@neurcode-ai/cli 0.9.65 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/bootstrap-policy.d.ts +29 -0
- package/dist/commands/bootstrap-policy.d.ts.map +1 -0
- package/dist/commands/bootstrap-policy.js +334 -0
- package/dist/commands/bootstrap-policy.js.map +1 -0
- package/dist/commands/doctor.d.ts.map +1 -1
- package/dist/commands/doctor.js +82 -0
- package/dist/commands/doctor.js.map +1 -1
- package/dist/commands/governance.d.ts +3 -0
- package/dist/commands/governance.d.ts.map +1 -0
- package/dist/commands/governance.js +390 -0
- package/dist/commands/governance.js.map +1 -0
- package/dist/commands/quickstart.d.ts +21 -0
- package/dist/commands/quickstart.d.ts.map +1 -0
- package/dist/commands/quickstart.js +178 -0
- package/dist/commands/quickstart.js.map +1 -0
- package/dist/commands/remediate-export.d.ts +36 -0
- package/dist/commands/remediate-export.d.ts.map +1 -0
- package/dist/commands/remediate-export.js +1072 -0
- package/dist/commands/remediate-export.js.map +1 -0
- package/dist/commands/replay.d.ts.map +1 -1
- package/dist/commands/replay.js +14 -0
- package/dist/commands/replay.js.map +1 -1
- package/dist/commands/session.d.ts +7 -0
- package/dist/commands/session.d.ts.map +1 -1
- package/dist/commands/session.js +156 -0
- package/dist/commands/session.js.map +1 -1
- package/dist/commands/start-intent.d.ts.map +1 -1
- package/dist/commands/start-intent.js +61 -11
- package/dist/commands/start-intent.js.map +1 -1
- package/dist/commands/verify-guidance.d.ts +5 -0
- package/dist/commands/verify-guidance.d.ts.map +1 -0
- package/dist/commands/verify-guidance.js +49 -0
- package/dist/commands/verify-guidance.js.map +1 -0
- package/dist/commands/verify-output.d.ts +37 -0
- package/dist/commands/verify-output.d.ts.map +1 -0
- package/dist/commands/verify-output.js +572 -0
- package/dist/commands/verify-output.js.map +1 -0
- package/dist/commands/verify-render.d.ts +41 -0
- package/dist/commands/verify-render.d.ts.map +1 -0
- package/dist/commands/verify-render.js +457 -0
- package/dist/commands/verify-render.js.map +1 -0
- package/dist/commands/verify.d.ts.map +1 -1
- package/dist/commands/verify.js +384 -1091
- package/dist/commands/verify.js.map +1 -1
- package/dist/commands/workspace.d.ts.map +1 -1
- package/dist/commands/workspace.js +3 -14
- package/dist/commands/workspace.js.map +1 -1
- package/dist/context-engine/graph.d.ts.map +1 -1
- package/dist/context-engine/graph.js +69 -7
- package/dist/context-engine/graph.js.map +1 -1
- package/dist/context-engine/scanner.d.ts.map +1 -1
- package/dist/context-engine/scanner.js +9 -2
- package/dist/context-engine/scanner.js.map +1 -1
- package/dist/daemon/compatibility/execution.d.ts +42 -0
- package/dist/daemon/compatibility/execution.d.ts.map +1 -0
- package/dist/daemon/compatibility/execution.js +183 -0
- package/dist/daemon/compatibility/execution.js.map +1 -0
- package/dist/daemon/compatibility/mutation.d.ts +24 -0
- package/dist/daemon/compatibility/mutation.d.ts.map +1 -0
- package/dist/daemon/compatibility/mutation.js +724 -0
- package/dist/daemon/compatibility/mutation.js.map +1 -0
- package/dist/daemon/routes.d.ts +19 -0
- package/dist/daemon/routes.d.ts.map +1 -0
- package/dist/daemon/routes.js +123 -0
- package/dist/daemon/routes.js.map +1 -0
- package/dist/daemon/runtime/execution-bus.d.ts +217 -0
- package/dist/daemon/runtime/execution-bus.d.ts.map +1 -0
- package/dist/daemon/runtime/execution-bus.js +1420 -0
- package/dist/daemon/runtime/execution-bus.js.map +1 -0
- package/dist/daemon/runtime/workspace-runtime.d.ts +280 -0
- package/dist/daemon/runtime/workspace-runtime.d.ts.map +1 -0
- package/dist/daemon/runtime/workspace-runtime.js +1473 -0
- package/dist/daemon/runtime/workspace-runtime.js.map +1 -0
- package/dist/daemon/server.d.ts.map +1 -1
- package/dist/daemon/server.js +171 -874
- package/dist/daemon/server.js.map +1 -1
- package/dist/daemon/shaping.d.ts +11 -0
- package/dist/daemon/shaping.d.ts.map +1 -0
- package/dist/daemon/shaping.js +240 -0
- package/dist/daemon/shaping.js.map +1 -0
- package/dist/governance/canonical-invariants.d.ts +88 -0
- package/dist/governance/canonical-invariants.d.ts.map +1 -0
- package/dist/governance/canonical-invariants.js +197 -0
- package/dist/governance/canonical-invariants.js.map +1 -0
- package/dist/governance/canonical-ordering.d.ts +76 -0
- package/dist/governance/canonical-ordering.d.ts.map +1 -0
- package/dist/governance/canonical-ordering.js +189 -0
- package/dist/governance/canonical-ordering.js.map +1 -0
- package/dist/governance/canonical-pipeline.d.ts +9 -1
- package/dist/governance/canonical-pipeline.d.ts.map +1 -1
- package/dist/governance/canonical-pipeline.js +367 -24
- package/dist/governance/canonical-pipeline.js.map +1 -1
- package/dist/governance/diff-line-provenance.d.ts +59 -0
- package/dist/governance/diff-line-provenance.d.ts.map +1 -0
- package/dist/governance/diff-line-provenance.js +118 -0
- package/dist/governance/diff-line-provenance.js.map +1 -0
- package/dist/governance/pilot-readiness.d.ts +34 -0
- package/dist/governance/pilot-readiness.d.ts.map +1 -0
- package/dist/governance/pilot-readiness.js +226 -0
- package/dist/governance/pilot-readiness.js.map +1 -0
- package/dist/governance/policy-parity-validator.d.ts +62 -0
- package/dist/governance/policy-parity-validator.d.ts.map +1 -0
- package/dist/governance/policy-parity-validator.js +137 -0
- package/dist/governance/policy-parity-validator.js.map +1 -0
- package/dist/governance/remediation-boundary.d.ts +55 -0
- package/dist/governance/remediation-boundary.d.ts.map +1 -0
- package/dist/governance/remediation-boundary.js +120 -0
- package/dist/governance/remediation-boundary.js.map +1 -0
- package/dist/governance/structural-cache.d.ts +103 -0
- package/dist/governance/structural-cache.d.ts.map +1 -0
- package/dist/governance/structural-cache.js +235 -0
- package/dist/governance/structural-cache.js.map +1 -0
- package/dist/governance/structural-on-diff.d.ts +22 -2
- package/dist/governance/structural-on-diff.d.ts.map +1 -1
- package/dist/governance/structural-on-diff.js +36 -4
- package/dist/governance/structural-on-diff.js.map +1 -1
- package/dist/governance/structural-policy-merge.d.ts +8 -0
- package/dist/governance/structural-policy-merge.d.ts.map +1 -1
- package/dist/governance/structural-policy-merge.js +7 -0
- package/dist/governance/structural-policy-merge.js.map +1 -1
- package/dist/governance/verify-runtime-guard.d.ts +99 -0
- package/dist/governance/verify-runtime-guard.d.ts.map +1 -0
- package/dist/governance/verify-runtime-guard.js +129 -0
- package/dist/governance/verify-runtime-guard.js.map +1 -0
- package/dist/index.js +277 -77
- package/dist/index.js.map +1 -1
- package/dist/intent-engine/repo-classifier.d.ts +64 -0
- package/dist/intent-engine/repo-classifier.d.ts.map +1 -0
- package/dist/intent-engine/repo-classifier.js +178 -0
- package/dist/intent-engine/repo-classifier.js.map +1 -0
- package/dist/structural-rules/index.d.ts +4 -0
- package/dist/structural-rules/index.d.ts.map +1 -1
- package/dist/structural-rules/index.js +18 -1
- package/dist/structural-rules/index.js.map +1 -1
- package/dist/structural-rules/python/PY003-broad-except-clause.d.ts +21 -0
- package/dist/structural-rules/python/PY003-broad-except-clause.d.ts.map +1 -1
- package/dist/structural-rules/python/PY003-broad-except-clause.js +212 -21
- package/dist/structural-rules/python/PY003-broad-except-clause.js.map +1 -1
- package/dist/structural-rules/python/PY011-thread-lifecycle.d.ts +11 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.d.ts.map +1 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.js +97 -0
- package/dist/structural-rules/python/PY011-thread-lifecycle.js.map +1 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.d.ts +11 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.d.ts.map +1 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.js +83 -0
- package/dist/structural-rules/python/PY012-asyncio-run-misuse.js.map +1 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.d.ts +11 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.d.ts.map +1 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.js +73 -0
- package/dist/structural-rules/python/PY013-mutable-default-arg.js.map +1 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.d.ts +11 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.d.ts.map +1 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.js +115 -0
- package/dist/structural-rules/python/PY014-fixed-sleep-retry.js.map +1 -0
- package/dist/structural-rules/types.d.ts +12 -0
- package/dist/structural-rules/types.d.ts.map +1 -1
- package/dist/utils/active-engineering-context.d.ts +12 -0
- package/dist/utils/active-engineering-context.d.ts.map +1 -0
- package/dist/utils/active-engineering-context.js +67 -0
- package/dist/utils/active-engineering-context.js.map +1 -0
- package/dist/utils/artifact-io.d.ts +33 -0
- package/dist/utils/artifact-io.d.ts.map +1 -0
- package/dist/utils/artifact-io.js +183 -0
- package/dist/utils/artifact-io.js.map +1 -0
- package/dist/utils/change-contract.d.ts +6 -2
- package/dist/utils/change-contract.d.ts.map +1 -1
- package/dist/utils/change-contract.js +175 -0
- package/dist/utils/change-contract.js.map +1 -1
- package/dist/utils/context-pack.d.ts +12 -0
- package/dist/utils/context-pack.d.ts.map +1 -0
- package/dist/utils/context-pack.js +147 -0
- package/dist/utils/context-pack.js.map +1 -0
- package/dist/utils/control-plane.d.ts +18 -0
- package/dist/utils/control-plane.d.ts.map +1 -1
- package/dist/utils/control-plane.js +31 -4
- package/dist/utils/control-plane.js.map +1 -1
- package/dist/utils/drift-intelligence.d.ts +47 -0
- package/dist/utils/drift-intelligence.d.ts.map +1 -0
- package/dist/utils/drift-intelligence.js +2099 -0
- package/dist/utils/drift-intelligence.js.map +1 -0
- package/dist/utils/execution-actions.d.ts +22 -0
- package/dist/utils/execution-actions.d.ts.map +1 -0
- package/dist/utils/execution-actions.js +103 -0
- package/dist/utils/execution-actions.js.map +1 -0
- package/dist/utils/execution-bus.d.ts +1 -214
- package/dist/utils/execution-bus.d.ts.map +1 -1
- package/dist/utils/execution-bus.js +15 -1359
- package/dist/utils/execution-bus.js.map +1 -1
- package/dist/utils/git.d.ts +1 -0
- package/dist/utils/git.d.ts.map +1 -1
- package/dist/utils/git.js +13 -3
- package/dist/utils/git.js.map +1 -1
- package/dist/utils/governance-decisions.d.ts +75 -0
- package/dist/utils/governance-decisions.d.ts.map +1 -0
- package/dist/utils/governance-decisions.js +412 -0
- package/dist/utils/governance-decisions.js.map +1 -0
- package/dist/utils/governance-provenance.d.ts +1 -1
- package/dist/utils/governance-provenance.d.ts.map +1 -1
- package/dist/utils/governance-provenance.js +5 -7
- package/dist/utils/governance-provenance.js.map +1 -1
- package/dist/utils/governance.d.ts +108 -0
- package/dist/utils/governance.d.ts.map +1 -1
- package/dist/utils/governance.js +209 -7
- package/dist/utils/governance.js.map +1 -1
- package/dist/utils/intelligence-runtime-common.d.ts +30 -0
- package/dist/utils/intelligence-runtime-common.d.ts.map +1 -0
- package/dist/utils/intelligence-runtime-common.js +156 -0
- package/dist/utils/intelligence-runtime-common.js.map +1 -0
- package/dist/utils/intent-contract-diagnostics.d.ts +9 -0
- package/dist/utils/intent-contract-diagnostics.d.ts.map +1 -0
- package/dist/utils/intent-contract-diagnostics.js +322 -0
- package/dist/utils/intent-contract-diagnostics.js.map +1 -0
- package/dist/utils/intent-pack.d.ts +15 -0
- package/dist/utils/intent-pack.d.ts.map +1 -0
- package/dist/utils/intent-pack.js +196 -0
- package/dist/utils/intent-pack.js.map +1 -0
- package/dist/utils/plan-sync.d.ts +1 -0
- package/dist/utils/plan-sync.d.ts.map +1 -1
- package/dist/utils/plan-sync.js +23 -0
- package/dist/utils/plan-sync.js.map +1 -1
- package/dist/utils/policy-decision.d.ts +5 -0
- package/dist/utils/policy-decision.d.ts.map +1 -0
- package/dist/utils/policy-decision.js +17 -0
- package/dist/utils/policy-decision.js.map +1 -0
- package/dist/utils/replay-custody.d.ts +43 -0
- package/dist/utils/replay-custody.d.ts.map +1 -0
- package/dist/utils/replay-custody.js +168 -0
- package/dist/utils/replay-custody.js.map +1 -0
- package/dist/utils/replay-runtime.d.ts +13 -0
- package/dist/utils/replay-runtime.d.ts.map +1 -1
- package/dist/utils/replay-runtime.js +96 -9
- package/dist/utils/replay-runtime.js.map +1 -1
- package/dist/utils/repository-intelligence.d.ts +9 -0
- package/dist/utils/repository-intelligence.d.ts.map +1 -0
- package/dist/utils/repository-intelligence.js +372 -0
- package/dist/utils/repository-intelligence.js.map +1 -0
- package/dist/utils/runtime-events.d.ts.map +1 -1
- package/dist/utils/runtime-events.js +25 -6
- package/dist/utils/runtime-events.js.map +1 -1
- package/dist/utils/semantic-contract-intelligence.d.ts +20 -0
- package/dist/utils/semantic-contract-intelligence.d.ts.map +1 -0
- package/dist/utils/semantic-contract-intelligence.js +825 -0
- package/dist/utils/semantic-contract-intelligence.js.map +1 -0
- package/dist/utils/session-continuity.d.ts +56 -0
- package/dist/utils/session-continuity.d.ts.map +1 -0
- package/dist/utils/session-continuity.js +318 -0
- package/dist/utils/session-continuity.js.map +1 -0
- package/dist/utils/verification-evidence.d.ts.map +1 -1
- package/dist/utils/verification-evidence.js +4 -1
- package/dist/utils/verification-evidence.js.map +1 -1
- package/dist/utils/verify-runtime-stability.d.ts +142 -0
- package/dist/utils/verify-runtime-stability.d.ts.map +1 -0
- package/dist/utils/verify-runtime-stability.js +230 -0
- package/dist/utils/verify-runtime-stability.js.map +1 -0
- package/dist/utils/workspace-runtime.d.ts +1 -266
- package/dist/utils/workspace-runtime.d.ts.map +1 -1
- package/dist/utils/workspace-runtime.js +15 -1412
- package/dist/utils/workspace-runtime.js.map +1 -1
- package/package.json +11 -10
- package/LICENSE +0 -201
|
@@ -0,0 +1,240 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.buildGovernanceEnvelope = buildGovernanceEnvelope;
|
|
4
|
+
exports.buildExecutionResponseMeta = buildExecutionResponseMeta;
|
|
5
|
+
exports.normalizeVerifyPayloadForLegacyClients = normalizeVerifyPayloadForLegacyClients;
|
|
6
|
+
exports.normalizeFixPayloadForLegacyClients = normalizeFixPayloadForLegacyClients;
|
|
7
|
+
const node_crypto_1 = require("node:crypto");
|
|
8
|
+
const execution_actions_1 = require("../utils/execution-actions");
|
|
9
|
+
function firstString(...values) {
|
|
10
|
+
for (const value of values) {
|
|
11
|
+
if (typeof value !== 'string')
|
|
12
|
+
continue;
|
|
13
|
+
const trimmed = value.trim();
|
|
14
|
+
if (trimmed.length > 0)
|
|
15
|
+
return trimmed;
|
|
16
|
+
}
|
|
17
|
+
return null;
|
|
18
|
+
}
|
|
19
|
+
function collectReceiptIds(payload) {
|
|
20
|
+
const receipts = [];
|
|
21
|
+
const patch = asObjectRecord(payload?.patch);
|
|
22
|
+
const directReceipt = asObjectRecord(payload?.receipt) || asObjectRecord(patch?.receipt);
|
|
23
|
+
const directId = firstString(payload?.receiptId, patch?.receiptId, directReceipt?.id, directReceipt?.receiptId, directReceipt?.transactionId);
|
|
24
|
+
if (directId)
|
|
25
|
+
receipts.push(directId);
|
|
26
|
+
return [...new Set(receipts)].sort();
|
|
27
|
+
}
|
|
28
|
+
function buildGovernanceEnvelope(run, options = {}) {
|
|
29
|
+
const semantics = (0, execution_actions_1.getExecutionActionSemantics)(run.execution.type);
|
|
30
|
+
const primaryPayload = run.primaryPayload;
|
|
31
|
+
const verificationPayload = run.verificationPayload;
|
|
32
|
+
const primaryGovernance = asObjectRecord(primaryPayload?.governanceVerification);
|
|
33
|
+
const verificationGovernance = asObjectRecord(verificationPayload?.governanceVerification);
|
|
34
|
+
const primaryReplayIntegrity = asObjectRecord(primaryPayload?.replayIntegrity)
|
|
35
|
+
|| asObjectRecord(primaryGovernance?.replayIntegrity);
|
|
36
|
+
const verificationReplayIntegrity = asObjectRecord(verificationPayload?.replayIntegrity)
|
|
37
|
+
|| asObjectRecord(verificationGovernance?.replayIntegrity);
|
|
38
|
+
const compatibilityBoundary = options.compatibilityBoundary || (semantics.class === 'compatibility-mutation'
|
|
39
|
+
? {
|
|
40
|
+
routeScope: 'compatibility-mutation',
|
|
41
|
+
actionClass: semantics.class,
|
|
42
|
+
compatibilityAction: true,
|
|
43
|
+
compatibilityQuarantined: true,
|
|
44
|
+
canonicalRuntime: false,
|
|
45
|
+
}
|
|
46
|
+
: null);
|
|
47
|
+
const executionBoundary = options.executionBoundary || compatibilityBoundary || {
|
|
48
|
+
routeScope: semantics.class === 'canonical-governance' ? 'canonical-governance' : 'runtime-operation',
|
|
49
|
+
actionClass: semantics.class,
|
|
50
|
+
compatibilityAction: false,
|
|
51
|
+
canonicalRuntime: semantics.class === 'canonical-governance',
|
|
52
|
+
};
|
|
53
|
+
return {
|
|
54
|
+
schemaVersion: 'neurcode.governance-envelope.v1',
|
|
55
|
+
identity: {
|
|
56
|
+
executionId: run.execution.id,
|
|
57
|
+
executionType: run.execution.type,
|
|
58
|
+
fingerprint: run.execution.fingerprint,
|
|
59
|
+
source: run.execution.source,
|
|
60
|
+
actor: run.execution.actor,
|
|
61
|
+
target: run.execution.target,
|
|
62
|
+
createdAt: run.execution.createdAt,
|
|
63
|
+
completedAt: run.execution.completedAt,
|
|
64
|
+
},
|
|
65
|
+
boundary: {
|
|
66
|
+
actionClass: semantics.class,
|
|
67
|
+
runtimeBoundary: semantics.class === 'compatibility-mutation'
|
|
68
|
+
? 'compatibility-mutation'
|
|
69
|
+
: semantics.class,
|
|
70
|
+
mutatesCode: semantics.mutatesCode,
|
|
71
|
+
compatibilityAction: (0, execution_actions_1.isCompatibilityExecutionActionType)(run.execution.type),
|
|
72
|
+
executionBoundary,
|
|
73
|
+
compatibilityBoundary,
|
|
74
|
+
},
|
|
75
|
+
custody: {
|
|
76
|
+
evidence: {
|
|
77
|
+
generated: run.execution.evidence.generated,
|
|
78
|
+
references: run.execution.evidence.references,
|
|
79
|
+
retentionLimit: run.execution.evidence.retentionLimit,
|
|
80
|
+
},
|
|
81
|
+
replay: {
|
|
82
|
+
checksum: firstString(primaryPayload?.replayChecksum, verificationPayload?.replayChecksum, primaryGovernance?.replayChecksum, verificationGovernance?.replayChecksum),
|
|
83
|
+
mode: firstString(primaryPayload?.replayMode, verificationPayload?.replayMode, primaryGovernance?.replayMode, verificationGovernance?.replayMode),
|
|
84
|
+
integrity: verificationReplayIntegrity || primaryReplayIntegrity || null,
|
|
85
|
+
},
|
|
86
|
+
provenance: {
|
|
87
|
+
runId: firstString(primaryPayload?.provenanceRunId, verificationPayload?.provenanceRunId, primaryGovernance?.provenanceRunId, verificationGovernance?.provenanceRunId),
|
|
88
|
+
generatedAt: firstString(primaryPayload?.provenanceRunAt, verificationPayload?.provenanceRunAt, primaryGovernance?.provenanceRunAt, verificationGovernance?.provenanceRunAt),
|
|
89
|
+
},
|
|
90
|
+
policy: {
|
|
91
|
+
policyLockFingerprint: firstString(primaryPayload?.policyLockFingerprint, verificationPayload?.policyLockFingerprint, primaryGovernance?.policyLockFingerprint, verificationGovernance?.policyLockFingerprint),
|
|
92
|
+
compiledPolicyFingerprint: firstString(primaryPayload?.compiledPolicyFingerprint, verificationPayload?.compiledPolicyFingerprint, primaryGovernance?.compiledPolicyFingerprint, verificationGovernance?.compiledPolicyFingerprint),
|
|
93
|
+
},
|
|
94
|
+
receipts: {
|
|
95
|
+
ids: collectReceiptIds(primaryPayload),
|
|
96
|
+
},
|
|
97
|
+
},
|
|
98
|
+
lineage: {
|
|
99
|
+
verificationTrend: run.execution.verification.diff.trend,
|
|
100
|
+
beforeCounts: run.execution.verification.diff.before,
|
|
101
|
+
afterCounts: run.execution.verification.diff.after,
|
|
102
|
+
blockingDelta: run.execution.verification.diff.blockingDelta,
|
|
103
|
+
advisoryDelta: run.execution.verification.diff.advisoryDelta,
|
|
104
|
+
stageCount: run.execution.events.length,
|
|
105
|
+
},
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
function buildExecutionResponseMeta(run, options = {}) {
|
|
109
|
+
const semantics = (0, execution_actions_1.getExecutionActionSemantics)(run.execution.type);
|
|
110
|
+
const governanceEnvelope = buildGovernanceEnvelope(run, options);
|
|
111
|
+
return {
|
|
112
|
+
id: run.execution.id,
|
|
113
|
+
type: run.execution.type,
|
|
114
|
+
actionClass: semantics.class,
|
|
115
|
+
compatibilityAction: (0, execution_actions_1.isCompatibilityExecutionActionType)(run.execution.type),
|
|
116
|
+
mutatesCode: semantics.mutatesCode,
|
|
117
|
+
defaultReverify: semantics.defaultReverify,
|
|
118
|
+
runtimeBoundary: semantics.class === 'compatibility-mutation'
|
|
119
|
+
? 'compatibility-mutation'
|
|
120
|
+
: semantics.class,
|
|
121
|
+
source: run.execution.source,
|
|
122
|
+
actor: run.execution.actor,
|
|
123
|
+
status: run.execution.status,
|
|
124
|
+
trend: run.execution.verification.diff.trend,
|
|
125
|
+
evidence: run.execution.evidence.references,
|
|
126
|
+
durationMs: run.execution.durationMs,
|
|
127
|
+
governanceEnvelope,
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
function asObjectRecord(value) {
|
|
131
|
+
if (!value || typeof value !== 'object' || Array.isArray(value))
|
|
132
|
+
return null;
|
|
133
|
+
return value;
|
|
134
|
+
}
|
|
135
|
+
function asObjectArray(value) {
|
|
136
|
+
if (!Array.isArray(value))
|
|
137
|
+
return [];
|
|
138
|
+
return value
|
|
139
|
+
.map((entry) => asObjectRecord(entry))
|
|
140
|
+
.filter((entry) => entry !== null);
|
|
141
|
+
}
|
|
142
|
+
function toLegacyViolation(entry, fallbackSeverity) {
|
|
143
|
+
const file = typeof entry.file === 'string' && entry.file.trim().length > 0
|
|
144
|
+
? entry.file.trim()
|
|
145
|
+
: '';
|
|
146
|
+
const message = typeof entry.message === 'string' && entry.message.trim().length > 0
|
|
147
|
+
? entry.message.trim()
|
|
148
|
+
: '';
|
|
149
|
+
if (!file || !message)
|
|
150
|
+
return null;
|
|
151
|
+
const severity = typeof entry.severity === 'string' && entry.severity.trim().length > 0
|
|
152
|
+
? entry.severity.trim()
|
|
153
|
+
: fallbackSeverity;
|
|
154
|
+
const rule = typeof entry.rule === 'string' && entry.rule.trim().length > 0
|
|
155
|
+
? entry.rule.trim()
|
|
156
|
+
: typeof entry.policy === 'string' && entry.policy.trim().length > 0
|
|
157
|
+
? entry.policy.trim()
|
|
158
|
+
: '';
|
|
159
|
+
return { file, message, severity, rule };
|
|
160
|
+
}
|
|
161
|
+
function normalizeVerifyPayloadForLegacyClients(payload) {
|
|
162
|
+
if (!payload)
|
|
163
|
+
return null;
|
|
164
|
+
const existingViolations = asObjectArray(payload.violations)
|
|
165
|
+
.map((entry) => toLegacyViolation(entry, 'warn'))
|
|
166
|
+
.filter((entry) => entry !== null);
|
|
167
|
+
const blockingItems = asObjectArray(payload.blockingItems)
|
|
168
|
+
.map((entry) => toLegacyViolation(entry, 'block'))
|
|
169
|
+
.filter((entry) => entry !== null);
|
|
170
|
+
const advisoryItems = asObjectArray(payload.advisoryItems)
|
|
171
|
+
.map((entry) => toLegacyViolation(entry, 'warn'))
|
|
172
|
+
.filter((entry) => entry !== null);
|
|
173
|
+
const warnings = asObjectArray(payload.warnings)
|
|
174
|
+
.map((entry) => toLegacyViolation(entry, 'warn'))
|
|
175
|
+
.filter((entry) => entry !== null);
|
|
176
|
+
const merged = [...existingViolations];
|
|
177
|
+
const canonicalSeverity = (value) => {
|
|
178
|
+
const normalized = value.trim().toLowerCase();
|
|
179
|
+
if (normalized === 'block' || normalized === 'critical' || normalized === 'high')
|
|
180
|
+
return 'block';
|
|
181
|
+
if (normalized === 'warn' || normalized === 'warning' || normalized === 'advisory' || normalized === 'medium' || normalized === 'low')
|
|
182
|
+
return 'warn';
|
|
183
|
+
return normalized;
|
|
184
|
+
};
|
|
185
|
+
const canonicalKey = (entry) => `${entry.file}::${entry.rule}::${entry.message}::${canonicalSeverity(entry.severity)}`;
|
|
186
|
+
const seen = new Set(merged.map((entry) => canonicalKey(entry)));
|
|
187
|
+
for (const item of [...blockingItems, ...advisoryItems, ...warnings]) {
|
|
188
|
+
const key = canonicalKey(item);
|
|
189
|
+
if (seen.has(key))
|
|
190
|
+
continue;
|
|
191
|
+
seen.add(key);
|
|
192
|
+
merged.push(item);
|
|
193
|
+
}
|
|
194
|
+
if (merged.length === 0)
|
|
195
|
+
return payload;
|
|
196
|
+
return {
|
|
197
|
+
...payload,
|
|
198
|
+
violations: merged,
|
|
199
|
+
};
|
|
200
|
+
}
|
|
201
|
+
function normalizeFixPayloadForLegacyClients(payload) {
|
|
202
|
+
if (!payload)
|
|
203
|
+
return null;
|
|
204
|
+
const suggestions = asObjectArray(payload.suggestions);
|
|
205
|
+
if (suggestions.length === 0)
|
|
206
|
+
return payload;
|
|
207
|
+
const deduped = [];
|
|
208
|
+
const seen = new Set();
|
|
209
|
+
for (const suggestion of suggestions) {
|
|
210
|
+
const file = typeof suggestion.file === 'string' ? suggestion.file.trim() : '';
|
|
211
|
+
const line = typeof suggestion.line === 'number' && Number.isFinite(suggestion.line)
|
|
212
|
+
? String(Math.floor(suggestion.line))
|
|
213
|
+
: '';
|
|
214
|
+
const message = typeof suggestion.message === 'string' ? suggestion.message.trim() : '';
|
|
215
|
+
const rule = typeof suggestion.rule === 'string'
|
|
216
|
+
? suggestion.rule.trim()
|
|
217
|
+
: typeof suggestion.policy === 'string'
|
|
218
|
+
? suggestion.policy.trim()
|
|
219
|
+
: '';
|
|
220
|
+
const confidence = typeof suggestion.confidence === 'string' ? suggestion.confidence.trim().toLowerCase() : '';
|
|
221
|
+
const patch = asObjectRecord(suggestion.patch);
|
|
222
|
+
const patchDiff = patch && typeof patch.diff === 'string' ? patch.diff : '';
|
|
223
|
+
const key = `${file}::${line}::${rule}::${message}::${confidence}::${(0, node_crypto_1.createHash)('sha1').update(patchDiff).digest('hex')}`;
|
|
224
|
+
if (seen.has(key))
|
|
225
|
+
continue;
|
|
226
|
+
seen.add(key);
|
|
227
|
+
deduped.push(suggestion);
|
|
228
|
+
}
|
|
229
|
+
if (deduped.length === suggestions.length)
|
|
230
|
+
return payload;
|
|
231
|
+
return {
|
|
232
|
+
...payload,
|
|
233
|
+
suggestions: deduped,
|
|
234
|
+
_normalization: {
|
|
235
|
+
...(asObjectRecord(payload._normalization) || {}),
|
|
236
|
+
suggestionsDeduped: suggestions.length - deduped.length,
|
|
237
|
+
},
|
|
238
|
+
};
|
|
239
|
+
}
|
|
240
|
+
//# sourceMappingURL=shaping.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shaping.js","sourceRoot":"","sources":["../../src/daemon/shaping.ts"],"names":[],"mappings":";;AAoCA,0DAmHC;AAED,gEAwBC;AAsCD,wFA0CC;AAED,kFAuCC;AA1SD,6CAAyC;AAEzC,kEAGoC;AAOpC,SAAS,WAAW,CAAC,GAAG,MAAiB;IACvC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,SAAS;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,OAAO,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAuC;IAChE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC7C,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACzF,MAAM,QAAQ,GAAG,WAAW,CAC1B,OAAO,EAAE,SAAS,EAClB,KAAK,EAAE,SAAS,EAChB,aAAa,EAAE,EAAE,EACjB,aAAa,EAAE,SAAS,EACxB,aAAa,EAAE,aAAa,CAC7B,CAAC;IACF,IAAI,QAAQ;QAAE,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACvC,CAAC;AAED,SAAgB,uBAAuB,CACrC,GAAuB,EACvB,UAAqC,EAAE;IAEvC,MAAM,SAAS,GAAG,IAAA,+CAA2B,EAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,cAAc,GAAG,GAAG,CAAC,cAAc,CAAC;IAC1C,MAAM,mBAAmB,GAAG,GAAG,CAAC,mBAAmB,CAAC;IACpD,MAAM,iBAAiB,GAAG,cAAc,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;IACjF,MAAM,sBAAsB,GAAG,cAAc,CAAC,mBAAmB,EAAE,sBAAsB,CAAC,CAAC;IAC3F,MAAM,sBAAsB,GAAG,cAAc,CAAC,cAAc,EAAE,eAAe,CAAC;WACzE,cAAc,CAAC,iBAAiB,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,2BAA2B,GAAG,cAAc,CAAC,mBAAmB,EAAE,eAAe,CAAC;WACnF,cAAc,CAAC,sBAAsB,EAAE,eAAe,CAAC,CAAC;IAC7D,MAAM,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,IAAI,CAC7D,SAAS,CAAC,KAAK,KAAK,wBAAwB;QAC1C,CAAC,CAAC;YACE,UAAU,EAAE,wBAAwB;YACpC,WAAW,EAAE,SAAS,CAAC,KAAK;YAC5B,mBAAmB,EAAE,IAAI;YACzB,wBAAwB,EAAE,IAAI;YAC9B,gBAAgB,EAAE,KAAK;SACxB;QACH,CAAC,CAAC,IAAI,CACT,CAAC;IACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,qBAAqB,IAAI;QAC9E,UAAU,EAAE,SAAS,CAAC,KAAK,KAAK,sBAAsB,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,mBAAmB;QACrG,WAAW,EAAE,SAAS,CAAC,KAAK;QAC5B,mBAAmB,EAAE,KAAK;QAC1B,gBAAgB,EAAE,SAAS,CAAC,KAAK,KAAK,sBAAsB;KAC7D,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,iCAAiC;QAChD,QAAQ,EAAE;YACR,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE;YAC7B,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,IAAI;YACjC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,WAAW;YACtC,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;YAC5B,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,KAAK;YAC1B,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,SAAS;YAClC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,WAAW;SACvC;QACD,QAAQ,EAAE;YACR,WAAW,EAAE,SAAS,CAAC,KAAK;YAC5B,eAAe,EAAE,SAAS,CAAC,KAAK,KAAK,wBAAwB;gBAC3D,CAAC,CAAC,wBAAwB;gBAC1B,CAAC,CAAC,SAAS,CAAC,KAAK;YACnB,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,mBAAmB,EAAE,IAAA,sDAAkC,EAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC;YAC3E,iBAAiB;YACjB,qBAAqB;SACtB;QACD,OAAO,EAAE;YACP,QAAQ,EAAE;gBACR,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS;gBAC3C,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU;gBAC7C,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,cAAc;aACtD;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,WAAW,CACnB,cAAc,EAAE,cAAc,EAC9B,mBAAmB,EAAE,cAAc,EACnC,iBAAiB,EAAE,cAAc,EACjC,sBAAsB,EAAE,cAAc,CACvC;gBACD,IAAI,EAAE,WAAW,CACf,cAAc,EAAE,UAAU,EAC1B,mBAAmB,EAAE,UAAU,EAC/B,iBAAiB,EAAE,UAAU,EAC7B,sBAAsB,EAAE,UAAU,CACnC;gBACD,SAAS,EAAE,2BAA2B,IAAI,sBAAsB,IAAI,IAAI;aACzE;YACD,UAAU,EAAE;gBACV,KAAK,EAAE,WAAW,CAChB,cAAc,EAAE,eAAe,EAC/B,mBAAmB,EAAE,eAAe,EACpC,iBAAiB,EAAE,eAAe,EAClC,sBAAsB,EAAE,eAAe,CACxC;gBACD,WAAW,EAAE,WAAW,CACtB,cAAc,EAAE,eAAe,EAC/B,mBAAmB,EAAE,eAAe,EACpC,iBAAiB,EAAE,eAAe,EAClC,sBAAsB,EAAE,eAAe,CACxC;aACF;YACD,MAAM,EAAE;gBACN,qBAAqB,EAAE,WAAW,CAChC,cAAc,EAAE,qBAAqB,EACrC,mBAAmB,EAAE,qBAAqB,EAC1C,iBAAiB,EAAE,qBAAqB,EACxC,sBAAsB,EAAE,qBAAqB,CAC9C;gBACD,yBAAyB,EAAE,WAAW,CACpC,cAAc,EAAE,yBAAyB,EACzC,mBAAmB,EAAE,yBAAyB,EAC9C,iBAAiB,EAAE,yBAAyB,EAC5C,sBAAsB,EAAE,yBAAyB,CAClD;aACF;YACD,QAAQ,EAAE;gBACR,GAAG,EAAE,iBAAiB,CAAC,cAAc,CAAC;aACvC;SACF;QACD,OAAO,EAAE;YACP,iBAAiB,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK;YACxD,YAAY,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM;YACpD,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK;YAClD,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa;YAC5D,aAAa,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa;YAC5D,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM;SACxC;KACF,CAAC;AACJ,CAAC;AAED,SAAgB,0BAA0B,CACxC,GAAuB,EACvB,UAAqC,EAAE;IAEvC,MAAM,SAAS,GAAG,IAAA,+CAA2B,EAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,kBAAkB,GAAG,uBAAuB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE;QACpB,IAAI,EAAE,GAAG,CAAC,SAAS,CAAC,IAAI;QACxB,WAAW,EAAE,SAAS,CAAC,KAAK;QAC5B,mBAAmB,EAAE,IAAA,sDAAkC,EAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC;QAC3E,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,eAAe,EAAE,SAAS,CAAC,KAAK,KAAK,wBAAwB;YAC3D,CAAC,CAAC,wBAAwB;YAC1B,CAAC,CAAC,SAAS,CAAC,KAAK;QACnB,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;QAC5B,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,KAAK;QAC1B,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM;QAC5B,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK;QAC5C,QAAQ,EAAE,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU;QAC3C,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,UAAU;QACpC,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7E,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,KAAK;SACT,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;SACrC,MAAM,CAAC,CAAC,KAAK,EAAoC,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,iBAAiB,CACxB,KAA8B,EAC9B,gBAAkC;IAElC,MAAM,IAAI,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QACzE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;QACnB,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,OAAO,GAAG,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QAClF,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE;QACtB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,QAAQ,GAAG,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QACrF,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE;QACvB,CAAC,CAAC,gBAAgB,CAAC;IACrB,MAAM,IAAI,GAAG,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QACzE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;QACnB,CAAC,CAAC,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YAClE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE;YACrB,CAAC,CAAC,EAAE,CAAC;IAET,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC3C,CAAC;AAED,SAAgB,sCAAsC,CACpD,OAAuC;IAEvC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,MAAM,kBAAkB,GAAG,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC;SACzD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;SAChD,MAAM,CAAC,CAAC,KAAK,EAA8E,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IAEjH,MAAM,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC;SACvD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;SACjD,MAAM,CAAC,CAAC,KAAK,EAA8E,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IACjH,MAAM,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,aAAa,CAAC;SACvD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;SAChD,MAAM,CAAC,CAAC,KAAK,EAA8E,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IACjH,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;SAC7C,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;SAChD,MAAM,CAAC,CAAC,KAAK,EAA8E,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;IAEjH,MAAM,MAAM,GAAG,CAAC,GAAG,kBAAkB,CAAC,CAAC;IACvC,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAAU,EAAE;QAClD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,UAAU,IAAI,UAAU,KAAK,MAAM;YAAE,OAAO,OAAO,CAAC;QACjG,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,UAAU,IAAI,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,KAAK;YAAE,OAAO,MAAM,CAAC;QACrJ,OAAO,UAAU,CAAC;IACpB,CAAC,CAAC;IACF,MAAM,YAAY,GAAG,CAAC,KAAwE,EAAU,EAAE,CACxG,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,KAAK,iBAAiB,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;IAEzF,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACjE,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;QACrE,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IACxC,OAAO;QACL,GAAG,OAAO;QACV,UAAU,EAAE,MAAM;KACnB,CAAC;AACJ,CAAC;AAED,SAAgB,mCAAmC,CACjD,OAAuC;IAEvC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACvD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAE7C,MAAM,OAAO,GAAmC,EAAE,CAAC;IACnD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,MAAM,IAAI,GAAG,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC;YAClF,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,OAAO,GAAG,OAAO,UAAU,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxF,MAAM,IAAI,GAAG,OAAO,UAAU,CAAC,IAAI,KAAK,QAAQ;YAC9C,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE;YACxB,CAAC,CAAC,OAAO,UAAU,CAAC,MAAM,KAAK,QAAQ;gBACrC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE;gBAC1B,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/G,MAAM,KAAK,GAAG,cAAc,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,GAAG,GAAG,GAAG,IAAI,KAAK,IAAI,KAAK,IAAI,KAAK,OAAO,KAAK,UAAU,KAAK,IAAA,wBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1H,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM;QAAE,OAAO,OAAO,CAAC;IAC1D,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,OAAO;QACpB,cAAc,EAAE;YACd,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YACjD,kBAAkB,EAAE,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM;SACxD;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonical Finding Invariants (Phase 1 + Phase 3)
|
|
3
|
+
*
|
|
4
|
+
* Two responsibilities:
|
|
5
|
+
*
|
|
6
|
+
* 1. Architectural invariant enforcement (Phase 1):
|
|
7
|
+
* - Assert that policyViolations never contain structural:* rows
|
|
8
|
+
* - If violated, emit a deterministic console warning (never throw)
|
|
9
|
+
* - This guards against regressions where future code re-introduces the merge
|
|
10
|
+
*
|
|
11
|
+
* 2. Replay determinism (Phase 3):
|
|
12
|
+
* - computeCanonicalFindingChecksum(): deterministic SHA-256 over finding set
|
|
13
|
+
* - sortFindingsDeterministically(): canonical sort order for stable checksums
|
|
14
|
+
*
|
|
15
|
+
* Both functions are pure and dependency-free (only Node 'crypto').
|
|
16
|
+
*/
|
|
17
|
+
import type { GovernanceFinding } from '@neurcode-ai/contracts';
|
|
18
|
+
import type { RuleViolation } from '@neurcode-ai/policy-engine';
|
|
19
|
+
/**
|
|
20
|
+
* Assert that the policyViolations array contains no structural:* prefixed rows.
|
|
21
|
+
*
|
|
22
|
+
* Structural violations MUST flow only through `payload.structuralViolations`
|
|
23
|
+
* into the canonical pipeline. Structural rows in policyViolations cause
|
|
24
|
+
* cross-source duplicate GovernanceFinding objects.
|
|
25
|
+
*
|
|
26
|
+
* This guard emits a console.warn if violated — it NEVER throws. The intention
|
|
27
|
+
* is observability and regression detection, not hard failure. The pipeline's
|
|
28
|
+
* stripStructuralPolicyRows() provides the actual cleanup.
|
|
29
|
+
*
|
|
30
|
+
* @param violations The policyViolations array before it reaches the pipeline
|
|
31
|
+
* @param context Caller label for the warning message (e.g. 'verify:policy-only')
|
|
32
|
+
* @returns Count of structural rows found (0 = invariant holds)
|
|
33
|
+
*/
|
|
34
|
+
export declare function assertNoStructuralPolicyRows(violations: RuleViolation[], context: string): number;
|
|
35
|
+
/**
|
|
36
|
+
* Sort findings into a canonical deterministic order.
|
|
37
|
+
*
|
|
38
|
+
* Sort key (descending priority):
|
|
39
|
+
* 1. determinismClassification rank (descending — structural first)
|
|
40
|
+
* 2. severity rank (descending — BLOCKING first)
|
|
41
|
+
* 3. filePath (ascending — lexicographic)
|
|
42
|
+
* 4. line number (ascending)
|
|
43
|
+
* 5. id (ascending — stable tiebreaker)
|
|
44
|
+
*
|
|
45
|
+
* This order is stable across multiple runs on the same input, enabling
|
|
46
|
+
* reliable replay checksum comparison.
|
|
47
|
+
*
|
|
48
|
+
* NEVER mutates the input array — returns a new sorted array.
|
|
49
|
+
*/
|
|
50
|
+
export declare function sortFindingsDeterministically(findings: GovernanceFinding[]): GovernanceFinding[];
|
|
51
|
+
/**
|
|
52
|
+
* Compute a deterministic SHA-256 checksum over the canonical finding set.
|
|
53
|
+
*
|
|
54
|
+
* Checksum input is built from sorted findings:
|
|
55
|
+
* for each finding (in canonical sort order):
|
|
56
|
+
* id + '\x1e' + severity + '\x1e' + determinismClassification +
|
|
57
|
+
* '\x1e' + filePath + '\x1e' + line
|
|
58
|
+
* joined with '\x00'
|
|
59
|
+
*
|
|
60
|
+
* This checksum:
|
|
61
|
+
* - Changes if any finding is added, removed, or has severity/determinism changed
|
|
62
|
+
* - Changes if canonical ordering changes (sort key must be stable)
|
|
63
|
+
* - Is stable across process restarts on the same input
|
|
64
|
+
* - Is used to detect replay drift (same commit + diff + rules → same checksum)
|
|
65
|
+
*
|
|
66
|
+
* @param findings Raw findings from the canonical pipeline (NOT pre-sorted)
|
|
67
|
+
* @returns hex SHA-256 string (64 chars)
|
|
68
|
+
*/
|
|
69
|
+
export declare function computeCanonicalFindingChecksum(findings: GovernanceFinding[]): string;
|
|
70
|
+
/**
|
|
71
|
+
* Compare two sets of findings for replay equivalence.
|
|
72
|
+
*
|
|
73
|
+
* Returns a structured comparison result:
|
|
74
|
+
* - 'exact': checksums match — identical governance output
|
|
75
|
+
* - 'drift-detected': checksums differ — replay divergence
|
|
76
|
+
*
|
|
77
|
+
* @param baseline Findings from the baseline (e.g. cached) run
|
|
78
|
+
* @param replay Findings from the current run
|
|
79
|
+
*/
|
|
80
|
+
export declare function compareForReplayEquivalence(baseline: GovernanceFinding[], replay: GovernanceFinding[]): {
|
|
81
|
+
status: 'exact' | 'drift-detected';
|
|
82
|
+
baselineChecksum: string;
|
|
83
|
+
replayChecksum: string;
|
|
84
|
+
baselineCount: number;
|
|
85
|
+
replayCount: number;
|
|
86
|
+
driftDetails?: string;
|
|
87
|
+
};
|
|
88
|
+
//# sourceMappingURL=canonical-invariants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonical-invariants.d.ts","sourceRoot":"","sources":["../../src/governance/canonical-invariants.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAIhE;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,4BAA4B,CAC1C,UAAU,EAAE,aAAa,EAAE,EAC3B,OAAO,EAAE,MAAM,GACd,MAAM,CAYR;AA4BD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,iBAAiB,EAAE,CAyBhG;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,+BAA+B,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAgBrF;AAED;;;;;;;;;GASG;AACH,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,iBAAiB,EAAE,EAC7B,MAAM,EAAE,iBAAiB,EAAE,GAC1B;IACD,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAAC;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CA2CA"}
|
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Canonical Finding Invariants (Phase 1 + Phase 3)
|
|
4
|
+
*
|
|
5
|
+
* Two responsibilities:
|
|
6
|
+
*
|
|
7
|
+
* 1. Architectural invariant enforcement (Phase 1):
|
|
8
|
+
* - Assert that policyViolations never contain structural:* rows
|
|
9
|
+
* - If violated, emit a deterministic console warning (never throw)
|
|
10
|
+
* - This guards against regressions where future code re-introduces the merge
|
|
11
|
+
*
|
|
12
|
+
* 2. Replay determinism (Phase 3):
|
|
13
|
+
* - computeCanonicalFindingChecksum(): deterministic SHA-256 over finding set
|
|
14
|
+
* - sortFindingsDeterministically(): canonical sort order for stable checksums
|
|
15
|
+
*
|
|
16
|
+
* Both functions are pure and dependency-free (only Node 'crypto').
|
|
17
|
+
*/
|
|
18
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
19
|
+
exports.assertNoStructuralPolicyRows = assertNoStructuralPolicyRows;
|
|
20
|
+
exports.sortFindingsDeterministically = sortFindingsDeterministically;
|
|
21
|
+
exports.computeCanonicalFindingChecksum = computeCanonicalFindingChecksum;
|
|
22
|
+
exports.compareForReplayEquivalence = compareForReplayEquivalence;
|
|
23
|
+
const crypto_1 = require("crypto");
|
|
24
|
+
// ── Phase 1: Architectural invariant guard ────────────────────────────────────
|
|
25
|
+
/**
|
|
26
|
+
* Assert that the policyViolations array contains no structural:* prefixed rows.
|
|
27
|
+
*
|
|
28
|
+
* Structural violations MUST flow only through `payload.structuralViolations`
|
|
29
|
+
* into the canonical pipeline. Structural rows in policyViolations cause
|
|
30
|
+
* cross-source duplicate GovernanceFinding objects.
|
|
31
|
+
*
|
|
32
|
+
* This guard emits a console.warn if violated — it NEVER throws. The intention
|
|
33
|
+
* is observability and regression detection, not hard failure. The pipeline's
|
|
34
|
+
* stripStructuralPolicyRows() provides the actual cleanup.
|
|
35
|
+
*
|
|
36
|
+
* @param violations The policyViolations array before it reaches the pipeline
|
|
37
|
+
* @param context Caller label for the warning message (e.g. 'verify:policy-only')
|
|
38
|
+
* @returns Count of structural rows found (0 = invariant holds)
|
|
39
|
+
*/
|
|
40
|
+
function assertNoStructuralPolicyRows(violations, context) {
|
|
41
|
+
const leaked = violations.filter(v => String(v.rule ?? '').startsWith('structural:'));
|
|
42
|
+
if (leaked.length > 0) {
|
|
43
|
+
console.warn(`[neurcode/canonical-invariant] VIOLATION in ${context}: ` +
|
|
44
|
+
`${leaked.length} structural:* row(s) found in policyViolations. ` +
|
|
45
|
+
`These should flow exclusively through payload.structuralViolations. ` +
|
|
46
|
+
`Rows: ${leaked.map(v => v.rule).join(', ')}. ` +
|
|
47
|
+
`The canonical pipeline will strip them, but this represents a source-level duplication bug.`);
|
|
48
|
+
}
|
|
49
|
+
return leaked.length;
|
|
50
|
+
}
|
|
51
|
+
// ── Phase 3: Replay determinism ───────────────────────────────────────────────
|
|
52
|
+
/**
|
|
53
|
+
* Determinism rank for sorting (higher = more deterministic = sorted first).
|
|
54
|
+
* Identical to rankDeterminism in canonical-pipeline.ts — kept separate to
|
|
55
|
+
* avoid circular import.
|
|
56
|
+
*/
|
|
57
|
+
function rankDeterminism(d) {
|
|
58
|
+
switch (d) {
|
|
59
|
+
case 'deterministic-structural': return 4;
|
|
60
|
+
case 'deterministic-semantic': return 3;
|
|
61
|
+
case 'heuristic-advisory': return 2;
|
|
62
|
+
case 'llm-assisted-planning': return 1;
|
|
63
|
+
default: return 0;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
function rankSeverity(s) {
|
|
67
|
+
switch (s) {
|
|
68
|
+
case 'BLOCKING': return 3;
|
|
69
|
+
case 'ADVISORY': return 2;
|
|
70
|
+
case 'INFO': return 1;
|
|
71
|
+
default: return 0;
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
/**
|
|
75
|
+
* Sort findings into a canonical deterministic order.
|
|
76
|
+
*
|
|
77
|
+
* Sort key (descending priority):
|
|
78
|
+
* 1. determinismClassification rank (descending — structural first)
|
|
79
|
+
* 2. severity rank (descending — BLOCKING first)
|
|
80
|
+
* 3. filePath (ascending — lexicographic)
|
|
81
|
+
* 4. line number (ascending)
|
|
82
|
+
* 5. id (ascending — stable tiebreaker)
|
|
83
|
+
*
|
|
84
|
+
* This order is stable across multiple runs on the same input, enabling
|
|
85
|
+
* reliable replay checksum comparison.
|
|
86
|
+
*
|
|
87
|
+
* NEVER mutates the input array — returns a new sorted array.
|
|
88
|
+
*/
|
|
89
|
+
function sortFindingsDeterministically(findings) {
|
|
90
|
+
return [...findings].sort((a, b) => {
|
|
91
|
+
// 1. Determinism rank descending
|
|
92
|
+
const dA = rankDeterminism(a.determinismClassification);
|
|
93
|
+
const dB = rankDeterminism(b.determinismClassification);
|
|
94
|
+
if (dA !== dB)
|
|
95
|
+
return dB - dA;
|
|
96
|
+
// 2. Severity descending
|
|
97
|
+
const sA = rankSeverity(a.severity);
|
|
98
|
+
const sB = rankSeverity(b.severity);
|
|
99
|
+
if (sA !== sB)
|
|
100
|
+
return sB - sA;
|
|
101
|
+
// 3. File path ascending
|
|
102
|
+
const fA = a.evidence?.filePath ?? '';
|
|
103
|
+
const fB = b.evidence?.filePath ?? '';
|
|
104
|
+
if (fA !== fB)
|
|
105
|
+
return fA < fB ? -1 : 1;
|
|
106
|
+
// 4. Line number ascending
|
|
107
|
+
const lA = a.evidence?.line ?? 0;
|
|
108
|
+
const lB = b.evidence?.line ?? 0;
|
|
109
|
+
if (lA !== lB)
|
|
110
|
+
return lA - lB;
|
|
111
|
+
// 5. ID ascending (stable tiebreaker)
|
|
112
|
+
return a.id < b.id ? -1 : a.id > b.id ? 1 : 0;
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Compute a deterministic SHA-256 checksum over the canonical finding set.
|
|
117
|
+
*
|
|
118
|
+
* Checksum input is built from sorted findings:
|
|
119
|
+
* for each finding (in canonical sort order):
|
|
120
|
+
* id + '\x1e' + severity + '\x1e' + determinismClassification +
|
|
121
|
+
* '\x1e' + filePath + '\x1e' + line
|
|
122
|
+
* joined with '\x00'
|
|
123
|
+
*
|
|
124
|
+
* This checksum:
|
|
125
|
+
* - Changes if any finding is added, removed, or has severity/determinism changed
|
|
126
|
+
* - Changes if canonical ordering changes (sort key must be stable)
|
|
127
|
+
* - Is stable across process restarts on the same input
|
|
128
|
+
* - Is used to detect replay drift (same commit + diff + rules → same checksum)
|
|
129
|
+
*
|
|
130
|
+
* @param findings Raw findings from the canonical pipeline (NOT pre-sorted)
|
|
131
|
+
* @returns hex SHA-256 string (64 chars)
|
|
132
|
+
*/
|
|
133
|
+
function computeCanonicalFindingChecksum(findings) {
|
|
134
|
+
const sorted = sortFindingsDeterministically(findings);
|
|
135
|
+
const input = sorted
|
|
136
|
+
.map(f => [
|
|
137
|
+
f.id,
|
|
138
|
+
f.severity,
|
|
139
|
+
f.determinismClassification,
|
|
140
|
+
f.evidence?.filePath ?? '',
|
|
141
|
+
String(f.evidence?.line ?? 0),
|
|
142
|
+
].join('\x1e'))
|
|
143
|
+
.join('\x00');
|
|
144
|
+
return (0, crypto_1.createHash)('sha256').update(input, 'utf-8').digest('hex');
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Compare two sets of findings for replay equivalence.
|
|
148
|
+
*
|
|
149
|
+
* Returns a structured comparison result:
|
|
150
|
+
* - 'exact': checksums match — identical governance output
|
|
151
|
+
* - 'drift-detected': checksums differ — replay divergence
|
|
152
|
+
*
|
|
153
|
+
* @param baseline Findings from the baseline (e.g. cached) run
|
|
154
|
+
* @param replay Findings from the current run
|
|
155
|
+
*/
|
|
156
|
+
function compareForReplayEquivalence(baseline, replay) {
|
|
157
|
+
const baselineChecksum = computeCanonicalFindingChecksum(baseline);
|
|
158
|
+
const replayChecksum = computeCanonicalFindingChecksum(replay);
|
|
159
|
+
if (baselineChecksum === replayChecksum) {
|
|
160
|
+
return {
|
|
161
|
+
status: 'exact',
|
|
162
|
+
baselineChecksum,
|
|
163
|
+
replayChecksum,
|
|
164
|
+
baselineCount: baseline.length,
|
|
165
|
+
replayCount: replay.length,
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
// Drift detected — build detailed explanation
|
|
169
|
+
const baselineIds = new Set(baseline.map(f => f.id));
|
|
170
|
+
const replayIds = new Set(replay.map(f => f.id));
|
|
171
|
+
const added = replay.filter(f => !baselineIds.has(f.id)).map(f => f.id);
|
|
172
|
+
const removed = baseline.filter(f => !replayIds.has(f.id)).map(f => f.id);
|
|
173
|
+
// Findings present in both but with changed severity or determinism
|
|
174
|
+
const changed = [];
|
|
175
|
+
for (const bf of baseline) {
|
|
176
|
+
const rf = replay.find(f => f.id === bf.id);
|
|
177
|
+
if (rf && (rf.severity !== bf.severity || rf.determinismClassification !== bf.determinismClassification)) {
|
|
178
|
+
changed.push(`${bf.id}(sev:${bf.severity}→${rf.severity},det:${bf.determinismClassification}→${rf.determinismClassification})`);
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
const parts = [];
|
|
182
|
+
if (added.length > 0)
|
|
183
|
+
parts.push(`added=${added.length}[${added.slice(0, 3).join(',')}${added.length > 3 ? '...' : ''}]`);
|
|
184
|
+
if (removed.length > 0)
|
|
185
|
+
parts.push(`removed=${removed.length}[${removed.slice(0, 3).join(',')}${removed.length > 3 ? '...' : ''}]`);
|
|
186
|
+
if (changed.length > 0)
|
|
187
|
+
parts.push(`changed=${changed.length}[${changed.slice(0, 3).join(',')}${changed.length > 3 ? '...' : ''}]`);
|
|
188
|
+
return {
|
|
189
|
+
status: 'drift-detected',
|
|
190
|
+
baselineChecksum,
|
|
191
|
+
replayChecksum,
|
|
192
|
+
baselineCount: baseline.length,
|
|
193
|
+
replayCount: replay.length,
|
|
194
|
+
driftDetails: parts.join('; ') || 'checksum mismatch (unknown cause)',
|
|
195
|
+
};
|
|
196
|
+
}
|
|
197
|
+
//# sourceMappingURL=canonical-invariants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonical-invariants.js","sourceRoot":"","sources":["../../src/governance/canonical-invariants.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAuBH,oEAeC;AA2CD,sEAyBC;AAoBD,0EAgBC;AAYD,kEAqDC;AA7MD,mCAAoC;AAIpC,iFAAiF;AAEjF;;;;;;;;;;;;;;GAcG;AACH,SAAgB,4BAA4B,CAC1C,UAA2B,EAC3B,OAAe;IAEf,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACtF,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,IAAI,CACV,+CAA+C,OAAO,IAAI;YAC1D,GAAG,MAAM,CAAC,MAAM,kDAAkD;YAClE,sEAAsE;YACtE,SAAS,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YAC/C,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC;AACvB,CAAC;AAED,iFAAiF;AAEjF;;;;GAIG;AACH,SAAS,eAAe,CAAC,CAAS;IAChC,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,0BAA0B,CAAC,CAAE,OAAO,CAAC,CAAC;QAC3C,KAAK,wBAAwB,CAAC,CAAI,OAAO,CAAC,CAAC;QAC3C,KAAK,oBAAoB,CAAC,CAAQ,OAAO,CAAC,CAAC;QAC3C,KAAK,uBAAuB,CAAC,CAAK,OAAO,CAAC,CAAC;QAC3C,OAAO,CAAC,CAA0B,OAAO,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,UAAU,CAAC,CAAE,OAAO,CAAC,CAAC;QAC3B,KAAK,UAAU,CAAC,CAAE,OAAO,CAAC,CAAC;QAC3B,KAAK,MAAM,CAAC,CAAM,OAAO,CAAC,CAAC;QAC3B,OAAO,CAAC,CAAU,OAAO,CAAC,CAAC;IAC7B,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAgB,6BAA6B,CAAC,QAA6B;IACzE,OAAO,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACjC,iCAAiC;QACjC,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC;QACxD,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC;QACxD,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QAE9B,yBAAyB;QACzB,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACpC,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACpC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QAE9B,yBAAyB;QACzB,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,CAAC;QACtC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEvC,2BAA2B;QAC3B,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC;QACjC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QAE9B,sCAAsC;QACtC,OAAO,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,+BAA+B,CAAC,QAA6B;IAC3E,MAAM,MAAM,GAAG,6BAA6B,CAAC,QAAQ,CAAC,CAAC;IAEvD,MAAM,KAAK,GAAG,MAAM;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CACP;QACE,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC,QAAQ;QACV,CAAC,CAAC,yBAAyB;QAC3B,CAAC,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE;QAC1B,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,CAAC;KAC9B,CAAC,IAAI,CAAC,MAAM,CAAC,CACf;SACA,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,2BAA2B,CACzC,QAA6B,EAC7B,MAA2B;IAS3B,MAAM,gBAAgB,GAAG,+BAA+B,CAAC,QAAQ,CAAC,CAAC;IACnE,MAAM,cAAc,GAAK,+BAA+B,CAAC,MAAM,CAAC,CAAC;IAEjE,IAAI,gBAAgB,KAAK,cAAc,EAAE,CAAC;QACxC,OAAO;YACL,MAAM,EAAE,OAAO;YACf,gBAAgB;YAChB,cAAc;YACd,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,WAAW,EAAE,MAAM,CAAC,MAAM;SAC3B,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAK,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEnD,MAAM,KAAK,GAAK,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE1E,oEAAoE;IACpE,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5C,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,QAAQ,KAAK,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,yBAAyB,KAAK,EAAE,CAAC,yBAAyB,CAAC,EAAE,CAAC;YACzG,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC,QAAQ,QAAQ,EAAE,CAAC,yBAAyB,IAAI,EAAE,CAAC,yBAAyB,GAAG,CAAC,CAAC;QAClI,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAI,KAAK,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5H,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpI,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEpI,OAAO;QACL,MAAM,EAAE,gBAAgB;QACxB,gBAAgB;QAChB,cAAc;QACd,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,mCAAmC;KACtE,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonical Deterministic Ordering (Phase 1 — Canonical Deterministic Ordering)
|
|
3
|
+
*
|
|
4
|
+
* Single source of truth for finding sort order across:
|
|
5
|
+
* - replayChecksum generation
|
|
6
|
+
* - provenance serialization
|
|
7
|
+
* - governance envelope emission
|
|
8
|
+
* - telemetry harvesting
|
|
9
|
+
*
|
|
10
|
+
* INVARIANT:
|
|
11
|
+
* Any two invocations on the same logical finding set MUST produce
|
|
12
|
+
* the same ordered array, regardless of:
|
|
13
|
+
* - filesystem traversal order
|
|
14
|
+
* - async execution timing
|
|
15
|
+
* - insertion order
|
|
16
|
+
* - Map iteration order
|
|
17
|
+
* - Object.keys() order
|
|
18
|
+
*
|
|
19
|
+
* Canonical sort key (evaluated in priority order):
|
|
20
|
+
* 1. severity (BLOCKING > ADVISORY > INFO > unknown)
|
|
21
|
+
* 2. determinismClassification (deterministic-structural > deterministic-semantic
|
|
22
|
+
* > heuristic-advisory > llm-assisted-planning > unknown)
|
|
23
|
+
* 3. ruleId (ascending lexicographic)
|
|
24
|
+
* 4. filePath (ascending lexicographic, normalized to forward slashes)
|
|
25
|
+
* 5. line (ascending numeric, missing = 0)
|
|
26
|
+
* 6. column (ascending numeric, missing = 0)
|
|
27
|
+
* 7. findingId (ascending lexicographic — stable tiebreaker, always unique)
|
|
28
|
+
*
|
|
29
|
+
* These rules ensure a total order: no two distinct findings can be equal on
|
|
30
|
+
* all 7 keys simultaneously (findingId is always unique by construction).
|
|
31
|
+
*/
|
|
32
|
+
import type { GovernanceFinding } from '@neurcode-ai/contracts';
|
|
33
|
+
/**
|
|
34
|
+
* Compute the canonical ordering key for a single finding.
|
|
35
|
+
*
|
|
36
|
+
* Returns a tuple whose elements, compared left-to-right, produce the
|
|
37
|
+
* canonical ordering defined above. Useful for inspection and testing.
|
|
38
|
+
*
|
|
39
|
+
* Format: [severityRank, determinismRank, ruleId, filePath, line, column, id]
|
|
40
|
+
*/
|
|
41
|
+
export declare function canonicalFindingOrderingKey(f: GovernanceFinding): readonly [
|
|
42
|
+
number,
|
|
43
|
+
number,
|
|
44
|
+
string,
|
|
45
|
+
string,
|
|
46
|
+
number,
|
|
47
|
+
number,
|
|
48
|
+
string
|
|
49
|
+
];
|
|
50
|
+
/**
|
|
51
|
+
* Sort findings into the canonical deterministic order.
|
|
52
|
+
*
|
|
53
|
+
* Properties:
|
|
54
|
+
* - Pure function — NEVER mutates the input array
|
|
55
|
+
* - Stable across process restarts for identical inputs
|
|
56
|
+
* - Independent of insertion order, Map iteration, filesystem traversal
|
|
57
|
+
* - Total order — no two distinct findings can compare as equal
|
|
58
|
+
*
|
|
59
|
+
* @param findings Any array of GovernanceFinding (may be in any order)
|
|
60
|
+
* @returns New sorted array (input is not mutated)
|
|
61
|
+
*/
|
|
62
|
+
export declare function sortCanonicalFindingsStable(findings: GovernanceFinding[]): GovernanceFinding[];
|
|
63
|
+
/**
|
|
64
|
+
* Validate that a finding array is already in canonical order.
|
|
65
|
+
*
|
|
66
|
+
* Returns the index of the first out-of-order finding pair, or -1 if
|
|
67
|
+
* the array is already sorted. Used for invariant checking.
|
|
68
|
+
*
|
|
69
|
+
* Emits a console.warn if ordering drift is detected.
|
|
70
|
+
*
|
|
71
|
+
* @param findings Array to validate (not mutated)
|
|
72
|
+
* @param context Caller label for the warning (e.g. 'envelope-emit')
|
|
73
|
+
* @returns Index of first violation, or -1 if canonical
|
|
74
|
+
*/
|
|
75
|
+
export declare function validateCanonicalOrder(findings: GovernanceFinding[], context: string): number;
|
|
76
|
+
//# sourceMappingURL=canonical-ordering.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonical-ordering.d.ts","sourceRoot":"","sources":["../../src/governance/canonical-ordering.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAsChE;;;;;;;GAOG;AACH,wBAAgB,2BAA2B,CAAC,CAAC,EAAE,iBAAiB,GAAG,SAAS;IAC1E,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;CACvD,CAUA;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,iBAAiB,EAAE,CAmC9F;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,iBAAiB,EAAE,EAC7B,OAAO,EAAE,MAAM,GACd,MAAM,CA2CR"}
|