@eduardbar/drift 1.3.0 → 1.5.0

package/tests/phase1-init-doctor-guard.test.ts

@@ -0,0 +1,301 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, mkdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { runDoctor } from '../src/doctor.js'
+import { runInit } from '../src/init.js'
+import { evaluateGuard, formatGuardJsonObject, runGuard } from '../src/guard.js'
+import { analyzeProject } from '../src/analyzer.js'
+import { buildReport } from '../src/reporter.js'
+
+type JsonSchema = {
+  type?: string | string[]
+  required?: string[]
+  properties?: Record<string, JsonSchema>
+  additionalProperties?: boolean | JsonSchema
+  items?: JsonSchema
+  const?: unknown
+  enum?: unknown[]
+}
+
+function validateAgainstSchema(schema: JsonSchema, value: unknown, path = '$'): string[] {
+  const errors: string[] = []
+
+  if (schema.const !== undefined && value !== schema.const) {
+    errors.push(`${path} must be ${JSON.stringify(schema.const)}`)
+    return errors
+  }
+
+  if (schema.enum && !schema.enum.includes(value)) {
+    errors.push(`${path} must be one of ${JSON.stringify(schema.enum)}`)
+    return errors
+  }
+
+  if (schema.type) {
+    const allowedTypes = Array.isArray(schema.type) ? schema.type : [schema.type]
+    const actualType = value === null ? 'null' : Array.isArray(value) ? 'array' : typeof value
+    if (!allowedTypes.includes(actualType)) {
+      errors.push(`${path} must be type ${allowedTypes.join('|')}, got ${actualType}`)
+      return errors
+    }
+  }
+
+  if (schema.type === 'array' && schema.items && Array.isArray(value)) {
+    for (let i = 0; i < value.length; i += 1) {
+      errors.push(...validateAgainstSchema(schema.items, value[i], `${path}[${i}]`))
+    }
+    return errors
+  }
+
+  if (schema.type === 'object' && value !== null && typeof value === 'object' && !Array.isArray(value)) {
+    const objectValue = value as Record<string, unknown>
+    const required = schema.required ?? []
+    const properties = schema.properties ?? {}
+
+    for (const key of required) {
+      if (!(key in objectValue)) {
+        errors.push(`${path}.${key} is required`)
+      }
+    }
+
+    for (const [key, propertySchema] of Object.entries(properties)) {
+      if (key in objectValue) {
+        errors.push(...validateAgainstSchema(propertySchema, objectValue[key], `${path}.${key}`))
+      }
+    }
+
+    if (schema.additionalProperties === false) {
+      for (const key of Object.keys(objectValue)) {
+        if (!(key in properties)) {
+          errors.push(`${path}.${key} is not allowed`)
+        }
+      }
+    }
+
+    if (
+      schema.additionalProperties &&
+      typeof schema.additionalProperties === 'object' &&
+      schema.additionalProperties !== null
+    ) {
+      for (const [key, propValue] of Object.entries(objectValue)) {
+        if (!(key in properties)) {
+          errors.push(...validateAgainstSchema(schema.additionalProperties, propValue, `${path}.${key}`))
+        }
+      }
+    }
+  }
+
+  return errors
+}
+
+function loadSchema(schemaFileName: string): JsonSchema {
+  const raw = readFileSync(join(process.cwd(), 'schemas', schemaFileName), 'utf8')
+  return JSON.parse(raw) as JsonSchema
+}
+
+function createTempDir(prefix: string): string {
+  return mkdtempSync(join(tmpdir(), prefix))
+}
+
+describe('phase 1: doctor/init/guard', () => {
+  const tempDirs: string[] = []
+
+  afterEach(() => {
+    vi.restoreAllMocks()
+    for (const dir of tempDirs) {
+      rmSync(dir, { recursive: true, force: true })
+    }
+    tempDirs.length = 0
+  })
+
+  describe('runDoctor', () => {
+    it('prints a basic diagnostic report and exits with code 0', async () => {
+      const projectDir = createTempDir('drift-doctor-basic-')
+      tempDirs.push(projectDir)
+      writeFileSync(join(projectDir, 'index.ts'), 'export const value = 1\n')
+
+      const output: string[] = []
+      vi.spyOn(process.stdout, 'write').mockImplementation((chunk) => {
+        output.push(String(chunk))
+        return true
+      })
+
+      const exitCode = await runDoctor(projectDir)
+      const text = output.join('')
+
+      expect(exitCode).toBe(0)
+      expect(text).toContain('drift doctor')
+      expect(text).toContain('Source files (.ts/.tsx/.js/.jsx): 1')
+    })
+
+    it('prints valid JSON output with expected shape', async () => {
+      const projectDir = createTempDir('drift-doctor-json-')
+      tempDirs.push(projectDir)
+      mkdirSync(join(projectDir, 'src'))
+      writeFileSync(join(projectDir, 'package.json'), JSON.stringify({ type: 'module' }, null, 2))
+      writeFileSync(join(projectDir, 'tsconfig.json'), '{"compilerOptions":{}}\n')
+      writeFileSync(join(projectDir, 'drift.config.ts'), 'export default {}\n')
+      writeFileSync(join(projectDir, 'src', 'app.ts'), 'export const answer = 42\n')
+
+      const output: string[] = []
+      vi.spyOn(process.stdout, 'write').mockImplementation((chunk) => {
+        output.push(String(chunk))
+        return true
+      })
+
+      await runDoctor(projectDir, { json: true })
+      const report = JSON.parse(output.join('')) as {
+        $schema: string
+        toolVersion: string
+        targetPath: string
+        node: { version: string; major: number; supported: boolean }
+        project: {
+          packageJsonFound: boolean
+          esm: boolean
+          tsconfigFound: boolean
+          sourceFilesCount: number
+          lowMemorySuggested: boolean
+          driftConfigFile: string | null
+        }
+      }
+
+      const schema = loadSchema('drift-doctor.v1.json')
+      const schemaErrors = validateAgainstSchema(schema, report)
+
+      expect(report.$schema).toBe('schemas/drift-doctor.v1.json')
+      expect(typeof report.toolVersion).toBe('string')
+      expect(report.toolVersion.length).toBeGreaterThan(0)
+      expect(report.targetPath).toBe(projectDir)
+      expect(typeof report.node.version).toBe('string')
+      expect(typeof report.node.major).toBe('number')
+      expect(typeof report.node.supported).toBe('boolean')
+      expect(report.project.packageJsonFound).toBe(true)
+      expect(report.project.esm).toBe(true)
+      expect(report.project.tsconfigFound).toBe(true)
+      expect(report.project.sourceFilesCount).toBe(2)
+      expect(report.project.driftConfigFile).toBe('drift.config.ts')
+      expect(typeof report.project.lowMemorySuggested).toBe('boolean')
+      expect(schemaErrors).toEqual([])
+    })
+  })
+
+  describe('runInit', () => {
+    it('creates drift.config.ts when using a valid preset', async () => {
+      const projectDir = createTempDir('drift-init-preset-')
+      tempDirs.push(projectDir)
+
+      await runInit(projectDir, { preset: 'node-backend' })
+
+      const generated = readFileSync(join(projectDir, 'drift.config.ts'), 'utf8')
+      expect(generated).toContain('satisfies DriftConfig')
+      expect(generated).toContain("name: 'api'")
+    })
+
+    it('throws on invalid preset', async () => {
+      const projectDir = createTempDir('drift-init-invalid-')
+      tempDirs.push(projectDir)
+
+      await expect(runInit(projectDir, { preset: 'invalid-preset' })).rejects.toThrow("Invalid preset 'invalid-preset'")
+    })
+
+    it('creates ci workflow when --ci flag is enabled', async () => {
+      const projectDir = createTempDir('drift-init-ci-')
+      tempDirs.push(projectDir)
+
+      await runInit(projectDir, { ci: true })
+
+      const workflowPath = join(projectDir, '.github', 'workflows', 'drift-review.yml')
+      const workflow = readFileSync(workflowPath, 'utf8')
+      expect(workflow).toContain('name: drift PR Review')
+      expect(workflow).toContain('node-version: 20')
+      expect(workflow).toContain('npx drift review --base')
+    })
+
+    it('prints no-actions message when no flags are provided', async () => {
+      const projectDir = createTempDir('drift-init-empty-')
+      tempDirs.push(projectDir)
+
+      const output: string[] = []
+      vi.spyOn(process.stdout, 'write').mockImplementation((chunk) => {
+        output.push(String(chunk))
+        return true
+      })
+
+      await runInit(projectDir, {})
+
+      expect(output.join('')).toContain('No actions taken. Use --preset, --ci, or --baseline flags.')
+    })
+  })
+
+  describe('guard', () => {
+    it('evaluateGuard applies no-regression, budget and severity checks', () => {
+      const evaluation = evaluateGuard({
+        metrics: {
+          scoreDelta: 3,
+          totalIssuesDelta: 1,
+          severityDelta: { error: 1, warning: 0, info: 0 },
+        },
+        budget: 2,
+        bySeverity: { error: 0, warning: 1, info: 0 },
+        enforceNoRegression: {
+          score: true,
+          totalIssues: true,
+        },
+      })
+
+      expect(evaluation.passed).toBe(false)
+      expect(evaluation.checks.some((check) => check.id === 'no-regression-score' && !check.passed)).toBe(true)
+      expect(evaluation.checks.some((check) => check.id === 'no-regression-total-issues' && !check.passed)).toBe(true)
+      expect(evaluation.checks.some((check) => check.id === 'budget-total-delta' && !check.passed)).toBe(true)
+      expect(evaluation.checks.some((check) => check.id === 'severity-error' && !check.passed)).toBe(true)
+    })
+
+    it('runs in baseline mode with inline baseline fixture', async () => {
+      const projectDir = createTempDir('drift-guard-baseline-')
+      tempDirs.push(projectDir)
+      writeFileSync(join(projectDir, 'main.ts'), 'export const value: any = 42\n')
+
+      const reports = analyzeProject(projectDir)
+      const current = buildReport(projectDir, reports)
+
+      const result = await runGuard(projectDir, {
+        baseline: {
+          score: current.totalScore,
+          totalIssues: current.totalIssues,
+          bySeverity: {
+            error: current.summary.errors,
+            warning: current.summary.warnings,
+            info: current.summary.infos,
+          },
+        },
+        budget: 0,
+        bySeverity: { error: 0, warning: 0, info: 0 },
+      })
+      const resultJson = formatGuardJsonObject(result)
+      const schema = loadSchema('drift-guard.v1.json')
+      const schemaErrors = validateAgainstSchema(schema, JSON.parse(JSON.stringify(resultJson)))
+
+      expect(result.mode).toBe('baseline')
+      expect(result.passed).toBe(true)
+      expect(result.metrics.scoreDelta).toBe(0)
+      expect(result.metrics.totalIssuesDelta).toBe(0)
+      expect(result.metrics.severityDelta).toEqual({ error: 0, warning: 0, info: 0 })
+      expect(result.checks.some((check) => check.id === 'no-regression-score')).toBe(true)
+      expect(result.checks.some((check) => check.id === 'no-regression-total-issues')).toBe(true)
+      expect(resultJson.$schema).toBe('schemas/drift-guard.v1.json')
+      expect(typeof resultJson.toolVersion).toBe('string')
+      expect(resultJson.toolVersion.length).toBeGreaterThan(0)
+      expect(schemaErrors).toEqual([])
+    }, 15000)
+
+    it('throws when guard has no baseRef and no baseline', async () => {
+      const projectDir = createTempDir('drift-guard-missing-anchor-')
+      tempDirs.push(projectDir)
+      writeFileSync(join(projectDir, 'main.ts'), 'export const value = 1\n')
+
+      await expect(runGuard(projectDir, {})).rejects.toThrow(
+        'Guard requires a comparison point: provide baseRef or a baseline (inline or file).',
+      )
+    })
+  })
+})

package/tests/runtime-policy-alignment.test.ts

@@ -0,0 +1,46 @@
+import { describe, expect, it } from 'vitest'
+import { readFileSync } from 'node:fs'
+import { join } from 'node:path'
+
+const repoRoot = process.cwd()
+const EXPECTED_ENGINE_RANGE = '^20.0.0 || ^22.0.0'
+const EXPECTED_NODE_MATRIX = '["20", "22"]'
+const EXPECTED_README_RUNTIME = '**Runtime:** Node.js 20.x and 22.x (LTS)'
+
+function readRepoFile(path: string): string {
+  return readFileSync(join(repoRoot, path), 'utf8')
+}
+
+describe('runtime support policy alignment', () => {
+  it('keeps package engines aligned with supported Node policy', () => {
+    const pkg = JSON.parse(readRepoFile('package.json')) as { engines?: { node?: string } }
+    expect(pkg.engines?.node).toBe(EXPECTED_ENGINE_RANGE)
+  })
+
+  it('keeps CI workflows aligned with supported Node policy', () => {
+    const reusable = readRepoFile('.github/workflows/reusable-quality-checks.yml')
+    const quality = readRepoFile('.github/workflows/quality.yml')
+    const initTemplate = readRepoFile('src/init.ts')
+
+    expect(reusable).toContain(`default: '${EXPECTED_NODE_MATRIX}'`)
+    expect(quality).toContain(`node_versions: '${EXPECTED_NODE_MATRIX}'`)
+    expect(reusable).toContain('run: npm run check:runtime-policy')
+    expect(initTemplate).toContain('node-version: 20')
+  })
+
+  it('keeps runtime docs and doctor messaging aligned with supported minimum', () => {
+    const readme = readRepoFile('README.md')
+    const doctor = readRepoFile('src/doctor.ts')
+
+    expect(readme).toContain(EXPECTED_README_RUNTIME)
+    expect(doctor).toContain('const MIN_SUPPORTED_NODE_MAJOR = 20')
+    expect(doctor).toContain('Node runtime below supported minimum (>=20)')
+  })
+
+  it('documents dependency-driven minimum from lockfile constraints', () => {
+    const lockfile = readRepoFile('package-lock.json')
+
+    expect(lockfile).toContain('"node_modules/commander"')
+    expect(lockfile).toContain('"node": ">=20"')
+  })
+})

package/tests/sarif.test.ts

@@ -0,0 +1,160 @@
+import { describe, expect, it } from 'vitest'
+import { diffToSarif, toSarif } from '../src/sarif.js'
+import type { DriftDiff, DriftReport } from '../src/types.js'
+
+describe('toSarif', () => {
+  function createReport(): DriftReport {
+    return {
+      scannedAt: '2026-03-17T10:20:30.000Z',
+      targetPath: '/repo',
+      files: [{
+        path: 'src/app.ts',
+        score: 72,
+        issues: [
+          {
+            rule: 'large-file',
+            severity: 'error',
+            message: 'File exceeds threshold',
+            line: 14,
+            column: 3,
+            snippet: 'export function app() {}',
+          },
+          {
+            rule: 'debug-leftover',
+            severity: 'warning',
+            message: 'console.log detected',
+            line: 22,
+            column: 1,
+            snippet: 'console.log(value)',
+          },
+          {
+            rule: 'plugin-warning',
+            severity: 'info',
+            message: 'Plugin diagnostic',
+            line: 1,
+            column: 1,
+            snippet: 'app.ts',
+          },
+        ],
+      }],
+      totalIssues: 3,
+      totalScore: 72,
+      totalFiles: 1,
+      summary: {
+        errors: 1,
+        warnings: 1,
+        infos: 1,
+        byRule: {
+          'large-file': 1,
+          'debug-leftover': 1,
+          'plugin-warning': 1,
+        },
+      },
+      quality: {
+        overall: 90,
+        dimensions: {
+          architecture: 91,
+          complexity: 87,
+          'ai-patterns': 92,
+          testing: 89,
+        },
+      },
+      maintenanceRisk: {
+        score: 20,
+        level: 'low',
+        hotspots: [],
+        signals: {
+          highComplexityFiles: 0,
+          filesWithoutNearbyTests: 0,
+          frequentChangeFiles: 0,
+        },
+      },
+    }
+  }
+
+  it('maps drift severities to SARIF levels', () => {
+    const sarif = toSarif(createReport())
+    const levels = sarif.runs[0].results.map((result) => result.level)
+
+    expect(levels).toContain('error')
+    expect(levels).toContain('warning')
+    expect(levels).toContain('note')
+  })
+
+  it('builds SARIF minimal valid structure', () => {
+    const sarif = toSarif(createReport())
+
+    expect(sarif.version).toBe('2.1.0')
+    expect(sarif.runs).toHaveLength(1)
+    expect(sarif.runs[0].tool.driver.name).toBe('drift')
+    expect(Array.isArray(sarif.runs[0].results)).toBe(true)
+    expect(sarif.runs[0].results).toHaveLength(3)
+  })
+
+  it('maps message and location fields for each issue', () => {
+    const sarif = toSarif(createReport())
+    const result = sarif.runs[0].results.find((item) => item.ruleId === 'large-file')
+
+    expect(result).toBeDefined()
+    expect(result?.message.text).toBe('File exceeds threshold')
+    expect(result?.locations[0].physicalLocation.artifactLocation.uri).toBe('src/app.ts')
+    expect(result?.locations[0].physicalLocation.region.startLine).toBe(14)
+    expect(result?.locations[0].physicalLocation.region.startColumn).toBe(3)
+    expect(result?.properties?.weight).toBe(20)
+    expect(result?.properties?.fileScore).toBe(72)
+  })
+
+  it('maps diff newIssues to SARIF results', () => {
+    const diff: DriftDiff = {
+      baseRef: 'origin/main',
+      projectPath: '/repo',
+      scannedAt: '2026-03-17T10:20:30.000Z',
+      files: [
+        {
+          path: 'src/app.ts',
+          scoreBefore: 60,
+          scoreAfter: 72,
+          scoreDelta: 12,
+          newIssues: [
+            {
+              rule: 'debug-leftover',
+              severity: 'warning',
+              message: 'console.log detected',
+              line: 22,
+              column: 1,
+              snippet: 'console.log(value)',
+            },
+          ],
+          resolvedIssues: [
+            {
+              rule: 'magic-number',
+              severity: 'info',
+              message: 'legacy issue resolved',
+              line: 10,
+              column: 5,
+              snippet: '42',
+            },
+          ],
+        },
+      ],
+      totalScoreBefore: 60,
+      totalScoreAfter: 72,
+      totalDelta: 12,
+      newIssuesCount: 1,
+      resolvedIssuesCount: 1,
+    }
+
+    const sarif = diffToSarif(diff)
+
+    expect(sarif.version).toBe('2.1.0')
+    expect(sarif.runs[0].results).toHaveLength(1)
+    expect(sarif.runs[0].results[0]?.ruleId).toBe('debug-leftover')
+    expect(sarif.runs[0].results[0]?.locations[0]?.physicalLocation?.artifactLocation?.uri).toBe('src/app.ts')
+    expect(sarif.runs[0].results[0]?.properties?.baseRef).toBe('origin/main')
+    expect(sarif.runs[0].results[0]?.properties?.scoreDelta).toBe(12)
+    expect(sarif.runs[0].results[0]?.properties?.changeType).toBe('new-issue')
+    expect(sarif.runs[0].properties.baseRef).toBe('origin/main')
+    expect(sarif.runs[0].properties.newIssuesCount).toBe(1)
+    expect(sarif.runs[0].properties.resolvedIssuesCount).toBe(1)
+  })
+})

package/tests/trust-kpi.test.ts

@@ -16,6 +16,8 @@ describe('trust KPI aggregation', () => {
     tempDir = mkdtempSync(join(tmpdir(), 'drift-kpi-aggregate-'))
 
     writeFileSync(join(tempDir, 'trust-a.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 80,
       merge_risk: 'LOW',
       diff_context: {
@@ -32,6 +34,8 @@ describe('trust KPI aggregation', () => {
     }, null, 2))
 
     writeFileSync(join(tempDir, 'trust-b.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 60,
       merge_risk: 'MEDIUM',
       diff_context: {
@@ -48,6 +52,8 @@ describe('trust KPI aggregation', () => {
     }, null, 2))
 
     writeFileSync(join(tempDir, 'trust-c.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 30,
       merge_risk: 'HIGH',
     }, null, 2))
@@ -72,6 +78,8 @@ describe('trust KPI aggregation', () => {
     tempDir = mkdtempSync(join(tmpdir(), 'drift-kpi-parse-'))
 
     writeFileSync(join(tempDir, 'valid.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 70,
       merge_risk: 'MEDIUM',
       diff_context: {
@@ -84,16 +92,25 @@ describe('trust KPI aggregation', () => {
     writeFileSync(join(tempDir, 'broken.json'), '{"trust_score":70')
     writeFileSync(join(tempDir, 'invalid-shape.json'), JSON.stringify({ trust_score: 70 }, null, 2))
     writeFileSync(join(tempDir, 'bad-diff.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
       trust_score: 50,
       merge_risk: 'HIGH',
       diff_context: 'oops',
     }, null, 2))
 
+    writeFileSync(join(tempDir, 'wrong-schema.json'), JSON.stringify({
+      $schema: 'schemas/drift-report.v1.json',
+      toolVersion: '1.3.0',
+      trust_score: 65,
+      merge_risk: 'MEDIUM',
+    }, null, 2))
+
     const kpi = computeTrustKpis(tempDir)
 
-    expect(kpi.files.matched).toBe(4)
+    expect(kpi.files.matched).toBe(5)
     expect(kpi.files.parsed).toBe(2)
-    expect(kpi.files.malformed).toBe(2)
+    expect(kpi.files.malformed).toBe(3)
     expect(kpi.prsEvaluated).toBe(2)
 
     const byCode = new Set(kpi.diagnostics.map((diagnostic) => diagnostic.code))
@@ -106,8 +123,18 @@ describe('trust KPI aggregation', () => {
     tempDir = mkdtempSync(join(tmpdir(), 'drift-kpi-glob-'))
     mkdirSync(join(tempDir, 'nested'))
 
-    writeFileSync(join(tempDir, 'trust-1.json'), JSON.stringify({ trust_score: 90, merge_risk: 'LOW' }))
-    writeFileSync(join(tempDir, 'nested', 'trust-2.json'), JSON.stringify({ trust_score: 20, merge_risk: 'CRITICAL' }))
+    writeFileSync(join(tempDir, 'trust-1.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
+      trust_score: 90,
+      merge_risk: 'LOW',
+    }))
+    writeFileSync(join(tempDir, 'nested', 'trust-2.json'), JSON.stringify({
+      $schema: 'schemas/drift-trust.v1.json',
+      toolVersion: '1.3.0',
+      trust_score: 20,
+      merge_risk: 'CRITICAL',
+    }))
     writeFileSync(join(tempDir, 'other.json'), JSON.stringify({ trust_score: 55, merge_risk: 'MEDIUM' }))
 
     const pattern = join(tempDir, '**', 'trust-*.json')

package/tests/trust.test.ts

@@ -6,6 +6,7 @@ import {
   formatTrustGatePolicyExplanation,
   explainTrustGatePolicy,
   formatTrustJson,
+  formatTrustJsonObject,
   formatTrustMarkdown,
   normalizeMergeRiskLevel,
   renderTrustOutput,
@@ -201,6 +202,23 @@ describe('drift trust baseline', () => {
     expect(renderTrustOutput(trust, { json: true, markdown: true })).toBe(formatTrustJson(trust))
   })
 
+  it('adds schema metadata in trust JSON output without breaking trust payload', () => {
+    const report = createBaseReport({ targetPath: '/tmp/metadata' })
+    const trust = buildTrustReport(report)
+
+    const jsonObject = formatTrustJsonObject(trust)
+    expect(jsonObject.$schema).toBe('schemas/drift-trust.v1.json')
+    expect(typeof jsonObject.toolVersion).toBe('string')
+    expect(jsonObject.toolVersion.length).toBeGreaterThan(0)
+    expect(jsonObject.trust_score).toBe(trust.trust_score)
+    expect(jsonObject.merge_risk).toBe(trust.merge_risk)
+    expect(jsonObject.targetPath).toBe('/tmp/metadata')
+
+    const parsed = JSON.parse(formatTrustJson(trust)) as Record<string, unknown>
+    expect(parsed.$schema).toBe('schemas/drift-trust.v1.json')
+    expect(typeof parsed.toolVersion).toBe('string')
+  })
+
   it('keeps baseline trust contract unchanged when advanced mode is disabled', () => {
     const report = createBaseReport({
       totalScore: 28,

package/vitest.config.ts

@@ -6,6 +6,8 @@ export default defineConfig({
     globals: true,
     environment: 'node',
     include: ['tests/**/*.test.ts'],
+    testTimeout: 15000,
+    hookTimeout: 15000,
     coverage: {
       provider: 'v8',
       include: ['src/**/*.ts'],