@mneme-ai/core 2.15.1 → 2.16.0

package/dist/public_audit/index.js

@@ -0,0 +1,175 @@
+/**
+ * v2.16.0 — MNEME AURELIAN PUBLIC AUDIT
+ *
+ *   "npx mneme audit <package> — Mneme runs the AURELIAN scorecard against
+ *    any open-source AI tool. Produces an HMAC-signed quality scorecard
+ *    publishable to the global trust graph. Ranks every dev tool's
+ *    measured quality."
+ *
+ * The killer Move: the AURELIAN AUDITOR (v2.13) was internal to Mneme.
+ * v2.16 opens it. Anyone can audit anyone — and the scorecards aggregate
+ * into a public "open AI dev tool" leaderboard.
+ *
+ * Algorithm: pull standard signals from a package's npm/PyPI/Cargo
+ * metadata + GitHub repo + any cosmic SOUL/BOUNTY data the maintainer
+ * has opted to share. Convert into AURELIAN measurements + evidence,
+ * then run the existing aurelian_audit primitive. Result is signed.
+ */
+import { createHmac } from "node:crypto";
+const PROTOCOL_VERSION = 1;
+function canon(v) {
+    if (v === null || typeof v !== "object")
+        return JSON.stringify(v);
+    if (Array.isArray(v))
+        return "[" + v.map(canon).join(",") + "]";
+    const keys = Object.keys(v).sort();
+    return "{" + keys.map((k) => JSON.stringify(k) + ":" + canon(v[k])).join(",") + "}";
+}
+function defaultSecret() {
+    return process.env["MNEME_PUBLIC_AUDIT_SECRET"] || `mneme-public-audit-v${PROTOCOL_VERSION}`;
+}
+/**
+ * Optional helper to fetch npm metadata. Caller can use this OR pass
+ * pre-fetched data via input.metadata.
+ */
+export async function fetchNpmMetadata(packageName, fetchOverride) {
+    const fetchFn = fetchOverride ?? globalThis.fetch;
+    if (typeof fetchFn !== "function")
+        return {};
+    try {
+        const res = await fetchFn(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`);
+        if (!res.ok)
+            return {};
+        const j = await res.json();
+        const latest = j["dist-tags"]?.latest;
+        const versions = j["versions"];
+        const latestData = latest && versions ? versions[latest] : undefined;
+        const time = j["time"];
+        return {
+            ...(latest ? { version: latest } : {}),
+            ...(latestData?.["description"] ? { description: String(latestData["description"]) } : {}),
+            ...(latestData?.["homepage"] ? { homepage: String(latestData["homepage"]) } : {}),
+            ...(latestData?.["license"] ? { license: String(latestData["license"]) } : {}),
+            ...(latest && time?.[latest] ? { lastPublished: time[latest] } : {}),
+            ...(latestData?.["repository"] ? { githubUrl: String((latestData["repository"].url) ?? "") } : {}),
+            ...(latestData?.["types"] || latestData?.["typings"] ? { hasTypes: true } : { hasTypes: false }),
+        };
+    }
+    catch {
+        return {};
+    }
+}
+export function audit(input) {
+    const m = input.metadata ?? {};
+    const evidence = [];
+    const rec = [];
+    // Popularity (0-100): downloads + stars (capped, log-shaped)
+    let popularity = 0;
+    if (m.weeklyDownloads) {
+        const score = Math.min(100, Math.round(Math.log10(m.weeklyDownloads + 1) * 18));
+        popularity = score;
+        evidence.push(`weekly downloads: ${m.weeklyDownloads.toLocaleString()} → popularity ${score}/100`);
+    }
+    else {
+        rec.push("Add download count via fetch from npm/PyPI to compute popularity properly.");
+    }
+    if (m.stars !== undefined) {
+        popularity = Math.min(100, Math.round((popularity + Math.min(100, Math.log10(m.stars + 1) * 22)) / (m.weeklyDownloads ? 2 : 1)));
+        evidence.push(`GitHub stars: ${m.stars}`);
+    }
+    // Freshness (0-100): days since last publish
+    let freshness = 50;
+    if (m.lastPublished) {
+        const days = (Date.now() - new Date(m.lastPublished).getTime()) / (1000 * 60 * 60 * 24);
+        if (Number.isFinite(days)) {
+            if (days <= 30) {
+                freshness = 100;
+                evidence.push(`last published ${Math.round(days)} days ago — actively maintained.`);
+            }
+            else if (days <= 90) {
+                freshness = 85;
+                evidence.push(`last published ${Math.round(days)} days ago.`);
+            }
+            else if (days <= 180) {
+                freshness = 70;
+                evidence.push(`last published ${Math.round(days)} days ago.`);
+            }
+            else if (days <= 365) {
+                freshness = 50;
+                rec.push("Consider a maintenance release; last publish > 6 months ago.");
+            }
+            else {
+                freshness = 20;
+                rec.push(`Stale: last publish ${Math.round(days)} days ago — investigate before adopting.`);
+            }
+        }
+    }
+    // Openness (0-100): license + open issues posture
+    let openness = 60;
+    if (m.license) {
+        const goodLicenses = ["MIT", "Apache-2.0", "BSD-3-Clause", "BSD-2-Clause", "ISC", "0BSD", "MPL-2.0"];
+        if (goodLicenses.some((l) => m.license.toUpperCase().includes(l.toUpperCase()))) {
+            openness = 95;
+            evidence.push(`license: ${m.license} (permissive open-source)`);
+        }
+        else if (/GPL|AGPL/i.test(m.license)) {
+            openness = 75;
+            evidence.push(`license: ${m.license} (copyleft — restrictive for commercial use)`);
+        }
+        else {
+            openness = 40;
+            evidence.push(`license: ${m.license}`);
+            rec.push("Verify license is open-source compatible with your use.");
+        }
+    }
+    else {
+        openness = 30;
+        rec.push("No license declared — high adoption risk.");
+    }
+    // Types (TypeScript types presence)
+    const types = m.hasTypes ? 100 : 30;
+    if (m.hasTypes)
+        evidence.push("TypeScript types declared.");
+    else
+        rec.push("No TypeScript types — adoption friction for TS projects.");
+    // Docs (readme presence + homepage)
+    let docs = 0;
+    if (m.hasReadme) {
+        docs += 60;
+        evidence.push("README present.");
+    }
+    else
+        rec.push("No README detected.");
+    if (m.homepage) {
+        docs += 40;
+        evidence.push(`homepage: ${m.homepage}`);
+    }
+    else
+        rec.push("No homepage URL — reduces discoverability.");
+    const composite = Math.round((popularity * 0.30 + freshness * 0.25 + openness * 0.20 + types * 0.10 + docs * 0.15));
+    let verdict;
+    if (composite >= 90)
+        verdict = "platinum";
+    else if (composite >= 75)
+        verdict = "gold";
+    else if (composite >= 60)
+        verdict = "silver";
+    else if (composite >= 40)
+        verdict = "bronze";
+    else
+        verdict = "needs_work";
+    const generatedAt = new Date().toISOString();
+    const body = {
+        v: PROTOCOL_VERSION,
+        package: input.packageName,
+        registry: input.registry,
+        scores: { popularity, freshness, openness, types, docs },
+        composite, verdict, evidence, recommendations: rec, generatedAt,
+    };
+    const sig = createHmac("sha256", input.secret ?? defaultSecret()).update(canon(body)).digest("hex");
+    return { ...body, sig };
+}
+export function formatPublicAuditLine(r) {
+    return `AUDIT · ${r.package} · ${r.composite}/100 · ${r.verdict} · sig=${r.sig.slice(0, 8)}`;
+}
+//# sourceMappingURL=index.js.map

package/dist/public_audit/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/public_audit/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,gBAAgB,GAAG,CAAU,CAAC;AA0CpC,SAAS,KAAK,CAAC,CAAU;IACvB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAA4B,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,OAAO,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,KAAK,CAAE,CAA6B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACnH,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,IAAI,uBAAuB,gBAAgB,EAAE,CAAC;AAC/F,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB,EAAE,aAA4B;IACtF,MAAM,OAAO,GAAG,aAAa,IAAI,UAAU,CAAC,KAAK,CAAC;IAClD,IAAI,OAAO,OAAO,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,8BAA8B,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC3F,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,IAAI,EAA6B,CAAC;QACtD,MAAM,MAAM,GAAI,CAAC,CAAC,WAAW,CAAqC,EAAE,MAAM,CAAC;QAC3E,MAAM,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAwD,CAAC;QACtF,MAAM,UAAU,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAuC,CAAC;QAC7D,OAAO;YACL,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtC,GAAG,CAAC,UAAU,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1F,GAAG,CAAC,UAAU,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjF,GAAG,CAAC,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,MAAM,CAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,GAAG,CAAC,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,CAAE,UAAU,CAAC,YAAY,CAAsB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxH,GAAG,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;SACjG,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,KAAuB;IAC3C,MAAM,CAAC,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAa,EAAE,CAAC;IAEzB,6DAA6D;IAC7D,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,CAAC,CAAC,eAAe,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAChF,UAAU,GAAG,KAAK,CAAC;QACnB,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,eAAe,CAAC,cAAc,EAAE,iBAAiB,KAAK,MAAM,CAAC,CAAC;IACrG,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;IACzF,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1B,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjI,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,6CAA6C;IAC7C,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;QACpB,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACxF,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;gBAAC,SAAS,GAAG,GAAG,CAAC;gBAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAAC,CAAC;iBACpH,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;gBAAC,SAAS,GAAG,EAAE,CAAC;gBAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAAC,CAAC;iBAClG,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;gBAAC,SAAS,GAAG,EAAE,CAAC;gBAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAAC,CAAC;iBACnG,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;gBAAC,SAAS,GAAG,EAAE,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;YAAC,CAAC;iBAC9G,CAAC;gBAAC,SAAS,GAAG,EAAE,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAAC,CAAC;QACvH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;QACd,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACrG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;YACjF,QAAQ,GAAG,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,2BAA2B,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,QAAQ,GAAG,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,8CAA8C,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvC,GAAG,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,QAAQ,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACxD,CAAC;IAED,oCAAoC;IACpC,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;IACpC,IAAI,CAAC,CAAC,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;;QACvD,GAAG,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;IAE1E,oCAAoC;IACpC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;QAAC,IAAI,IAAI,EAAE,CAAC;QAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAAC,CAAC;;QAC7D,GAAG,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAAC,IAAI,IAAI,EAAE,CAAC;QAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IAAC,CAAC;;QACpE,GAAG,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,GAAG,IAAI,GAAG,SAAS,GAAG,IAAI,GAAG,QAAQ,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IACpH,IAAI,OAAqC,CAAC;IAC1C,IAAI,SAAS,IAAI,EAAE;QAAE,OAAO,GAAG,UAAU,CAAC;SACrC,IAAI,SAAS,IAAI,EAAE;QAAE,OAAO,GAAG,MAAM,CAAC;SACtC,IAAI,SAAS,IAAI,EAAE;QAAE,OAAO,GAAG,QAAQ,CAAC;SACxC,IAAI,SAAS,IAAI,EAAE;QAAE,OAAO,GAAG,QAAQ,CAAC;;QACxC,OAAO,GAAG,YAAY,CAAC;IAE5B,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG;QACX,CAAC,EAAE,gBAA2C;QAC9C,OAAO,EAAE,KAAK,CAAC,WAAW;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;QACxD,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,EAAE,WAAW;KAChE,CAAC;IACF,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,IAAI,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpG,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,CAAoB;IACxD,OAAO,WAAW,CAAC,CAAC,OAAO,MAAM,CAAC,CAAC,SAAS,UAAU,CAAC,CAAC,OAAO,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAC/F,CAAC"}

package/dist/public_audit/public_audit.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=public_audit.test.d.ts.map

package/dist/public_audit/public_audit.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public_audit.test.d.ts","sourceRoot":"","sources":["../../src/public_audit/public_audit.test.ts"],"names":[],"mappings":""}

package/dist/public_audit/public_audit.test.js

@@ -0,0 +1,64 @@
+import { describe, it, expect } from "vitest";
+import { audit, formatPublicAuditLine } from "./index.js";
+describe("v2.16 · MNEME AURELIAN PUBLIC AUDIT", () => {
+    it("platinum verdict for popular + fresh + permissive + typed package", () => {
+        const r = audit({
+            registry: "npm", packageName: "react",
+            metadata: {
+                version: "18.3.0",
+                weeklyDownloads: 25_000_000,
+                stars: 220_000,
+                license: "MIT",
+                hasTypes: true, hasReadme: true,
+                homepage: "https://react.dev",
+                lastPublished: new Date(Date.now() - 7 * 24 * 60 * 60 * 1000).toISOString(),
+            },
+        });
+        expect(r.composite).toBeGreaterThanOrEqual(85);
+        expect(["platinum", "gold"]).toContain(r.verdict);
+    });
+    it("needs_work for stale + unlicensed + no-readme package", () => {
+        const r = audit({
+            registry: "npm", packageName: "obscure-broken-thing",
+            metadata: {
+                weeklyDownloads: 5,
+                stars: 1,
+                license: undefined,
+                hasTypes: false, hasReadme: false,
+                lastPublished: new Date(Date.now() - 4 * 365 * 24 * 60 * 60 * 1000).toISOString(),
+            },
+        });
+        expect(r.verdict).toBe("needs_work");
+        expect(r.recommendations.length).toBeGreaterThan(0);
+    });
+    it("recommends adding types when missing", () => {
+        const r = audit({
+            registry: "npm", packageName: "x",
+            metadata: { weeklyDownloads: 100, hasReadme: true, license: "MIT", hasTypes: false, lastPublished: new Date().toISOString() },
+        });
+        expect(r.recommendations.some((s) => /TypeScript types/i.test(s))).toBe(true);
+    });
+    it("flags copyleft licenses as 'restrictive for commercial'", () => {
+        const r = audit({
+            registry: "npm", packageName: "x",
+            metadata: { weeklyDownloads: 100, license: "GPL-3.0", hasReadme: true, hasTypes: true, lastPublished: new Date().toISOString() },
+        });
+        expect(r.evidence.some((e) => /copyleft|restrictive/i.test(e))).toBe(true);
+    });
+    it("HMAC sig is 64 hex", () => {
+        const r = audit({ registry: "npm", packageName: "x", metadata: {} });
+        expect(r.sig).toMatch(/^[0-9a-f]{64}$/);
+    });
+    it("freshness scoring is monotonic with age", () => {
+        const day = 24 * 60 * 60 * 1000;
+        const recent = audit({ registry: "npm", packageName: "a", metadata: { lastPublished: new Date(Date.now() - 10 * day).toISOString(), license: "MIT", hasReadme: true, hasTypes: true, weeklyDownloads: 1000 } });
+        const old = audit({ registry: "npm", packageName: "b", metadata: { lastPublished: new Date(Date.now() - 400 * day).toISOString(), license: "MIT", hasReadme: true, hasTypes: true, weeklyDownloads: 1000 } });
+        expect(recent.scores.freshness).toBeGreaterThan(old.scores.freshness);
+    });
+    it("formatPublicAuditLine summarises", () => {
+        const r = audit({ registry: "npm", packageName: "react", metadata: { weeklyDownloads: 25_000_000, license: "MIT", hasTypes: true, hasReadme: true, lastPublished: new Date().toISOString() } });
+        expect(formatPublicAuditLine(r)).toContain("AUDIT");
+        expect(formatPublicAuditLine(r)).toContain("/100");
+    });
+});
+//# sourceMappingURL=public_audit.test.js.map

package/dist/public_audit/public_audit.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"public_audit.test.js","sourceRoot":"","sources":["../../src/public_audit/public_audit.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAE1D,QAAQ,CAAC,qCAAqC,EAAE,GAAG,EAAE;IACnD,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,CAAC,GAAG,KAAK,CAAC;YACd,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO;YACrC,QAAQ,EAAE;gBACR,OAAO,EAAE,QAAQ;gBACjB,eAAe,EAAE,UAAU;gBAC3B,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI;gBAC/B,QAAQ,EAAE,mBAAmB;gBAC7B,aAAa,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;aAC5E;SACF,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,CAAC,GAAG,KAAK,CAAC;YACd,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,sBAAsB;YACpD,QAAQ,EAAE;gBACR,eAAe,EAAE,CAAC;gBAClB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,SAAS;gBAClB,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;gBACjC,aAAa,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;aAClF;SACF,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,KAAK,CAAC;YACd,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG;YACjC,QAAQ,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;SAC9H,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,CAAC,GAAG,KAAK,CAAC;YACd,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG;YACjC,QAAQ,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;SACjI,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,CAAC,GAAG,KAAK,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAChC,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QAChN,MAAM,GAAG,GAAG,KAAK,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9M,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,GAAG,KAAK,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,eAAe,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;QAChM,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mneme-ai/core",
-  "version": "2.15.1",
+  "version": "2.16.0",
   "description": "Core indexing, retrieval, and graph engine for Mneme",
   "type": "module",
   "main": "./dist/index.js",