig}
+ *   2. reading `package.json` to derive the entry-level `module` field
+ *   3. resolving include/exclude globs against the project root
+ *   4. extracting every annotated utility class via
+ *      {@link extractCssUtilityEntries}
+ *   5. assembling the manifest envelope and validating it against
+ *      {@link CssUtilityManifest}
+ *
+ * I/O is fully injectable so tests drive every code path without
+ * touching the real filesystem.
+ */
+import { CssUtilityManifest } from '../manifest/css-utilities-schema.js';
+import { type ExtractWarning } from './css-utilities-extract.js';
+import { type ScanGlobber, type ScanReadFile } from '../../scan-helpers/scan-io.js';
+export type BuildCssUtilitiesReadFile = ScanReadFile;
+export type BuildCssUtilitiesGlobber = ScanGlobber;
+/**
+ * Input to {@link buildCssUtilitiesManifest}.
+ */
+export interface BuildCssUtilitiesManifestInput {
+    readonly projectRoot: string;
+    readonly generator: string;
+    readonly now?: () => Date;
+    readonly readFile?: BuildCssUtilitiesReadFile;
+    readonly globber?: BuildCssUtilitiesGlobber;
+}
+/**
+ * Outcome of one generator run.
+ */
+export type BuildCssUtilitiesManifestOutcome = {
+    readonly kind: 'success';
+    readonly manifest: CssUtilityManifest;
+    readonly outPath: string;
+    readonly scannedFileCount: number;
+    readonly extractWarnings: readonly ExtractWarning[];
+} | {
+    readonly kind: 'no-config';
+    readonly configPath: string;
+} | {
+    readonly kind: 'invalid-scan-config';
+    readonly configPath: string;
+    readonly error: string;
+} | {
+    readonly kind: 'no-package';
+    readonly packagePath: string;
+} | {
+    readonly kind: 'invalid-package';
+    readonly packagePath: string;
+    readonly error: string;
+} | {
+    readonly kind: 'invalid-manifest';
+    readonly error: string;
+};
+/**
+ * Builds a {@link CssUtilityManifest} from the supplied project root. The
+ * function is pure with respect to the injected I/O hooks, so unit tests
+ * can drive every branch without disk access.
+ *
+ * @param input - The project root + injection hooks for testing.
+ * @returns A discriminated outcome describing the result.
+ */
+export declare function buildCssUtilitiesManifest(input: BuildCssUtilitiesManifestInput): Promise<BuildCssUtilitiesManifestOutcome>;
+/**
+ * JSON-stringifies a manifest with stable key ordering and trailing newline
+ * so `--check` mode can byte-compare against a committed file without
+ * false-positive diffs from key reordering.
+ *
+ * @param manifest - The manifest to serialise.
+ * @returns The canonical string form.
+ */
+export declare function serializeCssUtilityManifest(manifest: CssUtilityManifest): string;

package/src/lib/mcp-scan/scan/css-utilities-cli.d.ts

@@ -0,0 +1,36 @@
+/**
+ * `scan-css-utilities` subcommand entry point.
+ *
+ * Thin wrapper around {@link runScanCliBase} that supplies the
+ * css-utilities domain config.
+ */
+import { type BuildCssUtilitiesGlobber } from './css-utilities-build-manifest.js';
+import { type RunScanCliBaseInput, type RunScanCliResult, type ScanCliBaseLogger, type ScanCliBaseReadFile, type ScanCliBaseWriteFile } from './scan-cli-base.js';
+/**
+ * Function shape used to read text files during `--check`.
+ */
+export type CssUtilitiesScanCliReadFile = ScanCliBaseReadFile;
+/**
+ * Function shape used to write the produced manifest in write mode.
+ */
+export type CssUtilitiesScanCliWriteFile = ScanCliBaseWriteFile;
+/**
+ * Console-shaped sink for stdout and stderr lines.
+ */
+export type CssUtilitiesScanCliLogger = ScanCliBaseLogger;
+/**
+ * Input to {@link runCssUtilitiesScanCli}.
+ */
+export type RunCssUtilitiesScanCliInput = RunScanCliBaseInput<BuildCssUtilitiesGlobber>;
+/**
+ * Result of one CLI invocation.
+ */
+export type RunCssUtilitiesScanCliResult = RunScanCliResult;
+/**
+ * Runs one invocation of `scan-css-utilities`. Never throws on user errors —
+ * every failure path returns a structured exit code.
+ *
+ * @param input - Argv plus injectable I/O hooks.
+ * @returns The CLI's exit code (0 on success, 1 on drift / build failure, 2 on usage error)
+ */
+export declare function runCssUtilitiesScanCli(input: RunCssUtilitiesScanCliInput): Promise<RunCssUtilitiesScanCliResult>;