@eviano/tribunal 0.1.2

package/dist/analyzers/claimReconciliation.js

@@ -0,0 +1,190 @@
+import { assertionFreeTest } from './assertionFreeTest.js';
+import { directExports } from './exports.js';
+import { collectDefaultParams, keyMatchesArg } from './defaults.js';
+/**
+ * `claim-reconciliation` — verifies machine-readable PR claims against what the diff actually did, with
+ * deterministic checks only. This is the durable-moat milestone (docs/SPEC.md §5b): the company selling
+ * you the agent won't ship the tool that catches its own agent lying.
+ *
+ * Trust Contract: gate only on CONTRADICTED, and CONTRADICTED must be a syntactic certainty. An unknown
+ * claim, a missing base ref, or an un-enumerable module all degrade to UNVERIFIED — never a false red.
+ */
+const SOURCE_EXT_RE = /\.[cm]?[jt]sx?$/i;
+const TEST_FILE_RE = /(^|[./\\])(test|spec)\.[cm]?[jt]sx?$/i;
+const TEST_DIR_RE = /(^|[/\\])(__tests__|tests?)[/\\]/i;
+function isTestPath(path) {
+    return TEST_FILE_RE.test(path) || TEST_DIR_RE.test(path);
+}
+/** "added a test" → the diff must add at least one test, ideally one with a detectable assertion. */
+function verifyAddedTest(ctx) {
+    // Reuse the assertion-free-test analyzer: it emits one finding per test touched by the diff.
+    const testFindings = assertionFreeTest.run(ctx);
+    const touched = testFindings.length;
+    const asserting = testFindings.filter((f) => f.verdict === 'PASS').length;
+    if (asserting > 0) {
+        return {
+            verdict: 'PASS',
+            title: 'Claim confirmed: test added',
+            detail: `The diff adds ${asserting} test(s) with at least one assertion.`,
+        };
+    }
+    if (touched === 0) {
+        return {
+            verdict: 'CONTRADICTED',
+            title: "Claimed a test was added, but none is in the diff",
+            detail: 'No new test (no it()/test()/Deno.test() block) appears in any changed test file.',
+        };
+    }
+    return {
+        verdict: 'UNVERIFIED',
+        title: 'Test added, but its assertion could not be detected',
+        detail: `The diff adds ${touched} test(s), but none has a detectable assertion (see the assertion-free-test findings). Confirm the test is meaningful.`,
+    };
+}
+const EMPTY_EXPORTS = { names: new Set(), hasDefault: false, uncertain: false };
+/** "no public API change" → exported-symbol set is identical between base and head for changed files. */
+function verifyNoPublicApiChange(ctx) {
+    if (!ctx.base || !ctx.readBaseFile) {
+        return {
+            verdict: 'UNVERIFIED',
+            title: 'No base ref to compare the public API',
+            detail: 'Exported-symbol changes need a base ref to diff against; none was available.',
+        };
+    }
+    const changes = [];
+    let uncertain = false;
+    for (const f of ctx.changedFiles) {
+        if (!SOURCE_EXT_RE.test(f.path) || isTestPath(f.path))
+            continue;
+        const baseContent = ctx.readBaseFile(f.path);
+        const headContent = f.status === 'deleted' ? null : ctx.readFile(f.path);
+        if (baseContent == null && headContent == null)
+            continue;
+        const baseExp = baseContent ? directExports(baseContent, f.path) : EMPTY_EXPORTS;
+        const headExp = headContent ? directExports(headContent, f.path) : EMPTY_EXPORTS;
+        if (baseExp.uncertain || headExp.uncertain) {
+            uncertain = true;
+            continue;
+        }
+        const added = [...headExp.names].filter((n) => !baseExp.names.has(n));
+        const removed = [...baseExp.names].filter((n) => !headExp.names.has(n));
+        if (baseExp.hasDefault !== headExp.hasDefault) {
+            (headExp.hasDefault ? added : removed).push('default');
+        }
+        if (added.length || removed.length) {
+            const parts = [];
+            if (added.length)
+                parts.push(`+${added.join(', +')}`);
+            if (removed.length)
+                parts.push(`-${removed.join(', -')}`);
+            changes.push(`${f.path} (${parts.join('; ')})`);
+        }
+    }
+    if (changes.length) {
+        return {
+            verdict: 'CONTRADICTED',
+            title: 'Claimed no public API change, but exports changed',
+            detail: `Exported symbols changed in: ${changes.join(' | ')}.`,
+        };
+    }
+    if (uncertain) {
+        return {
+            verdict: 'UNVERIFIED',
+            title: 'Public API change could not be fully verified',
+            detail: 'Some changed modules use `export *` / CJS exports that cannot be enumerated statically.',
+        };
+    }
+    return {
+        verdict: 'PASS',
+        title: 'Claim confirmed: no public API change',
+        detail: 'No exported symbols were added or removed in changed source files.',
+    };
+}
+/** "no default flip" → no literal default parameter value changed between base and head. */
+function verifyNoDefaultFlip(ctx, claim) {
+    if (!ctx.base || !ctx.readBaseFile) {
+        return {
+            verdict: 'UNVERIFIED',
+            title: 'No base ref to compare defaults',
+            detail: 'Default-value changes need a base ref to diff against; none was available.',
+        };
+    }
+    const flips = [];
+    for (const f of ctx.changedFiles) {
+        if (!SOURCE_EXT_RE.test(f.path) || isTestPath(f.path))
+            continue;
+        const baseContent = ctx.readBaseFile(f.path);
+        const headContent = f.status === 'deleted' ? null : ctx.readFile(f.path);
+        if (baseContent == null || headContent == null)
+            continue;
+        const baseDefaults = collectDefaultParams(baseContent, f.path);
+        const headDefaults = collectDefaultParams(headContent, f.path);
+        for (const [key, headVal] of headDefaults) {
+            if (!baseDefaults.has(key))
+                continue; // newly-added default is not a flip
+            const baseVal = baseDefaults.get(key);
+            if (baseVal === headVal)
+                continue;
+            if (claim.arg && !keyMatchesArg(key, claim.arg))
+                continue;
+            flips.push(`${f.path} ${key} (${baseVal} → ${headVal})`);
+        }
+    }
+    if (flips.length) {
+        return {
+            verdict: 'CONTRADICTED',
+            title: 'Claimed no default flip, but a default changed',
+            detail: `Default values changed: ${flips.join(' | ')}.`,
+        };
+    }
+    return {
+        verdict: 'PASS',
+        title: 'Claim confirmed: no default flip',
+        detail: claim.arg
+            ? `No literal default for '${claim.arg}' changed in changed source files.`
+            : 'No literal default parameter values changed in changed source files.',
+    };
+}
+const verifiers = {
+    'added-test': verifyAddedTest,
+    'added-tests': verifyAddedTest,
+    'added-a-test': verifyAddedTest,
+    'no-public-api-change': verifyNoPublicApiChange,
+    'no-api-change': verifyNoPublicApiChange,
+    'no-public-api-changes': verifyNoPublicApiChange,
+    'no-default-flip': verifyNoDefaultFlip,
+    'no-default-change': verifyNoDefaultFlip,
+    'no-defaults-changed': verifyNoDefaultFlip,
+};
+export const recognizedClaims = Object.keys(verifiers);
+export const claimReconciliation = {
+    id: 'claim-reconciliation',
+    title: 'Claim reconciliation',
+    description: 'Verifies machine-readable PR claims against the diff using deterministic checks (no LLM).',
+    kind: 'claim-reconciliation',
+    run(ctx) {
+        const claims = ctx.claims ?? [];
+        const findings = [];
+        for (const claim of claims) {
+            const verifier = verifiers[claim.key];
+            const res = verifier
+                ? verifier(ctx, claim)
+                : {
+                    verdict: 'UNVERIFIED',
+                    title: 'Unrecognized claim',
+                    detail: `No deterministic verifier for claim '${claim.key}'. Recognized: ${recognizedClaims.join(', ')}.`,
+                };
+            findings.push({
+                analyzer: 'claim-reconciliation',
+                verdict: res.verdict,
+                file: '(PR claim)',
+                line: 0,
+                title: res.title,
+                detail: res.detail,
+                claim: claim.raw,
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=claimReconciliation.js.map

package/dist/analyzers/claimReconciliation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claimReconciliation.js","sourceRoot":"","sources":["../../src/analyzers/claimReconciliation.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAsB,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEpE;;;;;;;GAOG;AAEH,MAAM,aAAa,GAAG,kBAAkB,CAAC;AACzC,MAAM,YAAY,GAAG,uCAAuC,CAAC;AAC7D,MAAM,WAAW,GAAG,mCAAmC,CAAC;AAExD,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3D,CAAC;AASD,qGAAqG;AACrG,SAAS,eAAe,CAAC,GAAoB;IAC3C,6FAA6F;IAC7F,MAAM,YAAY,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC;IACpC,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAE1E,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,OAAO,EAAE,MAAM;YACf,KAAK,EAAE,6BAA6B;YACpC,MAAM,EAAE,iBAAiB,SAAS,uCAAuC;SAC1E,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,mDAAmD;YAC1D,MAAM,EAAE,kFAAkF;SAC3F,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,KAAK,EAAE,qDAAqD;QAC5D,MAAM,EAAE,iBAAiB,OAAO,uHAAuH;KACxJ,CAAC;AACJ,CAAC;AAED,MAAM,aAAa,GAAkB,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAE/F,yGAAyG;AACzG,SAAS,uBAAuB,CAAC,GAAoB;IACnD,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,uCAAuC;YAC9C,MAAM,EAAE,8EAA8E;SACvF,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhE,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzE,IAAI,WAAW,IAAI,IAAI,IAAI,WAAW,IAAI,IAAI;YAAE,SAAS;QAEzD,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QACjF,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QACjF,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YAC3C,SAAS,GAAG,IAAI,CAAC;YACjB,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACtE,MAAM,OAAO,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,UAAU,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;YAC9C,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,IAAI,KAAK,CAAC,MAAM;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACtD,IAAI,OAAO,CAAC,MAAM;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO;YACL,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,mDAAmD;YAC1D,MAAM,EAAE,gCAAgC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG;SAC/D,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,+CAA+C;YACtD,MAAM,EAAE,yFAAyF;SAClG,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,MAAM;QACf,KAAK,EAAE,uCAAuC;QAC9C,MAAM,EAAE,oEAAoE;KAC7E,CAAC;AACJ,CAAC;AAED,4FAA4F;AAC5F,SAAS,mBAAmB,CAAC,GAAoB,EAAE,KAAY;IAC7D,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,iCAAiC;YACxC,MAAM,EAAE,4EAA4E;SACrF,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,SAAS;QAChE,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzE,IAAI,WAAW,IAAI,IAAI,IAAI,WAAW,IAAI,IAAI;YAAE,SAAS;QAEzD,MAAM,YAAY,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,YAAY,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;YAC1C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAC,oCAAoC;YAC1E,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;YACvC,IAAI,OAAO,KAAK,OAAO;gBAAE,SAAS;YAClC,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC1D,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,GAAG,KAAK,OAAO,MAAM,OAAO,GAAG,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,cAAc;YACvB,KAAK,EAAE,gDAAgD;YACvD,MAAM,EAAE,2BAA2B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG;SACxD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,MAAM;QACf,KAAK,EAAE,kCAAkC;QACzC,MAAM,EAAE,KAAK,CAAC,GAAG;YACf,CAAC,CAAC,2BAA2B,KAAK,CAAC,GAAG,oCAAoC;YAC1E,CAAC,CAAC,sEAAsE;KAC3E,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA6B;IAC1C,YAAY,EAAE,eAAe;IAC7B,aAAa,EAAE,eAAe;IAC9B,cAAc,EAAE,eAAe;IAC/B,sBAAsB,EAAE,uBAAuB;IAC/C,eAAe,EAAE,uBAAuB;IACxC,uBAAuB,EAAE,uBAAuB;IAChD,iBAAiB,EAAE,mBAAmB;IACtC,mBAAmB,EAAE,mBAAmB;IACxC,qBAAqB,EAAE,mBAAmB;CAC3C,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAEvD,MAAM,CAAC,MAAM,mBAAmB,GAAa;IAC3C,EAAE,EAAE,sBAAsB;IAC1B,KAAK,EAAE,sBAAsB;IAC7B,WAAW,EACT,2FAA2F;IAC7F,IAAI,EAAE,sBAAsB;IAC5B,GAAG,CAAC,GAAoB;QACtB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACtC,MAAM,GAAG,GAAmB,QAAQ;gBAClC,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC;gBACtB,CAAC,CAAC;oBACE,OAAO,EAAE,YAAY;oBACrB,KAAK,EAAE,oBAAoB;oBAC3B,MAAM,EAAE,wCAAwC,KAAK,CAAC,GAAG,kBAAkB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;iBAC1G,CAAC;YAEN,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,sBAAsB;gBAChC,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,KAAK,EAAE,KAAK,CAAC,GAAG;aACjB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/analyzers/defaults.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Collect literal default *parameter* values, keyed by a stable name (`fnName:paramName`,
+ * `Class.method:paramName`). This is the highest-signal, lowest-false-positive slice of "default flip":
+ * `function connect(timeoutMs = 30)` → `connect(timeoutMs = 5000)` is a syntactic, checkable fact.
+ */
+export declare function collectDefaultParams(content: string, fileName: string): Map<string, string>;
+/** Does a `fnName:paramName` key match a user-supplied claim argument (param name or fn name)? */
+export declare function keyMatchesArg(key: string, arg: string): boolean;

package/dist/analyzers/defaults.js

@@ -0,0 +1,82 @@
+import ts from 'typescript';
+function scriptKindForPath(path) {
+    if (/\.tsx$/i.test(path))
+        return ts.ScriptKind.TSX;
+    if (/\.jsx$/i.test(path))
+        return ts.ScriptKind.JSX;
+    if (/\.[cm]?ts$/i.test(path))
+        return ts.ScriptKind.TS;
+    return ts.ScriptKind.JS;
+}
+/** Only compare defaults that are literals — anything computed can't be diffed soundly, so we skip it. */
+function isLiteralLike(n) {
+    if (ts.isStringLiteral(n) || ts.isNoSubstitutionTemplateLiteral(n) || ts.isNumericLiteral(n))
+        return true;
+    if (n.kind === ts.SyntaxKind.TrueKeyword ||
+        n.kind === ts.SyntaxKind.FalseKeyword ||
+        n.kind === ts.SyntaxKind.NullKeyword) {
+        return true;
+    }
+    if (ts.isIdentifier(n) && n.text === 'undefined')
+        return true;
+    if (ts.isPrefixUnaryExpression(n) &&
+        (n.operator === ts.SyntaxKind.MinusToken || n.operator === ts.SyntaxKind.PlusToken) &&
+        ts.isNumericLiteral(n.operand)) {
+        return true;
+    }
+    return false;
+}
+function isFunctionLike(n) {
+    return (ts.isFunctionDeclaration(n) ||
+        ts.isMethodDeclaration(n) ||
+        ts.isFunctionExpression(n) ||
+        ts.isArrowFunction(n) ||
+        ts.isConstructorDeclaration(n));
+}
+/**
+ * Collect literal default *parameter* values, keyed by a stable name (`fnName:paramName`,
+ * `Class.method:paramName`). This is the highest-signal, lowest-false-positive slice of "default flip":
+ * `function connect(timeoutMs = 30)` → `connect(timeoutMs = 5000)` is a syntactic, checkable fact.
+ */
+export function collectDefaultParams(content, fileName) {
+    const sf = ts.createSourceFile(fileName, content, ts.ScriptTarget.Latest, true, scriptKindForPath(fileName));
+    const map = new Map();
+    const visit = (node, container) => {
+        let name = container;
+        if (ts.isFunctionDeclaration(node) && node.name) {
+            name = node.name.text;
+        }
+        else if (ts.isClassDeclaration(node) && node.name) {
+            name = node.name.text;
+        }
+        else if (ts.isMethodDeclaration(node) && ts.isIdentifier(node.name)) {
+            name = (container ? `${container}.` : '') + node.name.text;
+        }
+        else if (ts.isConstructorDeclaration(node)) {
+            name = (container ? `${container}.` : '') + 'constructor';
+        }
+        else if (ts.isVariableDeclaration(node) &&
+            ts.isIdentifier(node.name) &&
+            node.initializer &&
+            (ts.isArrowFunction(node.initializer) || ts.isFunctionExpression(node.initializer))) {
+            name = node.name.text;
+        }
+        if (isFunctionLike(node)) {
+            const fnName = name ?? '(anonymous)';
+            for (const p of node.parameters) {
+                if (p.initializer && ts.isIdentifier(p.name) && isLiteralLike(p.initializer)) {
+                    map.set(`${fnName}:${p.name.text}`, p.initializer.getText(sf));
+                }
+            }
+        }
+        ts.forEachChild(node, (child) => visit(child, name));
+    };
+    visit(sf, undefined);
+    return map;
+}
+/** Does a `fnName:paramName` key match a user-supplied claim argument (param name or fn name)? */
+export function keyMatchesArg(key, arg) {
+    const [fnPart, paramPart] = key.split(':');
+    return paramPart === arg || fnPart === arg || fnPart.endsWith(`.${arg}`);
+}
+//# sourceMappingURL=defaults.js.map

package/dist/analyzers/defaults.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/analyzers/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAE5B,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;IACnD,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;IACnD,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;IACtD,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,0GAA0G;AAC1G,SAAS,aAAa,CAAC,CAAgB;IACrC,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,+BAA+B,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1G,IACE,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW;QACpC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,YAAY;QACrC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW,EACpC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9D,IACE,EAAE,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC,QAAQ,KAAK,EAAE,CAAC,UAAU,CAAC,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;QACnF,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,EAC9B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,CAAU;IAChC,OAAO,CACL,EAAE,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC3B,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC;QACzB,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAC1B,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC;QACrB,EAAE,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe,EAAE,QAAgB;IACpE,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7G,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEtC,MAAM,KAAK,GAAG,CAAC,IAAa,EAAE,SAA6B,EAAQ,EAAE;QACnE,IAAI,IAAI,GAAG,SAAS,CAAC;QACrB,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAChD,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,CAAC;aAAM,IAAI,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACpD,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,CAAC;aAAM,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtE,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC7D,CAAC;aAAM,IAAI,EAAE,CAAC,wBAAwB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC;QAC5D,CAAC;aAAM,IACL,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;YAC9B,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1B,IAAI,CAAC,WAAW;YAChB,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EACnF,CAAC;YACD,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QACxB,CAAC;QAED,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,IAAI,aAAa,CAAC;YACrC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChC,IAAI,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC7E,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;gBACjE,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC;IAEF,KAAK,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kGAAkG;AAClG,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,GAAW;IACpD,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3C,OAAO,SAAS,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;AAC3E,CAAC"}

package/dist/analyzers/exports.d.ts

@@ -0,0 +1,12 @@
+export interface DirectExports {
+    names: Set<string>;
+    hasDefault: boolean;
+    /** True when exports cannot be enumerated statically (re-exports via `export *`, CJS, `export =`). */
+    uncertain: boolean;
+}
+/**
+ * Collect a module's DIRECTLY-declared exported names from source text (no disk access, no following
+ * of `export *`). Any construct whose export set can't be enumerated statically flips `uncertain`,
+ * which callers must treat as "cannot decide" rather than "no exports".
+ */
+export declare function directExports(content: string, fileName: string): DirectExports;

package/dist/analyzers/exports.js

@@ -0,0 +1,84 @@
+import ts from 'typescript';
+function scriptKindForPath(path) {
+    if (/\.tsx$/i.test(path))
+        return ts.ScriptKind.TSX;
+    if (/\.jsx$/i.test(path))
+        return ts.ScriptKind.JSX;
+    if (/\.[cm]?ts$/i.test(path))
+        return ts.ScriptKind.TS;
+    return ts.ScriptKind.JS;
+}
+function addBindingName(name, into) {
+    if (ts.isIdentifier(name)) {
+        into.add(name.text);
+    }
+    else if (ts.isObjectBindingPattern(name) || ts.isArrayBindingPattern(name)) {
+        for (const el of name.elements) {
+            if (ts.isBindingElement(el))
+                addBindingName(el.name, into);
+        }
+    }
+}
+/**
+ * Collect a module's DIRECTLY-declared exported names from source text (no disk access, no following
+ * of `export *`). Any construct whose export set can't be enumerated statically flips `uncertain`,
+ * which callers must treat as "cannot decide" rather than "no exports".
+ */
+export function directExports(content, fileName) {
+    const result = { names: new Set(), hasDefault: false, uncertain: false };
+    const sf = ts.createSourceFile(fileName, content, ts.ScriptTarget.Latest, true, scriptKindForPath(fileName));
+    let sawEsExport = false;
+    for (const stmt of sf.statements) {
+        const mods = ts.canHaveModifiers(stmt) ? ts.getModifiers(stmt) : undefined;
+        const hasExport = mods?.some((m) => m.kind === ts.SyntaxKind.ExportKeyword) ?? false;
+        const hasDefault = mods?.some((m) => m.kind === ts.SyntaxKind.DefaultKeyword) ?? false;
+        if (hasExport) {
+            sawEsExport = true;
+            if (hasDefault) {
+                result.hasDefault = true;
+                continue;
+            }
+            if (ts.isVariableStatement(stmt)) {
+                for (const d of stmt.declarationList.declarations)
+                    addBindingName(d.name, result.names);
+            }
+            else if ((ts.isFunctionDeclaration(stmt) ||
+                ts.isClassDeclaration(stmt) ||
+                ts.isInterfaceDeclaration(stmt) ||
+                ts.isTypeAliasDeclaration(stmt) ||
+                ts.isEnumDeclaration(stmt) ||
+                ts.isModuleDeclaration(stmt)) &&
+                stmt.name &&
+                ts.isIdentifier(stmt.name)) {
+                result.names.add(stmt.name.text);
+            }
+        }
+        else if (ts.isExportDeclaration(stmt)) {
+            sawEsExport = true;
+            if (stmt.exportClause) {
+                if (ts.isNamedExports(stmt.exportClause)) {
+                    for (const e of stmt.exportClause.elements)
+                        result.names.add(e.name.text);
+                }
+                else if (ts.isNamespaceExport(stmt.exportClause)) {
+                    result.names.add(stmt.exportClause.name.text);
+                }
+            }
+            else if (stmt.moduleSpecifier) {
+                result.uncertain = true; // `export * from '...'` — cannot enumerate without resolving
+            }
+        }
+        else if (ts.isExportAssignment(stmt)) {
+            sawEsExport = true;
+            if (stmt.isExportEquals)
+                result.uncertain = true; // `export =` (CJS interop)
+            else
+                result.hasDefault = true; // `export default`
+        }
+    }
+    if (!sawEsExport && (/\.[cm]?jsx?$/i.test(fileName) || /\bmodule\.exports\b|\bexports\./.test(content))) {
+        result.uncertain = true;
+    }
+    return result;
+}
+//# sourceMappingURL=exports.js.map

package/dist/analyzers/exports.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exports.js","sourceRoot":"","sources":["../../src/analyzers/exports.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAS5B,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;IACnD,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;IACnD,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;IACtD,OAAO,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,cAAc,CAAC,IAAoB,EAAE,IAAiB;IAC7D,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;SAAM,IAAI,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7E,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC/B,IAAI,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAAE,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,QAAgB;IAC7D,MAAM,MAAM,GAAkB,EAAE,KAAK,EAAE,IAAI,GAAG,EAAU,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAChG,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7G,IAAI,WAAW,GAAG,KAAK,CAAC;IAExB,KAAK,MAAM,IAAI,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3E,MAAM,SAAS,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC;QACrF,MAAM,UAAU,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC;QAEvF,IAAI,SAAS,EAAE,CAAC;YACd,WAAW,GAAG,IAAI,CAAC;YACnB,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;gBACzB,SAAS;YACX,CAAC;YACD,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,YAAY;oBAAE,cAAc,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1F,CAAC;iBAAM,IACL,CAAC,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;gBAC7B,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC;gBAC3B,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC;gBAC/B,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC;gBAC/B,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC;gBAC1B,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAC/B,IAAI,CAAC,IAAI;gBACT,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAC1B,CAAC;gBACD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,WAAW,GAAG,IAAI,CAAC;YACnB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACtB,IAAI,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;oBACzC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ;wBAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;oBACnD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAChC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,6DAA6D;YACxF,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,WAAW,GAAG,IAAI,CAAC;YACnB,IAAI,IAAI,CAAC,cAAc;gBAAE,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,2BAA2B;;gBACxE,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,mBAAmB;QACpD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,WAAW,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,iCAAiC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACxG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/analyzers/hallucinatedSymbol.d.ts

@@ -0,0 +1,22 @@
+import ts from 'typescript';
+import type { Analyzer } from '../types.js';
+interface Resolution {
+    options: ts.CompilerOptions;
+    host: ts.ModuleResolutionHost;
+}
+/** Resolve the way the target repo's own compiler does — read its tsconfig when present. */
+declare function buildResolution(repoRoot: string): Resolution;
+interface Exports {
+    names: Set<string>;
+    hasDefault: boolean;
+    /** True when exports could not be fully enumerated (CJS, unresolvable `export *`, unreadable file). */
+    uncertain: boolean;
+}
+/** Statically collect a module's exported names. Follows local `export *` re-exports, depth-limited. */
+declare function collectExports(file: string, r: Resolution, depth: number, seen: Set<string>): Exports;
+export declare const hallucinatedSymbol: Analyzer;
+export declare const __test__: {
+    collectExports: typeof collectExports;
+    buildResolution: typeof buildResolution;
+};
+export {};

package/dist/analyzers/hallucinatedSymbol.js

@@ -0,0 +1,233 @@
+import ts from 'typescript';
+import { existsSync, readFileSync } from 'node:fs';
+import { dirname, isAbsolute, resolve } from 'node:path';
+/**
+ * `hallucinated-symbol` (M1: import subset) — flags imports the PR added that reference a module path
+ * or a named export that does not exist. This is the highest-precision slice of "hallucinated symbol":
+ * an agent importing `{ parseConifg }` from a module that exports `parseConfig`, or importing from a
+ * relative path it never created.
+ *
+ * Trust Contract (docs/SPEC.md §3):
+ *  - CONTRADICTED : a syntactic certainty — a RELATIVE import path resolves to no file, or a resolved
+ *                   local module statically has no such named export.
+ *  - UNVERIFIED   : a bare package import that doesn't resolve (uninstalled / maybe slopsquatted — that
+ *                   is Provenance-Lock's job), or a module whose exports cannot be enumerated statically
+ *                   (CJS, `export *` to an unresolvable target).
+ *  - (no finding) : the path resolves and the named export exists.
+ *
+ * Default imports are intentionally never flagged: esModuleInterop / CJS synthesize a default, so a
+ * missing `export default` is not a certainty.
+ */
+const SOURCE_EXT_RE = /\.[cm]?[jt]sx?$/i;
+const JS_EXT_RE = /\.[cm]?jsx?$/i;
+const MAX_REEXPORT_DEPTH = 4;
+function scriptKindForPath(path) {
+    if (/\.tsx$/i.test(path))
+        return ts.ScriptKind.TSX;
+    if (/\.jsx$/i.test(path))
+        return ts.ScriptKind.JSX;
+    if (/\.[cm]?ts$/i.test(path))
+        return ts.ScriptKind.TS;
+    return ts.ScriptKind.JS;
+}
+/** Resolve the way the target repo's own compiler does — read its tsconfig when present. */
+function buildResolution(repoRoot) {
+    let options = {
+        allowJs: true,
+        target: ts.ScriptTarget.Latest,
+        moduleResolution: ts.ModuleResolutionKind.Bundler,
+    };
+    const cfgPath = ts.findConfigFile(repoRoot, ts.sys.fileExists, 'tsconfig.json');
+    if (cfgPath) {
+        const read = ts.readConfigFile(cfgPath, ts.sys.readFile);
+        if (!read.error && read.config) {
+            const parsed = ts.parseJsonConfigFileContent(read.config, ts.sys, dirname(cfgPath));
+            options = { ...parsed.options, allowJs: true };
+        }
+    }
+    return { options, host: ts.sys };
+}
+function resolveModule(spec, containingFile, r) {
+    return ts.resolveModuleName(spec, containingFile, r.options, r.host).resolvedModule?.resolvedFileName;
+}
+function safeRead(file) {
+    if (!existsSync(file))
+        return null;
+    try {
+        return readFileSync(file, 'utf8');
+    }
+    catch {
+        return null;
+    }
+}
+function addBindingName(name, into) {
+    if (ts.isIdentifier(name)) {
+        into.add(name.text);
+    }
+    else if (ts.isObjectBindingPattern(name) || ts.isArrayBindingPattern(name)) {
+        for (const el of name.elements) {
+            if (ts.isBindingElement(el))
+                addBindingName(el.name, into);
+        }
+    }
+}
+/** Statically collect a module's exported names. Follows local `export *` re-exports, depth-limited. */
+function collectExports(file, r, depth, seen) {
+    const result = { names: new Set(), hasDefault: false, uncertain: false };
+    if (seen.has(file) || depth > MAX_REEXPORT_DEPTH) {
+        result.uncertain = true;
+        return result;
+    }
+    seen.add(file);
+    const content = safeRead(file);
+    if (content == null) {
+        result.uncertain = true;
+        return result;
+    }
+    const sf = ts.createSourceFile(file, content, ts.ScriptTarget.Latest, true, scriptKindForPath(file));
+    let sawEsExport = false;
+    for (const stmt of sf.statements) {
+        const mods = ts.canHaveModifiers(stmt) ? ts.getModifiers(stmt) : undefined;
+        const hasExport = mods?.some((m) => m.kind === ts.SyntaxKind.ExportKeyword) ?? false;
+        const hasDefault = mods?.some((m) => m.kind === ts.SyntaxKind.DefaultKeyword) ?? false;
+        if (hasExport) {
+            sawEsExport = true;
+            if (hasDefault) {
+                result.hasDefault = true;
+                continue;
+            }
+            if (ts.isVariableStatement(stmt)) {
+                for (const d of stmt.declarationList.declarations)
+                    addBindingName(d.name, result.names);
+            }
+            else if ((ts.isFunctionDeclaration(stmt) ||
+                ts.isClassDeclaration(stmt) ||
+                ts.isInterfaceDeclaration(stmt) ||
+                ts.isTypeAliasDeclaration(stmt) ||
+                ts.isEnumDeclaration(stmt) ||
+                ts.isModuleDeclaration(stmt)) &&
+                stmt.name &&
+                ts.isIdentifier(stmt.name)) {
+                result.names.add(stmt.name.text);
+            }
+        }
+        else if (ts.isExportDeclaration(stmt)) {
+            sawEsExport = true;
+            if (stmt.exportClause) {
+                if (ts.isNamedExports(stmt.exportClause)) {
+                    for (const e of stmt.exportClause.elements)
+                        result.names.add(e.name.text);
+                }
+                else if (ts.isNamespaceExport(stmt.exportClause)) {
+                    result.names.add(stmt.exportClause.name.text);
+                }
+            }
+            else if (stmt.moduleSpecifier && ts.isStringLiteral(stmt.moduleSpecifier)) {
+                // `export * from '...'`
+                const target = resolveModule(stmt.moduleSpecifier.text, file, r);
+                if (target) {
+                    const sub = collectExports(target, r, depth + 1, seen);
+                    for (const n of sub.names)
+                        result.names.add(n);
+                    if (sub.uncertain)
+                        result.uncertain = true;
+                }
+                else {
+                    result.uncertain = true;
+                }
+            }
+        }
+        else if (ts.isExportAssignment(stmt)) {
+            sawEsExport = true;
+            if (stmt.isExportEquals)
+                result.uncertain = true; // `export =` (CJS interop)
+            else
+                result.hasDefault = true; // `export default`
+        }
+    }
+    // A JS/CJS module with no ES exports may export dynamically — we cannot be certain.
+    if (!sawEsExport && (JS_EXT_RE.test(file) || /\bmodule\.exports\b|\bexports\./.test(content))) {
+        result.uncertain = true;
+    }
+    return result;
+}
+function lineOf(sf, pos) {
+    return sf.getLineAndCharacterOfPosition(pos).line + 1;
+}
+function overlaps(addedLines, start, end) {
+    if (addedLines.size === 0)
+        return false;
+    for (let l = start; l <= end; l++)
+        if (addedLines.has(l))
+            return true;
+    return false;
+}
+function mk(verdict, file, line, endLine, title, detail) {
+    return { analyzer: 'hallucinated-symbol', verdict, file, line, endLine, title, detail };
+}
+function checkFile(sf, filePath, addedLines, absFile, r) {
+    const findings = [];
+    for (const stmt of sf.statements) {
+        if (!ts.isImportDeclaration(stmt) || !ts.isStringLiteral(stmt.moduleSpecifier))
+            continue;
+        const start = lineOf(sf, stmt.getStart(sf));
+        const end = lineOf(sf, stmt.getEnd());
+        if (!overlaps(addedLines, start, end))
+            continue;
+        const spec = stmt.moduleSpecifier.text;
+        const isRelative = spec.startsWith('.') || isAbsolute(spec);
+        const resolved = resolveModule(spec, absFile, r);
+        if (!resolved) {
+            if (isRelative) {
+                findings.push(mk('CONTRADICTED', filePath, start, end, 'Import path does not exist', `'${spec}' does not resolve to any file from ${filePath}.`));
+            }
+            else {
+                findings.push(mk('UNVERIFIED', filePath, start, end, 'Unresolved package import', `Package '${spec}' could not be resolved (not installed?). Dependency existence is out of scope for this check.`));
+            }
+            continue;
+        }
+        const clause = stmt.importClause;
+        if (!clause || !clause.namedBindings || !ts.isNamedImports(clause.namedBindings))
+            continue;
+        const exp = collectExports(resolved, r, 0, new Set());
+        for (const el of clause.namedBindings.elements) {
+            const imported = (el.propertyName ?? el.name).text;
+            if (imported === 'default')
+                continue;
+            if (exp.names.has(imported))
+                continue;
+            if (exp.uncertain) {
+                findings.push(mk('UNVERIFIED', filePath, start, end, 'Unverifiable named import', `Could not confirm '${imported}' is exported by '${spec}' (re-exports or non-static exports). Verify manually.`));
+            }
+            else {
+                findings.push(mk('CONTRADICTED', filePath, start, end, 'Import of nonexistent export', `'${spec}' has no export named '${imported}'.`));
+            }
+        }
+    }
+    return findings;
+}
+export const hallucinatedSymbol = {
+    id: 'hallucinated-symbol',
+    title: 'Hallucinated imports',
+    description: 'Flags imports the PR added that reference a module path or named export that does not exist.',
+    kind: 'claim-independent',
+    run(ctx) {
+        const r = buildResolution(ctx.repoRoot);
+        const findings = [];
+        for (const f of ctx.changedFiles) {
+            if (f.status === 'deleted')
+                continue;
+            if (!SOURCE_EXT_RE.test(f.path))
+                continue;
+            const src = ctx.readFile(f.path);
+            if (src == null)
+                continue;
+            const absFile = resolve(ctx.repoRoot, f.path);
+            const sf = ts.createSourceFile(absFile, src, ts.ScriptTarget.Latest, true, scriptKindForPath(f.path));
+            findings.push(...checkFile(sf, f.path, f.addedLines, absFile, r));
+        }
+        return findings;
+    },
+};
+export const __test__ = { collectExports, buildResolution };
+//# sourceMappingURL=hallucinatedSymbol.js.map