@fourteensystems/prodcheck 0.3.0

package/dist/engine/score.test.js

@@ -0,0 +1,227 @@
+import { describe, it, expect } from "vitest";
+import { computeScore, summarizeFindings, parseConfidence, parseSeverity, parseIntOrThrow, confidenceLevel, severityLevel, scoreStatus, buildDetectedList, } from "./score.js";
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: "TEST-RULE",
+        severity: "high",
+        confidence: "high",
+        message: "test finding",
+        file: "test.ts",
+        evidence: [],
+        confidenceRationale: "",
+        remediation: [],
+        tags: [],
+        ...overrides,
+    };
+}
+describe("computeScore", () => {
+    it("returns 100 with no findings", () => {
+        expect(computeScore([])).toBe(100);
+    });
+    it("subtracts confidence-weighted penalty for each finding", () => {
+        // critical/high = 15 × 1.0 = 15 → score 85
+        const findings = [makeFinding({ severity: "critical" })];
+        expect(computeScore(findings)).toBe(85);
+    });
+    it("applies correct penalties per severity (high confidence)", () => {
+        // All findings default to confidence: "high" (weight 1.0)
+        expect(computeScore([makeFinding({ severity: "critical" })])).toBe(85); // 15 × 1.0
+        expect(computeScore([makeFinding({ severity: "high" })])).toBe(94); // 6 × 1.0
+        expect(computeScore([makeFinding({ severity: "med" })])).toBe(97); // 3 × 1.0
+        expect(computeScore([makeFinding({ severity: "low" })])).toBe(99); // 1 × 1.0
+    });
+    it("weights penalties by confidence level", () => {
+        // Same severity, different confidence
+        const critHigh = computeScore([makeFinding({ severity: "critical", confidence: "high" })]);
+        const critMed = computeScore([makeFinding({ severity: "critical", confidence: "med" })]);
+        const critLow = computeScore([makeFinding({ severity: "critical", confidence: "low" })]);
+        // critical: 15 base. high=1.0→15, med=0.25→3.75, low=0.1→1.5
+        expect(critHigh).toBe(85); // 100 - 15
+        expect(critMed).toBe(96); // 100 - 3.75 → round(96.25)
+        expect(critLow).toBe(99); // 100 - 1.5 → round(98.5)
+    });
+    it("med/med finding costs much less than high/high", () => {
+        // med/med = 3 × 0.25 = 0.75 per finding. 10 findings = 7.5 → score 93
+        const findings = Array.from({ length: 10 }, () => makeFinding({ severity: "med", confidence: "med" }));
+        expect(computeScore(findings)).toBe(93); // round(100 - 7.5)
+    });
+    it("low/low findings have minimal impact", () => {
+        // low/low = 1 × 0.1 = 0.1 per finding. 20 findings = 2.0 → score 98
+        const findings = Array.from({ length: 20 }, () => makeFinding({ severity: "low", confidence: "low" }));
+        expect(computeScore(findings)).toBe(98);
+    });
+    it("accumulates multiple findings from different rules", () => {
+        const findings = [
+            makeFinding({ ruleId: "RULE-A", severity: "critical" }), // 15
+            makeFinding({ ruleId: "RULE-B", severity: "critical" }), // 15
+            makeFinding({ ruleId: "RULE-C", severity: "high" }), // 6
+        ];
+        // All high confidence: 15 + 15 + 6 = 36 → score 64
+        expect(computeScore(findings)).toBe(64);
+    });
+    it("caps deduction per rule at 35% of start", () => {
+        // 10 critical/high from same rule = 150 raw penalty, capped at 35
+        const findings = Array.from({ length: 10 }, () => makeFinding({ severity: "critical" }));
+        expect(computeScore(findings)).toBe(65);
+    });
+    it("floors at 0 with enough different rules", () => {
+        // 3 rules × 3 critical/high findings each
+        const findings = [
+            makeFinding({ ruleId: "RULE-A", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-A", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-A", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-B", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-B", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-B", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-C", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-C", severity: "critical" }),
+            makeFinding({ ruleId: "RULE-C", severity: "critical" }),
+        ];
+        // Each rule: 45 raw, capped at 35. 3 × 35 = 105 > 100 → floors at 0
+        expect(computeScore(findings)).toBe(0);
+    });
+    it("uses custom scoring config", () => {
+        const config = { start: 50, penalties: { critical: 10, high: 5, med: 2, low: 1 } };
+        // critical/high with default confidence weight 1.0 → 10 × 1.0 = 10 → 40
+        expect(computeScore([makeFinding({ severity: "critical" })], config)).toBe(40);
+    });
+    it("respects custom maxPenaltyPerRule", () => {
+        const config = {
+            start: 100,
+            penalties: { critical: 25, high: 10, med: 3, low: 1 },
+            maxPenaltyPerRule: 25,
+        };
+        // 5 critical/high from same rule = 125 raw, capped at 25
+        const findings = Array.from({ length: 5 }, () => makeFinding({ severity: "critical" }));
+        expect(computeScore(findings, config)).toBe(75);
+    });
+    it("respects custom confidenceWeights", () => {
+        const config = {
+            start: 100,
+            penalties: { critical: 20, high: 10, med: 5, low: 2 },
+            confidenceWeights: { high: 1.0, med: 0.5, low: 0.2 },
+        };
+        // critical/med = 20 × 0.5 = 10 → score 90
+        expect(computeScore([makeFinding({ severity: "critical", confidence: "med" })], config)).toBe(90);
+    });
+    it("applies cap independently per rule", () => {
+        const findings = [
+            makeFinding({ ruleId: "AUTH", severity: "critical" }),
+            makeFinding({ ruleId: "AUTH", severity: "critical" }),
+            makeFinding({ ruleId: "AUTH", severity: "critical" }),
+            makeFinding({ ruleId: "RATE", severity: "critical" }),
+            makeFinding({ ruleId: "RATE", severity: "critical" }),
+            makeFinding({ ruleId: "RATE", severity: "critical" }),
+        ];
+        // AUTH: 45 raw, capped at 35. RATE: 45 raw, capped at 35. Total: 70 → score 30
+        expect(computeScore(findings)).toBe(30);
+    });
+});
+describe("summarizeFindings", () => {
+    it("returns zero counts with no findings", () => {
+        expect(summarizeFindings([])).toEqual({ critical: 0, high: 0, med: 0, low: 0 });
+    });
+    it("counts by severity", () => {
+        const findings = [
+            makeFinding({ severity: "critical" }),
+            makeFinding({ severity: "critical" }),
+            makeFinding({ severity: "high" }),
+            makeFinding({ severity: "low" }),
+        ];
+        expect(summarizeFindings(findings)).toEqual({ critical: 2, high: 1, med: 0, low: 1 });
+    });
+});
+describe("parseConfidence", () => {
+    it("parses valid values", () => {
+        expect(parseConfidence("high")).toBe("high");
+        expect(parseConfidence("med")).toBe("med");
+        expect(parseConfidence("low")).toBe("low");
+    });
+    it("throws on invalid values", () => {
+        expect(() => parseConfidence("invalid")).toThrow("Invalid confidence");
+        expect(() => parseConfidence("")).toThrow("Invalid confidence");
+    });
+});
+describe("parseSeverity", () => {
+    it("parses valid values", () => {
+        expect(parseSeverity("critical")).toBe("critical");
+        expect(parseSeverity("high")).toBe("high");
+        expect(parseSeverity("med")).toBe("med");
+        expect(parseSeverity("low")).toBe("low");
+    });
+    it("throws on invalid values", () => {
+        expect(() => parseSeverity("medium")).toThrow("Invalid severity");
+        expect(() => parseSeverity("")).toThrow("Invalid severity");
+    });
+});
+describe("parseIntOrThrow", () => {
+    it("parses valid integers", () => {
+        expect(parseIntOrThrow("42", "test")).toBe(42);
+        expect(parseIntOrThrow("0", "test")).toBe(0);
+        expect(parseIntOrThrow("-1", "test")).toBe(-1);
+    });
+    it("throws on non-numbers", () => {
+        expect(() => parseIntOrThrow("abc", "test")).toThrow("Invalid test");
+        expect(() => parseIntOrThrow("", "test")).toThrow("Invalid test");
+    });
+});
+describe("confidenceLevel", () => {
+    it("maps confidence to numeric level", () => {
+        expect(confidenceLevel("high")).toBe(3);
+        expect(confidenceLevel("med")).toBe(2);
+        expect(confidenceLevel("low")).toBe(1);
+    });
+});
+describe("severityLevel", () => {
+    it("maps severity to numeric level", () => {
+        expect(severityLevel("critical")).toBe(4);
+        expect(severityLevel("high")).toBe(3);
+        expect(severityLevel("med")).toBe(2);
+        expect(severityLevel("low")).toBe(1);
+    });
+});
+describe("scoreStatus", () => {
+    it("returns PASS for scores >= 80", () => {
+        expect(scoreStatus(100)).toBe("PASS");
+        expect(scoreStatus(80)).toBe("PASS");
+    });
+    it("returns WARN for scores 50-79", () => {
+        expect(scoreStatus(79)).toBe("WARN");
+        expect(scoreStatus(50)).toBe("WARN");
+    });
+    it("returns FAIL for scores < 50", () => {
+        expect(scoreStatus(49)).toBe("FAIL");
+        expect(scoreStatus(0)).toBe("FAIL");
+    });
+});
+describe("buildDetectedList", () => {
+    function makeEmptyDeps() {
+        return {
+            hasNextAuth: false, hasClerk: false, hasSupabase: false,
+            hasKinde: false, hasWorkOS: false, hasBetterAuth: false,
+            hasLucia: false, hasAuth0: false, hasIronSession: false,
+            hasFirebaseAuth: false, hasPrisma: false, hasDrizzle: false,
+            hasTrpc: false, hasUpstashRatelimit: false, hasArcjet: false,
+            hasUnkey: false,
+        };
+    }
+    it("always includes next-app-router", () => {
+        const result = {
+            detected: { deps: makeEmptyDeps(), trpc: false, middleware: false },
+        };
+        expect(buildDetectedList(result)).toEqual(["next-app-router"]);
+    });
+    it("includes detected deps", () => {
+        const deps = makeEmptyDeps();
+        deps.hasClerk = true;
+        deps.hasPrisma = true;
+        const result = {
+            detected: { deps, trpc: false, middleware: true },
+        };
+        const list = buildDetectedList(result);
+        expect(list).toContain("clerk");
+        expect(list).toContain("prisma");
+        expect(list).toContain("middleware");
+    });
+});
+//# sourceMappingURL=score.test.js.map

package/dist/engine/score.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"score.test.js","sourceRoot":"","sources":["../../src/engine/score.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,eAAe,EACf,eAAe,EACf,aAAa,EACb,WAAW,EACX,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAIpB,SAAS,WAAW,CAAC,YAA8B,EAAE;IACnD,OAAO;QACL,MAAM,EAAE,WAAW;QACnB,QAAQ,EAAE,MAAM;QAChB,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,cAAc;QACvB,IAAI,EAAE,SAAS;QACf,QAAQ,EAAE,EAAE;QACZ,mBAAmB,EAAE,EAAE;QACvB,WAAW,EAAE,EAAE;QACf,IAAI,EAAE,EAAE;QACR,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,2CAA2C;QAC3C,MAAM,QAAQ,GAAG,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;QACzD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAClE,0DAA0D;QAC1D,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAE,WAAW;QACpF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAM,UAAU;QACnF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAO,UAAU;QACnF,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAO,UAAU;IACrF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,sCAAsC;QACtC,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3F,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QACzF,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QAEzF,6DAA6D;QAC7D,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAE,WAAW;QACvC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAG,4BAA4B;QACxD,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAG,0BAA0B;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,sEAAsE;QACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAC/C,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CACpD,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,oEAAoE;QACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAC/C,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CACpD,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,QAAQ,GAAG;YACf,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,EAAG,KAAK;YAC/D,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,EAAG,KAAK;YAC/D,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAO,IAAI;SAC/D,CAAC;QACF,mDAAmD;QACnD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,kEAAkE;QAClE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAC/C,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CACtC,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,0CAA0C;QAC1C,MAAM,QAAQ,GAAG;YACf,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACvD,WAAW,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;SACxD,CAAC;QACF,oEAAoE;QACpE,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACnF,wEAAwE;QACxE,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,GAAG;YACV,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;YACrD,iBAAiB,EAAE,EAAE;SACtB,CAAC;QACF,yDAAyD;QACzD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAC9C,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CACtC,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,GAAG;YACV,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;YACrD,iBAAiB,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;SACrD,CAAC;QACF,0CAA0C;QAC1C,MAAM,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,QAAQ,GAAG;YACf,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrD,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrD,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrD,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrD,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrD,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;SACtD,CAAC;QACF,+EAA+E;QAC/E,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,QAAQ,GAAG;YACf,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrC,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;YACrC,WAAW,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YACjC,WAAW,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;SACjC,CAAC;QACF,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACvE,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,SAAS,aAAa;QACpB,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YACvD,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YACvD,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK;YACvD,eAAe,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK;YAC3D,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;YAC5D,QAAQ,EAAE,KAAK;SAChB,CAAC;IACJ,CAAC;IAED,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;SACtD,CAAC;QAChB,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,IAAI,GAAG,aAAa,EAAE,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,MAAM,MAAM,GAAG;YACb,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;SACpC,CAAC;QAChB,MAAM,IAAI,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/engine/types.d.ts

@@ -0,0 +1,123 @@
+import type { Severity, Confidence, NextDepsIndex } from "../next/types.js";
+export interface Finding {
+    ruleId: string;
+    severity: Severity;
+    confidence: Confidence;
+    message: string;
+    file: string;
+    line?: number;
+    column?: number;
+    endLine?: number;
+    endColumn?: number;
+    snippet?: string;
+    evidence: string[];
+    confidenceRationale: string;
+    remediation: string[];
+    tags: string[];
+}
+export interface Waiver {
+    ruleId: string;
+    file: string;
+    reason: string;
+    expiry?: string;
+    createdAt: string;
+}
+export interface WaiversFile {
+    version: 1;
+    waivers: Waiver[];
+}
+export interface Baseline {
+    version: 1;
+    prodcheckVersion: string;
+    configHash: string;
+    indexVersion: number;
+    createdAt: string;
+    score: number;
+    findingKeys: string[];
+}
+export interface ScanResult {
+    version: 1;
+    prodcheckVersion: string;
+    configHash: string;
+    indexVersion: number;
+    timestamp: string;
+    framework: string;
+    detected: {
+        deps: NextDepsIndex;
+        trpc: boolean;
+        middleware: boolean;
+    };
+    score: number;
+    findings: Finding[];
+    waivedFindings: Finding[];
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        med: number;
+        low: number;
+        waived: number;
+    };
+}
+export interface ScoringConfig {
+    start: number;
+    penalties: Record<Severity, number>;
+    /** Multiplier applied to penalties based on finding confidence. Defaults to { high: 1.0, med: 0.25, low: 0.1 } */
+    confidenceWeights?: Record<Confidence, number>;
+    /** Max deduction any single rule can impose. Defaults to start * 0.35 */
+    maxPenaltyPerRule?: number;
+}
+export interface ProdcheckConfig {
+    framework: "next-app-router";
+    include: string[];
+    exclude: string[];
+    ci: {
+        failOn: Severity;
+        minConfidence: Confidence;
+        minScore: number;
+        maxNewCritical: number;
+        maxNewHigh?: number;
+    };
+    scoring: ScoringConfig;
+    hints: {
+        auth: {
+            functions: string[];
+            middlewareFiles: string[];
+            allowlistPaths: string[];
+        };
+        rateLimit: {
+            wrappers: string[];
+            allowlistPaths: string[];
+        };
+        tenancy: {
+            orgFieldNames: string[];
+        };
+    };
+    rules: Record<string, {
+        severity: Severity;
+    }>;
+    waiversFile: string;
+    license?: {
+        key?: string;
+    };
+    /** Reserved for governance module. Ignored by OSS core if governance not loaded. */
+    governance?: {
+        enabled?: boolean;
+        requiredRules?: string[];
+        waiver?: {
+            requireReason?: boolean;
+            requireExpiry?: boolean;
+            maxDays?: number;
+        };
+        thresholds?: {
+            minScore?: number;
+            maxCritical?: number;
+        };
+        report?: {
+            preAudit?: boolean;
+            format?: "md" | "json" | "pdf";
+            outputDir?: string;
+        };
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/engine/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/engine/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAE5E,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,CAAC,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,CAAC,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE;QACR,IAAI,EAAE,aAAa,CAAC;QACpB,IAAI,EAAE,OAAO,CAAC;QACd,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,cAAc,EAAE,OAAO,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpC,kHAAkH;IAClH,iBAAiB,CAAC,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC/C,yEAAyE;IACzE,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,iBAAiB,CAAC;IAC7B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,EAAE,EAAE;QACF,MAAM,EAAE,QAAQ,CAAC;QACjB,aAAa,EAAE,UAAU,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,OAAO,EAAE,aAAa,CAAC;IACvB,KAAK,EAAE;QACL,IAAI,EAAE;YAAE,SAAS,EAAE,MAAM,EAAE,CAAC;YAAC,eAAe,EAAE,MAAM,EAAE,CAAC;YAAC,cAAc,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;QACnF,SAAS,EAAE;YAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YAAC,cAAc,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;QAC5D,OAAO,EAAE;YAAE,aAAa,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;KACtC,CAAC;IACF,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAE3B,oFAAoF;IACpF,UAAU,CAAC,EAAE;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,MAAM,CAAC,EAAE;YACP,aAAa,CAAC,EAAE,OAAO,CAAC;YACxB,aAAa,CAAC,EAAE,OAAO,CAAC;YACxB,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,UAAU,CAAC,EAAE;YACX,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;QACF,MAAM,CAAC,EAAE;YACP,QAAQ,CAAC,EAAE,OAAO,CAAC;YACnB,MAAM,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,KAAK,CAAC;YAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;SACpB,CAAC;KACH,CAAC;CACH"}

package/dist/engine/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/engine/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/engine/types.ts"],"names":[],"mappings":""}

package/dist/engine/version.d.ts

@@ -0,0 +1,5 @@
+import type { ProdcheckConfig } from "./types.js";
+export declare const PRODCHECK_VERSION = "0.2.7";
+export declare const INDEX_VERSION = 1;
+export declare function hashConfig(config: ProdcheckConfig): string;
+//# sourceMappingURL=version.d.ts.map

package/dist/engine/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/engine/version.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,eAAO,MAAM,iBAAiB,UAAU,CAAC;AACzC,eAAO,MAAM,aAAa,IAAI,CAAC;AAE/B,wBAAgB,UAAU,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAU1D"}

package/dist/engine/version.js

@@ -0,0 +1,15 @@
+import { createHash } from "node:crypto";
+export const PRODCHECK_VERSION = "0.2.7";
+export const INDEX_VERSION = 1;
+export function hashConfig(config) {
+    const normalized = JSON.stringify({
+        framework: config.framework,
+        include: config.include,
+        exclude: config.exclude,
+        hints: config.hints,
+        rules: config.rules,
+        scoring: config.scoring,
+    });
+    return createHash("sha256").update(normalized).digest("hex").slice(0, 12);
+}
+//# sourceMappingURL=version.js.map

package/dist/engine/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../../src/engine/version.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AACzC,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAE/B,MAAM,UAAU,UAAU,CAAC,MAAuB;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IACH,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC"}

package/dist/engine/waivers.d.ts

@@ -0,0 +1,9 @@
+import type { Finding, Waiver } from "./types.js";
+export declare function loadWaivers(rootDir: string, waiversFile: string): Waiver[];
+export declare function saveWaivers(rootDir: string, waiversFile: string, waivers: Waiver[]): void;
+export declare function addWaiver(rootDir: string, waiversFile: string, waiver: Omit<Waiver, "createdAt">): Waiver;
+export declare function applyWaivers(findings: Finding[], waivers: Waiver[]): {
+    active: Finding[];
+    waived: Finding[];
+};
+//# sourceMappingURL=waivers.d.ts.map

package/dist/engine/waivers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"waivers.d.ts","sourceRoot":"","sources":["../../src/engine/waivers.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,EAAe,MAAM,YAAY,CAAC;AAE/D,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,EAAE,CAY1E;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAIzF;AAED,wBAAgB,SAAS,CACvB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,GAChC,MAAM,CASR;AAED,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,EAAE,MAAM,EAAE,GAChB;IAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAAC,MAAM,EAAE,OAAO,EAAE,CAAA;CAAE,CAmB1C"}

package/dist/engine/waivers.js

@@ -0,0 +1,55 @@
+import path from "node:path";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+export function loadWaivers(rootDir, waiversFile) {
+    const abs = path.join(rootDir, waiversFile);
+    if (!existsSync(abs))
+        return [];
+    let raw;
+    try {
+        raw = JSON.parse(readFileSync(abs, "utf8"));
+    }
+    catch (err) {
+        throw new Error(`Failed to parse ${abs}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    // Support both legacy array format and versioned format
+    if (Array.isArray(raw))
+        return raw;
+    return raw.waivers ?? [];
+}
+export function saveWaivers(rootDir, waiversFile, waivers) {
+    const abs = path.join(rootDir, waiversFile);
+    const file = { version: 1, waivers };
+    writeFileSync(abs, JSON.stringify(file, null, 2) + "\n");
+}
+export function addWaiver(rootDir, waiversFile, waiver) {
+    const waivers = loadWaivers(rootDir, waiversFile);
+    const full = {
+        ...waiver,
+        createdAt: new Date().toISOString(),
+    };
+    waivers.push(full);
+    saveWaivers(rootDir, waiversFile, waivers);
+    return full;
+}
+export function applyWaivers(findings, waivers) {
+    const active = [];
+    const waived = [];
+    for (const f of findings) {
+        const hasWaiver = waivers.some((w) => w.ruleId === f.ruleId &&
+            w.file === f.file &&
+            !isExpired(w));
+        if (hasWaiver) {
+            waived.push(f);
+        }
+        else {
+            active.push(f);
+        }
+    }
+    return { active, waived };
+}
+function isExpired(w) {
+    if (!w.expiry)
+        return false;
+    return new Date(w.expiry) < new Date();
+}
+//# sourceMappingURL=waivers.js.map

package/dist/engine/waivers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"waivers.js","sourceRoot":"","sources":["../../src/engine/waivers.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAGlE,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,WAAmB;IAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC5C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IACD,wDAAwD;IACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAe,CAAC;IAC/C,OAAQ,GAAmB,CAAC,OAAO,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,WAAmB,EAAE,OAAiB;IACjF,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAgB,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;IAClD,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,OAAe,EACf,WAAmB,EACnB,MAAiC;IAEjC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,IAAI,GAAW;QACnB,GAAG,MAAM;QACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,QAAmB,EACnB,OAAiB;IAEjB,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAc,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;YACrB,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI;YACjB,CAAC,SAAS,CAAC,CAAC,CAAC,CAChB,CAAC;QACF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,IAAI,CAAC,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5B,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;AACzC,CAAC"}

package/dist/engine/waivers.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=waivers.test.d.ts.map

package/dist/engine/waivers.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"waivers.test.d.ts","sourceRoot":"","sources":["../../src/engine/waivers.test.ts"],"names":[],"mappings":""}

package/dist/engine/waivers.test.js

@@ -0,0 +1,147 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtempSync, rmSync, writeFileSync, readFileSync } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { loadWaivers, saveWaivers, addWaiver, applyWaivers } from "./waivers.js";
+function makeFinding(overrides = {}) {
+    return {
+        ruleId: "TEST-RULE",
+        severity: "high",
+        confidence: "high",
+        message: "test",
+        file: "test.ts",
+        evidence: [],
+        confidenceRationale: "",
+        remediation: [],
+        tags: [],
+        ...overrides,
+    };
+}
+describe("loadWaivers", () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-waivers-"));
+    });
+    afterEach(() => {
+        rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it("returns empty array when file does not exist", () => {
+        expect(loadWaivers(tmpDir, "waivers.json")).toEqual([]);
+    });
+    it("loads legacy array format", () => {
+        const waivers = [{ ruleId: "R1", file: "a.ts", reason: "ok", createdAt: "2024-01-01" }];
+        writeFileSync(path.join(tmpDir, "waivers.json"), JSON.stringify(waivers));
+        expect(loadWaivers(tmpDir, "waivers.json")).toEqual(waivers);
+    });
+    it("loads versioned format", () => {
+        const file = { version: 1, waivers: [{ ruleId: "R1", file: "a.ts", reason: "ok", createdAt: "2024-01-01" }] };
+        writeFileSync(path.join(tmpDir, "waivers.json"), JSON.stringify(file));
+        expect(loadWaivers(tmpDir, "waivers.json")).toHaveLength(1);
+    });
+    it("throws on malformed JSON", () => {
+        writeFileSync(path.join(tmpDir, "waivers.json"), "not json");
+        expect(() => loadWaivers(tmpDir, "waivers.json")).toThrow("Failed to parse");
+    });
+});
+describe("saveWaivers / addWaiver", () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-waivers-"));
+    });
+    afterEach(() => {
+        rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it("saves and loads roundtrip", () => {
+        const waivers = [{ ruleId: "R1", file: "a.ts", reason: "ok", createdAt: "2024-01-01" }];
+        saveWaivers(tmpDir, "w.json", waivers);
+        const loaded = loadWaivers(tmpDir, "w.json");
+        expect(loaded).toEqual(waivers);
+    });
+    it("saves in versioned format", () => {
+        saveWaivers(tmpDir, "w.json", []);
+        const raw = JSON.parse(readFileSync(path.join(tmpDir, "w.json"), "utf8"));
+        expect(raw.version).toBe(1);
+        expect(raw.waivers).toEqual([]);
+    });
+    it("addWaiver appends and sets createdAt", () => {
+        const waiver = addWaiver(tmpDir, "w.json", { ruleId: "R1", file: "a.ts", reason: "test" });
+        expect(waiver.createdAt).toBeDefined();
+        expect(waiver.ruleId).toBe("R1");
+        const loaded = loadWaivers(tmpDir, "w.json");
+        expect(loaded).toHaveLength(1);
+    });
+    it("addWaiver accumulates waivers", () => {
+        addWaiver(tmpDir, "w.json", { ruleId: "R1", file: "a.ts", reason: "first" });
+        addWaiver(tmpDir, "w.json", { ruleId: "R2", file: "b.ts", reason: "second" });
+        const loaded = loadWaivers(tmpDir, "w.json");
+        expect(loaded).toHaveLength(2);
+    });
+});
+describe("applyWaivers", () => {
+    it("returns all findings as active when no waivers", () => {
+        const findings = [makeFinding({ ruleId: "R1", file: "a.ts" })];
+        const { active, waived } = applyWaivers(findings, []);
+        expect(active).toHaveLength(1);
+        expect(waived).toHaveLength(0);
+    });
+    it("waives matching findings", () => {
+        const findings = [
+            makeFinding({ ruleId: "R1", file: "a.ts" }),
+            makeFinding({ ruleId: "R2", file: "b.ts" }),
+        ];
+        const waivers = [
+            { ruleId: "R1", file: "a.ts", reason: "ok", createdAt: "2024-01-01" },
+        ];
+        const { active, waived } = applyWaivers(findings, waivers);
+        expect(active).toHaveLength(1);
+        expect(active[0].ruleId).toBe("R2");
+        expect(waived).toHaveLength(1);
+        expect(waived[0].ruleId).toBe("R1");
+    });
+    it("does not waive when ruleId differs", () => {
+        const findings = [makeFinding({ ruleId: "R1", file: "a.ts" })];
+        const waivers = [
+            { ruleId: "R2", file: "a.ts", reason: "ok", createdAt: "2024-01-01" },
+        ];
+        const { active, waived } = applyWaivers(findings, waivers);
+        expect(active).toHaveLength(1);
+        expect(waived).toHaveLength(0);
+    });
+    it("does not waive when file differs", () => {
+        const findings = [makeFinding({ ruleId: "R1", file: "a.ts" })];
+        const waivers = [
+            { ruleId: "R1", file: "b.ts", reason: "ok", createdAt: "2024-01-01" },
+        ];
+        const { active, waived } = applyWaivers(findings, waivers);
+        expect(active).toHaveLength(1);
+        expect(waived).toHaveLength(0);
+    });
+    it("ignores expired waivers", () => {
+        const findings = [makeFinding({ ruleId: "R1", file: "a.ts" })];
+        const waivers = [
+            { ruleId: "R1", file: "a.ts", reason: "ok", expiry: "2020-01-01", createdAt: "2019-01-01" },
+        ];
+        const { active, waived } = applyWaivers(findings, waivers);
+        expect(active).toHaveLength(1);
+        expect(waived).toHaveLength(0);
+    });
+    it("applies non-expired waivers", () => {
+        const findings = [makeFinding({ ruleId: "R1", file: "a.ts" })];
+        const waivers = [
+            { ruleId: "R1", file: "a.ts", reason: "ok", expiry: "2099-01-01", createdAt: "2024-01-01" },
+        ];
+        const { active, waived } = applyWaivers(findings, waivers);
+        expect(active).toHaveLength(0);
+        expect(waived).toHaveLength(1);
+    });
+    it("applies waivers without expiry", () => {
+        const findings = [makeFinding({ ruleId: "R1", file: "a.ts" })];
+        const waivers = [
+            { ruleId: "R1", file: "a.ts", reason: "ok", createdAt: "2024-01-01" },
+        ];
+        const { active, waived } = applyWaivers(findings, waivers);
+        expect(active).toHaveLength(0);
+        expect(waived).toHaveLength(1);
+    });
+});
+//# sourceMappingURL=waivers.test.js.map