@hongmaple0820/scale-engine 0.21.2 → 0.24.0

package/dist/workflow/gates/VisualGate.d.ts

@@ -0,0 +1,41 @@
+import type { IGate } from './GateSystem.js';
+import type { GateResult, GateStage } from '../types.js';
+export type VisualFindingSeverity = 'critical' | 'high' | 'medium' | 'low';
+export interface VisualGateConfig {
+    enabled?: boolean;
+    baseUrl?: string;
+    specPath?: string;
+    routes?: string[];
+    reportPath?: string;
+    blockingSeverities?: VisualFindingSeverity[];
+}
+export interface VisualGateFinding {
+    severity: VisualFindingSeverity;
+    route?: string;
+    message: string;
+    evidence?: string;
+}
+export interface VisualGateReport {
+    screenshots?: Array<{
+        route: string;
+        path: string;
+    }>;
+    findings?: VisualGateFinding[];
+}
+export interface VisualGateOptions {
+    projectDir?: string;
+    config?: VisualGateConfig;
+}
+export declare class VisualGate implements IGate {
+    stage: GateStage;
+    name: string;
+    description: string;
+    requiredLevel: 'S' | 'M' | 'L' | 'ALWAYS' | 'CRITICAL';
+    private projectDir;
+    private config?;
+    constructor(options?: VisualGateOptions);
+    execute(): Promise<GateResult>;
+    private validateConfig;
+    private resolvePath;
+    private result;
+}

package/dist/workflow/gates/VisualGate.js

@@ -0,0 +1,174 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { isAbsolute, join } from 'node:path';
+const DEFAULT_BLOCKING_SEVERITIES = ['critical', 'high'];
+export class VisualGate {
+    constructor(options = {}) {
+        this.stage = 'G9';
+        this.name = 'Visual Gate';
+        this.description = 'Validates structured visual review evidence against UI spec routes.';
+        this.requiredLevel = 'M';
+        this.projectDir = options.projectDir ?? process.cwd();
+        this.config = options.config;
+    }
+    async execute() {
+        const start = Date.now();
+        if (!this.config?.enabled) {
+            return this.result({
+                passed: true,
+                status: 'PASSED',
+                evidenceItems: [
+                    createEvidence({
+                        kind: 'manual',
+                        label: 'Visual gate skipped',
+                        passed: true,
+                        detail: 'Visual checks are not enabled for this task.',
+                    }),
+                ],
+                blockers: [],
+                start,
+            });
+        }
+        const validation = this.validateConfig(this.config);
+        if (validation.blockers.length > 0) {
+            return this.result({
+                passed: false,
+                status: 'FAILED',
+                evidenceItems: [
+                    createEvidence({
+                        kind: 'manual',
+                        label: 'Visual gate configuration',
+                        passed: false,
+                        detail: validation.blockers.join('; '),
+                    }),
+                ],
+                blockers: validation.blockers,
+                start,
+            });
+        }
+        const reportPath = this.resolvePath(this.config.reportPath);
+        let report;
+        try {
+            report = JSON.parse(readFileSync(reportPath, 'utf-8'));
+        }
+        catch (error) {
+            const detail = error instanceof Error ? error.message : String(error);
+            return this.result({
+                passed: false,
+                status: 'FAILED',
+                evidenceItems: [
+                    createEvidence({
+                        kind: 'file',
+                        label: 'Visual report parse',
+                        passed: false,
+                        path: reportPath,
+                        detail,
+                    }),
+                ],
+                blockers: [`visual report could not be parsed: ${detail}`],
+                start,
+            });
+        }
+        const findings = normalizeFindings(report.findings ?? []);
+        const blockingSeverities = this.config.blockingSeverities ?? DEFAULT_BLOCKING_SEVERITIES;
+        const blockers = findings
+            .filter(finding => blockingSeverities.includes(finding.severity))
+            .map(finding => `${finding.severity} visual finding${finding.route ? ` on ${finding.route}` : ''}: ${finding.message}`);
+        const evidenceItems = [
+            createEvidence({
+                kind: 'file',
+                label: 'Visual report',
+                passed: blockers.length === 0,
+                path: reportPath,
+                detail: renderFindingSummary(findings, report.screenshots?.length ?? 0),
+            }),
+        ];
+        return this.result({
+            passed: blockers.length === 0,
+            status: blockers.length === 0 ? 'PASSED' : 'FAILED',
+            evidenceItems,
+            blockers,
+            start,
+        });
+    }
+    validateConfig(config) {
+        const blockers = [];
+        if (!config.baseUrl) {
+            blockers.push('visual.baseUrl is required');
+        }
+        else {
+            try {
+                const url = new URL(config.baseUrl);
+                if (url.protocol !== 'http:' && url.protocol !== 'https:') {
+                    blockers.push('visual.baseUrl must use http or https');
+                }
+            }
+            catch {
+                blockers.push('visual.baseUrl must be a valid URL');
+            }
+        }
+        if (!config.specPath) {
+            blockers.push('visual.specPath is required');
+        }
+        else if (!existsSync(this.resolvePath(config.specPath))) {
+            blockers.push(`visual spec does not exist: ${config.specPath}`);
+        }
+        if (!config.routes || config.routes.length === 0) {
+            blockers.push('visual.routes must contain at least one route');
+        }
+        if (!config.reportPath) {
+            blockers.push('visual report path is required');
+        }
+        else if (!existsSync(this.resolvePath(config.reportPath))) {
+            blockers.push(`visual report does not exist: ${config.reportPath}`);
+        }
+        return { blockers };
+    }
+    resolvePath(path) {
+        return isAbsolute(path) ? path : join(this.projectDir, ...path.split('/'));
+    }
+    result(input) {
+        return {
+            gate: this.stage,
+            status: input.status,
+            passed: input.passed,
+            evidence: textEvidence(input.evidenceItems),
+            evidenceItems: input.evidenceItems,
+            blockers: input.blockers,
+            durationMs: Date.now() - input.start,
+        };
+    }
+}
+function normalizeFindings(findings) {
+    return findings.map(finding => ({
+        ...finding,
+        severity: normalizeSeverity(finding.severity),
+    }));
+}
+function normalizeSeverity(severity) {
+    const normalized = severity.toLowerCase();
+    if (normalized === 'critical' || normalized === 'high' || normalized === 'medium' || normalized === 'low') {
+        return normalized;
+    }
+    return 'medium';
+}
+function renderFindingSummary(findings, screenshotCount) {
+    if (findings.length === 0) {
+        return `No visual findings. screenshots=${screenshotCount}`;
+    }
+    const lines = findings.map(finding => {
+        const route = finding.route ? ` route=${finding.route}` : '';
+        const evidence = finding.evidence ? ` evidence=${finding.evidence}` : '';
+        return `[${finding.severity}]${route} ${finding.message}${evidence}`;
+    });
+    return `screenshots=${screenshotCount}; findings=${findings.length}\n${lines.join('\n')}`;
+}
+function createEvidence(input) {
+    return {
+        id: `EVID-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+        ...input,
+    };
+}
+function textEvidence(items) {
+    return items.map(item => `${item.label}: ${item.detail}`).join('\n');
+}
+//# sourceMappingURL=VisualGate.js.map

package/dist/workflow/gates/VisualGate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"VisualGate.js","sourceRoot":"","sources":["../../../src/workflow/gates/VisualGate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAmC5C,MAAM,2BAA2B,GAA4B,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;AAEjF,MAAM,OAAO,UAAU;IASrB,YAAY,UAA6B,EAAE;QAR3C,UAAK,GAAc,IAAI,CAAA;QACvB,SAAI,GAAG,aAAa,CAAA;QACpB,gBAAW,GAAG,qEAAqE,CAAA;QACnF,kBAAa,GAA4C,GAAG,CAAA;QAM1D,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;IAC9B,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAExB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,MAAM,CAAC;gBACjB,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,QAAQ;gBAChB,aAAa,EAAE;oBACb,cAAc,CAAC;wBACb,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,MAAM,EAAE,IAAI;wBACZ,MAAM,EAAE,8CAA8C;qBACvD,CAAC;iBACH;gBACD,QAAQ,EAAE,EAAE;gBACZ,KAAK;aACN,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACnD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,MAAM,CAAC;gBACjB,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,QAAQ;gBAChB,aAAa,EAAE;oBACb,cAAc,CAAC;wBACb,IAAI,EAAE,QAAQ;wBACd,KAAK,EAAE,2BAA2B;wBAClC,MAAM,EAAE,KAAK;wBACb,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;qBACvC,CAAC;iBACH;gBACD,QAAQ,EAAE,UAAU,CAAC,QAAQ;gBAC7B,KAAK;aACN,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,UAAW,CAAC,CAAA;QAC5D,IAAI,MAAwB,CAAA;QAC5B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAqB,CAAA;QAC5E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YACrE,OAAO,IAAI,CAAC,MAAM,CAAC;gBACjB,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,QAAQ;gBAChB,aAAa,EAAE;oBACb,cAAc,CAAC;wBACb,IAAI,EAAE,MAAM;wBACZ,KAAK,EAAE,qBAAqB;wBAC5B,MAAM,EAAE,KAAK;wBACb,IAAI,EAAE,UAAU;wBAChB,MAAM;qBACP,CAAC;iBACH;gBACD,QAAQ,EAAE,CAAC,sCAAsC,MAAM,EAAE,CAAC;gBAC1D,KAAK;aACN,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAA;QACzD,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI,2BAA2B,CAAA;QACxF,MAAM,QAAQ,GAAG,QAAQ;aACtB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;aAChE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,QAAQ,kBAAkB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;QAEzH,MAAM,aAAa,GAAG;YACpB,cAAc,CAAC;gBACb,IAAI,EAAE,MAAM;gBACZ,KAAK,EAAE,eAAe;gBACtB,MAAM,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAC7B,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,CAAC;aACxE,CAAC;SACH,CAAA;QAED,OAAO,IAAI,CAAC,MAAM,CAAC;YACjB,MAAM,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC7B,MAAM,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;YACnD,aAAa;YACb,QAAQ;YACR,KAAK;SACN,CAAC,CAAA;IACJ,CAAC;IAEO,cAAc,CAAC,MAAwB;QAC7C,MAAM,QAAQ,GAAa,EAAE,CAAA;QAE7B,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,QAAQ,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAA;QAC7C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBACnC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC1D,QAAQ,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAA;gBACxD,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAA;YACrD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;QAC9C,CAAC;aAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC1D,QAAQ,CAAC,IAAI,CAAC,+BAA+B,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;QACjE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAA;QACrE,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,CAAA;IACrB,CAAC;IAEO,WAAW,CAAC,IAAY;QAC9B,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;IAC5E,CAAC;IAEO,MAAM,CAAC,KAMd;QACC,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,aAAa,CAAC;YAC3C,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,KAAK;SACrC,CAAA;IACH,CAAC;CACF;AAED,SAAS,iBAAiB,CAAC,QAA6B;IACtD,OAAO,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9B,GAAG,OAAO;QACV,QAAQ,EAAE,iBAAiB,CAAC,OAAO,CAAC,QAAQ,CAAC;KAC9C,CAAC,CAAC,CAAA;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAA;IACzC,IAAI,UAAU,KAAK,UAAU,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;QAC1G,OAAO,UAAU,CAAA;IACnB,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,oBAAoB,CAAC,QAA6B,EAAE,eAAuB;IAClF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,mCAAmC,eAAe,EAAE,CAAA;IAC7D,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;QACxE,OAAO,IAAI,OAAO,CAAC,QAAQ,IAAI,KAAK,IAAI,OAAO,CAAC,OAAO,GAAG,QAAQ,EAAE,CAAA;IACtE,CAAC,CAAC,CAAA;IAEF,OAAO,eAAe,eAAe,cAAc,QAAQ,CAAC,MAAM,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAA;AAC3F,CAAC;AAED,SAAS,cAAc,CAAC,KAA+B;IACrD,OAAO;QACL,EAAE,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;QAClE,GAAG,KAAK;KACT,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,KAAqB;IACzC,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACtE,CAAC"}

package/dist/workflow/index.d.ts

@@ -1,5 +1,6 @@
 export * from './types.js';
 export * from './gates/GateSystem.js';
+export * from './gates/VisualGate.js';
 export * from './quality/HonestDelivery.js';
 export * from './quality/KarpathyEvaluator.js';
 export * from './cognitive/AmbiguityScorer.js';

package/dist/workflow/index.js

@@ -1,6 +1,7 @@
 // SCALE Engine - Workflow Module Index
 export * from './types.js';
 export * from './gates/GateSystem.js';
+export * from './gates/VisualGate.js';
 export * from './quality/HonestDelivery.js';
 export * from './quality/KarpathyEvaluator.js';
 export * from './cognitive/AmbiguityScorer.js';

package/dist/workflow/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/workflow/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AAEvC,cAAc,YAAY,CAAA;AAC1B,cAAc,uBAAuB,CAAA;AACrC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,mCAAmC,CAAA;AACjD,cAAc,4BAA4B,CAAA;AAC1C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,oBAAoB,CAAA;AAClC,cAAc,kBAAkB,CAAA;AAChC,cAAc,qBAAqB,CAAA;AACnC,cAAc,0BAA0B,CAAA;AACxC,cAAc,0BAA0B,CAAA;AACxC,cAAc,8BAA8B,CAAA;AAC5C,cAAc,qBAAqB,CAAA;AACnC,cAAc,uBAAuB,CAAA;AACrC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,yBAAyB,CAAA;AACvC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,yBAAyB,CAAA;AACvC,cAAc,wBAAwB,CAAA;AACtC,cAAc,2BAA2B,CAAA;AACzC,cAAc,yBAAyB,CAAA;AACvC,cAAc,wBAAwB,CAAA;AACtC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA;AAC5B,cAAc,uBAAuB,CAAA;AACrC,cAAc,wBAAwB,CAAA;AACtC,cAAc,uBAAuB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/workflow/index.ts"],"names":[],"mappings":"AAAA,uCAAuC;AAEvC,cAAc,YAAY,CAAA;AAC1B,cAAc,uBAAuB,CAAA;AACrC,cAAc,uBAAuB,CAAA;AACrC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,iCAAiC,CAAA;AAC/C,cAAc,mCAAmC,CAAA;AACjD,cAAc,4BAA4B,CAAA;AAC1C,cAAc,gCAAgC,CAAA;AAC9C,cAAc,oBAAoB,CAAA;AAClC,cAAc,kBAAkB,CAAA;AAChC,cAAc,qBAAqB,CAAA;AACnC,cAAc,0BAA0B,CAAA;AACxC,cAAc,0BAA0B,CAAA;AACxC,cAAc,8BAA8B,CAAA;AAC5C,cAAc,qBAAqB,CAAA;AACnC,cAAc,uBAAuB,CAAA;AACrC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,yBAAyB,CAAA;AACvC,cAAc,6BAA6B,CAAA;AAC3C,cAAc,yBAAyB,CAAA;AACvC,cAAc,wBAAwB,CAAA;AACtC,cAAc,2BAA2B,CAAA;AACzC,cAAc,yBAAyB,CAAA;AACvC,cAAc,wBAAwB,CAAA;AACtC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA;AAC5B,cAAc,uBAAuB,CAAA;AACrC,cAAc,wBAAwB,CAAA;AACtC,cAAc,uBAAuB,CAAA"}

package/dist/workflow/types.d.ts

@@ -1,4 +1,4 @@
-export type GateStage = 'G0' | 'G1' | 'G2' | 'G3' | 'G4' | 'G5' | 'G6' | 'G7' | 'G8';
+export type GateStage = 'G0' | 'G1' | 'G2' | 'G3' | 'G4' | 'G5' | 'G6' | 'G7' | 'G8' | 'G9' | 'G10' | 'G11' | 'G12' | 'G13' | 'G14' | 'G15';
 export type GateStatus = 'PENDING' | 'PASSED' | 'FAILED' | 'BLOCKED';
 export type ModelTier = 'LOW' | 'MEDIUM' | 'HIGH';
 export type Verdict = 'APPROVE' | 'ITERATE' | 'REJECT';
@@ -18,6 +18,11 @@ export interface GateEvidence {
     stdoutTail?: string;
     stderrTail?: string;
     outputHash?: string;
+    rawEstimatedTokens?: number;
+    compressedEstimatedTokens?: number;
+    savedEstimatedTokens?: number;
+    compressionRatio?: number;
+    commandRunEvidenceId?: string;
     source?: string;
 }
 export interface GateResult {

package/docs/ACTIVE_SECURITY_VISUAL_GATES.md

@@ -0,0 +1,87 @@
+# Active Security And Visual Gates
+
+SCALE V2 adds two optional verification layers for projects that can provide a runnable local target:
+
+- `ActiveRedTeam`: bounded dynamic security probes for configured HTTP targets.
+- `VisualGate`: structured visual review evidence for UI routes and UI specs.
+
+Both are conditional. A library or backend project with no runtime target should not pay the cost.
+
+## Active Security
+
+Active security is configured under `.scale/verification.json`:
+
+```json
+{
+  "security": {
+    "active": {
+      "enabled": true,
+      "baseUrl": "http://localhost:3000",
+      "startCommand": "npm run dev",
+      "targets": ["/api/login", "/api/users"],
+      "timeoutMs": 5000,
+      "maxRequests": 20
+    }
+  }
+}
+```
+
+Behavior:
+
+- missing or disabled config returns `SKIPPED`
+- invalid enabled config returns `FAILED` before sending probes
+- probes are capped by `maxRequests`
+- every request has a timeout
+- reflected probe payloads are `HIGH` findings and block
+- request errors and server errors are recorded as findings, but only configured blocker severity should fail the gate
+
+The first implementation exposes `runActiveRedTeam()` as a library API. It does not start a server by itself yet. CLI orchestration can wire `startCommand` later, but startup failure must become a `FAILED` result when that runner is added.
+
+## Visual Gate
+
+Visual verification is configured under `.scale/verification.json`:
+
+```json
+{
+  "visual": {
+    "enabled": true,
+    "baseUrl": "http://localhost:5173",
+    "specPath": "docs/ui/UI-SPEC.md",
+    "routes": ["/", "/settings"],
+    "reportPath": "docs/worklog/tasks/TASK-123/visual-report.json",
+    "blockingSeverities": ["critical", "high"]
+  }
+}
+```
+
+`VisualGate` consumes a structured report:
+
+```json
+{
+  "screenshots": [
+    { "route": "/", "path": "screenshots/home.png" }
+  ],
+  "findings": [
+    {
+      "severity": "high",
+      "route": "/",
+      "message": "Primary action overlaps the navigation bar.",
+      "evidence": "overlap ratio 0.42"
+    }
+  ]
+}
+```
+
+Behavior:
+
+- missing or disabled config passes with a `Visual gate skipped` evidence item
+- enabled config requires `baseUrl`, `specPath`, `routes`, and `reportPath`
+- missing or invalid visual report fails
+- default blockers are `critical` and `high`
+- VLM comments may be recorded in the report, but the gate blocks only on structured severity thresholds
+
+## Gate Numbering
+
+`VisualGate` uses `G9` when explicitly registered. It is not registered by default because meta governance also uses the G9-G15 range. Projects should register it only in UI verification profiles or dedicated task flows.
+
+Active security remains a security sub-check instead of a fractional gate number. It belongs under the broader G7 security lifecycle when wired into a concrete workflow.

package/docs/BACKGROUND_HUNTER.md

@@ -0,0 +1,62 @@
+# Background Hunter
+
+Background Hunter is the readonly proactive scan layer for SCALE Engine V2.
+It turns existing governance signals into an actionable hunt queue without editing application code.
+
+## Boundary
+
+Default behavior is intentionally conservative:
+
+- scan only, no automatic code changes
+- no automatic LLM repair
+- no automatic commit or pull request
+- no release bypass
+- ignore decisions are explicit and written to `.scale/hunt/ignored-findings.json`
+
+The hunter reuses existing checks instead of creating a second rule system. The first implementation consumes:
+
+- `EngineeringStandards`
+- `ReviewAnalyzer` when status and diff input are provided by callers
+
+## Commands
+
+```bash
+scale hunt scan
+scale hunt scan --json
+scale hunt report
+scale hunt diagnose <finding-id>
+scale hunt ignore <finding-id> --reason "Accepted legacy debt tracked elsewhere"
+```
+
+`hunt scan` and `hunt report` do not modify source files. They classify findings as `open` or `ignored`.
+
+`hunt diagnose <finding-id>` creates a normal `DiagnosticLoop` from the finding. This keeps the debugging workflow evidence-first:
+
+- reproducible command
+- expected failure
+- changed files
+- verification commands
+- hypotheses and cleanup checklist
+
+`hunt ignore` records the finding id and stable fingerprint. The same finding will remain visible in the report as `ignored`, but it is removed from the open queue.
+
+## Finding Identity
+
+Every finding gets:
+
+- `id`: short deterministic SHA-256 id derived from the fingerprint
+- `fingerprint`: stable source/rule/path/line/message tuple
+- `source`: currently `engineering-standards` or `review-analyzer`
+- `diagnosticInput`: ready-to-use `DiagnosticLoopInput`
+
+This allows repeated scans to avoid noisy duplicates and lets teams explicitly accept or defer known debt.
+
+## Recommended Flow
+
+1. Run `scale hunt scan --json`.
+2. Triage open findings.
+3. For real issues, run `scale hunt diagnose <finding-id> --json`.
+4. Fix through the normal plan/TDD/verify workflow.
+5. For accepted legacy debt, run `scale hunt ignore <finding-id> --reason "..."`
+
+Do not promote Background Hunter to automatic repair until the project has enough evidence that its findings are stable and low-noise.

package/docs/CONTEXT_BUDGET.md

@@ -7,11 +7,18 @@ This feature keeps SCALE from becoming its own context pollution source. It sepa
 
 ## Commands
 
-Report token cost by context category:
-
-```bash
-scale context budget --json
-```
+Report token cost by context category:
+
+```bash
+scale context budget --json
+```
+
+Include provider-specific prompt cache policy:
+
+```bash
+scale context budget --provider anthropic --json
+scale context budget --provider openai --json
+```
 
 Write the report to `.scale/context-budget.json`:
 
@@ -64,7 +71,26 @@ scale governance roi \
 | `on-demand` | Domain docs and governance guides | Load only when task trigger matches |
 | `evidence` | Runtime evidence and task artifacts | Summarize and reference by path |
 | `archive` | Historical plans and old roadmap context | Do not load unless explicitly requested |
-| `generated` | HTML reports, screenshots, graph outputs, generated artifacts | Keep manifest-only by default |
+| `generated` | HTML reports, screenshots, graph outputs, generated artifacts | Keep manifest-only by default |
+
+## Prompt Cache Policy
+
+V2.0 adds a cache policy layer for stable context. The policy is intentionally conservative:
+
+- `always` is cache-eligible by default because it contains stable entrypoint rules and governance source-of-truth config.
+- `on-demand` is not cache-eligible by default because it changes with task intent and can break stable prefix reuse.
+- `evidence`, `archive`, and `generated` are never cache-eligible by default.
+- Unsupported providers still write usage evidence; they do not pretend to support prompt caching.
+
+Provider behavior:
+
+| Provider | Strategy | Usage fields |
+| --- | --- | --- |
+| Anthropic | `anthropic-ephemeral` | `cache_creation_input_tokens`, `cache_read_input_tokens` |
+| OpenAI | `openai-automatic` | `prompt_tokens_details.cached_tokens` |
+| Other | `usage-ledger-only` | normal input/output usage only |
+
+The cache policy does not live in `ModelRouter`. `ModelRouter` selects a model; provider request builders or adapters apply provider-specific cache controls.
 
 ## Progressive Governance
 

package/docs/DEPENDENCY_AUDIT.md

@@ -0,0 +1,89 @@
+# Dependency Audit
+
+Dependency Audit is the G7 dependency sub-gate for SCALE Engine.
+It adds supply-chain checks without introducing a separate gate number such as `G6.8`.
+
+## Scope
+
+The auditor is intentionally bounded:
+
+- reads `package-lock.json`
+- audits direct dependencies by default
+- supports `--changed-packages` for lockfile-diff workflows
+- scans only selected package roots under `node_modules`
+- caps package count and files per package
+- does not contact the registry by default
+- does not run install scripts
+
+This keeps local verification usable while still catching high-risk dependency behavior.
+
+## Commands
+
+```bash
+scale dependency audit
+scale dependency audit --json
+scale dependency audit --mode strict
+scale dependency audit --changed-packages left-pad,@scope/tool --json
+```
+
+The command exits non-zero when the active mode has blocking findings.
+
+## G7 Integration
+
+`SecurityGate` now emits two first-class evidence sources:
+
+- `built-in-security-scan`: source code security scan
+- `dependency-audit`: dependency supply-chain scan
+
+Both remain under `G7 Security`.
+
+## Policy
+
+Policy lives at `.scale/security/dependency-policy.json`:
+
+```json
+{
+  "version": 1,
+  "mode": "compatibility",
+  "maxPackages": 50,
+  "maxPackageFiles": 25,
+  "allowPackages": [],
+  "baselineFindings": []
+}
+```
+
+Modes:
+
+- `compatibility`: blocks `CRITICAL`
+- `strict`: blocks `CRITICAL` and `HIGH`
+- `offline`: keeps local-only behavior; current offline findings follow compatibility blocking
+
+Use `baselineFindings` for accepted legacy dependency risk:
+
+```json
+{
+  "baselineFindings": [
+    {
+      "packageName": "legacy-tool",
+      "version": "1.2.3",
+      "ruleId": "dependency.install-script",
+      "reason": "Pinned and reviewed during migration window."
+    }
+  ]
+}
+```
+
+Prefer a baseline over `allowPackages` when only one finding is accepted. `allowPackages` suppresses all findings for that package.
+
+## Current Findings
+
+The first implementation detects:
+
+- install lifecycle scripts
+- executable bin scripts
+- deprecated packages from lockfile metadata
+- dynamic code execution: `eval`, `new Function`
+- shell execution patterns
+- suspicious network access patterns
+
+Future network-backed checks can add npm registry metadata and `npm audit --json` ingestion, but they should stay optional and evidence-backed.

package/docs/EVOLUTION_SHADOW_MODE.md

@@ -0,0 +1,63 @@
+# Evolution Shadow Mode
+
+SCALE V2 keeps self-evolution useful without letting one-off failures become hard blockers too early.
+
+## Flow
+
+```text
+Gate Failure
+  -> Defect
+  -> Lesson
+  -> Proposed Rule
+  -> Shadow Rule
+  -> Candidate Hook
+  -> Approved Blocking Hook
+```
+
+## Gate Failure To Defect
+
+`GateSystem` emits `gate.failed` for failed gate results. `AutoDefectCreator` tracks consecutive failures per session and gate stage.
+
+Default behavior:
+
+- three consecutive failures create one `Defect`
+- a passing `gate.executed` event resets the streak
+- defect payload uses `rootCauseCategory=gate_failure`
+- the original blockers, evidence, evidence record id, stage, and streak count are stored in defect context
+
+This is evidence capture only. It does not change source code or generate a hook.
+
+## Rule Maturity
+
+New rules start in `shadow` mode. Shadow rules can record hits, but they do not block development.
+
+Promotion requires:
+
+- shadow hits >= 10
+- at least one defect evidence id
+- rollback method present
+- false positive rate within threshold
+- explicit approval before a blocking hook is allowed
+
+`RuleMaturity` exposes:
+
+- `createShadowRuleMaturity`
+- `recordShadowHit`
+- `evaluateRulePromotion`
+- `approveRuleMaturity`
+
+## Hook Boundary
+
+`HookGenerator` still requires `rule.approved === true`.
+
+For V2 rules that carry maturity metadata, it also requires:
+
+```text
+rule.maturity.stage === "approved-blocking"
+```
+
+That means proposed or shadow rules can be observed and improved, but cannot become blocking hooks until explicitly promoted.
+
+## Current Scope
+
+This release slice wires the core library path and gate events. CLI approval commands and persistent rule-maturity storage can be added later without changing the safety model.

package/docs/GOVERNANCE_DASHBOARD.md

@@ -32,11 +32,27 @@ The dashboard reads existing local evidence:
 
 | Area | Source |
 | --- | --- |
-| Runtime evidence | `.scale/evidence/runtime/` |
-| Workflow eval | `.scale/evals/runs/` and `.scale/evals/failures/` |
-| Memory Brain | `.scale/memory/brain.sqlite` |
-| Resource Governance | workspace files plus `.scale/resource-policy.json` and `.scale/assets.json` |
-| HTML artifacts | task artifact manifests and rendered HTML files |
+| Runtime evidence | `.scale/evidence/runtime/` |
+| Workflow eval | `.scale/evals/runs/` and `.scale/evals/failures/` |
+| Workflow metrics | `.scale/metrics/tasks.jsonl` |
+| Gate evidence | `.scale/evidence/GATE-*.json` |
+| Command runs | `.scale/evidence/command-runs/` |
+| Model usage | `.scale/model-usage/usage.jsonl` |
+| Memory Brain | `.scale/memory/brain.sqlite` |
+| Resource Governance | workspace files plus `.scale/resource-policy.json` and `.scale/assets.json` |
+| HTML artifacts | task artifact manifests and rendered HTML files |
+
+## Aggregated Metrics
+
+V2.0 adds `MetricsAggregator` as the dashboard aggregation layer. It keeps the dashboard read-only and derives the following metrics from existing evidence:
+
+- recent task count and first-pass rate
+- average fix iterations
+- gate failure distribution
+- command output compression token savings
+- model usage and prompt-cache savings
+
+Each number must trace back to local JSON/JSONL evidence. If a source is absent, the dashboard reports zero rather than inventing values.
 
 ## Status Model