@pactosigna/schemas 0.1.1 → 0.1.2

package/dist/index.js

@@ -6,148 +6,1320 @@ import {
   inferDocumentType
 } from "./chunk-A3X6VKYK.js";
 
-// src/index.ts
-import { DOCUMENT_TYPES, REQUIRED_SECTIONS as REQUIRED_SECTIONS2, LINK_TYPES } from "@pactosigna/shared";
-import {
-  QMS_DOCUMENT_TYPES,
-  DEVICE_DOCUMENT_TYPES,
-  CHANGE_DOCUMENT_TYPES,
-  isQmsDocumentType,
-  isDeviceDocumentType,
-  isChangeDocumentType
-} from "@pactosigna/shared";
-import {
-  DocumentTypeSchema,
-  DocumentStatusSchema,
-  LinkTypeSchema,
-  SafetyClassSchema,
-  RegulatoryFrameworkSchema,
-  AcceptabilityStatusSchema
-} from "@pactosigna/shared";
-import {
-  RiskDocumentStatusSchema,
-  MitigationTargetSchema,
-  RiskGapCodeSchema,
-  RiskGapSeveritySchema,
-  MitigationSchema,
-  RiskEntryFrontmatterSchema as RiskEntryFrontmatterSchema2,
-  HazardFrontmatterSchema as HazardFrontmatterSchema2,
-  HazardousSituationFrontmatterSchema as HazardousSituationFrontmatterSchema2,
-  HarmFrontmatterSchema as HarmFrontmatterSchema2,
-  HazardCategoryFrontmatterSchema as HazardCategoryFrontmatterSchema2,
-  RiskMatrixConfigSchema
-} from "@pactosigna/shared";
-import {
-  AnomalyCategorySchema,
-  AnomalySeveritySchema,
-  AnomalyDispositionSchema,
-  AnomalyFrontmatterSchema as AnomalyFrontmatterSchema2
-} from "@pactosigna/shared";
-import {
-  UsabilityPlanFrontmatterSchema as UsabilityPlanFrontmatterSchema2,
-  UseSpecificationFrontmatterSchema as UseSpecificationFrontmatterSchema2,
-  TaskAnalysisFrontmatterSchema as TaskAnalysisFrontmatterSchema2,
-  UsabilityEvaluationFrontmatterSchema as UsabilityEvaluationFrontmatterSchema2,
-  SummativeEvaluationFrontmatterSchema as SummativeEvaluationFrontmatterSchema2
-} from "@pactosigna/shared";
-import { RiskManagementPlanFrontmatterSchema as RiskManagementPlanFrontmatterSchema2 } from "@pactosigna/shared";
-import {
-  SoftwareDevelopmentPlanFrontmatterSchema as SoftwareDevelopmentPlanFrontmatterSchema2,
-  SoftwareMaintenancePlanFrontmatterSchema as SoftwareMaintenancePlanFrontmatterSchema2,
-  SoftwareTestPlanFrontmatterSchema as SoftwareTestPlanFrontmatterSchema2,
-  SoupRegisterFrontmatterSchema as SoupRegisterFrontmatterSchema2
-} from "@pactosigna/shared";
-import { CybersecurityPlanFrontmatterSchema as CybersecurityPlanFrontmatterSchema2, SbomFrontmatterSchema as SbomFrontmatterSchema2 } from "@pactosigna/shared";
-import {
-  ClinicalEvaluationPlanFrontmatterSchema as ClinicalEvaluationPlanFrontmatterSchema2,
-  ClinicalEvaluationReportFrontmatterSchema as ClinicalEvaluationReportFrontmatterSchema2
-} from "@pactosigna/shared";
-import {
-  PostMarketSurveillancePlanFrontmatterSchema as PostMarketSurveillancePlanFrontmatterSchema2,
-  PostMarketFeedbackCategorySchema,
-  PostMarketFeedbackSeveritySchema,
-  PostMarketFeedbackFrontmatterSchema as PostMarketFeedbackFrontmatterSchema2
-} from "@pactosigna/shared";
-import { LabelingFrontmatterSchema as LabelingFrontmatterSchema2 } from "@pactosigna/shared";
-import {
-  ProductDevelopmentPlanFrontmatterSchema as ProductDevelopmentPlanFrontmatterSchema2,
-  IntendedUseFrontmatterSchema as IntendedUseFrontmatterSchema2
-} from "@pactosigna/shared";
-import { UserNeedPrioritySchema, UserNeedFrontmatterSchema as UserNeedFrontmatterSchema2 } from "@pactosigna/shared";
-import {
-  RequirementTypeSchema,
-  RequirementFormatSchema,
-  RequirementFulfillmentTypeSchema,
-  RequirementFrontmatterSchema as RequirementFrontmatterSchema2
-} from "@pactosigna/shared";
-import {
-  TestProtocolFrontmatterSchema as TestProtocolFrontmatterSchema2,
-  TestPhaseSchema,
-  TestReportFrontmatterSchema as TestReportFrontmatterSchema2
-} from "@pactosigna/shared";
-import {
-  ReleasePlanFrontmatterSchema as ReleasePlanFrontmatterSchema2,
-  DesignReviewFrontmatterSchema as DesignReviewFrontmatterSchema2,
-  ReleaseNotesAudienceSchema,
-  ReleaseNotesFrontmatterSchema as ReleaseNotesFrontmatterSchema2
-} from "@pactosigna/shared";
-import {
-  AuditFindingClassificationSchema,
-  AuditStatusSchema,
-  PlannedAuditEntrySchema,
-  AuditScheduleFrontmatterSchema as AuditScheduleFrontmatterSchema2,
-  AuditFindingSchema,
-  AuditReportFrontmatterSchema as AuditReportFrontmatterSchema2
-} from "@pactosigna/shared";
-import {
-  ManagementReviewAttendeeSchema,
-  ManagementReviewFrontmatterSchema as ManagementReviewFrontmatterSchema2
-} from "@pactosigna/shared";
-import { RepoConfigSchema, ReleaseReviewConfigSchema } from "@pactosigna/shared";
-import {
-  RetentionPolicySchema,
-  isWithinRetentionPeriod,
-  getEffectiveRetentionYears
-} from "@pactosigna/shared";
+// ../shared/dist/schemas/index.js
+import { z as z24 } from "zod";
+
+// ../shared/dist/schemas/common-enums.js
+import { z } from "zod";
+var RegulatoryFrameworkSchema = z.enum([
+  "ISO_13485",
+  "IEC_62304",
+  "FDA_21_CFR_820",
+  "QMSR",
+  "EU_MDR",
+  "ISO_14971",
+  "AI_ACT"
+]);
+var SafetyClassSchema = z.enum(["A", "B", "C"]);
+var DocumentTypeSchema = z.enum([
+  "user_need",
+  "requirement",
+  "architecture",
+  "detailed_design",
+  "test_protocol",
+  "test_report",
+  "sop",
+  "work_instruction",
+  "policy",
+  "usability_risk",
+  "software_risk",
+  "security_risk",
+  // Risk document types
+  "haz_soe_software",
+  "haz_soe_security",
+  "hazardous_situation",
+  "harm",
+  "hazard_category",
+  // Usability engineering (IEC 62366)
+  "usability_plan",
+  "use_specification",
+  "task_analysis",
+  "usability_evaluation",
+  "summative_evaluation",
+  // Risk management (ISO 14971)
+  "risk_management_plan",
+  // Software lifecycle (IEC 62304)
+  "software_development_plan",
+  "software_maintenance_plan",
+  "soup_register",
+  // Problem resolution (IEC 62304 §9)
+  "anomaly",
+  // Cybersecurity (IEC 81001-5-1)
+  "cybersecurity_plan",
+  "sbom",
+  // Clinical (MDR / FDA)
+  "clinical_evaluation_plan",
+  "clinical_evaluation_report",
+  // Post-market surveillance (MDR Art. 83)
+  "post_market_surveillance_plan",
+  "post_market_feedback",
+  // Labeling (MDR Annex I)
+  "labeling",
+  // Product (ISO 13485 §7.3)
+  "product_development_plan",
+  "intended_use",
+  // Release management (IEC 62304 §5.7)
+  "release_plan",
+  // Change management (ISO 13485 §7.3.5)
+  "design_review",
+  "release_notes",
+  // Supplier management (ISO 13485 §7.4)
+  "supplier",
+  // Internal audit management (ISO 13485 §8.2.2)
+  "audit_schedule",
+  "audit_report",
+  // Management review (ISO 13485 §5.6)
+  "management_review",
+  // Software test plan (IEC 62304 §5.7)
+  "software_test_plan"
+]);
+var DocumentStatusSchema = z.enum([
+  "draft",
+  "in_review",
+  "approved",
+  "obsolete",
+  "example"
+]);
+var LinkTypeSchema = z.enum([
+  "derives_from",
+  "implements",
+  "verified_by",
+  "mitigates",
+  "parent_of",
+  "related_to",
+  // New risk link types
+  "leads_to",
+  "results_in",
+  "analyzes"
+]);
+var AcceptabilityStatusSchema = z.enum(["acceptable", "review_required", "unacceptable"]);
+var DepartmentRoleSchema = z.enum(["manager", "member"]);
+
+// ../shared/dist/schemas/risk.js
+import { z as z2 } from "zod";
+var RiskDocumentStatusSchema = z2.enum([
+  "draft",
+  "in_review",
+  "approved",
+  "effective",
+  "archived",
+  "example"
+]);
+var MitigationTargetSchema = z2.enum([
+  "sequence_probability",
+  "harm_probability",
+  "severity"
+]);
+var RiskGapCodeSchema = z2.enum([
+  "hazard_no_situation",
+  "situation_no_harm",
+  "hazard_not_analyzed",
+  "missing_mitigation",
+  "broken_mitigation_link",
+  "control_not_approved",
+  "missing_risk_benefit",
+  "risk_missing_safety_chain",
+  "risk_broken_safety_chain",
+  "wrong_probability_dimension",
+  "missing_frontmatter",
+  "requirement_no_architecture",
+  "architecture_no_segregation",
+  "architecture_no_parent",
+  "haz_missing_category",
+  "haz_invalid_category",
+  "category_not_approved"
+]);
+var RiskGapSeveritySchema = z2.enum(["error", "warning"]);
+var MitigationSchema = z2.object({
+  control: z2.string().min(1),
+  reduces: MitigationTargetSchema,
+  for_harm: z2.string().optional()
+});
+var HarmAssessmentSchema = z2.object({
+  harm: z2.string().min(1),
+  inherent_probability: z2.number().int().min(1).max(5).optional(),
+  inherent_exploitability: z2.number().int().min(1).max(5).optional(),
+  residual_probability: z2.number().int().min(1).max(5).optional(),
+  residual_exploitability: z2.number().int().min(1).max(5).optional(),
+  residual_severity_override: z2.number().int().min(1).max(5).optional()
+});
+var RiskEntryFrontmatterSchema = z2.object({
+  type: z2.enum(["software_risk", "usability_risk", "security_risk"]),
+  id: z2.string().min(1),
+  title: z2.string().min(1),
+  status: RiskDocumentStatusSchema,
+  analyzes: z2.string().min(1),
+  hazardous_situation: z2.string().min(1),
+  harm_assessments: z2.array(HarmAssessmentSchema).min(1),
+  mitigations: z2.array(MitigationSchema).optional(),
+  cvss_score: z2.number().min(0).max(10).optional(),
+  cvss_vector: z2.string().regex(/^CVSS:3\.[01]\/AV:[NALP]\/AC:[LH]\/PR:[NLH]\/UI:[NR]\/S:[UC]\/C:[NLH]\/I:[NLH]\/A:[NLH]$/).optional()
+}).refine((data) => {
+  if (data.type === "security_risk") {
+    return data.harm_assessments.every((ha) => ha.inherent_exploitability != null);
+  }
+  return data.harm_assessments.every((ha) => ha.inherent_probability != null);
+}, {
+  message: "Security risks must use inherent_exploitability; software/usability risks must use inherent_probability"
+});
+var HazardFrontmatterSchema = z2.object({
+  type: z2.enum(["haz_soe_software", "haz_soe_security"]),
+  id: z2.string().min(1),
+  title: z2.string().min(1),
+  status: RiskDocumentStatusSchema,
+  leads_to: z2.array(z2.string()).optional(),
+  // sFMEA fields
+  failure_mode: z2.string().optional(),
+  cause: z2.string().optional(),
+  detection_method: z2.string().optional(),
+  // STRIDE fields
+  threat_category: z2.string().optional(),
+  attack_vector: z2.string().optional(),
+  // Hazard category reference (HC-xxx)
+  hazard_category: z2.string().optional()
+});
+var HazardCategoryFrontmatterSchema = z2.object({
+  type: z2.literal("hazard_category"),
+  id: z2.string().min(1),
+  title: z2.string().min(1),
+  status: RiskDocumentStatusSchema,
+  source: z2.string().optional()
+});
+var HazardousSituationFrontmatterSchema = z2.object({
+  type: z2.literal("hazardous_situation"),
+  id: z2.string().min(1),
+  title: z2.string().min(1),
+  status: RiskDocumentStatusSchema,
+  results_in: z2.array(z2.string()).optional()
+});
+var HarmFrontmatterSchema = z2.object({
+  type: z2.literal("harm"),
+  id: z2.string().min(1),
+  title: z2.string().min(1),
+  status: RiskDocumentStatusSchema,
+  severity: z2.number().int().min(1).max(5),
+  category: z2.string().optional()
+});
+var RiskMatrixConfigSchema = z2.object({
+  version: z2.number(),
+  labels: z2.object({
+    severity: z2.array(z2.string()).length(5),
+    probability: z2.array(z2.string()).length(5),
+    exploitability: z2.array(z2.string()).length(5).optional()
+  }),
+  acceptability: z2.object({
+    unacceptable: z2.array(z2.tuple([z2.number(), z2.number()])),
+    review_required: z2.array(z2.tuple([z2.number(), z2.number()])).optional()
+  }),
+  overrides: z2.record(z2.object({
+    unacceptable: z2.array(z2.tuple([z2.number(), z2.number()])),
+    review_required: z2.array(z2.tuple([z2.number(), z2.number()])).optional()
+  })).optional()
+});
+
+// ../shared/dist/schemas/usability.js
+import { z as z3 } from "zod";
+var UsabilityPlanFrontmatterSchema = z3.object({
+  type: z3.literal("usability_plan"),
+  id: z3.string().min(1),
+  title: z3.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z3.string().optional(),
+  reviewers: z3.array(z3.string()).optional(),
+  approvers: z3.array(z3.string()).optional()
+});
+var UseSpecificationFrontmatterSchema = z3.object({
+  type: z3.literal("use_specification"),
+  id: z3.string().min(1),
+  title: z3.string().min(1),
+  status: RiskDocumentStatusSchema,
+  user_group: z3.string().min(1),
+  author: z3.string().optional(),
+  reviewers: z3.array(z3.string()).optional(),
+  approvers: z3.array(z3.string()).optional()
+});
+var TaskAnalysisFrontmatterSchema = z3.object({
+  type: z3.literal("task_analysis"),
+  id: z3.string().min(1),
+  title: z3.string().min(1),
+  status: RiskDocumentStatusSchema,
+  user_group: z3.string().min(1),
+  critical_task: z3.boolean(),
+  author: z3.string().optional(),
+  reviewers: z3.array(z3.string()).optional(),
+  approvers: z3.array(z3.string()).optional()
+});
+var UsabilityEvaluationFrontmatterSchema = z3.object({
+  type: z3.literal("usability_evaluation"),
+  id: z3.string().min(1),
+  title: z3.string().min(1),
+  status: RiskDocumentStatusSchema,
+  result: z3.enum(["pass", "fail", "pass_with_findings"]).optional(),
+  author: z3.string().optional(),
+  reviewers: z3.array(z3.string()).optional(),
+  approvers: z3.array(z3.string()).optional()
+});
+var SummativeEvaluationFrontmatterSchema = z3.object({
+  type: z3.literal("summative_evaluation"),
+  id: z3.string().min(1),
+  title: z3.string().min(1),
+  status: RiskDocumentStatusSchema,
+  result: z3.enum(["pass", "fail", "pass_with_findings"]).optional(),
+  author: z3.string().optional(),
+  reviewers: z3.array(z3.string()).optional(),
+  approvers: z3.array(z3.string()).optional()
+});
+
+// ../shared/dist/schemas/risk-management-plan.js
+import { z as z4 } from "zod";
+var RiskManagementPlanFrontmatterSchema = z4.object({
+  type: z4.literal("risk_management_plan"),
+  id: z4.string().min(1),
+  title: z4.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z4.string().optional(),
+  reviewers: z4.array(z4.string()).optional(),
+  approvers: z4.array(z4.string()).optional()
+});
+
+// ../shared/dist/schemas/software-lifecycle.js
+import { z as z5 } from "zod";
+var SoftwareDevelopmentPlanFrontmatterSchema = z5.object({
+  type: z5.literal("software_development_plan"),
+  id: z5.string().min(1),
+  title: z5.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z5.string().optional(),
+  reviewers: z5.array(z5.string()).optional(),
+  approvers: z5.array(z5.string()).optional()
+});
+var SoftwareMaintenancePlanFrontmatterSchema = z5.object({
+  type: z5.literal("software_maintenance_plan"),
+  id: z5.string().min(1),
+  title: z5.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z5.string().optional(),
+  reviewers: z5.array(z5.string()).optional(),
+  approvers: z5.array(z5.string()).optional()
+});
+var SoupRegisterFrontmatterSchema = z5.object({
+  type: z5.literal("soup_register"),
+  id: z5.string().min(1),
+  title: z5.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z5.string().optional(),
+  reviewers: z5.array(z5.string()).optional(),
+  approvers: z5.array(z5.string()).optional()
+});
+var SoftwareTestPlanFrontmatterSchema = z5.object({
+  type: z5.literal("software_test_plan"),
+  id: z5.string().min(1),
+  title: z5.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z5.string().optional(),
+  reviewers: z5.array(z5.string()).optional(),
+  approvers: z5.array(z5.string()).optional()
+});
+
+// ../shared/dist/schemas/architecture.js
+import { z as z6 } from "zod";
+var SoftwareItemTypeSchema = z6.enum(["system", "subsystem", "component", "unit"]);
+var SegregationSchema = z6.object({
+  mechanism: z6.string().min(1),
+  rationale: z6.string().min(1)
+});
+var ArchitectureFrontmatterSchema = z6.object({
+  id: z6.string().min(1),
+  title: z6.string().min(1),
+  type: z6.literal("architecture"),
+  status: RiskDocumentStatusSchema,
+  software_item_type: SoftwareItemTypeSchema.optional(),
+  parent_item: z6.string().optional(),
+  safety_class: z6.enum(["A", "B", "C"]).optional(),
+  segregation: SegregationSchema.optional(),
+  author: z6.string().optional(),
+  reviewers: z6.array(z6.string()).optional(),
+  approvers: z6.array(z6.string()).optional()
+});
+var DetailedDesignFrontmatterSchema = z6.object({
+  id: z6.string().min(1),
+  title: z6.string().min(1),
+  type: z6.literal("detailed_design"),
+  status: RiskDocumentStatusSchema,
+  software_item_type: SoftwareItemTypeSchema.optional(),
+  parent_item: z6.string().optional(),
+  safety_class: z6.enum(["A", "B", "C"]).optional(),
+  segregation: SegregationSchema.optional(),
+  author: z6.string().optional(),
+  reviewers: z6.array(z6.string()).optional(),
+  approvers: z6.array(z6.string()).optional()
+});
+
+// ../shared/dist/schemas/anomaly.js
+import { z as z7 } from "zod";
+var AnomalyCategorySchema = z7.enum([
+  "bug",
+  "security_vulnerability",
+  "regression",
+  "performance"
+]);
+var AnomalySeveritySchema = z7.enum(["critical", "major", "minor"]);
+var AnomalyDispositionSchema = z7.enum([
+  "open",
+  "investigating",
+  "resolved",
+  "deferred",
+  "will_not_fix"
+]);
+var AnomalyFrontmatterSchema = z7.object({
+  type: z7.literal("anomaly"),
+  id: z7.string().min(1),
+  title: z7.string().min(1),
+  status: RiskDocumentStatusSchema,
+  category: AnomalyCategorySchema,
+  severity: AnomalySeveritySchema,
+  disposition: AnomalyDispositionSchema,
+  affected_version: z7.string().optional(),
+  author: z7.string().optional(),
+  reviewers: z7.array(z7.string()).optional(),
+  approvers: z7.array(z7.string()).optional()
+});
+
+// ../shared/dist/schemas/cybersecurity.js
+import { z as z8 } from "zod";
+var CybersecurityPlanFrontmatterSchema = z8.object({
+  type: z8.literal("cybersecurity_plan"),
+  id: z8.string().min(1),
+  title: z8.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z8.string().optional(),
+  reviewers: z8.array(z8.string()).optional(),
+  approvers: z8.array(z8.string()).optional()
+});
+var SbomFrontmatterSchema = z8.object({
+  type: z8.literal("sbom"),
+  id: z8.string().min(1),
+  title: z8.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z8.string().optional(),
+  reviewers: z8.array(z8.string()).optional(),
+  approvers: z8.array(z8.string()).optional()
+});
+
+// ../shared/dist/schemas/clinical.js
+import { z as z9 } from "zod";
+var ClinicalEvaluationPlanFrontmatterSchema = z9.object({
+  type: z9.literal("clinical_evaluation_plan"),
+  id: z9.string().min(1),
+  title: z9.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z9.string().optional(),
+  reviewers: z9.array(z9.string()).optional(),
+  approvers: z9.array(z9.string()).optional()
+});
+var ClinicalEvaluationReportFrontmatterSchema = z9.object({
+  type: z9.literal("clinical_evaluation_report"),
+  id: z9.string().min(1),
+  title: z9.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z9.string().optional(),
+  reviewers: z9.array(z9.string()).optional(),
+  approvers: z9.array(z9.string()).optional()
+});
+
+// ../shared/dist/schemas/post-market.js
+import { z as z10 } from "zod";
+var PostMarketSurveillancePlanFrontmatterSchema = z10.object({
+  type: z10.literal("post_market_surveillance_plan"),
+  id: z10.string().min(1),
+  title: z10.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z10.string().optional(),
+  reviewers: z10.array(z10.string()).optional(),
+  approvers: z10.array(z10.string()).optional()
+});
+var PostMarketFeedbackCategorySchema = z10.enum([
+  "complaint",
+  "field_observation",
+  "clinical_followup",
+  "trend_report"
+]);
+var PostMarketFeedbackSeveritySchema = z10.enum(["low", "medium", "high", "critical"]);
+var PostMarketFeedbackFrontmatterSchema = z10.object({
+  type: z10.literal("post_market_feedback"),
+  id: z10.string().min(1),
+  title: z10.string().min(1),
+  status: RiskDocumentStatusSchema,
+  category: PostMarketFeedbackCategorySchema,
+  severity: PostMarketFeedbackSeveritySchema,
+  device: z10.string().optional(),
+  reporting_period: z10.string().optional(),
+  author: z10.string().optional(),
+  reviewers: z10.array(z10.string()).optional(),
+  approvers: z10.array(z10.string()).optional()
+});
+
+// ../shared/dist/schemas/labeling.js
+import { z as z11 } from "zod";
+var LabelingFrontmatterSchema = z11.object({
+  type: z11.literal("labeling"),
+  id: z11.string().min(1),
+  title: z11.string().min(1),
+  status: RiskDocumentStatusSchema,
+  label_type: z11.enum(["ifu", "product_label", "packaging_label"]).optional(),
+  author: z11.string().optional(),
+  reviewers: z11.array(z11.string()).optional(),
+  approvers: z11.array(z11.string()).optional()
+});
+
+// ../shared/dist/schemas/product.js
+import { z as z12 } from "zod";
+var ProductDevelopmentPlanFrontmatterSchema = z12.object({
+  type: z12.literal("product_development_plan"),
+  id: z12.string().min(1),
+  title: z12.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z12.string().optional(),
+  reviewers: z12.array(z12.string()).optional(),
+  approvers: z12.array(z12.string()).optional()
+});
+var IntendedUseFrontmatterSchema = z12.object({
+  type: z12.literal("intended_use"),
+  id: z12.string().min(1),
+  title: z12.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z12.string().optional(),
+  reviewers: z12.array(z12.string()).optional(),
+  approvers: z12.array(z12.string()).optional()
+});
+
+// ../shared/dist/schemas/user-need.js
+import { z as z13 } from "zod";
+var UserNeedPrioritySchema = z13.enum(["must_have", "should_have", "nice_to_have"]);
+var UserNeedFrontmatterSchema = z13.object({
+  id: z13.string().min(1),
+  title: z13.string().min(1),
+  status: RiskDocumentStatusSchema,
+  /** Validated if present — ensures frontmatter doesn't misidentify the document type */
+  type: z13.literal("user_need").optional(),
+  /** The user role or stakeholder (e.g., "Quality Manager", "Developer") */
+  stakeholder: z13.string().optional(),
+  /** MoSCoW priority classification */
+  priority: UserNeedPrioritySchema.optional(),
+  /** Where this need originated (e.g., "ISO 13485 §7.3", "user interview") */
+  source: z13.string().optional(),
+  /** IDs of product requirements derived from this need */
+  derives: z13.array(z13.string()).optional(),
+  author: z13.string().optional(),
+  reviewers: z13.array(z13.string()).optional(),
+  approvers: z13.array(z13.string()).optional()
+});
+
+// ../shared/dist/schemas/requirement.js
+import { z as z14 } from "zod";
+var RequirementTypeSchema = z14.enum([
+  "functional",
+  "interface",
+  "performance",
+  "security",
+  "usability",
+  "safety",
+  "regulatory"
+]);
+var RequirementFormatSchema = z14.enum(["standard", "user_story"]);
+var RequirementFulfillmentTypeSchema = z14.enum([
+  "software",
+  "labeling",
+  "clinical",
+  "usability",
+  "regulatory_doc",
+  "process"
+]);
+var RequirementFrontmatterSchema = z14.object({
+  id: z14.string().min(1),
+  title: z14.string().min(1),
+  status: RiskDocumentStatusSchema,
+  /** IEC 62304 §5.2.2 — requirement classification (required for SRS, optional for PRS) */
+  req_type: RequirementTypeSchema.optional(),
+  /** Authoring convention — controls which required sections are checked */
+  format: RequirementFormatSchema.optional(),
+  /** ISO 13485 §7.3.3 — how this PRS design input is fulfilled (PRS only, defaults to 'software') */
+  fulfillment_type: RequirementFulfillmentTypeSchema.optional(),
+  author: z14.string().optional(),
+  reviewers: z14.array(z14.string()).optional(),
+  approvers: z14.array(z14.string()).optional(),
+  /** Upstream traceability — IDs of documents this requirement traces from (e.g., UN for PRS, PRS for SRS) */
+  traces_from: z14.array(z14.string()).optional(),
+  /** Downstream traceability — IDs of documents this requirement traces to (e.g., SRS for PRS) */
+  traces_to: z14.array(z14.string()).optional()
+});
+
+// ../shared/dist/schemas/test-documents.js
+import { z as z15 } from "zod";
+var TestProtocolFrontmatterSchema = z15.object({
+  type: z15.literal("test_protocol"),
+  id: z15.string().min(1),
+  title: z15.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z15.string().optional(),
+  reviewers: z15.array(z15.string()).optional(),
+  approvers: z15.array(z15.string()).optional()
+});
+var TestPhaseSchema = z15.enum(["verification", "production"]);
+var TestReportFrontmatterSchema = z15.object({
+  type: z15.literal("test_report"),
+  id: z15.string().min(1),
+  title: z15.string().min(1),
+  status: RiskDocumentStatusSchema,
+  author: z15.string().optional(),
+  reviewers: z15.array(z15.string()).optional(),
+  approvers: z15.array(z15.string()).optional(),
+  release_version: z15.string().optional(),
+  test_phase: TestPhaseSchema.optional()
+});
+
+// ../shared/dist/schemas/repo-config.js
+import { z as z16 } from "zod";
+var ReleaseReviewConfigSchema = z16.object({
+  required_departments: z16.array(z16.string().min(1)).min(1),
+  final_approver: z16.string().min(1)
+});
+var RepoConfigSchema = z16.object({
+  device: z16.object({
+    name: z16.string().min(1),
+    safety_class: z16.enum(["A", "B", "C"]),
+    classification: z16.object({
+      eu: z16.string().optional(),
+      us: z16.string().optional()
+    }).optional(),
+    udi_device_identifier: z16.string().optional()
+  }),
+  release_review: ReleaseReviewConfigSchema.optional()
+});
+
+// ../shared/dist/schemas/qms-device.js
+import { z as z17 } from "zod";
+var OwnerTypeSchema = z17.enum(["qms", "device"]);
+var DocumentSnapshotSchema = z17.object({
+  documentId: z17.string(),
+  commitSha: z17.string(),
+  documentPath: z17.string(),
+  documentTitle: z17.string(),
+  documentType: z17.string(),
+  previousReleasedCommitSha: z17.string().optional(),
+  changeType: z17.enum(["added", "modified", "unchanged"]),
+  changeDescription: z17.string().optional()
+});
+var QmsDocumentTypeSchema = z17.enum([
+  "sop",
+  "policy",
+  "work_instruction",
+  "supplier",
+  "audit_schedule",
+  "audit_report",
+  "management_review"
+]);
+var DeviceDocumentTypeSchema = z17.enum([
+  "user_need",
+  "requirement",
+  "architecture",
+  "detailed_design",
+  "test_protocol",
+  "test_report",
+  "usability_risk",
+  "software_risk",
+  "security_risk",
+  "hazardous_situation",
+  "harm",
+  "haz_soe_software",
+  "haz_soe_security",
+  "hazard_category",
+  // Usability engineering (IEC 62366)
+  "usability_plan",
+  "use_specification",
+  "task_analysis",
+  "usability_evaluation",
+  "summative_evaluation",
+  // Risk management (ISO 14971)
+  "risk_management_plan",
+  // Software lifecycle (IEC 62304)
+  "software_development_plan",
+  "software_maintenance_plan",
+  "soup_register",
+  // Problem resolution (IEC 62304 §9)
+  "anomaly",
+  // Cybersecurity (IEC 81001-5-1)
+  "cybersecurity_plan",
+  "sbom",
+  // Clinical (MDR / FDA)
+  "clinical_evaluation_plan",
+  "clinical_evaluation_report",
+  // Post-market surveillance (MDR Art. 83)
+  "post_market_surveillance_plan",
+  "post_market_feedback",
+  // Labeling (MDR Annex I)
+  "labeling",
+  // Product (ISO 13485 §7.3)
+  "product_development_plan",
+  "intended_use",
+  // Release management (IEC 62304 §5.7)
+  "release_plan",
+  // Change management (ISO 13485 §7.3.5)
+  "design_review",
+  "release_notes",
+  // Software test plan (IEC 62304 §5.7)
+  "software_test_plan"
+]);
+
+// ../shared/dist/schemas/change-management.js
+import { z as z18 } from "zod";
+var ReleasePlanFrontmatterSchema = z18.object({
+  id: z18.string().min(1),
+  title: z18.string().min(1),
+  type: z18.literal("release_plan").optional(),
+  status: z18.string().optional(),
+  author: z18.string().optional(),
+  reviewers: z18.array(z18.string()).optional(),
+  approvers: z18.array(z18.string()).optional(),
+  version: z18.string().optional(),
+  target_date: z18.string().optional()
+});
+var SuspectedLinkDispositionSchema = z18.enum(["included_in_release", "not_impacted"]);
+var SuspectedLinkNeighborSchema = z18.object({
+  document: z18.string().min(1),
+  direction: z18.enum(["upstream", "downstream"]),
+  disposition: SuspectedLinkDispositionSchema,
+  /** Required when disposition is 'not_impacted' */
+  rationale: z18.string().min(1).optional()
+});
+var SuspectedLinkGroupSchema = z18.object({
+  triggered_by: z18.string().min(1),
+  neighbors: z18.array(SuspectedLinkNeighborSchema).min(1)
+});
+var DesignReviewFrontmatterSchema = z18.object({
+  id: z18.string().min(1),
+  title: z18.string().min(1),
+  type: z18.literal("design_review").optional(),
+  status: z18.string().optional(),
+  author: z18.string().optional(),
+  reviewers: z18.array(z18.string()).optional(),
+  approvers: z18.array(z18.string()).optional(),
+  /** Optional link to a Release Plan document (e.g. "RP-001") */
+  release_plan: z18.string().optional(),
+  /** Acknowledged suspected links — one-up/one-down neighbor analysis */
+  suspected_links: z18.array(SuspectedLinkGroupSchema).optional()
+});
+var ReleaseNotesAudienceSchema = z18.enum(["customer", "technical"]);
+var ReleaseNotesFrontmatterSchema = z18.object({
+  id: z18.string().min(1),
+  title: z18.string().min(1),
+  type: z18.literal("release_notes").optional(),
+  status: RiskDocumentStatusSchema,
+  author: z18.string().optional(),
+  reviewers: z18.array(z18.string()).optional(),
+  approvers: z18.array(z18.string()).optional(),
+  audience: ReleaseNotesAudienceSchema,
+  release_version: z18.string().min(1)
+});
+
+// ../shared/dist/schemas/retention-policy.js
+import { z as z19 } from "zod";
+var RetentionPolicySchema = z19.object({
+  /** Default retention period in years for all record types */
+  defaultPeriodYears: z19.number().int().min(1).max(30).default(10),
+  /**
+   * Optional per-record-type overrides (e.g., { "release": 15, "signature": 20 }).
+   * Keys are record type identifiers; values are retention periods in years.
+   */
+  byRecordType: z19.record(z19.string(), z19.number().int().min(1).max(30)).optional()
+});
+function isWithinRetentionPeriod(createdAt, retentionYears, now = /* @__PURE__ */ new Date()) {
+  const retentionEnd = new Date(createdAt);
+  retentionEnd.setFullYear(retentionEnd.getFullYear() + retentionYears);
+  return now < retentionEnd;
+}
+function getEffectiveRetentionYears(policy, recordType) {
+  const DEFAULT_RETENTION_YEARS = 10;
+  if (!policy) {
+    return DEFAULT_RETENTION_YEARS;
+  }
+  return policy.byRecordType?.[recordType] ?? policy.defaultPeriodYears;
+}
+
+// ../shared/dist/schemas/audit.js
+import { z as z20 } from "zod";
+var AuditFindingClassificationSchema = z20.enum(["observation", "minor_nc", "major_nc"]);
+var AuditStatusSchema = z20.enum(["planned", "in_progress", "completed", "cancelled"]);
+var PlannedAuditEntrySchema = z20.object({
+  audit_id: z20.string().min(1),
+  process_area: z20.string().min(1),
+  clause: z20.string().optional(),
+  planned_date: z20.string().min(1),
+  auditor: z20.string().min(1),
+  status: AuditStatusSchema
+});
+var AuditScheduleFrontmatterSchema = z20.object({
+  id: z20.string().min(1),
+  title: z20.string().min(1),
+  type: z20.literal("audit_schedule").optional(),
+  status: z20.string().optional(),
+  author: z20.string().optional(),
+  reviewers: z20.array(z20.string()).optional(),
+  approvers: z20.array(z20.string()).optional(),
+  cycle_year: z20.number().int().min(2e3).max(2100),
+  audits: z20.array(PlannedAuditEntrySchema).min(1)
+});
+var AuditFindingSchema = z20.object({
+  finding_id: z20.string().min(1),
+  classification: AuditFindingClassificationSchema,
+  description: z20.string().min(1),
+  capa_id: z20.string().optional()
+});
+var AuditReportFrontmatterSchema = z20.object({
+  id: z20.string().min(1),
+  title: z20.string().min(1),
+  type: z20.literal("audit_report").optional(),
+  status: z20.string().optional(),
+  author: z20.string().optional(),
+  reviewers: z20.array(z20.string()).optional(),
+  approvers: z20.array(z20.string()).optional(),
+  audit_date: z20.string().min(1),
+  audit_id: z20.string().optional(),
+  process_area: z20.string().min(1),
+  clause: z20.string().optional(),
+  auditor: z20.string().min(1),
+  findings: z20.array(AuditFindingSchema),
+  findings_major: z20.number().int().min(0).optional(),
+  findings_minor: z20.number().int().min(0).optional(),
+  findings_observations: z20.number().int().min(0).optional()
+});
+
+// ../shared/dist/schemas/management-review.js
+import { z as z21 } from "zod";
+var ManagementReviewAttendeeSchema = z21.object({
+  name: z21.string().min(1),
+  role: z21.string().min(1)
+});
+var ManagementReviewFrontmatterSchema = z21.object({
+  id: z21.string().min(1),
+  title: z21.string().min(1),
+  type: z21.literal("management_review").optional(),
+  version: z21.string().optional(),
+  status: z21.enum(["draft", "scheduled", "completed"]).optional(),
+  review_date: z21.string().min(1),
+  review_period: z21.object({
+    from: z21.string().min(1),
+    to: z21.string().min(1)
+  }),
+  attendees: z21.array(ManagementReviewAttendeeSchema).min(1),
+  data_snapshot_date: z21.string().optional(),
+  next_review_date: z21.string().optional()
+});
+
+// ../shared/dist/schemas/frameworks.js
+import { z as z22 } from "zod";
+var FrameworkScopeSchema = z22.enum(["qms", "device", "both"]);
+var MappingRelationshipSchema = z22.enum(["equivalent", "partial", "related", "supersedes"]);
+var FrameworkDefinitionSeedSchema = z22.object({
+  id: RegulatoryFrameworkSchema,
+  name: z22.string().min(1),
+  version: z22.string().min(1),
+  scope: FrameworkScopeSchema,
+  url: z22.string().url().nullable(),
+  active: z22.boolean().default(true)
+});
+var ClauseBase = z22.object({
+  clauseNumber: z22.string().min(1),
+  title: z22.string().min(1)
+});
+function buildClauseSchema(remainingDepth) {
+  if (remainingDepth <= 0) {
+    return ClauseBase.strict();
+  }
+  return ClauseBase.extend({
+    children: z22.array(z22.lazy(() => buildClauseSchema(remainingDepth - 1))).optional()
+  });
+}
+var FrameworkClauseSeedSchema = buildClauseSchema(5);
+var FrameworkMappingSeedSchema = z22.object({
+  sourceClause: z22.string().min(1),
+  targetFramework: RegulatoryFrameworkSchema,
+  targetClause: z22.string().min(1),
+  relationship: MappingRelationshipSchema,
+  notes: z22.string().nullable().default(null)
+});
+var MappingFileSeedSchema = z22.object({
+  sourceFramework: RegulatoryFrameworkSchema,
+  mappings: z22.array(FrameworkMappingSeedSchema)
+});
+var EvidenceSourceSchema = z22.enum(["documents", "training_records"]);
+var EvidenceRuleConditionsSeedSchema = z22.object({
+  evidenceSource: EvidenceSourceSchema.optional(),
+  documentType: DocumentTypeSchema.optional(),
+  linkType: LinkTypeSchema.optional(),
+  status: z22.string().optional(),
+  minCount: z22.number().int().positive().optional()
+});
+var EvidenceRuleSeedSchema = z22.object({
+  clauseId: z22.string().min(1),
+  description: z22.string().min(1),
+  conditions: EvidenceRuleConditionsSeedSchema,
+  weight: z22.number().min(0).max(1)
+});
+var EvidenceRulesFileSeedSchema = z22.object({
+  frameworkId: RegulatoryFrameworkSchema,
+  rules: z22.array(EvidenceRuleSeedSchema)
+});
+var FrameworkFileSeedSchema = FrameworkDefinitionSeedSchema.extend({
+  clauses: z22.array(FrameworkClauseSeedSchema)
+});
+
+// ../shared/dist/schemas/legal.js
+import { z as z23 } from "zod";
+var LegalDocumentTypeSchema = z23.enum(["tos", "privacy-policy", "billing-terms"]);
+var LegalDocumentVersionSchema = z23.string().regex(/^\d{4}-\d{2}-\d{2}$/, {
+  message: "Version must be in YYYY-MM-DD format"
+});
+
+// ../shared/dist/schemas/index.js
+var GateOverrideCategorySchema = z24.enum([
+  "unverified_requirements",
+  "unanalyzed_requirements",
+  "error_risk_gaps",
+  "missing_risk_management_plan_reference",
+  "missing_plan_risk_management",
+  "missing_plan_software_development",
+  "missing_plan_cybersecurity",
+  "missing_plan_usability",
+  "missing_plan_clinical_evaluation",
+  "missing_plan_post_market_surveillance",
+  "missing_artifact_soup_register",
+  "missing_artifact_sbom",
+  "missing_artifact_summative_evaluation",
+  "missing_deployment_references",
+  "missing_smoke_test_evidence"
+]);
+var MemberRoleSchema = z24.enum(["admin", "member"]);
+var MemberStatusSchema = z24.enum(["active", "suspended", "removed"]);
+var EmailAddressSchema = z24.object({
+  value: z24.string().email(),
+  verified: z24.boolean()
+});
+var ReviewerRuleSchema = z24.object({
+  documentType: DocumentTypeSchema,
+  requiredDepartments: z24.array(z24.string()),
+  finalApproverDepartment: z24.string()
+});
+var SyncStatusSchema = z24.enum(["active", "paused", "error"]);
+var AuditActionSchema = z24.enum([
+  // Organization
+  "organization.created",
+  "organization.settings_updated",
+  "organization.checklist_template_updated",
+  // Members
+  "member.invited",
+  "member.invite_declined",
+  "member.joined",
+  "member.role_changed",
+  "member.removed",
+  "member.password_reset_forced",
+  // Repositories
+  "repository.connected",
+  "repository.disconnected",
+  "repository.sync_triggered",
+  "repository.updated",
+  "repository.assigned",
+  "repository.unassigned",
+  // Documents
+  "document.synced",
+  "document.removed",
+  "document.viewed",
+  // Releases
+  "release.created",
+  "release.updated",
+  "release.deleted",
+  "release.withdrawn",
+  "release.submitted_for_review",
+  "release.signature_added",
+  "release.approved",
+  "release.published",
+  "release.checklist_updated",
+  "release.signing_obligations_rederived",
+  "release.gate_override_added",
+  "release.gate_override_removed",
+  "release.gate_override_invalidated",
+  "release.viewed",
+  // Signatures
+  "signature.created",
+  "signature.attempt_failed",
+  "signature.lockout_triggered",
+  // Signing Requests
+  "signing_request.created",
+  "signing_request.sent",
+  "signing_request.viewed",
+  "signing_request.signed",
+  "signing_request.declined",
+  "signing_request.cancelled",
+  "signing_request.expired",
+  "signing_request.reminded",
+  "signing_request.document_accessed",
+  // Training
+  "training.assigned",
+  "training.completed",
+  "training.started",
+  "training.settings_updated",
+  "training.quiz_submitted",
+  "training.quiz_passed",
+  "training.quiz_failed",
+  "training.overdue_notified",
+  "training.acknowledged",
+  "training.signature_added",
+  "training.instructor_signoff",
+  "training.task_created",
+  "training.viewed",
+  // QMS
+  "qms.created",
+  "qms.updated",
+  "qms.deleted",
+  // Devices
+  "device.created",
+  "device.updated",
+  "device.deleted",
+  // DCOs
+  "dco.created",
+  "dco.updated",
+  "dco.deleted",
+  "dco.submitted",
+  "dco.obligation_fulfilled",
+  "dco.approved",
+  "dco.effective",
+  // Design Reviews
+  "design_review.created",
+  "design_review.updated",
+  "design_review.deleted",
+  "design_review.submitted",
+  "design_review.signature_added",
+  "design_review.signed",
+  "design_review.cancelled",
+  // CAPAs
+  "capa.created",
+  "capa.updated",
+  "capa.deleted",
+  "capa.investigation_started",
+  "capa.implementation_started",
+  "capa.verification_started",
+  "capa.closed",
+  "capa.cancelled",
+  "capa.action_added",
+  "capa.action_updated",
+  "capa.action_removed",
+  // Complaints
+  "complaint.created",
+  "complaint.updated",
+  "complaint.deleted",
+  "complaint.investigation_started",
+  "complaint.resolved",
+  "complaint.closed",
+  "complaint.cancelled",
+  "complaint.escalated_to_capa",
+  // Nonconformances
+  "nc.created",
+  "nc.updated",
+  "nc.deleted",
+  "nc.investigation_started",
+  "nc.disposition_set",
+  "nc.concession_approved",
+  "nc.closed",
+  "nc.cancelled",
+  "nc.escalated_to_capa",
+  // Actions
+  "action.created",
+  "action.updated",
+  "action.completed",
+  "action.cancelled",
+  "action.deleted",
+  // Legal
+  "billing_terms.accepted",
+  "legal_document.accepted",
+  // Billing
+  "billing.checkout_created",
+  "billing.portal_accessed",
+  "billing.subscription_activated",
+  "billing.subscription_updated",
+  "billing.subscription_canceled",
+  // API Keys
+  "api_key.created",
+  "api_key.revoked",
+  // Risk Management
+  "risk.viewed",
+  // Compliance
+  "compliance_package.requested",
+  "compliance_package.downloaded",
+  "validation_package.downloaded",
+  // ERSD
+  "ersd.created",
+  "ersd.auto_seeded",
+  // Quality Objectives
+  "quality_objective.created",
+  "quality_objective.updated",
+  "quality_objective.value_recorded",
+  "quality_objective.deactivated",
+  // Quality Reviews
+  "quality_review.created",
+  "quality_review.updated",
+  "quality_review.started",
+  "quality_review.completed",
+  "quality_review.cancelled",
+  // Review Types
+  "review_type.created",
+  "review_type.updated",
+  // Audit
+  "audit_log.exported"
+]);
+var ResourceTypeSchema = z24.enum([
+  "organization",
+  "member",
+  "invite",
+  "repository",
+  "document",
+  "release",
+  "signature",
+  "training",
+  "training_task",
+  "training_settings",
+  "qms",
+  "device",
+  "dco",
+  "design_review",
+  "signing_request",
+  "capa",
+  "complaint",
+  "nonconformance",
+  "action",
+  "legal_acceptance",
+  "subscription",
+  "api_key",
+  "compliance_package",
+  "validation_package",
+  "ersd",
+  "qualityObjective",
+  "qualityReview",
+  "reviewType",
+  "audit_log",
+  "risk_matrix"
+]);
+var ReleaseTypeSchema = z24.enum(["qms", "device", "combined"]);
+var ReleaseStatusSchema = z24.enum(["draft", "in_review", "approved", "published"]);
+var SignatureTypeSchema = z24.enum(["author", "dept_reviewer", "final_approver", "trainee"]);
+var ChangeTypeSchema = z24.enum(["added", "modified", "deleted"]);
+var SigningRequestStatusSchema = z24.enum([
+  "sent",
+  "partially_signed",
+  "completed",
+  "expired",
+  "cancelled"
+]);
+var SignerStatusSchema = z24.enum(["pending", "viewed", "signed", "declined"]);
+var FieldTypeSchema = z24.enum(["signature", "initials", "date"]);
+
+// ../shared/dist/constants/risk-matrix.js
+var RISK_DOCUMENT_TYPES = [
+  "software_risk",
+  "usability_risk",
+  "security_risk"
+];
+var HAZARD_DOCUMENT_TYPES = ["haz_soe_software", "haz_soe_security"];
+var ALL_RISK_RELATED_DOCUMENT_TYPES = [
+  ...RISK_DOCUMENT_TYPES,
+  ...HAZARD_DOCUMENT_TYPES,
+  "hazardous_situation",
+  "harm"
+];
+
+// ../shared/dist/constants/document-types.js
+var QMS_DOCUMENT_TYPES = [
+  "sop",
+  "policy",
+  "work_instruction",
+  "supplier",
+  // Internal audit management (ISO 13485 §8.2.2)
+  "audit_schedule",
+  "audit_report",
+  // Management review (ISO 13485 §5.6)
+  "management_review"
+];
+var DEVICE_DOCUMENT_TYPES = [
+  "user_need",
+  "requirement",
+  "architecture",
+  "detailed_design",
+  "test_protocol",
+  "test_report",
+  "usability_risk",
+  "software_risk",
+  "security_risk",
+  "hazardous_situation",
+  "harm",
+  "haz_soe_software",
+  "haz_soe_security",
+  "hazard_category",
+  // Usability engineering (IEC 62366)
+  "usability_plan",
+  "use_specification",
+  "task_analysis",
+  "usability_evaluation",
+  "summative_evaluation",
+  // Risk management (ISO 14971)
+  "risk_management_plan",
+  // Software lifecycle (IEC 62304)
+  "software_development_plan",
+  "software_maintenance_plan",
+  "soup_register",
+  // Problem resolution (IEC 62304 §9)
+  "anomaly",
+  // Cybersecurity (IEC 81001-5-1)
+  "cybersecurity_plan",
+  "sbom",
+  // Clinical (MDR / FDA)
+  "clinical_evaluation_plan",
+  "clinical_evaluation_report",
+  // Post-market surveillance (MDR Art. 83)
+  "post_market_surveillance_plan",
+  "post_market_feedback",
+  // Labeling (MDR Annex I)
+  "labeling",
+  // Product (ISO 13485 §7.3)
+  "product_development_plan",
+  "intended_use",
+  // Release management (IEC 62304 §5.7)
+  "release_plan",
+  // Change management (ISO 13485 §7.3.5)
+  "design_review",
+  "release_notes",
+  // Software test plan (IEC 62304 §5.7)
+  "software_test_plan"
+];
+var CHANGE_DOCUMENT_TYPES = ["design_review", "release_plan"];
+function isChangeDocumentType(type) {
+  return CHANGE_DOCUMENT_TYPES.includes(type);
+}
+function isQmsDocumentType(type) {
+  return QMS_DOCUMENT_TYPES.includes(type);
+}
+function isDeviceDocumentType(type) {
+  return DEVICE_DOCUMENT_TYPES.includes(type);
+}
+
+// ../shared/dist/constants/index.js
+var DOCUMENT_TYPES = {
+  user_need: "User Need",
+  requirement: "Requirement",
+  architecture: "Architecture",
+  detailed_design: "Detailed Design",
+  test_protocol: "Test Protocol",
+  test_report: "Test Report",
+  sop: "SOP",
+  work_instruction: "Work Instruction",
+  policy: "Policy",
+  usability_risk: "Usability Risk",
+  software_risk: "Software Risk",
+  security_risk: "Security Risk",
+  // Risk document types
+  haz_soe_software: "Hazard (Software)",
+  haz_soe_security: "Hazard (Security)",
+  hazardous_situation: "Hazardous Situation",
+  harm: "Harm",
+  hazard_category: "Hazard Category",
+  // Usability engineering (IEC 62366)
+  usability_plan: "Usability Plan",
+  use_specification: "Use Specification",
+  task_analysis: "Task Analysis",
+  usability_evaluation: "Usability Evaluation",
+  summative_evaluation: "Summative Evaluation",
+  // Risk management (ISO 14971)
+  risk_management_plan: "Risk Management Plan",
+  // Software lifecycle (IEC 62304)
+  software_development_plan: "Software Development Plan",
+  software_maintenance_plan: "Software Maintenance Plan",
+  soup_register: "SOUP Register",
+  // Problem resolution (IEC 62304 §9)
+  anomaly: "Anomaly",
+  // Cybersecurity (IEC 81001-5-1)
+  cybersecurity_plan: "Cybersecurity Plan",
+  sbom: "SBOM",
+  // Clinical (MDR / FDA)
+  clinical_evaluation_plan: "Clinical Evaluation Plan",
+  clinical_evaluation_report: "Clinical Evaluation Report",
+  // Post-market surveillance (MDR Art. 83)
+  post_market_surveillance_plan: "Post-Market Surveillance Plan",
+  post_market_feedback: "Post-Market Feedback",
+  // Labeling (MDR Annex I)
+  labeling: "Labeling",
+  // Product (ISO 13485 §7.3)
+  product_development_plan: "Product Development Plan",
+  intended_use: "Intended Use",
+  // Release management (IEC 62304 §5.7)
+  release_plan: "Release Plan",
+  // Change management (ISO 13485 §7.3.5)
+  design_review: "Design Review",
+  release_notes: "Release Notes",
+  // Supplier management (ISO 13485 §7.4)
+  supplier: "Supplier",
+  // Internal audit management (ISO 13485 §8.2.2)
+  audit_schedule: "Audit Schedule",
+  audit_report: "Audit Report",
+  // Management review (ISO 13485 §5.6)
+  management_review: "Management Review",
+  // Software test plan (IEC 62304 §5.7)
+  software_test_plan: "Software Test Plan"
+};
+var LINK_TYPES = {
+  derives_from: "Derives From",
+  implements: "Implements",
+  verified_by: "Verified By",
+  mitigates: "Mitigates",
+  parent_of: "Parent Of",
+  related_to: "Related To",
+  // New risk link types
+  leads_to: "Leads To",
+  results_in: "Results In",
+  analyzes: "Analyzes"
+};
+var REQUIRED_SECTIONS = {
+  user_need: ["Purpose", "Stakeholder", "User Needs"],
+  architecture: ["Purpose"],
+  release_plan: ["Scope", "Applicable Plans", "Release-Specific Criteria", "Known Anomalies"],
+  design_review: ["Review Scope", "Attendees", "Findings", "Actions", "Conclusion"],
+  release_notes: ["Changes", "Known Issues"],
+  audit_schedule: ["Scope", "Audit Criteria"],
+  audit_report: ["Scope", "Methodology", "Findings", "Conclusion"],
+  management_review: ["Review Inputs", "Review Outputs", "Action Items", "Decisions"],
+  hazard_category: ["Description", "Examples", "Applicable Standards"]
+};
+
+// ../shared/dist/validators/permissions.js
+import { z as z25 } from "zod";
+var MemberPermissionsSchema = z25.object({
+  canSign: z25.boolean(),
+  canApprove: z25.boolean(),
+  canCreateRelease: z25.boolean(),
+  canPublishRelease: z25.boolean(),
+  canManageMembers: z25.boolean(),
+  canViewAuditLog: z25.boolean(),
+  canExport: z25.boolean()
+});
 
 // src/schema-map.ts
-import {
-  AnomalyFrontmatterSchema,
-  AuditReportFrontmatterSchema,
-  AuditScheduleFrontmatterSchema,
-  ClinicalEvaluationPlanFrontmatterSchema,
-  ClinicalEvaluationReportFrontmatterSchema,
-  CybersecurityPlanFrontmatterSchema,
-  DesignReviewFrontmatterSchema,
-  HarmFrontmatterSchema,
-  HazardCategoryFrontmatterSchema,
-  HazardFrontmatterSchema,
-  HazardousSituationFrontmatterSchema,
-  IntendedUseFrontmatterSchema,
-  LabelingFrontmatterSchema,
-  ManagementReviewFrontmatterSchema,
-  PostMarketFeedbackFrontmatterSchema,
-  PostMarketSurveillancePlanFrontmatterSchema,
-  ProductDevelopmentPlanFrontmatterSchema,
-  ReleasePlanFrontmatterSchema,
-  ReleaseNotesFrontmatterSchema,
-  RequirementFrontmatterSchema,
-  RiskEntryFrontmatterSchema,
-  RiskManagementPlanFrontmatterSchema,
-  SbomFrontmatterSchema,
-  SoftwareDevelopmentPlanFrontmatterSchema,
-  SoftwareMaintenancePlanFrontmatterSchema,
-  SoftwareTestPlanFrontmatterSchema,
-  SoupRegisterFrontmatterSchema,
-  SummativeEvaluationFrontmatterSchema,
-  TaskAnalysisFrontmatterSchema,
-  TestProtocolFrontmatterSchema,
-  TestReportFrontmatterSchema,
-  UsabilityEvaluationFrontmatterSchema,
-  UsabilityPlanFrontmatterSchema,
-  UseSpecificationFrontmatterSchema,
-  UserNeedFrontmatterSchema
-} from "@pactosigna/shared";
 var SCHEMA_MAP = {
   // Risk entries
   software_risk: RiskEntryFrontmatterSchema,
@@ -211,7 +1383,6 @@ function getSchemaForDocumentType(type) {
 
 // src/validate-document.ts
 import matter from "gray-matter";
-import { REQUIRED_SECTIONS } from "@pactosigna/shared";
 function validateDocument(content, filePath) {
   const errors = [];
   const warnings = [];
@@ -399,78 +1570,78 @@ export {
   AcceptabilityStatusSchema,
   AnomalyCategorySchema,
   AnomalyDispositionSchema,
-  AnomalyFrontmatterSchema2 as AnomalyFrontmatterSchema,
+  AnomalyFrontmatterSchema,
   AnomalySeveritySchema,
   AuditFindingClassificationSchema,
   AuditFindingSchema,
-  AuditReportFrontmatterSchema2 as AuditReportFrontmatterSchema,
-  AuditScheduleFrontmatterSchema2 as AuditScheduleFrontmatterSchema,
+  AuditReportFrontmatterSchema,
+  AuditScheduleFrontmatterSchema,
   AuditStatusSchema,
   CHANGE_DOCUMENT_TYPES,
-  ClinicalEvaluationPlanFrontmatterSchema2 as ClinicalEvaluationPlanFrontmatterSchema,
-  ClinicalEvaluationReportFrontmatterSchema2 as ClinicalEvaluationReportFrontmatterSchema,
-  CybersecurityPlanFrontmatterSchema2 as CybersecurityPlanFrontmatterSchema,
+  ClinicalEvaluationPlanFrontmatterSchema,
+  ClinicalEvaluationReportFrontmatterSchema,
+  CybersecurityPlanFrontmatterSchema,
   DEVICE_DOCUMENT_TYPES,
   DOCUMENT_TYPES,
-  DesignReviewFrontmatterSchema2 as DesignReviewFrontmatterSchema,
+  DesignReviewFrontmatterSchema,
   DocumentStatusSchema,
   DocumentTypeSchema,
   FOLDER_RULES,
-  HarmFrontmatterSchema2 as HarmFrontmatterSchema,
-  HazardCategoryFrontmatterSchema2 as HazardCategoryFrontmatterSchema,
-  HazardFrontmatterSchema2 as HazardFrontmatterSchema,
-  HazardousSituationFrontmatterSchema2 as HazardousSituationFrontmatterSchema,
-  IntendedUseFrontmatterSchema2 as IntendedUseFrontmatterSchema,
+  HarmFrontmatterSchema,
+  HazardCategoryFrontmatterSchema,
+  HazardFrontmatterSchema,
+  HazardousSituationFrontmatterSchema,
+  IntendedUseFrontmatterSchema,
   JSON_SBOM_FOLDERS,
   LINK_TYPES,
-  LabelingFrontmatterSchema2 as LabelingFrontmatterSchema,
+  LabelingFrontmatterSchema,
   LinkTypeSchema,
   ManagementReviewAttendeeSchema,
-  ManagementReviewFrontmatterSchema2 as ManagementReviewFrontmatterSchema,
+  ManagementReviewFrontmatterSchema,
   MitigationSchema,
   MitigationTargetSchema,
   NON_REGULATED_FOLDERS,
   PlannedAuditEntrySchema,
   PostMarketFeedbackCategorySchema,
-  PostMarketFeedbackFrontmatterSchema2 as PostMarketFeedbackFrontmatterSchema,
+  PostMarketFeedbackFrontmatterSchema,
   PostMarketFeedbackSeveritySchema,
-  PostMarketSurveillancePlanFrontmatterSchema2 as PostMarketSurveillancePlanFrontmatterSchema,
-  ProductDevelopmentPlanFrontmatterSchema2 as ProductDevelopmentPlanFrontmatterSchema,
+  PostMarketSurveillancePlanFrontmatterSchema,
+  ProductDevelopmentPlanFrontmatterSchema,
   QMS_DOCUMENT_TYPES,
-  REQUIRED_SECTIONS2 as REQUIRED_SECTIONS,
+  REQUIRED_SECTIONS,
   RegulatoryFrameworkSchema,
   ReleaseNotesAudienceSchema,
-  ReleaseNotesFrontmatterSchema2 as ReleaseNotesFrontmatterSchema,
-  ReleasePlanFrontmatterSchema2 as ReleasePlanFrontmatterSchema,
+  ReleaseNotesFrontmatterSchema,
+  ReleasePlanFrontmatterSchema,
   ReleaseReviewConfigSchema,
   RepoConfigSchema,
   RequirementFormatSchema,
-  RequirementFrontmatterSchema2 as RequirementFrontmatterSchema,
+  RequirementFrontmatterSchema,
   RequirementFulfillmentTypeSchema,
   RequirementTypeSchema,
   RetentionPolicySchema,
   RiskDocumentStatusSchema,
-  RiskEntryFrontmatterSchema2 as RiskEntryFrontmatterSchema,
+  RiskEntryFrontmatterSchema,
   RiskGapCodeSchema,
   RiskGapSeveritySchema,
-  RiskManagementPlanFrontmatterSchema2 as RiskManagementPlanFrontmatterSchema,
+  RiskManagementPlanFrontmatterSchema,
   RiskMatrixConfigSchema,
   SCHEMA_MAP,
   SafetyClassSchema,
-  SbomFrontmatterSchema2 as SbomFrontmatterSchema,
-  SoftwareDevelopmentPlanFrontmatterSchema2 as SoftwareDevelopmentPlanFrontmatterSchema,
-  SoftwareMaintenancePlanFrontmatterSchema2 as SoftwareMaintenancePlanFrontmatterSchema,
-  SoftwareTestPlanFrontmatterSchema2 as SoftwareTestPlanFrontmatterSchema,
-  SoupRegisterFrontmatterSchema2 as SoupRegisterFrontmatterSchema,
-  SummativeEvaluationFrontmatterSchema2 as SummativeEvaluationFrontmatterSchema,
-  TaskAnalysisFrontmatterSchema2 as TaskAnalysisFrontmatterSchema,
+  SbomFrontmatterSchema,
+  SoftwareDevelopmentPlanFrontmatterSchema,
+  SoftwareMaintenancePlanFrontmatterSchema,
+  SoftwareTestPlanFrontmatterSchema,
+  SoupRegisterFrontmatterSchema,
+  SummativeEvaluationFrontmatterSchema,
+  TaskAnalysisFrontmatterSchema,
   TestPhaseSchema,
-  TestProtocolFrontmatterSchema2 as TestProtocolFrontmatterSchema,
-  TestReportFrontmatterSchema2 as TestReportFrontmatterSchema,
-  UsabilityEvaluationFrontmatterSchema2 as UsabilityEvaluationFrontmatterSchema,
-  UsabilityPlanFrontmatterSchema2 as UsabilityPlanFrontmatterSchema,
-  UseSpecificationFrontmatterSchema2 as UseSpecificationFrontmatterSchema,
-  UserNeedFrontmatterSchema2 as UserNeedFrontmatterSchema,
+  TestProtocolFrontmatterSchema,
+  TestReportFrontmatterSchema,
+  UsabilityEvaluationFrontmatterSchema,
+  UsabilityPlanFrontmatterSchema,
+  UseSpecificationFrontmatterSchema,
+  UserNeedFrontmatterSchema,
   UserNeedPrioritySchema,
   findFolderRule,
   getEffectiveRetentionYears,