@devtrack-solution/codesdd 1.2.2 → 1.2.4-rc3

package/dist/core/sdd/plugin-skill-binding.js

@@ -0,0 +1,339 @@
+import { z } from 'zod';
+import { pluginRegistryStateSchema, } from './plugin-registry.js';
+const FEATURE_REF_PATTERN = /^FEAT-\d{4}$/;
+const PLUGIN_ID_PATTERN = /^codesdd-plugin-[a-z0-9][a-z0-9-]*$/;
+const SEMVER_PATTERN = /^\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/;
+const CAPABILITY_NAME_PATTERN = /^[a-z][a-z0-9-]*(?:\.[a-z][a-z0-9-]*)+$/;
+const SKILL_ID_PATTERN = /^[a-z][a-z0-9-]*(?:\.[a-z][a-z0-9-]*)*$/;
+const TRUST_RANK = {
+    'enterprise-approved': 3,
+    'local-dev': 2,
+    experimental: 1,
+    blocked: 0,
+};
+const RISK_RANK = {
+    low: 4,
+    medium: 3,
+    high: 2,
+    critical: 1,
+};
+const bindingStatusSchema = z.enum(['active', 'disabled', 'deprecated']);
+const pluginTrustTierSchema = z.enum(['local-dev', 'experimental', 'enterprise-approved', 'blocked']);
+const pluginRegistryStatusSchema = z.enum(['active', 'disabled', 'blocked', 'deprecated']);
+const capabilityNameSchema = z.string().regex(CAPABILITY_NAME_PATTERN);
+const skillIdSchema = z.string().regex(SKILL_ID_PATTERN);
+const pluginIdSchema = z.string().regex(PLUGIN_ID_PATTERN);
+export const pluginSkillBindingSchema = z
+    .object({
+    schema_version: z.literal(1).default(1),
+    skill_id: skillIdSchema,
+    plugin_id: pluginIdSchema,
+    plugin_version: z.string().regex(SEMVER_PATTERN).optional(),
+    capabilities: z.array(capabilityNameSchema).min(1),
+    operations: z.record(z.string().min(1), capabilityNameSchema).default({}),
+    priority: z.number().int().min(0).max(100).default(50),
+    status: bindingStatusSchema.default('active'),
+    rationale: z.string().min(1).optional(),
+    technology: z
+        .object({
+        language: z.string().min(1).optional(),
+        framework: z.string().min(1).optional(),
+    })
+        .optional(),
+})
+    .superRefine((binding, context) => {
+    const seen = new Set();
+    for (const [index, capability] of binding.capabilities.entries()) {
+        if (seen.has(capability)) {
+            context.addIssue({
+                code: 'custom',
+                path: ['capabilities', index],
+                message: `Duplicate bound capability: ${capability}.`,
+            });
+        }
+        seen.add(capability);
+    }
+    for (const [operation, capability] of Object.entries(binding.operations)) {
+        if (!binding.capabilities.includes(capability)) {
+            context.addIssue({
+                code: 'custom',
+                path: ['operations', operation],
+                message: `Operation ${operation} targets ${capability}, which is not listed in capabilities.`,
+            });
+        }
+    }
+});
+export const pluginSkillBindingResolutionRequestSchema = z.object({
+    schema_version: z.literal(1).default(1),
+    feature_ref: z.string().regex(FEATURE_REF_PATTERN),
+    recommended_skills: z.array(skillIdSchema).default([]),
+    requested_operation: z.string().min(1).optional(),
+    requested_capability: capabilityNameSchema.optional(),
+    explicit_plugin_id: pluginIdSchema.optional(),
+    technology: z
+        .object({
+        language: z.string().min(1).optional(),
+        framework: z.string().min(1).optional(),
+    })
+        .optional(),
+    trust_tiers: z
+        .array(pluginTrustTierSchema)
+        .default(['enterprise-approved', 'local-dev', 'experimental']),
+    statuses: z.array(pluginRegistryStatusSchema).default(['active']),
+    require_apply: z.boolean().default(false),
+    require_dry_run: z.boolean().default(true),
+    created_at: z.string().datetime().optional(),
+});
+export const pluginSkillBindingCandidateSchema = z.object({
+    source: z.enum(['explicit-plugin', 'skill-binding', 'capability-match']),
+    skill_id: skillIdSchema.optional(),
+    plugin_ref: z.object({
+        id: pluginIdSchema,
+        version: z.string().regex(SEMVER_PATTERN),
+    }),
+    capability: capabilityNameSchema,
+    operation: z.string().min(1).optional(),
+    binding_priority: z.number().int().min(0).max(100).optional(),
+    rank: z.number().int().nonnegative(),
+    reasons: z.array(z.string()).default([]),
+});
+export const pluginSkillBindingResolutionSchema = z.object({
+    schema_version: z.literal(1),
+    created_at: z.string().datetime(),
+    status: z.enum(['resolved', 'fallback']),
+    request: pluginSkillBindingResolutionRequestSchema,
+    selected: pluginSkillBindingCandidateSchema.optional(),
+    candidates: z.array(pluginSkillBindingCandidateSchema).default([]),
+    reasons: z.array(z.string()).default([]),
+    fallback: z
+        .object({
+        strategy: z.enum(['manual-selection', 'llm-guidance', 'no-compatible-plugin']),
+        message: z.string().min(1),
+    })
+        .optional(),
+});
+export function resolvePluginSkillBinding(registryState, bindings, request) {
+    const registry = pluginRegistryStateSchema.parse(registryState);
+    const parsedBindings = bindings.map((binding) => pluginSkillBindingSchema.parse(binding));
+    const parsedRequest = pluginSkillBindingResolutionRequestSchema.parse(request);
+    const createdAt = parsedRequest.created_at ?? new Date().toISOString();
+    const reasons = [];
+    const candidates = [];
+    candidates.push(...collectExplicitPluginCandidates(registry.entries, parsedBindings, parsedRequest, reasons));
+    candidates.push(...collectSkillBindingCandidates(registry.entries, parsedBindings, parsedRequest, reasons));
+    candidates.push(...collectCapabilityFallbackCandidates(registry.entries, parsedRequest, reasons));
+    const sortedCandidates = dedupeCandidates(candidates).sort(compareCandidates);
+    const [selected] = sortedCandidates;
+    if (!selected) {
+        return pluginSkillBindingResolutionSchema.parse({
+            schema_version: 1,
+            created_at: createdAt,
+            status: 'fallback',
+            request: {
+                ...parsedRequest,
+                created_at: createdAt,
+            },
+            candidates: [],
+            reasons: reasons.length > 0 ? reasons : ['No compatible plugin binding or capability was found.'],
+            fallback: {
+                strategy: 'no-compatible-plugin',
+                message: 'Continue with skill guidance or manual plugin selection; no deterministic plugin invocation is available.',
+            },
+        });
+    }
+    return pluginSkillBindingResolutionSchema.parse({
+        schema_version: 1,
+        created_at: createdAt,
+        status: 'resolved',
+        request: {
+            ...parsedRequest,
+            created_at: createdAt,
+        },
+        selected,
+        candidates: sortedCandidates,
+        reasons: [
+            `Resolved ${selected.skill_id ?? '<no-skill>'} to ${selected.plugin_ref.id}@${selected.plugin_ref.version}/${selected.capability}.`,
+            ...selected.reasons,
+        ],
+    });
+}
+function collectExplicitPluginCandidates(entries, bindings, request, reasons) {
+    if (!request.explicit_plugin_id) {
+        return [];
+    }
+    const matchedEntries = entries.filter((entry) => entry.manifest.id === request.explicit_plugin_id);
+    if (matchedEntries.length === 0) {
+        reasons.push(`Explicit plugin ${request.explicit_plugin_id} is not registered.`);
+        return [];
+    }
+    return matchedEntries.flatMap((entry) => {
+        const bindingTargets = bindings
+            .filter((binding) => binding.plugin_id === request.explicit_plugin_id && binding.status === 'active')
+            .flatMap((binding) => targetCapabilitiesForBinding(binding, request));
+        const targets = bindingTargets.length > 0 ? bindingTargets : targetCapabilitiesForEntry(entry, request);
+        return targets.flatMap((capability) => buildCandidate(entry, request, reasons, {
+            source: 'explicit-plugin',
+            binding: bindings.find((binding) => binding.plugin_id === request.explicit_plugin_id && binding.capabilities.includes(capability)),
+            skillOrder: 0,
+            capability,
+        }));
+    });
+}
+function collectSkillBindingCandidates(entries, bindings, request, reasons) {
+    const recommendedOrder = new Map(request.recommended_skills.map((skillId, index) => [skillId, index]));
+    const candidates = [];
+    for (const binding of bindings) {
+        const skillOrder = recommendedOrder.get(binding.skill_id);
+        if (skillOrder === undefined) {
+            continue;
+        }
+        if (binding.status !== 'active') {
+            reasons.push(`Skill binding ${binding.skill_id} -> ${binding.plugin_id} is ${binding.status}.`);
+            continue;
+        }
+        const targets = targetCapabilitiesForBinding(binding, request);
+        if (targets.length === 0) {
+            reasons.push(`Skill binding ${binding.skill_id} has no capability for the requested operation.`);
+            continue;
+        }
+        for (const entry of entries.filter((candidate) => candidate.manifest.id === binding.plugin_id)) {
+            for (const capability of targets) {
+                candidates.push(...buildCandidate(entry, request, reasons, {
+                    source: 'skill-binding',
+                    binding,
+                    skillOrder,
+                    capability,
+                }));
+            }
+        }
+    }
+    return candidates;
+}
+function collectCapabilityFallbackCandidates(entries, request, reasons) {
+    if (!request.requested_capability) {
+        return [];
+    }
+    return entries.flatMap((entry) => buildCandidate(entry, request, reasons, {
+        source: 'capability-match',
+        skillOrder: request.recommended_skills.length,
+        capability: request.requested_capability,
+    }));
+}
+function buildCandidate(entry, request, reasons, context) {
+    const rejectionReasons = collectRejectionReasons(entry, request, context);
+    const pluginRef = `${entry.manifest.id}@${entry.manifest.version}`;
+    if (rejectionReasons.length > 0) {
+        reasons.push(...rejectionReasons.map((reason) => `${pluginRef}/${context.capability}: ${reason}`));
+        return [];
+    }
+    const capability = entry.manifest.capabilities.find((candidate) => candidate.name === context.capability);
+    return [
+        pluginSkillBindingCandidateSchema.parse({
+            source: context.source,
+            skill_id: context.binding?.skill_id,
+            plugin_ref: {
+                id: entry.manifest.id,
+                version: entry.manifest.version,
+            },
+            capability: capability.name,
+            operation: request.requested_operation,
+            binding_priority: context.binding?.priority,
+            rank: rankCandidate(entry, capability, context),
+            reasons: candidateReasons(context, capability),
+        }),
+    ];
+}
+function collectRejectionReasons(entry, request, context) {
+    const reasons = [];
+    if (!request.statuses.includes(entry.status)) {
+        reasons.push(`status ${entry.status} is not eligible.`);
+    }
+    if (!request.trust_tiers.includes(entry.manifest.governance.trust_tier)) {
+        reasons.push(`trust tier ${entry.manifest.governance.trust_tier} is not eligible.`);
+    }
+    if (context.binding?.plugin_version && context.binding.plugin_version !== entry.manifest.version) {
+        reasons.push(`version ${entry.manifest.version} does not match binding version ${context.binding.plugin_version}.`);
+    }
+    if (request.technology?.language && request.technology.language !== entry.manifest.technology.language) {
+        reasons.push(`language ${entry.manifest.technology.language} does not match ${request.technology.language}.`);
+    }
+    if (request.technology?.framework && request.technology.framework !== entry.manifest.technology.framework) {
+        reasons.push(`framework ${entry.manifest.technology.framework ?? '<none>'} does not match ${request.technology.framework}.`);
+    }
+    if (context.binding?.technology?.language && context.binding.technology.language !== entry.manifest.technology.language) {
+        reasons.push(`binding language ${context.binding.technology.language} does not match ${entry.manifest.technology.language}.`);
+    }
+    if (context.binding?.technology?.framework && context.binding.technology.framework !== entry.manifest.technology.framework) {
+        reasons.push(`binding framework ${context.binding.technology.framework} does not match ${entry.manifest.technology.framework ?? '<none>'}.`);
+    }
+    const capability = entry.manifest.capabilities.find((candidate) => candidate.name === context.capability);
+    if (!capability) {
+        reasons.push(`capability ${context.capability} is not advertised.`);
+        return reasons;
+    }
+    if (request.require_apply && !capability.supports_apply) {
+        reasons.push('apply mode is required but not supported.');
+    }
+    if (request.require_dry_run && !capability.supports_dry_run) {
+        reasons.push('dry-run mode is required but not supported.');
+    }
+    return reasons;
+}
+function targetCapabilitiesForBinding(binding, request) {
+    if (request.requested_operation) {
+        const capability = binding.operations[request.requested_operation];
+        if (!capability || (request.requested_capability && capability !== request.requested_capability)) {
+            return [];
+        }
+        return [capability];
+    }
+    if (request.requested_capability) {
+        return binding.capabilities.includes(request.requested_capability) ? [request.requested_capability] : [];
+    }
+    return binding.capabilities;
+}
+function targetCapabilitiesForEntry(entry, request) {
+    if (request.requested_capability) {
+        return [request.requested_capability];
+    }
+    return entry.manifest.capabilities.map((capability) => capability.name);
+}
+function candidateReasons(context, capability) {
+    if (context.source === 'explicit-plugin') {
+        return [`Explicit plugin request selected ${capability.name}.`];
+    }
+    if (context.source === 'skill-binding') {
+        return [`Skill binding ${context.binding?.skill_id} declares ${capability.name}.`];
+    }
+    return [`Registry capability fallback found ${capability.name}.`];
+}
+function rankCandidate(entry, capability, context) {
+    const sourceRank = context.source === 'explicit-plugin' ? 300_000 : context.source === 'skill-binding' ? 200_000 : 100_000;
+    const skillRank = Math.max(0, 100 - context.skillOrder) * 1_000;
+    const bindingRank = (context.binding?.priority ?? 0) * 10;
+    const trustRank = TRUST_RANK[entry.manifest.governance.trust_tier] * 100;
+    const riskRank = RISK_RANK[capability.risk_tier] * 10;
+    return sourceRank + skillRank + bindingRank + trustRank + riskRank;
+}
+function dedupeCandidates(candidates) {
+    const seen = new Set();
+    const deduped = [];
+    for (const candidate of candidates) {
+        const key = `${candidate.source}:${candidate.skill_id ?? ''}:${candidate.plugin_ref.id}@${candidate.plugin_ref.version}:${candidate.capability}`;
+        if (seen.has(key)) {
+            continue;
+        }
+        seen.add(key);
+        deduped.push(candidate);
+    }
+    return deduped;
+}
+function compareCandidates(left, right) {
+    if (right.rank !== left.rank) {
+        return right.rank - left.rank;
+    }
+    const leftRef = `${left.plugin_ref.id}@${left.plugin_ref.version}/${left.capability}`;
+    const rightRef = `${right.plugin_ref.id}@${right.plugin_ref.version}/${right.capability}`;
+    return leftRef.localeCompare(rightRef);
+}
+//# sourceMappingURL=plugin-skill-binding.js.map

package/dist/core/sdd/quality-artifact-manifest-validator.d.ts

@@ -0,0 +1,28 @@
+import { type PluginArtifactManifest } from './plugin-broker.js';
+import { type QualityFilesystemSnapshot } from './quality-validation.js';
+export type QualityArtifactManifestIssueCode = 'ARTIFACT_FILE_MISSING' | 'ARTIFACT_CHECKSUM_MISMATCH' | 'ARTIFACT_DELETED_FILE_PRESENT' | 'ARTIFACT_PATH_UNSAFE' | 'ARTIFACT_DUPLICATE_PATH' | 'ARTIFACT_EXPECTED_PATTERN_MISSING' | 'ARTIFACT_REALPATH_ESCAPE';
+export interface QualityArtifactManifestFinding {
+    code: QualityArtifactManifestIssueCode;
+    severity: 'warn' | 'error' | 'blocker';
+    path?: string;
+    message: string;
+    remediation: string;
+}
+export interface BuildFilesystemSnapshotOptions {
+    paths?: string[];
+    computeSha256?: boolean;
+}
+export interface ValidateArtifactManifestAgainstFilesystemInput {
+    projectRoot: string;
+    manifest: PluginArtifactManifest;
+    snapshot?: QualityFilesystemSnapshot;
+    expectedPathPatterns?: string[];
+}
+export interface QualityArtifactManifestValidationResult {
+    status: 'passed' | 'warning' | 'failed' | 'blocked';
+    findings: QualityArtifactManifestFinding[];
+    filesystem_snapshot: QualityFilesystemSnapshot;
+}
+export declare function buildFilesystemSnapshot(projectRoot: string, options?: BuildFilesystemSnapshotOptions): Promise<QualityFilesystemSnapshot>;
+export declare function validateArtifactManifestAgainstFilesystem(input: ValidateArtifactManifestAgainstFilesystemInput): Promise<QualityArtifactManifestValidationResult>;
+//# sourceMappingURL=quality-artifact-manifest-validator.d.ts.map

package/dist/core/sdd/quality-artifact-manifest-validator.js

@@ -0,0 +1,167 @@
+import { createHash } from 'node:crypto';
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+import { pluginArtifactManifestSchema, } from './plugin-broker.js';
+import { qualityFilesystemSnapshotSchema, } from './quality-validation.js';
+const WINDOWS_ABSOLUTE_PATH_PATTERN = /^[A-Za-z]:[\\/]/;
+const FILE_REQUIRED_OPERATIONS = new Set(['created', 'modified', 'unchanged', 'validated']);
+export async function buildFilesystemSnapshot(projectRoot, options = {}) {
+    const files = [];
+    for (const rawPath of options.paths ?? []) {
+        const safePath = normalizeRelativePath(rawPath);
+        if (!isSafeRelativePath(safePath))
+            continue;
+        const absolutePath = path.resolve(projectRoot, safePath);
+        const stat = await fs.stat(absolutePath).catch(() => null);
+        if (!stat?.isFile())
+            continue;
+        files.push({
+            path: safePath,
+            size_bytes: stat.size,
+            sha256: options.computeSha256 ? await sha256File(absolutePath) : undefined,
+        });
+    }
+    return qualityFilesystemSnapshotSchema.parse({
+        root: '.',
+        files,
+    });
+}
+export async function validateArtifactManifestAgainstFilesystem(input) {
+    const manifest = pluginArtifactManifestSchema.parse(input.manifest);
+    const artifactPaths = manifest.artifacts.map((artifact) => artifact.path);
+    const snapshot = input.snapshot ??
+        await buildFilesystemSnapshot(input.projectRoot, {
+            paths: artifactPaths,
+            computeSha256: manifest.artifacts.some((artifact) => Boolean(artifact.checksum_after)),
+        });
+    const snapshotByPath = new Map(snapshot.files.map((file) => [normalizeRelativePath(file.path), file]));
+    const findings = [];
+    const seenPaths = new Set();
+    for (const artifact of manifest.artifacts) {
+        const artifactPath = normalizeRelativePath(artifact.path);
+        if (!isSafeRelativePath(artifactPath)) {
+            findings.push(finding('ARTIFACT_PATH_UNSAFE', 'blocker', artifact.path, `Artifact path "${artifact.path}" is unsafe or escapes the project root.`, 'Use a project-relative artifact path without absolute roots or traversal segments.'));
+            continue;
+        }
+        if (seenPaths.has(artifactPath)) {
+            findings.push(finding('ARTIFACT_DUPLICATE_PATH', 'error', artifactPath, `Artifact path "${artifactPath}" appears more than once in the manifest.`, 'Keep one manifest entry per artifact path and merge operation evidence there.'));
+        }
+        seenPaths.add(artifactPath);
+        const absolutePath = path.resolve(input.projectRoot, artifactPath);
+        const containment = await verifyRealpathContainment(input.projectRoot, absolutePath);
+        if (!containment.ok) {
+            findings.push(finding('ARTIFACT_REALPATH_ESCAPE', 'blocker', artifactPath, `Artifact path "${artifactPath}" resolves outside the project root.`, 'Remove the symlink or move the artifact inside the project root before accepting the evidence.'));
+            continue;
+        }
+        const exists = await pathExists(absolutePath);
+        if (artifact.operation === 'deleted') {
+            if (exists) {
+                findings.push(finding('ARTIFACT_DELETED_FILE_PRESENT', 'error', artifactPath, `Artifact "${artifactPath}" is marked deleted but still exists.`, 'Delete the file or correct the artifact operation in the manifest.'));
+            }
+            continue;
+        }
+        if (FILE_REQUIRED_OPERATIONS.has(artifact.operation) && !exists) {
+            findings.push(finding('ARTIFACT_FILE_MISSING', 'error', artifactPath, `Artifact "${artifactPath}" is marked ${artifact.operation} but does not exist.`, 'Create the artifact, update the manifest path, or change the operation to planned if this is a dry-run.'));
+            continue;
+        }
+        if (artifact.checksum_after && exists) {
+            const actualChecksum = snapshotByPath.get(artifactPath)?.sha256 ?? await sha256File(absolutePath);
+            if (actualChecksum !== artifact.checksum_after) {
+                findings.push(finding('ARTIFACT_CHECKSUM_MISMATCH', 'error', artifactPath, `Artifact "${artifactPath}" checksum does not match the manifest.`, 'Regenerate the checksum after producing the artifact or investigate unexpected file drift.'));
+            }
+        }
+    }
+    for (const pattern of input.expectedPathPatterns ?? []) {
+        const matcher = globToRegExp(pattern);
+        const matched = [...seenPaths, ...snapshot.files.map((file) => normalizeRelativePath(file.path))]
+            .some((candidate) => matcher.test(candidate));
+        if (!matched) {
+            findings.push(finding('ARTIFACT_EXPECTED_PATTERN_MISSING', 'error', pattern, `No manifest or filesystem artifact matched expected pattern "${pattern}".`, 'Create the expected artifact or adjust the scenario expectation.'));
+        }
+    }
+    return {
+        status: statusFromFindings(findings),
+        findings,
+        filesystem_snapshot: snapshot,
+    };
+}
+function finding(code, severity, artifactPath, message, remediation) {
+    return {
+        code,
+        severity,
+        path: artifactPath,
+        message,
+        remediation,
+    };
+}
+function statusFromFindings(findings) {
+    if (findings.some((item) => item.severity === 'blocker'))
+        return 'blocked';
+    if (findings.some((item) => item.severity === 'error'))
+        return 'failed';
+    if (findings.length > 0)
+        return 'warning';
+    return 'passed';
+}
+function normalizeRelativePath(value) {
+    return value.replace(/\\/gu, '/').replace(/^\.\//u, '');
+}
+function isSafeRelativePath(value) {
+    if (!value || value.startsWith('/') || WINDOWS_ABSOLUTE_PATH_PATTERN.test(value)) {
+        return false;
+    }
+    return !value.split('/').some((segment) => segment === '..');
+}
+async function verifyRealpathContainment(projectRoot, absolutePath) {
+    const resolvedRoot = path.resolve(projectRoot);
+    const relativeLogical = path.relative(resolvedRoot, absolutePath);
+    if (relativeLogical !== '' && (relativeLogical.startsWith('..') || path.isAbsolute(relativeLogical))) {
+        return { ok: false };
+    }
+    const realRoot = await fs.realpath(resolvedRoot).catch(() => resolvedRoot);
+    const realTarget = await fs.realpath(absolutePath).catch(() => null);
+    if (!realTarget)
+        return { ok: true };
+    const relativePhysical = path.relative(realRoot, realTarget);
+    if (relativePhysical !== '' && (relativePhysical.startsWith('..') || path.isAbsolute(relativePhysical))) {
+        return { ok: false };
+    }
+    return { ok: true };
+}
+async function pathExists(filePath) {
+    try {
+        await fs.access(filePath);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function sha256File(filePath) {
+    const hash = createHash('sha256');
+    hash.update(await fs.readFile(filePath));
+    return hash.digest('hex');
+}
+function globToRegExp(pattern) {
+    const normalized = normalizeRelativePath(pattern);
+    let source = '';
+    for (let index = 0; index < normalized.length; index += 1) {
+        const char = normalized[index];
+        const next = normalized[index + 1];
+        if (char === '*' && next === '*') {
+            source += '.*';
+            index += 1;
+            continue;
+        }
+        if (char === '*') {
+            source += '[^/]*';
+            continue;
+        }
+        source += escapeRegExp(char);
+    }
+    return new RegExp(`^${source}$`, 'u');
+}
+function escapeRegExp(value) {
+    return value.replace(/[|\\{}()[\]^$+?.]/gu, '\\$&');
+}
+//# sourceMappingURL=quality-artifact-manifest-validator.js.map

package/dist/core/sdd/quality-evidence-renderer.d.ts

@@ -0,0 +1,65 @@
+import { type QualityEvidenceBundle } from './quality-validation.js';
+export type QualityEvidenceRendererStatus = 'passed' | 'warning';
+export interface QualityEvidenceRenderInput {
+    projectRoot: string;
+    memoryRoot?: string;
+    bundle: unknown;
+    generatedAt?: string | Date;
+}
+export interface QualityEvidenceValidationIssue {
+    path: string;
+    message: string;
+}
+export interface QualityEvidenceFindingSummary {
+    code: string;
+    severity: string;
+    message: string;
+    remediation: string;
+    path?: string;
+    gate_id?: string;
+}
+export interface QualityEvidenceRenderSummary {
+    schema_version: 1;
+    run_id: string;
+    scenario_ref: string;
+    feature_ref: string;
+    mode: string;
+    generated_at: string;
+    warning_only: true;
+    blocking: false;
+    status: QualityEvidenceRendererStatus;
+    run_status: string;
+    validation: {
+        valid: boolean;
+        issue_count: number;
+        issues: QualityEvidenceValidationIssue[];
+    };
+    counts: {
+        findings: number;
+        warning_findings: number;
+        error_findings: number;
+        blocker_findings: number;
+        artifacts: number;
+        filesystem_files: number;
+        import_nodes: number;
+        import_edges: number;
+        checksums: number;
+        exceptions: number;
+    };
+    findings: QualityEvidenceFindingSummary[];
+    outputs: {
+        report_path: string;
+        summary_path: string;
+    };
+}
+export interface QualityEvidenceRenderResult {
+    summary: QualityEvidenceRenderSummary;
+    reportMarkdown: string;
+    paths: {
+        report: string;
+        summary: string;
+    };
+    bundle?: QualityEvidenceBundle;
+}
+export declare function renderQualityEvidenceBundle(input: QualityEvidenceRenderInput): Promise<QualityEvidenceRenderResult>;
+//# sourceMappingURL=quality-evidence-renderer.d.ts.map