@gitgov/core 2.6.0 → 2.7.1

package/dist/src/index.js

@@ -985,20 +985,10 @@ var embedded_metadata_schema_default = {
             "execution",
             "changelog",
             "feedback",
-            "cycle",
-            "custom"
+            "cycle"
           ],
           description: "The type of the record contained in the payload."
         },
-        schemaUrl: {
-          type: "string",
-          description: "Optional URL to a custom schema for the payload."
-        },
-        schemaChecksum: {
-          type: "string",
-          pattern: "^[a-fA-F0-9]{64}$",
-          description: "Optional SHA-256 checksum of the custom schema."
-        },
         payloadChecksum: {
           type: "string",
           pattern: "^[a-fA-F0-9]{64}$",
@@ -1222,32 +1212,6 @@ var embedded_metadata_schema_default = {
         }
       },
       else: false
-    },
-    {
-      if: {
-        properties: {
-          header: {
-            type: "object",
-            properties: {
-              type: {
-                const: "custom"
-              }
-            }
-          }
-        }
-      },
-      then: {
-        properties: {
-          header: {
-            type: "object",
-            required: [
-              "schemaUrl",
-              "schemaChecksum"
-            ]
-          }
-        }
-      },
-      else: false
     }
   ],
   examples: [
@@ -6915,7 +6879,7 @@ function inferTypeFromPayload(payload) {
   if ("status" in payload && "taskIds" in payload) return "cycle";
   if ("priority" in payload && "description" in payload) return "task";
   if ("displayName" in payload && "publicKey" in payload) return "actor";
-  return "custom";
+  return "task";
 }
 function createEmbeddedMetadataRecord(payload, options = {}) {
   const inferredType = inferTypeFromPayload(payload);
@@ -6940,11 +6904,7 @@ function createEmbeddedMetadataRecord(payload, options = {}) {
     // Always 1.0 (schema enforces this)
     type,
     payloadChecksum,
-    signatures,
-    ...type === "custom" && {
-      schemaUrl: options.header?.schemaUrl,
-      schemaChecksum: options.header?.schemaChecksum
-    }
+    signatures
   };
   const embeddedRecord = {
     header,
@@ -7693,6 +7653,22 @@ var LintModule = class {
     }
     return results;
   }
+  /**
+   * Validates typed references by prefix (pure, no I/O).
+   * Delegates to private validateTypedReferencesByPrefix.
+   */
+  lintRecordReferences(record, context) {
+    const payload = record.payload;
+    if (!Array.isArray(payload.references) || payload.references.length === 0) {
+      return [];
+    }
+    return this.validateTypedReferencesByPrefix(
+      payload.references,
+      context.recordId,
+      context.filePath || `unknown/${context.recordId}.json`,
+      context.entityType
+    );
+  }
   /**
    * Validates all records from stores.
    * Iterates this.stores to collect records, then validates each one.
@@ -7810,7 +7786,7 @@ var LintModule = class {
           fixedRecord = this.fixChecksum(fixedRecord);
           break;
         case "SIGNATURE_STRUCTURE":
-          fixedRecord = this.fixSignature(fixedRecord, result, options);
+          fixedRecord = this.fixSignature(fixedRecord, result, options, fixableResults);
           break;
         // BIDIRECTIONAL_CONSISTENCY requires modifying OTHER records
         // This must be handled by FsLintModule which can write multiple files
@@ -7909,6 +7885,45 @@ var LintModule = class {
     }
     return results;
   }
+  /**
+   * [EARS-E2] Validates typed references by prefix.
+   * Valid prefixes: file:, task:, cycle:, adapter:, url:, commit:, pr:
+   * Reports a warning for unknown prefixes and an error for empty values after known prefix.
+   * Pure — does not resolve actual references.
+   * @private
+   */
+  validateTypedReferencesByPrefix(references, recordId, filePath, entityType) {
+    const VALID_PREFIXES = ["file:", "task:", "cycle:", "adapter:", "url:", "commit:", "pr:"];
+    const results = [];
+    for (const ref of references) {
+      const matchedPrefix = VALID_PREFIXES.find((p) => ref.startsWith(p));
+      if (!matchedPrefix) {
+        results.push({
+          level: "warning",
+          filePath,
+          validator: "REFERENTIAL_INTEGRITY",
+          message: `Reference '${ref}' has an unknown prefix. Valid prefixes: ${VALID_PREFIXES.join(", ")}`,
+          entity: { type: entityType, id: recordId },
+          fixable: false,
+          context: { field: "references", actual: ref, expected: "reference with valid prefix" }
+        });
+      } else {
+        const value = ref.slice(matchedPrefix.length);
+        if (!value) {
+          results.push({
+            level: "error",
+            filePath,
+            validator: "REFERENTIAL_INTEGRITY",
+            message: `Reference '${ref}' has prefix '${matchedPrefix}' but no value after it`,
+            entity: { type: entityType, id: recordId },
+            fixable: false,
+            context: { field: "references", actual: ref, expected: `${matchedPrefix}<non-empty-value>` }
+          });
+        }
+      }
+    }
+    return results;
+  }
   /**
    * [EARS-E1] through [EARS-E6] Validates references.
    * Uses Store<T> for lookups.
@@ -7917,6 +7932,16 @@ var LintModule = class {
   async validateReferences(record, recordId, filePath, entityType) {
     const results = [];
     const payload = record.payload;
+    const payloadWithRefs = payload;
+    if (Array.isArray(payloadWithRefs.references) && payloadWithRefs.references.length > 0) {
+      const prefixResults = this.validateTypedReferencesByPrefix(
+        payloadWithRefs.references,
+        recordId,
+        filePath,
+        entityType
+      );
+      results.push(...prefixResults);
+    }
     const taskStore = this.stores.tasks;
     const cycleStore = this.stores.cycles;
     if (entityType === "execution" && isExecutionPayload(payload) && payload.taskId && taskStore) {
@@ -8119,23 +8144,59 @@ var LintModule = class {
     };
   }
   /**
-   * Fixes signature structure issues.
-   * @private
-   */
-  /**
-   * [EARS-F9] Fixes signature structure issues.
+   * [EARS-F9] [EARS-F10] Fixes signature structure issues.
    *
    * Preserves valid keyId and role from existing signature if present,
    * only using options.keyId as fallback when no existing signature exists.
    *
+   * [EARS-F10] When the ONLY problem is a missing `notes` field (no other
+   * signature errors exist for this record), adds `notes` WITHOUT regenerating
+   * the signature — preserving the existing cryptographic value.
+   *
    * @private
    */
-  fixSignature(record, result, options) {
+  fixSignature(record, result, options, allResults) {
     if (!options.privateKey) {
       throw new Error("privateKey is required to fix signature");
     }
-    const payloadChecksum = calculatePayloadChecksum(record.payload);
     const existingSig = record.header?.signatures?.[0];
+    const isOnlyMissingNotes = (() => {
+      if (!result.message.includes("must have required property 'notes'")) {
+        return false;
+      }
+      if (allResults) {
+        const otherSigErrors = allResults.filter(
+          (r) => r !== result && r.validator === "SIGNATURE_STRUCTURE" && r.entity.id === result.entity.id && r.fixable
+        );
+        if (otherSigErrors.length > 0) {
+          return false;
+        }
+      }
+      const sigValue = existingSig?.signature;
+      if (!sigValue || !/^[A-Za-z0-9+/]{86}==$/.test(sigValue)) {
+        return false;
+      }
+      return true;
+    })();
+    if (isOnlyMissingNotes && existingSig) {
+      const fixedSig = {
+        keyId: existingSig.keyId,
+        role: existingSig.role,
+        notes: "Signature notes added by lint fix",
+        signature: existingSig.signature,
+        timestamp: existingSig.timestamp
+      };
+      const payloadChecksum2 = calculatePayloadChecksum(record.payload);
+      return {
+        header: {
+          ...record.header,
+          payloadChecksum: payloadChecksum2,
+          signatures: [fixedSig]
+        },
+        payload: record.payload
+      };
+    }
+    const payloadChecksum = calculatePayloadChecksum(record.payload);
     const keyId = existingSig?.keyId || options.keyId || result.entity.id;
     const role = existingSig?.role || "author";
     const notes = existingSig?.notes || "Signature regenerated by lint fix";
@@ -8229,6 +8290,7 @@ __export(sync_state_exports, {
   ActorIdentityMismatchError: () => ActorIdentityMismatchError,
   ConflictMarkersPresentError: () => ConflictMarkersPresentError,
   CryptoModuleRequiredError: () => CryptoModuleRequiredError,
+  DEFAULT_STATE_BRANCH: () => DEFAULT_STATE_BRANCH,
   IntegrityViolationError: () => IntegrityViolationError,
   NoRebaseInProgressError: () => NoRebaseInProgressError,
   PullScheduler: () => PullScheduler,
@@ -8440,6 +8502,9 @@ var PullScheduler = class {
   }
 };
 
+// src/sync_state/fs_worktree/fs_worktree_sync_state.types.ts
+var DEFAULT_STATE_BRANCH = "gitgov-state";
+
 // src/sync_state/sync_state.errors.ts
 var SyncStateError = class _SyncStateError extends Error {
   constructor(message) {