npm - @nerviq/cli - Versions diffs - 0.0.1 → 0.9.0-beta.2 - Mend

@nerviq/cli 0.0.1 → 0.9.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/CHANGELOG.md +181 -0
package/LICENSE +21 -0
package/README.md +447 -0
package/bin/cli.js +749 -0
package/content/case-study-template.md +91 -0
package/content/claims-governance.md +37 -0
package/content/claude-code/audit-repo/SKILL.md +20 -0
package/content/claude-native-integration.md +60 -0
package/content/devto-article.json +9 -0
package/content/launch-posts.md +226 -0
package/content/pilot-rollout-kit.md +30 -0
package/content/release-checklist.md +31 -0
package/package.json +53 -4
package/src/activity.js +529 -0
package/src/aider/activity.js +226 -0
package/src/aider/config-parser.js +166 -0
package/src/aider/context.js +158 -0
package/src/aider/deep-review.js +316 -0
package/src/aider/domain-packs.js +278 -0
package/src/aider/freshness.js +168 -0
package/src/aider/governance.js +253 -0
package/src/aider/interactive.js +334 -0
package/src/aider/mcp-packs.js +98 -0
package/src/aider/patch.js +214 -0
package/src/aider/plans.js +186 -0
package/src/aider/premium.js +360 -0
package/src/aider/setup.js +404 -0
package/src/aider/techniques.js +1323 -0
package/src/analyze.js +821 -0
package/src/audit.js +1003 -0
package/src/badge.js +13 -0
package/src/benchmark.js +339 -0
package/src/claudex-sync.json +7 -0
package/src/codex/activity.js +324 -0
package/src/codex/config-parser.js +183 -0
package/src/codex/context.js +221 -0
package/src/codex/deep-review.js +493 -0
package/src/codex/domain-packs.js +372 -0
package/src/codex/freshness.js +167 -0
package/src/codex/governance.js +192 -0
package/src/codex/interactive.js +618 -0
package/src/codex/mcp-packs.js +660 -0
package/src/codex/patch.js +209 -0
package/src/codex/plans.js +251 -0
package/src/codex/premium.js +614 -0
package/src/codex/setup.js +603 -0
package/src/codex/techniques.js +2649 -0
package/src/context.js +272 -0
package/src/copilot/activity.js +309 -0
package/src/copilot/config-parser.js +226 -0
package/src/copilot/context.js +197 -0
package/src/copilot/deep-review.js +346 -0
package/src/copilot/domain-packs.js +350 -0
package/src/copilot/freshness.js +197 -0
package/src/copilot/governance.js +222 -0
package/src/copilot/interactive.js +406 -0
package/src/copilot/mcp-packs.js +572 -0
package/src/copilot/patch.js +238 -0
package/src/copilot/plans.js +253 -0
package/src/copilot/premium.js +450 -0
package/src/copilot/setup.js +488 -0
package/src/copilot/techniques.js +1822 -0
package/src/cursor/activity.js +301 -0
package/src/cursor/config-parser.js +265 -0
package/src/cursor/context.js +236 -0
package/src/cursor/deep-review.js +334 -0
package/src/cursor/domain-packs.js +346 -0
package/src/cursor/freshness.js +214 -0
package/src/cursor/governance.js +229 -0
package/src/cursor/interactive.js +391 -0
package/src/cursor/mcp-packs.js +571 -0
package/src/cursor/patch.js +243 -0
package/src/cursor/plans.js +254 -0
package/src/cursor/premium.js +468 -0
package/src/cursor/setup.js +488 -0
package/src/cursor/techniques.js +1786 -0
package/src/deep-review.js +345 -0
package/src/domain-packs.js +364 -0
package/src/formatters/sarif.js +115 -0
package/src/gemini/activity.js +402 -0
package/src/gemini/config-parser.js +275 -0
package/src/gemini/context.js +221 -0
package/src/gemini/deep-review.js +559 -0
package/src/gemini/domain-packs.js +371 -0
package/src/gemini/freshness.js +204 -0
package/src/gemini/governance.js +201 -0
package/src/gemini/interactive.js +860 -0
package/src/gemini/mcp-packs.js +658 -0
package/src/gemini/patch.js +229 -0
package/src/gemini/plans.js +269 -0
package/src/gemini/premium.js +759 -0
package/src/gemini/setup.js +692 -0
package/src/gemini/techniques.js +2084 -0
package/src/governance.js +523 -0
package/src/harmony/advisor.js +383 -0
package/src/harmony/audit.js +303 -0
package/src/harmony/canon.js +444 -0
package/src/harmony/cli.js +331 -0
package/src/harmony/drift.js +401 -0
package/src/harmony/governance.js +313 -0
package/src/harmony/memory.js +238 -0
package/src/harmony/sync.js +458 -0
package/src/harmony/watch.js +336 -0
package/src/index.js +256 -0
package/src/insights.js +119 -0
package/src/interactive.js +118 -0
package/src/mcp-packs.js +597 -0
package/src/opencode/activity.js +286 -0
package/src/opencode/config-parser.js +109 -0
package/src/opencode/context.js +247 -0
package/src/opencode/deep-review.js +313 -0
package/src/opencode/domain-packs.js +240 -0
package/src/opencode/freshness.js +158 -0
package/src/opencode/governance.js +159 -0
package/src/opencode/interactive.js +392 -0
package/src/opencode/mcp-packs.js +474 -0
package/src/opencode/patch.js +184 -0
package/src/opencode/plans.js +231 -0
package/src/opencode/premium.js +413 -0
package/src/opencode/setup.js +449 -0
package/src/opencode/techniques.js +1713 -0
package/src/plans.js +655 -0
package/src/secret-patterns.js +30 -0
package/src/setup.js +1274 -0
package/src/synergy/adaptive.js +261 -0
package/src/synergy/compensation.js +156 -0
package/src/synergy/evidence.js +193 -0
package/src/synergy/learning.js +184 -0
package/src/synergy/patterns.js +227 -0
package/src/synergy/ranking.js +83 -0
package/src/synergy/report.js +163 -0
package/src/synergy/routing.js +152 -0
package/src/techniques.js +1354 -0
package/src/watch.js +229 -0
package/src/windsurf/activity.js +302 -0
package/src/windsurf/config-parser.js +267 -0
package/src/windsurf/context.js +249 -0
package/src/windsurf/deep-review.js +337 -0
package/src/windsurf/domain-packs.js +348 -0
package/src/windsurf/freshness.js +215 -0
package/src/windsurf/governance.js +231 -0
package/src/windsurf/interactive.js +388 -0
package/src/windsurf/mcp-packs.js +535 -0
package/src/windsurf/patch.js +231 -0
package/src/windsurf/plans.js +247 -0
package/src/windsurf/premium.js +467 -0
package/src/windsurf/setup.js +471 -0
package/src/windsurf/techniques.js +1758 -0

package/src/domain-packs.js ADDED Viewed

@@ -0,0 +1,364 @@
+const DOMAIN_PACKS = [
+  {
+    key: 'baseline-general',
+    label: 'Baseline General',
+    useWhen: 'General repos that need a pragmatic Claude baseline without domain-specific assumptions.',
+    recommendedModules: ['CLAUDE.md baseline', 'verification', 'safe-write profile'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['discover next actions', 'starter-safe improvement', 'governed rollout'],
+  },
+  {
+    key: 'backend-api',
+    label: 'Backend API',
+    useWhen: 'Service, API, or backend-heavy repos with routes, services, jobs, or data access.',
+    recommendedModules: ['verification', 'security workflow', 'commands', 'rules'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['test + build verification', 'security review workflow', 'safe apply on existing config'],
+  },
+  {
+    key: 'frontend-ui',
+    label: 'Frontend UI',
+    useWhen: 'React, Next.js, Vue, Angular, or Svelte repos with components and UI-heavy workflows.',
+    recommendedModules: ['frontend rules', 'design guidance', 'commands', 'benchmark'],
+    recommendedMcpPacks: ['context7-docs', 'next-devtools'],
+    benchmarkFocus: ['build checks', 'component workflow quality', 'framework-aware starter output'],
+  },
+  {
+    key: 'data-pipeline',
+    label: 'Data Pipeline',
+    useWhen: 'Repos with workers, DAGs, marts, ETL jobs, migrations, or analytics-heavy workflows.',
+    recommendedModules: ['verification', 'rules', 'agents', 'benchmark'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['pipeline safety', 'repeatable task flows', 'state-aware review artifacts'],
+  },
+  {
+    key: 'infra-platform',
+    label: 'Infra Platform',
+    useWhen: 'Terraform, Docker, Kubernetes, Wrangler, or deployment-oriented repos.',
+    recommendedModules: ['ci-devops', 'commands', 'governance', 'benchmark'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['release safety', 'policy-controlled rollout', 'infra verification loops'],
+  },
+  {
+    key: 'oss-library',
+    label: 'OSS Library',
+    useWhen: 'Public packages or contributor-heavy repos that need a lighter governance footprint.',
+    recommendedModules: ['suggest-only profile', 'light rules', 'commands', 'README-aligned CLAUDE.md'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['low-footprint adoption', 'manual review friendliness', 'contributor-safe defaults'],
+  },
+  {
+    key: 'enterprise-governed',
+    label: 'Enterprise Governed',
+    useWhen: 'Repos with CI, permissions, hooks, and a need for auditable change controls.',
+    recommendedModules: ['governance', 'activity artifacts', 'rollback manifests', 'benchmark evidence'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['policy-aware rollout', 'approval flow readiness', 'benchmark export quality'],
+  },
+  {
+    key: 'monorepo',
+    label: 'Monorepo',
+    useWhen: 'Nx, Turborepo, Lerna, or workspace-based repos with multiple packages sharing a root.',
+    recommendedModules: ['path-specific rules', 'commands per package', 'governance', 'agents'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['package-scoped rule coverage', 'cross-package safety', 'workspace-aware starter output'],
+  },
+  {
+    key: 'mobile',
+    label: 'Mobile App',
+    useWhen: 'React Native, Flutter, Swift, or Kotlin repos with mobile-specific build and release workflows.',
+    recommendedModules: ['verification', 'commands', 'rules', 'agents'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['build verification', 'platform-specific rules', 'release workflow quality'],
+  },
+  {
+    key: 'regulated-lite',
+    label: 'Regulated Lite',
+    useWhen: 'Repos in regulated environments (fintech, health, legal) that need auditability without full enterprise governance overhead.',
+    recommendedModules: ['governance', 'activity artifacts', 'suggest-only profile', 'audit logging'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['audit trail completeness', 'change traceability', 'policy compliance readiness'],
+  },
+  {
+    key: 'ecommerce',
+    label: 'E-Commerce',
+    useWhen: 'Shopify, WooCommerce, Stripe, or storefront repos with payment, catalog, and analytics workflows.',
+    recommendedModules: ['verification', 'security workflow', 'commands', 'rules'],
+    recommendedMcpPacks: ['context7-docs', 'stripe-mcp'],
+    benchmarkFocus: ['payment safety', 'catalog workflow quality', 'analytics integration'],
+  },
+  {
+    key: 'ai-ml',
+    label: 'AI / ML',
+    useWhen: 'Repos with LLM chains, ML pipelines, model training, or AI agent workflows.',
+    recommendedModules: ['verification', 'agents', 'commands', 'benchmark'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['pipeline reproducibility', 'model workflow safety', 'experiment tracking'],
+  },
+  {
+    key: 'devops-cicd',
+    label: 'DevOps / CI/CD',
+    useWhen: 'Repos focused on CI/CD pipelines, GitHub Actions, deployment automation, or release engineering.',
+    recommendedModules: ['ci-devops', 'commands', 'hooks', 'governance'],
+    recommendedMcpPacks: ['context7-docs', 'github-mcp', 'docker-mcp'],
+    benchmarkFocus: ['pipeline safety', 'release workflow quality', 'deployment verification'],
+  },
+  {
+    key: 'design-system',
+    label: 'Design System',
+    useWhen: 'Component libraries, design token repos, or Storybook-driven projects with visual QA needs.',
+    recommendedModules: ['frontend rules', 'commands', 'verification', 'benchmark'],
+    recommendedMcpPacks: ['context7-docs', 'figma-mcp', 'playwright-mcp'],
+    benchmarkFocus: ['component quality', 'visual regression', 'token consistency'],
+  },
+  {
+    key: 'docs-content',
+    label: 'Docs / Content',
+    useWhen: 'Documentation sites, knowledge bases, or content-heavy repos (Docusaurus, GitBook, MDX).',
+    recommendedModules: ['commands', 'rules', 'verification'],
+    recommendedMcpPacks: ['context7-docs'],
+    benchmarkFocus: ['content quality', 'link integrity', 'build verification'],
+  },
+  {
+    key: 'security-focused',
+    label: 'Security-Focused',
+    useWhen: 'Repos handling auth, payments, PII, or secrets that need strict Claude guardrails.',
+    recommendedModules: ['governance', 'suggest-only profile', 'hooks', 'audit logging'],
+    recommendedMcpPacks: ['context7-docs', 'mcp-security'],
+    benchmarkFocus: ['permission posture', 'secrets protection', 'audit trail quality'],
+  },
+];
+function uniqueByKey(items) {
+  const seen = new Set();
+  const result = [];
+  for (const item of items) {
+    if (seen.has(item.key)) continue;
+    seen.add(item.key);
+    result.push(item);
+  }
+  return result;
+}
+function detectDomainPacks(ctx, stacks, assets = null) {
+  const stackKeys = new Set((stacks || []).map(stack => stack.key));
+  const pkg = ctx.jsonFile('package.json') || {};
+  const deps = ctx.projectDependencies ? ctx.projectDependencies() : { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+  const matches = [];
+  function addMatch(key, reasons) {
+    const pack = DOMAIN_PACKS.find(item => item.key === key);
+    if (!pack) return;
+    matches.push({
+      ...pack,
+      matchReasons: reasons.filter(Boolean).slice(0, 3),
+    });
+  }
+  const hasFrontend = stackKeys.has('react') || stackKeys.has('nextjs') || stackKeys.has('vue') ||
+    stackKeys.has('angular') || stackKeys.has('svelte') || ctx.hasDir('components') || ctx.hasDir('pages') ||
+    (ctx.hasDir('app') && (deps.next || deps.react || deps.vue || deps['@angular/core'] || deps.svelte));
+  const hasBackend = stackKeys.has('node') || stackKeys.has('python') || stackKeys.has('django') ||
+    stackKeys.has('fastapi') || stackKeys.has('go') || stackKeys.has('rust') || stackKeys.has('java') ||
+    ctx.hasDir('api') || ctx.hasDir('routes') || ctx.hasDir('services') || ctx.hasDir('controllers');
+  const hasData = ctx.hasDir('dags') || ctx.hasDir('jobs') || ctx.hasDir('workers') ||
+    ctx.hasDir('migrations') || ctx.hasDir('db') ||
+    deps.dbt || deps['apache-airflow'] || deps.pandas || deps.polars || deps.duckdb ||
+    deps.prefect || deps.dagster || deps['kedro'] || deps['great-expectations'];
+  const hasInfra = stackKeys.has('docker') || stackKeys.has('terraform') || stackKeys.has('kubernetes') ||
+    ctx.files.includes('wrangler.toml') || ctx.files.includes('serverless.yml') || ctx.files.includes('serverless.yaml') ||
+    ctx.files.includes('cdk.json') || ctx.hasDir('infra') || ctx.hasDir('deploy') || ctx.hasDir('helm');
+  const isOss = !!ctx.fileContent('LICENSE') && pkg.private !== true;
+  const isEnterpriseGoverned = !!(assets && assets.permissions && assets.permissions.hasDenyRules) &&
+    !!(assets && assets.files && assets.files.settings) && ctx.hasDir('.github/workflows');
+  if (hasBackend) {
+    addMatch('backend-api', [
+      'Detected backend stack or service directories.',
+      ctx.hasDir('api') ? 'API-facing structure detected.' : null,
+      ctx.hasDir('services') ? 'Service-layer directories detected.' : null,
+    ]);
+  }
+  if (hasFrontend) {
+    addMatch('frontend-ui', [
+      'Detected frontend stack or UI directories.',
+      ctx.hasDir('components') ? 'Component directories detected.' : null,
+      stackKeys.has('nextjs') ? 'Next.js stack detected.' : null,
+    ]);
+  }
+  if (hasData) {
+    addMatch('data-pipeline', [
+      'Detected worker, jobs, models, or analytics-style structure.',
+      ctx.hasDir('jobs') ? 'Job/pipeline directories detected.' : null,
+      ctx.hasDir('migrations') ? 'Migration flow detected.' : null,
+    ]);
+  }
+  if (hasInfra) {
+    addMatch('infra-platform', [
+      'Detected deployment or infrastructure signals.',
+      ctx.files.includes('wrangler.toml') ? 'Wrangler deployment config detected.' : null,
+      ctx.hasDir('deploy') ? 'Deployment directory detected.' : null,
+    ]);
+  }
+  if (isOss) {
+    addMatch('oss-library', [
+      'License and contribution guidance suggest an open-source repo.',
+      pkg.private === false ? 'package.json is not marked private.' : null,
+    ]);
+  }
+  if (isEnterpriseGoverned) {
+    addMatch('enterprise-governed', [
+      'Settings, deny rules, and CI indicate a governed team workflow.',
+      'Repo already has policy-aware Claude assets.',
+    ]);
+  }
+  // Monorepo detection
+  const isMonorepo = ctx.files.includes('nx.json') || ctx.files.includes('turbo.json') ||
+    ctx.files.includes('lerna.json') || ctx.files.includes('pnpm-workspace.yaml') ||
+    ctx.hasDir('packages') ||
+    (pkg.workspaces && (Array.isArray(pkg.workspaces) ? pkg.workspaces.length > 0 : true));
+  if (isMonorepo) {
+    addMatch('monorepo', [
+      'Detected monorepo or workspace configuration.',
+      ctx.files.includes('nx.json') ? 'Nx workspace detected.' : null,
+      ctx.files.includes('turbo.json') ? 'Turborepo detected.' : null,
+      ctx.hasDir('packages') ? 'Packages directory detected.' : null,
+    ]);
+  }
+  // Mobile detection
+  const isMobile = deps['react-native'] || deps.expo || deps.flutter ||
+    deps['@capacitor/core'] || deps['@ionic/angular'] || deps['@ionic/react'] ||
+    ctx.files.includes('Podfile') || ctx.files.includes('build.gradle') ||
+    ctx.files.includes('build.gradle.kts') || ctx.hasDir('ios') || ctx.hasDir('android');
+  if (isMobile) {
+    addMatch('mobile', [
+      'Detected mobile app structure or dependencies.',
+      deps['react-native'] ? 'React Native detected.' : null,
+      ctx.hasDir('ios') ? 'iOS directory detected.' : null,
+      ctx.hasDir('android') ? 'Android directory detected.' : null,
+    ]);
+  }
+  // Regulated-lite detection
+  const hasSecurityPolicy = ctx.files.includes('SECURITY.md');
+  const isRegulated = ctx.files.includes('COMPLIANCE.md') || ctx.hasDir('compliance') ||
+    ctx.hasDir('audit') || ctx.hasDir('policies') ||
+    (pkg.keywords && pkg.keywords.some(k => ['hipaa', 'fintech', 'compliance', 'regulated', 'sox', 'pci'].includes(k)));
+  if (isRegulated && !isEnterpriseGoverned) {
+    addMatch('regulated-lite', [
+      'Detected compliance or regulatory signals without full enterprise governance.',
+      ctx.files.includes('COMPLIANCE.md') ? 'COMPLIANCE.md present.' : null,
+      ctx.hasDir('compliance') ? 'Compliance directory detected.' : null,
+    ]);
+  }
+  // E-commerce detection
+  const isEcommerce = deps.stripe || deps['@stripe/stripe-js'] || deps.shopify || deps['@shopify/shopify-api'] ||
+    deps.woocommerce || deps.paypal || deps['@paypal/react-paypal-js'] || deps.square || deps['@adyen/adyen-web'] ||
+    deps.medusa || deps.saleor || deps.braintree || deps['@mollie/api-client'] ||
+    deps.razorpay || deps['@paddle/paddle-node-sdk'] || deps['@lemonsqueezy/lemonsqueezy.js'] ||
+    ctx.hasDir('products') || ctx.hasDir('checkout') || ctx.hasDir('cart');
+  if (isEcommerce) {
+    addMatch('ecommerce', [
+      'Detected e-commerce dependencies or storefront structure.',
+      deps.stripe ? 'Stripe dependency detected.' : null,
+      ctx.hasDir('checkout') ? 'Checkout directory detected.' : null,
+    ]);
+  }
+  // AI/ML detection
+  const isAiMl = deps.langchain || deps['@langchain/core'] || deps.openai || deps.anthropic ||
+    deps['@anthropic-ai/sdk'] || deps.transformers || deps.torch || deps.tensorflow ||
+    deps.llamaindex || deps['llama-index'] || deps.crewai || deps.autogen ||
+    deps['@ai-sdk/core'] || deps.ollama ||
+    deps['@microsoft/semantic-kernel'] || deps['haystack-ai'] || deps['dspy-ai'] ||
+    deps.instructor || deps['@google/generative-ai'] || deps.cohere || deps.mistralai ||
+    deps.langgraph || deps.litellm || deps['smolagents'] || deps.chromadb ||
+    deps['qdrant-client'] || deps['weaviate-client'] || deps['pinecone-client'] ||
+    deps['sentence-transformers'] || deps.mlflow || deps.wandb ||
+    ctx.hasDir('chains') || ctx.hasDir('agents') || ctx.hasDir('prompts') ||
+    ctx.hasDir('rag') || ctx.hasDir('retrievers') || ctx.hasDir('vectorstores') ||
+    ctx.hasDir('embeddings') || ctx.hasDir('datasets') || ctx.hasDir('experiments') ||
+    ctx.hasDir('notebooks') || ctx.files.includes('langgraph.json') || ctx.files.includes('chainlit.md');
+  if (isAiMl) {
+    addMatch('ai-ml', [
+      'Detected AI/ML dependencies or agent structure.',
+      deps.langchain || deps.langgraph ? 'LangChain or LangGraph detected.' : null,
+      deps.anthropic || deps['@anthropic-ai/sdk'] ? 'Anthropic SDK detected.' : null,
+      ctx.hasDir('chains') ? 'Chain directory detected.' : null,
+      ctx.hasDir('rag') ? 'RAG directory detected.' : null,
+    ]);
+  }
+  // DevOps/CI detection
+  const isDevopsCicd = ctx.hasDir('.github/workflows') || ctx.hasDir('.circleci') ||
+    ctx.files.includes('Jenkinsfile') || ctx.files.includes('.gitlab-ci.yml') ||
+    ctx.hasDir('deploy') || ctx.hasDir('scripts/deploy');
+  if (isDevopsCicd) {
+    addMatch('devops-cicd', [
+      'Detected CI/CD pipelines or deployment scripts.',
+      ctx.hasDir('.github/workflows') ? 'GitHub Actions detected.' : null,
+      ctx.hasDir('deploy') ? 'Deploy directory detected.' : null,
+    ]);
+  }
+  // Design system detection
+  const isDesignSystem = deps.storybook || deps['@storybook/react'] || deps['@storybook/vue3'] ||
+    deps.chromatic || deps['style-dictionary'] || deps['@tokens-studio/sd-transforms'] ||
+    deps['@radix-ui/react-primitives'] || deps['@headlessui/react'] ||
+    ctx.hasDir('tokens') || ctx.hasDir('design-tokens') || ctx.hasDir('primitives') ||
+    ctx.hasDir('.storybook') ||
+    (ctx.hasDir('components') && (deps['tailwindcss'] || deps.tailwindcss) && ctx.hasDir('packages'));
+  if (isDesignSystem) {
+    addMatch('design-system', [
+      'Detected design system or component library signals.',
+      deps.storybook ? 'Storybook detected.' : null,
+      ctx.hasDir('tokens') ? 'Design tokens detected.' : null,
+    ]);
+  }
+  // Docs/content detection
+  const isDocsContent = deps.docusaurus || deps['@docusaurus/core'] || deps.nextra || deps.vitepress ||
+    deps.gitbook || ctx.files.includes('docusaurus.config.js') || ctx.files.includes('mkdocs.yml') ||
+    (ctx.hasDir('docs') && ctx.hasDir('content'));
+  if (isDocsContent) {
+    addMatch('docs-content', [
+      'Detected documentation site or content-heavy structure.',
+      deps.docusaurus ? 'Docusaurus detected.' : null,
+      ctx.files.includes('mkdocs.yml') ? 'MkDocs detected.' : null,
+    ]);
+  }
+  // Security-focused detection
+  const hasAuthDeps = deps.bcrypt || deps.jsonwebtoken || deps.passport || deps['next-auth'] ||
+    deps['@auth/core'] || deps['lucia'] || deps['better-auth'];
+  const isSecurityFocused = (hasSecurityPolicy || hasAuthDeps) && hasBackend;
+  if (isSecurityFocused && !isRegulated) {
+    addMatch('security-focused', [
+      'Detected security-sensitive backend with auth dependencies.',
+      deps.jsonwebtoken ? 'JWT auth detected.' : null,
+      deps.passport ? 'Passport auth detected.' : null,
+    ]);
+  }
+  const deduped = uniqueByKey(matches);
+  if (deduped.length === 0) {
+    return [{
+      ...DOMAIN_PACKS.find(item => item.key === 'baseline-general'),
+      matchReasons: ['No stronger domain signal detected yet.'],
+    }];
+  }
+  return deduped;
+}
+module.exports = {
+  DOMAIN_PACKS,
+  detectDomainPacks,
+};

package/src/formatters/sarif.js ADDED Viewed

@@ -0,0 +1,115 @@
+const path = require('path');
+const { version } = require('../../package.json');
+function levelFromImpact(impact) {
+  if (impact === 'critical') return 'error';
+  if (impact === 'high') return 'warning';
+  return 'note';
+}
+function sanitizeUri(filePath) {
+  if (!filePath) return null;
+  return filePath.split(path.sep).join('/');
+}
+function buildRule(result) {
+  return {
+    id: result.id || result.key,
+    name: result.key,
+    shortDescription: { text: result.name },
+    fullDescription: { text: result.fix || result.name },
+    properties: {
+      category: result.category,
+      impact: result.impact,
+      template: result.template || null,
+    },
+  };
+}
+function buildSarifResult(result, runRoot = '.') {
+  const sarifResult = {
+    ruleId: result.id || result.key,
+    level: levelFromImpact(result.impact),
+    message: {
+      text: result.fix || result.name,
+    },
+    properties: {
+      checkKey: result.key,
+      category: result.category,
+      impact: result.impact,
+      passed: result.passed,
+      platform: result.platform || null,
+    },
+  };
+  if (result.file) {
+    sarifResult.locations = [{
+      physicalLocation: {
+        artifactLocation: {
+          uri: sanitizeUri(result.file),
+          uriBaseId: '%SRCROOT%',
+        },
+        region: result.line ? { startLine: result.line } : undefined,
+      },
+    }];
+  }
+  if (runRoot) {
+    sarifResult.properties.runRoot = sanitizeUri(runRoot);
+  }
+  return sarifResult;
+}
+function formatSarif(auditResult, options = {}) {
+  const failedResults = (auditResult.results || [])
+    .filter((result) => result.passed === false);
+  const rules = [];
+  const seenRuleIds = new Set();
+  for (const result of failedResults) {
+    const ruleId = result.id || result.key;
+    if (seenRuleIds.has(ruleId)) continue;
+    seenRuleIds.add(ruleId);
+    rules.push(buildRule(result));
+  }
+  return {
+    version: '2.1.0',
+    $schema: 'https://json.schemastore.org/sarif-2.1.0.json',
+    runs: [{
+      tool: {
+        driver: {
+          name: 'nerviq',
+          version,
+          informationUri: 'https://github.com/nerviq/nerviq',
+          rules,
+        },
+      },
+      automationDetails: {
+        id: auditResult.platform || 'claude',
+      },
+      properties: {
+        platform: auditResult.platform,
+        platformLabel: auditResult.platformLabel,
+        platformVersion: auditResult.platformVersion || null,
+        score: auditResult.score,
+        organicScore: auditResult.organicScore,
+        passed: auditResult.passed,
+        failed: auditResult.failed,
+        skipped: auditResult.skipped,
+        checkCount: auditResult.checkCount,
+      },
+      originalUriBaseIds: {
+        '%SRCROOT%': {
+          uri: sanitizeUri(options.dir || '.'),
+        },
+      },
+      results: failedResults.map((result) => buildSarifResult(result, options.dir || '.')),
+    }],
+  };
+}
+module.exports = {
+  formatSarif,
+};