npm - @neurcode-ai/cli - Versions diffs - 0.10.1 → 0.12.0 - Mend

@neurcode-ai/cli 0.10.1 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/dist/governance/pipeline/orchestration/intent-drift-orchestration.js ADDED Viewed

@@ -0,0 +1,102 @@
+"use strict";
+/**
+ * Intent Drift Orchestration
+ * ---------------------------
+ * Wraps the intent-governance module (`governance/intent/*`) into an
+ * orchestration surface consumable by verify.ts. Pattern matches the other
+ * orchestration modules:
+ *
+ *   - Caller hands us inputs (projectRoot, diffFiles, options).
+ *   - We load the contract, run drift detection, return a typed result.
+ *   - We do NOT render, log, or emit JSON. Caller owns presentation.
+ *   - On any internal error, we return a safe empty result. Drift detection
+ *     is opt-in; a malformed contract must never break verification.
+ *
+ * Phase 1 INVARIANT: drift detection is ADVISORY by default. The detector
+ * only emits BLOCK-severity violations when `enforce: true` is passed
+ * explicitly. Callers wishing to enforce must read the contract's
+ * enforcement signal (a future schema field, or an environment opt-in).
+ *
+ * Intelligence classification: DETERMINISTIC (delegated to inner module).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runIntentDriftOrchestration = runIntentDriftOrchestration;
+const intent_1 = require("../../intent");
+// ── Public API ───────────────────────────────────────────────────────────────
+/**
+ * Run the intent-drift detection orchestration. Safe to call on every verify run.
+ *
+ * Cost model:
+ *   - No contract → ~1ms (filesystem stat + early return).
+ *   - Contract present → proportional to (diff size × layer count). For a typical
+ *     50-file diff against a 5-layer contract, well under 50ms.
+ */
+function runIntentDriftOrchestration(input) {
+    let load;
+    try {
+        load = (0, intent_1.loadIntentContract)(input.projectRoot, input.contractPath);
+    }
+    catch (err) {
+        // Defensive: loadIntentContract is already non-throwing, but we guard
+        // against future regressions and unexpected runtime errors.
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+            contractPresent: false,
+            contractPath: input.contractPath ?? '<unresolved>',
+            contractErrors: [`unexpected error loading intent contract: ${msg}`],
+            contractWarnings: [],
+            enforced: false,
+            report: (0, intent_1.runDriftDetection)({
+                graph: intent_1.EMPTY_INTENT_GRAPH,
+                diffFiles: [],
+            }),
+        };
+    }
+    if (!load.exists || load.errors.length > 0) {
+        return {
+            contractPresent: load.exists,
+            contractPath: load.path,
+            contractErrors: load.errors,
+            contractWarnings: load.warnings,
+            enforced: false,
+            report: (0, intent_1.runDriftDetection)({
+                graph: intent_1.EMPTY_INTENT_GRAPH,
+                diffFiles: [],
+            }),
+        };
+    }
+    const enforce = input.enforce === true;
+    let report;
+    try {
+        report = (0, intent_1.runDriftDetection)({
+            graph: load.graph,
+            diffFiles: input.diffFiles,
+            enforce,
+        });
+    }
+    catch (err) {
+        // Defensive: runDriftDetection is pure but we wrap to satisfy the
+        // "drift detection must never break verification" guarantee.
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+            contractPresent: true,
+            contractPath: load.path,
+            contractErrors: [`unexpected error running drift detection: ${msg}`],
+            contractWarnings: load.warnings,
+            enforced: enforce,
+            report: (0, intent_1.runDriftDetection)({
+                graph: intent_1.EMPTY_INTENT_GRAPH,
+                diffFiles: [],
+            }),
+        };
+    }
+    return {
+        contractPresent: true,
+        contractPath: load.path,
+        contractErrors: load.errors,
+        contractWarnings: load.warnings,
+        enforced: enforce,
+        report,
+    };
+}
+//# sourceMappingURL=intent-drift-orchestration.js.map

package/dist/governance/pipeline/orchestration/intent-drift-orchestration.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"intent-drift-orchestration.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/orchestration/intent-drift-orchestration.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;GAmBG;;AA0DH,kEAsEC;AA9HD,yCAMsB;AAwCtB,gFAAgF;AAEhF;;;;;;;GAOG;AACH,SAAgB,2BAA2B,CACzC,KAAoC;IAEpC,IAAI,IAA8B,CAAC;IACnC,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,2BAAkB,EAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,sEAAsE;QACtE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO;YACL,eAAe,EAAE,KAAK;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,cAAc;YAClD,cAAc,EAAE,CAAC,6CAA6C,GAAG,EAAE,CAAC;YACpE,gBAAgB,EAAE,EAAE;YACpB,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAA,0BAAiB,EAAC;gBACxB,KAAK,EAAE,2BAAkB;gBACzB,SAAS,EAAE,EAAE;aACd,CAAC;SACH,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,eAAe,EAAE,IAAI,CAAC,MAAM;YAC5B,YAAY,EAAE,IAAI,CAAC,IAAI;YACvB,cAAc,EAAE,IAAI,CAAC,MAAM;YAC3B,gBAAgB,EAAE,IAAI,CAAC,QAAQ;YAC/B,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAA,0BAAiB,EAAC;gBACxB,KAAK,EAAE,2BAAkB;gBACzB,SAAS,EAAE,EAAE;aACd,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,KAAK,IAAI,CAAC;IACvC,IAAI,MAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,0BAAiB,EAAC;YACzB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kEAAkE;QAClE,6DAA6D;QAC7D,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO;YACL,eAAe,EAAE,IAAI;YACrB,YAAY,EAAE,IAAI,CAAC,IAAI;YACvB,cAAc,EAAE,CAAC,6CAA6C,GAAG,EAAE,CAAC;YACpE,gBAAgB,EAAE,IAAI,CAAC,QAAQ;YAC/B,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,IAAA,0BAAiB,EAAC;gBACxB,KAAK,EAAE,2BAAkB;gBACzB,SAAS,EAAE,EAAE;aACd,CAAC;SACH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,eAAe,EAAE,IAAI;QACrB,YAAY,EAAE,IAAI,CAAC,IAAI;QACvB,cAAc,EAAE,IAAI,CAAC,MAAM;QAC3B,gBAAgB,EAAE,IAAI,CAAC,QAAQ;QAC/B,QAAQ,EAAE,OAAO;QACjB,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/governance/pipeline/orchestration/plan-structural-analysis.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Plan-Mode Structural Analysis Orchestration
+ * --------------------------------------------
+ * Extracts the inline structural-engine invocation previously at
+ * `commands/verify.ts:4416–4440`. Unlike `structuralAnalysisStage` which
+ * wraps `runStructuralOnDiffFiles`, the plan-mode invocation uses the
+ * lower-level `StructuralRuleEngine.analyze()` API that requires explicit
+ * file-content reads BEFORE analysis.
+ *
+ * SEMANTIC PRESERVATION:
+ *   - file reads are isolated per-file with the same try/swallow pattern
+ *   - the outer try/catch is preserved (engine failure must never abort
+ *     verify; we return zero-violation defaults instead)
+ *   - the returned shape matches the inline `let` updates exactly
+ *
+ * REPLAY:
+ *   The order of file reads (the diffFiles iteration order) is preserved,
+ *   and the StructuralRuleEngine output ordering is left untouched. The
+ *   downstream canonical pipeline sorts by stable keys, so even if read
+ *   order changed it would not affect replay checksums — but we preserve
+ *   it as a defensive guarantee.
+ */
+import { type StructuralViolation } from '../../../structural-rules';
+import type { DiffFile } from '@neurcode-ai/diff-parser';
+export interface PlanStructuralAnalysisInput {
+    projectRoot: string;
+    diffFiles: ReadonlyArray<DiffFile>;
+}
+export interface PlanStructuralAnalysisResult {
+    violations: StructuralViolation[];
+    rulesApplied: string[];
+    suppressedCount: number;
+}
+/**
+ * Run the plan-mode structural engine. Replaces the inline block.
+ * Returns a default zero-violation result on empty input or on engine fault
+ * (preserving the original "non-fatal: structural engine errors must never
+ * break verification" invariant).
+ */
+export declare function runPlanStructuralAnalysis(input: PlanStructuralAnalysisInput): PlanStructuralAnalysisResult;
+//# sourceMappingURL=plan-structural-analysis.d.ts.map

package/dist/governance/pipeline/orchestration/plan-structural-analysis.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"plan-structural-analysis.d.ts","sourceRoot":"","sources":["../../../../src/governance/pipeline/orchestration/plan-structural-analysis.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,OAAO,EAAqC,KAAK,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACxG,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEzD,MAAM,WAAW,2BAA2B;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;CACzB;AAQD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,2BAA2B,GACjC,4BAA4B,CA+B9B"}

package/dist/governance/pipeline/orchestration/plan-structural-analysis.js ADDED Viewed

@@ -0,0 +1,74 @@
+"use strict";
+/**
+ * Plan-Mode Structural Analysis Orchestration
+ * --------------------------------------------
+ * Extracts the inline structural-engine invocation previously at
+ * `commands/verify.ts:4416–4440`. Unlike `structuralAnalysisStage` which
+ * wraps `runStructuralOnDiffFiles`, the plan-mode invocation uses the
+ * lower-level `StructuralRuleEngine.analyze()` API that requires explicit
+ * file-content reads BEFORE analysis.
+ *
+ * SEMANTIC PRESERVATION:
+ *   - file reads are isolated per-file with the same try/swallow pattern
+ *   - the outer try/catch is preserved (engine failure must never abort
+ *     verify; we return zero-violation defaults instead)
+ *   - the returned shape matches the inline `let` updates exactly
+ *
+ * REPLAY:
+ *   The order of file reads (the diffFiles iteration order) is preserved,
+ *   and the StructuralRuleEngine output ordering is left untouched. The
+ *   downstream canonical pipeline sorts by stable keys, so even if read
+ *   order changed it would not affect replay checksums — but we preserve
+ *   it as a defensive guarantee.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runPlanStructuralAnalysis = runPlanStructuralAnalysis;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const structural_rules_1 = require("../../../structural-rules");
+const EMPTY_RESULT = {
+    violations: [],
+    rulesApplied: [],
+    suppressedCount: 0,
+};
+/**
+ * Run the plan-mode structural engine. Replaces the inline block.
+ * Returns a default zero-violation result on empty input or on engine fault
+ * (preserving the original "non-fatal: structural engine errors must never
+ * break verification" invariant).
+ */
+function runPlanStructuralAnalysis(input) {
+    if (input.diffFiles.length === 0) {
+        return { ...EMPTY_RESULT };
+    }
+    try {
+        const structuralEngine = (0, structural_rules_1.createDefaultStructuralRuleEngine)();
+        const filesToAnalyze = [];
+        for (const df of input.diffFiles) {
+            const absPath = (0, path_1.join)(input.projectRoot, df.path);
+            if ((0, fs_1.existsSync)(absPath)) {
+                try {
+                    const sourceText = (0, fs_1.readFileSync)(absPath, 'utf-8');
+                    filesToAnalyze.push({ filePath: df.path, sourceText });
+                }
+                catch {
+                    // Skip unreadable files (preserved invariant).
+                }
+            }
+        }
+        if (filesToAnalyze.length === 0) {
+            return { ...EMPTY_RESULT };
+        }
+        const structuralResult = structuralEngine.analyze(filesToAnalyze);
+        return {
+            violations: structuralResult.violations,
+            rulesApplied: structuralResult.rulesApplied,
+            suppressedCount: structuralResult.suppressedCount,
+        };
+    }
+    catch {
+        // Non-fatal: structural engine errors must never break verification.
+        return { ...EMPTY_RESULT };
+    }
+}
+//# sourceMappingURL=plan-structural-analysis.js.map

package/dist/governance/pipeline/orchestration/plan-structural-analysis.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"plan-structural-analysis.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/orchestration/plan-structural-analysis.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;AA8BH,8DAiCC;AA7DD,2BAA8C;AAC9C,+BAA4B;AAC5B,gEAAwG;AAcxG,MAAM,YAAY,GAAiC;IACjD,UAAU,EAAE,EAAE;IACd,YAAY,EAAE,EAAE;IAChB,eAAe,EAAE,CAAC;CACnB,CAAC;AAEF;;;;;GAKG;AACH,SAAgB,yBAAyB,CACvC,KAAkC;IAElC,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,GAAG,YAAY,EAAE,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,IAAA,oDAAiC,GAAE,CAAC;QAC7D,MAAM,cAAc,GAAoD,EAAE,CAAC;QAC3E,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,IAAA,WAAI,EAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,IAAA,eAAU,EAAC,OAAO,CAAC,EAAE,CAAC;gBACxB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,IAAA,iBAAY,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;oBAClD,cAAc,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;gBACzD,CAAC;gBAAC,MAAM,CAAC;oBACP,+CAA+C;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,GAAG,YAAY,EAAE,CAAC;QAC7B,CAAC;QACD,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAClE,OAAO;YACL,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,YAAY,EAAE,gBAAgB,CAAC,YAAY;YAC3C,eAAe,EAAE,gBAAgB,CAAC,eAAe;SAClD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,OAAO,EAAE,GAAG,YAAY,EAAE,CAAC;IAC7B,CAAC;AACH,CAAC"}

package/dist/governance/pipeline/orchestration/policy-evaluation-summaries.d.ts ADDED Viewed

@@ -0,0 +1,165 @@
+/**
+ * Policy Evaluation Summaries Orchestration
+ * ------------------------------------------
+ * Extracts the duplicated policy-exception-summary + governance-summary
+ * shaping logic previously duplicated at:
+ *   - `commands/verify.ts:2610–2709`  (executePolicyOnlyMode)
+ *   - `commands/verify.ts:4818–4889`  (verifyCommand main flow)
+ *
+ * RESPONSIBILITIES (data-pure):
+ *   - shape `policyExceptionsSummary` from exceptionDecision + resolution
+ *   - shape `policyGovernanceSummary` from governance + audit status
+ *   - apply audit-integrity violation to the effective violation list
+ *   - apply shouldIgnore filtering to suppressed/blocked violation lists
+ *   - compute `policyDecision` from effective violations
+ *
+ * EXPLICITLY NOT RESPONSIBLE FOR:
+ *   - calling `applyPolicyExceptions` (caller owns that before invoking us)
+ *   - calling `resolveEffectivePolicyExceptions` (caller owns that)
+ *   - rendering (chalk, console.log)
+ *   - emitting JSON or exiting
+ *
+ * SEMANTIC PRESERVATION:
+ *   The output shapes are byte-identical to the prior inline implementations.
+ *   Field order matches the inline construction so JSON serialization is stable.
+ *
+ * REPLAY INVARIANT:
+ *   - `explainExceptionEligibilityReason` moved from verify.ts (private) to here
+ *   - `resolvePolicyDecisionFromViolations` duplicated as a pure local helper to
+ *     avoid circular import — semantics are identical
+ */
+import type { PolicyExceptionDecision, PolicyExceptionEntry } from '../../../utils/policy-exceptions';
+/** Narrowed shape from ResolvedPolicyExceptions (verify.ts internal interface). */
+export interface PolicyExceptionResolutionSummary {
+    mode: 'local' | 'org' | 'org_fallback_local';
+    exceptions: PolicyExceptionEntry[];
+    localConfigured: number;
+    orgConfigured: number;
+    warning: string | null;
+}
+/** Narrowed from governance.exceptionApprovals (OrgGovernanceSettings). */
+export interface ExceptionApprovalConfig {
+    required: boolean;
+    minApprovals: number;
+    disallowSelfApproval: boolean;
+    allowedApprovers: string[];
+    requireReason: boolean;
+    minReasonLength: number;
+    maxExpiryDays: number;
+    criticalRulePatterns: string[];
+    criticalMinApprovals: number;
+}
+/** Narrowed from governance.audit (OrgGovernanceSettings). */
+export interface GovernanceAuditConfig {
+    requireIntegrity: boolean;
+}
+/** From PolicyAuditVerification. */
+export interface AuditIntegrityData {
+    valid: boolean;
+    count: number;
+    lastHash: string | null;
+    issues: string[];
+}
+export interface PolicyEvaluationSummariesInput {
+    /** Result of applyPolicyExceptions — caller is responsible for this call. */
+    exceptionDecision: PolicyExceptionDecision;
+    /** Result of resolveEffectivePolicyExceptions. */
+    policyExceptionResolution: PolicyExceptionResolutionSummary;
+    /** Policy violations present BEFORE exception application. */
+    policyViolations: Array<{
+        file: string;
+        rule: string;
+        severity: string;
+        message?: string;
+        line?: number;
+    }>;
+    /** Governance exception-approval configuration. */
+    exceptionApprovals: ExceptionApprovalConfig;
+    /** Governance audit configuration. */
+    audit: GovernanceAuditConfig;
+    /** Audit integrity verification result. */
+    auditIntegrity: AuditIntegrityData;
+    /** Returns true for file paths to exclude from governance checks. */
+    shouldIgnore: (file: string) => boolean;
+    /**
+     * Canonical path token for the policy audit file entry.
+     * Callers use 'neurcode.policy.audit.log.jsonl'.
+     */
+    policyAuditFile: string;
+}
+export interface PolicyExceptionsSummary {
+    sourceMode: PolicyExceptionResolutionSummary['mode'];
+    sourceWarning: string | null;
+    localConfigured: number;
+    orgConfigured: number;
+    configured: number;
+    active: number;
+    usable: number;
+    matched: number;
+    suppressed: number;
+    blocked: number;
+    matchedExceptionIds: string[];
+    suppressedViolations: Array<{
+        file: string;
+        rule: string;
+        severity: string;
+        message: string | undefined;
+        exceptionId: string;
+        reason: string;
+        expiresAt: string;
+        startLine?: number;
+    }>;
+    blockedViolations: Array<{
+        file: string;
+        rule: string;
+        severity: string;
+        message: string | undefined;
+        startLine?: number;
+    }>;
+}
+export interface PolicyGovernanceSummary {
+    exceptionApprovals: ExceptionApprovalConfig;
+    audit: {
+        requireIntegrity: boolean;
+        valid: boolean;
+        issues: string[];
+        lastHash: string | null;
+        eventCount: number;
+    };
+}
+export interface PolicyEvaluationSummariesResult {
+    /** Shaped policy exceptions summary — ready for canonical payload. */
+    policyExceptionsSummary: PolicyExceptionsSummary;
+    /** Shaped governance audit summary — ready for canonical payload. */
+    policyGovernanceSummary: PolicyGovernanceSummary;
+    /**
+     * Effective policy violations after exception application and audit check:
+     * remaining + blocked + (optional audit violation).
+     */
+    effectivePolicyViolations: Array<{
+        file: string;
+        rule: string;
+        severity: string;
+        message?: string;
+        line?: number;
+    }>;
+    /** Formatted blocked violations (subset of effectivePolicyViolations). */
+    blockedPolicyViolationItems: Array<{
+        file: string;
+        rule: string;
+        severity: string;
+        message: string;
+        line?: number;
+    }>;
+    /** Policy decision derived from effectivePolicyViolations. */
+    policyDecision: 'allow' | 'warn' | 'block';
+}
+/**
+ * Build the shaped policy-exception and governance-audit summaries.
+ *
+ * Replaces the duplicated inline shaping regions in both
+ * `executePolicyOnlyMode` and the main `verifyCommand` flow.
+ * Does not emit JSON, does not log, does not exit.
+ */
+export declare function buildPolicyEvaluationSummaries(input: PolicyEvaluationSummariesInput): PolicyEvaluationSummariesResult;
+//# sourceMappingURL=policy-evaluation-summaries.d.ts.map

package/dist/governance/pipeline/orchestration/policy-evaluation-summaries.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-evaluation-summaries.d.ts","sourceRoot":"","sources":["../../../../src/governance/pipeline/orchestration/policy-evaluation-summaries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,KAAK,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAItG,mFAAmF;AACnF,MAAM,WAAW,gCAAgC;IAC/C,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,oBAAoB,CAAC;IAC7C,UAAU,EAAE,oBAAoB,EAAE,CAAC;IACnC,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED,2EAA2E;AAC3E,MAAM,WAAW,uBAAuB;IACtC,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AAED,8DAA8D;AAC9D,MAAM,WAAW,qBAAqB;IACpC,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,oCAAoC;AACpC,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,8BAA8B;IAC7C,6EAA6E;IAC7E,iBAAiB,EAAE,uBAAuB,CAAC;IAC3C,kDAAkD;IAClD,yBAAyB,EAAE,gCAAgC,CAAC;IAC5D,8DAA8D;IAC9D,gBAAgB,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC3G,mDAAmD;IACnD,kBAAkB,EAAE,uBAAuB,CAAC;IAC5C,sCAAsC;IACtC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,2CAA2C;IAC3C,cAAc,EAAE,kBAAkB,CAAC;IACnC,qEAAqE;IACrE,YAAY,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IACxC;;;OAGG;IACH,eAAe,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,gCAAgC,CAAC,MAAM,CAAC,CAAC;IACrD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,oBAAoB,EAAE,KAAK,CAAC;QAC1B,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;IACH,iBAAiB,EAAE,KAAK,CAAC;QACvB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;QAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,uBAAuB;IACtC,kBAAkB,EAAE,uBAAuB,CAAC;IAC5C,KAAK,EAAE;QACL,gBAAgB,EAAE,OAAO,CAAC;QAC1B,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,WAAW,+BAA+B;IAC9C,sEAAsE;IACtE,uBAAuB,EAAE,uBAAuB,CAAC;IACjD,qEAAqE;IACrE,uBAAuB,EAAE,uBAAuB,CAAC;IACjD;;;OAGG;IACH,yBAAyB,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpH,0EAA0E;IAC1E,2BAA2B,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrH,8DAA8D;IAC9D,cAAc,EAAE,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;CAC5C;AAsDD;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,8BAA8B,GACpC,+BAA+B,CAsGjC"}

package/dist/governance/pipeline/orchestration/policy-evaluation-summaries.js ADDED Viewed

@@ -0,0 +1,160 @@
+"use strict";
+/**
+ * Policy Evaluation Summaries Orchestration
+ * ------------------------------------------
+ * Extracts the duplicated policy-exception-summary + governance-summary
+ * shaping logic previously duplicated at:
+ *   - `commands/verify.ts:2610–2709`  (executePolicyOnlyMode)
+ *   - `commands/verify.ts:4818–4889`  (verifyCommand main flow)
+ *
+ * RESPONSIBILITIES (data-pure):
+ *   - shape `policyExceptionsSummary` from exceptionDecision + resolution
+ *   - shape `policyGovernanceSummary` from governance + audit status
+ *   - apply audit-integrity violation to the effective violation list
+ *   - apply shouldIgnore filtering to suppressed/blocked violation lists
+ *   - compute `policyDecision` from effective violations
+ *
+ * EXPLICITLY NOT RESPONSIBLE FOR:
+ *   - calling `applyPolicyExceptions` (caller owns that before invoking us)
+ *   - calling `resolveEffectivePolicyExceptions` (caller owns that)
+ *   - rendering (chalk, console.log)
+ *   - emitting JSON or exiting
+ *
+ * SEMANTIC PRESERVATION:
+ *   The output shapes are byte-identical to the prior inline implementations.
+ *   Field order matches the inline construction so JSON serialization is stable.
+ *
+ * REPLAY INVARIANT:
+ *   - `explainExceptionEligibilityReason` moved from verify.ts (private) to here
+ *   - `resolvePolicyDecisionFromViolations` duplicated as a pure local helper to
+ *     avoid circular import — semantics are identical
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPolicyEvaluationSummaries = buildPolicyEvaluationSummaries;
+// ── Private helpers ───────────────────────────────────────────────────────────
+/**
+ * Maps an eligibility-reason code to a human-readable message.
+ * Moved from verify.ts:1940 (was private, only used in the regions being extracted).
+ */
+function explainExceptionEligibilityReason(reason) {
+    switch (reason) {
+        case 'reason_required':
+            return 'exception reason does not meet governance minimum length';
+        case 'duration_exceeds_max':
+            return 'exception expiry window exceeds governance maximum duration';
+        case 'approval_required':
+            return 'exception exists but approvals are required';
+        case 'critical_approvals_required':
+            return 'critical rule exception requires additional independent approvals';
+        case 'insufficient_approvals':
+            return 'exception exists but approval threshold is not met';
+        case 'self_approval_only':
+            return 'exception only has requester self-approval';
+        case 'approver_not_allowed':
+            return 'exception approvals are from non-allowlisted approvers';
+        default:
+            return 'exception is inactive or expired';
+    }
+}
+/** Pure decision helper — identical semantics to verify.ts:1924. */
+function policyDecisionFromViolations(violations) {
+    let hasWarn = false;
+    for (const v of violations) {
+        const sev = String(v.severity || '').toLowerCase();
+        if (sev === 'block')
+            return 'block';
+        if (sev === 'warn')
+            hasWarn = true;
+    }
+    return hasWarn ? 'warn' : 'allow';
+}
+// ── Public API ────────────────────────────────────────────────────────────────
+/**
+ * Build the shaped policy-exception and governance-audit summaries.
+ *
+ * Replaces the duplicated inline shaping regions in both
+ * `executePolicyOnlyMode` and the main `verifyCommand` flow.
+ * Does not emit JSON, does not log, does not exit.
+ */
+function buildPolicyEvaluationSummaries(input) {
+    const { exceptionDecision, policyExceptionResolution, policyViolations, exceptionApprovals, audit, auditIntegrity, shouldIgnore, policyAuditFile, } = input;
+    // ── Filter suppressed/blocked by shouldIgnore ─────────────────────────────
+    const suppressedViolations = exceptionDecision.suppressedViolations.filter((item) => !shouldIgnore(item.file));
+    const blockedPolicyViolationItems = exceptionDecision.blockedViolations
+        .filter((item) => !shouldIgnore(item.file))
+        .map((item) => ({
+        file: item.file,
+        rule: item.rule,
+        severity: 'block',
+        message: `Exception ${item.exceptionId} cannot be applied: ${explainExceptionEligibilityReason(item.eligibilityReason)}` +
+            (item.requiredApprovals > 0
+                ? ` (approvals ${item.effectiveApprovals}/${item.requiredApprovals}${item.critical ? ', critical rule gate' : ''})`
+                : ''),
+        ...(item.line != null ? { line: item.line } : {}),
+    }));
+    // ── Effective violations = remaining + blocked (after ignore filtering) ───
+    let effectivePolicyViolations = [
+        ...exceptionDecision.remainingViolations.filter((item) => !shouldIgnore(item.file)),
+        ...blockedPolicyViolationItems,
+    ];
+    // ── Audit integrity violation (additive when enforcement enabled) ─────────
+    if (audit.requireIntegrity && !auditIntegrity.valid) {
+        effectivePolicyViolations.push({
+            file: policyAuditFile,
+            rule: 'policy_audit_integrity',
+            severity: 'block',
+            message: `Policy audit chain is invalid: ${auditIntegrity.issues.join('; ') || 'unknown issue'}`,
+        });
+    }
+    const policyDecision = policyDecisionFromViolations(effectivePolicyViolations);
+    // ── policyExceptionsSummary (field order matches prior inline) ────────────
+    const policyExceptionsSummary = {
+        sourceMode: policyExceptionResolution.mode,
+        sourceWarning: policyExceptionResolution.warning,
+        localConfigured: policyExceptionResolution.localConfigured,
+        orgConfigured: policyExceptionResolution.orgConfigured,
+        configured: policyExceptionResolution.exceptions.length,
+        active: exceptionDecision.activeExceptions.length,
+        usable: exceptionDecision.usableExceptions.length,
+        matched: exceptionDecision.matchedExceptionIds.length,
+        suppressed: suppressedViolations.length,
+        blocked: blockedPolicyViolationItems.length,
+        matchedExceptionIds: exceptionDecision.matchedExceptionIds,
+        suppressedViolations: suppressedViolations.map((item) => ({
+            file: item.file,
+            rule: item.rule,
+            severity: item.severity,
+            message: item.message,
+            exceptionId: item.exceptionId,
+            reason: item.reason,
+            expiresAt: item.expiresAt,
+            ...(item.line != null ? { startLine: item.line } : {}),
+        })),
+        blockedViolations: blockedPolicyViolationItems.map((item) => ({
+            file: item.file,
+            rule: item.rule,
+            severity: item.severity,
+            message: item.message,
+            ...(item.line != null ? { startLine: item.line } : {}),
+        })),
+    };
+    // ── policyGovernanceSummary (field order matches prior inline) ────────────
+    const policyGovernanceSummary = {
+        exceptionApprovals,
+        audit: {
+            requireIntegrity: audit.requireIntegrity,
+            valid: auditIntegrity.valid,
+            issues: auditIntegrity.issues,
+            lastHash: auditIntegrity.lastHash,
+            eventCount: auditIntegrity.count,
+        },
+    };
+    return {
+        policyExceptionsSummary,
+        policyGovernanceSummary,
+        effectivePolicyViolations,
+        blockedPolicyViolationItems,
+        policyDecision,
+    };
+}
+//# sourceMappingURL=policy-evaluation-summaries.js.map

package/dist/governance/pipeline/orchestration/policy-evaluation-summaries.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-evaluation-summaries.js","sourceRoot":"","sources":["../../../../src/governance/pipeline/orchestration/policy-evaluation-summaries.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;;AAsLH,wEAwGC;AAnKD,iFAAiF;AAEjF;;;GAGG;AACH,SAAS,iCAAiC,CACxC,MAQ0B;IAE1B,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,iBAAiB;YACpB,OAAO,0DAA0D,CAAC;QACpE,KAAK,sBAAsB;YACzB,OAAO,6DAA6D,CAAC;QACvE,KAAK,mBAAmB;YACtB,OAAO,6CAA6C,CAAC;QACvD,KAAK,6BAA6B;YAChC,OAAO,mEAAmE,CAAC;QAC7E,KAAK,wBAAwB;YAC3B,OAAO,oDAAoD,CAAC;QAC9D,KAAK,oBAAoB;YACvB,OAAO,4CAA4C,CAAC;QACtD,KAAK,sBAAsB;YACzB,OAAO,wDAAwD,CAAC;QAClE;YACE,OAAO,kCAAkC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,oEAAoE;AACpE,SAAS,4BAA4B,CACnC,UAAuC;IAEvC,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,GAAG,KAAK,OAAO;YAAE,OAAO,OAAO,CAAC;QACpC,IAAI,GAAG,KAAK,MAAM;YAAE,OAAO,GAAG,IAAI,CAAC;IACrC,CAAC;IACD,OAAO,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;AACpC,CAAC;AAED,iFAAiF;AAEjF;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAC5C,KAAqC;IAErC,MAAM,EACJ,iBAAiB,EACjB,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,EACL,cAAc,EACd,YAAY,EACZ,eAAe,GAChB,GAAG,KAAK,CAAC;IAEV,6EAA6E;IAC7E,MAAM,oBAAoB,GAAG,iBAAiB,CAAC,oBAAoB,CAAC,MAAM,CACxE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CACnC,CAAC;IAEF,MAAM,2BAA2B,GAAG,iBAAiB,CAAC,iBAAiB;SACpE,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SAC1C,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,OAAgB;QAC1B,OAAO,EACL,aAAa,IAAI,CAAC,WAAW,uBAAuB,iCAAiC,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE;YAC/G,CACE,IAAI,CAAC,iBAAiB,GAAG,CAAC;gBACxB,CAAC,CAAC,eAAe,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,EAAE,GAAG;gBACnH,CAAC,CAAC,EAAE,CACP;QACH,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClD,CAAC,CAAC,CAAC;IAEN,6EAA6E;IAC7E,IAAI,yBAAyB,GAAG;QAC9B,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnF,GAAG,2BAA2B;KAC/B,CAAC;IAEF,6EAA6E;IAC7E,IAAI,KAAK,CAAC,gBAAgB,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QACpD,yBAAyB,CAAC,IAAI,CAAC;YAC7B,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,wBAAwB;YAC9B,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,kCAAkC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,eAAe,EAAE;SACjG,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,4BAA4B,CAAC,yBAAyB,CAAC,CAAC;IAE/E,6EAA6E;IAC7E,MAAM,uBAAuB,GAA4B;QACvD,UAAU,EAAE,yBAAyB,CAAC,IAAI;QAC1C,aAAa,EAAE,yBAAyB,CAAC,OAAO;QAChD,eAAe,EAAE,yBAAyB,CAAC,eAAe;QAC1D,aAAa,EAAE,yBAAyB,CAAC,aAAa;QACtD,UAAU,EAAE,yBAAyB,CAAC,UAAU,CAAC,MAAM;QACvD,MAAM,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,MAAM;QACjD,MAAM,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,MAAM;QACjD,OAAO,EAAE,iBAAiB,CAAC,mBAAmB,CAAC,MAAM;QACrD,UAAU,EAAE,oBAAoB,CAAC,MAAM;QACvC,OAAO,EAAE,2BAA2B,CAAC,MAAM;QAC3C,mBAAmB,EAAE,iBAAiB,CAAC,mBAAmB;QAC1D,oBAAoB,EAAE,oBAAoB,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACxD,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD,CAAC,CAAC;QACH,iBAAiB,EAAE,2BAA2B,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC5D,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD,CAAC,CAAC;KACJ,CAAC;IAEF,6EAA6E;IAC7E,MAAM,uBAAuB,GAA4B;QACvD,kBAAkB;QAClB,KAAK,EAAE;YACL,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,KAAK,EAAE,cAAc,CAAC,KAAK;YAC3B,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,UAAU,EAAE,cAAc,CAAC,KAAK;SACjC;KACF,CAAC;IAEF,OAAO;QACL,uBAAuB;QACvB,uBAAuB;QACvB,yBAAyB;QACzB,2BAA2B;QAC3B,cAAc;KACf,CAAC;AACJ,CAAC"}