@qulib/core 0.10.0 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/baseline/baseline.schema.d.ts +26 -26
  2. package/dist/baseline/baseline.schema.d.ts.map +1 -1
  3. package/dist/baseline/baseline.schema.js +1 -0
  4. package/dist/cli/confidence-run.js +5 -5
  5. package/dist/index.d.ts +1 -0
  6. package/dist/index.d.ts.map +1 -1
  7. package/dist/index.js +1 -0
  8. package/dist/phases/think.d.ts.map +1 -1
  9. package/dist/phases/think.js +4 -1
  10. package/dist/reporters/heatmap.d.ts +1 -1
  11. package/dist/reporters/heatmap.d.ts.map +1 -1
  12. package/dist/reporters/heatmap.js +2 -0
  13. package/dist/schemas/confidence.schema.d.ts +2 -2
  14. package/dist/schemas/gap-analysis.schema.d.ts +8 -8
  15. package/dist/schemas/gap-analysis.schema.js +1 -1
  16. package/dist/schemas/golden-manifest.schema.d.ts +137 -0
  17. package/dist/schemas/golden-manifest.schema.d.ts.map +1 -0
  18. package/dist/schemas/golden-manifest.schema.js +25 -0
  19. package/dist/schemas/index.d.ts +1 -0
  20. package/dist/schemas/index.d.ts.map +1 -1
  21. package/dist/schemas/index.js +1 -0
  22. package/dist/schemas/public-surface.schema.d.ts +15 -5
  23. package/dist/schemas/public-surface.schema.d.ts.map +1 -1
  24. package/dist/schemas/route-inventory.schema.d.ts +20 -0
  25. package/dist/schemas/route-inventory.schema.d.ts.map +1 -1
  26. package/dist/schemas/route-inventory.schema.js +4 -0
  27. package/dist/schemas/views.schema.d.ts +1 -1
  28. package/dist/tools/scoring/confidence.d.ts.map +1 -1
  29. package/dist/tools/scoring/confidence.js +140 -14
  30. package/dist/tools/scoring/prompt-leakage.d.ts +29 -0
  31. package/dist/tools/scoring/prompt-leakage.d.ts.map +1 -0
  32. package/dist/tools/scoring/prompt-leakage.js +256 -0
  33. package/package.json +2 -2
package/dist/baseline/baseline.schema.d.ts CHANGED
@@ -7,18 +7,18 @@ import { z } from 'zod';
7
7
  export declare const BaselineGapSchema: z.ZodObject<{
8
8
  path: z.ZodString;
9
9
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
10
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
10
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
11
11
  reason: z.ZodString;
12
12
  }, "strip", z.ZodTypeAny, {
13
13
  path: string;
14
14
  severity: "critical" | "high" | "medium" | "low";
15
15
  reason: string;
16
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
16
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
17
17
  }, {
18
18
  path: string;
19
19
  severity: "critical" | "high" | "medium" | "low";
20
20
  reason: string;
21
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
21
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
22
22
  }>;
23
23
  export type BaselineGap = z.infer<typeof BaselineGapSchema>;
24
24
  /**
@@ -34,18 +34,18 @@ export declare const BaselineSnapshotSchema: z.ZodObject<{
34
34
  gaps: z.ZodArray<z.ZodObject<{
35
35
  path: z.ZodString;
36
36
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
37
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
37
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
38
38
  reason: z.ZodString;
39
39
  }, "strip", z.ZodTypeAny, {
40
40
  path: string;
41
41
  severity: "critical" | "high" | "medium" | "low";
42
42
  reason: string;
43
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
43
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
44
44
  }, {
45
45
  path: string;
46
46
  severity: "critical" | "high" | "medium" | "low";
47
47
  reason: string;
48
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
48
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
49
49
  }>, "many">;
50
50
  label: z.ZodOptional<z.ZodString>;
51
51
  }, "strip", z.ZodTypeAny, {
@@ -56,7 +56,7 @@ export declare const BaselineSnapshotSchema: z.ZodObject<{
56
56
  path: string;
57
57
  severity: "critical" | "high" | "medium" | "low";
58
58
  reason: string;
59
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
59
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
60
60
  }[];
61
61
  gapCount: number;
62
62
  savedAt: string;
@@ -69,7 +69,7 @@ export declare const BaselineSnapshotSchema: z.ZodObject<{
69
69
  path: string;
70
70
  severity: "critical" | "high" | "medium" | "low";
71
71
  reason: string;
72
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
72
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
73
73
  }[];
74
74
  gapCount: number;
75
75
  savedAt: string;
@@ -81,7 +81,7 @@ export type BaselineSnapshot = z.infer<typeof BaselineSnapshotSchema>;
81
81
  */
82
82
  export declare const BaselineDeltaItemSchema: z.ZodObject<{
83
83
  path: z.ZodString;
84
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
84
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
85
85
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
86
86
  reason: z.ZodString;
87
87
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -90,13 +90,13 @@ export declare const BaselineDeltaItemSchema: z.ZodObject<{
90
90
  path: string;
91
91
  severity: "critical" | "high" | "medium" | "low";
92
92
  reason: string;
93
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
93
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
94
94
  }, {
95
95
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
96
96
  path: string;
97
97
  severity: "critical" | "high" | "medium" | "low";
98
98
  reason: string;
99
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
99
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
100
100
  }>;
101
101
  export type BaselineDeltaItem = z.infer<typeof BaselineDeltaItemSchema>;
102
102
  /**
@@ -112,7 +112,7 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
112
112
  confidenceDelta: z.ZodNumber;
113
113
  newGaps: z.ZodArray<z.ZodObject<{
114
114
  path: z.ZodString;
115
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
115
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
116
116
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
117
117
  reason: z.ZodString;
118
118
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -121,17 +121,17 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
121
121
  path: string;
122
122
  severity: "critical" | "high" | "medium" | "low";
123
123
  reason: string;
124
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
124
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
125
125
  }, {
126
126
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
127
127
  path: string;
128
128
  severity: "critical" | "high" | "medium" | "low";
129
129
  reason: string;
130
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
130
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
131
131
  }>, "many">;
132
132
  resolvedGaps: z.ZodArray<z.ZodObject<{
133
133
  path: z.ZodString;
134
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
134
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
135
135
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
136
136
  reason: z.ZodString;
137
137
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -140,17 +140,17 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
140
140
  path: string;
141
141
  severity: "critical" | "high" | "medium" | "low";
142
142
  reason: string;
143
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
143
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
144
144
  }, {
145
145
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
146
146
  path: string;
147
147
  severity: "critical" | "high" | "medium" | "low";
148
148
  reason: string;
149
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
149
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
150
150
  }>, "many">;
151
151
  severityChanges: z.ZodArray<z.ZodObject<{
152
152
  path: z.ZodString;
153
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
153
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
154
154
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
155
155
  reason: z.ZodString;
156
156
  status: z.ZodEnum<["new", "resolved", "severity-increased", "severity-decreased"]>;
@@ -159,13 +159,13 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
159
159
  path: string;
160
160
  severity: "critical" | "high" | "medium" | "low";
161
161
  reason: string;
162
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
162
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
163
163
  }, {
164
164
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
165
165
  path: string;
166
166
  severity: "critical" | "high" | "medium" | "low";
167
167
  reason: string;
168
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
168
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
169
169
  }>, "many">;
170
170
  summary: z.ZodString;
171
171
  }, "strip", z.ZodTypeAny, {
@@ -182,21 +182,21 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
182
182
  path: string;
183
183
  severity: "critical" | "high" | "medium" | "low";
184
184
  reason: string;
185
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
185
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
186
186
  }[];
187
187
  resolvedGaps: {
188
188
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
189
189
  path: string;
190
190
  severity: "critical" | "high" | "medium" | "low";
191
191
  reason: string;
192
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
192
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
193
193
  }[];
194
194
  severityChanges: {
195
195
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
196
196
  path: string;
197
197
  severity: "critical" | "high" | "medium" | "low";
198
198
  reason: string;
199
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
199
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
200
200
  }[];
201
201
  }, {
202
202
  summary: string;
@@ -212,21 +212,21 @@ export declare const BaselineDeltaSchema: z.ZodObject<{
212
212
  path: string;
213
213
  severity: "critical" | "high" | "medium" | "low";
214
214
  reason: string;
215
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
215
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
216
216
  }[];
217
217
  resolvedGaps: {
218
218
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
219
219
  path: string;
220
220
  severity: "critical" | "high" | "medium" | "low";
221
221
  reason: string;
222
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
222
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
223
223
  }[];
224
224
  severityChanges: {
225
225
  status: "new" | "resolved" | "severity-increased" | "severity-decreased";
226
226
  path: string;
227
227
  severity: "critical" | "high" | "medium" | "low";
228
228
  reason: string;
229
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
229
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
230
230
  }[];
231
231
  }>;
232
232
  export type BaselineDelta = z.infer<typeof BaselineDeltaSchema>;
package/dist/baseline/baseline.schema.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"baseline.schema.d.ts","sourceRoot":"","sources":["../../src/baseline/baseline.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;EAa5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,sBAAsB;IACjC,gFAAgF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQhF,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAMlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}
1
+ {"version":3,"file":"baseline.schema.d.ts","sourceRoot":"","sources":["../../src/baseline/baseline.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;EAc5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,sBAAsB;IACjC,gFAAgF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQhF,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;EAMlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC"}
package/dist/baseline/baseline.schema.js CHANGED
@@ -15,6 +15,7 @@ export const BaselineGapSchema = z.object({
15
15
  'auth-surface',
16
16
  'coverage',
17
17
  'untested-api-endpoint',
18
+ 'prompt-leakage',
18
19
  ]),
19
20
  reason: z.string(),
20
21
  });
package/dist/cli/confidence-run.js CHANGED
@@ -47,6 +47,11 @@ export function formatConfidenceReport(rc, subjectRef) {
47
47
  for (const b of rc.blockers)
48
48
  lines.push(` • ${b}`);
49
49
  }
50
+ if (rc.honestyNotes.length > 0) {
51
+ lines.push(' honesty notes:');
52
+ for (const n of rc.honestyNotes)
53
+ lines.push(` • ${n}`);
54
+ }
50
55
  lines.push(' contributions:');
51
56
  for (const c of rc.contributions) {
52
57
  const scoreLabel = c.score !== null ? `${c.score}/100` : 'n/a';
@@ -66,11 +71,6 @@ export function formatConfidenceReport(rc, subjectRef) {
66
71
  for (const r of rc.recommendedNextChecks)
67
72
  lines.push(` • ${r}`);
68
73
  }
69
- if (rc.honestyNotes.length > 0) {
70
- lines.push(' honesty notes:');
71
- for (const n of rc.honestyNotes)
72
- lines.push(` • ${n}`);
73
- }
74
74
  return lines.join('\n');
75
75
  }
76
76
  /**
package/dist/index.d.ts CHANGED
@@ -12,6 +12,7 @@ export { discoverApiSurface, discoverApiSurfaceWithRepo } from './tools/repo/api
12
12
  export type { ApiSurface, DiscoveredEndpoint, DiscoverApiSurfaceOptions } from './tools/repo/api-surface.js';
13
13
  export { computeAutomationMaturity } from './tools/scoring/automation-maturity.js';
14
14
  export { computeApiCoverage } from './tools/scoring/api-coverage.js';
15
+ export { detectPromptLeakage } from './tools/scoring/prompt-leakage.js';
15
16
  export type { ApiCoverageResult, ApiEndpointCoverage } from './tools/scoring/api-coverage.js';
16
17
  export { scaffoldTests } from './scaffold-tests.js';
17
18
  export type { ScaffoldOptions, ScaffoldResult, ProjectConfig } from './scaffold-tests.js';
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,4BAA4B,EAC5B,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1G,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAC7F,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7G,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC1F,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAClI,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,gCAAgC,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,GACnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,YAAY,EACV,aAAa,EACb,UAAU,EACV,cAAc,EACd,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,EACxB,QAAQ,EACR,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAE3G,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtH,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACrG,YAAY,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACtH,OAAO,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AACzF,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAC7G,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,GACX,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,oBAAoB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,GACjB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EACV,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,cAAc,EACd,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,UAAU,EACV,oBAAoB,EACpB,4BAA4B,EAC5B,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,yBAAyB,EACzB,4BAA4B,GAC7B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1G,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAC7F,YAAY,EAAE,UAAU,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7G,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,YAAY,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAC1F,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAClI,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,gCAAgC,EAAE,MAAM,4BAA4B,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,GACnB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,YAAY,EACV,aAAa,EACb,UAAU,EACV,cAAc,EACd,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,wBAAwB,EACxB,wBAAwB,EACxB,QAAQ,EACR,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAEzE,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAE3G,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtH,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACrG,YAAY,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,YAAY,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAC;AACtH,OAAO,EAAE,6BAA6B,EAAE,MAAM,0CAA0C,CAAC;AACzF,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AAC7G,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,oBAAoB,EACpB,SAAS,EACT,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,GACX,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,oBAAoB,CAAC"}
package/dist/index.js CHANGED
@@ -8,6 +8,7 @@ export { scanRepo } from './tools/repo/scan.js';
8
8
  export { discoverApiSurface, discoverApiSurfaceWithRepo } from './tools/repo/api-surface.js';
9
9
  export { computeAutomationMaturity } from './tools/scoring/automation-maturity.js';
10
10
  export { computeApiCoverage } from './tools/scoring/api-coverage.js';
11
+ export { detectPromptLeakage } from './tools/scoring/prompt-leakage.js';
11
12
  export { scaffoldTests } from './scaffold-tests.js';
12
13
  export { expandRecipes, buildAuthScenarios, buildA11yScenarios, buildNavScenarios, buildSeedScenarios } from './recipes/index.js';
13
14
  export { createProvider } from './llm/provider-registry.js';
package/dist/phases/think.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"think.d.ts","sourceRoot":"","sources":["../../src/phases/think.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAGlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAIrE,wBAAsB,KAAK,CACzB,QAAQ,EAAE,aAAa,EACvB,MAAM,EAAE,aAAa,EACrB,SAAS,GAAE,mBAA8C,GACxD,OAAO,CAAC,WAAW,CAAC,CAmDtB;AAED,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}
1
+ {"version":3,"file":"think.d.ts","sourceRoot":"","sources":["../../src/phases/think.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAIlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAIrE,wBAAsB,KAAK,CACzB,QAAQ,EAAE,aAAa,EACvB,MAAM,EAAE,aAAa,EACrB,SAAS,GAAE,mBAA8C,GACxD,OAAO,CAAC,WAAW,CAAC,CAyDtB;AAED,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}
package/dist/phases/think.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { GapAnalysisSchema } from '../schemas/gap-analysis.schema.js';
2
2
  import { analyzeGaps } from '../tools/scoring/gaps.js';
3
+ import { detectPromptLeakage } from '../tools/scoring/prompt-leakage.js';
3
4
  import { logDecision } from '../harness/decision-logger.js';
4
5
  import { finalizeGapAnalysisFromDraft } from './think-finalize.js';
5
6
  import { emitTelemetry } from '../telemetry/emit.js';
@@ -13,6 +14,8 @@ export async function think(observed, config, artifacts = { writeArtifacts: true
13
14
  };
14
15
  emitTelemetry(artifacts.telemetry, 'phase.think.started', sessionId, { mode });
15
16
  const gapBlock = analyzeGaps(observed.routes, observed.repo, mode, config);
17
+ // Merge prompt-leakage gaps from all scanned routes (additive signal).
18
+ const promptLeakageGaps = observed.routes.routes.flatMap((route) => detectPromptLeakage(route));
16
19
  const draft = {
17
20
  analyzedAt: gapBlock.analyzedAt,
18
21
  mode: gapBlock.mode,
@@ -20,7 +23,7 @@ export async function think(observed, config, artifacts = { writeArtifacts: true
20
23
  coveragePagesScanned: gapBlock.coveragePagesScanned,
21
24
  coverageBudgetExceeded: gapBlock.coverageBudgetExceeded,
22
25
  coverageWarning: gapBlock.coverageWarning,
23
- gaps: gapBlock.gaps,
26
+ gaps: [...gapBlock.gaps, ...promptLeakageGaps],
24
27
  };
25
28
  const partialAnalysis = GapAnalysisSchema.parse({
26
29
  ...draft,
package/dist/reporters/heatmap.d.ts CHANGED
@@ -10,7 +10,7 @@
10
10
  */
11
11
  import type { Gap } from '../schemas/gap-analysis.schema.js';
12
12
  /** The ordered set of gap categories that appear as heatmap columns. */
13
- export declare const HEATMAP_DIMENSIONS: readonly ["untested-route", "a11y", "console-error", "broken-link", "coverage", "untested-api-endpoint", "auth-surface"];
13
+ export declare const HEATMAP_DIMENSIONS: readonly ["untested-route", "a11y", "console-error", "broken-link", "coverage", "untested-api-endpoint", "auth-surface", "prompt-leakage"];
14
14
  export type HeatmapDimension = (typeof HEATMAP_DIMENSIONS)[number];
15
15
  /** Display labels for each dimension column header. */
16
16
  export declare const DIMENSION_LABELS: Record<HeatmapDimension, string>;
package/dist/reporters/heatmap.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"heatmap.d.ts","sourceRoot":"","sources":["../../src/reporters/heatmap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAM7D,wEAAwE;AACxE,eAAO,MAAM,kBAAkB,0HAQoB,CAAC;AAEpD,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnE,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAQ7D,CAAC;AAuBF,6EAA6E;AAC7E,MAAM,MAAM,WAAW,GAAG;IACxB,4DAA4D;IAC5D,aAAa,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;IACtC,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,uEAAuE;AACvE,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,qFAAqF;IACrF,KAAK,EAAE,MAAM,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;IAC7C,2EAA2E;IAC3E,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,iEAAiE;AACjE,MAAM,MAAM,WAAW,GAAG;IACxB,oEAAoE;IACpE,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,0DAA0D;IAC1D,UAAU,EAAE,OAAO,kBAAkB,CAAC;IACtC,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAMF;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,WAAW,CAuDzD;AAMD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAmCjE"}
1
+ {"version":3,"file":"heatmap.d.ts","sourceRoot":"","sources":["../../src/reporters/heatmap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAM7D,wEAAwE;AACxE,eAAO,MAAM,kBAAkB,4IASoB,CAAC;AAEpD,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAEnE,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAS7D,CAAC;AAuBF,6EAA6E;AAC7E,MAAM,MAAM,WAAW,GAAG;IACxB,4DAA4D;IAC5D,aAAa,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;IACtC,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,uEAAuE;AACvE,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,qFAAqF;IACrF,KAAK,EAAE,MAAM,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;IAC7C,2EAA2E;IAC3E,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,iEAAiE;AACjE,MAAM,MAAM,WAAW,GAAG;IACxB,oEAAoE;IACpE,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,0DAA0D;IAC1D,UAAU,EAAE,OAAO,kBAAkB,CAAC;IACtC,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAMF;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,WAAW,CAuDzD;AAMD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAmCjE"}
package/dist/reporters/heatmap.js CHANGED
@@ -20,6 +20,7 @@ export const HEATMAP_DIMENSIONS = [
20
20
  'coverage',
21
21
  'untested-api-endpoint',
22
22
  'auth-surface',
23
+ 'prompt-leakage',
23
24
  ];
24
25
  /** Display labels for each dimension column header. */
25
26
  export const DIMENSION_LABELS = {
@@ -30,6 +31,7 @@ export const DIMENSION_LABELS = {
30
31
  'coverage': 'Coverage',
31
32
  'untested-api-endpoint': 'API',
32
33
  'auth-surface': 'Auth',
34
+ 'prompt-leakage': 'PromptLeak',
33
35
  };
34
36
  /** Severity order — higher index = worse. */
35
37
  const SEVERITY_ORDER = {
package/dist/schemas/confidence.schema.d.ts CHANGED
@@ -476,12 +476,12 @@ export declare const ReleaseConfidenceSchema: z.ZodObject<{
476
476
  level: number;
477
477
  computedAt: string;
478
478
  scoreFormula: string;
479
+ schemaVersion: 1;
479
480
  subject: {
480
481
  kind: "app" | "repo" | "release" | "pr" | "deploy";
481
482
  ref: string;
482
483
  tenantId: string;
483
484
  };
484
- schemaVersion: 1;
485
485
  confidenceScore: number | null;
486
486
  verdict: "ship" | "caution" | "hold" | "block";
487
487
  contributions: {
@@ -501,12 +501,12 @@ export declare const ReleaseConfidenceSchema: z.ZodObject<{
501
501
  level: number;
502
502
  computedAt: string;
503
503
  scoreFormula: string;
504
+ schemaVersion: 1;
504
505
  subject: {
505
506
  kind: "app" | "repo" | "release" | "pr" | "deploy";
506
507
  ref: string;
507
508
  tenantId?: string | undefined;
508
509
  };
509
- schemaVersion: 1;
510
510
  confidenceScore: number | null;
511
511
  verdict: "ship" | "caution" | "hold" | "block";
512
512
  contributions: {
package/dist/schemas/gap-analysis.schema.d.ts CHANGED
@@ -4,7 +4,7 @@ export declare const GapSchema: z.ZodObject<{
4
4
  path: z.ZodString;
5
5
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
6
6
  reason: z.ZodString;
7
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
7
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
8
8
  description: z.ZodOptional<z.ZodString>;
9
9
  recommendation: z.ZodOptional<z.ZodString>;
10
10
  }, "strip", z.ZodTypeAny, {
@@ -12,7 +12,7 @@ export declare const GapSchema: z.ZodObject<{
12
12
  id: string;
13
13
  severity: "critical" | "high" | "medium" | "low";
14
14
  reason: string;
15
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
15
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
16
16
  recommendation?: string | undefined;
17
17
  description?: string | undefined;
18
18
  }, {
@@ -20,7 +20,7 @@ export declare const GapSchema: z.ZodObject<{
20
20
  id: string;
21
21
  severity: "critical" | "high" | "medium" | "low";
22
22
  reason: string;
23
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
23
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
24
24
  recommendation?: string | undefined;
25
25
  description?: string | undefined;
26
26
  }>;
@@ -163,7 +163,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
163
163
  path: z.ZodString;
164
164
  severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
165
165
  reason: z.ZodString;
166
- category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
166
+ category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint", "prompt-leakage"]>;
167
167
  description: z.ZodOptional<z.ZodString>;
168
168
  recommendation: z.ZodOptional<z.ZodString>;
169
169
  }, "strip", z.ZodTypeAny, {
@@ -171,7 +171,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
171
171
  id: string;
172
172
  severity: "critical" | "high" | "medium" | "low";
173
173
  reason: string;
174
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
174
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
175
175
  recommendation?: string | undefined;
176
176
  description?: string | undefined;
177
177
  }, {
@@ -179,7 +179,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
179
179
  id: string;
180
180
  severity: "critical" | "high" | "medium" | "low";
181
181
  reason: string;
182
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
182
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
183
183
  recommendation?: string | undefined;
184
184
  description?: string | undefined;
185
185
  }>, "many">;
@@ -445,7 +445,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
445
445
  id: string;
446
446
  severity: "critical" | "high" | "medium" | "low";
447
447
  reason: string;
448
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
448
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
449
449
  recommendation?: string | undefined;
450
450
  description?: string | undefined;
451
451
  }[];
@@ -524,7 +524,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
524
524
  id: string;
525
525
  severity: "critical" | "high" | "medium" | "low";
526
526
  reason: string;
527
- category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
527
+ category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint" | "prompt-leakage";
528
528
  recommendation?: string | undefined;
529
529
  description?: string | undefined;
530
530
  }[];
package/dist/schemas/gap-analysis.schema.js CHANGED
@@ -5,7 +5,7 @@ export const GapSchema = z.object({
5
5
  path: z.string(),
6
6
  severity: z.enum(['critical', 'high', 'medium', 'low']),
7
7
  reason: z.string(),
8
- category: z.enum(['untested-route', 'a11y', 'console-error', 'broken-link', 'auth-surface', 'coverage', 'untested-api-endpoint']),
8
+ category: z.enum(['untested-route', 'a11y', 'console-error', 'broken-link', 'auth-surface', 'coverage', 'untested-api-endpoint', 'prompt-leakage']),
9
9
  description: z.string().optional(),
10
10
  recommendation: z.string().optional(),
11
11
  });
package/dist/schemas/golden-manifest.schema.d.ts ADDED
@@ -0,0 +1,137 @@
1
+ import { z } from 'zod';
2
+ /** Partial ground-truth for auth detection — only fields stated with confidence. */
3
+ export declare const GoldenSiteExpectedSchema: z.ZodObject<{
4
+ hasAuth: z.ZodOptional<z.ZodBoolean>;
5
+ type: z.ZodOptional<z.ZodEnum<["none", "form-login", "oauth", "magic-link", "unknown"]>>;
6
+ leaksPrompt: z.ZodOptional<z.ZodBoolean>;
7
+ }, "strict", z.ZodTypeAny, {
8
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
9
+ hasAuth?: boolean | undefined;
10
+ leaksPrompt?: boolean | undefined;
11
+ }, {
12
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
13
+ hasAuth?: boolean | undefined;
14
+ leaksPrompt?: boolean | undefined;
15
+ }>;
16
+ export declare const GoldenSiteSchema: z.ZodObject<{
17
+ id: z.ZodString;
18
+ url: z.ZodString;
19
+ name: z.ZodString;
20
+ rationale: z.ZodOptional<z.ZodString>;
21
+ coverage_tags: z.ZodArray<z.ZodString, "many">;
22
+ expected: z.ZodObject<{
23
+ hasAuth: z.ZodOptional<z.ZodBoolean>;
24
+ type: z.ZodOptional<z.ZodEnum<["none", "form-login", "oauth", "magic-link", "unknown"]>>;
25
+ leaksPrompt: z.ZodOptional<z.ZodBoolean>;
26
+ }, "strict", z.ZodTypeAny, {
27
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
28
+ hasAuth?: boolean | undefined;
29
+ leaksPrompt?: boolean | undefined;
30
+ }, {
31
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
32
+ hasAuth?: boolean | undefined;
33
+ leaksPrompt?: boolean | undefined;
34
+ }>;
35
+ }, "strip", z.ZodTypeAny, {
36
+ expected: {
37
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
38
+ hasAuth?: boolean | undefined;
39
+ leaksPrompt?: boolean | undefined;
40
+ };
41
+ name: string;
42
+ id: string;
43
+ url: string;
44
+ coverage_tags: string[];
45
+ rationale?: string | undefined;
46
+ }, {
47
+ expected: {
48
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
49
+ hasAuth?: boolean | undefined;
50
+ leaksPrompt?: boolean | undefined;
51
+ };
52
+ name: string;
53
+ id: string;
54
+ url: string;
55
+ coverage_tags: string[];
56
+ rationale?: string | undefined;
57
+ }>;
58
+ export declare const GoldenManifestSchema: z.ZodObject<{
59
+ schemaVersion: z.ZodLiteral<1>;
60
+ coverage_tags: z.ZodArray<z.ZodString, "many">;
61
+ sites: z.ZodArray<z.ZodObject<{
62
+ id: z.ZodString;
63
+ url: z.ZodString;
64
+ name: z.ZodString;
65
+ rationale: z.ZodOptional<z.ZodString>;
66
+ coverage_tags: z.ZodArray<z.ZodString, "many">;
67
+ expected: z.ZodObject<{
68
+ hasAuth: z.ZodOptional<z.ZodBoolean>;
69
+ type: z.ZodOptional<z.ZodEnum<["none", "form-login", "oauth", "magic-link", "unknown"]>>;
70
+ leaksPrompt: z.ZodOptional<z.ZodBoolean>;
71
+ }, "strict", z.ZodTypeAny, {
72
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
73
+ hasAuth?: boolean | undefined;
74
+ leaksPrompt?: boolean | undefined;
75
+ }, {
76
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
77
+ hasAuth?: boolean | undefined;
78
+ leaksPrompt?: boolean | undefined;
79
+ }>;
80
+ }, "strip", z.ZodTypeAny, {
81
+ expected: {
82
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
83
+ hasAuth?: boolean | undefined;
84
+ leaksPrompt?: boolean | undefined;
85
+ };
86
+ name: string;
87
+ id: string;
88
+ url: string;
89
+ coverage_tags: string[];
90
+ rationale?: string | undefined;
91
+ }, {
92
+ expected: {
93
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
94
+ hasAuth?: boolean | undefined;
95
+ leaksPrompt?: boolean | undefined;
96
+ };
97
+ name: string;
98
+ id: string;
99
+ url: string;
100
+ coverage_tags: string[];
101
+ rationale?: string | undefined;
102
+ }>, "many">;
103
+ }, "strip", z.ZodTypeAny, {
104
+ coverage_tags: string[];
105
+ schemaVersion: 1;
106
+ sites: {
107
+ expected: {
108
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
109
+ hasAuth?: boolean | undefined;
110
+ leaksPrompt?: boolean | undefined;
111
+ };
112
+ name: string;
113
+ id: string;
114
+ url: string;
115
+ coverage_tags: string[];
116
+ rationale?: string | undefined;
117
+ }[];
118
+ }, {
119
+ coverage_tags: string[];
120
+ schemaVersion: 1;
121
+ sites: {
122
+ expected: {
123
+ type?: "unknown" | "form-login" | "oauth" | "magic-link" | "none" | undefined;
124
+ hasAuth?: boolean | undefined;
125
+ leaksPrompt?: boolean | undefined;
126
+ };
127
+ name: string;
128
+ id: string;
129
+ url: string;
130
+ coverage_tags: string[];
131
+ rationale?: string | undefined;
132
+ }[];
133
+ }>;
134
+ export type GoldenSiteExpected = z.infer<typeof GoldenSiteExpectedSchema>;
135
+ export type GoldenSite = z.infer<typeof GoldenSiteSchema>;
136
+ export type GoldenManifest = z.infer<typeof GoldenManifestSchema>;
137
+ //# sourceMappingURL=golden-manifest.schema.d.ts.map
package/dist/schemas/golden-manifest.schema.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"golden-manifest.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/golden-manifest.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,oFAAoF;AACpF,eAAO,MAAM,wBAAwB;;;;;;;;;;;;EAM1B,CAAC;AAEZ,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU3B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAI/B,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAC1E,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}
package/dist/schemas/golden-manifest.schema.js ADDED
@@ -0,0 +1,25 @@
1
+ import { z } from 'zod';
2
+ /** Partial ground-truth for auth detection — only fields stated with confidence. */
3
+ export const GoldenSiteExpectedSchema = z
4
+ .object({
5
+ hasAuth: z.boolean().optional(),
6
+ type: z.enum(['none', 'form-login', 'oauth', 'magic-link', 'unknown']).optional(),
7
+ leaksPrompt: z.boolean().optional(),
8
+ })
9
+ .strict();
10
+ export const GoldenSiteSchema = z.object({
11
+ id: z
12
+ .string()
13
+ .min(1)
14
+ .regex(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, 'site id must be kebab-case'),
15
+ url: z.string().url(),
16
+ name: z.string().min(1),
17
+ rationale: z.string().min(1).optional(),
18
+ coverage_tags: z.array(z.string().min(1)).min(1),
19
+ expected: GoldenSiteExpectedSchema,
20
+ });
21
+ export const GoldenManifestSchema = z.object({
22
+ schemaVersion: z.literal(1),
23
+ coverage_tags: z.array(z.string().min(1)).min(1),
24
+ sites: z.array(GoldenSiteSchema),
25
+ });