@neurcode-ai/contracts 0.1.1 → 0.1.3

package/dist/status-vocabulary.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ONBOARDING_HINTS = exports.DAEMON_ERROR_CODES = exports.CONFIDENCE_LABELS = exports.VERIFICATION_SUMMARY_LABELS = exports.SEVERITY_LABELS = exports.STATUS_TERMS = exports.STATUS_VOCABULARY_VERSION = void 0;
+exports.statusTerm = statusTerm;
+exports.severityLabel = severityLabel;
+exports.toPatchStateLabel = toPatchStateLabel;
+exports.toRetrySafeMessage = toRetrySafeMessage;
+exports.toManualReviewMessage = toManualReviewMessage;
+exports.toVerificationCompleteTitle = toVerificationCompleteTitle;
+exports.toVerificationSummaryLabel = toVerificationSummaryLabel;
+exports.STATUS_VOCABULARY_VERSION = 'neurcode.status.v1';
+exports.STATUS_TERMS = {
+    verificationComplete: 'Verification Complete',
+    safePatchApplied: 'Safe Patch Applied',
+    patchRejected: 'Patch Rejected',
+    rollbackAvailable: 'Rollback Available',
+    rollbackApplied: 'Rollback Applied',
+    replayAvailable: 'Replay Available',
+    evidenceGenerated: 'Evidence Generated',
+    manualReviewRecommended: 'Manual Review Recommended',
+    filesystemChangedSincePreview: 'Filesystem Changed Since Preview',
+    transactionVerified: 'Transaction Verified',
+    retrySafe: 'Retry Safe',
+};
+exports.SEVERITY_LABELS = {
+    critical: 'Critical',
+    blocking: 'Blocking',
+    high: 'High',
+    advisory: 'Advisory',
+    medium: 'Medium',
+    warning: 'Warning',
+    low: 'Low',
+    info: 'Info',
+};
+exports.VERIFICATION_SUMMARY_LABELS = {
+    clean: exports.STATUS_TERMS.verificationComplete,
+    issues: 'Verification Findings Detected',
+    partial: 'Verification Partially Complete',
+    failed: 'Verification Failed',
+};
+exports.CONFIDENCE_LABELS = {
+    HIGH: 'HIGH confidence',
+    MEDIUM: 'MEDIUM confidence',
+    LOW: 'LOW confidence',
+};
+function statusTerm(key) {
+    return exports.STATUS_TERMS[key];
+}
+function severityLabel(severity) {
+    return exports.SEVERITY_LABELS[severity];
+}
+function toPatchStateLabel(state) {
+    if (state === 'applied')
+        return exports.STATUS_TERMS.safePatchApplied;
+    if (state === 'partial')
+        return `${exports.STATUS_TERMS.safePatchApplied} · ${exports.STATUS_TERMS.manualReviewRecommended}`;
+    if (state === 'stale_preview' || state === 'filesystem_changed_since_preview') {
+        return exports.STATUS_TERMS.filesystemChangedSincePreview;
+    }
+    if (state === 'rollback_applied')
+        return exports.STATUS_TERMS.rollbackApplied;
+    if (state === 'rollback_stale')
+        return `${exports.STATUS_TERMS.patchRejected} · ${exports.STATUS_TERMS.filesystemChangedSincePreview}`;
+    if (state === 'rollback_rejected')
+        return exports.STATUS_TERMS.patchRejected;
+    return exports.STATUS_TERMS.patchRejected;
+}
+function toRetrySafeMessage(context) {
+    return `${context}. ${exports.STATUS_TERMS.retrySafe}.`;
+}
+function toManualReviewMessage(context) {
+    return `${exports.STATUS_TERMS.manualReviewRecommended}: ${context}`;
+}
+function toVerificationCompleteTitle(confidenceSuffix = '') {
+    return `${exports.STATUS_TERMS.verificationComplete}${confidenceSuffix}`;
+}
+function toVerificationSummaryLabel(state) {
+    return exports.VERIFICATION_SUMMARY_LABELS[state];
+}
+exports.DAEMON_ERROR_CODES = {
+    badRequest: 'daemon.bad_request',
+    unauthorized: 'daemon.unauthorized',
+    forbidden: 'daemon.forbidden',
+    notFound: 'daemon.not_found',
+    routeNotFound: 'daemon.route_not_found',
+    timeout: 'daemon.timeout',
+    conflict: 'daemon.conflict',
+    validationFailed: 'daemon.validation_failed',
+    rateLimited: 'daemon.rate_limited',
+    internalError: 'daemon.internal_error',
+    unknown: 'daemon.error',
+};
+exports.ONBOARDING_HINTS = [
+    'Run your first verification',
+    'Review findings',
+    'Preview deterministic patch',
+    'Apply safe patch',
+    'View evidence',
+    'Replay execution history',
+];
+//# sourceMappingURL=status-vocabulary.js.map

package/dist/status-vocabulary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-vocabulary.js","sourceRoot":"","sources":["../src/status-vocabulary.ts"],"names":[],"mappings":";;;AAiEA,gCAEC;AAED,sCAEC;AAED,8CAUC;AAED,gDAEC;AAED,sDAEC;AAED,kEAEC;AAED,gEAEC;AAnGY,QAAA,yBAAyB,GAAG,oBAAoB,CAAC;AAEjD,QAAA,YAAY,GAAG;IAC1B,oBAAoB,EAAE,uBAAuB;IAC7C,gBAAgB,EAAE,oBAAoB;IACtC,aAAa,EAAE,gBAAgB;IAC/B,iBAAiB,EAAE,oBAAoB;IACvC,eAAe,EAAE,kBAAkB;IACnC,eAAe,EAAE,kBAAkB;IACnC,iBAAiB,EAAE,oBAAoB;IACvC,uBAAuB,EAAE,2BAA2B;IACpD,6BAA6B,EAAE,kCAAkC;IACjE,mBAAmB,EAAE,sBAAsB;IAC3C,SAAS,EAAE,YAAY;CACf,CAAC;AAaE,QAAA,eAAe,GAAkC;IAC5D,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,QAAQ,EAAE,UAAU;IACpB,MAAM,EAAE,QAAQ;IAChB,OAAO,EAAE,SAAS;IAClB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACb,CAAC;AAIW,QAAA,2BAA2B,GAA6C;IACnF,KAAK,EAAE,oBAAY,CAAC,oBAAoB;IACxC,MAAM,EAAE,gCAAgC;IACxC,OAAO,EAAE,iCAAiC;IAC1C,MAAM,EAAE,qBAAqB;CAC9B,CAAC;AAcW,QAAA,iBAAiB,GAAoC;IAChE,IAAI,EAAE,iBAAiB;IACvB,MAAM,EAAE,mBAAmB;IAC3B,GAAG,EAAE,gBAAgB;CACtB,CAAC;AAEF,SAAgB,UAAU,CAAC,GAAkB;IAC3C,OAAO,oBAAY,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,SAAgB,aAAa,CAAC,QAAuB;IACnD,OAAO,uBAAe,CAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED,SAAgB,iBAAiB,CAAC,KAAiB;IACjD,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,oBAAY,CAAC,gBAAgB,CAAC;IAC9D,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,GAAG,oBAAY,CAAC,gBAAgB,MAAM,oBAAY,CAAC,uBAAuB,EAAE,CAAC;IAC7G,IAAI,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,kCAAkC,EAAE,CAAC;QAC9E,OAAO,oBAAY,CAAC,6BAA6B,CAAC;IACpD,CAAC;IACD,IAAI,KAAK,KAAK,kBAAkB;QAAE,OAAO,oBAAY,CAAC,eAAe,CAAC;IACtE,IAAI,KAAK,KAAK,gBAAgB;QAAE,OAAO,GAAG,oBAAY,CAAC,aAAa,MAAM,oBAAY,CAAC,6BAA6B,EAAE,CAAC;IACvH,IAAI,KAAK,KAAK,mBAAmB;QAAE,OAAO,oBAAY,CAAC,aAAa,CAAC;IACrE,OAAO,oBAAY,CAAC,aAAa,CAAC;AACpC,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe;IAChD,OAAO,GAAG,OAAO,KAAK,oBAAY,CAAC,SAAS,GAAG,CAAC;AAClD,CAAC;AAED,SAAgB,qBAAqB,CAAC,OAAe;IACnD,OAAO,GAAG,oBAAY,CAAC,uBAAuB,KAAK,OAAO,EAAE,CAAC;AAC/D,CAAC;AAED,SAAgB,2BAA2B,CAAC,gBAAgB,GAAG,EAAE;IAC/D,OAAO,GAAG,oBAAY,CAAC,oBAAoB,GAAG,gBAAgB,EAAE,CAAC;AACnE,CAAC;AAED,SAAgB,0BAA0B,CAAC,KAA+B;IACxE,OAAO,mCAA2B,CAAC,KAAK,CAAC,CAAC;AAC5C,CAAC;AAEY,QAAA,kBAAkB,GAAG;IAChC,UAAU,EAAE,oBAAoB;IAChC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,QAAQ,EAAE,kBAAkB;IAC5B,aAAa,EAAE,wBAAwB;IACvC,OAAO,EAAE,gBAAgB;IACzB,QAAQ,EAAE,iBAAiB;IAC3B,gBAAgB,EAAE,0BAA0B;IAC5C,WAAW,EAAE,qBAAqB;IAClC,aAAa,EAAE,uBAAuB;IACtC,OAAO,EAAE,cAAc;CACf,CAAC;AAIE,QAAA,gBAAgB,GAAG;IAC9B,6BAA6B;IAC7B,iBAAiB;IACjB,6BAA6B;IAC7B,kBAAkB;IAClB,eAAe;IACf,0BAA0B;CAClB,CAAC"}

package/dist/verification/canonical-finding.d.ts

@@ -0,0 +1,171 @@
+import type { DeterminismClassification, GovernanceFindingCategory, GovernanceSourceSystem } from './taxonomy';
+import { GOVERNANCE_FINDINGS_SCHEMA_VERSION } from './taxonomy';
+import type { GovernancePipelineSummary } from './pipeline';
+export type GovernanceSeverity = 'BLOCKING' | 'ADVISORY' | 'INFO';
+export interface GovernanceEvidence {
+    /** Human-readable excerpt (code, diff line, policy excerpt). */
+    excerpt: string;
+    /** Stable machine hint: AST path, regex id, policy rule type, etc. */
+    structuralHint?: string;
+    line?: number;
+    column?: number;
+    filePath?: string;
+}
+export interface GovernanceReplayMetadata {
+    evidenceArtifactRef?: string;
+    executionRecordRef?: string;
+    snapshotIds?: string[];
+    /** True when replay used only immutable artifacts with matching digests. */
+    reconstructedExactly?: boolean;
+    /** Present when bounded degradation occurred (truncation, missing artifact, etc.). */
+    boundedDegradation?: string[];
+}
+export interface GovernanceProvenanceMetadata {
+    runId?: string;
+    planId?: string | null;
+    verificationSource?: string;
+    policyLockFingerprint?: string | null;
+    compiledPolicyFingerprint?: string | null;
+    generatedAt?: string;
+    /**
+     * Canonical pipeline stage that emitted this finding. Additive lineage —
+     * never participates in the finding identity or the replay checksum, but
+     * threads governance computation provenance through to dashboards and audit.
+     */
+    producedByStage?: string;
+}
+export interface GovernanceSuppressionMetadata {
+    suppressed: boolean;
+    directive?: string;
+    exceptionId?: string;
+    reason?: string;
+}
+export interface GovernanceGraphMetadata {
+    edgeVia?: string;
+    fromRepo?: string;
+    toRepo?: string;
+    confidence?: 'high' | 'medium' | 'low';
+    traversalDepth?: number;
+    /** Explicit incompleteness — never omit when graph was capped. */
+    truncated?: boolean;
+    truncationReason?: string;
+}
+export interface GovernanceSemanticMetadata {
+    retrievalMethod?: 'deterministic-graph' | 'deterministic-tfidf' | 'heuristic-expansion';
+    matchedTerms?: string[];
+    tfidfScore?: number;
+    corpusCoverageRatio?: number;
+    indexTruncated?: boolean;
+    documentsIndexed?: number;
+    documentsCap?: number;
+}
+export interface GovernanceStructuralMetadata {
+    ruleId: string;
+    ruleName?: string;
+    policyRef?: string;
+    language?: string;
+    astNodeType?: string;
+}
+/**
+ * Canonical normalized finding — single source of truth across CLI, CI, replay, dashboards.
+ */
+export interface GovernanceFinding {
+    /** Deterministic id: sha256-128 of stable fields, or caller-supplied stable id. */
+    id: string;
+    category: GovernanceFindingCategory;
+    sourceSystem: GovernanceSourceSystem;
+    determinismClassification: DeterminismClassification;
+    severity: GovernanceSeverity;
+    /** 0–1; structural deterministic often 0.85–1.0; heuristics lower. */
+    confidence: number;
+    title: string;
+    evidence: GovernanceEvidence;
+    operationalImplication: string;
+    remediation: string;
+    replayMetadata?: GovernanceReplayMetadata;
+    provenanceMetadata?: GovernanceProvenanceMetadata;
+    suppressionMetadata?: GovernanceSuppressionMetadata;
+    graphMetadata?: GovernanceGraphMetadata;
+    semanticMetadata?: GovernanceSemanticMetadata;
+    structuralMetadata?: GovernanceStructuralMetadata;
+    /**
+     * When multiple raw signals were merged for reviewer compression.
+     * Primary finding keeps merged* fields; sources list contributing ids.
+     */
+    mergedFrom?: string[];
+}
+/**
+ * Replay reconstruction status.
+ *
+ * exact              - checksums match, identical governance output
+ * bounded-degradation - minor mismatch (e.g. missing artifact) but not a hard failure
+ * drift-detected     - HARD FAILURE: same commit + diff + rules produced different output.
+ *                      Checksum mismatch. Must be investigated before any governance trust.
+ */
+export type ReplayReconstructionStatus = 'exact' | 'bounded-degradation' | 'drift-detected';
+/**
+ * Phase 2: Typed drift reason taxonomy for replay integrity analysis.
+ *
+ * Each reason maps to a specific class of replay failure:
+ *   finding-order-drift   - findings appear in different canonical order
+ *   severity-drift        - a finding changed severity between runs
+ *   determinism-drift     - a finding changed determinismClassification
+ *   provenance-drift      - provenance metadata differs between runs
+ *   suppression-drift     - suppression state changed between runs
+ *   checksum-drift        - top-level replayChecksum mismatch (composite signal)
+ *   missing-finding       - finding present in baseline but absent in replay
+ *   extra-finding         - finding present in replay but absent in baseline
+ */
+export type ReplayIntegrityDriftReason = 'finding-order-drift' | 'severity-drift' | 'determinism-drift' | 'provenance-drift' | 'suppression-drift' | 'checksum-drift' | 'missing-finding' | 'extra-finding';
+export interface GovernanceReplayIntegrity {
+    status: ReplayReconstructionStatus;
+    missingArtifacts: string[];
+    provenanceMismatches: string[];
+    graphMismatches: string[];
+    semanticTruncationMismatches: string[];
+    notes: string[];
+    /** Phase 2: Typed drift reasons — empty if status === 'exact'. */
+    driftReasons?: ReplayIntegrityDriftReason[];
+}
+export interface GovernanceVerificationEnvelope {
+    schemaVersion: typeof GOVERNANCE_FINDINGS_SCHEMA_VERSION;
+    generatedAt: string;
+    findings: GovernanceFinding[];
+    /** Count of raw findings folded into merged clusters. */
+    compressedDuplicateCount: number;
+    /**
+     * Phase 6: Total count of cross-source-system duplicates absorbed into
+     * canonical finding identities. Equals compressedDuplicateCount but named
+     * explicitly for telemetry readability.
+     */
+    deduplicatedFindingCount?: number;
+    /**
+     * Phase 2: Count of findings demoted from BLOCKING to ADVISORY because they
+     * exist on unmodified (historical) lines. Visible for CI reporting.
+     */
+    legacyDebtFindingCount?: number;
+    /**
+     * Phase 3: Deterministic replay checksum.
+     * SHA-256 over the canonically sorted finding set (id + severity + determinism + file + line).
+     * Same commit + same diff + same rules MUST produce the same checksum.
+     * A mismatch between two runs with identical inputs indicates replay drift (trust failure).
+     */
+    replayChecksum?: string;
+    replayIntegrity?: GovernanceReplayIntegrity;
+    /** Pilot / operational summary lines (high-signal, not verbose). */
+    reviewerSummary?: string[];
+    /**
+     * Canonical governance pipeline summary — stage execution ledger surface.
+     *
+     * Additive observability. Excluded by design from:
+     *   - `replayChecksum` (computed only from finding-set fields)
+     *   - finding identity (`GovernanceFinding.id`)
+     *   - canonical sort order
+     *
+     * Present when verify ran with the staged pipeline runtime. Consumers
+     * (dashboards, audit replay, SLO gates) read this to explain HOW
+     * governance computation occurred. Absent on legacy / older-CLI envelopes.
+     */
+    pipelineSummary?: GovernancePipelineSummary;
+}
+//# sourceMappingURL=canonical-finding.d.ts.map

package/dist/verification/canonical-finding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-finding.d.ts","sourceRoot":"","sources":["../../src/verification/canonical-finding.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,yBAAyB,EACzB,yBAAyB,EACzB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,kCAAkC,EAAE,MAAM,YAAY,CAAC;AAChE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE5D,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,OAAO,EAAE,MAAM,CAAC;IAChB,sEAAsE;IACtE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,wBAAwB;IACvC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,4EAA4E;IAC5E,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,sFAAsF;IACtF,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,yBAAyB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,6BAA6B;IAC5C,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kEAAkE;IAClE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,0BAA0B;IACzC,eAAe,CAAC,EAAE,qBAAqB,GAAG,qBAAqB,GAAG,qBAAqB,CAAC;IACxF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mFAAmF;IACnF,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,yBAAyB,CAAC;IACpC,YAAY,EAAE,sBAAsB,CAAC;IACrC,yBAAyB,EAAE,yBAAyB,CAAC;IACrD,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,sEAAsE;IACtE,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,wBAAwB,CAAC;IAC1C,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;IACpD,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,gBAAgB,CAAC,EAAE,0BAA0B,CAAC;IAC9C,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,0BAA0B,GAAG,OAAO,GAAG,qBAAqB,GAAG,gBAAgB,CAAC;AAE5F;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,0BAA0B,GAClC,qBAAqB,GACrB,gBAAgB,GAChB,mBAAmB,GACnB,kBAAkB,GAClB,mBAAmB,GACnB,gBAAgB,GAChB,iBAAiB,GACjB,eAAe,CAAC;AAEpB,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,0BAA0B,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,4BAA4B,EAAE,MAAM,EAAE,CAAC;IACvC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,kEAAkE;IAClE,YAAY,CAAC,EAAE,0BAA0B,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,8BAA8B;IAC7C,aAAa,EAAE,OAAO,kCAAkC,CAAC;IACzD,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,yDAAyD;IACzD,wBAAwB,EAAE,MAAM,CAAC;IACjC;;;;OAIG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,yBAAyB,CAAC;IAC5C,oEAAoE;IACpE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,EAAE,yBAAyB,CAAC;CAC7C"}

package/dist/verification/canonical-finding.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=canonical-finding.js.map

package/dist/verification/canonical-finding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-finding.js","sourceRoot":"","sources":["../../src/verification/canonical-finding.ts"],"names":[],"mappings":""}

package/dist/verification/index.d.ts

@@ -0,0 +1,6 @@
+export type { DeterminismClassification, GovernanceFindingCategory, GovernanceSourceSystem, } from './taxonomy';
+export { GOVERNANCE_FINDINGS_SCHEMA_VERSION, isDeterminismClassification, } from './taxonomy';
+export type { GovernanceEvidence, GovernanceFinding, GovernanceGraphMetadata, GovernanceProvenanceMetadata, GovernanceReplayIntegrity, GovernanceReplayMetadata, GovernanceSemanticMetadata, GovernanceSeverity, GovernanceStructuralMetadata, GovernanceSuppressionMetadata, GovernanceVerificationEnvelope, ReplayIntegrityDriftReason, ReplayReconstructionStatus, } from './canonical-finding';
+export type { GovernancePipelineSummary, GovernanceStageBoundary, GovernanceStageFailure, GovernanceStageFailureCategory, GovernanceStageId, GovernanceStageMetrics, GovernanceStageReplayMetadata, GovernanceStageResult, GovernanceStageStatus, GovernanceStageSummary, } from './pipeline';
+export { GOVERNANCE_PIPELINE_SCHEMA_VERSION, GOVERNANCE_STAGE_ORDER, isGovernanceStageId, } from './pipeline';
+//# sourceMappingURL=index.d.ts.map

package/dist/verification/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,yBAAyB,EACzB,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kCAAkC,EAClC,2BAA2B,GAC5B,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,EACvB,4BAA4B,EAC5B,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,EAC1B,kBAAkB,EAClB,4BAA4B,EAC5B,6BAA6B,EAC7B,8BAA8B,EAC9B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,yBAAyB,EACzB,uBAAuB,EACvB,sBAAsB,EACtB,8BAA8B,EAC9B,iBAAiB,EACjB,sBAAsB,EACtB,6BAA6B,EAC7B,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kCAAkC,EAClC,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,YAAY,CAAC"}

package/dist/verification/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isGovernanceStageId = exports.GOVERNANCE_STAGE_ORDER = exports.GOVERNANCE_PIPELINE_SCHEMA_VERSION = exports.isDeterminismClassification = exports.GOVERNANCE_FINDINGS_SCHEMA_VERSION = void 0;
+var taxonomy_1 = require("./taxonomy");
+Object.defineProperty(exports, "GOVERNANCE_FINDINGS_SCHEMA_VERSION", { enumerable: true, get: function () { return taxonomy_1.GOVERNANCE_FINDINGS_SCHEMA_VERSION; } });
+Object.defineProperty(exports, "isDeterminismClassification", { enumerable: true, get: function () { return taxonomy_1.isDeterminismClassification; } });
+var pipeline_1 = require("./pipeline");
+Object.defineProperty(exports, "GOVERNANCE_PIPELINE_SCHEMA_VERSION", { enumerable: true, get: function () { return pipeline_1.GOVERNANCE_PIPELINE_SCHEMA_VERSION; } });
+Object.defineProperty(exports, "GOVERNANCE_STAGE_ORDER", { enumerable: true, get: function () { return pipeline_1.GOVERNANCE_STAGE_ORDER; } });
+Object.defineProperty(exports, "isGovernanceStageId", { enumerable: true, get: function () { return pipeline_1.isGovernanceStageId; } });
+//# sourceMappingURL=index.js.map

package/dist/verification/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":";;;AAKA,uCAGoB;AAFlB,8HAAA,kCAAkC,OAAA;AAClC,uHAAA,2BAA2B,OAAA;AA6B7B,uCAIoB;AAHlB,8HAAA,kCAAkC,OAAA;AAClC,kHAAA,sBAAsB,OAAA;AACtB,+GAAA,mBAAmB,OAAA"}

package/dist/verification/pipeline.d.ts

@@ -0,0 +1,134 @@
+/**
+ * Canonical Governance Pipeline Contracts
+ * ----------------------------------------
+ * Shared, immutable types describing the staged decomposition of the verify runtime.
+ *
+ * These contracts are ADDITIVE. They do not replace, mutate, or re-encode the canonical
+ * governance envelope (`GovernanceVerificationEnvelope`), the finding identity scheme,
+ * or the replay checksum. Stage metadata flows alongside the envelope as an
+ * out-of-band observability + replay-reconstruction surface.
+ *
+ * Design invariants:
+ *   - Stage IDs are a closed set. Adding a new stage requires bumping the schema version.
+ *   - Stage metadata never carries excerpts, file content, or PII.
+ *   - Stage fingerprints are computed from stable identifiers — never wall-clock timestamps.
+ *   - A stage's `replay.outputFingerprint` is independent of `replayChecksum`; the two
+ *     are consistent but serve different audiences (stage lineage vs. envelope identity).
+ */
+import type { DeterminismClassification } from './taxonomy';
+/**
+ * Closed set of canonical governance pipeline stage identifiers.
+ *
+ * The order of declaration is the canonical execution order. Consumers MUST treat
+ * this list as the authoritative pipeline definition for replay reconstruction
+ * and explainability dashboards.
+ */
+export type GovernanceStageId = 'diff-normalization' | 'plan-sync' | 'policy-lock' | 'compiled-policy' | 'policy-exceptions' | 'structural-analysis' | 'runtime-guard' | 'intent-evaluation' | 'semantic-analysis' | 'policy-evaluation' | 'suppression-evaluation' | 'advisory-signals' | 'change-contract' | 'ai-debt-budget' | 'governance-synthesis' | 'provenance-generation' | 'replay-integrity' | 'remediation-export-preparation' | 'evidence-generation' | 'telemetry-harvest' | 'ci-shaping' | 'output-rendering';
+/**
+ * Terminal state for a stage execution. `degraded` means the stage produced output
+ * but a non-fatal anomaly was observed (e.g. truncation, partial dependency).
+ */
+export type GovernanceStageStatus = 'succeeded' | 'skipped' | 'degraded' | 'failed';
+/**
+ * Stage failure category. Maps to operator-visible runbooks and replay annotations.
+ */
+export type GovernanceStageFailureCategory = 'timeout' | 'exception' | 'invariant-violation' | 'degraded-dependency' | 'aborted-precondition';
+export interface GovernanceStageMetrics {
+    /** Stage wall-clock duration in milliseconds. */
+    durationMs: number;
+    /** Size of the stage input as a stable item count (e.g. diff files, rules). Optional. */
+    inputItemCount?: number;
+    /** Size of the stage output as a stable item count (e.g. findings produced). Optional. */
+    outputItemCount?: number;
+    /** Delta of `process.memoryUsage().heapUsed` across the stage. Optional. */
+    memoryDeltaBytes?: number;
+}
+export interface GovernanceStageReplayMetadata {
+    stageId: GovernanceStageId;
+    /** Determinism classification of the stage itself (matches the most-deterministic finding it can emit). */
+    determinism: DeterminismClassification;
+    /** SHA-256 fingerprint of stage input, computed from stable identifiers only. */
+    inputFingerprint?: string;
+    /** SHA-256 fingerprint of stage output, computed from stable identifiers only. */
+    outputFingerprint?: string;
+    /** Stage IDs whose successful completion was a precondition for this stage. */
+    dependsOn: GovernanceStageId[];
+    /** Stage start time as an ISO-8601 timestamp. NOT included in fingerprints. */
+    startedAt: string;
+    /** Stage finish time as an ISO-8601 timestamp. NOT included in fingerprints. */
+    finishedAt: string;
+}
+export interface GovernanceStageFailure {
+    category: GovernanceStageFailureCategory;
+    /** Stable, PII-free message. Never includes source excerpts. */
+    message: string;
+    /** True when the rest of the pipeline can proceed in a degraded mode. */
+    recoverable: boolean;
+}
+/**
+ * Boundary policy declared by a stage. The pipeline runtime uses this to decide
+ * how to respond to failure (abort vs. degrade) and which stages must run first.
+ */
+export interface GovernanceStageBoundary {
+    /** When true, the stage failing is reported but does NOT abort downstream stages. */
+    isolateFailure: boolean;
+    /** When true, the stage is required for governance correctness. */
+    required: boolean;
+    /** Stage IDs whose successful completion is required before this stage may execute. */
+    dependencies: GovernanceStageId[];
+}
+/**
+ * Single-stage execution receipt. Persisted alongside the canonical envelope and
+ * consumed by replay reconstruction, observability dashboards, and SLO gates.
+ *
+ * `output` is the typed stage payload; consumers MUST treat it as immutable.
+ */
+export interface GovernanceStageResult<T = unknown> {
+    stageId: GovernanceStageId;
+    status: GovernanceStageStatus;
+    /** Stage output. `null` when status is 'failed' or 'skipped'. */
+    output: T | null;
+    metrics: GovernanceStageMetrics;
+    replay: GovernanceStageReplayMetadata;
+    failure?: GovernanceStageFailure;
+    /** Stage-emitted observability notes (PII-free, bounded). */
+    notes?: string[];
+}
+/**
+ * Compact, replay-friendly summary of a stage. Embedded into telemetry and the
+ * pipeline-level summary surface.
+ */
+export interface GovernanceStageSummary {
+    stageId: GovernanceStageId;
+    status: GovernanceStageStatus;
+    determinism: DeterminismClassification;
+    durationMs: number;
+    inputFingerprint?: string;
+    outputFingerprint?: string;
+    dependsOn: GovernanceStageId[];
+    failureCategory?: GovernanceStageFailureCategory;
+}
+/**
+ * Pipeline-level summary. Pinned across replays. The `pipelineFingerprint` is
+ * a stable SHA-256 over the ordered (stageId, outputFingerprint, status) tuple
+ * and is independent of `GovernanceVerificationEnvelope.replayChecksum`.
+ */
+export interface GovernancePipelineSummary {
+    schemaVersion: typeof GOVERNANCE_PIPELINE_SCHEMA_VERSION;
+    pipelineFingerprint: string;
+    stages: GovernanceStageSummary[];
+    totalDurationMs: number;
+    degradedStages: GovernanceStageId[];
+    failedStages: GovernanceStageId[];
+}
+export declare const GOVERNANCE_PIPELINE_SCHEMA_VERSION: "2026-05-14.1";
+/**
+ * Type guard: is the given string a known stage identifier?
+ */
+export declare function isGovernanceStageId(value: string): value is GovernanceStageId;
+/**
+ * Canonical execution order. Mirror of the union above — exported as a runtime
+ * value for iteration, indexing, and stage-ordering invariants.
+ */
+export declare const GOVERNANCE_STAGE_ORDER: readonly GovernanceStageId[];
+//# sourceMappingURL=pipeline.d.ts.map

package/dist/verification/pipeline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../src/verification/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE5D;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GACzB,oBAAoB,GACpB,WAAW,GACX,aAAa,GACb,iBAAiB,GACjB,mBAAmB,GACnB,qBAAqB,GACrB,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,mBAAmB,GACnB,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,GACjB,gBAAgB,GAChB,sBAAsB,GACtB,uBAAuB,GACvB,kBAAkB,GAClB,gCAAgC,GAChC,qBAAqB,GACrB,mBAAmB,GACnB,YAAY,GACZ,kBAAkB,CAAC;AAEvB;;;GAGG;AACH,MAAM,MAAM,qBAAqB,GAAG,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEpF;;GAEG;AACH,MAAM,MAAM,8BAA8B,GACtC,SAAS,GACT,WAAW,GACX,qBAAqB,GACrB,qBAAqB,GACrB,sBAAsB,CAAC;AAE3B,MAAM,WAAW,sBAAsB;IACrC,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IACnB,yFAAyF;IACzF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0FAA0F;IAC1F,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,iBAAiB,CAAC;IAC3B,2GAA2G;IAC3G,WAAW,EAAE,yBAAyB,CAAC;IACvC,iFAAiF;IACjF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kFAAkF;IAClF,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,+EAA+E;IAC/E,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,+EAA+E;IAC/E,SAAS,EAAE,MAAM,CAAC;IAClB,gFAAgF;IAChF,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,8BAA8B,CAAC;IACzC,gEAAgE;IAChE,OAAO,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,qFAAqF;IACrF,cAAc,EAAE,OAAO,CAAC;IACxB,mEAAmE;IACnE,QAAQ,EAAE,OAAO,CAAC;IAClB,uFAAuF;IACvF,YAAY,EAAE,iBAAiB,EAAE,CAAC;CACnC;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB,CAAC,CAAC,GAAG,OAAO;IAChD,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,qBAAqB,CAAC;IAC9B,iEAAiE;IACjE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACjB,OAAO,EAAE,sBAAsB,CAAC;IAChC,MAAM,EAAE,6BAA6B,CAAC;IACtC,OAAO,CAAC,EAAE,sBAAsB,CAAC;IACjC,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,qBAAqB,CAAC;IAC9B,WAAW,EAAE,yBAAyB,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,8BAA8B,CAAC;CAClD;AAED;;;;GAIG;AACH,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,OAAO,kCAAkC,CAAC;IACzD,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAC;IACpC,YAAY,EAAE,iBAAiB,EAAE,CAAC;CACnC;AAED,eAAO,MAAM,kCAAkC,EAAG,cAAuB,CAAC;AAE1E;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,iBAAiB,CAE7E;AAED;;;GAGG;AACH,eAAO,MAAM,sBAAsB,EAAE,SAAS,iBAAiB,EAuBrD,CAAC"}

package/dist/verification/pipeline.js

@@ -0,0 +1,57 @@
+"use strict";
+/**
+ * Canonical Governance Pipeline Contracts
+ * ----------------------------------------
+ * Shared, immutable types describing the staged decomposition of the verify runtime.
+ *
+ * These contracts are ADDITIVE. They do not replace, mutate, or re-encode the canonical
+ * governance envelope (`GovernanceVerificationEnvelope`), the finding identity scheme,
+ * or the replay checksum. Stage metadata flows alongside the envelope as an
+ * out-of-band observability + replay-reconstruction surface.
+ *
+ * Design invariants:
+ *   - Stage IDs are a closed set. Adding a new stage requires bumping the schema version.
+ *   - Stage metadata never carries excerpts, file content, or PII.
+ *   - Stage fingerprints are computed from stable identifiers — never wall-clock timestamps.
+ *   - A stage's `replay.outputFingerprint` is independent of `replayChecksum`; the two
+ *     are consistent but serve different audiences (stage lineage vs. envelope identity).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GOVERNANCE_STAGE_ORDER = exports.GOVERNANCE_PIPELINE_SCHEMA_VERSION = void 0;
+exports.isGovernanceStageId = isGovernanceStageId;
+exports.GOVERNANCE_PIPELINE_SCHEMA_VERSION = '2026-05-14.1';
+/**
+ * Type guard: is the given string a known stage identifier?
+ */
+function isGovernanceStageId(value) {
+    return exports.GOVERNANCE_STAGE_ORDER.includes(value);
+}
+/**
+ * Canonical execution order. Mirror of the union above — exported as a runtime
+ * value for iteration, indexing, and stage-ordering invariants.
+ */
+exports.GOVERNANCE_STAGE_ORDER = [
+    'diff-normalization',
+    'plan-sync',
+    'policy-lock',
+    'compiled-policy',
+    'policy-exceptions',
+    'structural-analysis',
+    'runtime-guard',
+    'intent-evaluation',
+    'semantic-analysis',
+    'policy-evaluation',
+    'suppression-evaluation',
+    'advisory-signals',
+    'change-contract',
+    'ai-debt-budget',
+    'governance-synthesis',
+    'provenance-generation',
+    'replay-integrity',
+    'remediation-export-preparation',
+    'evidence-generation',
+    'telemetry-harvest',
+    'ci-shaping',
+    'output-rendering',
+];
+//# sourceMappingURL=pipeline.js.map

package/dist/verification/pipeline.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pipeline.js","sourceRoot":"","sources":["../../src/verification/pipeline.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;AAuJH,kDAEC;AAPY,QAAA,kCAAkC,GAAG,cAAuB,CAAC;AAE1E;;GAEG;AACH,SAAgB,mBAAmB,CAAC,KAAa;IAC/C,OAAO,8BAAsB,CAAC,QAAQ,CAAC,KAA0B,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACU,QAAA,sBAAsB,GAAiC;IAClE,oBAAoB;IACpB,WAAW;IACX,aAAa;IACb,iBAAiB;IACjB,mBAAmB;IACnB,qBAAqB;IACrB,eAAe;IACf,mBAAmB;IACnB,mBAAmB;IACnB,mBAAmB;IACnB,wBAAwB;IACxB,kBAAkB;IAClB,iBAAiB;IACjB,gBAAgB;IAChB,sBAAsB;IACtB,uBAAuB;IACvB,kBAAkB;IAClB,gCAAgC;IAChC,qBAAqB;IACrB,mBAAmB;IACnB,YAAY;IACZ,kBAAkB;CACV,CAAC"}

package/dist/verification/taxonomy.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Canonical determinism taxonomy — every governance finding MUST map to exactly one.
+ * Do not blur or infer across these buckets in consumer UIs.
+ */
+export type DeterminismClassification = 'deterministic-structural' | 'deterministic-semantic' | 'heuristic-advisory' | 'llm-assisted-planning';
+export type GovernanceFindingCategory = 'structural' | 'semantic-advisory' | 'policy-engine' | 'governance-constraint' | 'intent-conditioned' | 'flow-connectivity' | 'regression' | 'scope' | 'replay' | 'ci' | 'pilot-metric' | 'workspace-federation';
+export type GovernanceSourceSystem = 'structural-rules' | 'policy-engine' | 'governance-runtime' | 'intent-engine' | 'semantic-index' | 'workspace-federation' | 'replay-runtime' | 'ci-adapter' | 'pilot-metrics';
+export declare const GOVERNANCE_FINDINGS_SCHEMA_VERSION: "2026-05-11.1";
+export declare function isDeterminismClassification(value: string): value is DeterminismClassification;
+//# sourceMappingURL=taxonomy.d.ts.map

package/dist/verification/taxonomy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"taxonomy.d.ts","sourceRoot":"","sources":["../../src/verification/taxonomy.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,yBAAyB,GACjC,0BAA0B,GAC1B,wBAAwB,GACxB,oBAAoB,GACpB,uBAAuB,CAAC;AAE5B,MAAM,MAAM,yBAAyB,GACjC,YAAY,GACZ,mBAAmB,GACnB,eAAe,GACf,uBAAuB,GACvB,oBAAoB,GACpB,mBAAmB,GACnB,YAAY,GACZ,OAAO,GACP,QAAQ,GACR,IAAI,GACJ,cAAc,GACd,sBAAsB,CAAC;AAE3B,MAAM,MAAM,sBAAsB,GAC9B,kBAAkB,GAClB,eAAe,GACf,oBAAoB,GACpB,eAAe,GACf,gBAAgB,GAChB,sBAAsB,GACtB,gBAAgB,GAChB,YAAY,GACZ,eAAe,CAAC;AAEpB,eAAO,MAAM,kCAAkC,EAAG,cAAuB,CAAC;AAE1E,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,yBAAyB,CAO7F"}

package/dist/verification/taxonomy.js

@@ -0,0 +1,16 @@
+"use strict";
+/**
+ * Canonical determinism taxonomy — every governance finding MUST map to exactly one.
+ * Do not blur or infer across these buckets in consumer UIs.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GOVERNANCE_FINDINGS_SCHEMA_VERSION = void 0;
+exports.isDeterminismClassification = isDeterminismClassification;
+exports.GOVERNANCE_FINDINGS_SCHEMA_VERSION = '2026-05-11.1';
+function isDeterminismClassification(value) {
+    return (value === 'deterministic-structural'
+        || value === 'deterministic-semantic'
+        || value === 'heuristic-advisory'
+        || value === 'llm-assisted-planning');
+}
+//# sourceMappingURL=taxonomy.js.map

package/dist/verification/taxonomy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taxonomy.js","sourceRoot":"","sources":["../../src/verification/taxonomy.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAmCH,kEAOC;AATY,QAAA,kCAAkC,GAAG,cAAuB,CAAC;AAE1E,SAAgB,2BAA2B,CAAC,KAAa;IACvD,OAAO,CACL,KAAK,KAAK,0BAA0B;WACjC,KAAK,KAAK,wBAAwB;WAClC,KAAK,KAAK,oBAAoB;WAC9B,KAAK,KAAK,uBAAuB,CACrC,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neurcode-ai/contracts",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Shared JSON contracts for Neurcode CLI, API, action, IDE, and MCP surfaces",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",