@neurcode-ai/contracts 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admission/framing.d.ts +38 -0
- package/dist/admission/framing.d.ts.map +1 -0
- package/dist/admission/framing.js +78 -0
- package/dist/admission/framing.js.map +1 -0
- package/dist/admission/index.d.ts +4 -0
- package/dist/admission/index.d.ts.map +1 -0
- package/dist/admission/index.js +37 -0
- package/dist/admission/index.js.map +1 -0
- package/dist/admission/privacy.d.ts +23 -0
- package/dist/admission/privacy.d.ts.map +1 -0
- package/dist/admission/privacy.js +99 -0
- package/dist/admission/privacy.js.map +1 -0
- package/dist/admission/schema.d.ts +277 -0
- package/dist/admission/schema.d.ts.map +1 -0
- package/dist/admission/schema.js +156 -0
- package/dist/admission/schema.js.map +1 -0
- package/dist/index.d.ts +91 -11
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +182 -17
- package/dist/index.js.map +1 -1
- package/dist/intelligence.d.ts +522 -0
- package/dist/intelligence.d.ts.map +1 -0
- package/dist/intelligence.js +5 -0
- package/dist/intelligence.js.map +1 -0
- package/dist/remediation/capabilities.d.ts +36 -0
- package/dist/remediation/capabilities.d.ts.map +1 -0
- package/dist/remediation/capabilities.js +7 -0
- package/dist/remediation/capabilities.js.map +1 -0
- package/dist/remediation/index.d.ts +5 -0
- package/dist/remediation/index.d.ts.map +1 -0
- package/dist/remediation/index.js +3 -0
- package/dist/remediation/index.js.map +1 -0
- package/dist/remediation/request.d.ts +183 -0
- package/dist/remediation/request.d.ts.map +1 -0
- package/dist/remediation/request.js +15 -0
- package/dist/remediation/request.js.map +1 -0
- package/dist/remediation/response.d.ts +100 -0
- package/dist/remediation/response.d.ts.map +1 -0
- package/dist/remediation/response.js +11 -0
- package/dist/remediation/response.js.map +1 -0
- package/dist/remediation/validation.d.ts +87 -0
- package/dist/remediation/validation.d.ts.map +1 -0
- package/dist/remediation/validation.js +15 -0
- package/dist/remediation/validation.js.map +1 -0
- package/dist/status-vocabulary.d.ts +45 -0
- package/dist/status-vocabulary.d.ts.map +1 -0
- package/dist/status-vocabulary.js +101 -0
- package/dist/status-vocabulary.js.map +1 -0
- package/dist/verification/canonical-finding.d.ts +171 -0
- package/dist/verification/canonical-finding.d.ts.map +1 -0
- package/dist/verification/canonical-finding.js +3 -0
- package/dist/verification/canonical-finding.js.map +1 -0
- package/dist/verification/index.d.ts +6 -0
- package/dist/verification/index.d.ts.map +1 -0
- package/dist/verification/index.js +11 -0
- package/dist/verification/index.js.map +1 -0
- package/dist/verification/pipeline.d.ts +134 -0
- package/dist/verification/pipeline.d.ts.map +1 -0
- package/dist/verification/pipeline.js +57 -0
- package/dist/verification/pipeline.js.map +1 -0
- package/dist/verification/taxonomy.d.ts +10 -0
- package/dist/verification/taxonomy.d.ts.map +1 -0
- package/dist/verification/taxonomy.js +16 -0
- package/dist/verification/taxonomy.js.map +1 -0
- package/package.json +1 -1
- package/src/admission/admission-framing.test.ts +93 -0
- package/src/admission/framing.ts +78 -0
- package/src/admission/index.ts +58 -0
- package/src/admission/privacy.ts +93 -0
- package/src/admission/schema.ts +392 -0
- package/src/index.ts +266 -26
- package/src/intelligence.ts +698 -0
- package/src/remediation/capabilities.ts +53 -0
- package/src/remediation/index.ts +29 -0
- package/src/remediation/request.ts +236 -0
- package/src/remediation/response.ts +129 -0
- package/src/remediation/validation.ts +109 -0
- package/src/status-vocabulary.ts +125 -0
- package/src/verification/canonical-finding.ts +196 -0
- package/src/verification/index.ts +41 -0
- package/src/verification/pipeline.ts +199 -0
- package/src/verification/taxonomy.ts +46 -0
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Runtime Admission — Phase A schema (Provenance Core V1).
|
|
4
|
+
*
|
|
5
|
+
* Source-free, deterministic provenance types shared across CLI, the future
|
|
6
|
+
* OSS advisory Action, and future Enterprise enforcement. Phase A defines the
|
|
7
|
+
* normalized git tree-delta, the governed coverage manifest, the self-attested
|
|
8
|
+
* local artifact, and the consistency decision. No signing, no receipts, no
|
|
9
|
+
* backend, no Action here — those are later phases.
|
|
10
|
+
*
|
|
11
|
+
* Two distinct hashes by design (do not collapse them):
|
|
12
|
+
* - deltaHash: exact, base-specific tree-delta fingerprint (debugging /
|
|
13
|
+
* deterministic reproduction).
|
|
14
|
+
* - coverageSetHash: governed-effect set fingerprint used for squash/rebase-
|
|
15
|
+
* survivable, per-entry subset matching of a PR to sessions.
|
|
16
|
+
*/
|
|
17
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
|
+
exports.GIT_MODE_ABSENT = exports.GIT_MODE_SUBMODULE = exports.GIT_MODE_SYMLINK = exports.GIT_MODE_EXEC = exports.GIT_MODE_BLOB = exports.SELF_ATTESTED_ADMISSION_DISCLAIMER = exports.ADMISSION_CONSISTENCY_DECISION_SCHEMA_VERSION = exports.SELF_ATTESTED_ADMISSION_RECORD_SCHEMA_VERSION = exports.ADMISSION_COVERAGE_MANIFEST_SCHEMA_VERSION = void 0;
|
|
19
|
+
exports.objectIdHexLength = objectIdHexLength;
|
|
20
|
+
exports.zeroObjectId = zeroObjectId;
|
|
21
|
+
exports.isZeroObjectId = isZeroObjectId;
|
|
22
|
+
exports.isValidObjectId = isValidObjectId;
|
|
23
|
+
exports.isKnownGitMode = isKnownGitMode;
|
|
24
|
+
exports.objectTypeForMode = objectTypeForMode;
|
|
25
|
+
exports.deltaEntryCanonicalFields = deltaEntryCanonicalFields;
|
|
26
|
+
exports.coverageEntryCanonicalFields = coverageEntryCanonicalFields;
|
|
27
|
+
exports.coverageEntryIdentityKey = coverageEntryIdentityKey;
|
|
28
|
+
exports.isGovernedClassification = isGovernedClassification;
|
|
29
|
+
exports.isStrictlyAdmissible = isStrictlyAdmissible;
|
|
30
|
+
exports.isAdmissibleClassification = isAdmissibleClassification;
|
|
31
|
+
exports.ADMISSION_COVERAGE_MANIFEST_SCHEMA_VERSION = 'neurcode.admission-coverage.v1';
|
|
32
|
+
exports.SELF_ATTESTED_ADMISSION_RECORD_SCHEMA_VERSION = 'neurcode.admission-record.v1';
|
|
33
|
+
exports.ADMISSION_CONSISTENCY_DECISION_SCHEMA_VERSION = 'neurcode.admission-consistency.v1';
|
|
34
|
+
/**
|
|
35
|
+
* Mandatory honesty label. A locally committed artifact is authored by the same
|
|
36
|
+
* untrusted principal who authored the diff, so it can be fabricated with
|
|
37
|
+
* matching object ids. It is a claim, never proof.
|
|
38
|
+
*/
|
|
39
|
+
exports.SELF_ATTESTED_ADMISSION_DISCLAIMER = 'Self-attested by the local Neurcode runtime: a source-free claim that a governed ' +
|
|
40
|
+
'session produced these effects. This is NOT cryptographic proof that governance ran. ' +
|
|
41
|
+
'Enterprise enforcement requires a backend-anchored signed receipt.';
|
|
42
|
+
/** Canonical git file modes used by this contract. */
|
|
43
|
+
exports.GIT_MODE_BLOB = '100644';
|
|
44
|
+
exports.GIT_MODE_EXEC = '100755';
|
|
45
|
+
exports.GIT_MODE_SYMLINK = '120000';
|
|
46
|
+
exports.GIT_MODE_SUBMODULE = '160000';
|
|
47
|
+
exports.GIT_MODE_ABSENT = '000000';
|
|
48
|
+
const KNOWN_MODES = new Set([
|
|
49
|
+
exports.GIT_MODE_BLOB,
|
|
50
|
+
exports.GIT_MODE_EXEC,
|
|
51
|
+
exports.GIT_MODE_SYMLINK,
|
|
52
|
+
exports.GIT_MODE_SUBMODULE,
|
|
53
|
+
exports.GIT_MODE_ABSENT,
|
|
54
|
+
]);
|
|
55
|
+
// ── Pure helpers (no crypto, no IO) ─────────────────────────────────────────
|
|
56
|
+
function objectIdHexLength(format) {
|
|
57
|
+
return format === 'sha256' ? 64 : 40;
|
|
58
|
+
}
|
|
59
|
+
function zeroObjectId(format) {
|
|
60
|
+
return '0'.repeat(objectIdHexLength(format));
|
|
61
|
+
}
|
|
62
|
+
function isZeroObjectId(objectId) {
|
|
63
|
+
return /^0+$/.test(objectId);
|
|
64
|
+
}
|
|
65
|
+
function isValidObjectId(objectId, format) {
|
|
66
|
+
const len = objectIdHexLength(format);
|
|
67
|
+
return new RegExp(`^[0-9a-f]{${len}}$`).test(objectId);
|
|
68
|
+
}
|
|
69
|
+
function isKnownGitMode(mode) {
|
|
70
|
+
return KNOWN_MODES.has(mode);
|
|
71
|
+
}
|
|
72
|
+
function objectTypeForMode(mode) {
|
|
73
|
+
switch (mode) {
|
|
74
|
+
case exports.GIT_MODE_SUBMODULE:
|
|
75
|
+
return 'submodule';
|
|
76
|
+
case exports.GIT_MODE_SYMLINK:
|
|
77
|
+
return 'symlink';
|
|
78
|
+
case exports.GIT_MODE_BLOB:
|
|
79
|
+
case exports.GIT_MODE_EXEC:
|
|
80
|
+
return 'blob';
|
|
81
|
+
case exports.GIT_MODE_ABSENT:
|
|
82
|
+
return 'absent';
|
|
83
|
+
default:
|
|
84
|
+
throw new Error(`admission: unsupported git mode "${mode}"`);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Canonical, ordered field list for a delta entry. The field ORDER is part of
|
|
89
|
+
* the hashing contract and must never be reordered.
|
|
90
|
+
*/
|
|
91
|
+
function deltaEntryCanonicalFields(entry) {
|
|
92
|
+
return [
|
|
93
|
+
entry.path,
|
|
94
|
+
entry.changeType,
|
|
95
|
+
entry.objectType,
|
|
96
|
+
entry.oldMode,
|
|
97
|
+
entry.newMode,
|
|
98
|
+
entry.oldObjectId,
|
|
99
|
+
entry.newObjectId,
|
|
100
|
+
];
|
|
101
|
+
}
|
|
102
|
+
/**
|
|
103
|
+
* Canonical, ordered identity field list for a coverage entry.
|
|
104
|
+
*
|
|
105
|
+
* Identity per the matching contract:
|
|
106
|
+
* present (added/modified/typechanged) → path + newMode + newObjectId
|
|
107
|
+
* deleted → path + oldMode + oldObjectId
|
|
108
|
+
*
|
|
109
|
+
* `mode`/`objectId` already hold the correct side. `changeType` collapses to a
|
|
110
|
+
* single present/deleted flag so a squash/rebase that reclassifies modified↔added
|
|
111
|
+
* (same resulting content) still matches. `objectType` is derived from `mode` and
|
|
112
|
+
* is excluded. `classification` and `sessions` are annotations and excluded.
|
|
113
|
+
*/
|
|
114
|
+
function coverageEntryCanonicalFields(entry) {
|
|
115
|
+
const presence = entry.changeType === 'deleted' ? 'D' : 'P';
|
|
116
|
+
return [presence, entry.path, entry.mode, entry.objectId];
|
|
117
|
+
}
|
|
118
|
+
/** Stable in-memory identity key for set/union operations (not a security hash). */
|
|
119
|
+
function coverageEntryIdentityKey(entry) {
|
|
120
|
+
return JSON.stringify(coverageEntryCanonicalFields(entry));
|
|
121
|
+
}
|
|
122
|
+
/**
|
|
123
|
+
* Descriptive test: did this effect have ANY governance evidence (pre- or
|
|
124
|
+
* post-write, or generated)? Use this for descriptive surfaces (telemetry,
|
|
125
|
+
* "what did the runtime observe"). It is NOT the admission eligibility test.
|
|
126
|
+
*/
|
|
127
|
+
function isGovernedClassification(classification) {
|
|
128
|
+
return (classification === 'governed_prewrite' ||
|
|
129
|
+
classification === 'observed_postwrite' ||
|
|
130
|
+
classification === 'governed_delete' ||
|
|
131
|
+
classification === 'generated');
|
|
132
|
+
}
|
|
133
|
+
/**
|
|
134
|
+
* Strict runtime admission eligibility. Only pre-write governance is admissible:
|
|
135
|
+
* `governed_prewrite` and `governed_delete`. `observed_postwrite` is visible but
|
|
136
|
+
* NOT admissible (the write was only seen after it happened). `generated` is
|
|
137
|
+
* admissible only when `allowGenerated` is explicitly set by policy.
|
|
138
|
+
*/
|
|
139
|
+
function isStrictlyAdmissible(classification, options = {}) {
|
|
140
|
+
if (classification === 'governed_prewrite' || classification === 'governed_delete')
|
|
141
|
+
return true;
|
|
142
|
+
if (classification === 'generated')
|
|
143
|
+
return options.allowGenerated === true;
|
|
144
|
+
return false;
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Eligibility predicate honoring the requested mode. Strict (default) uses
|
|
148
|
+
* `isStrictlyAdmissible`; descriptive uses `isGovernedClassification`.
|
|
149
|
+
*/
|
|
150
|
+
function isAdmissibleClassification(classification, options = {}) {
|
|
151
|
+
if ((options.mode ?? 'strict') === 'descriptive') {
|
|
152
|
+
return isGovernedClassification(classification);
|
|
153
|
+
}
|
|
154
|
+
return isStrictlyAdmissible(classification, options);
|
|
155
|
+
}
|
|
156
|
+
//# sourceMappingURL=schema.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/admission/schema.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AA4PH,8CAEC;AAED,oCAEC;AAED,wCAEC;AAED,0CAGC;AAED,wCAEC;AAED,8CAcC;AAMD,8DAUC;AAcD,oEAGC;AAGD,4DAEC;AAOD,4DAOC;AAiBD,oDAOC;AAMD,gEAQC;AAvXY,QAAA,0CAA0C,GAAG,gCAAyC,CAAC;AACvF,QAAA,6CAA6C,GAAG,8BAAuC,CAAC;AACxF,QAAA,6CAA6C,GAAG,mCAA4C,CAAC;AAE1G;;;;GAIG;AACU,QAAA,kCAAkC,GAC7C,mFAAmF;IACnF,uFAAuF;IACvF,oEAAoE,CAAC;AA2BvE,sDAAsD;AACzC,QAAA,aAAa,GAAG,QAAiB,CAAC;AAClC,QAAA,aAAa,GAAG,QAAiB,CAAC;AAClC,QAAA,gBAAgB,GAAG,QAAiB,CAAC;AACrC,QAAA,kBAAkB,GAAG,QAAiB,CAAC;AACvC,QAAA,eAAe,GAAG,QAAiB,CAAC;AAEjD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAS;IAClC,qBAAa;IACb,qBAAa;IACb,wBAAgB;IAChB,0BAAkB;IAClB,uBAAe;CAChB,CAAC,CAAC;AAoMH,+EAA+E;AAE/E,SAAgB,iBAAiB,CAAC,MAAuB;IACvD,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AACvC,CAAC;AAED,SAAgB,YAAY,CAAC,MAAuB;IAClD,OAAO,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,cAAc,CAAC,QAAgB;IAC7C,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,eAAe,CAAC,QAAgB,EAAE,MAAuB;IACvE,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACtC,OAAO,IAAI,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAAC,IAAY;IACzC,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,0BAAkB;YACrB,OAAO,WAAW,CAAC;QACrB,KAAK,wBAAgB;YACnB,OAAO,SAAS,CAAC;QACnB,KAAK,qBAAa,CAAC;QACnB,KAAK,qBAAa;YAChB,OAAO,MAAM,CAAC;QAChB,KAAK,uBAAe;YAClB,OAAO,QAAQ,CAAC;QAClB;YACE,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,GAAG,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,KAA0B;IAClE,OAAO;QACL,KAAK,CAAC,IAAI;QACV,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,OAAO;QACb,KAAK,CAAC,OAAO;QACb,KAAK,CAAC,WAAW;QACjB,KAAK,CAAC,WAAW;KAClB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,4BAA4B,CAAC,KAA6B;IACxE,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC5D,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;AAC5D,CAAC;AAED,oFAAoF;AACpF,SAAgB,wBAAwB,CAAC,KAA6B;IACpE,OAAO,IAAI,CAAC,SAAS,CAAC,4BAA4B,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;;;GAIG;AACH,SAAgB,wBAAwB,CAAC,cAA+C;IACtF,OAAO,CACL,cAAc,KAAK,mBAAmB;QACtC,cAAc,KAAK,oBAAoB;QACvC,cAAc,KAAK,iBAAiB;QACpC,cAAc,KAAK,WAAW,CAC/B,CAAC;AACJ,CAAC;AAWD;;;;;GAKG;AACH,SAAgB,oBAAoB,CAClC,cAA+C,EAC/C,UAAuC,EAAE;IAEzC,IAAI,cAAc,KAAK,mBAAmB,IAAI,cAAc,KAAK,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAChG,IAAI,cAAc,KAAK,WAAW;QAAE,OAAO,OAAO,CAAC,cAAc,KAAK,IAAI,CAAC;IAC3E,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CACxC,cAA+C,EAC/C,UAAuC,EAAE;IAEzC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,QAAQ,CAAC,KAAK,aAAa,EAAE,CAAC;QACjD,OAAO,wBAAwB,CAAC,cAAc,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,oBAAoB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,8 +1,22 @@
|
|
|
1
|
-
export declare const CLI_JSON_CONTRACT_VERSION = "2026-
|
|
1
|
+
export declare const CLI_JSON_CONTRACT_VERSION = "2026-05-11";
|
|
2
|
+
/** Compare YYYY-MM-DD contract stamps; returns null when either side is unparsable. */
|
|
3
|
+
export declare function compareCalendarContractVersion(left: string, right: string): number | null;
|
|
4
|
+
export * from './intelligence';
|
|
5
|
+
export * from './status-vocabulary';
|
|
6
|
+
export * from './verification';
|
|
7
|
+
export * from './remediation';
|
|
8
|
+
export * from './admission';
|
|
2
9
|
export declare const RUNTIME_COMPATIBILITY_CONTRACT_ID = "neurcode-runtime-compatibility";
|
|
3
10
|
export declare const RUNTIME_COMPATIBILITY_CONTRACT_VERSION = "2026-04-04";
|
|
4
|
-
export declare const RUNTIME_COMPATIBILITY_MANIFEST_VERSION = "2026-
|
|
11
|
+
export declare const RUNTIME_COMPATIBILITY_MANIFEST_VERSION = "2026-06-02.1";
|
|
5
12
|
export declare const RUNTIME_COMPATIBILITY_MANIFEST_SCHEMA_VERSION = 1;
|
|
13
|
+
/**
|
|
14
|
+
* Runtime Admission contract (Phase A — Provenance Core). Additive: surfaces a
|
|
15
|
+
* version for the self-attested admission artifact + coverage manifest so the
|
|
16
|
+
* future Action and backend can negotiate compatibility. No enforcement yet.
|
|
17
|
+
*/
|
|
18
|
+
export declare const ADMISSION_CONTRACT_ID = "neurcode-runtime-admission";
|
|
19
|
+
export declare const ADMISSION_CONTRACT_VERSION = "2026-06-02";
|
|
6
20
|
export type RuntimeComponent = 'cli' | 'action' | 'api';
|
|
7
21
|
export type RuntimeMinimumPeerVersions = Partial<Record<RuntimeComponent, string>>;
|
|
8
22
|
export interface RuntimeCompatibilityTriplet {
|
|
@@ -17,6 +31,8 @@ export interface RuntimeCompatibilityManifest {
|
|
|
17
31
|
contractId: string;
|
|
18
32
|
runtimeContractVersion: string;
|
|
19
33
|
cliJsonContractVersion: string;
|
|
34
|
+
/** Runtime Admission provenance contract version (additive; Phase A). */
|
|
35
|
+
admissionContractVersion: string;
|
|
20
36
|
minimumPeerVersions: Record<RuntimeComponent, RuntimeMinimumPeerVersions>;
|
|
21
37
|
validatedTriplets: RuntimeCompatibilityTriplet[];
|
|
22
38
|
}
|
|
@@ -26,6 +42,8 @@ export interface RuntimeCompatibilityDescriptor {
|
|
|
26
42
|
runtimeContractVersion: string;
|
|
27
43
|
cliJsonContractVersion: string;
|
|
28
44
|
manifestVersion?: string;
|
|
45
|
+
/** Runtime Admission provenance contract version (additive; optional for legacy peers). */
|
|
46
|
+
admissionContractVersion?: string;
|
|
29
47
|
component: RuntimeComponent;
|
|
30
48
|
componentVersion: string;
|
|
31
49
|
minimumPeerVersions: RuntimeMinimumPeerVersions;
|
|
@@ -51,17 +69,76 @@ export interface CliApplyJsonPayload extends CliContractBase {
|
|
|
51
69
|
writtenFiles: unknown[];
|
|
52
70
|
message: string;
|
|
53
71
|
}
|
|
54
|
-
export
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
72
|
+
export type VerifyVerdict = 'PASS' | 'WARN' | 'FAIL';
|
|
73
|
+
export type VerifySeverity = 'critical' | 'high' | 'warning' | 'info';
|
|
74
|
+
export interface VerifyOutputSummary {
|
|
75
|
+
totalFilesChanged: number;
|
|
76
|
+
totalViolations: number;
|
|
77
|
+
totalWarnings: number;
|
|
78
|
+
totalScopeIssues: number;
|
|
79
|
+
}
|
|
80
|
+
export interface VerifyOutputViolation {
|
|
81
|
+
file: string;
|
|
82
|
+
message: string;
|
|
83
|
+
policy: string;
|
|
84
|
+
severity: VerifySeverity;
|
|
85
|
+
}
|
|
86
|
+
export interface VerifyOutputWarning {
|
|
87
|
+
file: string;
|
|
59
88
|
message: string;
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
89
|
+
policy: string;
|
|
90
|
+
}
|
|
91
|
+
export type VerifyScopeIssuePolicy = 'forbidden' | 'review-required' | 'out-of-scope' | 'generated-code' | 'unscoped';
|
|
92
|
+
export type VerifyScopeIssueBoundaryType = 'sensitive' | 'infra' | 'ci' | 'dependency-manifest' | 'service' | 'module' | 'generated-code' | 'unspecified';
|
|
93
|
+
export type VerifyImportEdgeKind = 'static' | 'relative' | 'dynamic' | 'require' | 'side-effect';
|
|
94
|
+
export type VerifyImportEdgeLanguage = 'python' | 'typescript' | 'javascript';
|
|
95
|
+
/**
|
|
96
|
+
* Discriminator metadata attached to a scope issue when the breach was
|
|
97
|
+
* detected through an import edge rather than a touched file path.
|
|
98
|
+
* Present iff the scope issue originated from `evaluateImportEdgeGovernance`.
|
|
99
|
+
*/
|
|
100
|
+
export interface VerifyOutputImportEdge {
|
|
101
|
+
sourceFile: string;
|
|
102
|
+
sourceLine: number;
|
|
103
|
+
importTarget: string;
|
|
104
|
+
resolvedTargetPath: string;
|
|
105
|
+
resolvedBoundary: string;
|
|
106
|
+
edgeKind: VerifyImportEdgeKind;
|
|
107
|
+
language: VerifyImportEdgeLanguage;
|
|
108
|
+
deterministic: true;
|
|
109
|
+
replayStable: true;
|
|
110
|
+
}
|
|
111
|
+
export interface VerifyOutputScopeIssue {
|
|
112
|
+
file: string;
|
|
113
|
+
message: string;
|
|
114
|
+
/**
|
|
115
|
+
* Severity / governance classification of the scope issue.
|
|
116
|
+
* Optional for backward compatibility with pre-runtime-activation payloads.
|
|
117
|
+
*/
|
|
118
|
+
policy?: VerifyScopeIssuePolicy;
|
|
119
|
+
/**
|
|
120
|
+
* Boundary category this file touched (when known). Optional so legacy
|
|
121
|
+
* payloads remain valid.
|
|
122
|
+
*/
|
|
123
|
+
boundaryType?: VerifyScopeIssueBoundaryType;
|
|
124
|
+
/**
|
|
125
|
+
* Set on issues raised by the deterministic import-edge governance layer
|
|
126
|
+
* (an allowed source file importing from a forbidden boundary).
|
|
127
|
+
*/
|
|
128
|
+
importEdge?: VerifyOutputImportEdge;
|
|
129
|
+
}
|
|
130
|
+
export interface VerifyOutput {
|
|
131
|
+
verdict: VerifyVerdict;
|
|
132
|
+
summary: VerifyOutputSummary;
|
|
133
|
+
violations: VerifyOutputViolation[];
|
|
134
|
+
warnings: VerifyOutputWarning[];
|
|
135
|
+
scopeIssues: VerifyOutputScopeIssue[];
|
|
136
|
+
driftScore?: number;
|
|
137
|
+
/** Canonical governance model (additive; absent in legacy payloads). */
|
|
138
|
+
governanceVerification?: import('./verification').GovernanceVerificationEnvelope;
|
|
139
|
+
governanceFindings?: import('./verification').GovernanceFinding[];
|
|
64
140
|
}
|
|
141
|
+
export type CliVerifyJsonPayload = VerifyOutput;
|
|
65
142
|
export interface CliPromptJsonPayload extends CliContractBase {
|
|
66
143
|
success: boolean;
|
|
67
144
|
planId: string | null;
|
|
@@ -79,6 +156,8 @@ export interface CliContractImportJsonPayload extends CliContractBase {
|
|
|
79
156
|
projectId: string | null;
|
|
80
157
|
parseMode: 'json' | 'text' | null;
|
|
81
158
|
importedFiles: number;
|
|
159
|
+
sourcePath?: string | null;
|
|
160
|
+
autoDetect?: Record<string, unknown> | null;
|
|
82
161
|
warnings: unknown[];
|
|
83
162
|
changeContract?: Record<string, unknown> | null;
|
|
84
163
|
message: string;
|
|
@@ -127,6 +206,7 @@ export declare function evaluateRuntimePeerCompatibility(versions: Record<Runtim
|
|
|
127
206
|
export declare function parseCliPlanJsonPayload(value: unknown, label?: string): CliPlanJsonPayload;
|
|
128
207
|
export declare function parseCliApplyJsonPayload(value: unknown, label?: string): CliApplyJsonPayload;
|
|
129
208
|
export declare function parseCliVerifyJsonPayload(value: unknown, label?: string): CliVerifyJsonPayload;
|
|
209
|
+
export declare function parseVerifyOutput(value: unknown, label?: string): VerifyOutput;
|
|
130
210
|
export declare function parseCliPromptJsonPayload(value: unknown, label?: string): CliPromptJsonPayload;
|
|
131
211
|
export declare function parseCliContractImportJsonPayload(value: unknown, label?: string): CliContractImportJsonPayload;
|
|
132
212
|
export declare function parseCliShipJsonPayload(value: unknown, label?: string): CliShipJsonPayload;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,eAAe,CAAC;AAEtD,uFAAuF;AACvF,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAYzF;AACD,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC;AAC5B,eAAO,MAAM,iCAAiC,mCAAmC,CAAC;AAClF,eAAO,MAAM,sCAAsC,eAAe,CAAC;AACnE,eAAO,MAAM,sCAAsC,iBAAiB,CAAC;AACrE,eAAO,MAAM,6CAA6C,IAAI,CAAC;AAE/D;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,+BAA+B,CAAC;AAClE,eAAO,MAAM,0BAA0B,eAAe,CAAC;AAEvD,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,QAAQ,GAAG,KAAK,CAAC;AAExD,MAAM,MAAM,0BAA0B,GAAG,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;AAEnF,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,SAAS,GAAG,eAAe,GAAG,eAAe,CAAC;IACvD,QAAQ,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,4BAA4B;IAC3C,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,yEAAyE;IACzE,wBAAwB,EAAE,MAAM,CAAC;IACjC,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,EAAE,0BAA0B,CAAC,CAAC;IAC1E,iBAAiB,EAAE,2BAA2B,EAAE,CAAC;CAClD;AAkDD,wBAAgB,+BAA+B,IAAI,4BAA4B,CAc9E;AAED,MAAM,WAAW,8BAA8B;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,2FAA2F;IAC3F,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,gBAAgB,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,0BAA0B,CAAC;CACjD;AAED,MAAM,WAAW,eAAe;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,OAAO,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,EAAE,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AACrD,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;AAEtE,MAAM,WAAW,mBAAmB;IAClC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,sBAAsB,GAAG,WAAW,GAAG,iBAAiB,GAAG,cAAc,GAAG,gBAAgB,GAAG,UAAU,CAAC;AACtH,MAAM,MAAM,4BAA4B,GAAG,WAAW,GAAG,OAAO,GAAG,IAAI,GAAG,qBAAqB,GAAG,SAAS,GAAG,QAAQ,GAAG,gBAAgB,GAAG,aAAa,CAAC;AAE1J,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,aAAa,CAAC;AACjG,MAAM,MAAM,wBAAwB,GAAG,QAAQ,GAAG,YAAY,GAAG,YAAY,CAAC;AAE9E;;;;GAIG;AACH,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,oBAAoB,CAAC;IAC/B,QAAQ,EAAE,wBAAwB,CAAC;IACnC,aAAa,EAAE,IAAI,CAAC;IACpB,YAAY,EAAE,IAAI,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,4BAA4B,CAAC;IAC5C;;;OAGG;IACH,UAAU,CAAC,EAAE,sBAAsB,CAAC;CACrC;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,aAAa,CAAC;IACvB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,UAAU,EAAE,qBAAqB,EAAE,CAAC;IACpC,QAAQ,EAAE,mBAAmB,EAAE,CAAC;IAChC,WAAW,EAAE,sBAAsB,EAAE,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,sBAAsB,CAAC,EAAE,OAAO,gBAAgB,EAAE,8BAA8B,CAAC;IACjF,kBAAkB,CAAC,EAAE,OAAO,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;CACnE;AAED,MAAM,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAEhD,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,4BAA6B,SAAQ,eAAe;IACnE,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5C,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,sBAAuB,SAAQ,eAAe;IAC7D,IAAI,EAAE,OAAO,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,wBAAyB,SAAQ,eAAe;IAC/D,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,mCAAoC,SAAQ,eAAe;IAC1E,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,KAAK,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,8BAA8B,CAAC;CAC/C;AAqID,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASxE;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAI/E;AAED,wBAAgB,+BAA+B,CAC7C,SAAS,EAAE,gBAAgB,EAC3B,IAAI,EAAE,gBAAgB,GACrB,MAAM,GAAG,SAAS,CAEpB;AAED,wBAAgB,kCAAkC,IAAI,MAAM,CAAC,gBAAgB,EAAE,0BAA0B,CAAC,CAMzG;AAED,wBAAgB,mCAAmC,CACjD,SAAS,EAAE,gBAAgB,EAC3B,gBAAgB,EAAE,MAAM,GACvB,8BAA8B,CAWhC;AAED,MAAM,WAAW,6BAA6B;IAC5C,SAAS,EAAE,gBAAgB,CAAC;IAC5B,IAAI,EAAE,gBAAgB,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,oBAAoB,GAAG,uBAAuB,CAAC;CACtD;AAED,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,GAAG,6BAA6B,EAAE,CA6B5H;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAS,GAAG,kBAAkB,CAa1F;AAED,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAU,GAAG,mBAAmB,CAY7F;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAW,GAAG,oBAAoB,CAEhG;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAW,GAAG,YAAY,CA8IhF;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAW,GAAG,oBAAoB,CAahG;AAED,wBAAgB,iCAAiC,CAC/C,KAAK,EAAE,OAAO,EACd,KAAK,SAAoB,GACxB,4BAA4B,CAiC9B;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAS,GAAG,kBAAkB,CAW1F;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAc,GAAG,sBAAsB,CAOvG;AAED,wBAAgB,6BAA6B,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAgB,GAAG,wBAAwB,CAS7G;AAED,wBAAgB,wCAAwC,CACtD,KAAK,EAAE,OAAO,EACd,KAAK,SAA4B,GAChC,mCAAmC,CASrC;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAW,GAAG,oBAAoB,CAehG"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
2
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.RUNTIME_COMPATIBILITY_MANIFEST_SCHEMA_VERSION = exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION = exports.RUNTIME_COMPATIBILITY_CONTRACT_VERSION = exports.RUNTIME_COMPATIBILITY_CONTRACT_ID = exports.CLI_JSON_CONTRACT_VERSION = void 0;
|
|
17
|
+
exports.ADMISSION_CONTRACT_VERSION = exports.ADMISSION_CONTRACT_ID = exports.RUNTIME_COMPATIBILITY_MANIFEST_SCHEMA_VERSION = exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION = exports.RUNTIME_COMPATIBILITY_CONTRACT_VERSION = exports.RUNTIME_COMPATIBILITY_CONTRACT_ID = exports.CLI_JSON_CONTRACT_VERSION = void 0;
|
|
18
|
+
exports.compareCalendarContractVersion = compareCalendarContractVersion;
|
|
4
19
|
exports.getRuntimeCompatibilityManifest = getRuntimeCompatibilityManifest;
|
|
5
20
|
exports.compareSemver = compareSemver;
|
|
6
21
|
exports.isSemverAtLeast = isSemverAtLeast;
|
|
@@ -11,6 +26,7 @@ exports.evaluateRuntimePeerCompatibility = evaluateRuntimePeerCompatibility;
|
|
|
11
26
|
exports.parseCliPlanJsonPayload = parseCliPlanJsonPayload;
|
|
12
27
|
exports.parseCliApplyJsonPayload = parseCliApplyJsonPayload;
|
|
13
28
|
exports.parseCliVerifyJsonPayload = parseCliVerifyJsonPayload;
|
|
29
|
+
exports.parseVerifyOutput = parseVerifyOutput;
|
|
14
30
|
exports.parseCliPromptJsonPayload = parseCliPromptJsonPayload;
|
|
15
31
|
exports.parseCliContractImportJsonPayload = parseCliContractImportJsonPayload;
|
|
16
32
|
exports.parseCliShipJsonPayload = parseCliShipJsonPayload;
|
|
@@ -18,17 +34,47 @@ exports.parseCliShipRunsJsonPayload = parseCliShipRunsJsonPayload;
|
|
|
18
34
|
exports.parseCliShipResumeJsonPayload = parseCliShipResumeJsonPayload;
|
|
19
35
|
exports.parseCliShipAttestationVerifyJsonPayload = parseCliShipAttestationVerifyJsonPayload;
|
|
20
36
|
exports.parseCliCompatJsonPayload = parseCliCompatJsonPayload;
|
|
21
|
-
exports.CLI_JSON_CONTRACT_VERSION = '2026-
|
|
37
|
+
exports.CLI_JSON_CONTRACT_VERSION = '2026-05-11';
|
|
38
|
+
/** Compare YYYY-MM-DD contract stamps; returns null when either side is unparsable. */
|
|
39
|
+
function compareCalendarContractVersion(left, right) {
|
|
40
|
+
const parse = (value) => {
|
|
41
|
+
const match = /^(\d{4}-\d{2}-\d{2})/.exec(value.trim());
|
|
42
|
+
if (!match)
|
|
43
|
+
return null;
|
|
44
|
+
const ms = Date.parse(`${match[1]}T00:00:00.000Z`);
|
|
45
|
+
return Number.isNaN(ms) ? null : ms;
|
|
46
|
+
};
|
|
47
|
+
const leftMs = parse(left);
|
|
48
|
+
const rightMs = parse(right);
|
|
49
|
+
if (leftMs === null || rightMs === null)
|
|
50
|
+
return null;
|
|
51
|
+
if (leftMs === rightMs)
|
|
52
|
+
return 0;
|
|
53
|
+
return leftMs < rightMs ? -1 : 1;
|
|
54
|
+
}
|
|
55
|
+
__exportStar(require("./intelligence"), exports);
|
|
56
|
+
__exportStar(require("./status-vocabulary"), exports);
|
|
57
|
+
__exportStar(require("./verification"), exports);
|
|
58
|
+
__exportStar(require("./remediation"), exports);
|
|
59
|
+
__exportStar(require("./admission"), exports);
|
|
22
60
|
exports.RUNTIME_COMPATIBILITY_CONTRACT_ID = 'neurcode-runtime-compatibility';
|
|
23
61
|
exports.RUNTIME_COMPATIBILITY_CONTRACT_VERSION = '2026-04-04';
|
|
24
|
-
exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION = '2026-
|
|
62
|
+
exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION = '2026-06-02.1';
|
|
25
63
|
exports.RUNTIME_COMPATIBILITY_MANIFEST_SCHEMA_VERSION = 1;
|
|
64
|
+
/**
|
|
65
|
+
* Runtime Admission contract (Phase A — Provenance Core). Additive: surfaces a
|
|
66
|
+
* version for the self-attested admission artifact + coverage manifest so the
|
|
67
|
+
* future Action and backend can negotiate compatibility. No enforcement yet.
|
|
68
|
+
*/
|
|
69
|
+
exports.ADMISSION_CONTRACT_ID = 'neurcode-runtime-admission';
|
|
70
|
+
exports.ADMISSION_CONTRACT_VERSION = '2026-06-02';
|
|
26
71
|
const RUNTIME_COMPATIBILITY_MANIFEST = {
|
|
27
72
|
schemaVersion: exports.RUNTIME_COMPATIBILITY_MANIFEST_SCHEMA_VERSION,
|
|
28
73
|
manifestVersion: exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION,
|
|
29
74
|
contractId: exports.RUNTIME_COMPATIBILITY_CONTRACT_ID,
|
|
30
75
|
runtimeContractVersion: exports.RUNTIME_COMPATIBILITY_CONTRACT_VERSION,
|
|
31
76
|
cliJsonContractVersion: exports.CLI_JSON_CONTRACT_VERSION,
|
|
77
|
+
admissionContractVersion: exports.ADMISSION_CONTRACT_VERSION,
|
|
32
78
|
minimumPeerVersions: {
|
|
33
79
|
cli: {
|
|
34
80
|
action: '0.2.1',
|
|
@@ -48,8 +94,8 @@ const RUNTIME_COMPATIBILITY_MANIFEST = {
|
|
|
48
94
|
id: 'current',
|
|
49
95
|
channel: 'current',
|
|
50
96
|
versions: {
|
|
51
|
-
cli: '0.
|
|
52
|
-
action: '0.2.
|
|
97
|
+
cli: '0.14.0',
|
|
98
|
+
action: '0.2.4',
|
|
53
99
|
api: '0.2.0',
|
|
54
100
|
},
|
|
55
101
|
notes: 'Current release train validated in monorepo CI.',
|
|
@@ -70,6 +116,7 @@ const RUNTIME_MINIMUM_PEER_VERSIONS = RUNTIME_COMPATIBILITY_MANIFEST.minimumPeer
|
|
|
70
116
|
function getRuntimeCompatibilityManifest() {
|
|
71
117
|
return {
|
|
72
118
|
...RUNTIME_COMPATIBILITY_MANIFEST,
|
|
119
|
+
admissionContractVersion: RUNTIME_COMPATIBILITY_MANIFEST.admissionContractVersion,
|
|
73
120
|
minimumPeerVersions: {
|
|
74
121
|
cli: { ...RUNTIME_COMPATIBILITY_MANIFEST.minimumPeerVersions.cli },
|
|
75
122
|
action: { ...RUNTIME_COMPATIBILITY_MANIFEST.minimumPeerVersions.action },
|
|
@@ -136,6 +183,10 @@ function asOptionalString(record, key, label) {
|
|
|
136
183
|
}
|
|
137
184
|
return value;
|
|
138
185
|
}
|
|
186
|
+
function asIntegerNumber(record, key, label) {
|
|
187
|
+
const value = asNumber(record, key, label);
|
|
188
|
+
return Math.max(0, Math.floor(value));
|
|
189
|
+
}
|
|
139
190
|
function asContractVersion(record) {
|
|
140
191
|
const value = record.contractVersion;
|
|
141
192
|
if (value === undefined)
|
|
@@ -175,6 +226,7 @@ function parseRuntimeCompatibilityDescriptor(value, label) {
|
|
|
175
226
|
runtimeContractVersion: asString(record, 'runtimeContractVersion', `${label}.compatibility`),
|
|
176
227
|
cliJsonContractVersion: asString(record, 'cliJsonContractVersion', `${label}.compatibility`),
|
|
177
228
|
manifestVersion: asOptionalString(record, 'manifestVersion', `${label}.compatibility`),
|
|
229
|
+
admissionContractVersion: asOptionalString(record, 'admissionContractVersion', `${label}.compatibility`),
|
|
178
230
|
component: asRuntimeComponent(record, 'component', `${label}.compatibility`),
|
|
179
231
|
componentVersion: asString(record, 'componentVersion', `${label}.compatibility`),
|
|
180
232
|
minimumPeerVersions: parseRuntimeMinimumPeerVersions(record.minimumPeerVersions, `${label}.compatibility`),
|
|
@@ -228,6 +280,7 @@ function buildRuntimeCompatibilityDescriptor(component, componentVersion) {
|
|
|
228
280
|
runtimeContractVersion: exports.RUNTIME_COMPATIBILITY_CONTRACT_VERSION,
|
|
229
281
|
cliJsonContractVersion: exports.CLI_JSON_CONTRACT_VERSION,
|
|
230
282
|
manifestVersion: exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION,
|
|
283
|
+
admissionContractVersion: exports.ADMISSION_CONTRACT_VERSION,
|
|
231
284
|
component,
|
|
232
285
|
componentVersion,
|
|
233
286
|
minimumPeerVersions: { ...RUNTIME_MINIMUM_PEER_VERSIONS[component] },
|
|
@@ -294,21 +347,133 @@ function parseCliApplyJsonPayload(value, label = 'apply') {
|
|
|
294
347
|
};
|
|
295
348
|
}
|
|
296
349
|
function parseCliVerifyJsonPayload(value, label = 'verify') {
|
|
350
|
+
return parseVerifyOutput(value, label);
|
|
351
|
+
}
|
|
352
|
+
function parseVerifyOutput(value, label = 'verify') {
|
|
297
353
|
const record = asRecord(value, label);
|
|
298
|
-
const
|
|
299
|
-
|
|
354
|
+
const verdictRaw = asString(record, 'verdict', label).trim().toUpperCase();
|
|
355
|
+
if (verdictRaw !== 'PASS' && verdictRaw !== 'WARN' && verdictRaw !== 'FAIL') {
|
|
356
|
+
throw new Error(`${label}: expected verdict:"PASS"|"WARN"|"FAIL"`);
|
|
357
|
+
}
|
|
358
|
+
const summaryRecord = asRecord(record.summary, `${label}.summary`);
|
|
359
|
+
const summary = {
|
|
360
|
+
totalFilesChanged: asIntegerNumber(summaryRecord, 'totalFilesChanged', `${label}.summary`),
|
|
361
|
+
totalViolations: asIntegerNumber(summaryRecord, 'totalViolations', `${label}.summary`),
|
|
362
|
+
totalWarnings: asIntegerNumber(summaryRecord, 'totalWarnings', `${label}.summary`),
|
|
363
|
+
totalScopeIssues: asIntegerNumber(summaryRecord, 'totalScopeIssues', `${label}.summary`),
|
|
364
|
+
};
|
|
365
|
+
const violations = asArray(record, 'violations', label).map((entry, index) => {
|
|
366
|
+
const item = asRecord(entry, `${label}.violations[${index}]`);
|
|
367
|
+
const severity = asString(item, 'severity', `${label}.violations[${index}]`).trim().toLowerCase();
|
|
368
|
+
if (severity !== 'critical' && severity !== 'high' && severity !== 'warning' && severity !== 'info') {
|
|
369
|
+
throw new Error(`${label}.violations[${index}]: expected severity:"critical"|"high"|"warning"|"info"`);
|
|
370
|
+
}
|
|
371
|
+
return {
|
|
372
|
+
file: asString(item, 'file', `${label}.violations[${index}]`),
|
|
373
|
+
message: asString(item, 'message', `${label}.violations[${index}]`),
|
|
374
|
+
policy: asString(item, 'policy', `${label}.violations[${index}]`),
|
|
375
|
+
severity,
|
|
376
|
+
};
|
|
377
|
+
});
|
|
378
|
+
const warnings = asArray(record, 'warnings', label).map((entry, index) => {
|
|
379
|
+
const item = asRecord(entry, `${label}.warnings[${index}]`);
|
|
380
|
+
return {
|
|
381
|
+
file: asString(item, 'file', `${label}.warnings[${index}]`),
|
|
382
|
+
message: asString(item, 'message', `${label}.warnings[${index}]`),
|
|
383
|
+
policy: asString(item, 'policy', `${label}.warnings[${index}]`),
|
|
384
|
+
};
|
|
385
|
+
});
|
|
386
|
+
const scopeIssues = asArray(record, 'scopeIssues', label).map((entry, index) => {
|
|
387
|
+
const item = asRecord(entry, `${label}.scopeIssues[${index}]`);
|
|
388
|
+
const issue = {
|
|
389
|
+
file: asString(item, 'file', `${label}.scopeIssues[${index}]`),
|
|
390
|
+
message: asString(item, 'message', `${label}.scopeIssues[${index}]`),
|
|
391
|
+
};
|
|
392
|
+
const rawPolicy = item.policy;
|
|
393
|
+
if (typeof rawPolicy === 'string' && rawPolicy.length > 0) {
|
|
394
|
+
const allowedPolicies = ['forbidden', 'review-required', 'out-of-scope', 'generated-code', 'unscoped'];
|
|
395
|
+
if (allowedPolicies.includes(rawPolicy)) {
|
|
396
|
+
issue.policy = rawPolicy;
|
|
397
|
+
}
|
|
398
|
+
}
|
|
399
|
+
const rawBoundary = item.boundaryType;
|
|
400
|
+
if (typeof rawBoundary === 'string' && rawBoundary.length > 0) {
|
|
401
|
+
const allowedBoundaries = [
|
|
402
|
+
'sensitive', 'infra', 'ci', 'dependency-manifest', 'service', 'module', 'generated-code', 'unspecified',
|
|
403
|
+
];
|
|
404
|
+
if (allowedBoundaries.includes(rawBoundary)) {
|
|
405
|
+
issue.boundaryType = rawBoundary;
|
|
406
|
+
}
|
|
407
|
+
}
|
|
408
|
+
const rawImportEdge = item.importEdge;
|
|
409
|
+
if (rawImportEdge && typeof rawImportEdge === 'object' && !Array.isArray(rawImportEdge)) {
|
|
410
|
+
const edgeRecord = rawImportEdge;
|
|
411
|
+
const allowedEdgeKinds = ['static', 'relative', 'dynamic', 'require', 'side-effect'];
|
|
412
|
+
const allowedEdgeLanguages = ['python', 'typescript', 'javascript'];
|
|
413
|
+
const sourceFile = edgeRecord.sourceFile;
|
|
414
|
+
const importTarget = edgeRecord.importTarget;
|
|
415
|
+
const resolvedTargetPath = edgeRecord.resolvedTargetPath;
|
|
416
|
+
const resolvedBoundary = edgeRecord.resolvedBoundary;
|
|
417
|
+
const sourceLine = edgeRecord.sourceLine;
|
|
418
|
+
const edgeKind = edgeRecord.edgeKind;
|
|
419
|
+
const language = edgeRecord.language;
|
|
420
|
+
if (typeof sourceFile === 'string'
|
|
421
|
+
&& typeof importTarget === 'string'
|
|
422
|
+
&& typeof resolvedTargetPath === 'string'
|
|
423
|
+
&& typeof resolvedBoundary === 'string'
|
|
424
|
+
&& typeof sourceLine === 'number'
|
|
425
|
+
&& Number.isFinite(sourceLine)
|
|
426
|
+
&& typeof edgeKind === 'string'
|
|
427
|
+
&& typeof language === 'string'
|
|
428
|
+
&& allowedEdgeKinds.includes(edgeKind)
|
|
429
|
+
&& allowedEdgeLanguages.includes(language)) {
|
|
430
|
+
issue.importEdge = {
|
|
431
|
+
sourceFile,
|
|
432
|
+
sourceLine,
|
|
433
|
+
importTarget,
|
|
434
|
+
resolvedTargetPath,
|
|
435
|
+
resolvedBoundary,
|
|
436
|
+
edgeKind: edgeKind,
|
|
437
|
+
language: language,
|
|
438
|
+
deterministic: true,
|
|
439
|
+
replayStable: true,
|
|
440
|
+
};
|
|
441
|
+
}
|
|
442
|
+
}
|
|
443
|
+
return issue;
|
|
444
|
+
});
|
|
445
|
+
const driftScoreRaw = record.driftScore;
|
|
446
|
+
const driftScore = driftScoreRaw === undefined
|
|
300
447
|
? undefined
|
|
301
|
-
:
|
|
448
|
+
: (typeof driftScoreRaw === 'number' && Number.isFinite(driftScoreRaw)
|
|
449
|
+
? Math.round(Math.max(0, Math.min(100, driftScoreRaw)))
|
|
450
|
+
: (() => {
|
|
451
|
+
throw new Error(`${label}: expected driftScore:number when present`);
|
|
452
|
+
})());
|
|
453
|
+
const governanceFindingsRaw = record.governanceFindings;
|
|
454
|
+
if (governanceFindingsRaw !== undefined && !Array.isArray(governanceFindingsRaw)) {
|
|
455
|
+
throw new Error(`${label}: expected governanceFindings:array when present`);
|
|
456
|
+
}
|
|
457
|
+
const governanceVerificationRaw = record.governanceVerification;
|
|
458
|
+
if (governanceVerificationRaw !== undefined
|
|
459
|
+
&& (typeof governanceVerificationRaw !== 'object' || governanceVerificationRaw === null || Array.isArray(governanceVerificationRaw))) {
|
|
460
|
+
throw new Error(`${label}: expected governanceVerification:object when present`);
|
|
461
|
+
}
|
|
302
462
|
return {
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
463
|
+
verdict: verdictRaw,
|
|
464
|
+
summary,
|
|
465
|
+
violations,
|
|
466
|
+
warnings,
|
|
467
|
+
scopeIssues,
|
|
468
|
+
...(typeof driftScore === 'number' ? { driftScore } : {}),
|
|
469
|
+
...(governanceFindingsRaw !== undefined
|
|
470
|
+
? { governanceFindings: governanceFindingsRaw }
|
|
471
|
+
: {}),
|
|
472
|
+
...(governanceVerificationRaw !== undefined
|
|
473
|
+
? {
|
|
474
|
+
governanceVerification: governanceVerificationRaw,
|
|
475
|
+
}
|
|
476
|
+
: {}),
|
|
312
477
|
};
|
|
313
478
|
}
|
|
314
479
|
function parseCliPromptJsonPayload(value, label = 'prompt') {
|