@pactosigna/trace 0.1.0 → 0.1.1

package/dist/cli.js

@@ -32,6 +32,7 @@ import { z as z28 } from "zod";
 import { z as z29 } from "zod";
 import { z as z30 } from "zod";
 import { z as z31 } from "zod";
+import { z as z32 } from "zod";
 var REQUIRED_SECTIONS = {
   user_need: ["User Story", "Validation Criteria"],
   architecture: ["Purpose", "Architecture Overview", "Interfaces"],
@@ -2426,6 +2427,7 @@ var ResourceTypeSchema = z31.enum([
   "component",
   "compiled_record_export"
 ]);
+var ExportSignatureModeSchema = z32.enum(["live", "frozen"]);
 
 // src/loaders/filesystem-document-loader.ts
 import { readdirSync, readFileSync, statSync } from "fs";
@@ -4005,8 +4007,8 @@ import { relative as relative3, resolve } from "path";
 
 // ../schemas/dist/index.js
 import { z as z210 } from "zod";
-import { z as z32 } from "zod";
 import { z as z33 } from "zod";
+import { z as z34 } from "zod";
 import { z as z42 } from "zod";
 import { z as z52 } from "zod";
 import { z as z72 } from "zod";
@@ -4035,6 +4037,7 @@ import { z as z282 } from "zod";
 import { z as z292 } from "zod";
 import { z as z302 } from "zod";
 import { z as z312 } from "zod";
+import { z as z322 } from "zod";
 import matter2 from "gray-matter";
 import path from "path";
 import fs from "fs";
@@ -4067,7 +4070,7 @@ var REQUIRED_SECTIONS2 = {
     "Training Requirements"
   ]
 };
-var RiskDocumentStatusSchema2 = z32.enum([
+var RiskDocumentStatusSchema2 = z33.enum([
   "draft",
   "in_review",
   "approved",
@@ -4075,13 +4078,13 @@ var RiskDocumentStatusSchema2 = z32.enum([
   "archived",
   "example"
 ]);
-var IsoCategorySchema2 = z32.enum([
+var IsoCategorySchema2 = z33.enum([
   "safe_design",
   "protective_measure",
   "safety_information"
 ]);
-var ReducesTargetSchema2 = z32.enum(["p1_sequence", "p2_harm", "severity"]);
-var RiskGapCodeSchema2 = z32.enum([
+var ReducesTargetSchema2 = z33.enum(["p1_sequence", "p2_harm", "severity"]);
+var RiskGapCodeSchema2 = z33.enum([
   "hazard_no_situation",
   "situation_no_harm",
   "hazard_not_analyzed",
@@ -4114,40 +4117,40 @@ var RiskGapCodeSchema2 = z32.enum([
   "risk_control_no_verification",
   "architecture_no_asset_types"
 ]);
-var RiskGapSeveritySchema2 = z32.enum(["error", "warning"]);
-var MitigationSchema2 = z32.object({
-  control: z32.string().min(1),
+var RiskGapSeveritySchema2 = z33.enum(["error", "warning"]);
+var MitigationSchema2 = z33.object({
+  control: z33.string().min(1),
   iso_category: IsoCategorySchema2,
   reduces: ReducesTargetSchema2
 });
-var HarmAssessmentSchema2 = z32.object({
-  harm: z32.string().min(1),
-  inherent_probability: z32.number().int().min(1).max(5).optional(),
-  inherent_exploitability: z32.number().int().min(1).max(5).optional(),
-  residual_probability: z32.number().int().min(1).max(5).optional(),
-  residual_exploitability: z32.number().int().min(1).max(5).optional(),
-  harm_severity_override: z32.number().int().min(1).max(5).optional(),
-  risk_acceptable: z32.boolean(),
-  benefit_outweighs_risk: z32.boolean().optional()
-});
-var HazardousSituationAssessmentSchema2 = z32.object({
-  hazardous_situation: z32.string().min(1),
-  mitigations: z32.array(MitigationSchema2).optional(),
-  harms: z32.array(HarmAssessmentSchema2).min(1)
-});
-var RiskEntryFrontmatterSchema2 = z32.object({
-  type: z32.enum(["software_risk", "usability_risk", "security_risk"]),
-  id: z32.string().min(1),
-  title: z32.string().min(1),
+var HarmAssessmentSchema2 = z33.object({
+  harm: z33.string().min(1),
+  inherent_probability: z33.number().int().min(1).max(5).optional(),
+  inherent_exploitability: z33.number().int().min(1).max(5).optional(),
+  residual_probability: z33.number().int().min(1).max(5).optional(),
+  residual_exploitability: z33.number().int().min(1).max(5).optional(),
+  harm_severity_override: z33.number().int().min(1).max(5).optional(),
+  risk_acceptable: z33.boolean(),
+  benefit_outweighs_risk: z33.boolean().optional()
+});
+var HazardousSituationAssessmentSchema2 = z33.object({
+  hazardous_situation: z33.string().min(1),
+  mitigations: z33.array(MitigationSchema2).optional(),
+  harms: z33.array(HarmAssessmentSchema2).min(1)
+});
+var RiskEntryFrontmatterSchema2 = z33.object({
+  type: z33.enum(["software_risk", "usability_risk", "security_risk"]),
+  id: z33.string().min(1),
+  title: z33.string().min(1),
   status: RiskDocumentStatusSchema2,
-  author: z32.string().min(1),
-  reviewers: z32.array(z32.string()).optional(),
-  approvers: z32.array(z32.string()).optional(),
-  analyzes: z32.string().min(1),
-  mitigations: z32.array(MitigationSchema2).optional(),
-  hazardous_situation_assessments: z32.array(HazardousSituationAssessmentSchema2).min(1),
-  cvss_score: z32.number().min(0).max(10).optional(),
-  cvss_vector: z32.string().regex(
+  author: z33.string().min(1),
+  reviewers: z33.array(z33.string()).optional(),
+  approvers: z33.array(z33.string()).optional(),
+  analyzes: z33.string().min(1),
+  mitigations: z33.array(MitigationSchema2).optional(),
+  hazardous_situation_assessments: z33.array(HazardousSituationAssessmentSchema2).min(1),
+  cvss_score: z33.number().min(0).max(10).optional(),
+  cvss_vector: z33.string().regex(
     /^CVSS:3\.[01]\/AV:[NALP]\/AC:[LH]\/PR:[NLH]\/UI:[NR]\/S:[UC]\/C:[NLH]\/I:[NLH]\/A:[NLH]$/
   ).optional()
 }).refine(
@@ -4170,77 +4173,77 @@ var RiskEntryFrontmatterSchema2 = z32.object({
     message: "benefit_outweighs_risk required when risk_acceptable is false"
   }
 );
-var HazardSoftwareFrontmatterSchema2 = z32.object({
-  type: z32.literal("haz_soe_software"),
-  id: z32.string().min(1),
-  title: z32.string().min(1),
+var HazardSoftwareFrontmatterSchema2 = z33.object({
+  type: z33.literal("haz_soe_software"),
+  id: z33.string().min(1),
+  title: z33.string().min(1),
   status: RiskDocumentStatusSchema2,
-  author: z32.string().min(1),
-  reviewers: z32.array(z32.string()).optional(),
-  approvers: z32.array(z32.string()).optional(),
-  preliminary: z32.boolean().default(false),
-  leads_to: z32.array(z32.string()).optional(),
-  hazard_category: z32.string().optional(),
-  detection_score: z32.number().int().min(1).max(5).optional(),
-  detection_method: z32.string().optional(),
+  author: z33.string().min(1),
+  reviewers: z33.array(z33.string()).optional(),
+  approvers: z33.array(z33.string()).optional(),
+  preliminary: z33.boolean().default(false),
+  leads_to: z33.array(z33.string()).optional(),
+  hazard_category: z33.string().optional(),
+  detection_score: z33.number().int().min(1).max(5).optional(),
+  detection_method: z33.string().optional(),
   /** Reference to the HLD/SDD software item this hazard applies to (IEC 62304 §7.1) */
-  software_item: z32.string().min(1).optional()
+  software_item: z33.string().min(1).optional()
 });
-var HazardSecurityFrontmatterSchema2 = z32.object({
-  type: z32.literal("haz_soe_security"),
-  id: z32.string().min(1),
-  title: z32.string().min(1),
+var HazardSecurityFrontmatterSchema2 = z33.object({
+  type: z33.literal("haz_soe_security"),
+  id: z33.string().min(1),
+  title: z33.string().min(1),
   status: RiskDocumentStatusSchema2,
-  author: z32.string().min(1),
-  reviewers: z32.array(z32.string()).optional(),
-  approvers: z32.array(z32.string()).optional(),
-  preliminary: z32.boolean().default(false),
-  leads_to: z32.array(z32.string()).optional(),
-  hazard_category: z32.string().optional(),
+  author: z33.string().min(1),
+  reviewers: z33.array(z33.string()).optional(),
+  approvers: z33.array(z33.string()).optional(),
+  preliminary: z33.boolean().default(false),
+  leads_to: z33.array(z33.string()).optional(),
+  hazard_category: z33.string().optional(),
   /** Reference to the HLD/SDD software item this security hazard applies to (IEC 62304 §7.1, IEC 81001-5-1) */
-  software_item: z32.string().min(1).optional()
+  software_item: z33.string().min(1).optional()
 });
-var HazardFrontmatterSchema2 = z32.discriminatedUnion("type", [
+var HazardFrontmatterSchema2 = z33.discriminatedUnion("type", [
   HazardSoftwareFrontmatterSchema2,
   HazardSecurityFrontmatterSchema2
 ]);
-var HazardCategoryFrontmatterSchema2 = z32.object({
-  type: z32.literal("hazard_category"),
-  id: z32.string().min(1),
-  title: z32.string().min(1),
+var HazardCategoryFrontmatterSchema2 = z33.object({
+  type: z33.literal("hazard_category"),
+  id: z33.string().min(1),
+  title: z33.string().min(1),
   status: RiskDocumentStatusSchema2,
-  source: z32.string().optional()
+  source: z33.string().optional()
 });
-var HazardousSituationFrontmatterSchema2 = z32.object({
-  type: z32.literal("hazardous_situation"),
-  id: z32.string().min(1),
-  title: z32.string().min(1),
+var HazardousSituationFrontmatterSchema2 = z33.object({
+  type: z33.literal("hazardous_situation"),
+  id: z33.string().min(1),
+  title: z33.string().min(1),
   status: RiskDocumentStatusSchema2,
-  results_in: z32.array(z32.string()).optional()
+  results_in: z33.array(z33.string()).optional()
 });
-var HarmFrontmatterSchema2 = z32.object({
-  type: z32.literal("harm"),
-  id: z32.string().min(1),
-  title: z32.string().min(1),
+var HarmFrontmatterSchema2 = z33.object({
+  type: z33.literal("harm"),
+  id: z33.string().min(1),
+  title: z33.string().min(1),
   status: RiskDocumentStatusSchema2,
-  severity: z32.number().int().min(1).max(5),
-  category: z32.string().optional()
-});
-var RiskMatrixConfigSchema2 = z32.object({
-  version: z32.number(),
-  labels: z32.object({
-    severity: z32.array(z32.string()).length(5),
-    probability: z32.array(z32.string()).length(5),
-    exploitability: z32.array(z32.string()).length(5).optional()
+  severity: z33.number().int().min(1).max(5),
+  category: z33.string().optional()
+});
+var RiskMatrixConfigSchema2 = z33.object({
+  version: z33.number(),
+  labels: z33.object({
+    severity: z33.array(z33.string()).length(5),
+    probability: z33.array(z33.string()).length(5),
+    exploitability: z33.array(z33.string()).length(5).optional()
   }),
-  acceptability: z32.object({
-    unacceptable: z32.array(z32.tuple([z32.number(), z32.number()])),
-    review_required: z32.array(z32.tuple([z32.number(), z32.number()])).optional()
+  acceptability: z33.object({
+    unacceptable: z33.array(z33.tuple([z33.number(), z33.number()])),
+    review_required: z33.array(z33.tuple([z33.number(), z33.number()])).optional()
   }),
-  overrides: z32.record(
-    z32.object({
-      unacceptable: z32.array(z32.tuple([z32.number(), z32.number()])),
-      review_required: z32.array(z32.tuple([z32.number(), z32.number()])).optional()
+  overrides: z33.record(
+    z33.object({
+      unacceptable: z33.array(z33.tuple([z33.number(), z33.number()])),
+      review_required: z33.array(z33.tuple([z33.number(), z33.number()])).optional()
     })
   ).optional()
 });
@@ -4271,50 +4274,50 @@ var AnomalyFrontmatterSchema2 = z210.object({
   reviewers: z210.array(z210.string()).optional(),
   approvers: z210.array(z210.string()).optional()
 });
-var AuditFindingClassificationSchema2 = z33.enum(["observation", "minor_nc", "major_nc"]);
-var AuditStatusSchema2 = z33.enum(["planned", "in_progress", "completed", "cancelled"]);
-var PlannedAuditEntrySchema2 = z33.object({
-  audit_id: z33.string().min(1),
-  process_area: z33.string().min(1),
-  clause: z33.string().optional(),
-  planned_date: z33.string().min(1),
-  auditor: z33.string().min(1),
+var AuditFindingClassificationSchema2 = z34.enum(["observation", "minor_nc", "major_nc"]);
+var AuditStatusSchema2 = z34.enum(["planned", "in_progress", "completed", "cancelled"]);
+var PlannedAuditEntrySchema2 = z34.object({
+  audit_id: z34.string().min(1),
+  process_area: z34.string().min(1),
+  clause: z34.string().optional(),
+  planned_date: z34.string().min(1),
+  auditor: z34.string().min(1),
   status: AuditStatusSchema2
 });
-var AuditScheduleFrontmatterSchema2 = z33.object({
-  id: z33.string().min(1),
-  title: z33.string().min(1),
-  type: z33.literal("audit_schedule").optional(),
-  status: z33.string().optional(),
-  author: z33.string().optional(),
-  reviewers: z33.array(z33.string()).optional(),
-  approvers: z33.array(z33.string()).optional(),
-  cycle_year: z33.number().int().min(2e3).max(2100),
-  audits: z33.array(PlannedAuditEntrySchema2).min(1)
-});
-var AuditFindingSchema2 = z33.object({
-  finding_id: z33.string().min(1),
+var AuditScheduleFrontmatterSchema2 = z34.object({
+  id: z34.string().min(1),
+  title: z34.string().min(1),
+  type: z34.literal("audit_schedule").optional(),
+  status: z34.string().optional(),
+  author: z34.string().optional(),
+  reviewers: z34.array(z34.string()).optional(),
+  approvers: z34.array(z34.string()).optional(),
+  cycle_year: z34.number().int().min(2e3).max(2100),
+  audits: z34.array(PlannedAuditEntrySchema2).min(1)
+});
+var AuditFindingSchema2 = z34.object({
+  finding_id: z34.string().min(1),
   classification: AuditFindingClassificationSchema2,
-  description: z33.string().min(1),
-  capa_id: z33.string().optional()
-});
-var AuditReportFrontmatterSchema2 = z33.object({
-  id: z33.string().min(1),
-  title: z33.string().min(1),
-  type: z33.literal("audit_report").optional(),
-  status: z33.string().optional(),
-  author: z33.string().optional(),
-  reviewers: z33.array(z33.string()).optional(),
-  approvers: z33.array(z33.string()).optional(),
-  audit_date: z33.string().min(1),
-  audit_id: z33.string().optional(),
-  process_area: z33.string().min(1),
-  clause: z33.string().optional(),
-  auditor: z33.string().min(1),
-  findings: z33.array(AuditFindingSchema2),
-  findings_major: z33.number().int().min(0).optional(),
-  findings_minor: z33.number().int().min(0).optional(),
-  findings_observations: z33.number().int().min(0).optional()
+  description: z34.string().min(1),
+  capa_id: z34.string().optional()
+});
+var AuditReportFrontmatterSchema2 = z34.object({
+  id: z34.string().min(1),
+  title: z34.string().min(1),
+  type: z34.literal("audit_report").optional(),
+  status: z34.string().optional(),
+  author: z34.string().optional(),
+  reviewers: z34.array(z34.string()).optional(),
+  approvers: z34.array(z34.string()).optional(),
+  audit_date: z34.string().min(1),
+  audit_id: z34.string().optional(),
+  process_area: z34.string().min(1),
+  clause: z34.string().optional(),
+  auditor: z34.string().min(1),
+  findings: z34.array(AuditFindingSchema2),
+  findings_major: z34.number().int().min(0).optional(),
+  findings_minor: z34.number().int().min(0).optional(),
+  findings_observations: z34.number().int().min(0).optional()
 });
 var ClinicalEvaluationPlanFrontmatterSchema2 = z42.object({
   type: z42.literal("clinical_evaluation_plan"),
@@ -5431,6 +5434,7 @@ var ResourceTypeSchema2 = z312.enum([
   "component",
   "compiled_record_export"
 ]);
+var ExportSignatureModeSchema2 = z322.enum(["live", "frozen"]);
 var SCHEMA_MAP = {
   // Risk entries
   software_risk: RiskEntryFrontmatterSchema2,

package/dist/index.js

@@ -998,6 +998,7 @@ import { z as z28 } from "zod";
 import { z as z29 } from "zod";
 import { z as z30 } from "zod";
 import { z as z31 } from "zod";
+import { z as z32 } from "zod";
 var REQUIRED_SECTIONS = {
   user_need: ["User Story", "Validation Criteria"],
   architecture: ["Purpose", "Architecture Overview", "Interfaces"],
@@ -3343,6 +3344,7 @@ var ResourceTypeSchema = z31.enum([
   "component",
   "compiled_record_export"
 ]);
+var ExportSignatureModeSchema = z32.enum(["live", "frozen"]);
 
 // src/impact/baseline-scan.ts
 function scanBaselineGaps(rootDir, baseBranch, config) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pactosigna/trace",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "type": "module",
   "description": "QMS traceability engine — gap detection, risk analysis, impact analysis (IEC 62304, ISO 14971)",
   "publishConfig": {
@@ -21,13 +21,6 @@
       "types": "./dist/index.d.ts"
     }
   },
-  "scripts": {
-    "build": "tsup && tsc -p tsconfig.build.json",
-    "test": "vitest run",
-    "test:coverage": "vitest run --coverage",
-    "typecheck": "tsc --noEmit",
-    "clean": "rm -rf dist"
-  },
   "dependencies": {
     "gray-matter": "^4.0.3",
     "js-yaml": "^4.1.1",
@@ -35,14 +28,21 @@
     "zod": "^3.24.1"
   },
   "devDependencies": {
-    "@pactosigna/domain": "workspace:*",
-    "@pactosigna/schemas": "workspace:*",
     "@types/js-yaml": "^4.0.9",
     "@types/minimatch": "^6.0.0",
     "@vitest/coverage-v8": "^3.0.0",
     "tsup": "^8.0.0",
     "typescript": "^5.7.2",
-    "vitest": "^3.0.0"
+    "vitest": "^3.0.0",
+    "@pactosigna/domain": "0.1.0",
+    "@pactosigna/schemas": "0.1.0"
   },
-  "license": "MIT"
-}
+  "license": "MIT",
+  "scripts": {
+    "build": "tsup && tsc -p tsconfig.build.json",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  }
+}