@neurcode-ai/governance-runtime 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/dist/admission-provenance.d.ts +111 -0
  2. package/dist/admission-provenance.d.ts.map +1 -0
  3. package/dist/admission-provenance.js +735 -0
  4. package/dist/admission-provenance.js.map +1 -0
  5. package/dist/agent-guard-posture.d.ts +40 -0
  6. package/dist/agent-guard-posture.d.ts.map +1 -0
  7. package/dist/agent-guard-posture.js +117 -0
  8. package/dist/agent-guard-posture.js.map +1 -0
  9. package/dist/agent-invocation-observability.d.ts +47 -0
  10. package/dist/agent-invocation-observability.d.ts.map +1 -0
  11. package/dist/agent-invocation-observability.js +229 -0
  12. package/dist/agent-invocation-observability.js.map +1 -0
  13. package/dist/agent-plan.d.ts +119 -0
  14. package/dist/agent-plan.d.ts.map +1 -0
  15. package/dist/agent-plan.js +590 -0
  16. package/dist/agent-plan.js.map +1 -0
  17. package/dist/agent-runtime-adapter.d.ts +69 -0
  18. package/dist/agent-runtime-adapter.d.ts.map +1 -0
  19. package/dist/agent-runtime-adapter.js +274 -0
  20. package/dist/agent-runtime-adapter.js.map +1 -0
  21. package/dist/ai-change-record.d.ts +185 -0
  22. package/dist/ai-change-record.d.ts.map +1 -0
  23. package/dist/ai-change-record.js +580 -0
  24. package/dist/ai-change-record.js.map +1 -0
  25. package/dist/architecture-graph.d.ts +153 -0
  26. package/dist/architecture-graph.d.ts.map +1 -0
  27. package/dist/architecture-graph.js +646 -0
  28. package/dist/architecture-graph.js.map +1 -0
  29. package/dist/architecture-obligations.d.ts +161 -0
  30. package/dist/architecture-obligations.d.ts.map +1 -0
  31. package/dist/architecture-obligations.js +553 -0
  32. package/dist/architecture-obligations.js.map +1 -0
  33. package/dist/index.d.ts +10 -0
  34. package/dist/index.d.ts.map +1 -1
  35. package/dist/index.js +104 -1
  36. package/dist/index.js.map +1 -1
  37. package/dist/profile.d.ts +159 -0
  38. package/dist/profile.d.ts.map +1 -0
  39. package/dist/profile.js +611 -0
  40. package/dist/profile.js.map +1 -0
  41. package/dist/session.d.ts +428 -0
  42. package/dist/session.d.ts.map +1 -0
  43. package/dist/session.js +2206 -0
  44. package/dist/session.js.map +1 -0
  45. package/package.json +13 -2
  46. package/src/constraints.ts +0 -828
  47. package/src/index.test.ts +0 -502
  48. package/src/index.ts +0 -463
  49. package/tsconfig.json +0 -19
package/dist/architecture-graph.d.ts ADDED
@@ -0,0 +1,153 @@
1
+ /**
2
+ * Repository Architecture Graph — V2.
3
+ *
4
+ * Turns the path/owner profile into an architecture-aware model that can reason
5
+ * about module boundaries, ownership, dependency direction, and sensitive
6
+ * surfaces during agentic development.
7
+ *
8
+ * Source-free guarantees:
9
+ * - Import *specifiers* (module strings) may be read locally to infer edges,
10
+ * but raw source, diffs, and file contents are NEVER stored on the graph.
11
+ * The graph holds only module ids, owners, surface tags, and module→module
12
+ * dependency edges — architecture metadata, not code.
13
+ * - Deterministic: same inputs → same `architectureHash`.
14
+ *
15
+ * The extractor + resolver are pure functions so the CLI can read local files,
16
+ * derive specifiers, build edges, and discard the content immediately.
17
+ */
18
+ import { type OwnershipBoundary, type SensitiveBoundary } from './profile';
19
+ import type { ArchitectureObligationCategory, ArchitectureObligationSeverity } from './architecture-obligations';
20
+ export declare const ARCHITECTURE_GRAPH_SCHEMA_VERSION: 2;
21
+ /** Architectural surface kinds a module can expose. */
22
+ export type ArchitectureSurfaceKind = 'auth' | 'security' | 'secrets' | 'crypto' | 'payments' | 'database' | 'migration' | 'public-api';
23
+ export interface ArchitectureModule {
24
+ /** Collapsed module id, e.g. "src/billing" or "packages/cli". */
25
+ id: string;
26
+ /** Glob matching the module's files, e.g. "src/billing/**". */
27
+ glob: string;
28
+ fileCount: number;
29
+ /** CODEOWNERS owners for the module (GitHub last-rule-wins semantics). */
30
+ owners: string[];
31
+ /** Sensitive tags inherited from the profile's sensitive boundaries. */
32
+ sensitiveTags: SensitiveBoundary['tag'][];
33
+ /** Architectural surfaces this module exposes. */
34
+ surfaces: ArchitectureSurfaceKind[];
35
+ /** True when the module is inside an approval-required boundary. */
36
+ approvalRequired: boolean;
37
+ /** Dominant language of the module's files. */
38
+ language: string;
39
+ }
40
+ /** A directed dependency edge: `from` imports `to` (so `to` is upstream). */
41
+ export interface ArchitectureDependencyEdge {
42
+ /** Consumer module id (the importer / downstream module). */
43
+ from: string;
44
+ /** Provider module id (the imported / upstream module). */
45
+ to: string;
46
+ /** Number of resolved import references contributing to this edge. */
47
+ weight: number;
48
+ }
49
+ export interface ArchitectureGraphStats {
50
+ moduleCount: number;
51
+ edgeCount: number;
52
+ analyzedFiles: number;
53
+ resolvedImports: number;
54
+ languages: string[];
55
+ }
56
+ export interface RepoArchitectureGraph {
57
+ schemaVersion: typeof ARCHITECTURE_GRAPH_SCHEMA_VERSION;
58
+ generatedAt: string;
59
+ moduleDepth: number;
60
+ modules: ArchitectureModule[];
61
+ edges: ArchitectureDependencyEdge[];
62
+ stats: ArchitectureGraphStats;
63
+ /** Deterministic fingerprint of modules + edges (source-free). */
64
+ architectureHash: string;
65
+ }
66
+ /** Source-free representation of one file's imports (specifiers only). */
67
+ export interface ModuleImportRecord {
68
+ filePath: string;
69
+ specifiers: string[];
70
+ }
71
+ export interface BuildArchitectureGraphInput {
72
+ /** Repo-relative paths (e.g. from `git ls-files`). */
73
+ paths: string[];
74
+ ownershipBoundaries?: OwnershipBoundary[];
75
+ sensitiveBoundaries?: SensitiveBoundary[];
76
+ approvalRequiredGlobs?: string[];
77
+ /** Per-file import specifiers (read locally, never stored). */
78
+ imports?: ModuleImportRecord[];
79
+ /** Directory depth used to collapse files into modules (default 2). */
80
+ moduleDepth?: number;
81
+ now?: string;
82
+ }
83
+ /**
84
+ * Collapse a file path to a module id using the first `depth` directory
85
+ * segments. Root-level files map to the synthetic module ".".
86
+ *
87
+ * When a repository contains an embedded service/app fixture, preserve the
88
+ * prefix up to a recognizable app root (`src`, `packages`, `services`, etc.)
89
+ * and then apply depth from there. Without this, paths such as
90
+ * `fixtures/demo-svc/src/billing/charge.py` collapse to `fixtures/demo-svc`,
91
+ * mixing billing/auth/migration ownership into one misleading module.
92
+ */
93
+ export declare function moduleIdForPath(filePath: string, depth?: number): string;
94
+ /**
95
+ * Extract import specifiers (module strings) from a single file's content.
96
+ *
97
+ * Returns only the quoted/dotted module specifiers — never source text. The
98
+ * caller reads file content locally and discards it after calling this.
99
+ */
100
+ export declare function extractImportSpecifiers(filePath: string, content: string): string[];
101
+ /**
102
+ * Resolve an import specifier to a repo-relative source file, if it points to a
103
+ * known in-repo module. External packages (e.g. "fastapi", "react") resolve to
104
+ * null and are intentionally excluded from the internal dependency graph.
105
+ */
106
+ export declare function resolveImportSpecifier(fromFile: string, specifier: string, knownPaths: Set<string>): string | null;
107
+ /**
108
+ * Build the deterministic repository architecture graph. Pure and source-free:
109
+ * the only edge inputs are import *specifiers*, and only module→module edges
110
+ * are retained.
111
+ */
112
+ export declare function buildArchitectureGraph(input: BuildArchitectureGraphInput): RepoArchitectureGraph;
113
+ export declare function findModuleForPath(graph: RepoArchitectureGraph, filePath: string): ArchitectureModule | null;
114
+ /** Modules that import the given module (its downstream consumers). */
115
+ export declare function dependentsOf(graph: RepoArchitectureGraph, moduleId: string): string[];
116
+ /** Modules the given module imports (its upstream providers / dependencies). */
117
+ export declare function dependenciesOf(graph: RepoArchitectureGraph, moduleId: string): string[];
118
+ export interface GraphObligationSeed {
119
+ id: string;
120
+ category: ArchitectureObligationCategory;
121
+ title: string;
122
+ description: string;
123
+ severity: ArchitectureObligationSeverity;
124
+ /** Module id this obligation guards. */
125
+ module: string;
126
+ /** Glob used for path-scoped feedback + approval matching. */
127
+ requiredPath: string;
128
+ triggeredBy: string[];
129
+ requiredEvidence: string[];
130
+ surface: ArchitectureSurfaceKind | 'dependency';
131
+ /** How the obligation can be satisfied (source-free). */
132
+ satisfy: {
133
+ /** An active approval covering the module satisfies it. */
134
+ approval: boolean;
135
+ /** Accepted-plan text matching this (case-insensitive) regex satisfies it. */
136
+ planPattern?: string;
137
+ /** A guarded test-path edit within the module satisfies it. */
138
+ moduleTest?: boolean;
139
+ };
140
+ }
141
+ /** Modules considered "in play" for a set of candidate paths/globs. */
142
+ export declare function modulesInPlay(graph: RepoArchitectureGraph, candidatePaths: string[]): ArchitectureModule[];
143
+ /**
144
+ * Derive graph obligation seeds for the modules currently in play. Deterministic
145
+ * and ordered by id.
146
+ */
147
+ export declare function deriveGraphObligationSeeds(args: {
148
+ graph: RepoArchitectureGraph;
149
+ candidatePaths: string[];
150
+ }): GraphObligationSeed[];
151
+ /** True when a graph obligation can be satisfied by editing the module's tests. */
152
+ export declare function isModuleTestSatisfiable(obligationId: string): boolean;
153
+ //# sourceMappingURL=architecture-graph.d.ts.map
package/dist/architecture-graph.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"architecture-graph.d.ts","sourceRoot":"","sources":["../src/architecture-graph.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAiB,KAAK,iBAAiB,EAAE,KAAK,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC1F,OAAO,KAAK,EAAE,8BAA8B,EAAE,8BAA8B,EAAE,MAAM,4BAA4B,CAAC;AAEjH,eAAO,MAAM,iCAAiC,EAAG,CAAU,CAAC;AAE5D,uDAAuD;AACvD,MAAM,MAAM,uBAAuB,GAC/B,MAAM,GACN,UAAU,GACV,SAAS,GACT,QAAQ,GACR,UAAU,GACV,UAAU,GACV,WAAW,GACX,YAAY,CAAC;AAEjB,MAAM,WAAW,kBAAkB;IACjC,iEAAiE;IACjE,EAAE,EAAE,MAAM,CAAC;IACX,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,0EAA0E;IAC1E,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,wEAAwE;IACxE,aAAa,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;IAC1C,kDAAkD;IAClD,QAAQ,EAAE,uBAAuB,EAAE,CAAC;IACpC,oEAAoE;IACpE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,6EAA6E;AAC7E,MAAM,WAAW,0BAA0B;IACzC,6DAA6D;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,EAAE,EAAE,MAAM,CAAC;IACX,sEAAsE;IACtE,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,OAAO,iCAAiC,CAAC;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,KAAK,EAAE,0BAA0B,EAAE,CAAC;IACpC,KAAK,EAAE,sBAAsB,CAAC;IAC9B,kEAAkE;IAClE,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,0EAA0E;AAC1E,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,2BAA2B;IAC1C,sDAAsD;IACtD,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,mBAAmB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC1C,mBAAmB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC1C,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,+DAA+D;IAC/D,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAC/B,uEAAuE;IACvE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAiDD;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,SAAI,GAAG,MAAM,CAsBnE;AAqBD;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAyBnF;AAuCD;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GACtB,MAAM,GAAG,IAAI,CAgDf;AA2ID;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,2BAA2B,GAAG,qBAAqB,CAuGhG;AAID,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,qBAAqB,EAC5B,QAAQ,EAAE,MAAM,GACf,kBAAkB,GAAG,IAAI,CAU3B;AAED,uEAAuE;AACvE,wBAAgB,YAAY,CAAC,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAErF;AAED,gFAAgF;AAChF,wBAAgB,cAAc,CAAC,KAAK,EAAE,qBAAqB,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAEvF;AASD,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,8BAA8B,CAAC;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,8BAA8B,CAAC;IACzC,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,OAAO,EAAE,uBAAuB,GAAG,YAAY,CAAC;IAChD,yDAAyD;IACzD,OAAO,EAAE;QACP,2DAA2D;QAC3D,QAAQ,EAAE,OAAO,CAAC;QAClB,8EAA8E;QAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,+DAA+D;QAC/D,UAAU,CAAC,EAAE,OAAO,CAAC;KACtB,CAAC;CACH;AAqBD,uEAAuE;AACvE,wBAAgB,aAAa,CAC3B,KAAK,EAAE,qBAAqB,EAC5B,cAAc,EAAE,MAAM,EAAE,GACvB,kBAAkB,EAAE,CAMtB;AAOD;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE;IAC/C,KAAK,EAAE,qBAAqB,CAAC;IAC7B,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B,GAAG,mBAAmB,EAAE,CAgHxB;AAED,mFAAmF;AACnF,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAKrE"}