@qulib/core 0.7.0 → 0.9.0

package/dist/schemas/confidence.schema.js

@@ -0,0 +1,161 @@
+/**
+ * Release Confidence Aggregator — Zod schemas (single source of truth).
+ *
+ * P3 — qulib Confidence Layer v1.
+ * Pure schema definitions; no I/O. Scorer lives in tools/scoring/confidence.ts.
+ *
+ * Architecture note (§1d of spec):
+ * - EvidenceItem is the universal adapter envelope — any signal feeds the same scorer.
+ * - EvidenceSourceKind enum reserves external sources (ci-results, deploy-metadata, …)
+ *   for P4 wiring; qulib-native sources are wired in P3.
+ * - tenantId on every record (CLAUDE.md rule 17 — multi-tenant from day one).
+ */
+import { z } from 'zod';
+// ---------------------------------------------------------------------------
+// Evidence source kinds
+// ---------------------------------------------------------------------------
+export const EvidenceSourceKindSchema = z.enum([
+    // qulib-native (P3 wires these)
+    'live-app-quality',
+    'accessibility',
+    'crawl-coverage',
+    'test-automation',
+    'api-coverage',
+    // external — schema reserves them; P4 wires them
+    'ci-results',
+    'deploy-metadata',
+    'error-telemetry',
+    'feature-flags',
+    'doc-health',
+    'human-approval',
+    'agent-evidence',
+]);
+// ---------------------------------------------------------------------------
+// Policy
+// ---------------------------------------------------------------------------
+export const ConfidencePolicySchema = z.object({
+    /**
+     * Confidence score at or above this is required for verdict='ship'. Default 80.
+     * Mirrors AgentSummaryPolicy.passConfidenceThreshold.
+     */
+    passThreshold: z.number().min(0).max(100).default(80),
+    /**
+     * Confidence score below this produces verdict='hold'. Default 30.
+     * Mirrors AgentSummaryPolicy.failConfidenceThreshold.
+     */
+    failThreshold: z.number().min(0).max(100).default(30),
+    /** Max items in topRisks / recommendedNextChecks / honestyNotes lists. Default 5. */
+    maxListLength: z.number().int().min(1).default(5),
+    /**
+     * Sources listed here produce verdict='caution' when their applicability is 'unknown'.
+     * Empty by default — callers can require specific sources for stricter gates.
+     */
+    requiredSources: z.array(EvidenceSourceKindSchema).default([]),
+    /**
+     * Per-source weight overrides. When provided, these replace the scorer's default weights
+     * for the named sources; unmentioned sources keep their defaults.
+     */
+    weights: z.record(EvidenceSourceKindSchema, z.number().min(0).max(1)).optional(),
+});
+// ---------------------------------------------------------------------------
+// Evidence item (universal adapter envelope)
+// ---------------------------------------------------------------------------
+export const EvidenceItemSchema = z.object({
+    source: EvidenceSourceKindSchema,
+    /**
+     * 0–100 normalized score, or null when the source ran but could not produce
+     * an honest score (e.g. auth-blocked crawl). null → excluded from denominator
+     * AND contributes to honesty notes.
+     */
+    score: z.number().min(0).max(100).nullable(),
+    weight: z.number().min(0).max(1),
+    /**
+     * - applicable     — qulib has signal and produced a real score.
+     * - not_applicable — the capability does not apply (e.g. api-coverage with 0 endpoints).
+     *                    Score is reported but excluded from the denominator.
+     * - unknown        — qulib could not collect enough signal to score honestly.
+     *                    Excluded from denominator; narrated in honestyNotes.
+     */
+    applicability: z.enum(['applicable', 'not_applicable', 'unknown']).default('applicable'),
+    /**
+     * When true, forces verdict='block' regardless of score.
+     * Use for hard gates: auth wall, critical gap, failed deploy.
+     */
+    blocking: z.boolean().default(false),
+    /** Human-readable "why this score" bullet points. */
+    evidence: z.array(z.string()),
+    recommendations: z.array(z.string()).default([]),
+    /** Required when applicability !== 'applicable'. Explains why the source was excluded. */
+    reason: z.string().optional(),
+    /** ISO-8601 datetime when this evidence was collected. */
+    collectedAt: z.string().datetime(),
+    /**
+     * Provenance for Replay/Audit views — how this item was produced.
+     */
+    collector: z.object({
+        tool: z.string(),
+        inputRef: z.string().optional(),
+        durationMs: z.number().optional(),
+        cost: z
+            .object({
+            inputTokens: z.number(),
+            outputTokens: z.number(),
+        })
+            .optional(),
+    }),
+});
+// ---------------------------------------------------------------------------
+// Subject (what we are judging)
+// ---------------------------------------------------------------------------
+export const ConfidenceSubjectSchema = z.object({
+    kind: z.enum(['release', 'pr', 'deploy', 'app', 'repo']),
+    ref: z.string(),
+    /** Multi-tenant stamp (CLAUDE.md rule 17). Default 'default' while single-tenant. */
+    tenantId: z.string().default('default'),
+});
+// ---------------------------------------------------------------------------
+// Confidence input (the scorer's full input)
+// ---------------------------------------------------------------------------
+export const ConfidenceInputSchema = z.object({
+    subject: ConfidenceSubjectSchema,
+    evidence: z.array(EvidenceItemSchema),
+    policy: ConfidencePolicySchema.optional(),
+});
+// ---------------------------------------------------------------------------
+// Verdict
+// ---------------------------------------------------------------------------
+export const ConfidenceVerdictSchema = z.enum(['ship', 'caution', 'hold', 'block']);
+// ---------------------------------------------------------------------------
+// Release confidence output (the aggregator's result — View 1)
+// ---------------------------------------------------------------------------
+export const ConfidenceContributionSchema = z.object({
+    source: EvidenceSourceKindSchema,
+    score: z.number().min(0).max(100).nullable(),
+    weight: z.number(),
+    /** Renormalized weight over the applicable set (sums to 1.0 across applicable items). */
+    effectiveWeight: z.number(),
+    applicability: z.enum(['applicable', 'not_applicable', 'unknown']),
+    blocking: z.boolean(),
+});
+export const ReleaseConfidenceSchema = z.object({
+    schemaVersion: z.literal(1),
+    computedAt: z.string().datetime(),
+    subject: ConfidenceSubjectSchema,
+    /**
+     * Fused confidence score (0–100) over applicable, non-null evidence only.
+     * null when no applicable evidence exists (honesty floor → verdict = 'block').
+     */
+    confidenceScore: z.number().min(0).max(100).nullable(),
+    verdict: ConfidenceVerdictSchema,
+    level: z.number().int().min(1).max(5),
+    label: z.string(),
+    /** Per-source breakdown including excluded (not_applicable / unknown) items. */
+    contributions: z.array(ConfidenceContributionSchema),
+    topRisks: z.array(z.string()),
+    recommendedNextChecks: z.array(z.string()),
+    /** One note per degraded/excluded/partial source — the honesty layer. */
+    honestyNotes: z.array(z.string()),
+    /** Non-empty only when verdict='block'; explains what caused the block. */
+    blockers: z.array(z.string()),
+    scoreFormula: z.string(),
+});

package/dist/schemas/gap-analysis.schema.d.ts

@@ -4,7 +4,7 @@ export declare const GapSchema: z.ZodObject<{
     path: z.ZodString;
     severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
     reason: z.ZodString;
-    category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage"]>;
+    category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
     description: z.ZodOptional<z.ZodString>;
     recommendation: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
@@ -12,7 +12,7 @@ export declare const GapSchema: z.ZodObject<{
     id: string;
     severity: "critical" | "high" | "medium" | "low";
     reason: string;
-    category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+    category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
     recommendation?: string | undefined;
     description?: string | undefined;
 }, {
@@ -20,7 +20,7 @@ export declare const GapSchema: z.ZodObject<{
     id: string;
     severity: "critical" | "high" | "medium" | "low";
     reason: string;
-    category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+    category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
     recommendation?: string | undefined;
     description?: string | undefined;
 }>;
@@ -163,7 +163,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
         path: z.ZodString;
         severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
         reason: z.ZodString;
-        category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage"]>;
+        category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
         description: z.ZodOptional<z.ZodString>;
         recommendation: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
@@ -171,7 +171,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }, {
@@ -179,7 +179,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }>, "many">;
@@ -445,7 +445,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }[];
@@ -524,7 +524,7 @@ export declare const GapAnalysisSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }[];

package/dist/schemas/gap-analysis.schema.js

@@ -5,7 +5,7 @@ export const GapSchema = z.object({
     path: z.string(),
     severity: z.enum(['critical', 'high', 'medium', 'low']),
     reason: z.string(),
-    category: z.enum(['untested-route', 'a11y', 'console-error', 'broken-link', 'auth-surface', 'coverage']),
+    category: z.enum(['untested-route', 'a11y', 'console-error', 'broken-link', 'auth-surface', 'coverage', 'untested-api-endpoint']),
     description: z.string().optional(),
     recommendation: z.string().optional(),
 });

package/dist/schemas/index.d.ts

@@ -6,4 +6,7 @@ export { CostIntelligenceSchema, LlmUsageRecordSchema, LlmDataQualitySchema, Llm
 export { RepoAnalysisSchema, FrameworkDetectionSchema, DetectedFrameworkPrimarySchema, FrameworkDetectionConfidenceSchema, TestFrameworkDetectedSchema, type RepoAnalysis, type FrameworkDetectionResult, type DetectedFrameworkPrimary, } from './repo-analysis.schema.js';
 export { AutomationMaturitySchema, AutomationMaturityDimensionSchema, AutomationMaturityApplicabilitySchema, type AutomationMaturity, type AutomationMaturityDimension, type AutomationMaturityApplicability, } from './automation-maturity.schema.js';
 export { PublicSurfaceSchema, PublicSurfaceViolationSchema, PublicSurfaceBrokenLinkSchema, type PublicSurface, type PublicSurfaceViolation, type PublicSurfaceBrokenLink, } from './public-surface.schema.js';
+export { RecipeIdSchema, RecipeConfigSchema, type RecipeId, type RecipeConfig, } from './recipe.schema.js';
+export { EvidenceSourceKindSchema, EvidenceItemSchema, ConfidenceSubjectSchema, ConfidenceInputSchema, ConfidencePolicySchema, ConfidenceVerdictSchema, ConfidenceContributionSchema, ReleaseConfidenceSchema, type EvidenceSourceKind, type EvidenceItem, type ConfidenceSubject, type ConfidenceInput, type ConfidencePolicy, type ConfidenceVerdict, type ConfidenceContribution, type ReleaseConfidence, } from './confidence.schema.js';
+export { DeliveryTrafficPointSchema, InboxItemKindSchema, InboxItemSchema, ReplayStepSchema, ReplayTraceSchema, AuditEntrySchema, type DeliveryTrafficPoint, type InboxItemKind, type InboxItem, type ReplayStep, type ReplayTrace, type AuditEntry, } from './views.schema.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/schemas/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,gCAAgC,EAChC,gBAAgB,EAChB,kBAAkB,EAClB,0BAA0B,EAC1B,cAAc,EACd,qBAAqB,EACrB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,QAAQ,EACb,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,GACtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,KAAK,GACX,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACd,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,GAAG,EACR,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,8BAA8B,EAC9B,kCAAkC,EAClC,2BAA2B,EAC3B,KAAK,YAAY,EACjB,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,wBAAwB,EACxB,iCAAiC,EACjC,qCAAqC,EACrC,KAAK,kBAAkB,EACvB,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,GACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,6BAA6B,EAC7B,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,4BAA4B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,gCAAgC,EAChC,gBAAgB,EAChB,kBAAkB,EAClB,0BAA0B,EAC1B,cAAc,EACd,qBAAqB,EACrB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,QAAQ,EACb,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,GACtB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,KAAK,cAAc,EACnB,KAAK,KAAK,GACX,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,qBAAqB,EACrB,mBAAmB,EACnB,cAAc,EACd,6BAA6B,EAC7B,KAAK,WAAW,EAChB,KAAK,GAAG,EACR,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,EACb,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,kBAAkB,EAClB,wBAAwB,EACxB,8BAA8B,EAC9B,kCAAkC,EAClC,2BAA2B,EAC3B,KAAK,YAAY,EACjB,KAAK,wBAAwB,EAC7B,KAAK,wBAAwB,GAC9B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,wBAAwB,EACxB,iCAAiC,EACjC,qCAAqC,EACrC,KAAK,kBAAkB,EACvB,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,GACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,mBAAmB,EACnB,4BAA4B,EAC5B,6BAA6B,EAC7B,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,uBAAuB,EACvB,4BAA4B,EAC5B,uBAAuB,EACvB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,iBAAiB,EACtB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,GACvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,EACnB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,UAAU,GAChB,MAAM,mBAAmB,CAAC"}

package/dist/schemas/index.js

@@ -6,3 +6,6 @@ export { CostIntelligenceSchema, LlmUsageRecordSchema, LlmDataQualitySchema, Llm
 export { RepoAnalysisSchema, FrameworkDetectionSchema, DetectedFrameworkPrimarySchema, FrameworkDetectionConfidenceSchema, TestFrameworkDetectedSchema, } from './repo-analysis.schema.js';
 export { AutomationMaturitySchema, AutomationMaturityDimensionSchema, AutomationMaturityApplicabilitySchema, } from './automation-maturity.schema.js';
 export { PublicSurfaceSchema, PublicSurfaceViolationSchema, PublicSurfaceBrokenLinkSchema, } from './public-surface.schema.js';
+export { RecipeIdSchema, RecipeConfigSchema, } from './recipe.schema.js';
+export { EvidenceSourceKindSchema, EvidenceItemSchema, ConfidenceSubjectSchema, ConfidenceInputSchema, ConfidencePolicySchema, ConfidenceVerdictSchema, ConfidenceContributionSchema, ReleaseConfidenceSchema, } from './confidence.schema.js';
+export { DeliveryTrafficPointSchema, InboxItemKindSchema, InboxItemSchema, ReplayStepSchema, ReplayTraceSchema, AuditEntrySchema, } from './views.schema.js';

package/dist/schemas/public-surface.schema.d.ts

@@ -118,7 +118,7 @@ export declare const PublicSurfaceSchema: z.ZodObject<{
         path: z.ZodString;
         severity: z.ZodEnum<["critical", "high", "medium", "low"]>;
         reason: z.ZodString;
-        category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage"]>;
+        category: z.ZodEnum<["untested-route", "a11y", "console-error", "broken-link", "auth-surface", "coverage", "untested-api-endpoint"]>;
         description: z.ZodOptional<z.ZodString>;
         recommendation: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
@@ -126,7 +126,7 @@ export declare const PublicSurfaceSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }, {
@@ -134,7 +134,7 @@ export declare const PublicSurfaceSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }>, "many">;
@@ -181,7 +181,7 @@ export declare const PublicSurfaceSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }[];
@@ -224,7 +224,7 @@ export declare const PublicSurfaceSchema: z.ZodObject<{
         id: string;
         severity: "critical" | "high" | "medium" | "low";
         reason: string;
-        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage";
+        category: "untested-route" | "a11y" | "console-error" | "broken-link" | "auth-surface" | "coverage" | "untested-api-endpoint";
         recommendation?: string | undefined;
         description?: string | undefined;
     }[];

package/dist/schemas/recipe.schema.d.ts

@@ -0,0 +1,66 @@
+import { z } from 'zod';
+/**
+ * RecipeId — the stable vocabulary of reusable test patterns.
+ *
+ * Each value corresponds to a recipe module under src/recipes/:
+ *   auth  — login / logout / protected-route flows
+ *   a11y  — accessibility checks (axe-core assertions / aria probes)
+ *   nav   — navigation, deep-linking, back/forward, 404 handling
+ *   seed  — data-seeding helpers (reset, pre-populate state via API or UI)
+ *
+ * The enum is additive — new recipes can be appended without breaking callers.
+ */
+export declare const RecipeIdSchema: z.ZodEnum<["auth", "a11y", "nav", "seed"]>;
+export type RecipeId = z.infer<typeof RecipeIdSchema>;
+/**
+ * Per-recipe configuration that callers may pass alongside a RecipeId to
+ * override defaults. All fields are optional — recipes work without config.
+ */
+export declare const RecipeConfigSchema: z.ZodObject<{
+    /**
+     * Selectors to use for form-login auth steps (recipe: auth).
+     * When provided, the auth recipe uses these instead of the defaults derived
+     * from the NQ-2 / CaseLoom proven patterns.
+     */
+    loginUrl: z.ZodOptional<z.ZodString>;
+    usernameSelector: z.ZodOptional<z.ZodString>;
+    passwordSelector: z.ZodOptional<z.ZodString>;
+    submitSelector: z.ZodOptional<z.ZodString>;
+    /** Selector for a success indicator visible after login (recipe: auth). */
+    successSelector: z.ZodOptional<z.ZodString>;
+    /**
+     * Routes that the nav recipe should visit in addition to the root (recipe: nav).
+     * If omitted the recipe generates scenarios for '/', '/about', and '/404'.
+     */
+    navRoutes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * axe-core impact level threshold — violations at or above this level are
+     * asserted (recipe: a11y). Default 'serious'.
+     */
+    a11yImpact: z.ZodOptional<z.ZodEnum<["minor", "moderate", "serious", "critical"]>>;
+    /**
+     * API endpoint to call for seeding/resetting state (recipe: seed).
+     * POST with an empty body; expects 200/201/204.
+     */
+    seedEndpoint: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    loginUrl?: string | undefined;
+    usernameSelector?: string | undefined;
+    passwordSelector?: string | undefined;
+    submitSelector?: string | undefined;
+    successSelector?: string | undefined;
+    navRoutes?: string[] | undefined;
+    a11yImpact?: "critical" | "minor" | "moderate" | "serious" | undefined;
+    seedEndpoint?: string | undefined;
+}, {
+    loginUrl?: string | undefined;
+    usernameSelector?: string | undefined;
+    passwordSelector?: string | undefined;
+    submitSelector?: string | undefined;
+    successSelector?: string | undefined;
+    navRoutes?: string[] | undefined;
+    a11yImpact?: "critical" | "minor" | "moderate" | "serious" | undefined;
+    seedEndpoint?: string | undefined;
+}>;
+export type RecipeConfig = z.infer<typeof RecipeConfigSchema>;
+//# sourceMappingURL=recipe.schema.d.ts.map

package/dist/schemas/recipe.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipe.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/recipe.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,cAAc,4CAA0C,CAAC;AACtE,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD;;;GAGG;AACH,eAAO,MAAM,kBAAkB;IAC7B;;;;OAIG;;;;;IAKH,2EAA2E;;IAE3E;;;OAGG;;IAEH;;;OAGG;;IAEH;;;OAGG;;;;;;;;;;;;;;;;;;;;EAEH,CAAC;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC"}

package/dist/schemas/recipe.schema.js

@@ -0,0 +1,45 @@
+import { z } from 'zod';
+/**
+ * RecipeId — the stable vocabulary of reusable test patterns.
+ *
+ * Each value corresponds to a recipe module under src/recipes/:
+ *   auth  — login / logout / protected-route flows
+ *   a11y  — accessibility checks (axe-core assertions / aria probes)
+ *   nav   — navigation, deep-linking, back/forward, 404 handling
+ *   seed  — data-seeding helpers (reset, pre-populate state via API or UI)
+ *
+ * The enum is additive — new recipes can be appended without breaking callers.
+ */
+export const RecipeIdSchema = z.enum(['auth', 'a11y', 'nav', 'seed']);
+/**
+ * Per-recipe configuration that callers may pass alongside a RecipeId to
+ * override defaults. All fields are optional — recipes work without config.
+ */
+export const RecipeConfigSchema = z.object({
+    /**
+     * Selectors to use for form-login auth steps (recipe: auth).
+     * When provided, the auth recipe uses these instead of the defaults derived
+     * from the NQ-2 / CaseLoom proven patterns.
+     */
+    loginUrl: z.string().optional(),
+    usernameSelector: z.string().optional(),
+    passwordSelector: z.string().optional(),
+    submitSelector: z.string().optional(),
+    /** Selector for a success indicator visible after login (recipe: auth). */
+    successSelector: z.string().optional(),
+    /**
+     * Routes that the nav recipe should visit in addition to the root (recipe: nav).
+     * If omitted the recipe generates scenarios for '/', '/about', and '/404'.
+     */
+    navRoutes: z.array(z.string()).optional(),
+    /**
+     * axe-core impact level threshold — violations at or above this level are
+     * asserted (recipe: a11y). Default 'serious'.
+     */
+    a11yImpact: z.enum(['minor', 'moderate', 'serious', 'critical']).optional(),
+    /**
+     * API endpoint to call for seeding/resetting state (recipe: seed).
+     * POST with an empty body; expects 200/201/204.
+     */
+    seedEndpoint: z.string().optional(),
+});

package/dist/schemas/repo-analysis.schema.d.ts

@@ -156,7 +156,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
         level: z.ZodNumber;
         label: z.ZodString;
         dimensions: z.ZodArray<z.ZodObject<{
-            dimension: z.ZodEnum<["test-coverage-breadth", "framework-adoption", "test-id-hygiene", "ci-integration", "auth-test-coverage", "component-test-ratio"]>;
+            dimension: z.ZodEnum<["test-coverage-breadth", "framework-adoption", "test-id-hygiene", "ci-integration", "auth-test-coverage", "component-test-ratio", "api-test-coverage"]>;
             score: z.ZodNumber;
             weight: z.ZodNumber;
             evidence: z.ZodArray<z.ZodString, "many">;
@@ -166,7 +166,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
             guidance: z.ZodOptional<z.ZodString>;
         }, "strip", z.ZodTypeAny, {
             recommendations: string[];
-            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio";
+            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio" | "api-test-coverage";
             score: number;
             weight: number;
             evidence: string[];
@@ -175,7 +175,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
             guidance?: string | undefined;
         }, {
             recommendations: string[];
-            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio";
+            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio" | "api-test-coverage";
             score: number;
             weight: number;
             evidence: string[];
@@ -193,7 +193,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
         overallScore: number;
         dimensions: {
             recommendations: string[];
-            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio";
+            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio" | "api-test-coverage";
             score: number;
             weight: number;
             evidence: string[];
@@ -211,7 +211,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
         overallScore: number;
         dimensions: {
             recommendations: string[];
-            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio";
+            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio" | "api-test-coverage";
             score: number;
             weight: number;
             evidence: string[];
@@ -261,7 +261,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
         overallScore: number;
         dimensions: {
             recommendations: string[];
-            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio";
+            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio" | "api-test-coverage";
             score: number;
             weight: number;
             evidence: string[];
@@ -311,7 +311,7 @@ export declare const RepoAnalysisSchema: z.ZodObject<{
         overallScore: number;
         dimensions: {
             recommendations: string[];
-            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio";
+            dimension: "test-coverage-breadth" | "framework-adoption" | "test-id-hygiene" | "ci-integration" | "auth-test-coverage" | "component-test-ratio" | "api-test-coverage";
             score: number;
             weight: number;
             evidence: string[];