@opensip-tools/fitness 1.0.4

package/dist/framework/abortable-exec.js

@@ -0,0 +1,136 @@
+// @fitness-ignore-file semgrep-scan -- reviewed: pattern justified for this module
+// @fitness-ignore-file error-handling-suite -- catch blocks delegate errors through established patterns
+/**
+ * @fileoverview Abortable command execution for fitness checks
+ *
+ * Provides shell command execution with abort signal and timeout support.
+ * Child processes are properly cleaned up on abort.
+ */
+import { spawn } from 'node:child_process';
+import { SystemError } from '@opensip-tools/core';
+/**
+ * Error thrown when command execution fails
+ */
+class ExecError extends SystemError {
+    stdout;
+    stderr;
+    exitCode;
+    aborted;
+    constructor(message, stdout, stderr, exitCode, aborted) {
+        super(message, { code: 'SYSTEM.FITNESS.EXEC_FAILED' });
+        this.stdout = stdout;
+        this.stderr = stderr;
+        this.exitCode = exitCode;
+        this.aborted = aborted;
+        this.name = 'ExecError';
+    }
+}
+const DEFAULT_MAX_BUFFER_BYTES = 10 * 1024 * 1024; // 10 MB
+/**
+ * Execute a command with abort support.
+ *
+ * @param command - Either a shell command string or an array of [bin, ...args] (no shell).
+ * @throws {SystemError} When the command array is empty
+ * @throws {ExecError} When the child process fails to spawn
+ */
+export function execAbortable(command, options = {}) {
+    const { cwd = process.cwd(), signal, maxBuffer = DEFAULT_MAX_BUFFER_BYTES, env = process.env, timeout, } = options;
+    return new Promise((resolve, reject) => {
+        if (signal?.aborted) {
+            resolve({ stdout: '', stderr: '', exitCode: null, aborted: true });
+            return;
+        }
+        let child;
+        if (typeof command === 'string') {
+            // Shell mode (string command) — callers pass hardcoded commands (e.g., lint/test runners).
+            // Array overload is preferred for untrusted input (no shell, no injection risk).
+            // nosemgrep: javascript.lang.security.audit.spawn-shell-true.spawn-shell-true -- shell=true required for string commands; input is developer-defined check commands, not user input
+            // eslint-disable-next-line sonarjs/os-command -- developer-supplied check command; not user-controllable
+            child = spawn(command, [], {
+                cwd,
+                env,
+                shell: true,
+                stdio: ['pipe', 'pipe', 'pipe'],
+                detached: true,
+            });
+        }
+        else {
+            // Array mode (no shell, safer)
+            if (command.length === 0) {
+                reject(new SystemError('Command array must not be empty', { code: 'SYSTEM.FITNESS.EXEC_EMPTY_COMMAND' }));
+                return;
+            }
+            const [bin, ...args] = command;
+            // @fitness-ignore-next-line no-non-null-assertions -- command length validated above
+            child = spawn(bin ?? '', args, {
+                cwd,
+                env,
+                stdio: ['pipe', 'pipe', 'pipe'],
+                detached: true,
+            });
+        }
+        let stdout = '';
+        let stderr = '';
+        let aborted = false;
+        let timeoutId;
+        child.stdout?.on('data', (data) => {
+            const chunk = data.toString();
+            if (stdout.length + chunk.length <= maxBuffer) {
+                stdout += chunk;
+            }
+        });
+        child.stderr?.on('data', (data) => {
+            const chunk = data.toString();
+            if (stderr.length + chunk.length <= maxBuffer) {
+                stderr += chunk;
+            }
+        });
+        const abortHandler = () => {
+            if (!aborted) {
+                aborted = true;
+                killProcess(child);
+            }
+        };
+        signal?.addEventListener('abort', abortHandler);
+        if (timeout && timeout > 0) {
+            timeoutId = setTimeout(() => {
+                if (!aborted) {
+                    aborted = true;
+                    killProcess(child);
+                }
+            }, timeout);
+        }
+        child.on('close', (code) => {
+            signal?.removeEventListener('abort', abortHandler);
+            if (timeoutId)
+                clearTimeout(timeoutId);
+            resolve({ stdout, stderr, exitCode: code, aborted });
+        });
+        child.on('error', (err) => {
+            signal?.removeEventListener('abort', abortHandler);
+            if (timeoutId)
+                clearTimeout(timeoutId);
+            reject(new ExecError(`Failed to spawn process: ${err.message}`, stdout, stderr, null, aborted));
+        });
+    });
+}
+/**
+ * Kill a child process and all its descendants.
+ */
+function killProcess(child) {
+    if (child.pid) {
+        try {
+            process.kill(-child.pid, 'SIGKILL');
+        }
+        catch {
+            // @swallow-ok Process group kill failed, try direct kill
+            try {
+                child.kill('SIGKILL');
+            }
+            catch {
+                // @swallow-ok Process already exited
+            }
+        }
+    }
+}
+//# sourceMappingURL=abortable-exec.js.map

package/dist/framework/abortable-exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"abortable-exec.js","sourceRoot":"","sources":["../../src/framework/abortable-exec.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,yGAAyG;AACzG;;;;;GAKG;AAEH,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAA;AAE7D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAuBjD;;GAEG;AACH,MAAM,SAAU,SAAQ,WAAW;IAGf;IACA;IACA;IACA;IALlB,YACE,OAAe,EACC,MAAc,EACd,MAAc,EACd,QAAuB,EACvB,OAAgB;QAEhC,KAAK,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC,CAAA;QALtC,WAAM,GAAN,MAAM,CAAQ;QACd,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAe;QACvB,YAAO,GAAP,OAAO,CAAS;QAGhC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAA;IACzB,CAAC;CACF;AAED,MAAM,wBAAwB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAA,CAAC,QAAQ;AAE1D;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAC3B,OAAmC,EACnC,UAAgC,EAAE;IAElC,MAAM,EACJ,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,EACnB,MAAM,EACN,SAAS,GAAG,wBAAwB,EACpC,GAAG,GAAG,OAAO,CAAC,GAAG,EACjB,OAAO,GACR,GAAG,OAAO,CAAA;IAEX,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;YAClE,OAAM;QACR,CAAC;QAED,IAAI,KAAmB,CAAA;QACvB,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,2FAA2F;YAC3F,iFAAiF;YACjF,oLAAoL;YACpL,yGAAyG;YACzG,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,EAAE,EAAE;gBACzB,GAAG;gBACH,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,QAAQ,EAAE,IAAI;aACf,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,WAAW,CAAC,iCAAiC,EAAE,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC,CAAC,CAAA;gBACzG,OAAM;YACR,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAA;YAC9B,qFAAqF;YACrF,KAAK,GAAG,KAAK,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE;gBAC7B,GAAG;gBACH,GAAG;gBACH,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,QAAQ,EAAE,IAAI;aACf,CAAC,CAAA;QACJ,CAAC;QAED,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,OAAO,GAAG,KAAK,CAAA;QACnB,IAAI,SAAqC,CAAA;QAEzC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;YAC7B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAA;YACjB,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;YAC7B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAA;YACjB,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,GAAS,EAAE;YAC9B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAA;gBACd,WAAW,CAAC,KAAK,CAAC,CAAA;YACpB,CAAC;QACH,CAAC,CAAA;QAED,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAE/C,IAAI,OAAO,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAC3B,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,GAAG,IAAI,CAAA;oBACd,WAAW,CAAC,KAAK,CAAC,CAAA;gBACpB,CAAC;YACH,CAAC,EAAE,OAAO,CAAC,CAAA;QACb,CAAC;QAED,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;YACxC,MAAM,EAAE,mBAAmB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YAClD,IAAI,SAAS;gBAAE,YAAY,CAAC,SAAS,CAAC,CAAA;YACtC,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QACtD,CAAC,CAAC,CAAA;QAEF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC/B,MAAM,EAAE,mBAAmB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YAClD,IAAI,SAAS;gBAAE,YAAY,CAAC,SAAS,CAAC,CAAA;YACtC,MAAM,CACJ,IAAI,SAAS,CAAC,4BAA4B,GAAG,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CACxF,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,KAAmB;IACtC,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;YACzD,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,qCAAqC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/framework/ast-utilities.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @fileoverview Shared AST utilities for fitness checks
+ *
+ * Common TypeScript AST operations for source parsing, tree walking,
+ * and node inspection. Used by AST-based fitness checks.
+ */
+import * as ts from 'typescript';
+/**
+ * Parse TypeScript/JavaScript source into an AST SourceFile.
+ * Returns null on parse failure.
+ */
+export declare function parseSource(content: string, filePath: string): ts.SourceFile | null;
+/**
+ * Depth-first walk of all nodes in a SourceFile or subtree.
+ */
+export declare function walkNodes(root: ts.Node, visitor: (node: ts.Node) => void): void;
+/**
+ * Get the leaf identifier text from an expression node.
+ */
+export declare function getIdentifierName(node: ts.Node): string;
+/**
+ * Get the full dotted path of a property access chain.
+ */
+export declare function getPropertyChain(node: ts.Node): string;
+/**
+ * Get the 1-indexed line number for a node.
+ */
+export declare function getLineNumber(node: ts.Node, sourceFile: ts.SourceFile): number;
+/**
+ * Check if a node is a property access matching a specific property name.
+ */
+export declare function isPropertyAccess(node: ts.Node, propertyName: string): boolean;
+/**
+ * Check if a node is a literal value.
+ */
+export declare function isLiteral(node: ts.Node): boolean;
+/**
+ * Check if a node is inside a string literal or template literal.
+ */
+export declare function isInStringLiteral(node: ts.Node): boolean;
+//# sourceMappingURL=ast-utilities.d.ts.map

package/dist/framework/ast-utilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ast-utilities.d.ts","sourceRoot":"","sources":["../../src/framework/ast-utilities.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAA;AAMhC;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,EAAE,CAAC,UAAU,GAAG,IAAI,CAOnF;AAMD;;GAEG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,IAAI,GAAG,IAAI,CAM/E;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,MAAM,CAIvD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,MAAM,CAMtD;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU,GAAG,MAAM,CAG9E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAE7E;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,OAAO,CAQhD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,OAAO,CAaxD"}

package/dist/framework/ast-utilities.js

@@ -0,0 +1,106 @@
+// @fitness-ignore-file batch-operation-limits -- iterates bounded collections (config entries, registry items, or small analysis results)
+/**
+ * @fileoverview Shared AST utilities for fitness checks
+ *
+ * Common TypeScript AST operations for source parsing, tree walking,
+ * and node inspection. Used by AST-based fitness checks.
+ */
+import * as ts from 'typescript';
+// =============================================================================
+// SOURCE PARSING
+// =============================================================================
+/**
+ * Parse TypeScript/JavaScript source into an AST SourceFile.
+ * Returns null on parse failure.
+ */
+export function parseSource(content, filePath) {
+    try {
+        return ts.createSourceFile(filePath, content, ts.ScriptTarget.Latest, true);
+    }
+    catch {
+        // @swallow-ok Parse failure returns null for graceful degradation
+        return null;
+    }
+}
+// =============================================================================
+// TREE WALKING
+// =============================================================================
+/**
+ * Depth-first walk of all nodes in a SourceFile or subtree.
+ */
+export function walkNodes(root, visitor) {
+    function visit(node) {
+        visitor(node);
+        ts.forEachChild(node, visit);
+    }
+    ts.forEachChild(root, visit);
+}
+// =============================================================================
+// NODE INSPECTION
+// =============================================================================
+/**
+ * Get the leaf identifier text from an expression node.
+ */
+export function getIdentifierName(node) {
+    if (ts.isIdentifier(node))
+        return node.text;
+    if (ts.isPropertyAccessExpression(node))
+        return node.name.text;
+    return '';
+}
+/**
+ * Get the full dotted path of a property access chain.
+ */
+export function getPropertyChain(node) {
+    if (ts.isIdentifier(node))
+        return node.text;
+    if (ts.isPropertyAccessExpression(node)) {
+        return `${getPropertyChain(node.expression)}.${node.name.text}`;
+    }
+    return '';
+}
+/**
+ * Get the 1-indexed line number for a node.
+ */
+export function getLineNumber(node, sourceFile) {
+    const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+    return line + 1;
+}
+/**
+ * Check if a node is a property access matching a specific property name.
+ */
+export function isPropertyAccess(node, propertyName) {
+    return ts.isPropertyAccessExpression(node) && node.name.text === propertyName;
+}
+/**
+ * Check if a node is a literal value.
+ */
+export function isLiteral(node) {
+    if (ts.isStringLiteral(node) || ts.isNumericLiteral(node))
+        return true;
+    if (ts.isNoSubstitutionTemplateLiteral(node))
+        return true;
+    if (node.kind === ts.SyntaxKind.TrueKeyword || node.kind === ts.SyntaxKind.FalseKeyword)
+        return true;
+    if (node.kind === ts.SyntaxKind.NullKeyword)
+        return true;
+    if (ts.isIdentifier(node) && node.text === 'undefined')
+        return true;
+    return false;
+}
+/**
+ * Check if a node is inside a string literal or template literal.
+ */
+export function isInStringLiteral(node) {
+    let current = node.parent;
+    while (!ts.isSourceFile(current)) {
+        if (ts.isStringLiteral(current) ||
+            ts.isNoSubstitutionTemplateLiteral(current) ||
+            ts.isTemplateExpression(current)) {
+            return true;
+        }
+        current = current.parent;
+    }
+    return false;
+}
+//# sourceMappingURL=ast-utilities.js.map

package/dist/framework/ast-utilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ast-utilities.js","sourceRoot":"","sources":["../../src/framework/ast-utilities.ts"],"names":[],"mappings":"AAAA,0IAA0I;AAC1I;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,YAAY,CAAA;AAEhC,gFAAgF;AAChF,iBAAiB;AACjB,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAAgB;IAC3D,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC7E,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,eAAe;AACf,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAa,EAAE,OAAgC;IACvE,SAAS,KAAK,CAAC,IAAa;QAC1B,OAAO,CAAC,IAAI,CAAC,CAAA;QACb,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;IAC9B,CAAC;IACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AAC9B,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAA;IAC3C,IAAI,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAA;IAC9D,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAa;IAC5C,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAA;IAC3C,IAAI,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;IACjE,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAa,EAAE,UAAyB;IACpE,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC1E,OAAO,IAAI,GAAG,CAAC,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAa,EAAE,YAAoB;IAClE,OAAO,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,CAAA;AAC/E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,IAAa;IACrC,IAAI,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACtE,IAAI,EAAE,CAAC,+BAA+B,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACzD,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,YAAY;QACrF,OAAO,IAAI,CAAA;IACb,IAAI,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW;QAAE,OAAO,IAAI,CAAA;IACxD,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,IAAI,CAAA;IACnE,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;IACzB,OAAO,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,IACE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC;YAC3B,EAAE,CAAC,+BAA+B,CAAC,OAAO,CAAC;YAC3C,EAAE,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAChC,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAA;IAC1B,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/framework/check-config.d.ts

@@ -0,0 +1,171 @@
+/**
+ * @fileoverview Unified check configuration schema
+ *
+ * Defines the configuration types for fitness checks with three analysis modes:
+ * - analyze: Per-file analysis with content and path
+ * - analyzeAll: Multi-file analysis with lazy loading FileAccessor
+ * - command: External tool execution with output parsing
+ */
+import type { ItemType } from '../types/findings.js';
+/** Type alias for a kebab-case check slug string. */
+type CheckSlug = string;
+/**
+ * Resolved scope with concrete glob patterns for file matching.
+ * Produced by resolving a CheckScope against targets configuration.
+ */
+export interface ResolvedScope {
+    readonly include: readonly string[];
+    readonly exclude: readonly string[];
+    readonly description: string;
+}
+/**
+ * Semantic concern describing what kind of code a check targets.
+ * Used for automatic target matching: a check with `concerns: ['backend']`
+ * matches any target that declares `concerns: ['backend', ...]`.
+ */
+export type CheckConcern = string;
+/**
+ * Language a check is designed for. Used for automatic target matching:
+ * a check with `languages: ['typescript']` matches any target with
+ * `languages: ['typescript', ...]`.
+ */
+export type CheckLanguage = string;
+/**
+ * Portable scope declaration for a fitness check.
+ *
+ * Instead of referencing project-specific target names, checks declare
+ * what kind of code they analyze. The platform matches this intent
+ * against project targets automatically.
+ *
+ * @example
+ * ```typescript
+ * scope: {
+ *   languages: ['typescript'],
+ *   concerns: ['backend', 'server'],
+ * }
+ * ```
+ */
+export interface CheckScope {
+    /** File type affinity — which languages this check analyzes. */
+    readonly languages: readonly CheckLanguage[];
+    /** Semantic hints — what kind of code this check targets. */
+    readonly concerns: readonly CheckConcern[];
+}
+/**
+ * Violation returned by check authors.
+ * This is the simplified shape - the framework converts it to a Signal.
+ */
+export interface CheckViolation {
+    readonly line: number;
+    readonly column?: number;
+    readonly message: string;
+    readonly severity: 'error' | 'warning';
+    readonly suggestion?: string;
+    readonly match?: string;
+    readonly type?: string;
+    readonly filePath?: string;
+    readonly fix?: {
+        readonly action: 'replace' | 'insert' | 'delete' | 'refactor' | 'configure' | 'investigate';
+        readonly replacement?: string;
+        readonly confidence: number;
+    };
+}
+/**
+ * Lazy-loading file accessor for analyzeAll mode.
+ */
+export interface FileAccessor {
+    /** List of matched file paths */
+    readonly paths: readonly string[];
+    /** Read a single file on demand (cached after first read) */
+    read(filePath: string): Promise<string>;
+    /** Read multiple files in batch */
+    readMany(filePaths: readonly string[]): Promise<Map<string, string>>;
+    /** Read all matched files */
+    readAll(): Promise<Map<string, string>>;
+}
+/** Configuration for an external command-based check. */
+export interface CommandConfig {
+    readonly bin: string;
+    readonly args: readonly string[] | ((files: readonly string[]) => readonly string[]);
+    parseOutput(stdout: string, stderr: string, exitCode: number, files: readonly string[], cwd: string): CheckViolation[];
+    readonly expectedExitCodes?: readonly number[];
+}
+/** Common configuration fields shared by all check types. */
+interface BaseCheckConfig {
+    readonly id: string;
+    readonly slug: CheckSlug;
+    readonly description: string;
+    readonly longDescription?: string;
+    readonly tags: readonly string[];
+    readonly docs?: string;
+    readonly timeout?: number;
+    readonly disabled?: boolean;
+    readonly fileTypes?: readonly string[];
+    /** Signal provider name for external tool checks (default: 'opensip') */
+    readonly provider?: string;
+    /** The type of items this check validates (default: 'files'). Used for display in results table. */
+    readonly itemType?: ItemType;
+    /** Portable scope declaration for marketplace-ready target matching. */
+    readonly scope?: CheckScope;
+    /**
+     * Content filtering mode for the analyze() function. Names describe
+     * what the filter strips so rule authors don't have to guess at intent.
+     *
+     * - 'raw' (default): Full file content, unchanged. Use for checks that
+     *   need to analyze string content (e.g., hardcoded secrets, PII detection).
+     * - 'strip-strings': String literals replaced with whitespace,
+     *   preserving line/column positions. COMMENTS PRESERVED — use when
+     *   the check reads comment-based directives like the deprecation
+     *   marker, the swallow-ok marker, or `// @fitness-ignore-...` (we
+     *   don't reference those tag names verbatim in this JSDoc to avoid
+     *   confusing static analyzers).
+     * - 'strip-strings-and-comments': BOTH string literals and comments
+     *   replaced with whitespace, preserving line/column positions. Use
+     *   for checks that pattern-match identifiers via regex and would
+     *   false-positive on the same banned phrase appearing in JSDoc /
+     *   line / block comments documenting the rule itself.
+     *
+     * The legacy `'code-only'` / `'no-strings-no-comments'` aliases were
+     * retained through 0.4.x for backwards-compat and removed in 0.5.0.
+     * Migrate any remaining call sites to the strip-* names.
+     */
+    readonly contentFilter?: 'raw' | 'strip-strings' | 'strip-strings-and-comments';
+    /**
+     * Confidence level of this check's findings. Consumers of opensip-tools
+     * signals (via --report-to) use this to decide how aggressively to act
+     * on findings; this package treats it as pure metadata.
+     *
+     * - 'high': AST-based or structurally guaranteed no false positives.
+     * - 'medium': Regex with context filtering — some false positives expected.
+     * - 'low': Naive regex or heuristic — surfaced in reports but easily noisy.
+     *
+     * Default: 'medium' (applied at runtime, not in schema).
+     */
+    readonly confidence?: 'high' | 'medium' | 'low';
+}
+/** Check config with per-file analysis mode. */
+export interface AnalyzeCheckConfig extends BaseCheckConfig {
+    analyze(content: string, filePath: string): CheckViolation[];
+}
+/** Check config with multi-file analysis mode using FileAccessor. */
+export interface AnalyzeAllCheckConfig extends BaseCheckConfig {
+    analyzeAll(files: FileAccessor): Promise<CheckViolation[]>;
+}
+/** Check config with external command execution mode. */
+export interface CommandCheckConfig extends BaseCheckConfig {
+    command: CommandConfig;
+}
+/** Union of all check configuration types (analyze, analyzeAll, command). */
+export type UnifiedCheckConfig = AnalyzeCheckConfig | AnalyzeAllCheckConfig | CommandCheckConfig;
+/** Validate and parse a check configuration, throwing on invalid input. */
+export declare function validateCheckConfig(config: unknown): UnifiedCheckConfig;
+/** Type guard for per-file analyze mode checks. */
+export declare function isAnalyzeConfig(config: UnifiedCheckConfig): config is AnalyzeCheckConfig;
+/** Type guard for multi-file analyzeAll mode checks. */
+export declare function isAnalyzeAllConfig(config: UnifiedCheckConfig): config is AnalyzeAllCheckConfig;
+/** Type guard for external command mode checks. */
+export declare function isCommandConfig(config: UnifiedCheckConfig): config is CommandCheckConfig;
+/** Determine which analysis mode a check config uses. */
+export declare function getAnalysisMode(config: UnifiedCheckConfig): 'analyze' | 'analyzeAll' | 'command';
+export {};
+//# sourceMappingURL=check-config.d.ts.map

package/dist/framework/check-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-config.d.ts","sourceRoot":"","sources":["../../src/framework/check-config.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAmBpD,qDAAqD;AAErD,KAAK,SAAS,GAAG,MAAM,CAAA;AAMvB;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;IACnC,QAAQ,CAAC,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC7B;AAMD;;;;GAIG;AAEH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAA;AAEjC;;;;GAIG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAA;AAElC;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,UAAU;IACzB,gEAAgE;IAChE,QAAQ,CAAC,SAAS,EAAE,SAAS,aAAa,EAAE,CAAA;IAC5C,6DAA6D;IAC7D,QAAQ,CAAC,QAAQ,EAAE,SAAS,YAAY,EAAE,CAAA;CAC3C;AAMD;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAA;IACtC,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,GAAG,CAAC,EAAE;QACb,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,aAAa,CAAA;QAC3F,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;QAC7B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;KAC5B,CAAA;CACF;AAMD;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,iCAAiC;IACjC,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAA;IACjC,6DAA6D;IAC7D,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACvC,mCAAmC;IACnC,QAAQ,CAAC,SAAS,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;IACpE,6BAA6B;IAC7B,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CACxC;AAMD,yDAAyD;AACzD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,KAAK,SAAS,MAAM,EAAE,CAAC,CAAA;IACpF,WAAW,CACT,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,SAAS,MAAM,EAAE,EACxB,GAAG,EAAE,MAAM,GACV,cAAc,EAAE,CAAA;IACnB,QAAQ,CAAC,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CAC/C;AAwBD,6DAA6D;AAC7D,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAA;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAA;IACjC,QAAQ,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAA;IAChC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IACtC,yEAAyE;IACzE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;IAC1B,oGAAoG;IACpG,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;IAC5B,wEAAwE;IACxE,QAAQ,CAAC,KAAK,CAAC,EAAE,UAAU,CAAA;IAC3B;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,QAAQ,CAAC,aAAa,CAAC,EAAE,KAAK,GAAG,eAAe,GAAG,4BAA4B,CAAA;IAC/E;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;CAChD;AAsCD,gDAAgD;AAChD,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CAAA;CAC7D;AAED,qEAAqE;AACrE,MAAM,WAAW,qBAAsB,SAAQ,eAAe;IAC5D,UAAU,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAA;CAC3D;AAED,yDAAyD;AACzD,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD,OAAO,EAAE,aAAa,CAAA;CACvB;AAED,6EAA6E;AAC7E,MAAM,MAAM,kBAAkB,GAAG,kBAAkB,GAAG,qBAAqB,GAAG,kBAAkB,CAAA;AAiChG,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,OAAO,GAAG,kBAAkB,CAEvE;AAED,mDAAmD;AACnD,wBAAgB,eAAe,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM,IAAI,kBAAkB,CAExF;AAED,wDAAwD;AACxD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM,IAAI,qBAAqB,CAE9F;AAED,mDAAmD;AACnD,wBAAgB,eAAe,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM,IAAI,kBAAkB,CAExF;AAED,yDAAyD;AACzD,wBAAgB,eAAe,CAAC,MAAM,EAAE,kBAAkB,GAAG,SAAS,GAAG,YAAY,GAAG,SAAS,CAIhG"}

package/dist/framework/check-config.js

@@ -0,0 +1,114 @@
+// @fitness-ignore-file zod-schema-strictness -- flexible schema for external data
+// @fitness-ignore-file null-safety -- Zod schema builder chains (z.string().regex(), z.object().passthrough().superRefine().pipe()) always return valid schema objects
+/**
+ * @fileoverview Unified check configuration schema
+ *
+ * Defines the configuration types for fitness checks with three analysis modes:
+ * - analyze: Per-file analysis with content and path
+ * - analyzeAll: Multi-file analysis with lazy loading FileAccessor
+ * - command: External tool execution with output parsing
+ */
+import { z } from 'zod';
+// =============================================================================
+// CHECK SLUGS AND IDS
+// =============================================================================
+/** Zod schema for validating kebab-case check slugs. */
+const CheckSlugSchema = z
+    .string()
+    .regex(/^[a-z][a-z0-9-]*(?:-[a-z0-9]+)*$/, 'Check slug must be kebab-case (e.g., no-console-log)');
+/** Zod schema for validating UUID-format check IDs. */
+const CheckIdSchema = z
+    .string()
+    .regex(/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/, 'Check ID must be plain UUID format');
+const CommandArgsSchema = z.union([z.array(z.string()), z.function()]);
+/** Zod schema for validating command configurations. */
+const CommandConfigSchema = z.object({
+    bin: z.string().min(1),
+    args: CommandArgsSchema,
+    parseOutput: z.function(),
+    expectedExitCodes: z.array(z.number().int()).optional(),
+});
+// =============================================================================
+// ANALYSIS MODE SCHEMAS
+// =============================================================================
+const AnalyzeModeSchema = z.object({ analyze: z.function() });
+const AnalyzeAllModeSchema = z.object({ analyzeAll: z.function() });
+const CommandModeSchema = z.object({ command: CommandConfigSchema });
+/**
+ * Zod schema for validating check scope declarations.
+ *
+ * Empty `languages` and empty `concerns` are both valid and mean
+ * "matches any". This is how cross-language ("universal") checks
+ * declare themselves — see @opensip-tools/checks-universal.
+ *
+ * findByScope() in TargetRegistry treats empty arrays as match-any
+ * already; the schema mirrors that behavior so callers can author
+ * universal checks without inventing a wildcard sentinel.
+ */
+const CheckScopeSchema = z.object({
+    languages: z.array(z.string()),
+    concerns: z.array(z.string()),
+});
+const BaseCheckConfigSchema = z.object({
+    id: CheckIdSchema,
+    slug: CheckSlugSchema,
+    description: z.string().min(1, 'Description is required'),
+    longDescription: z.string().optional(),
+    tags: z.array(z.string()).min(1, 'At least one tag is required'),
+    docs: z.string().optional(),
+    timeout: z.number().positive().optional(),
+    disabled: z.boolean().optional(),
+    fileTypes: z.array(z.string()).optional(),
+    provider: z.string().optional(),
+    scope: CheckScopeSchema.optional(),
+    contentFilter: z.enum(['raw', 'strip-strings', 'strip-strings-and-comments']).optional(),
+    confidence: z.enum(['high', 'medium', 'low']).optional(),
+});
+// =============================================================================
+// VALIDATION
+// =============================================================================
+/** Zod schema for validating unified check configurations (exactly one analysis mode required). */
+const UnifiedCheckConfigSchema = z
+    .object({})
+    .passthrough()
+    .superRefine((config, ctx) => {
+    const modes = ['analyze' in config, 'analyzeAll' in config, 'command' in config].filter(Boolean).length;
+    if (modes === 0) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message: 'Check config must specify an analysis mode: analyze, analyzeAll, or command',
+        });
+    }
+    else if (modes > 1) {
+        ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message: 'Check config must specify exactly one analysis mode (found multiple)',
+        });
+    }
+})
+    .pipe(BaseCheckConfigSchema.and(z.union([AnalyzeModeSchema, AnalyzeAllModeSchema, CommandModeSchema])));
+/** Validate and parse a check configuration, throwing on invalid input. */
+export function validateCheckConfig(config) {
+    return UnifiedCheckConfigSchema.parse(config);
+}
+/** Type guard for per-file analyze mode checks. */
+export function isAnalyzeConfig(config) {
+    return 'analyze' in config && typeof config.analyze === 'function';
+}
+/** Type guard for multi-file analyzeAll mode checks. */
+export function isAnalyzeAllConfig(config) {
+    return 'analyzeAll' in config && typeof config.analyzeAll === 'function';
+}
+/** Type guard for external command mode checks. */
+export function isCommandConfig(config) {
+    return 'command' in config && typeof config.command === 'object';
+}
+/** Determine which analysis mode a check config uses. */
+export function getAnalysisMode(config) {
+    if (isAnalyzeConfig(config))
+        return 'analyze';
+    if (isAnalyzeAllConfig(config))
+        return 'analyzeAll';
+    return 'command';
+}
+//# sourceMappingURL=check-config.js.map

package/dist/framework/check-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-config.js","sourceRoot":"","sources":["../../src/framework/check-config.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,uKAAuK;AACvK;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF,wDAAwD;AACxD,MAAM,eAAe,GAAG,CAAC;KACtB,MAAM,EAAE;KACR,KAAK,CAAC,kCAAkC,EAAE,sDAAsD,CAAC,CAAA;AAEpG,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,EAAE;KACR,KAAK,CACJ,gEAAgE,EAChE,oCAAoC,CACrC,CAAA;AA0HH,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;AAEtE,wDAAwD;AACxD,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACtB,IAAI,EAAE,iBAAiB;IACvB,WAAW,EAAE,CAAC,CAAC,QAAQ,EAAE;IACzB,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAA;AAEF,gFAAgF;AAChF,wBAAwB;AACxB,gFAAgF;AAEhF,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;AAC7D,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;AACnE,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,CAAA;AA4DpE;;;;;;;;;;GAUG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9B,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;CAC9B,CAAC,CAAA;AAEF,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,eAAe;IACrB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;IACzD,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC;IAChE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACzC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,eAAe,EAAE,4BAA4B,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxF,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE;CACzD,CAAC,CAAA;AAwBF,gFAAgF;AAChF,aAAa;AACb,gFAAgF;AAEhF,mGAAmG;AACnG,MAAM,wBAAwB,GAAG,CAAC;KAC/B,MAAM,CAAC,EAAE,CAAC;KACV,WAAW,EAAE;KACb,WAAW,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC3B,MAAM,KAAK,GAAG,CAAC,SAAS,IAAI,MAAM,EAAE,YAAY,IAAI,MAAM,EAAE,SAAS,IAAI,MAAM,CAAC,CAAC,MAAM,CACrF,OAAO,CACR,CAAC,MAAM,CAAA;IAER,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;QAChB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,6EAA6E;SACvF,CAAC,CAAA;IACJ,CAAC;SAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACrB,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,sEAAsE;SAChF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,IAAI,CACH,qBAAqB,CAAC,GAAG,CACvB,CAAC,CAAC,KAAK,CAAC,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,iBAAiB,CAAC,CAAC,CACtE,CACF,CAAA;AAEH,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,MAAe;IACjD,OAAO,wBAAwB,CAAC,KAAK,CAAC,MAAM,CAAuB,CAAA;AACrE,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,eAAe,CAAC,MAA0B;IACxD,OAAO,SAAS,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,UAAU,CAAA;AACpE,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,OAAO,YAAY,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU,CAAA;AAC1E,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,eAAe,CAAC,MAA0B;IACxD,OAAO,SAAS,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAA;AAClE,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,eAAe,CAAC,MAA0B;IACxD,IAAI,eAAe,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAA;IAC7C,IAAI,kBAAkB,CAAC,MAAM,CAAC;QAAE,OAAO,YAAY,CAAA;IACnD,OAAO,SAAS,CAAA;AAClB,CAAC"}

package/dist/framework/check-types.d.ts

@@ -0,0 +1,57 @@
+/**
+ * @fileoverview Core type definitions for fitness checks
+ *
+ * Check interface is the return type of defineCheck.
+ * CheckConfig represents the internal configuration structure.
+ * CheckResult carries Signal[].
+ */
+import type { CheckScope, ResolvedScope } from './check-config.js';
+import type { ExecutionContext, RunOptions } from './execution-context.js';
+import type { PathMatcher } from './path-matcher.js';
+import type { CheckResult, ItemType } from '../types/findings.js';
+/**
+ * Check configuration options.
+ */
+export interface CheckConfig {
+    readonly id: string;
+    readonly slug: string;
+    readonly tags: readonly string[];
+    readonly description: string;
+    readonly longDescription?: string | undefined;
+    readonly analysisMode: 'analyze' | 'analyzeAll' | 'command';
+    readonly scope: ResolvedScope;
+    readonly itemType: ItemType;
+    readonly unit?: string | undefined;
+    readonly additionalExcludes?: readonly string[] | undefined;
+    readonly docs?: string | undefined;
+    readonly disabled?: boolean | undefined;
+    readonly confidence?: 'high' | 'medium' | 'low' | undefined;
+    readonly timeout?: number | undefined;
+    readonly scansFiles?: boolean | undefined;
+    readonly fileTypes?: readonly string[] | undefined;
+    /** Portable scope declaration for marketplace-ready target matching. */
+    readonly checkScope?: CheckScope | undefined;
+    readonly execute: (ctx: ExecutionContext) => Promise<CheckResult>;
+}
+/**
+ * A defined check, ready to run.
+ */
+export interface Check {
+    readonly config: CheckConfig;
+    readonly run: (cwd: string, options?: RunOptions) => Promise<CheckResult>;
+    readonly getScope: () => ResolvedScope;
+    readonly getMatcher: (cwd: string) => PathMatcher;
+}
+/**
+ * Type guard: is this value a Check object?
+ *
+ * Checks for the shape of a Check object:
+ * - Has a `config` property that is an object
+ * - config has an `id` property that is a string
+ * - config has a `slug` property that is a string
+ * - config has an `execute` property that is a function
+ * - Has a `run` property that is a function
+ */
+export declare function isCheck(value: unknown): value is Check;
+export { type ResolvedScope } from './check-config.js';
+//# sourceMappingURL=check-types.d.ts.map