@neurcode-ai/cli 0.10.0 → 0.12.0

package/dist/governance/pipeline/shared-types.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Shared types used across pipeline modules. Kept narrow to avoid a circular
+ * dependency between envelope-assembly and verify.ts.
+ */
+/** Mirror of `PolicyOnlySource` declared inside verify.ts. */
+export type PolicyOnlySource = 'explicit' | 'fallback_missing_plan' | 'ci';
+//# sourceMappingURL=shared-types.d.ts.map

package/dist/governance/pipeline/shared-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared-types.d.ts","sourceRoot":"","sources":["../../../src/governance/pipeline/shared-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,8DAA8D;AAC9D,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,uBAAuB,GAAG,IAAI,CAAC"}

package/dist/governance/pipeline/shared-types.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * Shared types used across pipeline modules. Kept narrow to avoid a circular
+ * dependency between envelope-assembly and verify.ts.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=shared-types.js.map

package/dist/governance/pipeline/shared-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared-types.js","sourceRoot":"","sources":["../../../src/governance/pipeline/shared-types.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/dist/governance/pipeline/stages/compiled-policy-stage.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Compiled Policy Stage
+ * ---------------------
+ * Loads the compiled policy artifact (signed JSON) from disk, exposes its
+ * fingerprint, and reports load/parse failures via stage status. Pure wrapper
+ * around `readCompiledPolicyArtifact` from `utils/policy-compiler`.
+ *
+ * SEMANTIC PRESERVATION:
+ *   The returned `artifact` and `error` fields are byte-identical to what
+ *   `readCompiledPolicyArtifact` returns inline. Signature verification and
+ *   strict-artifact-mode policy live in verify.ts — this stage only loads.
+ */
+import { type CompiledPolicyArtifact } from '../../../utils/policy-compiler';
+import type { GovernancePipelineStage } from '../types';
+export interface CompiledPolicyInput {
+    projectRoot: string;
+    /** Optional override path for the compiled artifact (CLI flag). */
+    compiledPolicyPath?: string;
+}
+export interface CompiledPolicyOutput {
+    path: string;
+    exists: boolean;
+    artifact: CompiledPolicyArtifact | null;
+    error?: string;
+    fingerprint: string | null;
+}
+export declare const compiledPolicyStage: GovernancePipelineStage<CompiledPolicyInput, CompiledPolicyOutput>;
+//# sourceMappingURL=compiled-policy-stage.d.ts.map

package/dist/governance/pipeline/stages/compiled-policy-stage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compiled-policy-stage.d.ts","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/compiled-policy-stage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,gCAAgC,CAAC;AAExC,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAGxD,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,sBAAsB,GAAG,IAAI,CAAC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,eAAO,MAAM,mBAAmB,EAAE,uBAAuB,CACvD,mBAAmB,EACnB,oBAAoB,CAuCrB,CAAC"}

package/dist/governance/pipeline/stages/compiled-policy-stage.js

@@ -0,0 +1,53 @@
+"use strict";
+/**
+ * Compiled Policy Stage
+ * ---------------------
+ * Loads the compiled policy artifact (signed JSON) from disk, exposes its
+ * fingerprint, and reports load/parse failures via stage status. Pure wrapper
+ * around `readCompiledPolicyArtifact` from `utils/policy-compiler`.
+ *
+ * SEMANTIC PRESERVATION:
+ *   The returned `artifact` and `error` fields are byte-identical to what
+ *   `readCompiledPolicyArtifact` returns inline. Signature verification and
+ *   strict-artifact-mode policy live in verify.ts — this stage only loads.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.compiledPolicyStage = void 0;
+const policy_compiler_1 = require("../../../utils/policy-compiler");
+const fingerprint_1 = require("../fingerprint");
+exports.compiledPolicyStage = {
+    id: 'compiled-policy',
+    determinism: 'deterministic-structural',
+    boundary: {
+        isolateFailure: true, // loading the compiled artifact is best-effort; verify.ts handles strict mode
+        required: false,
+        dependencies: [],
+    },
+    description: 'Load compiled policy artifact and expose its fingerprint for replay lineage.',
+    execute(input) {
+        const result = (0, policy_compiler_1.readCompiledPolicyArtifact)(input.projectRoot, input.compiledPolicyPath);
+        return {
+            path: result.path,
+            exists: result.exists,
+            artifact: result.artifact ?? null,
+            error: result.error,
+            fingerprint: result.artifact?.fingerprint ?? null,
+        };
+    },
+    fingerprintInput(input) {
+        return (0, fingerprint_1.fingerprintStageSignal)({
+            compiledPolicyPath: input.compiledPolicyPath ?? null,
+        });
+    },
+    fingerprintOutput(output) {
+        return (0, fingerprint_1.fingerprintStageSignal)({
+            exists: output.exists,
+            fingerprint: output.fingerprint,
+            hasError: Boolean(output.error),
+        });
+    },
+    outputItemCount(output) {
+        return output.artifact?.compilation?.deterministicRules?.length ?? 0;
+    },
+};
+//# sourceMappingURL=compiled-policy-stage.js.map

package/dist/governance/pipeline/stages/compiled-policy-stage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compiled-policy-stage.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/compiled-policy-stage.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAGH,oEAGwC;AACxC,gDAAwD;AAkB3C,QAAA,mBAAmB,GAG5B;IACF,EAAE,EAAE,iBAAiB;IACrB,WAAW,EAAE,0BAAuD;IACpE,QAAQ,EAAE;QACR,cAAc,EAAE,IAAI,EAAE,8EAA8E;QACpG,QAAQ,EAAE,KAAK;QACf,YAAY,EAAE,EAAE;KACjB;IACD,WAAW,EAAE,8EAA8E;IAE3F,OAAO,CAAC,KAA0B;QAChC,MAAM,MAAM,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACvF,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,IAAI;YACjC,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,WAAW,EAAE,MAAM,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI;SAClD,CAAC;IACJ,CAAC;IAED,gBAAgB,CAAC,KAA0B;QACzC,OAAO,IAAA,oCAAsB,EAAC;YAC5B,kBAAkB,EAAE,KAAK,CAAC,kBAAkB,IAAI,IAAI;SACrD,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,MAA4B;QAC5C,OAAO,IAAA,oCAAsB,EAAC;YAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;SAChC,CAAC,CAAC;IACL,CAAC;IAED,eAAe,CAAC,MAA4B;QAC1C,OAAO,MAAM,CAAC,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,IAAI,CAAC,CAAC;IACvE,CAAC;CACF,CAAC"}

package/dist/governance/pipeline/stages/diff-normalization-stage.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Diff Normalization Stage
+ * ------------------------
+ * Canonical stage that resolves the diff context, parses tracked/staged diff,
+ * merges untracked files, and applies the project-wide exclusion filter.
+ *
+ * SEMANTIC PRESERVATION:
+ *   This stage is a structural wrapper around the pre-existing diff loading
+ *   logic in `verify.ts`. The order of operations, the helper functions
+ *   invoked, and the returned `diffFiles` set are byte-identical to the
+ *   inline implementation. The stage adds nothing but lineage and metrics.
+ *
+ *   Specifically, this stage MUST produce the same DiffFile[] that
+ *   `verify.ts` line ~3580 produces — every downstream pipeline step
+ *   depends on that identity.
+ */
+import { type DiffFile } from '@neurcode-ai/diff-parser';
+import type { GovernancePipelineStage } from '../types';
+export type DiffMode = 'staged' | 'base' | 'head' | 'auto';
+export interface DiffNormalizationInput {
+    /** Absolute project root, used for resolving default diff context. */
+    projectRoot: string;
+    /** Requested diff mode. 'auto' resolves origin/main → origin/master → staged. */
+    mode: DiffMode;
+    /** Explicit base ref when mode === 'base'. */
+    baseRef?: string;
+    /**
+     * Function to source untracked files. Injected so we can:
+     *   - reuse verify.ts's pre-existing `getUntrackedDiffFiles` without
+     *     duplicating its excluded-file rules
+     *   - test the stage with deterministic fixtures
+     */
+    getUntrackedDiffFiles: (projectRoot: string) => DiffFile[];
+    /**
+     * Function to test whether a path should be excluded from analysis.
+     * Injected for the same reason as `getUntrackedDiffFiles`.
+     */
+    isExcludedFile: (filePath: string) => boolean;
+}
+export interface DiffNormalizationOutput {
+    /** Raw `git diff` text. */
+    diffText: string;
+    /** Human-readable label, e.g. "working tree vs origin/main". */
+    diffContextLabel: string;
+    /** Diff files after parsing and untracked merge, BEFORE exclusion filter. */
+    allDiffFiles: DiffFile[];
+    /** Diff files after exclusion filtering — canonical input to downstream stages. */
+    diffFiles: DiffFile[];
+    /** True when no tracked or untracked changes are present. */
+    emptyDiff: boolean;
+    /** Count of files removed by the exclusion filter. */
+    excludedFileCount: number;
+}
+/**
+ * Stage definition. Use with `runStage(diffNormalizationStage, input, ctx)`.
+ */
+export declare const diffNormalizationStage: GovernancePipelineStage<DiffNormalizationInput, DiffNormalizationOutput>;
+/**
+ * Pure helper for direct invocation (used both by the stage and by tests).
+ * Mirrors the semantics of the verify.ts inline implementation.
+ */
+export declare function computeDiffNormalization(input: DiffNormalizationInput): DiffNormalizationOutput;
+//# sourceMappingURL=diff-normalization-stage.d.ts.map

package/dist/governance/pipeline/stages/diff-normalization-stage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diff-normalization-stage.d.ts","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/diff-normalization-stage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EAAa,KAAK,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAIpE,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAKxD,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3D,MAAM,WAAW,sBAAsB;IACrC,sEAAsE;IACtE,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,IAAI,EAAE,QAAQ,CAAC;IACf,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;OAKG;IACH,qBAAqB,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;IAC3D;;;OAGG;IACH,cAAc,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;CAC/C;AAED,MAAM,WAAW,uBAAuB;IACtC,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,gEAAgE;IAChE,gBAAgB,EAAE,MAAM,CAAC;IACzB,6EAA6E;IAC7E,YAAY,EAAE,QAAQ,EAAE,CAAC;IACzB,mFAAmF;IACnF,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,6DAA6D;IAC7D,SAAS,EAAE,OAAO,CAAC;IACnB,sDAAsD;IACtD,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,uBAAuB,CAC1D,sBAAsB,EACtB,uBAAuB,CA4CxB,CAAC;AAEF;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,sBAAsB,GAC5B,uBAAuB,CAqEzB"}

package/dist/governance/pipeline/stages/diff-normalization-stage.js

@@ -0,0 +1,140 @@
+"use strict";
+/**
+ * Diff Normalization Stage
+ * ------------------------
+ * Canonical stage that resolves the diff context, parses tracked/staged diff,
+ * merges untracked files, and applies the project-wide exclusion filter.
+ *
+ * SEMANTIC PRESERVATION:
+ *   This stage is a structural wrapper around the pre-existing diff loading
+ *   logic in `verify.ts`. The order of operations, the helper functions
+ *   invoked, and the returned `diffFiles` set are byte-identical to the
+ *   inline implementation. The stage adds nothing but lineage and metrics.
+ *
+ *   Specifically, this stage MUST produce the same DiffFile[] that
+ *   `verify.ts` line ~3580 produces — every downstream pipeline step
+ *   depends on that identity.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.diffNormalizationStage = void 0;
+exports.computeDiffNormalization = computeDiffNormalization;
+const child_process_1 = require("child_process");
+const diff_parser_1 = require("@neurcode-ai/diff-parser");
+const git_1 = require("../../../utils/git");
+const fingerprint_1 = require("../fingerprint");
+const types_1 = require("../types");
+const GIT_DIFF_MAX_BUFFER = 1024 * 1024 * 1024;
+/**
+ * Stage definition. Use with `runStage(diffNormalizationStage, input, ctx)`.
+ */
+exports.diffNormalizationStage = {
+    id: 'diff-normalization',
+    determinism: 'deterministic-structural',
+    boundary: types_1.STRICT_REQUIRED_BOUNDARY,
+    description: 'Resolve diff context, parse tracked/staged diff, merge untracked files, apply exclusion filter.',
+    execute(input) {
+        return computeDiffNormalization(input);
+    },
+    fingerprintInput(input) {
+        return (0, fingerprint_1.fingerprintStageSignal)({
+            mode: input.mode,
+            baseRef: input.baseRef ?? null,
+            // projectRoot is intentionally excluded: identical diffs on different
+            // checkout paths must produce the same fingerprint.
+        });
+    },
+    fingerprintOutput(output) {
+        // Fingerprint is the set of analyzed file paths. Diff content fingerprinting
+        // belongs in a downstream content-hash stage; here we only commit to the shape.
+        return (0, fingerprint_1.fingerprintStageSignal)({
+            diffContextLabel: output.diffContextLabel,
+            files: output.diffFiles.map(f => ({
+                path: f.path,
+                oldPath: f.oldPath ?? null,
+                changeType: f.changeType,
+                addedLines: f.addedLines ?? 0,
+                removedLines: f.removedLines ?? 0,
+            })).sort((a, b) => (a.path < b.path ? -1 : 1)),
+            emptyDiff: output.emptyDiff,
+        });
+    },
+    inputItemCount(input) {
+        // Stable input "item count": untracked-diff resolver is the only enumerable.
+        return input.getUntrackedDiffFiles(input.projectRoot).length;
+    },
+    outputItemCount(output) {
+        return output.diffFiles.length;
+    },
+};
+/**
+ * Pure helper for direct invocation (used both by the stage and by tests).
+ * Mirrors the semantics of the verify.ts inline implementation.
+ */
+function computeDiffNormalization(input) {
+    const { projectRoot, mode, baseRef, getUntrackedDiffFiles, isExcludedFile } = input;
+    let diffText;
+    let diffContextLabel = '';
+    if (mode === 'staged') {
+        diffText = (0, child_process_1.execSync)('git diff --cached', {
+            maxBuffer: GIT_DIFF_MAX_BUFFER,
+            encoding: 'utf-8',
+        });
+        diffContextLabel = 'staged changes';
+    }
+    else if (mode === 'base' && baseRef) {
+        diffText = (0, git_1.getDiffFromBase)(baseRef);
+        diffContextLabel = `working tree vs ${baseRef}`;
+    }
+    else if (mode === 'head') {
+        diffText = (0, child_process_1.execSync)('git diff HEAD', {
+            maxBuffer: GIT_DIFF_MAX_BUFFER,
+            encoding: 'utf-8',
+        });
+        diffContextLabel = 'working tree vs HEAD';
+    }
+    else {
+        // 'auto'
+        const defaultContext = (0, git_1.resolveDefaultDiffContext)(projectRoot);
+        if (defaultContext.mode === 'base' && defaultContext.baseRef) {
+            diffText = (0, git_1.getDiffFromBase)(defaultContext.baseRef);
+            diffContextLabel = defaultContext.currentBranch
+                ? `${defaultContext.currentBranch} vs ${defaultContext.baseRef}`
+                : `working tree vs ${defaultContext.baseRef}`;
+        }
+        else {
+            diffText = (0, child_process_1.execSync)('git diff --cached', {
+                maxBuffer: GIT_DIFF_MAX_BUFFER,
+                encoding: 'utf-8',
+            });
+            diffContextLabel = 'staged changes (fallback)';
+        }
+    }
+    const untrackedDiffFiles = getUntrackedDiffFiles(projectRoot);
+    const parsedDiffFiles = diffText.trim() ? (0, diff_parser_1.parseDiff)(diffText) : [];
+    const allDiffFiles = [...parsedDiffFiles];
+    if (untrackedDiffFiles.length > 0) {
+        const existing = new Set(allDiffFiles.map(f => f.path));
+        for (const file of untrackedDiffFiles) {
+            if (!existing.has(file.path)) {
+                allDiffFiles.push(file);
+            }
+        }
+    }
+    // Filter out internal/system files before analysis.
+    const diffFiles = allDiffFiles.filter(file => {
+        const excludePath = isExcludedFile(file.path);
+        const excludeOldPath = file.oldPath ? isExcludedFile(file.oldPath) : false;
+        return !excludePath && !excludeOldPath;
+    });
+    const emptyDiff = !diffText.trim() && untrackedDiffFiles.length === 0;
+    const excludedFileCount = allDiffFiles.length - diffFiles.length;
+    return {
+        diffText,
+        diffContextLabel,
+        allDiffFiles,
+        diffFiles,
+        emptyDiff,
+        excludedFileCount,
+    };
+}
+//# sourceMappingURL=diff-normalization-stage.js.map

package/dist/governance/pipeline/stages/diff-normalization-stage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diff-normalization-stage.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/diff-normalization-stage.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAyGH,4DAuEC;AA9KD,iDAAyC;AACzC,0DAAoE;AAEpE,4CAAgF;AAChF,gDAAwD;AAExD,oCAAoD;AAEpD,MAAM,mBAAmB,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;AAwC/C;;GAEG;AACU,QAAA,sBAAsB,GAG/B;IACF,EAAE,EAAE,oBAAoB;IACxB,WAAW,EAAE,0BAAuD;IACpE,QAAQ,EAAE,gCAAwB;IAClC,WAAW,EAAE,iGAAiG;IAE9G,OAAO,CAAC,KAA6B;QACnC,OAAO,wBAAwB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,gBAAgB,CAAC,KAA6B;QAC5C,OAAO,IAAA,oCAAsB,EAAC;YAC5B,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI;YAC9B,sEAAsE;YACtE,oDAAoD;SACrD,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,MAA+B;QAC/C,6EAA6E;QAC7E,gFAAgF;QAChF,OAAO,IAAA,oCAAsB,EAAC;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAChC,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,IAAI;gBAC1B,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,UAAU,EAAE,CAAC,CAAC,UAAU,IAAI,CAAC;gBAC7B,YAAY,EAAE,CAAC,CAAC,YAAY,IAAI,CAAC;aAClC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,cAAc,CAAC,KAA6B;QAC1C,6EAA6E;QAC7E,OAAO,KAAK,CAAC,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;IAC/D,CAAC;IAED,eAAe,CAAC,MAA+B;QAC7C,OAAO,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;IACjC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,SAAgB,wBAAwB,CACtC,KAA6B;IAE7B,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAEpF,IAAI,QAAgB,CAAC;IACrB,IAAI,gBAAgB,GAAG,EAAE,CAAC;IAE1B,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,QAAQ,GAAG,IAAA,wBAAQ,EAAC,mBAAmB,EAAE;YACvC,SAAS,EAAE,mBAAmB;YAC9B,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,gBAAgB,GAAG,gBAAgB,CAAC;IACtC,CAAC;SAAM,IAAI,IAAI,KAAK,MAAM,IAAI,OAAO,EAAE,CAAC;QACtC,QAAQ,GAAG,IAAA,qBAAe,EAAC,OAAO,CAAC,CAAC;QACpC,gBAAgB,GAAG,mBAAmB,OAAO,EAAE,CAAC;IAClD,CAAC;SAAM,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,QAAQ,GAAG,IAAA,wBAAQ,EAAC,eAAe,EAAE;YACnC,SAAS,EAAE,mBAAmB;YAC9B,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,gBAAgB,GAAG,sBAAsB,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,SAAS;QACT,MAAM,cAAc,GAAG,IAAA,+BAAyB,EAAC,WAAW,CAAC,CAAC;QAC9D,IAAI,cAAc,CAAC,IAAI,KAAK,MAAM,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;YAC7D,QAAQ,GAAG,IAAA,qBAAe,EAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACnD,gBAAgB,GAAG,cAAc,CAAC,aAAa;gBAC7C,CAAC,CAAC,GAAG,cAAc,CAAC,aAAa,OAAO,cAAc,CAAC,OAAO,EAAE;gBAChE,CAAC,CAAC,mBAAmB,cAAc,CAAC,OAAO,EAAE,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,IAAA,wBAAQ,EAAC,mBAAmB,EAAE;gBACvC,SAAS,EAAE,mBAAmB;gBAC9B,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YACH,gBAAgB,GAAG,2BAA2B,CAAC;QACjD,CAAC;IACH,CAAC;IAED,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,WAAW,CAAC,CAAC;IAC9D,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAA,uBAAS,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEnE,MAAM,YAAY,GAAe,CAAC,GAAG,eAAe,CAAC,CAAC;IACtD,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACxD,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QAC3C,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC3E,OAAO,CAAC,WAAW,IAAI,CAAC,cAAc,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,CAAC;IACtE,MAAM,iBAAiB,GAAG,YAAY,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;IAEjE,OAAO;QACL,QAAQ;QACR,gBAAgB;QAChB,YAAY;QACZ,SAAS;QACT,SAAS;QACT,iBAAiB;KAClB,CAAC;AACJ,CAAC"}

package/dist/governance/pipeline/stages/governance-synthesis-stage.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Governance Synthesis Stage
+ * --------------------------
+ * Wraps `attachCanonicalGovernance` — the single canonical pipeline entry point
+ * that converts heterogeneous raw violations into the deterministic
+ * `GovernanceVerificationEnvelope`. After attachment, each finding is stamped
+ * with its computation-graph stage of origin (inferred from `sourceSystem`).
+ *
+ * SEMANTIC PRESERVATION:
+ *   - The envelope structure, finding IDs, replay checksum, and ordering
+ *     produced by `attachCanonicalGovernance` are preserved BYTE-FOR-BYTE.
+ *   - Lineage stamping writes ONLY into `provenanceMetadata.producedByStage`,
+ *     which is excluded from the canonical finding identity and from the
+ *     replay-checksum input. Verified in `canonical-invariants.ts`.
+ *
+ *   This stage is therefore observability-additive: removing the stamp call
+ *   restores byte-for-byte identical output.
+ */
+import type { GovernanceFinding, GovernanceStageResult, GovernanceVerificationEnvelope } from '@neurcode-ai/contracts';
+import { stampFindingLineage } from '../lineage';
+import type { GovernancePipelineStage } from '../types';
+export interface GovernanceSynthesisInput {
+    /** Verify payload with raw violations already attached (structuralViolations, policyViolations, intentIssues, ...). */
+    payload: Record<string, unknown>;
+}
+export interface GovernanceSynthesisOutput {
+    payload: Record<string, unknown>;
+    envelope: GovernanceVerificationEnvelope;
+    findings: GovernanceFinding[];
+}
+export declare const governanceSynthesisStage: GovernancePipelineStage<GovernanceSynthesisInput, GovernanceSynthesisOutput>;
+/**
+ * Pure helper: synthesize the canonical governance envelope from a verify
+ * payload, then stamp computation-graph lineage onto every finding.
+ *
+ * Identical to `governanceSynthesisStage.execute({ payload })` but callable
+ * without a pipeline context. Use this from verify.ts code paths that emit
+ * canonical JSON directly (early-exit branches, etc.).
+ *
+ * Guarantee: this function preserves the byte identity of the canonical
+ * envelope produced by `attachCanonicalGovernance`. Lineage stamping only
+ * writes to `provenanceMetadata.producedByStage`, which is excluded from
+ * the finding identity and from `replayChecksum`.
+ */
+export declare function synthesizeGovernance(payload: Record<string, unknown>, options?: {
+    pipelineLedger?: readonly GovernanceStageResult[];
+}): GovernanceSynthesisOutput;
+/**
+ * Re-export for callers that want to stamp lineage on findings they
+ * manufactured outside this stage.
+ */
+export { stampFindingLineage };
+//# sourceMappingURL=governance-synthesis-stage.d.ts.map

package/dist/governance/pipeline/stages/governance-synthesis-stage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"governance-synthesis-stage.d.ts","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/governance-synthesis-stage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EACV,iBAAiB,EAEjB,qBAAqB,EACrB,8BAA8B,EAC/B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEjD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,UAAU,CAAC;AAGxD,MAAM,WAAW,wBAAwB;IACvC,uHAAuH;IACvH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,QAAQ,EAAE,8BAA8B,CAAC;IACzC,QAAQ,EAAE,iBAAiB,EAAE,CAAC;CAC/B;AA8BD,eAAO,MAAM,wBAAwB,EAAE,uBAAuB,CAC5D,wBAAwB,EACxB,yBAAyB,CAqC1B,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,GAAE;IAAE,cAAc,CAAC,EAAE,SAAS,qBAAqB,EAAE,CAAA;CAAO,GAClE,yBAAyB,CA+B3B;AAED;;;GAGG;AACH,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/governance/pipeline/stages/governance-synthesis-stage.js

@@ -0,0 +1,129 @@
+"use strict";
+/**
+ * Governance Synthesis Stage
+ * --------------------------
+ * Wraps `attachCanonicalGovernance` — the single canonical pipeline entry point
+ * that converts heterogeneous raw violations into the deterministic
+ * `GovernanceVerificationEnvelope`. After attachment, each finding is stamped
+ * with its computation-graph stage of origin (inferred from `sourceSystem`).
+ *
+ * SEMANTIC PRESERVATION:
+ *   - The envelope structure, finding IDs, replay checksum, and ordering
+ *     produced by `attachCanonicalGovernance` are preserved BYTE-FOR-BYTE.
+ *   - Lineage stamping writes ONLY into `provenanceMetadata.producedByStage`,
+ *     which is excluded from the canonical finding identity and from the
+ *     replay-checksum input. Verified in `canonical-invariants.ts`.
+ *
+ *   This stage is therefore observability-additive: removing the stamp call
+ *   restores byte-for-byte identical output.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stampFindingLineage = exports.governanceSynthesisStage = void 0;
+exports.synthesizeGovernance = synthesizeGovernance;
+const canonical_pipeline_1 = require("../../canonical-pipeline");
+const fingerprint_1 = require("../fingerprint");
+const lineage_1 = require("../lineage");
+Object.defineProperty(exports, "stampFindingLineage", { enumerable: true, get: function () { return lineage_1.stampFindingLineage; } });
+const summary_1 = require("../summary");
+const types_1 = require("../types");
+/**
+ * Map a canonical sourceSystem to the stage in the pipeline that emitted it.
+ * Used for inferring lineage when stages did not stamp directly.
+ */
+function inferStageFromSourceSystem(source) {
+    switch (source) {
+        case 'structural-rules':
+            return 'structural-analysis';
+        case 'policy-engine':
+            return 'policy-evaluation';
+        case 'intent-engine':
+            return 'intent-evaluation';
+        case 'governance-runtime':
+            return 'runtime-guard';
+        case 'replay-runtime':
+            return 'replay-integrity';
+        case 'semantic-index':
+            return 'semantic-analysis';
+        case 'ci-adapter':
+            return 'ci-shaping';
+        case 'pilot-metrics':
+            return 'telemetry-harvest';
+        case 'workspace-federation':
+        default:
+            return 'governance-synthesis';
+    }
+}
+exports.governanceSynthesisStage = {
+    id: 'governance-synthesis',
+    determinism: 'deterministic-structural',
+    boundary: {
+        ...types_1.STRICT_REQUIRED_BOUNDARY,
+        dependencies: ['structural-analysis'],
+    },
+    description: 'Build canonical GovernanceVerificationEnvelope from raw violations; stamp findings with computation-graph lineage.',
+    execute(input) {
+        return synthesizeGovernance(input.payload);
+    },
+    fingerprintInput(input) {
+        const p = input.payload;
+        return (0, fingerprint_1.fingerprintStageSignal)({
+            structuralCount: Array.isArray(p.structuralViolations) ? p.structuralViolations.length : 0,
+            policyCount: Array.isArray(p.violations) ? p.violations.length : 0,
+            intentCount: Array.isArray(p.intentIssues) ? p.intentIssues.length : 0,
+            flowCount: Array.isArray(p.flowIssues) ? p.flowIssues.length : 0,
+            regressionCount: Array.isArray(p.regressions) ? p.regressions.length : 0,
+            planId: typeof p.planId === 'string' ? p.planId : null,
+        });
+    },
+    fingerprintOutput(output) {
+        // Output fingerprint is the envelope's replay checksum (already deterministic
+        // and computed from canonical sorted findings). This keeps the stage's
+        // replay fingerprint and the envelope's checksum in lockstep.
+        return output.envelope.replayChecksum;
+    },
+    outputItemCount(output) {
+        return output.findings.length;
+    },
+};
+/**
+ * Pure helper: synthesize the canonical governance envelope from a verify
+ * payload, then stamp computation-graph lineage onto every finding.
+ *
+ * Identical to `governanceSynthesisStage.execute({ payload })` but callable
+ * without a pipeline context. Use this from verify.ts code paths that emit
+ * canonical JSON directly (early-exit branches, etc.).
+ *
+ * Guarantee: this function preserves the byte identity of the canonical
+ * envelope produced by `attachCanonicalGovernance`. Lineage stamping only
+ * writes to `provenanceMetadata.producedByStage`, which is excluded from
+ * the finding identity and from `replayChecksum`.
+ */
+function synthesizeGovernance(payload, options = {}) {
+    const enriched = (0, canonical_pipeline_1.attachCanonicalGovernance)(payload);
+    const envelope = enriched.governanceVerification;
+    if (!envelope) {
+        throw new Error('governance-synthesis invariant violated: attachCanonicalGovernance did not attach an envelope');
+    }
+    for (const f of envelope.findings) {
+        const inferred = inferStageFromSourceSystem(f.sourceSystem);
+        if (!f.provenanceMetadata) {
+            f.provenanceMetadata = { producedByStage: inferred };
+        }
+        else if (!f.provenanceMetadata.producedByStage) {
+            f.provenanceMetadata.producedByStage = inferred;
+        }
+    }
+    // Optional: attach pipeline-summary observability to the envelope. This
+    // additive surface is excluded from finding identity and from replayChecksum
+    // by design (see canonical-finding.ts and canonical-invariants.ts), so it
+    // cannot perturb replay drift detection.
+    if (options.pipelineLedger && options.pipelineLedger.length > 0) {
+        envelope.pipelineSummary = (0, summary_1.buildPipelineSummary)(options.pipelineLedger);
+    }
+    return {
+        payload: enriched,
+        envelope,
+        findings: envelope.findings,
+    };
+}
+//# sourceMappingURL=governance-synthesis-stage.js.map

package/dist/governance/pipeline/stages/governance-synthesis-stage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"governance-synthesis-stage.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/governance-synthesis-stage.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;AA4GH,oDAkCC;AAtID,iEAAqE;AACrE,gDAAwD;AACxD,wCAAiD;AA0IxC,oGA1IA,6BAAmB,OA0IA;AAzI5B,wCAAkD;AAElD,oCAAoD;AAapD;;;GAGG;AACH,SAAS,0BAA0B,CAAC,MAAc;IAChD,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,kBAAkB;YACrB,OAAO,qBAAqB,CAAC;QAC/B,KAAK,eAAe;YAClB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,eAAe;YAClB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,oBAAoB;YACvB,OAAO,eAAe,CAAC;QACzB,KAAK,gBAAgB;YACnB,OAAO,kBAAkB,CAAC;QAC5B,KAAK,gBAAgB;YACnB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,YAAY;YACf,OAAO,YAAY,CAAC;QACtB,KAAK,eAAe;YAClB,OAAO,mBAAmB,CAAC;QAC7B,KAAK,sBAAsB,CAAC;QAC5B;YACE,OAAO,sBAAsB,CAAC;IAClC,CAAC;AACH,CAAC;AAEY,QAAA,wBAAwB,GAGjC;IACF,EAAE,EAAE,sBAAsB;IAC1B,WAAW,EAAE,0BAA0B;IACvC,QAAQ,EAAE;QACR,GAAG,gCAAwB;QAC3B,YAAY,EAAE,CAAC,qBAAqB,CAAC;KACtC;IACD,WAAW,EACT,oHAAoH;IAEtH,OAAO,CAAC,KAA+B;QACrC,OAAO,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,gBAAgB,CAAC,KAA+B;QAC9C,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;QACxB,OAAO,IAAA,oCAAsB,EAAC;YAC5B,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC1F,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAClE,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACtE,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAChE,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACxE,MAAM,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;SACvD,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,MAAiC;QACjD,8EAA8E;QAC9E,uEAAuE;QACvE,8DAA8D;QAC9D,OAAO,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC;IACxC,CAAC;IAED,eAAe,CAAC,MAAiC;QAC/C,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IAChC,CAAC;CACF,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,SAAgB,oBAAoB,CAClC,OAAgC,EAChC,UAAiE,EAAE;IAEnE,MAAM,QAAQ,GAAG,IAAA,8CAAyB,EAAC,OAAO,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,sBAAoE,CAAC;IAC/F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAC5D,IAAI,CAAC,CAAC,CAAC,kBAAkB,EAAE,CAAC;YAC1B,CAAC,CAAC,kBAAkB,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;QACvD,CAAC;aAAM,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,eAAe,EAAE,CAAC;YACjD,CAAC,CAAC,kBAAkB,CAAC,eAAe,GAAG,QAAQ,CAAC;QAClD,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,6EAA6E;IAC7E,0EAA0E;IAC1E,yCAAyC;IACzC,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,QAAQ,CAAC,eAAe,GAAG,IAAA,8BAAoB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,OAAO,EAAE,QAAQ;QACjB,QAAQ;QACR,QAAQ,EAAE,QAAQ,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC"}

package/dist/governance/pipeline/stages/index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Pipeline stage definitions — public re-exports.
+ *
+ * Each stage is a behavior-preserving wrapper around an existing verify.ts
+ * code region. The wrappers add stage lineage, deterministic fingerprinting,
+ * timing metrics, dependency declarations, and failure-isolation policy.
+ *
+ * STAGE-EXTRACTION STATUS (this phase):
+ *   - diff-normalization      ✓ wrapper + wired in verify.ts
+ *   - policy-lock             ✓ wrapper (wire-in deferred to next phase)
+ *   - compiled-policy         ✓ wrapper (wire-in deferred to next phase)
+ *   - structural-analysis     ✓ wrapper (wire-in deferred to next phase)
+ *   - runtime-guard           ✓ wrapper (wire-in deferred to next phase)
+ *   - governance-synthesis    ✓ wrapper + wired in verify.ts
+ *
+ * REMAINING STAGES (designed but not yet implemented):
+ *   plan-sync, policy-exceptions, intent-evaluation, semantic-analysis,
+ *   policy-evaluation, suppression-evaluation, advisory-signals,
+ *   change-contract, ai-debt-budget, provenance-generation,
+ *   replay-integrity, remediation-export-preparation, evidence-generation,
+ *   telemetry-harvest, ci-shaping, output-rendering.
+ */
+export { compiledPolicyStage, type CompiledPolicyInput, type CompiledPolicyOutput, } from './compiled-policy-stage';
+export { diffNormalizationStage, computeDiffNormalization, type DiffMode, type DiffNormalizationInput, type DiffNormalizationOutput, } from './diff-normalization-stage';
+export { governanceSynthesisStage, synthesizeGovernance, type GovernanceSynthesisInput, type GovernanceSynthesisOutput, } from './governance-synthesis-stage';
+export { policyLockStage, type PolicyLockInput, type PolicyLockOutput, } from './policy-lock-stage';
+export { runtimeGuardStage, type RuntimeGuardInput, type RuntimeGuardOutput, } from './runtime-guard-stage';
+export { structuralAnalysisStage, type StructuralAnalysisInput, type StructuralAnalysisOutput, } from './structural-analysis-stage';
+//# sourceMappingURL=index.d.ts.map

package/dist/governance/pipeline/stages/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EACL,mBAAmB,EACnB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,wBAAwB,EACxB,KAAK,QAAQ,EACb,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,GAC/B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,eAAe,EACf,KAAK,eAAe,EACpB,KAAK,gBAAgB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,uBAAuB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,GAC9B,MAAM,6BAA6B,CAAC"}

package/dist/governance/pipeline/stages/index.js

@@ -0,0 +1,40 @@
+"use strict";
+/**
+ * Pipeline stage definitions — public re-exports.
+ *
+ * Each stage is a behavior-preserving wrapper around an existing verify.ts
+ * code region. The wrappers add stage lineage, deterministic fingerprinting,
+ * timing metrics, dependency declarations, and failure-isolation policy.
+ *
+ * STAGE-EXTRACTION STATUS (this phase):
+ *   - diff-normalization      ✓ wrapper + wired in verify.ts
+ *   - policy-lock             ✓ wrapper (wire-in deferred to next phase)
+ *   - compiled-policy         ✓ wrapper (wire-in deferred to next phase)
+ *   - structural-analysis     ✓ wrapper (wire-in deferred to next phase)
+ *   - runtime-guard           ✓ wrapper (wire-in deferred to next phase)
+ *   - governance-synthesis    ✓ wrapper + wired in verify.ts
+ *
+ * REMAINING STAGES (designed but not yet implemented):
+ *   plan-sync, policy-exceptions, intent-evaluation, semantic-analysis,
+ *   policy-evaluation, suppression-evaluation, advisory-signals,
+ *   change-contract, ai-debt-budget, provenance-generation,
+ *   replay-integrity, remediation-export-preparation, evidence-generation,
+ *   telemetry-harvest, ci-shaping, output-rendering.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.structuralAnalysisStage = exports.runtimeGuardStage = exports.policyLockStage = exports.synthesizeGovernance = exports.governanceSynthesisStage = exports.computeDiffNormalization = exports.diffNormalizationStage = exports.compiledPolicyStage = void 0;
+var compiled_policy_stage_1 = require("./compiled-policy-stage");
+Object.defineProperty(exports, "compiledPolicyStage", { enumerable: true, get: function () { return compiled_policy_stage_1.compiledPolicyStage; } });
+var diff_normalization_stage_1 = require("./diff-normalization-stage");
+Object.defineProperty(exports, "diffNormalizationStage", { enumerable: true, get: function () { return diff_normalization_stage_1.diffNormalizationStage; } });
+Object.defineProperty(exports, "computeDiffNormalization", { enumerable: true, get: function () { return diff_normalization_stage_1.computeDiffNormalization; } });
+var governance_synthesis_stage_1 = require("./governance-synthesis-stage");
+Object.defineProperty(exports, "governanceSynthesisStage", { enumerable: true, get: function () { return governance_synthesis_stage_1.governanceSynthesisStage; } });
+Object.defineProperty(exports, "synthesizeGovernance", { enumerable: true, get: function () { return governance_synthesis_stage_1.synthesizeGovernance; } });
+var policy_lock_stage_1 = require("./policy-lock-stage");
+Object.defineProperty(exports, "policyLockStage", { enumerable: true, get: function () { return policy_lock_stage_1.policyLockStage; } });
+var runtime_guard_stage_1 = require("./runtime-guard-stage");
+Object.defineProperty(exports, "runtimeGuardStage", { enumerable: true, get: function () { return runtime_guard_stage_1.runtimeGuardStage; } });
+var structural_analysis_stage_1 = require("./structural-analysis-stage");
+Object.defineProperty(exports, "structuralAnalysisStage", { enumerable: true, get: function () { return structural_analysis_stage_1.structuralAnalysisStage; } });
+//# sourceMappingURL=index.js.map

package/dist/governance/pipeline/stages/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/stages/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;AAEH,iEAIiC;AAH/B,4HAAA,mBAAmB,OAAA;AAIrB,uEAMoC;AALlC,kIAAA,sBAAsB,OAAA;AACtB,oIAAA,wBAAwB,OAAA;AAK1B,2EAKsC;AAJpC,sIAAA,wBAAwB,OAAA;AACxB,kIAAA,oBAAoB,OAAA;AAItB,yDAI6B;AAH3B,oHAAA,eAAe,OAAA;AAIjB,6DAI+B;AAH7B,wHAAA,iBAAiB,OAAA;AAInB,yEAIqC;AAHnC,oIAAA,uBAAuB,OAAA"}

package/dist/governance/pipeline/stages/policy-lock-stage.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Policy Lock Stage
+ * -----------------
+ * Verifies the policy lock fingerprint against the currently-resolved policy
+ * snapshot. This is a thin wrapper around `evaluatePolicyLock` from
+ * `utils/policy-packs` — it preserves all existing semantics and only adds
+ * stage lineage, fingerprinting, and replay receipts.
+ *
+ * SEMANTIC PRESERVATION:
+ *   The output `enforced`, `matched`, `lockPresent`, `lockPath`, and
+ *   `mismatches[]` fields are produced by `evaluatePolicyLock` directly —
+ *   they MUST be identical to the values verify.ts records inline.
+ */
+import { type PolicyLockMismatch, type PolicyStateSnapshot } from '../../../utils/policy-packs';
+import type { GovernancePipelineStage } from '../types';
+export interface PolicyLockInput {
+    projectRoot: string;
+    currentSnapshot: PolicyStateSnapshot;
+    requireLock: boolean;
+    skipLock: boolean;
+}
+export interface PolicyLockOutput {
+    enforced: boolean;
+    matched: boolean;
+    lockPresent: boolean;
+    lockPath: string;
+    mismatches: PolicyLockMismatch[];
+    skipped: boolean;
+}
+export declare const policyLockStage: GovernancePipelineStage<PolicyLockInput, PolicyLockOutput>;
+//# sourceMappingURL=policy-lock-stage.d.ts.map