@esbenwiberg/corpus-default 1.1.0

package/dist/probes/deps-audit-configured.js

@@ -0,0 +1,172 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const NODE_AUDIT_HINTS = [
+    /\bnpm\s+audit\b/,
+    /\bpnpm\s+audit\b/,
+    /\byarn\s+audit\b/,
+    /\baudit-ci\b/,
+    /\bbetter-npm-audit\b/,
+    /\bsnyk\s+test\b/i,
+    /\bsnyk\b/i,
+];
+const PY_AUDIT_HINTS = [/\bpip-audit\b/i, /\bsafety\s+(?:check|scan)\b/i];
+const GO_AUDIT_HINTS = [/\bgovulncheck\b/i];
+const RUST_AUDIT_HINTS = [/\bcargo[-\s]audit\b/i, /\bcargo[-\s]deny\b/i];
+const JAVA_AUDIT_HINTS = [/\bdependency-check\b/i, /\borg\.owasp:dependency-check\b/i, /\bsnyk\b/i];
+const DOTNET_AUDIT_HINTS = [/\bdotnet\s+list\s+package\s+--vulnerable\b/i, /\bdotnet-retire\b/i];
+const RUBY_AUDIT_HINTS = [/\bbundle(?:r)?[-\s]audit\b/i];
+const GENERIC_AUDIT_HINTS = [
+    /\btrivy\s+(?:fs|repo)\b/i,
+    /\bdependabot\b/i,
+    /uses:\s*github\/dependency-review-action/i,
+];
+const ALL_HINTS = [
+    ...NODE_AUDIT_HINTS,
+    ...PY_AUDIT_HINTS,
+    ...GO_AUDIT_HINTS,
+    ...RUST_AUDIT_HINTS,
+    ...JAVA_AUDIT_HINTS,
+    ...DOTNET_AUDIT_HINTS,
+    ...RUBY_AUDIT_HINTS,
+    ...GENERIC_AUDIT_HINTS,
+];
+const DEPENDABOT_PATHS = [".github/dependabot.yml", ".github/dependabot.yaml"];
+export default defineProbe({
+    id: "deps.audit-configured",
+    version: "1.0.0",
+    dimensions: [{ id: "safety", weight: 1 }],
+    tier: "static",
+    evidence: ["node_package", "files", "ci_workflows"],
+    rationale: `
+    A vulnerability scanner is the only durable defence against a
+    transitive dependency landing a known CVE in your tree. Without one,
+    an agent (or human) won't notice until production. This probe looks
+    for a recognised audit step in package.json scripts or in a CI
+    workflow, across the major ecosystems (npm/yarn/pnpm audit,
+    pip-audit/safety, govulncheck, cargo audit / cargo deny, OWASP
+    dependency-check, \`dotnet list package --vulnerable\`,
+    bundler-audit), plus generic options (Snyk, Trivy, Dependabot).
+  `,
+    remediation: "Wire a vuln audit into CI. Node: `npx audit-ci --moderate` or `npm audit --audit-level=high`. Python: `pip-audit`. Go: `govulncheck ./...`. Rust: `cargo audit`. Java: OWASP `dependency-check`. .NET: `dotnet list package --vulnerable --include-transitive`. Ruby: `bundle audit`. Alternative: enable GitHub Dependabot (commit `.github/dependabot.yml`) or use Snyk/Trivy. Pick one — any audit is better than no audit.",
+    async detect(ev) {
+        const checkText = (raw) => raw ? ALL_HINTS.some((p) => p.test(raw)) : false;
+        if (ev.node_package.present) {
+            const scriptsBlob = Object.values(ev.node_package.scripts).join("\n");
+            if (checkText(scriptsBlob))
+                return { kind: "predicate", value: true };
+            if ("audit-ci" in ev.node_package.devDependencies ||
+                "better-npm-audit" in ev.node_package.devDependencies ||
+                "snyk" in ev.node_package.devDependencies) {
+                return { kind: "predicate", value: true };
+            }
+        }
+        for (const wf of ev.ci_workflows.workflows) {
+            if (ALL_HINTS.some((p) => p.test(wf.raw))) {
+                return { kind: "predicate", value: true };
+            }
+        }
+        for (const path of DEPENDABOT_PATHS) {
+            if (ev.files.has(path))
+                return { kind: "predicate", value: true };
+        }
+        return { kind: "predicate", value: false };
+    },
+    score: { kind: "predicate", direction: "positive" },
+    fixtures: [
+        {
+            name: "nothing-configured",
+            evidence: {
+                node_package: { present: true },
+                files: [],
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+        {
+            name: "npm-audit-in-script",
+            evidence: {
+                node_package: {
+                    present: true,
+                    scripts: { audit: "npm audit --audit-level=high" },
+                },
+                files: [],
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "audit-ci-devdep",
+            evidence: {
+                node_package: {
+                    present: true,
+                    devDependencies: { "audit-ci": "^7.0.0" },
+                },
+                files: [],
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "govulncheck-in-ci",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                ci_workflows: {
+                    present: true,
+                    workflows: [{ path: ".github/workflows/sec.yml", raw: "run: govulncheck ./..." }],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "cargo-audit-in-ci",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                ci_workflows: {
+                    present: true,
+                    workflows: [{ path: ".github/workflows/audit.yml", raw: "run: cargo audit" }],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "dotnet-vulnerable-in-ci",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                ci_workflows: {
+                    present: true,
+                    workflows: [
+                        {
+                            path: ".github/workflows/ci.yml",
+                            raw: "run: dotnet list package --vulnerable --include-transitive",
+                        },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "dependabot-config",
+            evidence: {
+                node_package: { present: false },
+                files: [".github/dependabot.yml"],
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "pip-audit-in-ci",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                ci_workflows: {
+                    present: true,
+                    workflows: [{ path: ".github/workflows/sec.yml", raw: "run: pip-audit" }],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+    ],
+});
+//# sourceMappingURL=deps-audit-configured.js.map

package/dist/probes/deps-audit-configured.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deps-audit-configured.js","sourceRoot":"","sources":["../../src/probes/deps-audit-configured.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,gBAAgB,GAAG;IACvB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,cAAc;IACd,sBAAsB;IACtB,kBAAkB;IAClB,WAAW;CACZ,CAAC;AAEF,MAAM,cAAc,GAAG,CAAC,gBAAgB,EAAE,8BAA8B,CAAC,CAAC;AAC1E,MAAM,cAAc,GAAG,CAAC,kBAAkB,CAAC,CAAC;AAC5C,MAAM,gBAAgB,GAAG,CAAC,sBAAsB,EAAE,qBAAqB,CAAC,CAAC;AACzE,MAAM,gBAAgB,GAAG,CAAC,uBAAuB,EAAE,kCAAkC,EAAE,WAAW,CAAC,CAAC;AACpG,MAAM,kBAAkB,GAAG,CAAC,6CAA6C,EAAE,oBAAoB,CAAC,CAAC;AACjG,MAAM,gBAAgB,GAAG,CAAC,6BAA6B,CAAC,CAAC;AACzD,MAAM,mBAAmB,GAAG;IAC1B,0BAA0B;IAC1B,iBAAiB;IACjB,2CAA2C;CAC5C,CAAC;AAEF,MAAM,SAAS,GAAG;IAChB,GAAG,gBAAgB;IACnB,GAAG,cAAc;IACjB,GAAG,cAAc;IACjB,GAAG,gBAAgB;IACnB,GAAG,gBAAgB;IACnB,GAAG,kBAAkB;IACrB,GAAG,gBAAgB;IACnB,GAAG,mBAAmB;CACvB,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,wBAAwB,EAAE,yBAAyB,CAAC,CAAC;AAE/E,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,uBAAuB;IAC3B,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzC,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,cAAc,EAAE,OAAO,EAAE,cAAc,CAAC;IAEnD,SAAS,EAAE;;;;;;;;;GASV;IAED,WAAW,EACT,gaAAga;IAEla,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,SAAS,GAAG,CAAC,GAAuB,EAAE,EAAE,CAC5C,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAEnD,IAAI,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtE,IAAI,SAAS,CAAC,WAAW,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YACtE,IACE,UAAU,IAAI,EAAE,CAAC,YAAY,CAAC,eAAe;gBAC7C,kBAAkB,IAAI,EAAE,CAAC,YAAY,CAAC,eAAe;gBACrD,MAAM,IAAI,EAAE,CAAC,YAAY,CAAC,eAAe,EACzC,CAAC;gBACD,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC3C,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC1C,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACpE,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE;IAEnD,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBAC/B,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;QACD;YACE,IAAI,EAAE,qBAAqB;YAC3B,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,EAAE,KAAK,EAAE,8BAA8B,EAAE;iBACnD;gBACD,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,eAAe,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE;iBAC1C;gBACD,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,2BAA2B,EAAE,GAAG,EAAE,wBAAwB,EAAE,CAAC;iBAClF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,6BAA6B,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC;iBAC9E;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,yBAAyB;YAC/B,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE;wBACT;4BACE,IAAI,EAAE,0BAA0B;4BAChC,GAAG,EAAE,4DAA4D;yBAClE;qBACF;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,CAAC,wBAAwB,CAAC;gBACjC,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,2BAA2B,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC;iBAC1E;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;KACF;CACF,CAAC,CAAC"}

package/dist/probes/deps-lockfile-present.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=deps-lockfile-present.d.ts.map

package/dist/probes/deps-lockfile-present.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deps-lockfile-present.d.ts","sourceRoot":"","sources":["../../src/probes/deps-lockfile-present.ts"],"names":[],"mappings":";AA0BA,wBAwLG"}

package/dist/probes/deps-lockfile-present.js

@@ -0,0 +1,190 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const NODE_LOCKFILES = [
+    "package-lock.json",
+    "npm-shrinkwrap.json",
+    "yarn.lock",
+    "pnpm-lock.yaml",
+    "bun.lockb",
+    "bun.lock",
+];
+const PY_MANIFEST = /(?:^|\/)(?:pyproject\.toml|setup\.cfg|setup\.py|Pipfile)$/i;
+const PY_LOCKFILES = /(?:^|\/)(?:poetry\.lock|Pipfile\.lock|uv\.lock|pdm\.lock)$/i;
+const GO_MOD = /(?:^|\/)go\.mod$/i;
+const GO_SUM = /(?:^|\/)go\.sum$/i;
+const RUST_MANIFEST = /(?:^|\/)Cargo\.toml$/i;
+const RUST_LOCKFILE = /(?:^|\/)Cargo\.lock$/i;
+const RUBY_GEMFILE = /(?:^|\/)Gemfile$/;
+const RUBY_LOCKFILE = /(?:^|\/)Gemfile\.lock$/;
+const DOTNET_PROJECT = /\.(?:cs|fs|vb)proj$/i;
+const DOTNET_LOCKFILE = /(?:^|\/)packages\.lock\.json$/i;
+export default defineProbe({
+    id: "deps.lockfile-present",
+    version: "1.0.0",
+    dimensions: [{ id: "safety", weight: 1 }],
+    tier: "static",
+    evidence: ["node_package", "files", "size_stats"],
+    rationale: `
+    A lockfile pins the exact dependency graph an agent (or anyone else)
+    will install. Without one, two installs minutes apart can produce
+    different trees, and the agent's "works on my machine" may not be
+    reproducible. This probe checks for a lockfile alongside a recognised
+    manifest across Node, Python (poetry/pipenv/uv/pdm), Go (\`go.sum\`),
+    Rust (\`Cargo.lock\`), Ruby (\`Gemfile.lock\`), and .NET
+    (\`packages.lock.json\`). Maven has no native lockfile concept and is
+    ignored.
+  `,
+    remediation: "Commit a lockfile. Node: run `npm install` / `yarn` / `pnpm install` / `bun install` and check in the resulting lockfile. Python: use Poetry, Pipenv, uv, or pdm and commit their lockfile. Go: `go mod tidy` then commit `go.sum`. Rust: commit `Cargo.lock` (binaries — for libraries it's optional but harmless). Ruby: commit `Gemfile.lock`. .NET: set `<RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>` in the project and commit `packages.lock.json`.",
+    async detect(ev) {
+        const allPaths = ev.size_stats.files.map((f) => f.path);
+        const hasFile = (re) => allPaths.some((p) => re.test(p));
+        const ecosystems = [];
+        if (ev.node_package.present) {
+            const hasNodeLock = NODE_LOCKFILES.some((name) => ev.files.has(name));
+            ecosystems.push({ name: "node", manifest: true, lockfile: hasNodeLock });
+        }
+        if (hasFile(PY_MANIFEST)) {
+            ecosystems.push({ name: "python", manifest: true, lockfile: hasFile(PY_LOCKFILES) });
+        }
+        if (hasFile(GO_MOD)) {
+            ecosystems.push({ name: "go", manifest: true, lockfile: hasFile(GO_SUM) });
+        }
+        if (hasFile(RUST_MANIFEST)) {
+            ecosystems.push({ name: "rust", manifest: true, lockfile: hasFile(RUST_LOCKFILE) });
+        }
+        if (hasFile(RUBY_GEMFILE)) {
+            ecosystems.push({ name: "ruby", manifest: true, lockfile: hasFile(RUBY_LOCKFILE) });
+        }
+        if (hasFile(DOTNET_PROJECT)) {
+            ecosystems.push({ name: "dotnet", manifest: true, lockfile: hasFile(DOTNET_LOCKFILE) });
+        }
+        if (ecosystems.length === 0) {
+            return { kind: "na", reason: "no recognised dependency manifest" };
+        }
+        const allLocked = ecosystems.every((e) => e.lockfile);
+        return { kind: "predicate", value: allLocked };
+    },
+    score: { kind: "predicate", direction: "positive" },
+    fixtures: [
+        {
+            name: "no-manifest",
+            evidence: {
+                node_package: { present: false },
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+                files: [],
+            },
+            expect: { reading: { kind: "na", reason: "no recognised dependency manifest" }, score: null },
+        },
+        {
+            name: "node-with-lockfile",
+            evidence: {
+                node_package: { present: true },
+                files: ["package-lock.json"],
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "node-no-lockfile",
+            evidence: {
+                node_package: { present: true },
+                files: [],
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+        {
+            name: "go-with-sum",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 200,
+                    totalFiles: 2,
+                    files: [
+                        { path: "go.mod", bytes: 100, lines: 5, depth: 0 },
+                        { path: "go.sum", bytes: 100, lines: 5, depth: 0 },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "rust-no-cargo-lock",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 100,
+                    totalFiles: 1,
+                    files: [{ path: "Cargo.toml", bytes: 100, lines: 5, depth: 0 }],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+        {
+            name: "dotnet-with-packages-lock",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 200,
+                    totalFiles: 2,
+                    files: [
+                        { path: "src/App.csproj", bytes: 100, lines: 5, depth: 1 },
+                        { path: "src/packages.lock.json", bytes: 100, lines: 5, depth: 1 },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "python-pipfile-no-lock",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 100,
+                    totalFiles: 1,
+                    files: [{ path: "Pipfile", bytes: 100, lines: 5, depth: 0 }],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+        {
+            name: "ruby-with-gemfile-lock",
+            evidence: {
+                node_package: { present: false },
+                files: [],
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 200,
+                    totalFiles: 2,
+                    files: [
+                        { path: "Gemfile", bytes: 100, lines: 5, depth: 0 },
+                        { path: "Gemfile.lock", bytes: 100, lines: 5, depth: 0 },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "node-locked-but-go-unlocked",
+            evidence: {
+                node_package: { present: true },
+                files: ["package-lock.json"],
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 100,
+                    totalFiles: 1,
+                    files: [{ path: "go.mod", bytes: 100, lines: 5, depth: 0 }],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+    ],
+});
+//# sourceMappingURL=deps-lockfile-present.js.map

package/dist/probes/deps-lockfile-present.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deps-lockfile-present.js","sourceRoot":"","sources":["../../src/probes/deps-lockfile-present.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,cAAc,GAAG;IACrB,mBAAmB;IACnB,qBAAqB;IACrB,WAAW;IACX,gBAAgB;IAChB,WAAW;IACX,UAAU;CACX,CAAC;AAEF,MAAM,WAAW,GAAG,4DAA4D,CAAC;AACjF,MAAM,YAAY,GAAG,6DAA6D,CAAC;AAEnF,MAAM,MAAM,GAAG,mBAAmB,CAAC;AACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC;AAEnC,MAAM,aAAa,GAAG,uBAAuB,CAAC;AAC9C,MAAM,aAAa,GAAG,uBAAuB,CAAC;AAE9C,MAAM,YAAY,GAAG,kBAAkB,CAAC;AACxC,MAAM,aAAa,GAAG,wBAAwB,CAAC;AAE/C,MAAM,cAAc,GAAG,sBAAsB,CAAC;AAC9C,MAAM,eAAe,GAAG,gCAAgC,CAAC;AAEzD,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,uBAAuB;IAC3B,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzC,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,cAAc,EAAE,OAAO,EAAE,YAAY,CAAC;IAEjD,SAAS,EAAE;;;;;;;;;GASV;IAED,WAAW,EACT,+cAA+c;IAEjd,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,CAAC,EAAU,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,MAAM,UAAU,GAA6D,EAAE,CAAC;QAEhF,IAAI,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YACtE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACpB,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,IAAI,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC3B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC5B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAC1F,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;QACrE,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACtD,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACjD,CAAC;IAED,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE;IAEnD,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;gBAC/E,KAAK,EAAE,EAAE;aACV;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mCAAmC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC9F;QACD;YACE,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBAC/B,KAAK,EAAE,CAAC,mBAAmB,CAAC;gBAC5B,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;aAChF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBAC/B,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;aAChF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;QACD;YACE,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;wBAClD,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;qBACnD;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;iBAChE;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;QACD;YACE,IAAI,EAAE,2BAA2B;YACjC,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;wBAC1D,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;qBACnE;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,wBAAwB;YAC9B,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;iBAC7D;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;QACD;YACE,IAAI,EAAE,wBAAwB;YAC9B,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;gBAChC,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;wBACnD,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;qBACzD;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,6BAA6B;YACnC,QAAQ,EAAE;gBACR,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBAC/B,KAAK,EAAE,CAAC,mBAAmB,CAAC;gBAC5B,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;iBAC5D;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;KACF;CACF,CAAC,CAAC"}

package/dist/probes/docs-adr-presence.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=docs-adr-presence.d.ts.map

package/dist/probes/docs-adr-presence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs-adr-presence.d.ts","sourceRoot":"","sources":["../../src/probes/docs-adr-presence.ts"],"names":[],"mappings":";AAMA,wBA6EG"}

package/dist/probes/docs-adr-presence.js

@@ -0,0 +1,76 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const ADR_DIRS = ["docs/adr/", "doc/adr/", "adr/", "decisions/", "docs/decisions/"];
+const ADR_FILE_PATTERN = /\.(md|markdown)$/i;
+export default defineProbe({
+    id: "docs.adr-presence",
+    version: "1.0.0",
+    dimensions: [{ id: "context", weight: 1 }],
+    tier: "derived",
+    evidence: ["size_stats"],
+    rationale: `
+    Architecture Decision Records explain *why* the codebase looks the way
+    it does — exactly the questions an agent would otherwise ask the team.
+    Counting ADRs is cheap and revealing: zero means decisions are tribal
+    knowledge.
+  `,
+    remediation: "Start writing ADRs (Architecture Decision Records) under `docs/adr/`. Each one captures one decision: the context, the options, what you chose, and why. Even short ADRs (50–200 words) prevent future debates from re-litigating settled choices. Templates: see adr.github.io or `Nygard`-style.",
+    async detect(ev) {
+        if (ev.size_stats.source === "none") {
+            return { kind: "na", reason: "no git working tree" };
+        }
+        const samples = [];
+        for (const f of ev.size_stats.files) {
+            if (ADR_DIRS.some((d) => f.path.startsWith(d)) && ADR_FILE_PATTERN.test(f.path)) {
+                samples.push({ path: f.path });
+            }
+        }
+        return { kind: "count", value: samples.length, samples: samples.slice(0, 5) };
+    },
+    score: {
+        kind: "count",
+        direction: "positive",
+        bands: [{ upTo: 0, score: 0 }, { upTo: 2, score: 30 }, { upTo: 5, score: 70 }, { score: 100 }],
+    },
+    fixtures: [
+        {
+            name: "no-adrs",
+            evidence: {
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 0,
+                    totalFiles: 1,
+                    files: [{ path: "src/x.ts", bytes: 1, lines: 1, depth: 2 }],
+                },
+            },
+            expect: { reading: { kind: "count", value: 0, samples: [] }, score: 0 },
+        },
+        {
+            name: "three-adrs",
+            evidence: {
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 0,
+                    totalFiles: 3,
+                    files: [
+                        { path: "docs/adr/0001-intro.md", bytes: 1, lines: 1, depth: 3 },
+                        { path: "docs/adr/0002-stack.md", bytes: 1, lines: 1, depth: 3 },
+                        { path: "docs/adr/0003-license.md", bytes: 1, lines: 1, depth: 3 },
+                    ],
+                },
+            },
+            expect: {
+                reading: {
+                    kind: "count",
+                    value: 3,
+                    samples: [
+                        { path: "docs/adr/0001-intro.md" },
+                        { path: "docs/adr/0002-stack.md" },
+                        { path: "docs/adr/0003-license.md" },
+                    ],
+                },
+                score: 70,
+            },
+        },
+    ],
+});
+//# sourceMappingURL=docs-adr-presence.js.map

package/dist/probes/docs-adr-presence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs-adr-presence.js","sourceRoot":"","sources":["../../src/probes/docs-adr-presence.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,QAAQ,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC;AACpF,MAAM,gBAAgB,GAAG,mBAAmB,CAAC;AAE7C,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,mBAAmB;IACvB,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAC1C,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,CAAC,YAAY,CAAC;IAExB,SAAS,EAAE;;;;;GAKV;IAED,WAAW,EACT,oSAAoS;IAEtS,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;QACvD,CAAC;QACD,MAAM,OAAO,GAAe,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACpC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChF,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAChF,CAAC;IAED,KAAK,EAAE;QACL,IAAI,EAAE,OAAO;QACb,SAAS,EAAE,UAAU;QACrB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;KAC/F;IAED,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE;gBACR,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,CAAC;oBACb,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;iBAC5D;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACxE;QACD;YACE,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE;gBACR,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,CAAC;oBACb,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;wBAChE,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;wBAChE,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;qBACnE;iBACF;aACF;YACD,MAAM,EAAE;gBACN,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,CAAC;oBACR,OAAO,EAAE;wBACP,EAAE,IAAI,EAAE,wBAAwB,EAAE;wBAClC,EAAE,IAAI,EAAE,wBAAwB,EAAE;wBAClC,EAAE,IAAI,EAAE,0BAA0B,EAAE;qBACrC;iBACF;gBACD,KAAK,EAAE,EAAE;aACV;SACF;KACF;CACF,CAAC,CAAC"}

package/dist/probes/docs-adr-quality.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=docs-adr-quality.d.ts.map

package/dist/probes/docs-adr-quality.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs-adr-quality.d.ts","sourceRoot":"","sources":["../../src/probes/docs-adr-quality.ts"],"names":[],"mappings":";AA+BA,wBAgHG"}

package/dist/probes/docs-adr-quality.js

@@ -0,0 +1,128 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const PROBE_VERSION = "1.0.0";
+const MAX_ADRS = 5;
+const MAX_CHARS_PER_ADR = 3_000;
+const MAX_INPUT_CHARS = 18_000;
+const ADR_DIRS = ["docs/adr/", "doc/adr/", "adr/", "decisions/", "docs/decisions/"];
+const ADR_FILE = /\.(?:md|markdown)$/i;
+const RUBRIC = {
+    task: "Judge the substance of these Architecture Decision Records. Are they recording real decisions in a form an agent could learn from, or are they templates with the slots empty?",
+    criteria: [
+        {
+            id: "decision-stated",
+            description: "Does each ADR actually state a decision? A good ADR names what was chosen, what the alternatives were, and which one won. A 'Status: Proposed — TBD' ADR doesn't count; nor does an ADR that lists alternatives without picking one.",
+        },
+        {
+            id: "rationale-clear",
+            description: "Does the ADR explain *why* — the constraint, the tradeoff, or the past incident that drove the call? Without rationale an agent can't tell whether a change is safe to revisit. Bullet lists of pros/cons with no synthesis count for less than a paragraph that names the binding constraint.",
+        },
+        {
+            id: "current-and-living",
+            description: "Do the ADRs feel maintained — statuses meaningful (Accepted / Superseded / Deprecated with a pointer), dates present, content matching how the code actually works today? A folder of accepted-but-untrue ADRs is a trap; the agent will follow them and be wrong.",
+        },
+    ],
+};
+export default defineProbe({
+    id: "docs.adr-quality",
+    version: PROBE_VERSION,
+    dimensions: [{ id: "context", weight: 1 }],
+    tier: "reasoned",
+    evidence: ["files", "size_stats", "judge"],
+    rationale: `
+    docs.adr-presence counts files. An ADR folder can hit the count
+    without recording any real decisions — templates with empty slots,
+    "TBD" statuses, lists of alternatives with no choice. This probe
+    samples a few ADRs and asks an LLM whether they describe actual
+    decisions, with rationale, that are still current. Cached.
+  `,
+    remediation: "Make your ADRs actually decide something. Each should name: (1) the decision made, (2) the alternatives considered, (3) why this option won (the binding constraint or tradeoff), (4) status (Accepted / Superseded with pointer / Deprecated) and a date. Empty templates and 'Proposed — TBD' don't count.",
+    async detect(ev) {
+        const adrPaths = ev.size_stats.files
+            .map((f) => f.path)
+            .filter((p) => ADR_DIRS.some((d) => p.startsWith(d)) && ADR_FILE.test(p))
+            .sort();
+        if (adrPaths.length === 0) {
+            return { kind: "na", reason: "no ADRs found" };
+        }
+        const sampled = [];
+        let totalChars = 0;
+        for (const p of adrPaths) {
+            if (sampled.length >= MAX_ADRS)
+                break;
+            const text = await ev.files.readText(p);
+            if (!text)
+                continue;
+            const slice = text.slice(0, MAX_CHARS_PER_ADR);
+            sampled.push({ path: p, text: slice });
+            totalChars += slice.length;
+            if (totalChars >= MAX_INPUT_CHARS)
+                break;
+        }
+        if (sampled.length === 0) {
+            return { kind: "na", reason: "ADR files declared but unreadable" };
+        }
+        const input = sampled.map((s) => `# ${s.path}\n\n${s.text}`).join("\n\n---\n\n");
+        const result = await ev.judge.score({
+            probeId: "docs.adr-quality",
+            probeVersion: PROBE_VERSION,
+            input,
+            rubric: RUBRIC,
+        });
+        return {
+            kind: "judge",
+            score: result.score,
+            perCriterion: result.perCriterion,
+            rationale: result.rationale,
+            model: result.model,
+        };
+    },
+    score: { kind: "judge" },
+    fixtures: [
+        {
+            name: "no-adrs",
+            evidence: {
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+            },
+            expect: { reading: { kind: "na", reason: "no ADRs found" }, score: null },
+        },
+        {
+            name: "substantive-adrs",
+            evidence: {
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 200,
+                    totalFiles: 1,
+                    files: [{ path: "docs/adr/0001-stack.md", bytes: 200, lines: 20, depth: 2 }],
+                },
+                files: {
+                    "docs/adr/0001-stack.md": "# Use TypeScript\nStatus: Accepted (2026-01)\nDecision: ts.\nWhy: types catch errors.\n",
+                },
+                judge: {
+                    score: 80,
+                    perCriterion: {
+                        "decision-stated": 80,
+                        "rationale-clear": 80,
+                        "current-and-living": 80,
+                    },
+                    rationale: "Clear decision, dated, with rationale.",
+                    model: "fixture",
+                },
+            },
+            expect: {
+                reading: {
+                    kind: "judge",
+                    score: 80,
+                    perCriterion: {
+                        "decision-stated": 80,
+                        "rationale-clear": 80,
+                        "current-and-living": 80,
+                    },
+                    rationale: "Clear decision, dated, with rationale.",
+                    model: "fixture",
+                },
+                score: 80,
+            },
+        },
+    ],
+});
+//# sourceMappingURL=docs-adr-quality.js.map

package/dist/probes/docs-adr-quality.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs-adr-quality.js","sourceRoot":"","sources":["../../src/probes/docs-adr-quality.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,aAAa,GAAG,OAAO,CAAC;AAC9B,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,iBAAiB,GAAG,KAAK,CAAC;AAChC,MAAM,eAAe,GAAG,MAAM,CAAC;AAE/B,MAAM,QAAQ,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC;AACpF,MAAM,QAAQ,GAAG,qBAAqB,CAAC;AAEvC,MAAM,MAAM,GAAG;IACb,IAAI,EAAE,gLAAgL;IACtL,QAAQ,EAAE;QACR;YACE,EAAE,EAAE,iBAAiB;YACrB,WAAW,EACT,sOAAsO;SACzO;QACD;YACE,EAAE,EAAE,iBAAiB;YACrB,WAAW,EACT,gSAAgS;SACnS;QACD;YACE,EAAE,EAAE,oBAAoB;YACxB,WAAW,EACT,oQAAoQ;SACvQ;KACF;CACO,CAAC;AAEX,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,kBAAkB;IACtB,OAAO,EAAE,aAAa;IACtB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAC1C,IAAI,EAAE,UAAU;IAChB,QAAQ,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC;IAE1C,SAAS,EAAE;;;;;;GAMV;IAED,WAAW,EACT,8SAA8S;IAEhT,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aACxE,IAAI,EAAE,CAAC;QAEV,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,OAAO,GAAqC,EAAE,CAAC;QACrD,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,OAAO,CAAC,MAAM,IAAI,QAAQ;gBAAE,MAAM;YACtC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACvC,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC;YAC3B,IAAI,UAAU,IAAI,eAAe;gBAAE,MAAM;QAC3C,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;QACrE,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEjF,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC;YAClC,OAAO,EAAE,kBAAkB;YAC3B,YAAY,EAAE,aAAa;YAC3B,KAAK;YACL,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;QAEH,OAAO;YACL,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;IACJ,CAAC;IAED,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;IAExB,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE;gBACR,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;aAChF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC1E;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE;gBACR,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,wBAAwB,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;iBAC7E;gBACD,KAAK,EAAE;oBACL,wBAAwB,EACtB,yFAAyF;iBAC5F;gBACD,KAAK,EAAE;oBACL,KAAK,EAAE,EAAE;oBACT,YAAY,EAAE;wBACZ,iBAAiB,EAAE,EAAE;wBACrB,iBAAiB,EAAE,EAAE;wBACrB,oBAAoB,EAAE,EAAE;qBACzB;oBACD,SAAS,EAAE,wCAAwC;oBACnD,KAAK,EAAE,SAAS;iBACjB;aACF;YACD,MAAM,EAAE;gBACN,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE;oBACT,YAAY,EAAE;wBACZ,iBAAiB,EAAE,EAAE;wBACrB,iBAAiB,EAAE,EAAE;wBACrB,oBAAoB,EAAE,EAAE;qBACzB;oBACD,SAAS,EAAE,wCAAwC;oBACnD,KAAK,EAAE,SAAS;iBACjB;gBACD,KAAK,EAAE,EAAE;aACV;SACF;KACF;CACF,CAAC,CAAC"}

package/dist/probes/docs-contributing-present.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=docs-contributing-present.d.ts.map

package/dist/probes/docs-contributing-present.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs-contributing-present.d.ts","sourceRoot":"","sources":["../../src/probes/docs-contributing-present.ts"],"names":[],"mappings":";AAEA,wBAaG"}