@devtrack-solution/codesdd 1.2.3 → 1.2.4

package/dist/core/sdd/reversa-architecture-extractor.d.ts

@@ -0,0 +1,13 @@
+import type { ReversaEvidenceBundle } from './reversa-evidence.js';
+export interface ReversaArchitectureSource {
+    path: string;
+    content: string;
+}
+export interface BuildReversaArchitectureMapInput {
+    featureRef: string;
+    operationId: string;
+    generatedAt: string;
+    sources: ReversaArchitectureSource[];
+}
+export declare function buildReversaArchitectureMap(input: BuildReversaArchitectureMapInput): ReversaEvidenceBundle;
+//# sourceMappingURL=reversa-architecture-extractor.d.ts.map

package/dist/core/sdd/reversa-architecture-extractor.js

@@ -0,0 +1,89 @@
+import { attestReversaSource } from './reversa-source-safety.js';
+export function buildReversaArchitectureMap(input) {
+    const accepted = input.sources
+        .map((source) => ({ source, attestation: attestReversaSource({ sourcePath: source.path, content: source.content }) }))
+        .filter((entry) => entry.attestation.status === 'accepted' && entry.attestation.attestation);
+    const blockedCount = input.sources.length - accepted.length;
+    const modules = accepted.flatMap(({ source, attestation }) => scanModules(attestation.normalized_path, source.content));
+    const dependencies = accepted.flatMap(({ source, attestation }) => scanDependencies(attestation.normalized_path, source.content));
+    const findings = [];
+    if (modules.length > 0) {
+        findings.push({
+            id: 'REV-FIND-ARCH-MODULES',
+            phase: 'architecture',
+            title: 'Architecture modules',
+            summary: `Detected ${modules.length} module or class boundaries.`,
+            confidence: 'medium',
+            source_refs: unique(modules.map((entry) => entry.source_ref)),
+            contradiction_refs: [],
+            promoted_refs: [],
+            metadata: { modules },
+        });
+    }
+    if (dependencies.length > 0) {
+        findings.push({
+            id: 'REV-FIND-ARCH-DEPENDENCIES',
+            phase: 'architecture',
+            title: 'Dependency imports',
+            summary: `Detected ${dependencies.length} import or require dependencies.`,
+            confidence: 'medium',
+            source_refs: unique(dependencies.map((entry) => entry.source_ref)),
+            contradiction_refs: [],
+            promoted_refs: [],
+            metadata: { dependencies },
+        });
+    }
+    return {
+        schema_version: 1,
+        contract: 'reversa-evidence-bundle/v1',
+        operation_id: input.operationId,
+        generated_at: input.generatedAt,
+        feature_ref: input.featureRef,
+        mode: 'read-only',
+        source_attestations: accepted.map((entry) => entry.attestation.attestation),
+        findings,
+        artifacts: [
+            {
+                path: `.sdd/evidence/reversa/${input.featureRef}/architecture-map.yaml`,
+                artifact_type: 'architecture_map',
+                phase: 'architecture',
+                produced_by: 'codesdd reversa architecture extractor',
+                write_scope: 'read_only',
+            },
+        ],
+        validations: [
+            {
+                id: 'REV-VAL-ARCH-SAFETY',
+                phase: 'architecture',
+                command: 'buildReversaArchitectureMap',
+                status: blockedCount === 0 ? 'passed' : 'blocked',
+                issue_codes: blockedCount === 0 ? [] : ['UNSAFE_SOURCE_BLOCKED'],
+            },
+        ],
+        contradictions: [],
+        human_questions: [],
+        quality_refs: [`.sdd/active/${input.featureRef}/5-quality.yaml`],
+        residual_risks: blockedCount === 0 ? [] : [{
+                code: 'UNSAFE_SOURCE_BLOCKED',
+                severity: 'medium',
+                description: `${blockedCount} source(s) were blocked by Reversa intake safety.`,
+                mitigation: 'Provide safe project-relative sources before architecture extraction.',
+            }],
+        metadata: { module_count: modules.length, dependency_count: dependencies.length },
+    };
+}
+function scanModules(sourceRef, content) {
+    return [...content.matchAll(/\b(?:class|interface|module|namespace)\s+([A-Za-z0-9_]+)/gu)].map((match) => ({
+        name: match[1] ?? 'unknown',
+        source_ref: sourceRef,
+    }));
+}
+function scanDependencies(sourceRef, content) {
+    const imports = [...content.matchAll(/\bimport\b[^'"]*['"]([^'"]+)['"]/gu)].map((match) => match[1] ?? '');
+    const requires = [...content.matchAll(/\brequire\(\s*['"]([^'"]+)['"]\s*\)/gu)].map((match) => match[1] ?? '');
+    return [...imports, ...requires].filter(Boolean).map((target) => ({ target, source_ref: sourceRef }));
+}
+function unique(values) {
+    return [...new Set(values)];
+}
+//# sourceMappingURL=reversa-architecture-extractor.js.map

package/dist/core/sdd/reversa-artifact-writer.d.ts

@@ -0,0 +1,18 @@
+import type { ReversaEvidenceBundle } from './reversa-evidence.js';
+export interface ReversaArtifactWritePlan {
+    schema_version: 1;
+    contract: 'reversa-artifact-write-plan/v1';
+    feature_ref: string;
+    status: 'ready' | 'needs_clarification';
+    draft_artifacts: Array<{
+        artifact_type: 'INS' | 'DEB' | 'EPIC' | 'FEAT' | 'ADR' | 'DOC';
+        path: string;
+        source_finding_ref: string;
+        title: string;
+        write_scope: 'draft_only';
+    }>;
+    human_questions: NonNullable<ReversaEvidenceBundle['human_questions']>;
+    blocked_operations: string[];
+}
+export declare function buildReversaArtifactWritePlan(bundle: ReversaEvidenceBundle): ReversaArtifactWritePlan;
+//# sourceMappingURL=reversa-artifact-writer.d.ts.map

package/dist/core/sdd/reversa-artifact-writer.js

@@ -0,0 +1,40 @@
+export function buildReversaArtifactWritePlan(bundle) {
+    const lowConfidenceQuestions = bundle.findings
+        .filter((finding) => finding.confidence === 'low' || finding.confidence === 'unknown')
+        .map((finding) => ({
+        id: `REV-Q-${finding.id.replace(/^REV-FIND-/u, '')}`,
+        question: `Confirm finding before promotion: ${finding.title}`,
+        blocks_phase: 'artifact_generation',
+        required_before_apply: true,
+    }));
+    const humanQuestions = [...bundle.human_questions, ...lowConfidenceQuestions];
+    return {
+        schema_version: 1,
+        contract: 'reversa-artifact-write-plan/v1',
+        feature_ref: bundle.feature_ref,
+        status: humanQuestions.some((question) => question.required_before_apply) ? 'needs_clarification' : 'ready',
+        draft_artifacts: bundle.findings.map((finding) => ({
+            artifact_type: inferArtifactType(finding.phase),
+            path: `.sdd/evidence/reversa/${bundle.feature_ref}/drafts/${finding.id.toLowerCase()}.yaml`,
+            source_finding_ref: finding.id,
+            title: finding.title,
+            write_scope: 'draft_only',
+        })),
+        human_questions: humanQuestions,
+        blocked_operations: [
+            'write .sdd/state directly',
+            'promote drafts without CodeSDD lifecycle command',
+            'apply generated artifacts before required human questions are resolved',
+        ],
+    };
+}
+function inferArtifactType(phase) {
+    if (phase === 'artifact_generation')
+        return 'FEAT';
+    if (phase === 'migration' || phase === 'reconstruction' || phase === 'equivalence')
+        return 'ADR';
+    if (phase === 'rules' || phase === 'architecture')
+        return 'DEB';
+    return 'DOC';
+}
+//# sourceMappingURL=reversa-artifact-writer.js.map

package/dist/core/sdd/reversa-command-policy.d.ts

@@ -0,0 +1,136 @@
+export declare const REVERSA_COMMANDS: readonly ["intake", "scan", "extract", "ask", "plan", "generate", "validate", "reconstruct", "report", "url"];
+export declare const REVERSA_MODES: readonly ["read-only", "plan", "validate", "apply-sandbox", "apply-approved"];
+export declare const REVERSA_URL_MODES: readonly ["authorized-replica", "authorized-derivative", "clean-room-style"];
+export declare const REVERSA_AUTHORIZATION_SCOPES: readonly ["owner", "client-authorized", "licensed", "clean-room"];
+export declare const REVERSA_VOLUME_PRESETS: readonly ["small", "standard", "large"];
+export declare const REVERSA_TARGET_STACKS: readonly ["react", "nextjs", "angular", "vue", "svelte", "html"];
+export declare const REVERSA_PRESERVATION_CHOICES: readonly ["yes", "no", "ask"];
+export declare const REVERSA_BACKEND_CONTRACT_MODES: readonly ["none", "inventory", "plan"];
+export type ReversaCommand = (typeof REVERSA_COMMANDS)[number];
+export type ReversaMode = (typeof REVERSA_MODES)[number];
+export type ReversaUrlMode = (typeof REVERSA_URL_MODES)[number];
+export type ReversaAuthorizationScope = (typeof REVERSA_AUTHORIZATION_SCOPES)[number];
+export type ReversaVolumePreset = (typeof REVERSA_VOLUME_PRESETS)[number];
+export type ReversaTargetStack = (typeof REVERSA_TARGET_STACKS)[number];
+export type ReversaPreservationChoice = (typeof REVERSA_PRESERVATION_CHOICES)[number];
+export type ReversaBackendContractMode = (typeof REVERSA_BACKEND_CONTRACT_MODES)[number];
+export type ReversaPolicyStatus = 'allowed' | 'blocked';
+export interface BuildReversaCommandPlanInput {
+    command: string;
+    mode?: string;
+    executionMode?: string;
+    target?: string;
+    featureRef?: string;
+    sourcePath?: string;
+    approvals?: string[];
+    urlMode?: string;
+    acceptLegalTerms?: boolean;
+    authorizationScope?: string;
+    authorizationNote?: string;
+    volumePreset?: string;
+    volumeBudgetPath?: string;
+    volumeBudgetApproved?: boolean;
+    targetStack?: string;
+    preserveBrand?: string;
+    preserveLogo?: string;
+    preserveContent?: string;
+    preserveAssets?: string;
+    preserveUniqueTraits?: string;
+    backendContracts?: string;
+    backendRedactionPolicy?: string;
+    brandTransform?: string;
+    intakePath?: string;
+    intakeSchemaValidated?: boolean;
+    acknowledgeFrontendOnly?: boolean;
+}
+export interface ReversaCommandPlan {
+    schema_version: 'reversa-command-plan/v1';
+    command: ReversaCommand;
+    mode: ReversaMode;
+    status: ReversaPolicyStatus;
+    feature_ref: string | null;
+    source_path: string | null;
+    evidence_path: string;
+    allowed_operations: string[];
+    blocked_operations: string[];
+    required_contracts: string[];
+    warnings: string[];
+    url_policy: ReversaUrlPolicyPlan | null;
+    policy: {
+        read_only_default: boolean;
+        hostile_input_boundary: boolean;
+        no_direct_sdd_state_writes: boolean;
+        approval_required_for_apply: boolean;
+    };
+}
+export interface ReversaUrlPolicyPlan {
+    target_url: string | null;
+    url_mode: ReversaUrlMode;
+    legal_terms_accepted: boolean;
+    authorization_scope: ReversaAuthorizationScope | null;
+    authorization_note_present: boolean;
+    guided_intake_required: boolean;
+    intake_path: string | null;
+    target_stack: ReversaTargetStack | null;
+    preserve_brand: ReversaPreservationChoice | null;
+    preserve_logo: ReversaPreservationChoice | null;
+    preserve_content: ReversaPreservationChoice | null;
+    preserve_assets: ReversaPreservationChoice | null;
+    preserve_unique_traits_present: boolean;
+    brand_transform_present: boolean;
+    backend_contracts: ReversaBackendContractMode;
+    backend_redaction_policy_present: boolean;
+    frontend_only_boundary: true;
+    frontend_only_acknowledged: boolean;
+    backend_implementation_copied: false;
+    volume_preset: ReversaVolumePreset;
+    volume_budget_path: string | null;
+    volume_budget_approved: boolean;
+    volume_limits: ReversaVolumeLimits;
+    required_questions: string[];
+    blocked_reasons: string[];
+    required_evidence: string[];
+    conditional_evidence: string[];
+    optional_evidence: string[];
+    qa_thresholds: {
+        viewports: string[];
+        authorized_replica: {
+            aggregate_visual_similarity_percent: number;
+            critical_component_similarity_percent: number;
+            average_layout_drift_px: number;
+        };
+        authorized_derivative: {
+            structural_correspondence_percent: number;
+            protected_identity_distance_percent: number;
+        };
+        clean_room_style: {
+            aggregate_visual_similarity_ceiling_percent: number;
+            protected_identity_reuse_allowed: number;
+        };
+        replay_diff_budget_percent: number;
+    };
+    data_lifecycle: {
+        default_retention_days: number;
+        purge_by_run_id_required: boolean;
+        terms_and_intake_hash_required: boolean;
+        redact_secrets_and_pii: boolean;
+    };
+}
+export interface ReversaVolumeLimits {
+    max_pages: number;
+    max_crawl_depth: number;
+    max_same_domain_links_queued: number;
+    max_dom_nodes_per_page: number;
+    max_css_rules: number;
+    max_assets_fetched: number;
+    max_total_download_mb: number;
+    max_single_asset_mb: number;
+    max_screenshots: number;
+    max_viewports: number;
+    max_generated_files: number;
+    max_analysis_tokens: number;
+    request_rate_per_second: number;
+    timeout_seconds: number;
+}
+export declare function buildReversaCommandPlan(input: BuildReversaCommandPlanInput): ReversaCommandPlan;
+//# sourceMappingURL=reversa-command-policy.d.ts.map

package/dist/core/sdd/reversa-command-policy.js

@@ -0,0 +1,361 @@
+export const REVERSA_COMMANDS = [
+    'intake',
+    'scan',
+    'extract',
+    'ask',
+    'plan',
+    'generate',
+    'validate',
+    'reconstruct',
+    'report',
+    'url',
+];
+export const REVERSA_MODES = ['read-only', 'plan', 'validate', 'apply-sandbox', 'apply-approved'];
+export const REVERSA_URL_MODES = ['authorized-replica', 'authorized-derivative', 'clean-room-style'];
+export const REVERSA_AUTHORIZATION_SCOPES = ['owner', 'client-authorized', 'licensed', 'clean-room'];
+export const REVERSA_VOLUME_PRESETS = ['small', 'standard', 'large'];
+export const REVERSA_TARGET_STACKS = ['react', 'nextjs', 'angular', 'vue', 'svelte', 'html'];
+export const REVERSA_PRESERVATION_CHOICES = ['yes', 'no', 'ask'];
+export const REVERSA_BACKEND_CONTRACT_MODES = ['none', 'inventory', 'plan'];
+const REVERSA_VOLUME_LIMITS = {
+    small: {
+        max_pages: 1,
+        max_crawl_depth: 0,
+        max_same_domain_links_queued: 5,
+        max_dom_nodes_per_page: 8000,
+        max_css_rules: 2000,
+        max_assets_fetched: 30,
+        max_total_download_mb: 25,
+        max_single_asset_mb: 5,
+        max_screenshots: 3,
+        max_viewports: 1,
+        max_generated_files: 40,
+        max_analysis_tokens: 80000,
+        request_rate_per_second: 1,
+        timeout_seconds: 45,
+    },
+    standard: {
+        max_pages: 5,
+        max_crawl_depth: 1,
+        max_same_domain_links_queued: 25,
+        max_dom_nodes_per_page: 20000,
+        max_css_rules: 8000,
+        max_assets_fetched: 120,
+        max_total_download_mb: 100,
+        max_single_asset_mb: 15,
+        max_screenshots: 9,
+        max_viewports: 3,
+        max_generated_files: 160,
+        max_analysis_tokens: 250000,
+        request_rate_per_second: 1,
+        timeout_seconds: 120,
+    },
+    large: {
+        max_pages: 20,
+        max_crawl_depth: 2,
+        max_same_domain_links_queued: 100,
+        max_dom_nodes_per_page: 60000,
+        max_css_rules: 25000,
+        max_assets_fetched: 400,
+        max_total_download_mb: 500,
+        max_single_asset_mb: 50,
+        max_screenshots: 30,
+        max_viewports: 5,
+        max_generated_files: 600,
+        max_analysis_tokens: 900000,
+        request_rate_per_second: 2,
+        timeout_seconds: 300,
+    },
+};
+const REQUIRED_URL_EVIDENCE = [
+    'terms-acceptance.yaml',
+    'authorization-attestation.yaml',
+    'guided-intake.yaml',
+    'brand-uniqueness-decision.yaml',
+    'target-technology-decision.yaml',
+    'frontend-backend-boundary-report.yaml',
+    'volumetry-report.yaml',
+    'external-tool-research.md',
+    'capture-manifest.yaml',
+    'dom-snapshot-summary.yaml',
+    'computed-style-inventory.yaml',
+    'asset-policy-report.yaml',
+    'design-tokens.dtcg.json',
+    'style-dictionary.config.json',
+    'section-map.yaml',
+    'component-map.yaml',
+    'brand-policy-report.yaml',
+    'responsive-diff-report.yaml',
+    'visual-fidelity-score.yaml',
+    'similarity-distance-report.yaml',
+    'human-approval.yaml',
+    'generated-artifact-map.yaml',
+];
+const CONDITIONAL_URL_EVIDENCE = ['interaction-state-report.yaml', 'backend-contract-inventory.yaml'];
+const OPTIONAL_URL_EVIDENCE = [];
+function parseReversaCommand(command) {
+    if (REVERSA_COMMANDS.includes(command)) {
+        return command;
+    }
+    throw new Error(`Invalid Reversa command. Use one of: ${REVERSA_COMMANDS.join(', ')}.`);
+}
+function parseReversaMode(mode) {
+    const candidate = mode ?? 'read-only';
+    if (REVERSA_MODES.includes(candidate)) {
+        return candidate;
+    }
+    throw new Error(`Invalid Reversa mode. Use one of: ${REVERSA_MODES.join(', ')}.`);
+}
+function isUrlMode(value) {
+    return Boolean(value && REVERSA_URL_MODES.includes(value));
+}
+function parseUrlMode(mode) {
+    const candidate = mode ?? 'clean-room-style';
+    if (REVERSA_URL_MODES.includes(candidate)) {
+        return candidate;
+    }
+    throw new Error(`Invalid Reversa URL mode. Use one of: ${REVERSA_URL_MODES.join(', ')}.`);
+}
+function parseOptionalEnum(value, values, label) {
+    if (!value)
+        return null;
+    if (values.includes(value)) {
+        return value;
+    }
+    throw new Error(`Invalid ${label}. Use one of: ${values.join(', ')}.`);
+}
+function parseEnumWithDefault(value, values, label, fallback) {
+    return parseOptionalEnum(value, values, label) ?? fallback;
+}
+function normalizedApprovals(approvals) {
+    return new Set((approvals ?? []).map((approval) => approval.trim().toLowerCase()).filter(Boolean));
+}
+function evidenceRef(featureRef, command) {
+    return `.sdd/evidence/reversa/${featureRef || 'UNSCOPED'}/${command}-command-plan.yaml`;
+}
+function parseHttpUrl(target) {
+    if (!target)
+        return null;
+    try {
+        const parsed = new URL(target);
+        if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+            throw new Error('unsupported protocol');
+        }
+        return parsed.toString();
+    }
+    catch {
+        throw new Error('Invalid Reversa URL target. Use an absolute http or https URL.');
+    }
+}
+function buildReversaUrlPolicyPlan(input) {
+    const urlMode = parseUrlMode(input.urlMode ?? (isUrlMode(input.mode) ? input.mode : undefined));
+    const authorizationScope = parseOptionalEnum(input.authorizationScope, REVERSA_AUTHORIZATION_SCOPES, 'authorization scope');
+    const volumePreset = parseEnumWithDefault(input.volumePreset, REVERSA_VOLUME_PRESETS, 'volume preset', 'small');
+    const targetStack = parseOptionalEnum(input.targetStack, REVERSA_TARGET_STACKS, 'target stack');
+    const preserveBrand = parseOptionalEnum(input.preserveBrand, REVERSA_PRESERVATION_CHOICES, 'preserve brand decision');
+    const preserveLogo = parseOptionalEnum(input.preserveLogo, REVERSA_PRESERVATION_CHOICES, 'preserve logo decision');
+    const preserveContent = parseOptionalEnum(input.preserveContent, REVERSA_PRESERVATION_CHOICES, 'preserve content decision');
+    const preserveAssets = parseOptionalEnum(input.preserveAssets, REVERSA_PRESERVATION_CHOICES, 'preserve assets decision');
+    const backendContracts = parseEnumWithDefault(input.backendContracts, REVERSA_BACKEND_CONTRACT_MODES, 'backend contracts mode', 'none');
+    const requiredQuestions = [];
+    const blockedReasons = [];
+    const targetUrl = parseHttpUrl(input.target);
+    const notePresent = Boolean(input.authorizationNote?.trim());
+    const uniqueTraitsPresent = Boolean(input.preserveUniqueTraits?.trim());
+    if (!targetUrl) {
+        blockedReasons.push('URL target is required for Reversa URL planning.');
+    }
+    if (!input.acceptLegalTerms) {
+        blockedReasons.push('URL flow requires --accept-legal-terms before any collection.');
+    }
+    if (!authorizationScope) {
+        blockedReasons.push('URL flow requires --authorization-scope.');
+    }
+    if (!notePresent) {
+        blockedReasons.push('URL flow requires a non-empty --authorization-note for auditability.');
+    }
+    if (!input.acknowledgeFrontendOnly) {
+        blockedReasons.push('URL flow requires --ack-frontend-only to acknowledge that backend implementation is not copied.');
+    }
+    if (input.volumeBudgetPath && !input.volumeBudgetApproved) {
+        blockedReasons.push('Custom volume budget requires --approve-volume-budget after schema/human approval.');
+    }
+    if (input.intakePath && !input.intakeSchemaValidated) {
+        blockedReasons.push('Non-interactive --intake requires --intake-schema-validated.');
+    }
+    if (!input.intakePath) {
+        if (!targetStack) {
+            requiredQuestions.push('Which target stack should be generated: react, nextjs, angular, vue, svelte, or html?');
+            blockedReasons.push('Guided intake requires --target-stack or --intake.');
+        }
+        if (!preserveBrand || preserveBrand === 'ask') {
+            requiredQuestions.push('Should the new output preserve the same brand name?');
+            blockedReasons.push('Guided intake requires an explicit --preserve-brand yes|no decision or --intake.');
+        }
+        if (!preserveLogo || preserveLogo === 'ask') {
+            requiredQuestions.push('Should the same logo be reused, replaced, or omitted?');
+            blockedReasons.push('Guided intake requires an explicit --preserve-logo yes|no decision or --intake.');
+        }
+        if (!preserveContent || preserveContent === 'ask') {
+            requiredQuestions.push('Should headings, copy, labels, and text content be reused, rewritten, or replaced?');
+            blockedReasons.push('Guided intake requires an explicit --preserve-content yes|no decision or --intake.');
+        }
+        if (!preserveAssets || preserveAssets === 'ask') {
+            requiredQuestions.push('Should images, media, icons, fonts, and third-party assets be reused, replaced, or omitted?');
+            blockedReasons.push('Guided intake requires an explicit --preserve-assets yes|no decision or --intake.');
+        }
+        if (!uniqueTraitsPresent) {
+            requiredQuestions.push('Which unique product traits must be preserved or intentionally changed?');
+            blockedReasons.push('Guided intake requires --preserve-unique-traits or --intake.');
+        }
+    }
+    if (urlMode === 'clean-room-style' && preserveLogo === 'yes') {
+        blockedReasons.push('clean-room-style cannot preserve the source logo.');
+    }
+    if (urlMode === 'clean-room-style' && preserveBrand === 'yes') {
+        blockedReasons.push('clean-room-style cannot preserve the source brand name.');
+    }
+    if (urlMode === 'clean-room-style' && preserveContent === 'yes') {
+        blockedReasons.push('clean-room-style cannot preserve source copy/content.');
+    }
+    if (urlMode === 'clean-room-style' && preserveAssets === 'yes') {
+        blockedReasons.push('clean-room-style cannot preserve source protected assets.');
+    }
+    if (urlMode === 'authorized-replica' && authorizationScope === 'clean-room') {
+        blockedReasons.push('authorized-replica requires owner, client-authorized, or licensed scope.');
+    }
+    if (backendContracts !== 'none') {
+        requiredQuestions.push('Backend implementation will not be copied; only redacted observed request contracts may be inventoried.');
+        if (!input.backendRedactionPolicy?.trim()) {
+            blockedReasons.push('Backend contract inventory requires --backend-redaction-policy.');
+        }
+    }
+    return {
+        target_url: targetUrl,
+        url_mode: urlMode,
+        legal_terms_accepted: Boolean(input.acceptLegalTerms),
+        authorization_scope: authorizationScope,
+        authorization_note_present: notePresent,
+        guided_intake_required: true,
+        intake_path: input.intakePath ?? null,
+        target_stack: targetStack,
+        preserve_brand: preserveBrand,
+        preserve_logo: preserveLogo,
+        preserve_content: preserveContent,
+        preserve_assets: preserveAssets,
+        preserve_unique_traits_present: uniqueTraitsPresent,
+        brand_transform_present: Boolean(input.brandTransform?.trim()),
+        backend_contracts: backendContracts,
+        backend_redaction_policy_present: Boolean(input.backendRedactionPolicy?.trim()),
+        frontend_only_boundary: true,
+        frontend_only_acknowledged: Boolean(input.acknowledgeFrontendOnly),
+        backend_implementation_copied: false,
+        volume_preset: volumePreset,
+        volume_budget_path: input.volumeBudgetPath ?? null,
+        volume_budget_approved: Boolean(input.volumeBudgetApproved),
+        volume_limits: REVERSA_VOLUME_LIMITS[volumePreset],
+        required_questions: requiredQuestions,
+        blocked_reasons: [...new Set(blockedReasons)],
+        required_evidence: [...REQUIRED_URL_EVIDENCE],
+        conditional_evidence: backendContracts === 'none'
+            ? CONDITIONAL_URL_EVIDENCE.filter((artifact) => artifact !== 'backend-contract-inventory.yaml')
+            : [...CONDITIONAL_URL_EVIDENCE],
+        optional_evidence: [...OPTIONAL_URL_EVIDENCE],
+        qa_thresholds: {
+            viewports: ['390x844', '768x1024', '1440x900'],
+            authorized_replica: {
+                aggregate_visual_similarity_percent: 95,
+                critical_component_similarity_percent: 97,
+                average_layout_drift_px: 8,
+            },
+            authorized_derivative: {
+                structural_correspondence_percent: 80,
+                protected_identity_distance_percent: 25,
+            },
+            clean_room_style: {
+                aggregate_visual_similarity_ceiling_percent: 70,
+                protected_identity_reuse_allowed: 0,
+            },
+            replay_diff_budget_percent: 2,
+        },
+        data_lifecycle: {
+            default_retention_days: 30,
+            purge_by_run_id_required: true,
+            terms_and_intake_hash_required: true,
+            redact_secrets_and_pii: true,
+        },
+    };
+}
+export function buildReversaCommandPlan(input) {
+    const command = parseReversaCommand(input.command);
+    const mode = parseReversaMode(input.executionMode ?? (command === 'url' && isUrlMode(input.mode) ? undefined : input.mode));
+    const approvals = normalizedApprovals(input.approvals);
+    const allowedOperations = ['inspect capability contract', 'emit governed command plan'];
+    const blockedOperations = ['write .sdd/state directly', 'persist generated artifacts without downstream evidence schema'];
+    const requiredContracts = ['FEAT-0406 capability baseline'];
+    const warnings = [];
+    let urlPolicy = null;
+    let status = 'allowed';
+    if (!input.featureRef) {
+        warnings.push('No FEAT reference supplied; evidence is scoped to UNSCOPED until lifecycle context is provided.');
+    }
+    if (command === 'url') {
+        urlPolicy = buildReversaUrlPolicyPlan(input);
+        requiredContracts.push('EPIC-0092 Reversa URL legal and guided-intake contract', 'FEAT-0424 legal acceptance gate', 'FEAT-0425 guided intake contract', 'FEAT-0426 volumetry budget contract', 'FEAT-0430 frontend/backend boundary contract', 'FEAT-0431 visual QA threshold contract');
+        allowedOperations.push('emit Reversa URL governed preflight plan');
+        blockedOperations.push('capture URL before legal terms, authorization, guided intake, volume budget, and frontend/backend boundary are accepted', 'copy backend implementation, credentials, databases, private APIs, or server-side business rules');
+        warnings.push('Reversa URL output is frontend/rendered-experience only; backend implementation is not copied.');
+        warnings.push('Observed backend requests can only become redacted contracts for a separate backend plan.');
+        if (urlPolicy.blocked_reasons.length > 0) {
+            status = 'blocked';
+            warnings.push(...urlPolicy.blocked_reasons);
+        }
+        if (urlPolicy.backend_contracts !== 'none') {
+            requiredContracts.push('redacted backend-contract inventory policy');
+        }
+    }
+    if (mode === 'validate') {
+        allowedOperations.push('validate evidence bundle shape once FEAT-0408 is available');
+        requiredContracts.push('FEAT-0408 evidence bundle schemas');
+    }
+    if (mode === 'apply-sandbox') {
+        allowedOperations.push('plan sandbox-only writes once FEAT-0415 and FEAT-0416 are available');
+        blockedOperations.push('write outside temporary or explicitly approved sandbox roots');
+        requiredContracts.push('FEAT-0415 artifact generation dry-run contract', 'FEAT-0416 reconstruction contract');
+    }
+    if (mode === 'apply-approved') {
+        requiredContracts.push('human approval record', 'FEAT-0416 rollback contract', 'FEAT-0417 equivalence gate');
+        if (!approvals.has('reversa-apply') && !approvals.has('all')) {
+            status = 'blocked';
+            blockedOperations.push('apply approved reconstruction without explicit reversa-apply approval');
+            warnings.push('apply-approved mode requires --approval reversa-apply or --approval all.');
+        }
+        else {
+            allowedOperations.push('plan approved apply after downstream rollback and equivalence evidence exists');
+        }
+    }
+    if (mode === 'read-only' || mode === 'plan') {
+        blockedOperations.push('mutate project files');
+    }
+    return {
+        schema_version: 'reversa-command-plan/v1',
+        command,
+        mode,
+        status,
+        feature_ref: input.featureRef ?? null,
+        source_path: input.sourcePath ?? null,
+        evidence_path: evidenceRef(input.featureRef, command),
+        allowed_operations: allowedOperations,
+        blocked_operations: blockedOperations,
+        required_contracts: requiredContracts,
+        warnings,
+        url_policy: urlPolicy,
+        policy: {
+            read_only_default: true,
+            hostile_input_boundary: true,
+            no_direct_sdd_state_writes: true,
+            approval_required_for_apply: true,
+        },
+    };
+}
+//# sourceMappingURL=reversa-command-policy.js.map

package/dist/core/sdd/reversa-data-extractor.d.ts

@@ -0,0 +1,11 @@
+import type { ReversaEvidenceBundle } from './reversa-evidence.js';
+export declare function buildReversaDataLineage(input: {
+    featureRef: string;
+    operationId: string;
+    generatedAt: string;
+    sources: Array<{
+        path: string;
+        content: string;
+    }>;
+}): ReversaEvidenceBundle;
+//# sourceMappingURL=reversa-data-extractor.d.ts.map