@oscharko-dev/keiko-evidence 0.2.0

package/dist/runid.d.ts

@@ -0,0 +1,2 @@
+export { assertValidRunId } from "@oscharko-dev/keiko-security";
+//# sourceMappingURL=runid.d.ts.map

package/dist/runid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runid.d.ts","sourceRoot":"","sources":["../src/runid.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/runid.js

@@ -0,0 +1,4 @@
+// Re-export shim: the runId validator now lives in @oscharko-dev/keiko-security
+// (issue #159, ADR-0019). All existing import sites (`from "./runid.js"`) keep resolving
+// unchanged via this barrel.
+export { assertValidRunId } from "@oscharko-dev/keiko-security";

package/dist/side-file.d.ts

@@ -0,0 +1,9 @@
+import type { SideFileWriteResult } from "@oscharko-dev/keiko-contracts";
+import { type WorkspaceFs } from "@oscharko-dev/keiko-workspace";
+export type { SideFileWriteResult };
+export interface SideFileWriterOptions {
+    readonly fs?: WorkspaceFs;
+    readonly randomSuffix?: () => string;
+}
+export declare function writeSideFile(baseDir: string, runId: string, name: string, data: Buffer, options?: SideFileWriterOptions): SideFileWriteResult;
+//# sourceMappingURL=side-file.d.ts.map

package/dist/side-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"side-file.d.ts","sourceRoot":"","sources":["../src/side-file.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAGL,KAAK,WAAW,EACjB,MAAM,+BAA+B,CAAC;AASvC,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAEpC,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,CAAC,EAAE,WAAW,CAAC;IAC1B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,MAAM,CAAC;CACtC;AAuED,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,qBAA0B,GAClC,mBAAmB,CA2BrB"}

package/dist/side-file.js

@@ -0,0 +1,102 @@
+// ADR-0017 D5 — side-file writer for binary evidence (e.g. screenshots) that does NOT fit the
+// text-only EvidenceManifest JSON. Atomic O_EXCL temp + rename, realpath-contained against the
+// per-run subdirectory of evidenceDir, SHA-256 computed over the raw bytes. Reuses the workspace
+// realpath-containment primitive — no new path-safety mechanism is introduced. `evidenceSchemaVersion`
+// stays "1" (additive manifest field consumed by callers).
+import { createHash, randomUUID } from "node:crypto";
+import { chmodSync, lstatSync, mkdirSync, renameSync, rmSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { assertContainedRealPath, resolveWithinWorkspace, } from "@oscharko-dev/keiko-workspace";
+import { nodeWorkspaceFs } from "@oscharko-dev/keiko-workspace/internal/fs";
+import { assertValidRunId } from "./runid.js";
+import { EvidenceWriteError } from "./errors.js";
+const MAX_NAME_LENGTH = 128;
+// Validates a side-file basename. The set is intentionally narrower than runId's: a name segment
+// is a single non-empty path component with no separators, no leading dot, no `..`, length cap. No
+// regex — character-class check stays linear-time.
+function assertValidName(name) {
+    if (name.length === 0 || name.length > MAX_NAME_LENGTH) {
+        throw new EvidenceWriteError("side-file name length is invalid");
+    }
+    if (name.startsWith(".")) {
+        throw new EvidenceWriteError("side-file name must not start with a dot");
+    }
+    for (let i = 0; i < name.length; i += 1) {
+        if (!isAllowedNameChar(name.charCodeAt(i))) {
+            throw new EvidenceWriteError("side-file name contains a disallowed character");
+        }
+    }
+}
+function isAllowedNameChar(code) {
+    const isDigit = code >= 48 && code <= 57;
+    const isUpper = code >= 65 && code <= 90;
+    const isLower = code >= 97 && code <= 122;
+    const isPunct = code === 46 || code === 95 || code === 45;
+    return isDigit || isUpper || isLower || isPunct;
+}
+function ensureDir(absolute) {
+    try {
+        // owner-only: evidence artifacts are local regulated-use machine state, ADR-0048 D2
+        mkdirSync(absolute, { recursive: true, mode: 0o700 });
+    }
+    catch (error) {
+        throw new EvidenceWriteError(`cannot create evidence subdirectory: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function assertRealDirectoryEntry(absolute) {
+    const stat = lstatSync(absolute, { throwIfNoEntry: false });
+    if (stat === undefined || !stat.isDirectory() || stat.isSymbolicLink()) {
+        throw new EvidenceWriteError("side-file run directory must be a real directory");
+    }
+}
+function atomicWriteBytes(target, data, randomSuffix) {
+    const temp = `${target}.${randomSuffix()}.tmp`;
+    try {
+        // O_EXCL ("wx") refuses to open through a pre-planted symlink at the temp path. The randomUUID
+        // suffix never collides so "wx" never spuriously fails.
+        writeFileSync(temp, data, { flag: "wx" });
+        // Best-effort 0o600 on the temp file (the rename preserves the mode). Failure is non-fatal:
+        // POSIX-default umask handles the common case; not all filesystems support chmod (e.g. Windows).
+        try {
+            chmodSync(temp, 0o600);
+        }
+        catch {
+            // ignore; not all filesystems support chmod (e.g. Windows)
+        }
+        renameSync(temp, target);
+    }
+    catch (error) {
+        rmSync(temp, { force: true });
+        throw new EvidenceWriteError(`side-file write failed: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+// Writes a binary side-file under `<baseDir>/<runId>/<name>` atomically. Containment is enforced
+// by realpath-resolving the per-run directory after creation, then checking the final lexical path
+// against that real root via assertContainedRealPath. Returns the relative path to embed in the
+// manifest plus the SHA-256 of the raw bytes (tamper-evidence).
+export function writeSideFile(baseDir, runId, name, data, options = {}) {
+    assertValidRunId(runId);
+    assertValidName(name);
+    const fs = options.fs ?? nodeWorkspaceFs;
+    const randomSuffix = options.randomSuffix ?? randomUUID;
+    ensureDir(baseDir);
+    const realBase = fs.realPath(baseDir);
+    const runDir = join(realBase, runId);
+    const existingRunDir = lstatSync(runDir, { throwIfNoEntry: false });
+    if (existingRunDir !== undefined &&
+        (!existingRunDir.isDirectory() || existingRunDir.isSymbolicLink())) {
+        throw new EvidenceWriteError("side-file run directory must be a real directory");
+    }
+    ensureDir(runDir);
+    assertRealDirectoryEntry(runDir);
+    const lexicalTarget = resolveWithinWorkspace(realBase, join(runId, name));
+    const absoluteTarget = assertContainedRealPath(fs, realBase, lexicalTarget, `${runId}/${name}`);
+    const sha256 = createHash("sha256").update(data).digest("hex");
+    atomicWriteBytes(absoluteTarget, data, randomSuffix);
+    return {
+        relativePath: name,
+        sha256,
+        bytes: data.length,
+        absolutePath: absoluteTarget,
+    };
+}

package/dist/store.d.ts

@@ -0,0 +1,8 @@
+import { type WorkspaceFs } from "@oscharko-dev/keiko-workspace";
+export declare const DEFAULT_EVIDENCE_DIR = "./.keiko/evidence";
+export declare function resolveEvidenceDir(explicit: string | undefined, env: Readonly<Record<string, string | undefined>> | undefined): string;
+import type { EvidenceStore } from "@oscharko-dev/keiko-contracts";
+export type { EvidenceStore };
+export declare function createInMemoryEvidenceStore(): EvidenceStore;
+export declare function createNodeEvidenceStore(baseDir: string, fs?: WorkspaceFs, randomSuffix?: () => string): EvidenceStore;
+//# sourceMappingURL=store.d.ts.map

package/dist/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAyBA,OAAO,EAA0B,KAAK,WAAW,EAAE,MAAM,+BAA+B,CAAC;AA6BzF,eAAO,MAAM,oBAAoB,sBAAsB,CAAC;AAKxD,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,GAAG,SAAS,GAC5D,MAAM,CAER;AAID,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACnE,YAAY,EAAE,aAAa,EAAE,CAAC;AAI9B,wBAAgB,2BAA2B,IAAI,aAAa,CA4B3D;AAgSD,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,EACf,EAAE,GAAE,WAA6B,EACjC,YAAY,GAAE,MAAM,MAAmB,GACtC,aAAa,CAaf"}

package/dist/store.js

@@ -0,0 +1,332 @@
+// The EvidenceStore PORT + node adapter (ADR-0010 D4). A single manifest-record-typed port
+// (read+write+list+delete) keeps all real IO in one auditable place and makes the layer testable
+// with an in-memory store. We deliberately introduce a new port rather than reuse the #6
+// WorkspaceWriter, which has no read/list capability that D5 requires.
+//
+// Safety: the node adapter realpath-contains its base dir once at construction (reusing the #5/#6
+// primitives), every filename is derived from a VALIDATED runId (assertValidRunId), and the
+// resolved child path is re-checked to remain inside the contained base dir before any write,
+// read, or delete. Writes are atomic (temp + rename, same dir = same filesystem). list() returns
+// only real `<runId>.json` files and never follows a symlink (lstat skip).
+import { chmodSync, closeSync, readdirSync, readFileSync, openSync, lstatSync, mkdirSync, renameSync, rmSync, writeFileSync, } from "node:fs";
+import { randomUUID } from "node:crypto";
+import { join, resolve } from "node:path";
+import { resolveWithinWorkspace } from "@oscharko-dev/keiko-workspace";
+import { nodeWorkspaceFs } from "@oscharko-dev/keiko-workspace/internal/fs";
+import { EvidenceReadError, EvidenceWriteError, InvalidRunIdError } from "./errors.js";
+import { assertValidRunId } from "./runid.js";
+const MANIFEST_SUFFIX = ".json";
+const MANIFEST_LOCK_SUFFIX = ".lock";
+const MANIFEST_LOCK_TIMEOUT_MS = 5_000;
+const MANIFEST_LOCK_POLL_MS = 25;
+// POSIX limits filenames to 255 bytes. Exceeding this causes an ENAMETOOLONG error whose message
+// includes the absolute path. Guard before any fs call so no path ever leaks (CWE-209).
+const POSIX_FILENAME_LIMIT = 255;
+function assertEvidenceFilenameFits(runId, suffix) {
+    if (runId.length + suffix.length > POSIX_FILENAME_LIMIT) {
+        throw new InvalidRunIdError("runId produces a filename that exceeds the filesystem limit");
+    }
+}
+function assertManifestFilenameFits(runId) {
+    assertEvidenceFilenameFits(runId, MANIFEST_SUFFIX);
+}
+function assertLockFilenameFits(runId) {
+    assertEvidenceFilenameFits(runId, MANIFEST_LOCK_SUFFIX);
+}
+// The workspace-relative default evidence base dir (ADR-0010 D4): predictable, local, .gitignored.
+export const DEFAULT_EVIDENCE_DIR = "./.keiko/evidence";
+// Single source of the output-location precedence (ADR-0010 D4): an explicit value (CLI
+// --evidence-dir) wins over the KEIKO_EVIDENCE_DIR env var, which wins over the default. Shared by
+// the CLI run command and the SDK persistEvidence default so both resolve identically.
+export function resolveEvidenceDir(explicit, env) {
+    return explicit ?? env?.KEIKO_EVIDENCE_DIR ?? DEFAULT_EVIDENCE_DIR;
+}
+// ─── In-memory store (tests) ──────────────────────────────────────────────────────
+export function createInMemoryEvidenceStore() {
+    const data = new Map();
+    return {
+        put: (runId, json) => {
+            assertValidRunId(runId);
+            data.set(runId, json);
+            return `${runId}${MANIFEST_SUFFIX}`;
+        },
+        update: (runId, update) => {
+            assertValidRunId(runId);
+            const next = update(data.get(runId));
+            data.set(runId, next);
+            return `${runId}${MANIFEST_SUFFIX}`;
+        },
+        list: () => [...data.keys()].sort(),
+        get: (runId) => {
+            assertValidRunId(runId);
+            return data.get(runId);
+        },
+        location: (runId) => {
+            assertValidRunId(runId);
+            return `${runId}${MANIFEST_SUFFIX}`;
+        },
+        delete: (runId) => {
+            assertValidRunId(runId);
+            data.delete(runId);
+        },
+    };
+}
+// ─── Node adapter ──────────────────────────────────────────────────────────────────
+// Resolves the base dir, creates it if absent, then realpath-contains it against itself so the
+// returned path is the canonical (symlink-followed) base every child path is checked against.
+function prepareBaseDir(baseDir, fs) {
+    try {
+        // owner-only: evidence artifacts are local regulated-use machine state, ADR-0048 D2
+        mkdirSync(baseDir, { recursive: true, mode: 0o700 });
+        return fs.realPath(baseDir);
+    }
+    catch (error) {
+        throw new EvidenceWriteError(`cannot create evidence directory: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function existingBaseDir(baseDir, fs) {
+    if (!fs.exists(baseDir)) {
+        return undefined;
+    }
+    try {
+        return fs.realPath(baseDir);
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot read evidence directory: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+// Returns the lexical absolute path of <runId>.json inside the already-real base dir. The runId is
+// validated first so no separator/`..`/NUL can reach the join. Final manifest operations must target
+// this ledger entry directly and then lstat it; using the entry realpath would follow in-base
+// symlinks and mutate a different manifest.
+function lexicalManifestPath(runId, realBase) {
+    assertValidRunId(runId);
+    assertManifestFilenameFits(runId);
+    return resolveWithinWorkspace(realBase, `${runId}${MANIFEST_SUFFIX}`);
+}
+function isManifestName(name) {
+    if (!name.endsWith(MANIFEST_SUFFIX)) {
+        return false;
+    }
+    const runId = name.slice(0, name.length - MANIFEST_SUFFIX.length);
+    try {
+        assertValidRunId(runId);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function isSingleLinkRegularFile(path, fs) {
+    try {
+        const stat = fs.stat(path);
+        return stat.isFile && (stat.hardLinkCount ?? 1) <= 1;
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot inspect evidence manifest: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function listManifestRunIds(realBase, fs) {
+    const runIds = [];
+    try {
+        for (const entry of readdirSync(realBase, { withFileTypes: true })) {
+            // Never follow a symlink: only count entries the ledger itself wrote as regular files.
+            if (entry.isSymbolicLink() ||
+                !entry.isFile() ||
+                !isManifestName(entry.name) ||
+                !isSingleLinkRegularFile(join(realBase, entry.name), fs)) {
+                continue;
+            }
+            runIds.push(entry.name.slice(0, entry.name.length - MANIFEST_SUFFIX.length));
+        }
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot list evidence manifests: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+    return runIds.sort();
+}
+function atomicWrite(target, json, randomSuffix) {
+    const temp = `${target}.${randomSuffix()}.tmp`;
+    try {
+        // O_EXCL ("wx"): refuse to open through a pre-planted symlink at the temp path, closing the
+        // temp-vs-final containment asymmetry (the final target is realpath-contained, the temp was
+        // not). A randomUUID suffix never collides, so "wx" never spuriously fails.
+        writeFileSync(temp, json, { encoding: "utf8", flag: "wx" });
+        // Best-effort 0o600 on the temp file (the rename preserves the mode). Failure is non-fatal:
+        // POSIX-default umask handles the common case; not all filesystems support chmod (e.g. Windows).
+        try {
+            chmodSync(temp, 0o600);
+        }
+        catch {
+            // ignore; not all filesystems support chmod (e.g. Windows)
+        }
+        renameSync(temp, target);
+    }
+    catch (error) {
+        rmSync(temp, { force: true });
+        throw new EvidenceWriteError(`evidence write failed: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function assertWritableLedgerEntry(target, fs) {
+    const entry = lstatSync(target, { throwIfNoEntry: false });
+    if (entry === undefined) {
+        return;
+    }
+    if (!entry.isFile() || !isSingleLinkRegularFile(target, fs)) {
+        throw new EvidenceWriteError("cannot overwrite a non-ledger evidence manifest");
+    }
+}
+function reportLocation(baseDir, fs, runId) {
+    assertValidRunId(runId);
+    assertManifestFilenameFits(runId);
+    const realBase = existingBaseDir(baseDir, fs);
+    return realBase === undefined
+        ? join(resolve(baseDir), `${runId}${MANIFEST_SUFFIX}`)
+        : lexicalManifestPath(runId, realBase);
+}
+function putManifest(baseDir, fs, randomSuffix, runId, json) {
+    const realBase = prepareBaseDir(baseDir, fs);
+    const target = lexicalManifestPath(runId, realBase);
+    assertWritableLedgerEntry(target, fs);
+    atomicWrite(target, json, randomSuffix);
+    return target;
+}
+function listManifests(baseDir, fs) {
+    const realBase = existingBaseDir(baseDir, fs);
+    return realBase === undefined ? [] : listManifestRunIds(realBase, fs);
+}
+function getManifest(baseDir, fs, runId) {
+    assertValidRunId(runId);
+    assertManifestFilenameFits(runId);
+    const realBase = existingBaseDir(baseDir, fs);
+    if (realBase === undefined) {
+        return undefined;
+    }
+    const target = join(realBase, `${runId}${MANIFEST_SUFFIX}`);
+    try {
+        if (lstatSync(target, { throwIfNoEntry: false })?.isFile() !== true) {
+            return undefined;
+        }
+        if (!isSingleLinkRegularFile(target, fs)) {
+            return undefined;
+        }
+        return readFileSync(target, "utf8");
+    }
+    catch (error) {
+        throw new EvidenceReadError(`cannot read evidence manifest: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function sleepSync(ms) {
+    const waitBuffer = new SharedArrayBuffer(4);
+    const waitView = new Int32Array(waitBuffer);
+    Atomics.wait(waitView, 0, 0, ms);
+}
+function acquireManifestLock(realBase, runId) {
+    assertValidRunId(runId);
+    assertLockFilenameFits(runId);
+    const lockPath = resolveWithinWorkspace(realBase, `${runId}${MANIFEST_LOCK_SUFFIX}`);
+    const deadline = Date.now() + MANIFEST_LOCK_TIMEOUT_MS;
+    let fd;
+    while (fd === undefined) {
+        try {
+            fd = openSync(lockPath, "wx");
+        }
+        catch (error) {
+            if (retryManifestLock(error, lockPath, deadline))
+                continue;
+            throw new EvidenceWriteError(`evidence update lock failed: ${error instanceof Error ? error.message : "unknown"}`);
+        }
+    }
+    return () => {
+        try {
+            closeSync(fd);
+        }
+        finally {
+            rmSync(lockPath, { force: true });
+        }
+    };
+}
+function retryManifestLock(error, lockPath, deadline) {
+    if (errorCode(error) !== "EEXIST") {
+        return false;
+    }
+    if (lockIsStale(lockPath)) {
+        rmSync(lockPath, { force: true });
+        return true;
+    }
+    if (Date.now() >= deadline) {
+        return false;
+    }
+    sleepSync(MANIFEST_LOCK_POLL_MS);
+    return true;
+}
+function errorCode(error) {
+    if (typeof error !== "object" || error === null || !("code" in error)) {
+        return undefined;
+    }
+    return typeof error.code === "string" ? error.code : undefined;
+}
+function lockIsStale(lockPath) {
+    try {
+        return Date.now() - lstatSync(lockPath).mtimeMs >= MANIFEST_LOCK_TIMEOUT_MS;
+    }
+    catch {
+        return true;
+    }
+}
+function readManifestForUpdate(target, fs) {
+    try {
+        const entry = lstatSync(target, { throwIfNoEntry: false });
+        if (entry === undefined) {
+            return undefined;
+        }
+        if (!entry.isFile() || !isSingleLinkRegularFile(target, fs)) {
+            throw new EvidenceWriteError("cannot update a non-ledger evidence manifest");
+        }
+        return readFileSync(target, "utf8");
+    }
+    catch (error) {
+        if (error instanceof EvidenceWriteError) {
+            throw error;
+        }
+        throw new EvidenceReadError(`cannot read evidence manifest: ${error instanceof Error ? error.message : "unknown"}`);
+    }
+}
+function updateManifest(baseDir, fs, randomSuffix, runId, update) {
+    const realBase = prepareBaseDir(baseDir, fs);
+    const target = lexicalManifestPath(runId, realBase);
+    const releaseLock = acquireManifestLock(realBase, runId);
+    try {
+        atomicWrite(target, update(readManifestForUpdate(target, fs)), randomSuffix);
+        return target;
+    }
+    finally {
+        releaseLock();
+    }
+}
+function deleteManifest(baseDir, fs, runId) {
+    const realBase = existingBaseDir(baseDir, fs);
+    if (realBase === undefined) {
+        return;
+    }
+    const target = lexicalManifestPath(runId, realBase);
+    if (lstatSync(target, { throwIfNoEntry: false })?.isFile() !== true) {
+        return;
+    }
+    if (!isSingleLinkRegularFile(target, fs)) {
+        return;
+    }
+    rmSync(target, { force: true });
+}
+export function createNodeEvidenceStore(baseDir, fs = nodeWorkspaceFs, randomSuffix = randomUUID) {
+    return {
+        put: (runId, json) => putManifest(baseDir, fs, randomSuffix, runId, json),
+        update: (runId, update) => updateManifest(baseDir, fs, randomSuffix, runId, update),
+        list: () => listManifests(baseDir, fs),
+        get: (runId) => getManifest(baseDir, fs, runId),
+        location: (runId) => reportLocation(baseDir, fs, runId),
+        delete: (runId) => {
+            deleteManifest(baseDir, fs, runId);
+        },
+    };
+}

package/dist/types.d.ts

@@ -0,0 +1,3 @@
+export type { EvidenceRunIdentity, EvidenceModel, EvidenceUsageTotals, EvidenceStateTransition, EvidenceToolCall, EvidenceCommandExecution, EvidenceSandboxConfiguration, EvidenceVerificationResult, EvidencePatch, EvidenceReasoningEntry, EvidenceFailure, EvidenceTaskType, EvidenceBrowserViewportPx, EvidenceBrowserEventType, EvidenceBrowserEvent, EvidenceBrowserScreenshot, EvidenceBrowserContentCapture, EvidenceBrowserCapture, EvidenceConnectedContextScope, EvidenceConnectedContextQuery, EvidenceConnectedContextExcerpt, EvidenceConnectedContextFile, EvidenceConnectedContextOmitted, EvidenceConnectedContextUncertainty, EvidenceConnectedContextPlan, EvidenceConnectedContextAudit, EvidenceManifest, AuditRedactionConfig, RetentionPolicy, BuildOptions, EvidenceBuildInput, EvidenceDeps, EvidenceStore, } from "@oscharko-dev/keiko-contracts";
+export { EVIDENCE_SCHEMA_VERSION, DEFAULT_RETENTION } from "@oscharko-dev/keiko-contracts";
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAKA,YAAY,EACV,mBAAmB,EACnB,aAAa,EACb,mBAAmB,EACnB,uBAAuB,EACvB,gBAAgB,EAChB,wBAAwB,EACxB,4BAA4B,EAC5B,0BAA0B,EAC1B,aAAa,EACb,sBAAsB,EACtB,eAAe,EACf,gBAAgB,EAChB,yBAAyB,EACzB,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,EACzB,6BAA6B,EAC7B,sBAAsB,EACtB,6BAA6B,EAC7B,6BAA6B,EAC7B,+BAA+B,EAC/B,4BAA4B,EAC5B,+BAA+B,EAC/B,mCAAmC,EACnC,4BAA4B,EAC5B,6BAA6B,EAC7B,gBAAgB,EAChB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,YAAY,EACZ,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC"}

package/dist/types.js

@@ -0,0 +1,5 @@
+// Re-export shim: all Evidence* interfaces, retention/redaction config, and the frozen
+// EVIDENCE_SCHEMA_VERSION / DEFAULT_RETENTION tables live in @oscharko-dev/keiko-contracts
+// (issue #158). All existing import sites (`from "../audit/types.js"`) continue to resolve unchanged.
+// verbatimModuleSyntax is on: type-only names use `export type`, value-emitting tables use `export`.
+export { EVIDENCE_SCHEMA_VERSION, DEFAULT_RETENTION } from "@oscharko-dev/keiko-contracts";

package/dist/version.d.ts

@@ -0,0 +1,2 @@
+export declare const KEIKO_EVIDENCE_VERSION: "0.1.0";
+//# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,EAAG,OAAgB,CAAC"}

package/dist/version.js

@@ -0,0 +1 @@
+export const KEIKO_EVIDENCE_VERSION = "0.1.0";

package/dist/workflow-evidence.d.ts

@@ -0,0 +1,36 @@
+import { type EvidenceReport } from "./report.js";
+import { type EvidenceManifest } from "./types.js";
+import type { EvidenceStore } from "./store.js";
+import { type CostClass } from "@oscharko-dev/keiko-contracts";
+import type { EnvSource } from "@oscharko-dev/keiko-security";
+export type WorkflowRunKind = "unit-tests" | "bug-investigation";
+export type WorkflowTerminalStatus = "completed" | "cancelled" | "failed";
+export interface EvidencePersistContext {
+    readonly store: EvidenceStore;
+    readonly env: EnvSource;
+    readonly additionalSecrets?: readonly string[] | undefined;
+    readonly costClassResolver?: ((modelId: string) => CostClass | "unknown") | undefined;
+}
+export interface WorkflowRunIdentity {
+    readonly runId: string;
+    readonly fingerprint: string;
+    readonly modelId: string;
+    readonly kind: WorkflowRunKind;
+    readonly status: WorkflowTerminalStatus;
+    readonly startedAt: number;
+    readonly finishedAt: number;
+    readonly workspaceRoot?: string | undefined;
+}
+export interface WorkflowEventLike {
+    readonly type: string;
+}
+interface WorkflowManifestOptions {
+    readonly governedHandoff?: EvidenceManifest["governedHandoff"];
+    readonly includeDiff?: boolean | undefined;
+    readonly redactString?: ((value: string) => string) | undefined;
+}
+export declare function foldWorkflowUsage(events: readonly WorkflowEventLike[]): EvidenceManifest["usageTotals"];
+export declare function buildWorkflowManifest(identity: WorkflowRunIdentity, events: readonly WorkflowEventLike[], report: unknown, costClassResolver?: (modelId: string) => CostClass | "unknown", options?: WorkflowManifestOptions): EvidenceManifest;
+export declare function persistWorkflowEvidence(identity: WorkflowRunIdentity, report: unknown, events: readonly WorkflowEventLike[], ctx: EvidencePersistContext, options?: WorkflowManifestOptions): EvidenceReport;
+export {};
+//# sourceMappingURL=workflow-evidence.d.ts.map

package/dist/workflow-evidence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow-evidence.d.ts","sourceRoot":"","sources":["../src/workflow-evidence.ts"],"names":[],"mappings":"AAUA,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,aAAa,CAAC;AAEvE,OAAO,EAA2B,KAAK,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC5E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAGL,KAAK,SAAS,EAEf,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAI9D,MAAM,MAAM,eAAe,GAAG,YAAY,GAAG,mBAAmB,CAAC;AAGjE,MAAM,MAAM,sBAAsB,GAAG,WAAW,GAAG,WAAW,GAAG,QAAQ,CAAC;AAE1E,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC;IACxB,QAAQ,CAAC,iBAAiB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;IAG3D,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,MAAM,KAAK,SAAS,GAAG,SAAS,CAAC,GAAG,SAAS,CAAC;CACvF;AAID,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,sBAAsB,CAAC;IACxC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7C;AAID,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,UAAU,uBAAuB;IAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;IAC/D,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAC3C,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC,GAAG,SAAS,CAAC;CACjE;AAUD,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,SAAS,iBAAiB,EAAE,GACnC,gBAAgB,CAAC,aAAa,CAAC,CAmBjC;AAMD,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,SAAS,iBAAiB,EAAE,EACpC,MAAM,EAAE,OAAO,EACf,iBAAiB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,SAAS,GAAG,SAAS,EAC9D,OAAO,GAAE,uBAA4B,GACpC,gBAAgB,CAgClB;AAmBD,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,mBAAmB,EAC7B,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,SAAS,iBAAiB,EAAE,EACpC,GAAG,EAAE,sBAAsB,EAC3B,OAAO,GAAE,uBAA4B,GACpC,cAAc,CAShB"}