@neurcode-ai/contracts 0.1.2 → 0.2.0

package/dist/repo-intelligence-v2.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REPO_INTELLIGENCE_OPERATIONS_SCHEMA_VERSION = exports.REPO_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION = exports.SEMANTIC_ADVISORY_SCHEMA_VERSION = exports.POLICY_EVALUATION_SCHEMA_VERSION = exports.COMPILED_STRUCTURAL_POLICY_SCHEMA_VERSION = exports.PROPOSED_CHANGE_ENVELOPE_SCHEMA_VERSION = exports.REPOSITORY_GRAPH_SCHEMA_VERSION = void 0;
+exports.assertSourceFreeRepoIntelligence = assertSourceFreeRepoIntelligence;
+exports.isRepoIntelligenceEvidence = isRepoIntelligenceEvidence;
+exports.sourceFreePrivacyContract = sourceFreePrivacyContract;
+exports.REPOSITORY_GRAPH_SCHEMA_VERSION = 'neurcode.repository-graph.v2';
+exports.PROPOSED_CHANGE_ENVELOPE_SCHEMA_VERSION = 'neurcode.proposed-change.v2';
+exports.COMPILED_STRUCTURAL_POLICY_SCHEMA_VERSION = 'neurcode.compiled-structural-policy.v2';
+exports.POLICY_EVALUATION_SCHEMA_VERSION = 'neurcode.policy-evaluation.v2';
+exports.SEMANTIC_ADVISORY_SCHEMA_VERSION = 'neurcode.semantic-advisory.v2';
+exports.REPO_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION = 'neurcode.repo-intelligence-evidence.v2';
+exports.REPO_INTELLIGENCE_OPERATIONS_SCHEMA_VERSION = 'neurcode.repo-intelligence-operations.v1';
+const SOURCE_LIKE_KEYS = new Set([
+    'content',
+    'source',
+    'sourcetext',
+    'sourcecode',
+    'diff',
+    'patch',
+    'before',
+    'after',
+    'rawprompt',
+    'rawchat',
+    'terminaloutput',
+    'secret',
+]);
+function normalizedKey(key) {
+    return key.toLowerCase().replace(/[^a-z0-9]/g, '');
+}
+function assertSourceFreeRepoIntelligence(value, path = 'payload') {
+    if (Array.isArray(value)) {
+        value.forEach((item, index) => assertSourceFreeRepoIntelligence(item, `${path}[${index}]`));
+        return;
+    }
+    if (!value || typeof value !== 'object')
+        return;
+    for (const [key, child] of Object.entries(value)) {
+        if (SOURCE_LIKE_KEYS.has(normalizedKey(key))) {
+            throw new Error(`source-like repository intelligence field is not allowed: ${path}.${key}`);
+        }
+        assertSourceFreeRepoIntelligence(child, `${path}.${key}`);
+    }
+}
+function isRepoIntelligenceEvidence(value) {
+    if (!value || typeof value !== 'object' || Array.isArray(value))
+        return false;
+    const record = value;
+    if (record.schemaVersion !== exports.REPO_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION)
+        return false;
+    if (typeof record.evidenceId !== 'string' || typeof record.generatedAt !== 'string')
+        return false;
+    if (!['deterministic', 'backend_signed', 'advisory', 'not_evaluated'].includes(String(record.classification)))
+        return false;
+    if (!['allow', 'warn', 'block', 'not_evaluated'].includes(String(record.verdict)))
+        return false;
+    const enforcement = record.enforcement;
+    if (!enforcement || ![
+        'hard_prewrite', 'cooperative_prewrite', 'supervised_write',
+        'post_write', 'ci_only', 'not_supported',
+    ].includes(String(enforcement.capability)))
+        return false;
+    const graph = record.graph;
+    const policy = record.policy;
+    const privacy = record.privacy;
+    if (!graph || !policy || !privacy)
+        return false;
+    if (!Array.isArray(policy.evaluatedRuleIds) || !Array.isArray(policy.notEvaluatedRuleIds) || !Array.isArray(policy.findings))
+        return false;
+    if (!Array.isArray(record.advisory))
+        return false;
+    if (privacy.sourceUploaded !== false || privacy.sourceStored !== false ||
+        privacy.diffUploaded !== false || privacy.promptUploaded !== false ||
+        privacy.chatUploaded !== false || privacy.rawContentRetained !== false)
+        return false;
+    try {
+        assertSourceFreeRepoIntelligence(value);
+    }
+    catch {
+        return false;
+    }
+    return true;
+}
+function sourceFreePrivacyContract() {
+    return {
+        sourceUploaded: false,
+        sourceStored: false,
+        diffUploaded: false,
+        promptUploaded: false,
+        chatUploaded: false,
+        rawContentRetained: false,
+    };
+}
+//# sourceMappingURL=repo-intelligence-v2.js.map

package/dist/repo-intelligence-v2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repo-intelligence-v2.js","sourceRoot":"","sources":["../src/repo-intelligence-v2.ts"],"names":[],"mappings":";;;AAqrBA,4EAYC;AAED,gEA6BC;AAED,8DASC;AA3uBY,QAAA,+BAA+B,GAAG,8BAAuC,CAAC;AAC1E,QAAA,uCAAuC,GAAG,6BAAsC,CAAC;AACjF,QAAA,yCAAyC,GAAG,wCAAiD,CAAC;AAC9F,QAAA,gCAAgC,GAAG,+BAAwC,CAAC;AAC5E,QAAA,gCAAgC,GAAG,+BAAwC,CAAC;AAC5E,QAAA,yCAAyC,GAAG,wCAAiD,CAAC;AAC9F,QAAA,2CAA2C,GAAG,0CAAmD,CAAC;AA4pB/G,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,SAAS;IACT,QAAQ;IACR,YAAY;IACZ,YAAY;IACZ,MAAM;IACN,OAAO;IACP,QAAQ;IACR,OAAO;IACP,WAAW;IACX,SAAS;IACT,gBAAgB;IAChB,QAAQ;CACT,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,SAAgB,gCAAgC,CAAC,KAAc,EAAE,IAAI,GAAG,SAAS;IAC/E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,gCAAgC,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC;QAC5F,OAAO;IACT,CAAC;IACD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO;IAChD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;QAC5E,IAAI,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,6DAA6D,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;QAC9F,CAAC;QACD,gCAAgC,CAAC,KAAK,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED,SAAgB,0BAA0B,CAAC,KAAc;IACvD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9E,MAAM,MAAM,GAAG,KAAgC,CAAC;IAChD,IAAI,MAAM,CAAC,aAAa,KAAK,iDAAyC;QAAE,OAAO,KAAK,CAAC;IACrF,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClG,IAAI,CAAC,CAAC,eAAe,EAAE,gBAAgB,EAAE,UAAU,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5H,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAChG,MAAM,WAAW,GAAG,MAAM,CAAC,WAA6C,CAAC;IACzE,IAAI,CAAC,WAAW,IAAI,CAAC;QACnB,eAAe,EAAE,sBAAsB,EAAE,kBAAkB;QAC3D,YAAY,EAAE,SAAS,EAAE,eAAe;KACzC,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAuC,CAAC;IAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAwC,CAAC;IAC/D,MAAM,OAAO,GAAG,MAAM,CAAC,OAAyC,CAAC;IACjE,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3I,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,IACE,OAAO,CAAC,cAAc,KAAK,KAAK,IAAI,OAAO,CAAC,YAAY,KAAK,KAAK;QAClE,OAAO,CAAC,YAAY,KAAK,KAAK,IAAI,OAAO,CAAC,cAAc,KAAK,KAAK;QAClE,OAAO,CAAC,YAAY,KAAK,KAAK,IAAI,OAAO,CAAC,kBAAkB,KAAK,KAAK;QACtE,OAAO,KAAK,CAAC;IACf,IAAI,CAAC;QACH,gCAAgC,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,yBAAyB;IACvC,OAAO;QACL,cAAc,EAAE,KAAK;QACrB,YAAY,EAAE,KAAK;QACnB,YAAY,EAAE,KAAK;QACnB,cAAc,EAAE,KAAK;QACrB,YAAY,EAAE,KAAK;QACnB,kBAAkB,EAAE,KAAK;KAC1B,CAAC;AACJ,CAAC"}

package/dist/status-vocabulary.d.ts

@@ -0,0 +1,45 @@
+export declare const STATUS_VOCABULARY_VERSION = "neurcode.status.v1";
+export declare const STATUS_TERMS: {
+    readonly verificationComplete: "Verification Complete";
+    readonly safePatchApplied: "Safe Patch Applied";
+    readonly patchRejected: "Patch Rejected";
+    readonly rollbackAvailable: "Rollback Available";
+    readonly rollbackApplied: "Rollback Applied";
+    readonly replayAvailable: "Replay Available";
+    readonly evidenceGenerated: "Evidence Generated";
+    readonly manualReviewRecommended: "Manual Review Recommended";
+    readonly filesystemChangedSincePreview: "Filesystem Changed Since Preview";
+    readonly transactionVerified: "Transaction Verified";
+    readonly retrySafe: "Retry Safe";
+};
+export type StatusTermKey = keyof typeof STATUS_TERMS;
+export type SeverityLabel = 'critical' | 'blocking' | 'high' | 'advisory' | 'medium' | 'warning' | 'low' | 'info';
+export declare const SEVERITY_LABELS: Record<SeverityLabel, string>;
+export type VerificationSummaryState = 'clean' | 'issues' | 'partial' | 'failed';
+export declare const VERIFICATION_SUMMARY_LABELS: Record<VerificationSummaryState, string>;
+export type PatchState = 'applied' | 'partial' | 'rejected' | 'stale_preview' | 'filesystem_changed_since_preview' | 'rollback_applied' | 'rollback_stale' | 'rollback_rejected';
+export type ConfidenceLabel = 'HIGH' | 'MEDIUM' | 'LOW';
+export declare const CONFIDENCE_LABELS: Record<ConfidenceLabel, string>;
+export declare function statusTerm(key: StatusTermKey): string;
+export declare function severityLabel(severity: SeverityLabel): string;
+export declare function toPatchStateLabel(state: PatchState): string;
+export declare function toRetrySafeMessage(context: string): string;
+export declare function toManualReviewMessage(context: string): string;
+export declare function toVerificationCompleteTitle(confidenceSuffix?: string): string;
+export declare function toVerificationSummaryLabel(state: VerificationSummaryState): string;
+export declare const DAEMON_ERROR_CODES: {
+    readonly badRequest: "daemon.bad_request";
+    readonly unauthorized: "daemon.unauthorized";
+    readonly forbidden: "daemon.forbidden";
+    readonly notFound: "daemon.not_found";
+    readonly routeNotFound: "daemon.route_not_found";
+    readonly timeout: "daemon.timeout";
+    readonly conflict: "daemon.conflict";
+    readonly validationFailed: "daemon.validation_failed";
+    readonly rateLimited: "daemon.rate_limited";
+    readonly internalError: "daemon.internal_error";
+    readonly unknown: "daemon.error";
+};
+export type DaemonErrorCode = typeof DAEMON_ERROR_CODES[keyof typeof DAEMON_ERROR_CODES];
+export declare const ONBOARDING_HINTS: readonly ["Run your first verification", "Review findings", "Preview deterministic patch", "Apply safe patch", "View evidence", "Replay execution history"];
+//# sourceMappingURL=status-vocabulary.d.ts.map

package/dist/status-vocabulary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-vocabulary.d.ts","sourceRoot":"","sources":["../src/status-vocabulary.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,yBAAyB,uBAAuB,CAAC;AAE9D,eAAO,MAAM,YAAY;;;;;;;;;;;;CAYf,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,YAAY,CAAC;AACtD,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,MAAM,GACN,UAAU,GACV,QAAQ,GACR,SAAS,GACT,KAAK,GACL,MAAM,CAAC;AAEX,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CASzD,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,CAAC;AAEjF,eAAO,MAAM,2BAA2B,EAAE,MAAM,CAAC,wBAAwB,EAAE,MAAM,CAKhF,CAAC;AAEF,MAAM,MAAM,UAAU,GAClB,SAAS,GACT,SAAS,GACT,UAAU,GACV,eAAe,GACf,kCAAkC,GAClC,kBAAkB,GAClB,gBAAgB,GAChB,mBAAmB,CAAC;AAExB,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAExD,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,eAAe,EAAE,MAAM,CAI7D,CAAC;AAEF,wBAAgB,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAErD;AAED,wBAAgB,aAAa,CAAC,QAAQ,EAAE,aAAa,GAAG,MAAM,CAE7D;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAU3D;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAE7D;AAED,wBAAgB,2BAA2B,CAAC,gBAAgB,SAAK,GAAG,MAAM,CAEzE;AAED,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,wBAAwB,GAAG,MAAM,CAElF;AAED,eAAO,MAAM,kBAAkB;;;;;;;;;;;;CAYrB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,OAAO,kBAAkB,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAC;AAEzF,eAAO,MAAM,gBAAgB,6JAOnB,CAAC"}

package/dist/status-vocabulary.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ONBOARDING_HINTS = exports.DAEMON_ERROR_CODES = exports.CONFIDENCE_LABELS = exports.VERIFICATION_SUMMARY_LABELS = exports.SEVERITY_LABELS = exports.STATUS_TERMS = exports.STATUS_VOCABULARY_VERSION = void 0;
+exports.statusTerm = statusTerm;
+exports.severityLabel = severityLabel;
+exports.toPatchStateLabel = toPatchStateLabel;
+exports.toRetrySafeMessage = toRetrySafeMessage;
+exports.toManualReviewMessage = toManualReviewMessage;
+exports.toVerificationCompleteTitle = toVerificationCompleteTitle;
+exports.toVerificationSummaryLabel = toVerificationSummaryLabel;
+exports.STATUS_VOCABULARY_VERSION = 'neurcode.status.v1';
+exports.STATUS_TERMS = {
+    verificationComplete: 'Verification Complete',
+    safePatchApplied: 'Safe Patch Applied',
+    patchRejected: 'Patch Rejected',
+    rollbackAvailable: 'Rollback Available',
+    rollbackApplied: 'Rollback Applied',
+    replayAvailable: 'Replay Available',
+    evidenceGenerated: 'Evidence Generated',
+    manualReviewRecommended: 'Manual Review Recommended',
+    filesystemChangedSincePreview: 'Filesystem Changed Since Preview',
+    transactionVerified: 'Transaction Verified',
+    retrySafe: 'Retry Safe',
+};
+exports.SEVERITY_LABELS = {
+    critical: 'Critical',
+    blocking: 'Blocking',
+    high: 'High',
+    advisory: 'Advisory',
+    medium: 'Medium',
+    warning: 'Warning',
+    low: 'Low',
+    info: 'Info',
+};
+exports.VERIFICATION_SUMMARY_LABELS = {
+    clean: exports.STATUS_TERMS.verificationComplete,
+    issues: 'Verification Findings Detected',
+    partial: 'Verification Partially Complete',
+    failed: 'Verification Failed',
+};
+exports.CONFIDENCE_LABELS = {
+    HIGH: 'HIGH confidence',
+    MEDIUM: 'MEDIUM confidence',
+    LOW: 'LOW confidence',
+};
+function statusTerm(key) {
+    return exports.STATUS_TERMS[key];
+}
+function severityLabel(severity) {
+    return exports.SEVERITY_LABELS[severity];
+}
+function toPatchStateLabel(state) {
+    if (state === 'applied')
+        return exports.STATUS_TERMS.safePatchApplied;
+    if (state === 'partial')
+        return `${exports.STATUS_TERMS.safePatchApplied} · ${exports.STATUS_TERMS.manualReviewRecommended}`;
+    if (state === 'stale_preview' || state === 'filesystem_changed_since_preview') {
+        return exports.STATUS_TERMS.filesystemChangedSincePreview;
+    }
+    if (state === 'rollback_applied')
+        return exports.STATUS_TERMS.rollbackApplied;
+    if (state === 'rollback_stale')
+        return `${exports.STATUS_TERMS.patchRejected} · ${exports.STATUS_TERMS.filesystemChangedSincePreview}`;
+    if (state === 'rollback_rejected')
+        return exports.STATUS_TERMS.patchRejected;
+    return exports.STATUS_TERMS.patchRejected;
+}
+function toRetrySafeMessage(context) {
+    return `${context}. ${exports.STATUS_TERMS.retrySafe}.`;
+}
+function toManualReviewMessage(context) {
+    return `${exports.STATUS_TERMS.manualReviewRecommended}: ${context}`;
+}
+function toVerificationCompleteTitle(confidenceSuffix = '') {
+    return `${exports.STATUS_TERMS.verificationComplete}${confidenceSuffix}`;
+}
+function toVerificationSummaryLabel(state) {
+    return exports.VERIFICATION_SUMMARY_LABELS[state];
+}
+exports.DAEMON_ERROR_CODES = {
+    badRequest: 'daemon.bad_request',
+    unauthorized: 'daemon.unauthorized',
+    forbidden: 'daemon.forbidden',
+    notFound: 'daemon.not_found',
+    routeNotFound: 'daemon.route_not_found',
+    timeout: 'daemon.timeout',
+    conflict: 'daemon.conflict',
+    validationFailed: 'daemon.validation_failed',
+    rateLimited: 'daemon.rate_limited',
+    internalError: 'daemon.internal_error',
+    unknown: 'daemon.error',
+};
+exports.ONBOARDING_HINTS = [
+    'Run your first verification',
+    'Review findings',
+    'Preview deterministic patch',
+    'Apply safe patch',
+    'View evidence',
+    'Replay execution history',
+];
+//# sourceMappingURL=status-vocabulary.js.map

package/dist/status-vocabulary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-vocabulary.js","sourceRoot":"","sources":["../src/status-vocabulary.ts"],"names":[],"mappings":";;;AAiEA,gCAEC;AAED,sCAEC;AAED,8CAUC;AAED,gDAEC;AAED,sDAEC;AAED,kEAEC;AAED,gEAEC;AAnGY,QAAA,yBAAyB,GAAG,oBAAoB,CAAC;AAEjD,QAAA,YAAY,GAAG;IAC1B,oBAAoB,EAAE,uBAAuB;IAC7C,gBAAgB,EAAE,oBAAoB;IACtC,aAAa,EAAE,gBAAgB;IAC/B,iBAAiB,EAAE,oBAAoB;IACvC,eAAe,EAAE,kBAAkB;IACnC,eAAe,EAAE,kBAAkB;IACnC,iBAAiB,EAAE,oBAAoB;IACvC,uBAAuB,EAAE,2BAA2B;IACpD,6BAA6B,EAAE,kCAAkC;IACjE,mBAAmB,EAAE,sBAAsB;IAC3C,SAAS,EAAE,YAAY;CACf,CAAC;AAaE,QAAA,eAAe,GAAkC;IAC5D,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,QAAQ,EAAE,UAAU;IACpB,MAAM,EAAE,QAAQ;IAChB,OAAO,EAAE,SAAS;IAClB,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;CACb,CAAC;AAIW,QAAA,2BAA2B,GAA6C;IACnF,KAAK,EAAE,oBAAY,CAAC,oBAAoB;IACxC,MAAM,EAAE,gCAAgC;IACxC,OAAO,EAAE,iCAAiC;IAC1C,MAAM,EAAE,qBAAqB;CAC9B,CAAC;AAcW,QAAA,iBAAiB,GAAoC;IAChE,IAAI,EAAE,iBAAiB;IACvB,MAAM,EAAE,mBAAmB;IAC3B,GAAG,EAAE,gBAAgB;CACtB,CAAC;AAEF,SAAgB,UAAU,CAAC,GAAkB;IAC3C,OAAO,oBAAY,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED,SAAgB,aAAa,CAAC,QAAuB;IACnD,OAAO,uBAAe,CAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED,SAAgB,iBAAiB,CAAC,KAAiB;IACjD,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,oBAAY,CAAC,gBAAgB,CAAC;IAC9D,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,GAAG,oBAAY,CAAC,gBAAgB,MAAM,oBAAY,CAAC,uBAAuB,EAAE,CAAC;IAC7G,IAAI,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,kCAAkC,EAAE,CAAC;QAC9E,OAAO,oBAAY,CAAC,6BAA6B,CAAC;IACpD,CAAC;IACD,IAAI,KAAK,KAAK,kBAAkB;QAAE,OAAO,oBAAY,CAAC,eAAe,CAAC;IACtE,IAAI,KAAK,KAAK,gBAAgB;QAAE,OAAO,GAAG,oBAAY,CAAC,aAAa,MAAM,oBAAY,CAAC,6BAA6B,EAAE,CAAC;IACvH,IAAI,KAAK,KAAK,mBAAmB;QAAE,OAAO,oBAAY,CAAC,aAAa,CAAC;IACrE,OAAO,oBAAY,CAAC,aAAa,CAAC;AACpC,CAAC;AAED,SAAgB,kBAAkB,CAAC,OAAe;IAChD,OAAO,GAAG,OAAO,KAAK,oBAAY,CAAC,SAAS,GAAG,CAAC;AAClD,CAAC;AAED,SAAgB,qBAAqB,CAAC,OAAe;IACnD,OAAO,GAAG,oBAAY,CAAC,uBAAuB,KAAK,OAAO,EAAE,CAAC;AAC/D,CAAC;AAED,SAAgB,2BAA2B,CAAC,gBAAgB,GAAG,EAAE;IAC/D,OAAO,GAAG,oBAAY,CAAC,oBAAoB,GAAG,gBAAgB,EAAE,CAAC;AACnE,CAAC;AAED,SAAgB,0BAA0B,CAAC,KAA+B;IACxE,OAAO,mCAA2B,CAAC,KAAK,CAAC,CAAC;AAC5C,CAAC;AAEY,QAAA,kBAAkB,GAAG;IAChC,UAAU,EAAE,oBAAoB;IAChC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,QAAQ,EAAE,kBAAkB;IAC5B,aAAa,EAAE,wBAAwB;IACvC,OAAO,EAAE,gBAAgB;IACzB,QAAQ,EAAE,iBAAiB;IAC3B,gBAAgB,EAAE,0BAA0B;IAC5C,WAAW,EAAE,qBAAqB;IAClC,aAAa,EAAE,uBAAuB;IACtC,OAAO,EAAE,cAAc;CACf,CAAC;AAIE,QAAA,gBAAgB,GAAG;IAC9B,6BAA6B;IAC7B,iBAAiB;IACjB,6BAA6B;IAC7B,kBAAkB;IAClB,eAAe;IACf,0BAA0B;CAClB,CAAC"}

package/dist/verification/canonical-finding.d.ts

@@ -0,0 +1,171 @@
+import type { DeterminismClassification, GovernanceFindingCategory, GovernanceSourceSystem } from './taxonomy';
+import { GOVERNANCE_FINDINGS_SCHEMA_VERSION } from './taxonomy';
+import type { GovernancePipelineSummary } from './pipeline';
+export type GovernanceSeverity = 'BLOCKING' | 'ADVISORY' | 'INFO';
+export interface GovernanceEvidence {
+    /** Human-readable excerpt (code, diff line, policy excerpt). */
+    excerpt: string;
+    /** Stable machine hint: AST path, regex id, policy rule type, etc. */
+    structuralHint?: string;
+    line?: number;
+    column?: number;
+    filePath?: string;
+}
+export interface GovernanceReplayMetadata {
+    evidenceArtifactRef?: string;
+    executionRecordRef?: string;
+    snapshotIds?: string[];
+    /** True when replay used only immutable artifacts with matching digests. */
+    reconstructedExactly?: boolean;
+    /** Present when bounded degradation occurred (truncation, missing artifact, etc.). */
+    boundedDegradation?: string[];
+}
+export interface GovernanceProvenanceMetadata {
+    runId?: string;
+    planId?: string | null;
+    verificationSource?: string;
+    policyLockFingerprint?: string | null;
+    compiledPolicyFingerprint?: string | null;
+    generatedAt?: string;
+    /**
+     * Canonical pipeline stage that emitted this finding. Additive lineage —
+     * never participates in the finding identity or the replay checksum, but
+     * threads governance computation provenance through to dashboards and audit.
+     */
+    producedByStage?: string;
+}
+export interface GovernanceSuppressionMetadata {
+    suppressed: boolean;
+    directive?: string;
+    exceptionId?: string;
+    reason?: string;
+}
+export interface GovernanceGraphMetadata {
+    edgeVia?: string;
+    fromRepo?: string;
+    toRepo?: string;
+    confidence?: 'high' | 'medium' | 'low';
+    traversalDepth?: number;
+    /** Explicit incompleteness — never omit when graph was capped. */
+    truncated?: boolean;
+    truncationReason?: string;
+}
+export interface GovernanceSemanticMetadata {
+    retrievalMethod?: 'deterministic-graph' | 'deterministic-tfidf' | 'heuristic-expansion';
+    matchedTerms?: string[];
+    tfidfScore?: number;
+    corpusCoverageRatio?: number;
+    indexTruncated?: boolean;
+    documentsIndexed?: number;
+    documentsCap?: number;
+}
+export interface GovernanceStructuralMetadata {
+    ruleId: string;
+    ruleName?: string;
+    policyRef?: string;
+    language?: string;
+    astNodeType?: string;
+}
+/**
+ * Canonical normalized finding — single source of truth across CLI, CI, replay, dashboards.
+ */
+export interface GovernanceFinding {
+    /** Deterministic id: sha256-128 of stable fields, or caller-supplied stable id. */
+    id: string;
+    category: GovernanceFindingCategory;
+    sourceSystem: GovernanceSourceSystem;
+    determinismClassification: DeterminismClassification;
+    severity: GovernanceSeverity;
+    /** 0–1; structural deterministic often 0.85–1.0; heuristics lower. */
+    confidence: number;
+    title: string;
+    evidence: GovernanceEvidence;
+    operationalImplication: string;
+    remediation: string;
+    replayMetadata?: GovernanceReplayMetadata;
+    provenanceMetadata?: GovernanceProvenanceMetadata;
+    suppressionMetadata?: GovernanceSuppressionMetadata;
+    graphMetadata?: GovernanceGraphMetadata;
+    semanticMetadata?: GovernanceSemanticMetadata;
+    structuralMetadata?: GovernanceStructuralMetadata;
+    /**
+     * When multiple raw signals were merged for reviewer compression.
+     * Primary finding keeps merged* fields; sources list contributing ids.
+     */
+    mergedFrom?: string[];
+}
+/**
+ * Replay reconstruction status.
+ *
+ * exact              - checksums match, identical governance output
+ * bounded-degradation - minor mismatch (e.g. missing artifact) but not a hard failure
+ * drift-detected     - HARD FAILURE: same commit + diff + rules produced different output.
+ *                      Checksum mismatch. Must be investigated before any governance trust.
+ */
+export type ReplayReconstructionStatus = 'exact' | 'bounded-degradation' | 'drift-detected';
+/**
+ * Phase 2: Typed drift reason taxonomy for replay integrity analysis.
+ *
+ * Each reason maps to a specific class of replay failure:
+ *   finding-order-drift   - findings appear in different canonical order
+ *   severity-drift        - a finding changed severity between runs
+ *   determinism-drift     - a finding changed determinismClassification
+ *   provenance-drift      - provenance metadata differs between runs
+ *   suppression-drift     - suppression state changed between runs
+ *   checksum-drift        - top-level replayChecksum mismatch (composite signal)
+ *   missing-finding       - finding present in baseline but absent in replay
+ *   extra-finding         - finding present in replay but absent in baseline
+ */
+export type ReplayIntegrityDriftReason = 'finding-order-drift' | 'severity-drift' | 'determinism-drift' | 'provenance-drift' | 'suppression-drift' | 'checksum-drift' | 'missing-finding' | 'extra-finding';
+export interface GovernanceReplayIntegrity {
+    status: ReplayReconstructionStatus;
+    missingArtifacts: string[];
+    provenanceMismatches: string[];
+    graphMismatches: string[];
+    semanticTruncationMismatches: string[];
+    notes: string[];
+    /** Phase 2: Typed drift reasons — empty if status === 'exact'. */
+    driftReasons?: ReplayIntegrityDriftReason[];
+}
+export interface GovernanceVerificationEnvelope {
+    schemaVersion: typeof GOVERNANCE_FINDINGS_SCHEMA_VERSION;
+    generatedAt: string;
+    findings: GovernanceFinding[];
+    /** Count of raw findings folded into merged clusters. */
+    compressedDuplicateCount: number;
+    /**
+     * Phase 6: Total count of cross-source-system duplicates absorbed into
+     * canonical finding identities. Equals compressedDuplicateCount but named
+     * explicitly for telemetry readability.
+     */
+    deduplicatedFindingCount?: number;
+    /**
+     * Phase 2: Count of findings demoted from BLOCKING to ADVISORY because they
+     * exist on unmodified (historical) lines. Visible for CI reporting.
+     */
+    legacyDebtFindingCount?: number;
+    /**
+     * Phase 3: Deterministic replay checksum.
+     * SHA-256 over the canonically sorted finding set (id + severity + determinism + file + line).
+     * Same commit + same diff + same rules MUST produce the same checksum.
+     * A mismatch between two runs with identical inputs indicates replay drift (trust failure).
+     */
+    replayChecksum?: string;
+    replayIntegrity?: GovernanceReplayIntegrity;
+    /** Pilot / operational summary lines (high-signal, not verbose). */
+    reviewerSummary?: string[];
+    /**
+     * Canonical governance pipeline summary — stage execution ledger surface.
+     *
+     * Additive observability. Excluded by design from:
+     *   - `replayChecksum` (computed only from finding-set fields)
+     *   - finding identity (`GovernanceFinding.id`)
+     *   - canonical sort order
+     *
+     * Present when verify ran with the staged pipeline runtime. Consumers
+     * (dashboards, audit replay, SLO gates) read this to explain HOW
+     * governance computation occurred. Absent on legacy / older-CLI envelopes.
+     */
+    pipelineSummary?: GovernancePipelineSummary;
+}
+//# sourceMappingURL=canonical-finding.d.ts.map

package/dist/verification/canonical-finding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-finding.d.ts","sourceRoot":"","sources":["../../src/verification/canonical-finding.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,yBAAyB,EACzB,yBAAyB,EACzB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,kCAAkC,EAAE,MAAM,YAAY,CAAC;AAChE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE5D,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;AAElE,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,OAAO,EAAE,MAAM,CAAC;IAChB,sEAAsE;IACtE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,wBAAwB;IACvC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,4EAA4E;IAC5E,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,sFAAsF;IACtF,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,4BAA4B;IAC3C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,yBAAyB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,6BAA6B;IAC5C,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kEAAkE;IAClE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,0BAA0B;IACzC,eAAe,CAAC,EAAE,qBAAqB,GAAG,qBAAqB,GAAG,qBAAqB,CAAC;IACxF,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,mFAAmF;IACnF,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,yBAAyB,CAAC;IACpC,YAAY,EAAE,sBAAsB,CAAC;IACrC,yBAAyB,EAAE,yBAAyB,CAAC;IACrD,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,sEAAsE;IACtE,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,wBAAwB,CAAC;IAC1C,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD,mBAAmB,CAAC,EAAE,6BAA6B,CAAC;IACpD,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,gBAAgB,CAAC,EAAE,0BAA0B,CAAC;IAC9C,kBAAkB,CAAC,EAAE,4BAA4B,CAAC;IAClD;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,0BAA0B,GAAG,OAAO,GAAG,qBAAqB,GAAG,gBAAgB,CAAC;AAE5F;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,0BAA0B,GAClC,qBAAqB,GACrB,gBAAgB,GAChB,mBAAmB,GACnB,kBAAkB,GAClB,mBAAmB,GACnB,gBAAgB,GAChB,iBAAiB,GACjB,eAAe,CAAC;AAEpB,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,0BAA0B,CAAC;IACnC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,4BAA4B,EAAE,MAAM,EAAE,CAAC;IACvC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,kEAAkE;IAClE,YAAY,CAAC,EAAE,0BAA0B,EAAE,CAAC;CAC7C;AAED,MAAM,WAAW,8BAA8B;IAC7C,aAAa,EAAE,OAAO,kCAAkC,CAAC;IACzD,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,yDAAyD;IACzD,wBAAwB,EAAE,MAAM,CAAC;IACjC;;;;OAIG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,yBAAyB,CAAC;IAC5C,oEAAoE;IACpE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,EAAE,yBAAyB,CAAC;CAC7C"}

package/dist/verification/canonical-finding.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=canonical-finding.js.map

package/dist/verification/canonical-finding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-finding.js","sourceRoot":"","sources":["../../src/verification/canonical-finding.ts"],"names":[],"mappings":""}

package/dist/verification/index.d.ts

@@ -0,0 +1,6 @@
+export type { DeterminismClassification, GovernanceFindingCategory, GovernanceSourceSystem, } from './taxonomy';
+export { GOVERNANCE_FINDINGS_SCHEMA_VERSION, isDeterminismClassification, } from './taxonomy';
+export type { GovernanceEvidence, GovernanceFinding, GovernanceGraphMetadata, GovernanceProvenanceMetadata, GovernanceReplayIntegrity, GovernanceReplayMetadata, GovernanceSemanticMetadata, GovernanceSeverity, GovernanceStructuralMetadata, GovernanceSuppressionMetadata, GovernanceVerificationEnvelope, ReplayIntegrityDriftReason, ReplayReconstructionStatus, } from './canonical-finding';
+export type { GovernancePipelineSummary, GovernanceStageBoundary, GovernanceStageFailure, GovernanceStageFailureCategory, GovernanceStageId, GovernanceStageMetrics, GovernanceStageReplayMetadata, GovernanceStageResult, GovernanceStageStatus, GovernanceStageSummary, } from './pipeline';
+export { GOVERNANCE_PIPELINE_SCHEMA_VERSION, GOVERNANCE_STAGE_ORDER, isGovernanceStageId, } from './pipeline';
+//# sourceMappingURL=index.d.ts.map

package/dist/verification/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,yBAAyB,EACzB,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kCAAkC,EAClC,2BAA2B,GAC5B,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,EACvB,4BAA4B,EAC5B,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,EAC1B,kBAAkB,EAClB,4BAA4B,EAC5B,6BAA6B,EAC7B,8BAA8B,EAC9B,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,yBAAyB,EACzB,uBAAuB,EACvB,sBAAsB,EACtB,8BAA8B,EAC9B,iBAAiB,EACjB,sBAAsB,EACtB,6BAA6B,EAC7B,qBAAqB,EACrB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kCAAkC,EAClC,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,YAAY,CAAC"}

package/dist/verification/index.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isGovernanceStageId = exports.GOVERNANCE_STAGE_ORDER = exports.GOVERNANCE_PIPELINE_SCHEMA_VERSION = exports.isDeterminismClassification = exports.GOVERNANCE_FINDINGS_SCHEMA_VERSION = void 0;
+var taxonomy_1 = require("./taxonomy");
+Object.defineProperty(exports, "GOVERNANCE_FINDINGS_SCHEMA_VERSION", { enumerable: true, get: function () { return taxonomy_1.GOVERNANCE_FINDINGS_SCHEMA_VERSION; } });
+Object.defineProperty(exports, "isDeterminismClassification", { enumerable: true, get: function () { return taxonomy_1.isDeterminismClassification; } });
+var pipeline_1 = require("./pipeline");
+Object.defineProperty(exports, "GOVERNANCE_PIPELINE_SCHEMA_VERSION", { enumerable: true, get: function () { return pipeline_1.GOVERNANCE_PIPELINE_SCHEMA_VERSION; } });
+Object.defineProperty(exports, "GOVERNANCE_STAGE_ORDER", { enumerable: true, get: function () { return pipeline_1.GOVERNANCE_STAGE_ORDER; } });
+Object.defineProperty(exports, "isGovernanceStageId", { enumerable: true, get: function () { return pipeline_1.isGovernanceStageId; } });
+//# sourceMappingURL=index.js.map

package/dist/verification/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/verification/index.ts"],"names":[],"mappings":";;;AAKA,uCAGoB;AAFlB,8HAAA,kCAAkC,OAAA;AAClC,uHAAA,2BAA2B,OAAA;AA6B7B,uCAIoB;AAHlB,8HAAA,kCAAkC,OAAA;AAClC,kHAAA,sBAAsB,OAAA;AACtB,+GAAA,mBAAmB,OAAA"}

package/dist/verification/pipeline.d.ts

@@ -0,0 +1,134 @@
+/**
+ * Canonical Governance Pipeline Contracts
+ * ----------------------------------------
+ * Shared, immutable types describing the staged decomposition of the verify runtime.
+ *
+ * These contracts are ADDITIVE. They do not replace, mutate, or re-encode the canonical
+ * governance envelope (`GovernanceVerificationEnvelope`), the finding identity scheme,
+ * or the replay checksum. Stage metadata flows alongside the envelope as an
+ * out-of-band observability + replay-reconstruction surface.
+ *
+ * Design invariants:
+ *   - Stage IDs are a closed set. Adding a new stage requires bumping the schema version.
+ *   - Stage metadata never carries excerpts, file content, or PII.
+ *   - Stage fingerprints are computed from stable identifiers — never wall-clock timestamps.
+ *   - A stage's `replay.outputFingerprint` is independent of `replayChecksum`; the two
+ *     are consistent but serve different audiences (stage lineage vs. envelope identity).
+ */
+import type { DeterminismClassification } from './taxonomy';
+/**
+ * Closed set of canonical governance pipeline stage identifiers.
+ *
+ * The order of declaration is the canonical execution order. Consumers MUST treat
+ * this list as the authoritative pipeline definition for replay reconstruction
+ * and explainability dashboards.
+ */
+export type GovernanceStageId = 'diff-normalization' | 'plan-sync' | 'policy-lock' | 'compiled-policy' | 'policy-exceptions' | 'structural-analysis' | 'runtime-guard' | 'intent-evaluation' | 'semantic-analysis' | 'policy-evaluation' | 'suppression-evaluation' | 'advisory-signals' | 'change-contract' | 'ai-debt-budget' | 'governance-synthesis' | 'provenance-generation' | 'replay-integrity' | 'remediation-export-preparation' | 'evidence-generation' | 'telemetry-harvest' | 'ci-shaping' | 'output-rendering';
+/**
+ * Terminal state for a stage execution. `degraded` means the stage produced output
+ * but a non-fatal anomaly was observed (e.g. truncation, partial dependency).
+ */
+export type GovernanceStageStatus = 'succeeded' | 'skipped' | 'degraded' | 'failed';
+/**
+ * Stage failure category. Maps to operator-visible runbooks and replay annotations.
+ */
+export type GovernanceStageFailureCategory = 'timeout' | 'exception' | 'invariant-violation' | 'degraded-dependency' | 'aborted-precondition';
+export interface GovernanceStageMetrics {
+    /** Stage wall-clock duration in milliseconds. */
+    durationMs: number;
+    /** Size of the stage input as a stable item count (e.g. diff files, rules). Optional. */
+    inputItemCount?: number;
+    /** Size of the stage output as a stable item count (e.g. findings produced). Optional. */
+    outputItemCount?: number;
+    /** Delta of `process.memoryUsage().heapUsed` across the stage. Optional. */
+    memoryDeltaBytes?: number;
+}
+export interface GovernanceStageReplayMetadata {
+    stageId: GovernanceStageId;
+    /** Determinism classification of the stage itself (matches the most-deterministic finding it can emit). */
+    determinism: DeterminismClassification;
+    /** SHA-256 fingerprint of stage input, computed from stable identifiers only. */
+    inputFingerprint?: string;
+    /** SHA-256 fingerprint of stage output, computed from stable identifiers only. */
+    outputFingerprint?: string;
+    /** Stage IDs whose successful completion was a precondition for this stage. */
+    dependsOn: GovernanceStageId[];
+    /** Stage start time as an ISO-8601 timestamp. NOT included in fingerprints. */
+    startedAt: string;
+    /** Stage finish time as an ISO-8601 timestamp. NOT included in fingerprints. */
+    finishedAt: string;
+}
+export interface GovernanceStageFailure {
+    category: GovernanceStageFailureCategory;
+    /** Stable, PII-free message. Never includes source excerpts. */
+    message: string;
+    /** True when the rest of the pipeline can proceed in a degraded mode. */
+    recoverable: boolean;
+}
+/**
+ * Boundary policy declared by a stage. The pipeline runtime uses this to decide
+ * how to respond to failure (abort vs. degrade) and which stages must run first.
+ */
+export interface GovernanceStageBoundary {
+    /** When true, the stage failing is reported but does NOT abort downstream stages. */
+    isolateFailure: boolean;
+    /** When true, the stage is required for governance correctness. */
+    required: boolean;
+    /** Stage IDs whose successful completion is required before this stage may execute. */
+    dependencies: GovernanceStageId[];
+}
+/**
+ * Single-stage execution receipt. Persisted alongside the canonical envelope and
+ * consumed by replay reconstruction, observability dashboards, and SLO gates.
+ *
+ * `output` is the typed stage payload; consumers MUST treat it as immutable.
+ */
+export interface GovernanceStageResult<T = unknown> {
+    stageId: GovernanceStageId;
+    status: GovernanceStageStatus;
+    /** Stage output. `null` when status is 'failed' or 'skipped'. */
+    output: T | null;
+    metrics: GovernanceStageMetrics;
+    replay: GovernanceStageReplayMetadata;
+    failure?: GovernanceStageFailure;
+    /** Stage-emitted observability notes (PII-free, bounded). */
+    notes?: string[];
+}
+/**
+ * Compact, replay-friendly summary of a stage. Embedded into telemetry and the
+ * pipeline-level summary surface.
+ */
+export interface GovernanceStageSummary {
+    stageId: GovernanceStageId;
+    status: GovernanceStageStatus;
+    determinism: DeterminismClassification;
+    durationMs: number;
+    inputFingerprint?: string;
+    outputFingerprint?: string;
+    dependsOn: GovernanceStageId[];
+    failureCategory?: GovernanceStageFailureCategory;
+}
+/**
+ * Pipeline-level summary. Pinned across replays. The `pipelineFingerprint` is
+ * a stable SHA-256 over the ordered (stageId, outputFingerprint, status) tuple
+ * and is independent of `GovernanceVerificationEnvelope.replayChecksum`.
+ */
+export interface GovernancePipelineSummary {
+    schemaVersion: typeof GOVERNANCE_PIPELINE_SCHEMA_VERSION;
+    pipelineFingerprint: string;
+    stages: GovernanceStageSummary[];
+    totalDurationMs: number;
+    degradedStages: GovernanceStageId[];
+    failedStages: GovernanceStageId[];
+}
+export declare const GOVERNANCE_PIPELINE_SCHEMA_VERSION: "2026-05-14.1";
+/**
+ * Type guard: is the given string a known stage identifier?
+ */
+export declare function isGovernanceStageId(value: string): value is GovernanceStageId;
+/**
+ * Canonical execution order. Mirror of the union above — exported as a runtime
+ * value for iteration, indexing, and stage-ordering invariants.
+ */
+export declare const GOVERNANCE_STAGE_ORDER: readonly GovernanceStageId[];
+//# sourceMappingURL=pipeline.d.ts.map

package/dist/verification/pipeline.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../src/verification/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE5D;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GACzB,oBAAoB,GACpB,WAAW,GACX,aAAa,GACb,iBAAiB,GACjB,mBAAmB,GACnB,qBAAqB,GACrB,eAAe,GACf,mBAAmB,GACnB,mBAAmB,GACnB,mBAAmB,GACnB,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,GACjB,gBAAgB,GAChB,sBAAsB,GACtB,uBAAuB,GACvB,kBAAkB,GAClB,gCAAgC,GAChC,qBAAqB,GACrB,mBAAmB,GACnB,YAAY,GACZ,kBAAkB,CAAC;AAEvB;;;GAGG;AACH,MAAM,MAAM,qBAAqB,GAAG,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEpF;;GAEG;AACH,MAAM,MAAM,8BAA8B,GACtC,SAAS,GACT,WAAW,GACX,qBAAqB,GACrB,qBAAqB,GACrB,sBAAsB,CAAC;AAE3B,MAAM,WAAW,sBAAsB;IACrC,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IACnB,yFAAyF;IACzF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0FAA0F;IAC1F,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,6BAA6B;IAC5C,OAAO,EAAE,iBAAiB,CAAC;IAC3B,2GAA2G;IAC3G,WAAW,EAAE,yBAAyB,CAAC;IACvC,iFAAiF;IACjF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kFAAkF;IAClF,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,+EAA+E;IAC/E,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,+EAA+E;IAC/E,SAAS,EAAE,MAAM,CAAC;IAClB,gFAAgF;IAChF,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,8BAA8B,CAAC;IACzC,gEAAgE;IAChE,OAAO,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,WAAW,EAAE,OAAO,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,qFAAqF;IACrF,cAAc,EAAE,OAAO,CAAC;IACxB,mEAAmE;IACnE,QAAQ,EAAE,OAAO,CAAC;IAClB,uFAAuF;IACvF,YAAY,EAAE,iBAAiB,EAAE,CAAC;CACnC;AAED;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB,CAAC,CAAC,GAAG,OAAO;IAChD,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,qBAAqB,CAAC;IAC9B,iEAAiE;IACjE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACjB,OAAO,EAAE,sBAAsB,CAAC;IAChC,MAAM,EAAE,6BAA6B,CAAC;IACtC,OAAO,CAAC,EAAE,sBAAsB,CAAC;IACjC,6DAA6D;IAC7D,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,iBAAiB,CAAC;IAC3B,MAAM,EAAE,qBAAqB,CAAC;IAC9B,WAAW,EAAE,yBAAyB,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,iBAAiB,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,8BAA8B,CAAC;CAClD;AAED;;;;GAIG;AACH,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,OAAO,kCAAkC,CAAC;IACzD,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,iBAAiB,EAAE,CAAC;IACpC,YAAY,EAAE,iBAAiB,EAAE,CAAC;CACnC;AAED,eAAO,MAAM,kCAAkC,EAAG,cAAuB,CAAC;AAE1E;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,iBAAiB,CAE7E;AAED;;;GAGG;AACH,eAAO,MAAM,sBAAsB,EAAE,SAAS,iBAAiB,EAuBrD,CAAC"}