npm - @neat.is/types - Versions diffs - 0.2.5 - Mend

@neat.is/types 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,629 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  BlastRadiusAffectedNodeSchema: () => BlastRadiusAffectedNodeSchema,
+  BlastRadiusResultSchema: () => BlastRadiusResultSchema,
+  BlastRadiusRuleSchema: () => BlastRadiusRuleSchema,
+  CheckPoliciesScopeSchema: () => CheckPoliciesScopeSchema,
+  CompatibilityRuleSchema: () => CompatibilityRuleSchema,
+  CompatibleDriverSchema: () => CompatibleDriverSchema,
+  ConfigNodeSchema: () => ConfigNodeSchema,
+  DatabaseNodeSchema: () => DatabaseNodeSchema,
+  DiscoveredViaSchema: () => DiscoveredViaSchema,
+  EMPTY_REGISTRY: () => EMPTY_REGISTRY,
+  EdgeEvidenceSchema: () => EdgeEvidenceSchema,
+  EdgeSignalSchema: () => EdgeSignalSchema,
+  EdgeType: () => EdgeType,
+  EdgeTypeSchema: () => EdgeTypeSchema,
+  ErrorEventSchema: () => ErrorEventSchema,
+  FrontierNodeSchema: () => FrontierNodeSchema,
+  GraphEdgeSchema: () => GraphEdgeSchema,
+  GraphNodeSchema: () => GraphNodeSchema,
+  HypotheticalActionSchema: () => HypotheticalActionSchema,
+  InfraNodeSchema: () => InfraNodeSchema,
+  NodeType: () => NodeType,
+  NodeTypeSchema: () => NodeTypeSchema,
+  OwnershipRuleSchema: () => OwnershipRuleSchema,
+  PROV_RANK: () => PROV_RANK,
+  PoliciesCheckBodySchema: () => PoliciesCheckBodySchema,
+  PolicyActionSchema: () => PolicyActionSchema,
+  PolicyFileSchema: () => PolicyFileSchema,
+  PolicyRuleSchema: () => PolicyRuleSchema,
+  PolicySchema: () => PolicySchema,
+  PolicySeveritySchema: () => PolicySeveritySchema,
+  PolicyViolationSchema: () => PolicyViolationSchema,
+  Provenance: () => Provenance,
+  ProvenanceRuleSchema: () => ProvenanceRuleSchema,
+  ProvenanceSchema: () => ProvenanceSchema,
+  RegistryEntrySchema: () => RegistryEntrySchema,
+  RegistryFileSchema: () => RegistryFileSchema,
+  RegistryStatusSchema: () => RegistryStatusSchema,
+  RootCauseResultSchema: () => RootCauseResultSchema,
+  ServiceNodeSchema: () => ServiceNodeSchema,
+  StructuralRuleSchema: () => StructuralRuleSchema,
+  TransitiveDependenciesResultSchema: () => TransitiveDependenciesResultSchema,
+  TransitiveDependencySchema: () => TransitiveDependencySchema,
+  configId: () => configId,
+  databaseId: () => databaseId,
+  extractedEdgeId: () => extractedEdgeId,
+  frontierEdgeId: () => frontierEdgeId,
+  frontierId: () => frontierId,
+  inferredEdgeId: () => inferredEdgeId,
+  infraId: () => infraId,
+  observedEdgeId: () => observedEdgeId,
+  parseConfigId: () => parseConfigId,
+  parseDatabaseId: () => parseDatabaseId,
+  parseEdgeId: () => parseEdgeId,
+  parseFrontierId: () => parseFrontierId,
+  parseInfraId: () => parseInfraId,
+  parseServiceId: () => parseServiceId,
+  serviceId: () => serviceId
+});
+module.exports = __toCommonJS(index_exports);
+// src/constants.ts
+var import_zod = require("zod");
+var Provenance = {
+  EXTRACTED: "EXTRACTED",
+  INFERRED: "INFERRED",
+  OBSERVED: "OBSERVED",
+  STALE: "STALE",
+  FRONTIER: "FRONTIER"
+};
+var EdgeType = {
+  CALLS: "CALLS",
+  DEPENDS_ON: "DEPENDS_ON",
+  CONNECTS_TO: "CONNECTS_TO",
+  CONFIGURED_BY: "CONFIGURED_BY",
+  PUBLISHES_TO: "PUBLISHES_TO",
+  CONSUMES_FROM: "CONSUMES_FROM",
+  RUNS_ON: "RUNS_ON"
+};
+var NodeType = {
+  ServiceNode: "ServiceNode",
+  DatabaseNode: "DatabaseNode",
+  ConfigNode: "ConfigNode",
+  InfraNode: "InfraNode",
+  FrontierNode: "FrontierNode"
+};
+var NodeTypeSchema = import_zod.z.enum([
+  NodeType.ServiceNode,
+  NodeType.DatabaseNode,
+  NodeType.ConfigNode,
+  NodeType.InfraNode,
+  NodeType.FrontierNode
+]);
+// src/nodes.ts
+var import_zod2 = require("zod");
+var CompatibleDriverSchema = import_zod2.z.object({
+  name: import_zod2.z.string(),
+  minVersion: import_zod2.z.string()
+});
+var DiscoveredViaSchema = import_zod2.z.enum(["static", "otel", "merged"]);
+var ServiceNodeSchema = import_zod2.z.object({
+  id: import_zod2.z.string(),
+  type: import_zod2.z.literal(NodeType.ServiceNode),
+  name: import_zod2.z.string(),
+  language: import_zod2.z.string(),
+  discoveredVia: DiscoveredViaSchema.optional(),
+  version: import_zod2.z.string().optional(),
+  dbConnectionTarget: import_zod2.z.string().optional(),
+  repoPath: import_zod2.z.string().optional(),
+  dependencies: import_zod2.z.record(import_zod2.z.string(), import_zod2.z.string()).optional(),
+  // Hostnames OTel spans might mention for this service: compose service
+  // names, k8s metadata.name (and the cluster-DNS variants), Dockerfile
+  // labels, etc. resolveServiceId in ingest.ts checks these before falling
+  // back to a FRONTIER placeholder.
+  aliases: import_zod2.z.array(import_zod2.z.string()).optional(),
+  // Optional. If set, services declare their `engines.node` here so γ #74's
+  // node-engine compat check has something to test against.
+  nodeEngine: import_zod2.z.string().optional(),
+  incompatibilities: import_zod2.z.array(
+    // Discriminated by `kind`. `driver-engine` is the original shape and
+    // stays default for backward compatibility — older snapshots without a
+    // `kind` field still parse via the union's `.optional()` discriminator
+    // fallback. New kinds came in with γ #74.
+    import_zod2.z.union([
+      import_zod2.z.object({
+        kind: import_zod2.z.literal("driver-engine").optional(),
+        driver: import_zod2.z.string(),
+        driverVersion: import_zod2.z.string(),
+        engine: import_zod2.z.string(),
+        engineVersion: import_zod2.z.string(),
+        reason: import_zod2.z.string()
+      }),
+      import_zod2.z.object({
+        kind: import_zod2.z.literal("node-engine"),
+        package: import_zod2.z.string(),
+        packageVersion: import_zod2.z.string().optional(),
+        requiredNodeVersion: import_zod2.z.string(),
+        declaredNodeEngine: import_zod2.z.string().optional(),
+        reason: import_zod2.z.string()
+      }),
+      import_zod2.z.object({
+        kind: import_zod2.z.literal("package-conflict"),
+        package: import_zod2.z.string(),
+        packageVersion: import_zod2.z.string().optional(),
+        requires: import_zod2.z.object({
+          name: import_zod2.z.string(),
+          minVersion: import_zod2.z.string()
+        }),
+        foundVersion: import_zod2.z.string().optional(),
+        reason: import_zod2.z.string()
+      }),
+      import_zod2.z.object({
+        kind: import_zod2.z.literal("deprecated-api"),
+        package: import_zod2.z.string(),
+        packageVersion: import_zod2.z.string().optional(),
+        reason: import_zod2.z.string()
+      })
+    ])
+  ).optional()
+});
+var DatabaseNodeSchema = import_zod2.z.object({
+  id: import_zod2.z.string(),
+  type: import_zod2.z.literal(NodeType.DatabaseNode),
+  name: import_zod2.z.string(),
+  engine: import_zod2.z.string(),
+  engineVersion: import_zod2.z.string(),
+  compatibleDrivers: import_zod2.z.array(CompatibleDriverSchema),
+  host: import_zod2.z.string().optional(),
+  port: import_zod2.z.number().optional(),
+  discoveredVia: DiscoveredViaSchema.optional()
+});
+var ConfigNodeSchema = import_zod2.z.object({
+  id: import_zod2.z.string(),
+  type: import_zod2.z.literal(NodeType.ConfigNode),
+  name: import_zod2.z.string(),
+  path: import_zod2.z.string(),
+  fileType: import_zod2.z.string()
+});
+var InfraNodeSchema = import_zod2.z.object({
+  id: import_zod2.z.string(),
+  type: import_zod2.z.literal(NodeType.InfraNode),
+  name: import_zod2.z.string(),
+  provider: import_zod2.z.string(),
+  region: import_zod2.z.string().optional(),
+  kind: import_zod2.z.string().optional()
+});
+var FrontierNodeSchema = import_zod2.z.object({
+  id: import_zod2.z.string(),
+  type: import_zod2.z.literal(NodeType.FrontierNode),
+  name: import_zod2.z.string(),
+  host: import_zod2.z.string(),
+  firstObserved: import_zod2.z.string().datetime().optional(),
+  lastObserved: import_zod2.z.string().datetime().optional()
+});
+var GraphNodeSchema = import_zod2.z.discriminatedUnion("type", [
+  ServiceNodeSchema,
+  DatabaseNodeSchema,
+  ConfigNodeSchema,
+  InfraNodeSchema,
+  FrontierNodeSchema
+]);
+// src/edges.ts
+var import_zod3 = require("zod");
+var ProvenanceSchema = import_zod3.z.enum([
+  Provenance.EXTRACTED,
+  Provenance.INFERRED,
+  Provenance.OBSERVED,
+  Provenance.STALE,
+  Provenance.FRONTIER
+]);
+var EdgeTypeSchema = import_zod3.z.enum([
+  EdgeType.CALLS,
+  EdgeType.DEPENDS_ON,
+  EdgeType.CONNECTS_TO,
+  EdgeType.CONFIGURED_BY,
+  EdgeType.PUBLISHES_TO,
+  EdgeType.CONSUMES_FROM,
+  EdgeType.RUNS_ON
+]);
+var EdgeEvidenceSchema = import_zod3.z.object({
+  file: import_zod3.z.string(),
+  line: import_zod3.z.number().int().nonnegative(),
+  snippet: import_zod3.z.string()
+});
+var EdgeSignalSchema = import_zod3.z.object({
+  spanCount: import_zod3.z.number().int().nonnegative(),
+  errorCount: import_zod3.z.number().int().nonnegative(),
+  lastObservedAgeMs: import_zod3.z.number().nonnegative().optional()
+});
+var GraphEdgeSchema = import_zod3.z.object({
+  id: import_zod3.z.string(),
+  source: import_zod3.z.string(),
+  target: import_zod3.z.string(),
+  type: EdgeTypeSchema,
+  provenance: ProvenanceSchema,
+  confidence: import_zod3.z.number().min(0).max(1).optional(),
+  lastObserved: import_zod3.z.string().datetime().optional(),
+  callCount: import_zod3.z.number().int().nonnegative().optional(),
+  evidence: EdgeEvidenceSchema.optional(),
+  signal: EdgeSignalSchema.optional()
+});
+// src/events.ts
+var import_zod4 = require("zod");
+var ErrorEventSchema = import_zod4.z.object({
+  id: import_zod4.z.string(),
+  timestamp: import_zod4.z.string().datetime(),
+  service: import_zod4.z.string(),
+  traceId: import_zod4.z.string(),
+  spanId: import_zod4.z.string(),
+  errorType: import_zod4.z.string().optional(),
+  errorMessage: import_zod4.z.string(),
+  // OTLP span events with name="exception" carry richer error data than
+  // status.message. When present, these fields capture the exception type
+  // and stacktrace from the SDK that recorded the error. ADR-031 schema
+  // growth — added without a shape change because both fields are optional.
+  exceptionType: import_zod4.z.string().optional(),
+  exceptionStacktrace: import_zod4.z.string().optional(),
+  affectedNode: import_zod4.z.string()
+});
+// src/results.ts
+var import_zod5 = require("zod");
+var RootCauseResultSchema = import_zod5.z.object({
+  rootCauseNode: import_zod5.z.string(),
+  rootCauseReason: import_zod5.z.string(),
+  traversalPath: import_zod5.z.array(import_zod5.z.string()),
+  edgeProvenances: import_zod5.z.array(ProvenanceSchema),
+  confidence: import_zod5.z.number().min(0).max(1),
+  fixRecommendation: import_zod5.z.string().optional()
+});
+var BlastRadiusAffectedNodeSchema = import_zod5.z.object({
+  nodeId: import_zod5.z.string(),
+  // Distance from the origin in BFS hops. The origin itself is never in
+  // affectedNodes, so distance 0 has no meaning — the BFS at traverse.ts
+  // already skips frame 0. Tightening to positive() locks that invariant
+  // mechanically (ADR-038, issue #138).
+  distance: import_zod5.z.number().int().positive(),
+  edgeProvenance: ProvenanceSchema,
+  // path: origin → ... → nodeId. Length === distance + 1. Surfaced from the
+  // BFS predecessor chain so consumers don't have to reconstruct it from
+  // distance + the graph (ADR-038, issue #137).
+  path: import_zod5.z.array(import_zod5.z.string()).min(2),
+  // confidence: confidenceFromMix(...edgesAlongPath). Multiplicative cascade —
+  // each hop is independent evidence and uncertainty compounds. ADR-036.
+  confidence: import_zod5.z.number().min(0).max(1)
+});
+var BlastRadiusResultSchema = import_zod5.z.object({
+  origin: import_zod5.z.string(),
+  affectedNodes: import_zod5.z.array(BlastRadiusAffectedNodeSchema),
+  totalAffected: import_zod5.z.number().int().nonnegative()
+});
+var TransitiveDependencySchema = import_zod5.z.object({
+  nodeId: import_zod5.z.string(),
+  // Distance from the origin in BFS hops. The origin itself is never in
+  // dependencies, so distance is positive (>= 1).
+  distance: import_zod5.z.number().int().positive(),
+  // Type of the edge that brought traversal to this node (CALLS,
+  // CONNECTS_TO, DEPENDS_ON, etc.).
+  edgeType: EdgeTypeSchema,
+  // Provenance of that edge.
+  provenance: ProvenanceSchema
+});
+var TransitiveDependenciesResultSchema = import_zod5.z.object({
+  origin: import_zod5.z.string(),
+  depth: import_zod5.z.number().int().positive(),
+  dependencies: import_zod5.z.array(TransitiveDependencySchema),
+  total: import_zod5.z.number().int().nonnegative()
+});
+// src/identity.ts
+var SERVICE_PREFIX = "service:";
+var DATABASE_PREFIX = "database:";
+var CONFIG_PREFIX = "config:";
+var INFRA_PREFIX = "infra:";
+var FRONTIER_PREFIX = "frontier:";
+function serviceId(name) {
+  return `${SERVICE_PREFIX}${name}`;
+}
+function parseServiceId(id) {
+  return id.startsWith(SERVICE_PREFIX) ? id.slice(SERVICE_PREFIX.length) : null;
+}
+function databaseId(host) {
+  return `${DATABASE_PREFIX}${host}`;
+}
+function parseDatabaseId(id) {
+  return id.startsWith(DATABASE_PREFIX) ? id.slice(DATABASE_PREFIX.length) : null;
+}
+function configId(relPath) {
+  return `${CONFIG_PREFIX}${relPath}`;
+}
+function parseConfigId(id) {
+  return id.startsWith(CONFIG_PREFIX) ? id.slice(CONFIG_PREFIX.length) : null;
+}
+function infraId(kind, name) {
+  return `${INFRA_PREFIX}${kind}:${name}`;
+}
+function parseInfraId(id) {
+  if (!id.startsWith(INFRA_PREFIX)) return null;
+  const rest = id.slice(INFRA_PREFIX.length);
+  const colon = rest.indexOf(":");
+  if (colon === -1) return null;
+  return { kind: rest.slice(0, colon), name: rest.slice(colon + 1) };
+}
+function frontierId(host) {
+  return `${FRONTIER_PREFIX}${host}`;
+}
+function parseFrontierId(id) {
+  return id.startsWith(FRONTIER_PREFIX) ? id.slice(FRONTIER_PREFIX.length) : null;
+}
+var EDGE_ARROW = "->";
+function extractedEdgeId(source, target, type) {
+  return `${type}:${source}${EDGE_ARROW}${target}`;
+}
+function observedEdgeId(source, target, type) {
+  return `${type}:OBSERVED:${source}${EDGE_ARROW}${target}`;
+}
+function inferredEdgeId(source, target, type) {
+  return `${type}:INFERRED:${source}${EDGE_ARROW}${target}`;
+}
+function frontierEdgeId(source, target, type) {
+  return `${type}:FRONTIER:${source}${EDGE_ARROW}${target}`;
+}
+function parseEdgeId(id) {
+  const arrowIdx = id.lastIndexOf(EDGE_ARROW);
+  if (arrowIdx === -1) return null;
+  const left = id.slice(0, arrowIdx);
+  const target = id.slice(arrowIdx + EDGE_ARROW.length);
+  if (!left || !target) return null;
+  const firstColon = left.indexOf(":");
+  if (firstColon === -1) return null;
+  const type = left.slice(0, firstColon);
+  const rest = left.slice(firstColon + 1);
+  for (const prov of ["OBSERVED", "INFERRED", "FRONTIER"]) {
+    if (rest.startsWith(`${prov}:`)) {
+      return { type, provenance: prov, source: rest.slice(prov.length + 1), target };
+    }
+  }
+  return { type, provenance: "EXTRACTED", source: rest, target };
+}
+var PROV_RANK = Object.freeze({
+  OBSERVED: 3,
+  INFERRED: 2,
+  EXTRACTED: 1,
+  STALE: 0,
+  FRONTIER: 0
+});
+// src/policy.ts
+var import_zod6 = require("zod");
+var PolicySeveritySchema = import_zod6.z.enum(["info", "warning", "error", "critical"]);
+var PolicyActionSchema = import_zod6.z.enum(["log", "alert", "block"]);
+var StructuralRuleSchema = import_zod6.z.object({
+  type: import_zod6.z.literal("structural"),
+  // Node type the rule applies to. Every node of this type must satisfy the
+  // edge requirement below.
+  fromNodeType: NodeTypeSchema,
+  // Required outbound edge type from each fromNodeType node.
+  edgeType: EdgeTypeSchema,
+  // Required target node type at the other end of the edge.
+  toNodeType: NodeTypeSchema
+});
+var CompatibilityRuleSchema = import_zod6.z.object({
+  type: import_zod6.z.literal("compatibility"),
+  // Optional kind narrowing. When omitted, all four compat shapes
+  // (driver-engine, node-engine, package-conflict, deprecated-api) run.
+  kind: import_zod6.z.enum(["driver-engine", "node-engine", "package-conflict", "deprecated-api"]).optional()
+});
+var ProvenanceRuleSchema = import_zod6.z.object({
+  type: import_zod6.z.literal("provenance"),
+  // Edge type the rule applies to.
+  edgeType: EdgeTypeSchema,
+  // Target node id (e.g. 'service:payments') that incoming edges of edgeType
+  // must satisfy. Optional — when omitted, the rule runs against every edge
+  // of edgeType regardless of target.
+  targetNodeId: import_zod6.z.string().optional(),
+  // Required provenance (single value or one-of). The audit fails if the
+  // observed edge's provenance is not in this set.
+  required: import_zod6.z.union([ProvenanceSchema, import_zod6.z.array(ProvenanceSchema).min(1)])
+});
+var OwnershipRuleSchema = import_zod6.z.object({
+  type: import_zod6.z.literal("ownership"),
+  // Node type the rule applies to. ServiceNode is the common case; the
+  // discriminator stays generic so future node types can opt in.
+  nodeType: NodeTypeSchema,
+  // Field name on the node attributes that must be non-empty. Defaults to
+  // 'owner' if omitted.
+  field: import_zod6.z.string().default("owner")
+});
+var BlastRadiusRuleSchema = import_zod6.z.object({
+  type: import_zod6.z.literal("blast-radius"),
+  // Node type the rule applies to (ServiceNode is the common case).
+  nodeType: NodeTypeSchema,
+  // Cap on `totalAffected` from getBlastRadius. Inclusive — a node hitting
+  // exactly this number passes; > maxAffected fails.
+  maxAffected: import_zod6.z.number().int().positive(),
+  // Depth to evaluate against. Defaults to the contract's blast-radius
+  // default (10) when omitted.
+  depth: import_zod6.z.number().int().positive().optional()
+});
+var PolicyRuleSchema = import_zod6.z.discriminatedUnion("type", [
+  StructuralRuleSchema,
+  CompatibilityRuleSchema,
+  ProvenanceRuleSchema,
+  OwnershipRuleSchema,
+  BlastRadiusRuleSchema
+]);
+var PolicySchema = import_zod6.z.object({
+  // Unique within the file. Duplicates fail PolicyFileSchema.parse.
+  id: import_zod6.z.string().min(1),
+  name: import_zod6.z.string().min(1),
+  description: import_zod6.z.string().optional(),
+  severity: PolicySeveritySchema,
+  // When omitted, the engine derives a default from severity per ADR-044
+  // (info→log, warning→alert, error→alert, critical→block).
+  onViolation: PolicyActionSchema.optional(),
+  rule: PolicyRuleSchema
+});
+var PolicyFileSchema = import_zod6.z.object({
+  version: import_zod6.z.literal(1),
+  policies: import_zod6.z.array(PolicySchema)
+}).superRefine((file, ctx) => {
+  const seen = /* @__PURE__ */ new Set();
+  for (const [i, p] of file.policies.entries()) {
+    if (seen.has(p.id)) {
+      ctx.addIssue({
+        code: import_zod6.z.ZodIssueCode.custom,
+        path: ["policies", i, "id"],
+        message: `duplicate policy id "${p.id}"`
+      });
+    }
+    seen.add(p.id);
+  }
+});
+var HypotheticalActionSchema = import_zod6.z.discriminatedUnion("kind", [
+  import_zod6.z.object({
+    kind: import_zod6.z.literal("promote-frontier"),
+    // The FrontierNode id that would be promoted.
+    frontierId: import_zod6.z.string().min(1)
+  }),
+  import_zod6.z.object({
+    kind: import_zod6.z.literal("add-edge"),
+    source: import_zod6.z.string().min(1),
+    target: import_zod6.z.string().min(1),
+    edgeType: EdgeTypeSchema,
+    provenance: ProvenanceSchema
+  })
+]);
+var PoliciesCheckBodySchema = import_zod6.z.object({
+  hypotheticalAction: HypotheticalActionSchema.optional()
+});
+var CheckPoliciesScopeSchema = import_zod6.z.union([
+  import_zod6.z.enum(["all", "unresolved"]),
+  import_zod6.z.object({ policyId: import_zod6.z.string().min(1) })
+]);
+var PolicyViolationSchema = import_zod6.z.object({
+  // ${policy.id}:${violation-context}. The violation-context is shape-
+  // specific (e.g. nodeId for structural; edgeId for provenance).
+  id: import_zod6.z.string().min(1),
+  policyId: import_zod6.z.string().min(1),
+  policyName: import_zod6.z.string().min(1),
+  severity: PolicySeveritySchema,
+  // Resolved at evaluation time — either the explicit policy.onViolation or
+  // the severity-derived default per ADR-044.
+  onViolation: PolicyActionSchema,
+  ruleType: import_zod6.z.enum(["structural", "compatibility", "provenance", "ownership", "blast-radius"]),
+  subject: import_zod6.z.object({
+    nodeId: import_zod6.z.string().optional(),
+    edgeId: import_zod6.z.string().optional(),
+    path: import_zod6.z.array(import_zod6.z.string()).optional()
+  }).refine(
+    (s) => s.nodeId !== void 0 || s.edgeId !== void 0 || s.path !== void 0,
+    { message: "subject must carry at least one of nodeId, edgeId, path" }
+  ),
+  message: import_zod6.z.string().min(1),
+  observedAt: import_zod6.z.string().datetime()
+});
+// src/registry.ts
+var import_zod7 = require("zod");
+var RegistryStatusSchema = import_zod7.z.enum(["active", "paused", "broken"]);
+var RegistryEntrySchema = import_zod7.z.object({
+  // Unique within the registry. Project-scoped operations (`neat watch
+  // --project <name>`, `neatd reload <name>`) key on this. Collisions are a
+  // hard error at registration time.
+  name: import_zod7.z.string().min(1),
+  // Resolved absolute path on disk. Path normalisation is what keeps two
+  // `neat init` calls from different relative paths from creating two entries
+  // for the same directory.
+  path: import_zod7.z.string().min(1),
+  // ISO8601, set at first registration.
+  registeredAt: import_zod7.z.string(),
+  // ISO8601, updated whenever the daemon successfully sees the project.
+  // Optional because a freshly-registered project hasn't been seen yet.
+  lastSeenAt: import_zod7.z.string().optional(),
+  // Languages detected at `init` time. Free-form strings keyed off the
+  // installer modules — `'javascript'`, `'python'`, …
+  languages: import_zod7.z.array(import_zod7.z.string()),
+  status: RegistryStatusSchema
+});
+var RegistryFileSchema = import_zod7.z.object({
+  version: import_zod7.z.literal(1),
+  projects: import_zod7.z.array(RegistryEntrySchema)
+});
+var EMPTY_REGISTRY = { version: 1, projects: [] };
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BlastRadiusAffectedNodeSchema,
+  BlastRadiusResultSchema,
+  BlastRadiusRuleSchema,
+  CheckPoliciesScopeSchema,
+  CompatibilityRuleSchema,
+  CompatibleDriverSchema,
+  ConfigNodeSchema,
+  DatabaseNodeSchema,
+  DiscoveredViaSchema,
+  EMPTY_REGISTRY,
+  EdgeEvidenceSchema,
+  EdgeSignalSchema,
+  EdgeType,
+  EdgeTypeSchema,
+  ErrorEventSchema,
+  FrontierNodeSchema,
+  GraphEdgeSchema,
+  GraphNodeSchema,
+  HypotheticalActionSchema,
+  InfraNodeSchema,
+  NodeType,
+  NodeTypeSchema,
+  OwnershipRuleSchema,
+  PROV_RANK,
+  PoliciesCheckBodySchema,
+  PolicyActionSchema,
+  PolicyFileSchema,
+  PolicyRuleSchema,
+  PolicySchema,
+  PolicySeveritySchema,
+  PolicyViolationSchema,
+  Provenance,
+  ProvenanceRuleSchema,
+  ProvenanceSchema,
+  RegistryEntrySchema,
+  RegistryFileSchema,
+  RegistryStatusSchema,
+  RootCauseResultSchema,
+  ServiceNodeSchema,
+  StructuralRuleSchema,
+  TransitiveDependenciesResultSchema,
+  TransitiveDependencySchema,
+  configId,
+  databaseId,
+  extractedEdgeId,
+  frontierEdgeId,
+  frontierId,
+  inferredEdgeId,
+  infraId,
+  observedEdgeId,
+  parseConfigId,
+  parseDatabaseId,
+  parseEdgeId,
+  parseFrontierId,
+  parseInfraId,
+  parseServiceId,
+  serviceId
+});
+//# sourceMappingURL=index.cjs.map