@hongmaple0820/scale-engine 0.23.0 → 0.24.0

package/dist/runtime/index.d.ts

@@ -2,3 +2,4 @@ export * from './RuntimeEvidenceLedger.js';
 export * from './SessionLedger.js';
 export * from './RuntimeDoctor.js';
 export * from './FinalReportGuard.js';
+export * from './ModelUsageLedger.js';

package/dist/runtime/index.js

@@ -2,4 +2,5 @@ export * from './RuntimeEvidenceLedger.js';
 export * from './SessionLedger.js';
 export * from './RuntimeDoctor.js';
 export * from './FinalReportGuard.js';
+export * from './ModelUsageLedger.js';
 //# sourceMappingURL=index.js.map

package/dist/runtime/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,cAAc,oBAAoB,CAAA;AAClC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAA;AAC1C,cAAc,oBAAoB,CAAA;AAClC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA;AACrC,cAAc,uBAAuB,CAAA"}

package/dist/workflow/autonomous/BackgroundHunter.d.ts

@@ -0,0 +1,74 @@
+import { type DiffInput } from '../ReviewAnalyzer.js';
+import { type EngineeringStandardSeverity } from '../EngineeringStandards.js';
+import type { DiagnosticLoopInput } from '../DiagnosticLoop.js';
+export type HuntFindingSource = 'engineering-standards' | 'review-analyzer';
+export type HuntFindingStatus = 'open' | 'ignored';
+export interface HuntFinding {
+    id: string;
+    fingerprint: string;
+    source: HuntFindingSource;
+    status: HuntFindingStatus;
+    severity: EngineeringStandardSeverity;
+    category: string;
+    ruleId: string;
+    path?: string;
+    line?: number;
+    message: string;
+    evidence?: string;
+    fix?: string;
+    ignoreReason?: string;
+    diagnosticInput: DiagnosticLoopInput;
+}
+export interface HuntSummary {
+    total: number;
+    open: number;
+    ignored: number;
+    blocking: number;
+    bySeverity: Record<EngineeringStandardSeverity, number>;
+    bySource: Record<HuntFindingSource, number>;
+}
+export interface HuntScanReport {
+    projectDir: string;
+    generatedAt: string;
+    findings: HuntFinding[];
+    summary: HuntSummary;
+    warnings: string[];
+}
+export interface BackgroundHunterOptions {
+    projectDir?: string;
+    scaleDir?: string;
+    store?: HuntFindingStore;
+}
+export interface BackgroundHunterScanOptions {
+    now?: Date;
+    changedFiles?: string[];
+    statusOutput?: string;
+    diffs?: DiffInput[];
+}
+export interface IgnoredHuntFinding {
+    id: string;
+    fingerprint: string;
+    reason?: string;
+    ignoredAt: string;
+}
+export declare class BackgroundHunter {
+    private readonly projectDir;
+    private readonly scaleDir;
+    private readonly store;
+    constructor(options?: BackgroundHunterOptions);
+    scan(options?: BackgroundHunterScanOptions): HuntScanReport;
+    createDiagnosticInput(finding: HuntFinding): DiagnosticLoopInput;
+    private fromEngineeringStandard;
+    private reviewFindings;
+    private fromReviewFinding;
+}
+export declare class HuntFindingStore {
+    private readonly path;
+    constructor(options?: {
+        projectDir?: string;
+        scaleDir?: string;
+    });
+    listIgnored(): IgnoredHuntFinding[];
+    ignore(finding: IgnoredHuntFinding): IgnoredHuntFinding;
+}
+export declare function createDiagnosticInput(finding: Pick<HuntFinding, 'id' | 'source' | 'ruleId' | 'path' | 'message' | 'evidence'>): DiagnosticLoopInput;

package/dist/workflow/autonomous/BackgroundHunter.js

@@ -0,0 +1,220 @@
+import { createHash } from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { isAbsolute, join, relative, resolve, sep } from 'node:path';
+import { analyzeReview } from '../ReviewAnalyzer.js';
+import { scanEngineeringStandards, } from '../EngineeringStandards.js';
+export class BackgroundHunter {
+    constructor(options = {}) {
+        this.projectDir = resolve(options.projectDir ?? process.cwd());
+        this.scaleDir = options.scaleDir ?? '.scale';
+        this.store = options.store ?? new HuntFindingStore({ projectDir: this.projectDir, scaleDir: this.scaleDir });
+    }
+    scan(options = {}) {
+        const now = options.now ?? new Date();
+        const standardsReport = scanEngineeringStandards({
+            projectDir: this.projectDir,
+            scaleDir: this.scaleDir,
+            now,
+            changedFiles: options.changedFiles,
+        });
+        const findings = [
+            ...standardsReport.findings.map(finding => this.fromEngineeringStandard(finding)),
+            ...this.reviewFindings(options),
+        ].sort(compareHuntFindings);
+        const ignored = this.store.listIgnored();
+        const resolvedFindings = findings.map(finding => {
+            const ignoredFinding = ignored.find(item => item.id === finding.id || item.fingerprint === finding.fingerprint);
+            if (!ignoredFinding)
+                return finding;
+            return {
+                ...finding,
+                status: 'ignored',
+                ignoreReason: ignoredFinding.reason,
+            };
+        });
+        return {
+            projectDir: this.projectDir,
+            generatedAt: now.toISOString(),
+            findings: resolvedFindings,
+            summary: summarizeHuntFindings(resolvedFindings),
+            warnings: standardsReport.warnings,
+        };
+    }
+    createDiagnosticInput(finding) {
+        return createDiagnosticInput(finding);
+    }
+    fromEngineeringStandard(finding) {
+        const fingerprint = stableFingerprint([
+            'engineering-standards',
+            finding.ruleId,
+            normalizePath(finding.path),
+            String(finding.line ?? ''),
+            finding.message,
+        ]);
+        const id = huntId(fingerprint);
+        const path = normalizePath(finding.path);
+        const result = {
+            id,
+            fingerprint,
+            source: 'engineering-standards',
+            status: 'open',
+            severity: finding.severity,
+            category: finding.category,
+            ruleId: finding.ruleId,
+            path,
+            line: finding.line,
+            message: finding.message,
+            evidence: finding.evidence,
+            fix: finding.fix,
+            diagnosticInput: createDiagnosticInput({
+                id,
+                source: 'engineering-standards',
+                ruleId: finding.ruleId,
+                path,
+                message: finding.message,
+                evidence: finding.evidence,
+            }),
+        };
+        return result;
+    }
+    reviewFindings(options) {
+        if (!options.statusOutput || !options.diffs?.length)
+            return [];
+        return analyzeReview({
+            statusOutput: options.statusOutput,
+            diffs: options.diffs,
+        }).findings.map(finding => this.fromReviewFinding(finding));
+    }
+    fromReviewFinding(finding) {
+        const path = finding.file ? normalizePath(finding.file) : undefined;
+        const fingerprint = stableFingerprint([
+            'review-analyzer',
+            finding.category,
+            finding.severity,
+            path ?? '',
+            finding.description,
+            finding.evidence ?? '',
+        ]);
+        const id = huntId(fingerprint);
+        const severity = reviewSeverityToStandardSeverity(finding.severity);
+        return {
+            id,
+            fingerprint,
+            source: 'review-analyzer',
+            status: 'open',
+            severity,
+            category: finding.category,
+            ruleId: `review-${finding.category}`,
+            path,
+            message: finding.description,
+            evidence: finding.evidence,
+            diagnosticInput: createDiagnosticInput({
+                id,
+                source: 'review-analyzer',
+                ruleId: `review-${finding.category}`,
+                path,
+                message: finding.description,
+                evidence: finding.evidence,
+            }),
+        };
+    }
+}
+export class HuntFindingStore {
+    constructor(options = {}) {
+        const projectDir = resolve(options.projectDir ?? process.cwd());
+        const scaleDir = options.scaleDir ?? '.scale';
+        const scaleRoot = isAbsolute(scaleDir) ? scaleDir : join(projectDir, scaleDir);
+        this.path = join(scaleRoot, 'hunt', 'ignored-findings.json');
+    }
+    listIgnored() {
+        if (!existsSync(this.path))
+            return [];
+        try {
+            const parsed = JSON.parse(readFileSync(this.path, 'utf-8'));
+            return Array.isArray(parsed.ignored)
+                ? parsed.ignored.filter(item => typeof item.id === 'string' && typeof item.fingerprint === 'string')
+                : [];
+        }
+        catch {
+            return [];
+        }
+    }
+    ignore(finding) {
+        const current = this.listIgnored();
+        const next = [
+            ...current.filter(item => item.id !== finding.id && item.fingerprint !== finding.fingerprint),
+            finding,
+        ].sort((a, b) => a.id.localeCompare(b.id));
+        const dir = this.path.slice(0, this.path.lastIndexOf(sep));
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        writeFileSync(this.path, JSON.stringify({ version: 1, ignored: next }, null, 2) + '\n', 'utf-8');
+        return finding;
+    }
+}
+export function createDiagnosticInput(finding) {
+    const changedFiles = finding.path ? [finding.path] : [];
+    const verificationCommand = finding.path
+        ? `scale standards doctor --changed-files ${finding.path}`
+        : 'scale standards doctor';
+    return {
+        taskId: `HUNT-${finding.id.toUpperCase()}`,
+        symptom: `${finding.source} ${finding.ruleId}: ${finding.message}`,
+        reproductionCommand: verificationCommand,
+        expectedFailure: finding.evidence ?? finding.message,
+        changedFiles,
+        verificationCommands: [verificationCommand],
+    };
+}
+function summarizeHuntFindings(findings) {
+    const bySeverity = { info: 0, warn: 0, fail: 0 };
+    const bySource = {
+        'engineering-standards': 0,
+        'review-analyzer': 0,
+    };
+    for (const finding of findings) {
+        bySeverity[finding.severity] += 1;
+        bySource[finding.source] += 1;
+    }
+    return {
+        total: findings.length,
+        open: findings.filter(finding => finding.status === 'open').length,
+        ignored: findings.filter(finding => finding.status === 'ignored').length,
+        blocking: findings.filter(finding => finding.status === 'open' && finding.severity === 'fail').length,
+        bySeverity,
+        bySource,
+    };
+}
+function compareHuntFindings(a, b) {
+    return severityRank(b.severity) - severityRank(a.severity) ||
+        (a.path ?? '').localeCompare(b.path ?? '') ||
+        a.ruleId.localeCompare(b.ruleId) ||
+        a.id.localeCompare(b.id);
+}
+function severityRank(severity) {
+    if (severity === 'fail')
+        return 3;
+    if (severity === 'warn')
+        return 2;
+    return 1;
+}
+function reviewSeverityToStandardSeverity(severity) {
+    if (severity === 'CRITICAL' || severity === 'HIGH')
+        return 'fail';
+    if (severity === 'MEDIUM')
+        return 'warn';
+    return 'info';
+}
+function stableFingerprint(parts) {
+    return parts.map(part => part.trim()).join('\0');
+}
+function huntId(fingerprint) {
+    return createHash('sha256').update(fingerprint).digest('hex').slice(0, 12);
+}
+function normalizePath(path) {
+    const normalized = path.replace(/\\/g, '/');
+    if (!isAbsolute(path))
+        return normalized.replace(/^\.\//, '');
+    return relative(process.cwd(), path).replace(/\\/g, '/');
+}
+//# sourceMappingURL=BackgroundHunter.js.map

package/dist/workflow/autonomous/BackgroundHunter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BackgroundHunter.js","sourceRoot":"","sources":["../../../src/workflow/autonomous/BackgroundHunter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAC5E,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAA;AAEpE,OAAO,EAAE,aAAa,EAAkB,MAAM,sBAAsB,CAAA;AACpE,OAAO,EACL,wBAAwB,GAGzB,MAAM,4BAA4B,CAAA;AAiEnC,MAAM,OAAO,gBAAgB;IAK3B,YAAY,UAAmC,EAAE;QAC/C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QAC9D,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAA;QAC5C,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,gBAAgB,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9G,CAAC;IAED,IAAI,CAAC,UAAuC,EAAE;QAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAA;QACrC,MAAM,eAAe,GAAG,wBAAwB,CAAC;YAC/C,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,GAAG;YACH,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG;YACf,GAAG,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;YACjF,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC;SAChC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAA;QACxC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;YAC9C,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC,CAAA;YAC/G,IAAI,CAAC,cAAc;gBAAE,OAAO,OAAO,CAAA;YACnC,OAAO;gBACL,GAAG,OAAO;gBACV,MAAM,EAAE,SAAkB;gBAC1B,YAAY,EAAE,cAAc,CAAC,MAAM;aACpC,CAAA;QACH,CAAC,CAAC,CAAA;QACF,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE;YAC9B,QAAQ,EAAE,gBAAgB;YAC1B,OAAO,EAAE,qBAAqB,CAAC,gBAAgB,CAAC;YAChD,QAAQ,EAAE,eAAe,CAAC,QAAQ;SACnC,CAAA;IACH,CAAC;IAED,qBAAqB,CAAC,OAAoB;QACxC,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAA;IACvC,CAAC;IAEO,uBAAuB,CAAC,OAAmC;QACjE,MAAM,WAAW,GAAG,iBAAiB,CAAC;YACpC,uBAAuB;YACvB,OAAO,CAAC,MAAM;YACd,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC;YAC3B,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;YAC1B,OAAO,CAAC,OAAO;SAChB,CAAC,CAAA;QACF,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,CAAA;QAC9B,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACxC,MAAM,MAAM,GAAgB;YAC1B,EAAE;YACF,WAAW;YACX,MAAM,EAAE,uBAAuB;YAC/B,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,IAAI;YACJ,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,eAAe,EAAE,qBAAqB,CAAC;gBACrC,EAAE;gBACF,MAAM,EAAE,uBAAuB;gBAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,IAAI;gBACJ,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC;SACH,CAAA;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAEO,cAAc,CAAC,OAAoC;QACzD,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM;YAAE,OAAO,EAAE,CAAA;QAC9D,OAAO,aAAa,CAAC;YACnB,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;SACrB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAA;IAC7D,CAAC;IAEO,iBAAiB,CAAC,OAAsB;QAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACnE,MAAM,WAAW,GAAG,iBAAiB,CAAC;YACpC,iBAAiB;YACjB,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,QAAQ;YAChB,IAAI,IAAI,EAAE;YACV,OAAO,CAAC,WAAW;YACnB,OAAO,CAAC,QAAQ,IAAI,EAAE;SACvB,CAAC,CAAA;QACF,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,CAAA;QAC9B,MAAM,QAAQ,GAAG,gCAAgC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;QACnE,OAAO;YACL,EAAE;YACF,WAAW;YACX,MAAM,EAAE,iBAAiB;YACzB,MAAM,EAAE,MAAM;YACd,QAAQ;YACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,MAAM,EAAE,UAAU,OAAO,CAAC,QAAQ,EAAE;YACpC,IAAI;YACJ,OAAO,EAAE,OAAO,CAAC,WAAW;YAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,eAAe,EAAE,qBAAqB,CAAC;gBACrC,EAAE;gBACF,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,UAAU,OAAO,CAAC,QAAQ,EAAE;gBACpC,IAAI;gBACJ,OAAO,EAAE,OAAO,CAAC,WAAW;gBAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,CAAC;SACH,CAAA;IACH,CAAC;CACF;AAED,MAAM,OAAO,gBAAgB;IAG3B,YAAY,UAAsD,EAAE;QAClE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAA;QAC7C,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;QAC9E,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,uBAAuB,CAAC,CAAA;IAC9D,CAAC;IAED,WAAW;QACT,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAA;QACrC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAyB,CAAA;YACnF,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;gBAClC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,CAAC;gBACpG,CAAC,CAAC,EAAE,CAAA;QACR,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAA;QACX,CAAC;IACH,CAAC;IAED,MAAM,CAAC,OAA2B;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAA;QAClC,MAAM,IAAI,GAAG;YACX,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC;YAC7F,OAAO;SACR,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;QAC1D,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QACzD,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAA;QAChG,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAwF;IAC5H,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACvD,MAAM,mBAAmB,GAAG,OAAO,CAAC,IAAI;QACtC,CAAC,CAAC,0CAA0C,OAAO,CAAC,IAAI,EAAE;QAC1D,CAAC,CAAC,wBAAwB,CAAA;IAC5B,OAAO;QACL,MAAM,EAAE,QAAQ,OAAO,CAAC,EAAE,CAAC,WAAW,EAAE,EAAE;QAC1C,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE;QAClE,mBAAmB,EAAE,mBAAmB;QACxC,eAAe,EAAE,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO;QACpD,YAAY;QACZ,oBAAoB,EAAE,CAAC,mBAAmB,CAAC;KAC5C,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAuB;IACpD,MAAM,UAAU,GAAgD,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;IAC7F,MAAM,QAAQ,GAAsC;QAClD,uBAAuB,EAAE,CAAC;QAC1B,iBAAiB,EAAE,CAAC;KACrB,CAAA;IACD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QACjC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;QAClE,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM;QACxE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACrG,UAAU;QACV,QAAQ;KACT,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAc,EAAE,CAAc;IACzD,OAAO,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACxD,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1C,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC;QAChC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;AAC5B,CAAC;AAED,SAAS,YAAY,CAAC,QAAqC;IACzD,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,CAAC,CAAA;IACjC,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,CAAC,CAAA;IACjC,OAAO,CAAC,CAAA;AACV,CAAC;AAED,SAAS,gCAAgC,CAAC,QAAmC;IAC3E,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,MAAM,CAAA;IACjE,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAA;IACxC,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAe;IACxC,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAClD,CAAC;AAED,SAAS,MAAM,CAAC,WAAmB;IACjC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AAC5E,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC7D,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;AAC1D,CAAC"}

package/dist/workflow/autonomous/index.d.ts

@@ -1,2 +1,3 @@
 export * from './WorklogManager.js';
 export * from './AutonomousDevLoop.js';
+export * from './BackgroundHunter.js';

package/dist/workflow/autonomous/index.js

@@ -1,4 +1,5 @@
 // SCALE Engine — Autonomous Module Index
 export * from './WorklogManager.js';
 export * from './AutonomousDevLoop.js';
+export * from './BackgroundHunter.js';
 //# sourceMappingURL=index.js.map

package/dist/workflow/autonomous/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/workflow/autonomous/index.ts"],"names":[],"mappings":"AAAA,yCAAyC;AAEzC,cAAc,qBAAqB,CAAA;AACnC,cAAc,wBAAwB,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/workflow/autonomous/index.ts"],"names":[],"mappings":"AAAA,yCAAyC;AAEzC,cAAc,qBAAqB,CAAA;AACnC,cAAc,wBAAwB,CAAA;AACtC,cAAc,uBAAuB,CAAA"}

package/dist/workflow/gates/GateSystem.d.ts

@@ -4,6 +4,7 @@ import { WorkflowArtifactWriter } from '../WorkflowArtifactWriter.js';
 import { type ResolvedVerificationCommand, type VerificationCommandConfig, type VerificationRuntimeEvidenceConfig } from '../VerificationCommands.js';
 import { type CommandOutputCompressionResult } from '../../tools/CommandOutputCompressor.js';
 import { type CommandRunEvidenceOptions } from '../../tools/CommandRunLedger.js';
+import { type DependencyAuditMode } from '../../guardrails/DependencyAuditor.js';
 export interface IGate {
     stage: GateStage;
     name: string;
@@ -36,6 +37,10 @@ export interface SecurityGateOptions {
     maxFileBytes?: number;
     maxFindings?: number;
     strict?: boolean;
+    scaleDir?: string;
+    dependencyAudit?: boolean;
+    dependencyAuditMode?: DependencyAuditMode;
+    dependencyAuditChangedPackages?: string[];
 }
 export declare function runShellCommand(command: string, timeout: number, cwd?: string, options?: RunShellCommandOptions): Promise<CommandResult>;
 export declare class GateSystem {
@@ -141,6 +146,10 @@ export declare class SecurityGate implements IGate {
     private maxFileBytes;
     private maxFindings;
     private strict;
+    private scaleDir;
+    private dependencyAudit;
+    private dependencyAuditMode?;
+    private dependencyAuditChangedPackages?;
     constructor(options?: SecurityGateOptions);
     execute(): Promise<GateResult>;
     private scan;
@@ -149,6 +158,7 @@ export declare class SecurityGate implements IGate {
     private rulesForFile;
     private findEmptyCatchBlocks;
     private summarize;
+    private dependencyEvidence;
     private isTestPath;
     private isRuleDefinition;
     private isSecurityTestFixture;

package/dist/workflow/gates/GateSystem.js

@@ -9,6 +9,7 @@ import { createHash } from 'node:crypto';
 import { RuntimeEvidenceLedger } from '../../runtime/RuntimeEvidenceLedger.js';
 import { compressCommandOutput } from '../../tools/CommandOutputCompressor.js';
 import { CommandRunLedger } from '../../tools/CommandRunLedger.js';
+import { auditDependencies } from '../../guardrails/DependencyAuditor.js';
 function tail(value, maxLength = 1000) {
     return value.length > maxLength ? value.slice(-maxLength) : value;
 }
@@ -137,6 +138,15 @@ export class GateSystem {
             this.persistEvidence(result);
             this.recordCompletedGate(stage, result);
             this.eventBus.emit('gate.executed', { stage, passed: result.passed });
+            if (!result.passed) {
+                this.eventBus.emit('gate.failed', {
+                    stage,
+                    status: result.status,
+                    blockers: result.blockers,
+                    evidence: result.evidence,
+                    evidenceRecordId: result.evidenceRecordId,
+                });
+            }
             return result;
         }
         catch (e) {
@@ -158,6 +168,14 @@ export class GateSystem {
             };
             this.results.set(stage, result);
             this.persistEvidence(result);
+            this.eventBus.emit('gate.executed', { stage, passed: false });
+            this.eventBus.emit('gate.failed', {
+                stage,
+                status: result.status,
+                blockers: result.blockers,
+                evidence: result.evidence,
+                evidenceRecordId: result.evidenceRecordId,
+            });
             return result;
         }
     }
@@ -793,12 +811,23 @@ export class SecurityGate {
         this.maxFileBytes = options.maxFileBytes ?? 300_000;
         this.maxFindings = options.maxFindings ?? 50;
         this.strict = options.strict ?? false;
+        this.scaleDir = options.scaleDir ?? '.scale';
+        this.dependencyAudit = options.dependencyAudit ?? true;
+        this.dependencyAuditMode = options.dependencyAuditMode;
+        this.dependencyAuditChangedPackages = options.dependencyAuditChangedPackages;
     }
     async execute() {
         const findings = await this.scan();
+        const dependencyReport = this.dependencyAudit ? auditDependencies({
+            projectDir: this.rootDir,
+            scaleDir: this.scaleDir,
+            mode: this.dependencyAuditMode ?? (this.strict ? 'strict' : undefined),
+            changedPackages: this.dependencyAuditChangedPackages,
+        }) : null;
         const blockers = findings
             .filter(finding => finding.severity === 'CRITICAL' || (this.strict && finding.severity === 'HIGH'))
             .map(finding => `${finding.severity} ${finding.ruleId} in ${finding.file}:${finding.line} - ${finding.description}`);
+        blockers.push(...(dependencyReport?.blockers ?? []));
         const passed = blockers.length === 0;
         const summary = this.summarize(findings);
         const evidenceItems = [
@@ -820,6 +849,7 @@ export class SecurityGate {
                 detail: `${finding.severity} line ${finding.line}: ${finding.description}; ${finding.evidence}`,
                 source: 'built-in-security-scan',
             })),
+            ...this.dependencyEvidence(dependencyReport),
         ];
         return {
             gate: this.stage,
@@ -1006,6 +1036,38 @@ export class SecurityGate {
             LOW: findings.filter(f => f.severity === 'LOW').length,
         };
     }
+    dependencyEvidence(report) {
+        if (!report) {
+            return [
+                createEvidence({
+                    kind: 'scan',
+                    label: 'G7 dependency audit',
+                    passed: true,
+                    detail: 'dependency audit disabled',
+                    source: 'dependency-audit',
+                }),
+            ];
+        }
+        const summary = report.summary;
+        return [
+            createEvidence({
+                kind: 'scan',
+                label: 'G7 dependency audit',
+                passed: report.ok,
+                path: report.lockfilePath,
+                detail: `${summary.packagesAudited} package(s) audited, findings=${summary.totalFindings}, critical=${summary.bySeverity.CRITICAL}, high=${summary.bySeverity.HIGH}, medium=${summary.bySeverity.MEDIUM}, low=${summary.bySeverity.LOW}, mode=${report.mode}`,
+                source: 'dependency-audit',
+            }),
+            ...report.findings.slice(0, this.maxFindings).map(finding => createEvidence({
+                kind: 'scan',
+                label: `Dependency finding ${finding.ruleId}`,
+                passed: !report.blockers.some(blocker => blocker.includes(finding.ruleId) && blocker.includes(finding.packageName)),
+                path: finding.path,
+                detail: `${finding.severity} ${finding.packageName}${finding.version ? `@${finding.version}` : ''}: ${finding.message}; ${finding.evidence ?? 'no detail'}`,
+                source: 'dependency-audit',
+            })),
+        ];
+    }
     isTestPath(file) {
         return /(^|\/)(tests?|__tests__)\//i.test(file) || /\.(test|spec)\.(ts|tsx|js|jsx|mjs|cjs)$/i.test(file);
     }