@eduardbar/drift 1.3.0 → 1.4.0

package/tests/format.test.ts

@@ -0,0 +1,157 @@
+import { describe, expect, it, vi } from 'vitest'
+import { resolveOutputFormat } from '../src/format.js'
+
+describe('resolveOutputFormat', () => {
+  it('defaults to console when no format flags are passed', () => {
+    const format = resolveOutputFormat({
+      command: 'scan',
+      supported: ['console', 'json', 'markdown', 'ai', 'sarif'],
+    })
+
+    expect(format).toBe('console')
+  })
+
+  it('resolves from --format when supported', () => {
+    const format = resolveOutputFormat({
+      command: 'trust',
+      format: 'markdown',
+      supported: ['console', 'json', 'markdown'],
+    })
+
+    expect(format).toBe('markdown')
+  })
+
+  it('maps legacy aliases and emits deprecation warnings', () => {
+    const onWarning = vi.fn()
+
+    const format = resolveOutputFormat({
+      command: 'review',
+      supported: ['console', 'json', 'markdown'],
+      legacyAliases: [{ flag: 'comment', used: true, mapsTo: 'markdown' }],
+      onWarning,
+    })
+
+    expect(format).toBe('markdown')
+    expect(onWarning).toHaveBeenCalledWith("Warning: --comment is deprecated for 'review'. Use --format markdown instead.")
+  })
+
+  it('covers legacy alias mapping per phase-1.4 command', () => {
+    expect(
+      resolveOutputFormat({
+        command: 'scan',
+        supported: ['console', 'json', 'markdown', 'ai', 'sarif'],
+        legacyAliases: [{ flag: 'ai', used: true, mapsTo: 'ai' }],
+      }),
+    ).toBe('ai')
+
+    expect(
+      resolveOutputFormat({
+        command: 'trust',
+        supported: ['console', 'json', 'markdown', 'sarif'],
+        legacyAliases: [{ flag: 'markdown', used: true, mapsTo: 'markdown' }],
+      }),
+    ).toBe('markdown')
+
+    expect(
+      resolveOutputFormat({
+        command: 'diff',
+        supported: ['console', 'json', 'sarif'],
+        legacyAliases: [{ flag: 'json', used: true, mapsTo: 'json' }],
+      }),
+    ).toBe('json')
+
+    expect(
+      resolveOutputFormat({
+        command: 'ci',
+        supported: ['console', 'json', 'sarif'],
+        legacyAliases: [{ flag: 'json', used: true, mapsTo: 'json' }],
+      }),
+    ).toBe('json')
+  })
+
+  it('allows sarif when command supports it', () => {
+    expect(
+      resolveOutputFormat({
+        command: 'scan',
+        format: 'sarif',
+        supported: ['console', 'json', 'markdown', 'ai', 'sarif'],
+      }),
+    ).toBe('sarif')
+
+    expect(
+      resolveOutputFormat({
+        command: 'ci',
+        format: 'sarif',
+        supported: ['console', 'json', 'sarif'],
+      }),
+    ).toBe('sarif')
+
+    expect(
+      resolveOutputFormat({
+        command: 'diff',
+        format: 'sarif',
+        supported: ['console', 'json', 'sarif'],
+      }),
+    ).toBe('sarif')
+
+    expect(
+      resolveOutputFormat({
+        command: 'review',
+        format: 'sarif',
+        supported: ['console', 'json', 'markdown', 'sarif'],
+      }),
+    ).toBe('sarif')
+
+    expect(
+      resolveOutputFormat({
+        command: 'trust',
+        format: 'sarif',
+        supported: ['console', 'json', 'markdown', 'sarif'],
+      }),
+    ).toBe('sarif')
+  })
+
+  it('fails on unsupported format per command', () => {
+    expect(() =>
+      resolveOutputFormat({
+        command: 'diff',
+        format: 'markdown',
+        supported: ['console', 'json', 'sarif'],
+      }),
+    ).toThrow("Format 'markdown' is not supported for 'diff'. Supported formats: console, json, sarif.")
+  })
+
+  it('fails when sarif is not supported by the command', () => {
+    expect(() =>
+      resolveOutputFormat({
+        command: 'guard',
+        format: 'sarif',
+        supported: ['console', 'json'],
+      }),
+    ).toThrow("Format 'sarif' is not supported for 'guard'. Supported formats: console, json.")
+  })
+
+  it('fails when legacy aliases conflict', () => {
+    expect(() =>
+      resolveOutputFormat({
+        command: 'scan',
+        supported: ['console', 'json', 'markdown', 'ai', 'sarif'],
+        legacyAliases: [
+          { flag: 'json', used: true, mapsTo: 'json' },
+          { flag: 'ai', used: true, mapsTo: 'ai' },
+        ],
+      }),
+    ).toThrow("Conflicting legacy format flags for 'scan': json vs ai. Use a single format option.")
+  })
+
+  it('fails when --format conflicts with a legacy alias', () => {
+    expect(() =>
+      resolveOutputFormat({
+        command: 'trust',
+        format: 'json',
+        supported: ['console', 'json', 'markdown', 'sarif'],
+        legacyAliases: [{ flag: 'markdown', used: true, mapsTo: 'markdown' }],
+      }),
+    ).toThrow("Conflicting format flags for 'trust': --format json and legacy alias for markdown.")
+  })
+})

package/tests/new-features.test.ts

@@ -4,10 +4,12 @@ import { tmpdir } from 'node:os'
 import { join } from 'node:path'
 import { analyzeProject } from '../src/analyzer.js'
 import { buildReport, formatAIOutput } from '../src/reporter.js'
-import { formatReviewMarkdown, type DriftReview } from '../src/review.js'
+import { formatReviewMarkdown } from '../src/review.js'
 import { generateArchitectureSvg } from '../src/map.js'
 import { applyFixes } from '../src/fix.js'
 
+type DriftReview = Parameters<typeof formatReviewMarkdown>[0]
+
 describe('new feature MVP', () => {
   let tmpDir = ''
 
@@ -36,6 +38,12 @@ describe('new feature MVP', () => {
     expect(Array.isArray(ai.files_suspected)).toBe(true)
     expect(ai.maintenance_risk).toBeDefined()
     expect(ai.quality).toBeDefined()
+    expect(ai.$schema).toBe('schemas/drift-ai-output.v1.json')
+    expect(typeof ai.toolVersion).toBe('string')
+    expect(ai.toolVersion.length).toBeGreaterThan(0)
+    expect(report.$schema).toBe('schemas/drift-report.v1.json')
+    expect(typeof report.toolVersion).toBe('string')
+    expect(report.toolVersion.length).toBeGreaterThan(0)
   })
 
   it('formats review markdown for PR comments', () => {
@@ -191,7 +199,7 @@ describe('new feature MVP', () => {
 
     expect(fullRules.has('circular-dependency')).toBe(true)
     expect(lowMemoryRules.has('circular-dependency')).toBe(true)
-  })
+  }, 15000)
 
   it('adds diagnostics when max file size guardrail skips files', () => {
     tmpDir = mkdtempSync(join(tmpdir(), 'drift-max-file-size-'))

package/tests/phase1-init-doctor-guard.test.ts

@@ -0,0 +1,199 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, mkdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { runDoctor } from '../src/doctor.js'
+import { runInit } from '../src/init.js'
+import { evaluateGuard, runGuard } from '../src/guard.js'
+import { analyzeProject } from '../src/analyzer.js'
+import { buildReport } from '../src/reporter.js'
+
+function createTempDir(prefix: string): string {
+  return mkdtempSync(join(tmpdir(), prefix))
+}
+
+describe('phase 1: doctor/init/guard', () => {
+  const tempDirs: string[] = []
+
+  afterEach(() => {
+    vi.restoreAllMocks()
+    for (const dir of tempDirs) {
+      rmSync(dir, { recursive: true, force: true })
+    }
+    tempDirs.length = 0
+  })
+
+  describe('runDoctor', () => {
+    it('prints a basic diagnostic report and exits with code 0', async () => {
+      const projectDir = createTempDir('drift-doctor-basic-')
+      tempDirs.push(projectDir)
+      writeFileSync(join(projectDir, 'index.ts'), 'export const value = 1\n')
+
+      const output: string[] = []
+      vi.spyOn(process.stdout, 'write').mockImplementation((chunk) => {
+        output.push(String(chunk))
+        return true
+      })
+
+      const exitCode = await runDoctor(projectDir)
+      const text = output.join('')
+
+      expect(exitCode).toBe(0)
+      expect(text).toContain('drift doctor')
+      expect(text).toContain('Source files (.ts/.tsx/.js/.jsx): 1')
+    })
+
+    it('prints valid JSON output with expected shape', async () => {
+      const projectDir = createTempDir('drift-doctor-json-')
+      tempDirs.push(projectDir)
+      mkdirSync(join(projectDir, 'src'))
+      writeFileSync(join(projectDir, 'package.json'), JSON.stringify({ type: 'module' }, null, 2))
+      writeFileSync(join(projectDir, 'tsconfig.json'), '{"compilerOptions":{}}\n')
+      writeFileSync(join(projectDir, 'drift.config.ts'), 'export default {}\n')
+      writeFileSync(join(projectDir, 'src', 'app.ts'), 'export const answer = 42\n')
+
+      const output: string[] = []
+      vi.spyOn(process.stdout, 'write').mockImplementation((chunk) => {
+        output.push(String(chunk))
+        return true
+      })
+
+      await runDoctor(projectDir, { json: true })
+      const report = JSON.parse(output.join('')) as {
+        targetPath: string
+        node: { version: string; major: number; supported: boolean }
+        project: {
+          packageJsonFound: boolean
+          esm: boolean
+          tsconfigFound: boolean
+          sourceFilesCount: number
+          lowMemorySuggested: boolean
+          driftConfigFile: string | null
+        }
+      }
+
+      expect(report.targetPath).toBe(projectDir)
+      expect(typeof report.node.version).toBe('string')
+      expect(typeof report.node.major).toBe('number')
+      expect(typeof report.node.supported).toBe('boolean')
+      expect(report.project.packageJsonFound).toBe(true)
+      expect(report.project.esm).toBe(true)
+      expect(report.project.tsconfigFound).toBe(true)
+      expect(report.project.sourceFilesCount).toBe(2)
+      expect(report.project.driftConfigFile).toBe('drift.config.ts')
+      expect(typeof report.project.lowMemorySuggested).toBe('boolean')
+    })
+  })
+
+  describe('runInit', () => {
+    it('creates drift.config.ts when using a valid preset', async () => {
+      const projectDir = createTempDir('drift-init-preset-')
+      tempDirs.push(projectDir)
+
+      await runInit(projectDir, { preset: 'node-backend' })
+
+      const generated = readFileSync(join(projectDir, 'drift.config.ts'), 'utf8')
+      expect(generated).toContain('satisfies DriftConfig')
+      expect(generated).toContain("name: 'api'")
+    })
+
+    it('throws on invalid preset', async () => {
+      const projectDir = createTempDir('drift-init-invalid-')
+      tempDirs.push(projectDir)
+
+      await expect(runInit(projectDir, { preset: 'invalid-preset' })).rejects.toThrow("Invalid preset 'invalid-preset'")
+    })
+
+    it('creates ci workflow when --ci flag is enabled', async () => {
+      const projectDir = createTempDir('drift-init-ci-')
+      tempDirs.push(projectDir)
+
+      await runInit(projectDir, { ci: true })
+
+      const workflowPath = join(projectDir, '.github', 'workflows', 'drift-review.yml')
+      const workflow = readFileSync(workflowPath, 'utf8')
+      expect(workflow).toContain('name: drift PR Review')
+      expect(workflow).toContain('npx drift review --base')
+    })
+
+    it('prints no-actions message when no flags are provided', async () => {
+      const projectDir = createTempDir('drift-init-empty-')
+      tempDirs.push(projectDir)
+
+      const output: string[] = []
+      vi.spyOn(process.stdout, 'write').mockImplementation((chunk) => {
+        output.push(String(chunk))
+        return true
+      })
+
+      await runInit(projectDir, {})
+
+      expect(output.join('')).toContain('No actions taken. Use --preset, --ci, or --baseline flags.')
+    })
+  })
+
+  describe('guard', () => {
+    it('evaluateGuard applies no-regression, budget and severity checks', () => {
+      const evaluation = evaluateGuard({
+        metrics: {
+          scoreDelta: 3,
+          totalIssuesDelta: 1,
+          severityDelta: { error: 1, warning: 0, info: 0 },
+        },
+        budget: 2,
+        bySeverity: { error: 0, warning: 1, info: 0 },
+        enforceNoRegression: {
+          score: true,
+          totalIssues: true,
+        },
+      })
+
+      expect(evaluation.passed).toBe(false)
+      expect(evaluation.checks.some((check) => check.id === 'no-regression-score' && !check.passed)).toBe(true)
+      expect(evaluation.checks.some((check) => check.id === 'no-regression-total-issues' && !check.passed)).toBe(true)
+      expect(evaluation.checks.some((check) => check.id === 'budget-total-delta' && !check.passed)).toBe(true)
+      expect(evaluation.checks.some((check) => check.id === 'severity-error' && !check.passed)).toBe(true)
+    })
+
+    it('runs in baseline mode with inline baseline fixture', async () => {
+      const projectDir = createTempDir('drift-guard-baseline-')
+      tempDirs.push(projectDir)
+      writeFileSync(join(projectDir, 'main.ts'), 'export const value: any = 42\n')
+
+      const reports = analyzeProject(projectDir)
+      const current = buildReport(projectDir, reports)
+
+      const result = await runGuard(projectDir, {
+        baseline: {
+          score: current.totalScore,
+          totalIssues: current.totalIssues,
+          bySeverity: {
+            error: current.summary.errors,
+            warning: current.summary.warnings,
+            info: current.summary.infos,
+          },
+        },
+        budget: 0,
+        bySeverity: { error: 0, warning: 0, info: 0 },
+      })
+
+      expect(result.mode).toBe('baseline')
+      expect(result.passed).toBe(true)
+      expect(result.metrics.scoreDelta).toBe(0)
+      expect(result.metrics.totalIssuesDelta).toBe(0)
+      expect(result.metrics.severityDelta).toEqual({ error: 0, warning: 0, info: 0 })
+      expect(result.checks.some((check) => check.id === 'no-regression-score')).toBe(true)
+      expect(result.checks.some((check) => check.id === 'no-regression-total-issues')).toBe(true)
+    })
+
+    it('throws when guard has no baseRef and no baseline', async () => {
+      const projectDir = createTempDir('drift-guard-missing-anchor-')
+      tempDirs.push(projectDir)
+      writeFileSync(join(projectDir, 'main.ts'), 'export const value = 1\n')
+
+      await expect(runGuard(projectDir, {})).rejects.toThrow(
+        'Guard requires a comparison point: provide baseRef or a baseline (inline or file).',
+      )
+    })
+  })
+})

package/tests/sarif.test.ts

@@ -0,0 +1,160 @@
+import { describe, expect, it } from 'vitest'
+import { diffToSarif, toSarif } from '../src/sarif.js'
+import type { DriftDiff, DriftReport } from '../src/types.js'
+
+describe('toSarif', () => {
+  function createReport(): DriftReport {
+    return {
+      scannedAt: '2026-03-17T10:20:30.000Z',
+      targetPath: '/repo',
+      files: [{
+        path: 'src/app.ts',
+        score: 72,
+        issues: [
+          {
+            rule: 'large-file',
+            severity: 'error',
+            message: 'File exceeds threshold',
+            line: 14,
+            column: 3,
+            snippet: 'export function app() {}',
+          },
+          {
+            rule: 'debug-leftover',
+            severity: 'warning',
+            message: 'console.log detected',
+            line: 22,
+            column: 1,
+            snippet: 'console.log(value)',
+          },
+          {
+            rule: 'plugin-warning',
+            severity: 'info',
+            message: 'Plugin diagnostic',
+            line: 1,
+            column: 1,
+            snippet: 'app.ts',
+          },
+        ],
+      }],
+      totalIssues: 3,
+      totalScore: 72,
+      totalFiles: 1,
+      summary: {
+        errors: 1,
+        warnings: 1,
+        infos: 1,
+        byRule: {
+          'large-file': 1,
+          'debug-leftover': 1,
+          'plugin-warning': 1,
+        },
+      },
+      quality: {
+        overall: 90,
+        dimensions: {
+          architecture: 91,
+          complexity: 87,
+          'ai-patterns': 92,
+          testing: 89,
+        },
+      },
+      maintenanceRisk: {
+        score: 20,
+        level: 'low',
+        hotspots: [],
+        signals: {
+          highComplexityFiles: 0,
+          filesWithoutNearbyTests: 0,
+          frequentChangeFiles: 0,
+        },
+      },
+    }
+  }
+
+  it('maps drift severities to SARIF levels', () => {
+    const sarif = toSarif(createReport())
+    const levels = sarif.runs[0].results.map((result) => result.level)
+
+    expect(levels).toContain('error')
+    expect(levels).toContain('warning')
+    expect(levels).toContain('note')
+  })
+
+  it('builds SARIF minimal valid structure', () => {
+    const sarif = toSarif(createReport())
+
+    expect(sarif.version).toBe('2.1.0')
+    expect(sarif.runs).toHaveLength(1)
+    expect(sarif.runs[0].tool.driver.name).toBe('drift')
+    expect(Array.isArray(sarif.runs[0].results)).toBe(true)
+    expect(sarif.runs[0].results).toHaveLength(3)
+  })
+
+  it('maps message and location fields for each issue', () => {
+    const sarif = toSarif(createReport())
+    const result = sarif.runs[0].results.find((item) => item.ruleId === 'large-file')
+
+    expect(result).toBeDefined()
+    expect(result?.message.text).toBe('File exceeds threshold')
+    expect(result?.locations[0].physicalLocation.artifactLocation.uri).toBe('src/app.ts')
+    expect(result?.locations[0].physicalLocation.region.startLine).toBe(14)
+    expect(result?.locations[0].physicalLocation.region.startColumn).toBe(3)
+    expect(result?.properties?.weight).toBe(20)
+    expect(result?.properties?.fileScore).toBe(72)
+  })
+
+  it('maps diff newIssues to SARIF results', () => {
+    const diff: DriftDiff = {
+      baseRef: 'origin/main',
+      projectPath: '/repo',
+      scannedAt: '2026-03-17T10:20:30.000Z',
+      files: [
+        {
+          path: 'src/app.ts',
+          scoreBefore: 60,
+          scoreAfter: 72,
+          scoreDelta: 12,
+          newIssues: [
+            {
+              rule: 'debug-leftover',
+              severity: 'warning',
+              message: 'console.log detected',
+              line: 22,
+              column: 1,
+              snippet: 'console.log(value)',
+            },
+          ],
+          resolvedIssues: [
+            {
+              rule: 'magic-number',
+              severity: 'info',
+              message: 'legacy issue resolved',
+              line: 10,
+              column: 5,
+              snippet: '42',
+            },
+          ],
+        },
+      ],
+      totalScoreBefore: 60,
+      totalScoreAfter: 72,
+      totalDelta: 12,
+      newIssuesCount: 1,
+      resolvedIssuesCount: 1,
+    }
+
+    const sarif = diffToSarif(diff)
+
+    expect(sarif.version).toBe('2.1.0')
+    expect(sarif.runs[0].results).toHaveLength(1)
+    expect(sarif.runs[0].results[0]?.ruleId).toBe('debug-leftover')
+    expect(sarif.runs[0].results[0]?.locations[0]?.physicalLocation?.artifactLocation?.uri).toBe('src/app.ts')
+    expect(sarif.runs[0].results[0]?.properties?.baseRef).toBe('origin/main')
+    expect(sarif.runs[0].results[0]?.properties?.scoreDelta).toBe(12)
+    expect(sarif.runs[0].results[0]?.properties?.changeType).toBe('new-issue')
+    expect(sarif.runs[0].properties.baseRef).toBe('origin/main')
+    expect(sarif.runs[0].properties.newIssuesCount).toBe(1)
+    expect(sarif.runs[0].properties.resolvedIssuesCount).toBe(1)
+  })
+})

package/tests/trust-kpi.test.ts

@@ -16,6 +16,8 @@ describe('trust KPI aggregation', () => {
     tempDir = mkdtempSync(join(tmpdir(), 'drift-kpi-aggregate-'))
 
     writeFileSync(join(tempDir, 'trust-a.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 80,
       merge_risk: 'LOW',
       diff_context: {
@@ -32,6 +34,8 @@ describe('trust KPI aggregation', () => {
     }, null, 2))
 
     writeFileSync(join(tempDir, 'trust-b.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 60,
       merge_risk: 'MEDIUM',
       diff_context: {
@@ -48,6 +52,8 @@ describe('trust KPI aggregation', () => {
     }, null, 2))
 
     writeFileSync(join(tempDir, 'trust-c.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 30,
       merge_risk: 'HIGH',
     }, null, 2))
@@ -72,6 +78,8 @@ describe('trust KPI aggregation', () => {
     tempDir = mkdtempSync(join(tmpdir(), 'drift-kpi-parse-'))
 
     writeFileSync(join(tempDir, 'valid.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 70,
       merge_risk: 'MEDIUM',
       diff_context: {
@@ -84,16 +92,25 @@ describe('trust KPI aggregation', () => {
     writeFileSync(join(tempDir, 'broken.json'), '{"trust_score":70')
     writeFileSync(join(tempDir, 'invalid-shape.json'), JSON.stringify({ trust_score: 70 }, null, 2))
     writeFileSync(join(tempDir, 'bad-diff.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 50,
       merge_risk: 'HIGH',
       diff_context: 'oops',
     }, null, 2))
 
+    writeFileSync(join(tempDir, 'wrong-schema.json'), JSON.stringify({
+      $schema: 'schemas/drift-report.v1.json',
+      toolVersion: '1.3.0',
+      trust_score: 65,
+      merge_risk: 'MEDIUM',
+    }, null, 2))
+
     const kpi = computeTrustKpis(tempDir)
 
-    expect(kpi.files.matched).toBe(4)
+    expect(kpi.files.matched).toBe(5)
     expect(kpi.files.parsed).toBe(2)
-    expect(kpi.files.malformed).toBe(2)
+    expect(kpi.files.malformed).toBe(3)
     expect(kpi.prsEvaluated).toBe(2)
 
     const byCode = new Set(kpi.diagnostics.map((diagnostic) => diagnostic.code))
@@ -106,8 +123,18 @@ describe('trust KPI aggregation', () => {
     tempDir = mkdtempSync(join(tmpdir(), 'drift-kpi-glob-'))
     mkdirSync(join(tempDir, 'nested'))
 
-    writeFileSync(join(tempDir, 'trust-1.json'), JSON.stringify({ trust_score: 90, merge_risk: 'LOW' }))
-    writeFileSync(join(tempDir, 'nested', 'trust-2.json'), JSON.stringify({ trust_score: 20, merge_risk: 'CRITICAL' }))
+    writeFileSync(join(tempDir, 'trust-1.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
+      trust_score: 90,
+      merge_risk: 'LOW',
+    }))
+    writeFileSync(join(tempDir, 'nested', 'trust-2.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
+      trust_score: 20,
+      merge_risk: 'CRITICAL',
+    }))
     writeFileSync(join(tempDir, 'other.json'), JSON.stringify({ trust_score: 55, merge_risk: 'MEDIUM' }))
 
     const pattern = join(tempDir, '**', 'trust-*.json')

package/tests/trust.test.ts

@@ -6,6 +6,7 @@ import {
   formatTrustGatePolicyExplanation,
   explainTrustGatePolicy,
   formatTrustJson,
+  formatTrustJsonObject,
   formatTrustMarkdown,
   normalizeMergeRiskLevel,
   renderTrustOutput,
@@ -201,6 +202,23 @@ describe('drift trust baseline', () => {
     expect(renderTrustOutput(trust, { json: true, markdown: true })).toBe(formatTrustJson(trust))
   })
 
+  it('adds schema metadata in trust JSON output without breaking trust payload', () => {
+    const report = createBaseReport({ targetPath: '/tmp/metadata' })
+    const trust = buildTrustReport(report)
+
+    const jsonObject = formatTrustJsonObject(trust)
+    expect(jsonObject.$schema).toBe('schemas/drift-trust.v1.json')
+    expect(typeof jsonObject.toolVersion).toBe('string')
+    expect(jsonObject.toolVersion.length).toBeGreaterThan(0)
+    expect(jsonObject.trust_score).toBe(trust.trust_score)
+    expect(jsonObject.merge_risk).toBe(trust.merge_risk)
+    expect(jsonObject.targetPath).toBe('/tmp/metadata')
+
+    const parsed = JSON.parse(formatTrustJson(trust)) as Record<string, unknown>
+    expect(parsed.$schema).toBe('schemas/drift-trust.v1.json')
+    expect(typeof parsed.toolVersion).toBe('string')
+  })
+
   it('keeps baseline trust contract unchanged when advanced mode is disabled', () => {
     const report = createBaseReport({
       totalScore: 28,