@diffdelta/client 0.1.0 → 0.1.1

package/README.md

@@ -0,0 +1,152 @@
+# @diffdelta/client
+
+TypeScript/JavaScript client for [DiffDelta](https://diffdelta.io) — agent-ready intelligence feeds for security advisories, changelogs, status pages, and more.
+
+**One import. 46 sources. Structured signals. Zero scraping.**
+
+## Install
+
+```bash
+npm install @diffdelta/client
+```
+
+## Quick Start
+
+```ts
+import { DiffDelta } from "@diffdelta/client";
+
+const dd = new DiffDelta();
+
+// Poll for changes — checks head.json first (~200 bytes),
+// only fetches the full feed if something changed.
+const items = await dd.poll();
+
+for (const item of items) {
+  console.log(`${item.source}: ${item.headline}`);
+
+  // Structured signals — no parsing needed
+  if (item.signals.severity) {
+    console.log(`  Severity: ${item.signals.severity.level} (CVSS ${item.signals.severity.cvss})`);
+  }
+
+  // Action codes — the bot knows what to do
+  if (item.suggestedAction === "PATCH_IMMEDIATELY") {
+    triggerEmergencyPatch(item);
+  }
+}
+```
+
+## Stack Discovery
+
+Tell DiffDelta what you use, get back exactly which sources to watch:
+
+```ts
+const sources = await dd.discoverSources(["openai", "langchain", "pinecone"]);
+// → ["openai_sdk_releases", "openai_api_changelog", "langchain_releases", "pinecone_status"]
+```
+
+## Health Check
+
+Check if the DiffDelta pipeline is alive before trusting the data:
+
+```ts
+const health = await dd.checkHealth();
+if (!health.ok) {
+  console.warn(`Pipeline degraded: ${health.sourcesOk}/${health.sourcesChecked} sources healthy`);
+}
+```
+
+## Verified Silence
+
+When nothing changed, DiffDelta proves it checked:
+
+```ts
+const head = await dd.head();
+if (!head.changed && head.allClear) {
+  console.log(`All clear: ${head.sourcesChecked} sources verified, confidence ${head.allClearConfidence}`);
+  // A non-DiffDelta bot can never make this claim.
+}
+```
+
+## Continuous Monitoring
+
+```ts
+const ac = new AbortController();
+
+dd.watch(
+  (item) => {
+    if (item.suggestedAction === "PATCH_IMMEDIATELY") {
+      alertOncall(item);
+    }
+  },
+  { tags: ["security"], signal: ac.signal }
+);
+
+// Stop after 1 hour
+setTimeout(() => ac.abort(), 3_600_000);
+```
+
+## Per-Source Polling
+
+More efficient if you only care about one source:
+
+```ts
+const items = await dd.pollSource("cisa_kev");
+```
+
+## Cursor Persistence
+
+Cursors are saved to `~/.diffdelta/cursors.json` by default so your bot survives restarts. Disable with:
+
+```ts
+const dd = new DiffDelta({ cursorPath: "memory" }); // in-memory only
+```
+
+## Signal Types
+
+Every item can carry structured signals — pre-extracted, no parsing needed:
+
+| Signal | Fields | Example |
+|--------|--------|---------|
+| `severity` | level, cvss, cwes, packages, exploited | `{ level: "critical", cvss: 9.8 }` |
+| `release` | version, prerelease, security_patch | `{ version: "4.2.1", security_patch: true }` |
+| `incident` | status, impact | `{ status: "investigating", impact: "major" }` |
+| `deprecation` | type, affects, confidence | `{ type: "breaking_change", affects: ["gpt-4-turbo"] }` |
+| `suggested_action` | action code | `"PATCH_IMMEDIATELY"` |
+
+## Action Codes
+
+| Code | Meaning |
+|------|---------|
+| `PATCH_IMMEDIATELY` | Active exploitation or critical severity. Patch now. |
+| `PATCH_SOON` | High severity. Schedule a patch. |
+| `VERSION_PIN` | Breaking change coming. Pin your current version. |
+| `REVIEW_CHANGELOG` | New release with notable changes. |
+| `MONITOR_STATUS` | Incident in progress. Watch for updates. |
+| `ACKNOWLEDGE` | Low-risk change. Log it. |
+| `NO_ACTION` | Informational only. |
+
+## Options
+
+```ts
+const dd = new DiffDelta({
+  baseUrl: "https://diffdelta.io", // default
+  apiKey: "dd_live_...",           // Pro tier (optional)
+  cursorPath: null,                // null = in-memory, string = file path
+  timeout: 15_000,                 // HTTP timeout in ms
+});
+```
+
+## Protocol
+
+DiffDelta uses a three-layer polling protocol (ddv1):
+
+1. **head.json** (~200 bytes) — cursor + counts. Poll this first.
+2. **digest.json** (~500 bytes) — narrative + alert count. Fetch if cursor changed.
+3. **latest.json** (~5-40KB) — full items with signals. Fetch if alerts > 0.
+
+The SDK handles this automatically. You never fetch more than you need.
+
+## License
+
+MIT

package/dist/index.d.mts

@@ -1,6 +1,55 @@
+/** Severity signal extracted from security advisories. */
+interface SeveritySignal {
+    level: "critical" | "high" | "medium" | "low" | string;
+    source: string;
+    cvss?: number;
+    cwes?: string[];
+    packages?: string[];
+    exploited?: boolean;
+    provenance?: SignalProvenance;
+}
+/** Release signal extracted from changelogs/GitHub releases. */
+interface ReleaseSignal {
+    version: string;
+    prerelease?: boolean;
+    security_patch?: boolean;
+    provenance?: SignalProvenance;
+}
+/** Incident signal extracted from status pages. */
+interface IncidentSignal {
+    status: "investigating" | "identified" | "monitoring" | "resolved" | string;
+    impact?: "minor" | "major" | "critical" | string;
+    provenance?: SignalProvenance;
+}
+/** Deprecation signal extracted from changelogs/advisories. */
+interface DeprecationSignal {
+    type: "breaking_change" | "end_of_life" | "removal" | "deprecated" | string;
+    affects?: string[];
+    confidence: "high" | "medium" | "low" | string;
+    source: string;
+    provenance?: SignalProvenance;
+}
+/** Provenance chain for a signal — traces it to an authoritative source. */
+interface SignalProvenance {
+    method: string;
+    authority: string;
+    authority_url: string;
+    evidence_url: string;
+}
+/** Action codes telling a bot exactly what to do. */
+type SuggestedAction = "PATCH_IMMEDIATELY" | "PATCH_SOON" | "VERSION_PIN" | "REVIEW_CHANGELOG" | "MONITOR_STATUS" | "ACKNOWLEDGE" | "NO_ACTION";
+/** All structured signals on an item. */
+interface Signals {
+    severity?: SeveritySignal;
+    release?: ReleaseSignal;
+    incident?: IncidentSignal;
+    deprecation?: DeprecationSignal;
+    suggested_action?: SuggestedAction;
+    [key: string]: unknown;
+}
 /** A single item from a DiffDelta feed. */
 interface FeedItem {
-    /** Source identifier (e.g. "cisa_kev", "nist_nvd"). */
+    /** Source identifier (e.g. "cisa_kev", "github_advisories"). */
     source: string;
     /** Unique item ID within the source. */
     id: string;
@@ -14,11 +63,15 @@ interface FeedItem {
     publishedAt: string | null;
     /** When the item was last updated. */
     updatedAt: string | null;
-    /** Which change bucket: "new", "updated", or "removed". */
-    bucket: "new" | "updated" | "removed";
-    /** Risk score 0–10, or null if not scored. */
+    /** Which change bucket: "new", "updated", "removed", or "flagged". */
+    bucket: "new" | "updated" | "removed" | "flagged";
+    /** Structured signals: severity, release, incident, deprecation, suggested_action. */
+    signals: Signals;
+    /** Shortcut: the suggested_action code, if any. */
+    suggestedAction: SuggestedAction | null;
+    /** Risk score 0.0–1.0, or null if not scored. */
     riskScore: number | null;
-    /** Raw provenance data (fetched_at, evidence_urls, content_hash). */
+    /** Item-level provenance (fetched_at, evidence_urls, content_hash). */
     provenance: Record<string, unknown>;
     /** The full raw item object from the feed. */
     raw: Record<string, unknown>;
@@ -27,14 +80,40 @@ interface FeedItem {
 interface Head {
     /** Opaque cursor string for change detection. */
     cursor: string;
-    /** Content hash of the latest feed. */
-    hash: string;
     /** Whether content has changed since last generation. */
     changed: boolean;
     /** When this head was generated. */
     generatedAt: string;
     /** Recommended polling interval in seconds. */
     ttlSec: number;
+    /** URL to the full latest.json feed. */
+    latestUrl: string;
+    /** URL to the digest (global head only). */
+    digestUrl: string | null;
+    /** Item counts: new, updated, removed, flagged. */
+    counts: {
+        new: number;
+        updated: number;
+        removed: number;
+        flagged: number;
+    };
+    /** Number of sources checked this cycle (Verified Silence). */
+    sourcesChecked: number;
+    /** Number of sources healthy this cycle. */
+    sourcesOk: number;
+    /** True if nothing changed AND all sources are healthy. */
+    allClear: boolean;
+    /** 0.0–1.0 confidence that allClear is trustworthy. */
+    allClearConfidence: number | null;
+    /** Pipeline freshness: oldest data age, stale count. */
+    freshness: {
+        oldest_data_age_sec: number;
+        mean_data_age_sec: number;
+        stale_count: number;
+        all_fresh: boolean;
+    } | null;
+    /** The full raw head.json object. */
+    raw: Record<string, unknown>;
 }
 /** A full DiffDelta feed response. */
 interface Feed {
@@ -54,6 +133,8 @@ interface Feed {
     updated: FeedItem[];
     /** Items in the "removed" bucket. */
     removed: FeedItem[];
+    /** Items in the "flagged" bucket. */
+    flagged: FeedItem[];
     /** Human-readable summary of what changed. */
     narrative: string;
     /** The full raw feed object. */
@@ -80,6 +161,25 @@ interface SourceInfo {
     /** Path to the source's latest.json. */
     latestUrl: string;
 }
+/** Health check response from /healthz.json. */
+interface HealthCheck {
+    ok: boolean;
+    service: string;
+    time: string;
+    sourcesChecked: number;
+    sourcesOk: number;
+    engineVersion: string;
+}
+/** Parse a raw feed item into a typed FeedItem. */
+declare function parseFeedItem(data: Record<string, unknown>, bucket?: "new" | "updated" | "removed" | "flagged"): FeedItem;
+/** Parse a raw head.json response into a typed Head. */
+declare function parseHead(data: Record<string, unknown>): Head;
+/** Parse a raw latest.json response into a typed Feed. */
+declare function parseFeed(data: Record<string, unknown>): Feed;
+/** Parse a raw source object into a typed SourceInfo. */
+declare function parseSourceInfo(data: Record<string, unknown>): SourceInfo;
+/** Parse a raw healthz.json response into a typed HealthCheck. */
+declare function parseHealthCheck(data: Record<string, unknown>): HealthCheck;
 
 /**
  * DiffDelta TypeScript client — agent-ready intelligence feeds.
@@ -90,6 +190,10 @@ interface SourceInfo {
  *
  * const dd = new DiffDelta();
  *
+ * // Quick health check — is the pipeline alive?
+ * const health = await dd.checkHealth();
+ * console.log(`Pipeline: ${health.ok ? "healthy" : "degraded"}, last run: ${health.time}`);
+ *
  * // Poll for new items across all sources
  * const items = await dd.poll();
  * items.forEach(i => console.log(`${i.source}: ${i.headline}`));
@@ -97,6 +201,10 @@ interface SourceInfo {
  * // Poll only security sources
  * const sec = await dd.poll({ tags: ["security"] });
  *
+ * // Check what's relevant to your stack
+ * const sources = await dd.discoverSources(["openai", "langchain", "pinecone"]);
+ * console.log("Watch these:", sources);
+ *
  * // Continuous monitoring
  * dd.watch(item => console.log("🚨", item.headline), { tags: ["security"] });
  * ```
@@ -119,17 +227,17 @@ interface DiffDeltaOptions {
 interface PollOptions {
     /** Filter items to these tags (e.g. ["security"]). */
     tags?: string[];
-    /** Filter items to these source IDs (e.g. ["cisa_kev", "nist_nvd"]). */
+    /** Filter items to these source IDs (e.g. ["cisa_kev", "github_advisories"]). */
     sources?: string[];
     /**
      * Which buckets to return.
-     * Defaults to ["new", "updated"].
-     * Use ["new", "updated", "removed"] to include removals.
+     * Defaults to ["new", "updated", "flagged"].
+     * Use ["new", "updated", "removed", "flagged"] to include removals.
      */
-    buckets?: Array<"new" | "updated" | "removed">;
+    buckets?: Array<"new" | "updated" | "removed" | "flagged">;
 }
 interface WatchOptions extends PollOptions {
-    /** Seconds between polls. Defaults to feed TTL (usually 900s). */
+    /** Seconds between polls. Defaults to feed TTL (usually 60s). */
     interval?: number;
     /** If provided, an AbortSignal to stop watching. */
     signal?: AbortSignal;
@@ -144,7 +252,7 @@ declare class DiffDelta {
     /**
      * Poll the global feed for new items since last poll.
      *
-     * Checks head.json first (~400 bytes). Only fetches the full feed
+     * Checks head.json first (~200 bytes). Only fetches the full feed
      * if the cursor has changed. Automatically saves the new cursor.
      */
     poll(options?: PollOptions): Promise<FeedItem[]>;
@@ -156,7 +264,7 @@ declare class DiffDelta {
      */
     pollSource(sourceId: string, options?: Omit<PollOptions, "sources">): Promise<FeedItem[]>;
     /**
-     * Fetch a head.json pointer.
+     * Fetch a head.json pointer. Cheapest call (~200 bytes).
      * @param url Full URL to head.json. Defaults to global head.
      */
     head(url?: string): Promise<Head>;
@@ -167,6 +275,23 @@ declare class DiffDelta {
     fetchFeed(url?: string): Promise<Feed>;
     /** List all available DiffDelta sources. */
     sources(): Promise<SourceInfo[]>;
+    /**
+     * Check pipeline health. Returns when the engine last ran and whether
+     * all sources are healthy. A stale timestamp means the pipeline is down.
+     */
+    checkHealth(): Promise<HealthCheck>;
+    /**
+     * Given a list of dependency names your bot uses, returns the source IDs
+     * you should monitor. Uses the static stacks.json mapping — no API call,
+     * pure local lookup after one fetch.
+     *
+     * @example
+     * ```ts
+     * const sources = await dd.discoverSources(["openai", "langchain", "pinecone"]);
+     * // → ["openai_sdk_releases", "openai_api_changelog", "langchain_releases", "pinecone_status"]
+     * ```
+     */
+    discoverSources(dependencies: string[]): Promise<string[]>;
     /**
      * Continuously poll and call a function for each new item.
      *
@@ -177,6 +302,9 @@ declare class DiffDelta {
      * ```ts
      * dd.watch(item => {
      *   console.log(`🚨 ${item.source}: ${item.headline}`);
+     *   if (item.suggestedAction === "PATCH_IMMEDIATELY") {
+     *     triggerAlert(item);
+     *   }
      * }, { tags: ["security"] });
      * ```
      *
@@ -227,4 +355,4 @@ declare class MemoryCursorStore {
     clear(key?: string): void;
 }
 
-export { CursorStore, DiffDelta, type DiffDeltaOptions, type Feed, type FeedItem, type Head, MemoryCursorStore, type PollOptions, type SourceInfo, type WatchOptions };
+export { CursorStore, type DeprecationSignal, DiffDelta, type DiffDeltaOptions, type Feed, type FeedItem, type Head, type HealthCheck, type IncidentSignal, MemoryCursorStore, type PollOptions, type ReleaseSignal, type SeveritySignal, type SignalProvenance, type Signals, type SourceInfo, type SuggestedAction, type WatchOptions, parseFeed, parseFeedItem, parseHead, parseHealthCheck, parseSourceInfo };

package/dist/index.d.ts

@@ -1,6 +1,55 @@
+/** Severity signal extracted from security advisories. */
+interface SeveritySignal {
+    level: "critical" | "high" | "medium" | "low" | string;
+    source: string;
+    cvss?: number;
+    cwes?: string[];
+    packages?: string[];
+    exploited?: boolean;
+    provenance?: SignalProvenance;
+}
+/** Release signal extracted from changelogs/GitHub releases. */
+interface ReleaseSignal {
+    version: string;
+    prerelease?: boolean;
+    security_patch?: boolean;
+    provenance?: SignalProvenance;
+}
+/** Incident signal extracted from status pages. */
+interface IncidentSignal {
+    status: "investigating" | "identified" | "monitoring" | "resolved" | string;
+    impact?: "minor" | "major" | "critical" | string;
+    provenance?: SignalProvenance;
+}
+/** Deprecation signal extracted from changelogs/advisories. */
+interface DeprecationSignal {
+    type: "breaking_change" | "end_of_life" | "removal" | "deprecated" | string;
+    affects?: string[];
+    confidence: "high" | "medium" | "low" | string;
+    source: string;
+    provenance?: SignalProvenance;
+}
+/** Provenance chain for a signal — traces it to an authoritative source. */
+interface SignalProvenance {
+    method: string;
+    authority: string;
+    authority_url: string;
+    evidence_url: string;
+}
+/** Action codes telling a bot exactly what to do. */
+type SuggestedAction = "PATCH_IMMEDIATELY" | "PATCH_SOON" | "VERSION_PIN" | "REVIEW_CHANGELOG" | "MONITOR_STATUS" | "ACKNOWLEDGE" | "NO_ACTION";
+/** All structured signals on an item. */
+interface Signals {
+    severity?: SeveritySignal;
+    release?: ReleaseSignal;
+    incident?: IncidentSignal;
+    deprecation?: DeprecationSignal;
+    suggested_action?: SuggestedAction;
+    [key: string]: unknown;
+}
 /** A single item from a DiffDelta feed. */
 interface FeedItem {
-    /** Source identifier (e.g. "cisa_kev", "nist_nvd"). */
+    /** Source identifier (e.g. "cisa_kev", "github_advisories"). */
     source: string;
     /** Unique item ID within the source. */
     id: string;
@@ -14,11 +63,15 @@ interface FeedItem {
     publishedAt: string | null;
     /** When the item was last updated. */
     updatedAt: string | null;
-    /** Which change bucket: "new", "updated", or "removed". */
-    bucket: "new" | "updated" | "removed";
-    /** Risk score 0–10, or null if not scored. */
+    /** Which change bucket: "new", "updated", "removed", or "flagged". */
+    bucket: "new" | "updated" | "removed" | "flagged";
+    /** Structured signals: severity, release, incident, deprecation, suggested_action. */
+    signals: Signals;
+    /** Shortcut: the suggested_action code, if any. */
+    suggestedAction: SuggestedAction | null;
+    /** Risk score 0.0–1.0, or null if not scored. */
     riskScore: number | null;
-    /** Raw provenance data (fetched_at, evidence_urls, content_hash). */
+    /** Item-level provenance (fetched_at, evidence_urls, content_hash). */
     provenance: Record<string, unknown>;
     /** The full raw item object from the feed. */
     raw: Record<string, unknown>;
@@ -27,14 +80,40 @@ interface FeedItem {
 interface Head {
     /** Opaque cursor string for change detection. */
     cursor: string;
-    /** Content hash of the latest feed. */
-    hash: string;
     /** Whether content has changed since last generation. */
     changed: boolean;
     /** When this head was generated. */
     generatedAt: string;
     /** Recommended polling interval in seconds. */
     ttlSec: number;
+    /** URL to the full latest.json feed. */
+    latestUrl: string;
+    /** URL to the digest (global head only). */
+    digestUrl: string | null;
+    /** Item counts: new, updated, removed, flagged. */
+    counts: {
+        new: number;
+        updated: number;
+        removed: number;
+        flagged: number;
+    };
+    /** Number of sources checked this cycle (Verified Silence). */
+    sourcesChecked: number;
+    /** Number of sources healthy this cycle. */
+    sourcesOk: number;
+    /** True if nothing changed AND all sources are healthy. */
+    allClear: boolean;
+    /** 0.0–1.0 confidence that allClear is trustworthy. */
+    allClearConfidence: number | null;
+    /** Pipeline freshness: oldest data age, stale count. */
+    freshness: {
+        oldest_data_age_sec: number;
+        mean_data_age_sec: number;
+        stale_count: number;
+        all_fresh: boolean;
+    } | null;
+    /** The full raw head.json object. */
+    raw: Record<string, unknown>;
 }
 /** A full DiffDelta feed response. */
 interface Feed {
@@ -54,6 +133,8 @@ interface Feed {
     updated: FeedItem[];
     /** Items in the "removed" bucket. */
     removed: FeedItem[];
+    /** Items in the "flagged" bucket. */
+    flagged: FeedItem[];
     /** Human-readable summary of what changed. */
     narrative: string;
     /** The full raw feed object. */
@@ -80,6 +161,25 @@ interface SourceInfo {
     /** Path to the source's latest.json. */
     latestUrl: string;
 }
+/** Health check response from /healthz.json. */
+interface HealthCheck {
+    ok: boolean;
+    service: string;
+    time: string;
+    sourcesChecked: number;
+    sourcesOk: number;
+    engineVersion: string;
+}
+/** Parse a raw feed item into a typed FeedItem. */
+declare function parseFeedItem(data: Record<string, unknown>, bucket?: "new" | "updated" | "removed" | "flagged"): FeedItem;
+/** Parse a raw head.json response into a typed Head. */
+declare function parseHead(data: Record<string, unknown>): Head;
+/** Parse a raw latest.json response into a typed Feed. */
+declare function parseFeed(data: Record<string, unknown>): Feed;
+/** Parse a raw source object into a typed SourceInfo. */
+declare function parseSourceInfo(data: Record<string, unknown>): SourceInfo;
+/** Parse a raw healthz.json response into a typed HealthCheck. */
+declare function parseHealthCheck(data: Record<string, unknown>): HealthCheck;
 
 /**
  * DiffDelta TypeScript client — agent-ready intelligence feeds.
@@ -90,6 +190,10 @@ interface SourceInfo {
  *
  * const dd = new DiffDelta();
  *
+ * // Quick health check — is the pipeline alive?
+ * const health = await dd.checkHealth();
+ * console.log(`Pipeline: ${health.ok ? "healthy" : "degraded"}, last run: ${health.time}`);
+ *
  * // Poll for new items across all sources
  * const items = await dd.poll();
  * items.forEach(i => console.log(`${i.source}: ${i.headline}`));
@@ -97,6 +201,10 @@ interface SourceInfo {
  * // Poll only security sources
  * const sec = await dd.poll({ tags: ["security"] });
  *
+ * // Check what's relevant to your stack
+ * const sources = await dd.discoverSources(["openai", "langchain", "pinecone"]);
+ * console.log("Watch these:", sources);
+ *
  * // Continuous monitoring
  * dd.watch(item => console.log("🚨", item.headline), { tags: ["security"] });
  * ```
@@ -119,17 +227,17 @@ interface DiffDeltaOptions {
 interface PollOptions {
     /** Filter items to these tags (e.g. ["security"]). */
     tags?: string[];
-    /** Filter items to these source IDs (e.g. ["cisa_kev", "nist_nvd"]). */
+    /** Filter items to these source IDs (e.g. ["cisa_kev", "github_advisories"]). */
     sources?: string[];
     /**
      * Which buckets to return.
-     * Defaults to ["new", "updated"].
-     * Use ["new", "updated", "removed"] to include removals.
+     * Defaults to ["new", "updated", "flagged"].
+     * Use ["new", "updated", "removed", "flagged"] to include removals.
      */
-    buckets?: Array<"new" | "updated" | "removed">;
+    buckets?: Array<"new" | "updated" | "removed" | "flagged">;
 }
 interface WatchOptions extends PollOptions {
-    /** Seconds between polls. Defaults to feed TTL (usually 900s). */
+    /** Seconds between polls. Defaults to feed TTL (usually 60s). */
     interval?: number;
     /** If provided, an AbortSignal to stop watching. */
     signal?: AbortSignal;
@@ -144,7 +252,7 @@ declare class DiffDelta {
     /**
      * Poll the global feed for new items since last poll.
      *
-     * Checks head.json first (~400 bytes). Only fetches the full feed
+     * Checks head.json first (~200 bytes). Only fetches the full feed
      * if the cursor has changed. Automatically saves the new cursor.
      */
     poll(options?: PollOptions): Promise<FeedItem[]>;
@@ -156,7 +264,7 @@ declare class DiffDelta {
      */
     pollSource(sourceId: string, options?: Omit<PollOptions, "sources">): Promise<FeedItem[]>;
     /**
-     * Fetch a head.json pointer.
+     * Fetch a head.json pointer. Cheapest call (~200 bytes).
      * @param url Full URL to head.json. Defaults to global head.
      */
     head(url?: string): Promise<Head>;
@@ -167,6 +275,23 @@ declare class DiffDelta {
     fetchFeed(url?: string): Promise<Feed>;
     /** List all available DiffDelta sources. */
     sources(): Promise<SourceInfo[]>;
+    /**
+     * Check pipeline health. Returns when the engine last ran and whether
+     * all sources are healthy. A stale timestamp means the pipeline is down.
+     */
+    checkHealth(): Promise<HealthCheck>;
+    /**
+     * Given a list of dependency names your bot uses, returns the source IDs
+     * you should monitor. Uses the static stacks.json mapping — no API call,
+     * pure local lookup after one fetch.
+     *
+     * @example
+     * ```ts
+     * const sources = await dd.discoverSources(["openai", "langchain", "pinecone"]);
+     * // → ["openai_sdk_releases", "openai_api_changelog", "langchain_releases", "pinecone_status"]
+     * ```
+     */
+    discoverSources(dependencies: string[]): Promise<string[]>;
     /**
      * Continuously poll and call a function for each new item.
      *
@@ -177,6 +302,9 @@ declare class DiffDelta {
      * ```ts
      * dd.watch(item => {
      *   console.log(`🚨 ${item.source}: ${item.headline}`);
+     *   if (item.suggestedAction === "PATCH_IMMEDIATELY") {
+     *     triggerAlert(item);
+     *   }
      * }, { tags: ["security"] });
      * ```
      *
@@ -227,4 +355,4 @@ declare class MemoryCursorStore {
     clear(key?: string): void;
 }
 
-export { CursorStore, DiffDelta, type DiffDeltaOptions, type Feed, type FeedItem, type Head, MemoryCursorStore, type PollOptions, type SourceInfo, type WatchOptions };
+export { CursorStore, type DeprecationSignal, DiffDelta, type DiffDeltaOptions, type Feed, type FeedItem, type Head, type HealthCheck, type IncidentSignal, MemoryCursorStore, type PollOptions, type ReleaseSignal, type SeveritySignal, type SignalProvenance, type Signals, type SourceInfo, type SuggestedAction, type WatchOptions, parseFeed, parseFeedItem, parseHead, parseHealthCheck, parseSourceInfo };