@sackville-mcp/verdict 0.0.1-alpha.0

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2026 Curtis Autery
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/dist/index.d.mts

@@ -0,0 +1,144 @@
+import { SEVERITY_RANK, Severity, atLeast, maxSeverity } from "@sackville-mcp/severity";
+import { ContractResult } from "@sackville-mcp/api";
+import { DiffCoverageReport } from "@sackville-mcp/coverage";
+import { DependencyAudit } from "@sackville-mcp/deps";
+import { FlakeVerdict } from "@sackville-mcp/flake";
+import { MutationSummary } from "@sackville-mcp/mutate";
+
+//#region src/types.d.ts
+/** The pillars a composite verdict can fold. */
+type PillarName = 'contract' | 'coverage' | 'deps' | 'flake' | 'mutate';
+/**
+ * A pillar's contribution to the verdict.
+ * - `pass` — ran, clean.
+ * - `warn` — a real signal of a problem the policy may or may not treat as failing.
+ * - `fail` — a problem this pillar treats as failing on its own.
+ * - `no-signal` — ran but had no usable signal (mutation null+no survivors, flake
+ *   insufficient-data, deps with no OSV snapshot, contract with zero entries).
+ * - `missing` — no input was supplied for this pillar.
+ *
+ * `no-signal` and `missing` NEVER count as a pass (ADR 0013 §1).
+ *
+ * NOTE (ADR 0013 Addendum, milestone 5c): the run-driving orchestrator does NOT
+ * add new statuses. A pillar it tried to run but whose own gate was unmet, or that
+ * crashed, is reported as `no-signal` + a `skipReason`/`errorReason` (below); a
+ * pillar the agent did not request stays `missing`. Both already fold to
+ * `inconclusive`, so "absence is never a pass" extends to gate-blocked/errored/
+ * not-requested for free — without touching this exhaustively-switched union.
+ */
+type PillarStatus = 'pass' | 'warn' | 'fail' | 'no-signal' | 'missing';
+interface PillarVerdict {
+  pillar: PillarName;
+  status: PillarStatus;
+  /** The worst severity this pillar observed (drives the composite worstSeverity). */
+  severity: Severity;
+  /** A short, redaction-safe one-line summary. */
+  headline: string;
+  /** Optional small tallies (e.g. `{ findings: 3 }`) — never large/inlined detail. */
+  counts?: Record<string, number>;
+  /**
+   * Provenance for the contract pillar: whether the result came from a live run or
+   * from a captured HAR (different trust/redaction story — ADR 0013 §1).
+   */
+  source?: 'run' | 'capture-from-HAR';
+  /**
+   * Run-driving provenance (ADR 0013 Addendum, milestone 5c): why a requested pillar
+   * produced no usable signal. `gate-not-set` = the pillar's own operator gate was
+   * unmet (never run — "compose, never widen"); `not-requested` = the agent did not
+   * ask for it. A present `skipReason` can NEVER be laundered into a pass.
+   */
+  skipReason?: 'gate-not-set' | 'not-requested';
+  /**
+   * Run-driving provenance (ADR 0013 Addendum, milestone 5c): a requested pillar
+   * crashed/timed out. **Already routed through the operator `Redactor`** by the
+   * orchestrator before it reaches here — must not carry raw paths/secrets. A present
+   * `errorReason` can NEVER be laundered into a pass.
+   */
+  errorReason?: string;
+}
+/** The overall posture. `inconclusive` is the honest "couldn't claim pass" state. */
+type OverallStatus = 'pass' | 'warn' | 'fail' | 'inconclusive';
+interface CompositeVerdict {
+  /** `true` ONLY when the overall status is `pass`. warn/fail/inconclusive ⇒ false. */
+  ok: boolean;
+  status: OverallStatus;
+  /** The worst severity across all present pillars. */
+  worstSeverity: Severity;
+  /** The pillar driving the worst outcome, when there is one. */
+  worstPillar?: PillarName;
+  /** Every pillar's verdict (including `missing` ones), in a stable order. */
+  pillars: PillarVerdict[];
+  /** Pillars with no input supplied. */
+  missing: PillarName[];
+}
+/**
+ * The policy cut. There is intentionally NO baked-in default (ADR 0013 §3a/slice
+ * 10): the operator/agent must declare `failAtOrAbove` to escalate a severity to a
+ * failing overall posture — the rollup must not silently encode a value judgment.
+ */
+interface VerdictPolicy {
+  /** A pillar whose severity is at least this becomes a failing overall posture. */
+  failAtOrAbove?: Severity;
+}
+//#endregion
+//#region src/adapters.d.ts
+/** Contract drift over validated responses (live run or capture-from-HAR). */
+declare function fromContractResults(results: ContractResult[], source?: 'run' | 'capture-from-HAR'): PillarVerdict;
+/**
+ * The capture-verdict facts a contract sub-verdict needs to fold WITHOUT laundering an
+ * unverifiable entry into a pass (5f, ADR 0013 Addendum 4). A superset of
+ * `@sackville-mcp/api`'s `CaptureContractVerdict` — its no-signal/unresolved entries push NO
+ * `ContractResult`, so `fromContractResults` (results-only) can't see them. `clean` is
+ * the load-bearing flag (`entriesValidated>0 ∧ unresolvedBodies===0 ∧ noSignal===0 ∧ all
+ * valid`).
+ */
+interface CaptureVerdictFacts {
+  results: ContractResult[];
+  clean: boolean;
+  noSignal: number;
+  unresolvedBodies: number;
+  entriesValidated: number;
+}
+/**
+ * Fold the FULL capture verdict (clean-aware): an error finding is a real breach (`fail`);
+ * else a NOT-clean capture (no-signal / unresolved / zero validated) is `no-signal`
+ * (inconclusive) — NEVER a pass riding on a sibling valid entry (ADR 0013 §1, the latent
+ * hole this closes in the shipped 5e produce + consume paths); else a warning is `warn`;
+ * else `pass`. Used by the verify orchestrator for the consume + both produce capture paths.
+ */
+declare function fromCaptureVerdict(v: CaptureVerdictFacts, source?: 'run' | 'capture-from-HAR'): PillarVerdict;
+/** Coverage of a diff — the forgotten-assertion catch. */
+declare function fromDiffCoverage(report: DiffCoverageReport): PillarVerdict;
+/** Dependency vulnerability/deprecation audit over the installed versions. */
+declare function fromDependencyAudits(audits: DependencyAudit[], opts: {
+  osvSnapshotLoaded: boolean;
+}): PillarVerdict;
+/** Flaky/broken test detection over recorded run histories. */
+declare function fromFlakeVerdicts(verdicts: FlakeVerdict[]): PillarVerdict;
+/** Mutation testing — are the tests meaningful? Keyed off survivors, not only score. */
+declare function fromMutationSummary(summary: MutationSummary): PillarVerdict;
+//#endregion
+//#region src/compose.d.ts
+/** Per-pillar adapter outputs. Any omitted pillar is folded as `missing`. */
+interface ComposeInputs {
+  contract?: PillarVerdict;
+  coverage?: PillarVerdict;
+  deps?: PillarVerdict;
+  flake?: PillarVerdict;
+  mutate?: PillarVerdict;
+}
+/**
+ * Fold the per-pillar verdicts into one composite verdict (ADR 0013 §1). Pure and
+ * deterministic. The load-bearing invariant: **absence is never a pass** — an
+ * empty fold, or any present `missing`/`no-signal` pillar with no failing/warning
+ * signal elsewhere, yields `inconclusive` (`ok:false`), never `pass`.
+ *
+ * The overall posture has NO baked-in threshold: a pillar only escalates the whole
+ * verdict to `fail` either because the pillar itself decided `fail`, or because the
+ * caller's `policy.failAtOrAbove` says its severity is failing. With no policy, a
+ * severity-only finding stays `warn`.
+ */
+declare function composeVerdict(inputs: ComposeInputs, policy?: VerdictPolicy): CompositeVerdict;
+//#endregion
+export { type CaptureVerdictFacts, type ComposeInputs, type CompositeVerdict, type OverallStatus, type PillarName, type PillarStatus, type PillarVerdict, SEVERITY_RANK, type Severity, type VerdictPolicy, atLeast, composeVerdict, fromCaptureVerdict, fromContractResults, fromDependencyAudits, fromDiffCoverage, fromFlakeVerdicts, fromMutationSummary, maxSeverity };
+//# sourceMappingURL=index.d.mts.map

package/dist/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../src/types.ts","../src/adapters.ts","../src/compose.ts"],"mappings":";;;;;;;;;KAGY,UAAA;;;;;;AAAZ;;;;AAAsB;AAoBtB;;;;AAAwB;AAExB;;;KAFY,YAAA;AAAA,UAEK,aAAA;EACf,MAAA,EAAQ,UAAA;EACR,MAAA,EAAQ,YAAA;EAMO;EAJf,QAAA,EAAU,QAAA;EAHV;EAKA,QAAA;EAJA;EAMA,MAAA,GAAS,MAAA;EAJT;;;;EASA,MAAA;EAAA;;;;AAcW;AAIb;EAXE,UAAA;;;AAWuB;AAEzB;;;EANE,WAAA;AAAA;;KAIU,aAAA;AAAA,UAEK,gBAAA;EAWI;EATnB,EAAA;EACA,MAAA,EAAQ,aAAA;EAAR;EAEA,aAAA,EAAe,QAAA;EAAf;EAEA,WAAA,GAAc,UAAA;EAAd;EAEA,OAAA,EAAS,aAAA;EAAT;EAEA,OAAA,EAAS,UAAA;AAAA;;;AAAU;AAQrB;;UAAiB,aAAA;EAEf;EAAA,aAAA,GAAgB,QAAQ;AAAA;;;;iBC7DV,mBAAA,CACd,OAAA,EAAS,cAAA,IACT,MAAA,gCACC,aAAa;ADEQ;AAExB;;;;;;;AAFwB,UCwDP,mBAAA;EACf,OAAA,EAAS,cAAc;EACvB,KAAA;EACA,QAAA;EACA,gBAAA;EACA,gBAAA;AAAA;;;;;;;;iBAUc,kBAAA,CACd,CAAA,EAAG,mBAAA,EACH,MAAA,gCACC,aAAa;AD7CH;AAAA,iBC8FG,gBAAA,CAAiB,MAAA,EAAQ,kBAAA,GAAqB,aAAa;;iBAoD3D,oBAAA,CACd,MAAA,EAAQ,eAAA,IACR,IAAA;EAAQ,iBAAA;AAAA,IACP,aAAa;AD/IhB;AAAA,iBCwNgB,iBAAA,CAAkB,QAAA,EAAU,YAAA,KAAiB,aAAa;;iBAsE1D,mBAAA,CAAoB,OAAA,EAAS,eAAA,GAAkB,aAAa;;;;UC9U3D,aAAA;EACf,QAAA,GAAW,aAAA;EACX,QAAA,GAAW,aAAA;EACX,IAAA,GAAO,aAAA;EACP,KAAA,GAAQ,aAAA;EACR,MAAA,GAAS,aAAA;AAAA;;;AFZW;AAoBtB;;;;AAAwB;AAExB;;;iBEWgB,cAAA,CACd,MAAA,EAAQ,aAAA,EACR,MAAA,GAAQ,aAAA,GACP,gBAAA"}

package/dist/index.mjs

@@ -0,0 +1,364 @@
+import { SEVERITY_RANK, atLeast, maxSeverity } from "@sackville-mcp/severity";
+//#region src/adapters.ts
+/** Contract drift over validated responses (live run or capture-from-HAR). */
+function fromContractResults(results, source = "capture-from-HAR") {
+	if (results.length === 0) return {
+		pillar: "contract",
+		status: "no-signal",
+		severity: "none",
+		headline: "no contract entries validated",
+		source
+	};
+	let errors = 0;
+	let warnings = 0;
+	for (const r of results) for (const f of r.findings) if (f.severity === "error") errors++;
+	else warnings++;
+	if (errors > 0) return {
+		pillar: "contract",
+		status: "fail",
+		severity: "high",
+		headline: `${errors} contract error(s) across ${results.length} response(s)`,
+		counts: {
+			errors,
+			warnings,
+			entries: results.length
+		},
+		source
+	};
+	if (warnings > 0) return {
+		pillar: "contract",
+		status: "warn",
+		severity: "low",
+		headline: `${warnings} contract warning(s)`,
+		counts: {
+			errors,
+			warnings,
+			entries: results.length
+		},
+		source
+	};
+	return {
+		pillar: "contract",
+		status: "pass",
+		severity: "none",
+		headline: `${results.length} response(s) match the contract`,
+		counts: {
+			errors,
+			warnings,
+			entries: results.length
+		},
+		source
+	};
+}
+/**
+* Fold the FULL capture verdict (clean-aware): an error finding is a real breach (`fail`);
+* else a NOT-clean capture (no-signal / unresolved / zero validated) is `no-signal`
+* (inconclusive) — NEVER a pass riding on a sibling valid entry (ADR 0013 §1, the latent
+* hole this closes in the shipped 5e produce + consume paths); else a warning is `warn`;
+* else `pass`. Used by the verify orchestrator for the consume + both produce capture paths.
+*/
+function fromCaptureVerdict(v, source = "capture-from-HAR") {
+	let errors = 0;
+	let warnings = 0;
+	for (const r of v.results) for (const f of r.findings) if (f.severity === "error") errors++;
+	else warnings++;
+	if (errors > 0) return {
+		pillar: "contract",
+		status: "fail",
+		severity: "high",
+		headline: `${errors} contract error(s) across ${v.entriesValidated} response(s)`,
+		counts: {
+			errors,
+			warnings,
+			entries: v.entriesValidated
+		},
+		source
+	};
+	if (!v.clean) return {
+		pillar: "contract",
+		status: "no-signal",
+		severity: "none",
+		headline: v.entriesValidated === 0 ? "no contract entries validated" : v.unresolvedBodies > 0 ? `${v.unresolvedBodies} captured body(ies) could not be resolved` : `${v.noSignal} captured entr(ies) had no matching contract`,
+		source
+	};
+	if (warnings > 0) return {
+		pillar: "contract",
+		status: "warn",
+		severity: "low",
+		headline: `${warnings} contract warning(s)`,
+		counts: {
+			errors,
+			warnings,
+			entries: v.entriesValidated
+		},
+		source
+	};
+	return {
+		pillar: "contract",
+		status: "pass",
+		severity: "none",
+		headline: `${v.entriesValidated} response(s) match the contract`,
+		counts: {
+			errors,
+			warnings,
+			entries: v.entriesValidated
+		},
+		source
+	};
+}
+/** Coverage of a diff — the forgotten-assertion catch. */
+function fromDiffCoverage(report) {
+	const { summary, uncovered } = report;
+	if (summary.total === 0) return {
+		pillar: "coverage",
+		status: "no-signal",
+		severity: "none",
+		headline: "no new executable lines classified",
+		counts: { filesWithoutCoverage: summary.filesWithoutCoverage }
+	};
+	if (uncovered.length > 0) return {
+		pillar: "coverage",
+		status: "fail",
+		severity: "moderate",
+		headline: `${uncovered.length} uncovered new line(s)`,
+		counts: {
+			uncovered: uncovered.length,
+			covered: summary.covered,
+			filesWithoutCoverage: summary.filesWithoutCoverage
+		}
+	};
+	return {
+		pillar: "coverage",
+		status: "pass",
+		severity: "none",
+		headline: `all ${summary.covered} new executable line(s) covered`,
+		counts: { covered: summary.covered }
+	};
+}
+/** deps' `SeverityBucket` → the shared scale. `'unknown'` is NOT a severity here. */
+function bucketToSeverity(bucket) {
+	switch (bucket) {
+		case "critical":
+		case "high":
+		case "moderate":
+		case "low":
+		case "none": return bucket;
+		default: return "unknown";
+	}
+}
+/** Dependency vulnerability/deprecation audit over the installed versions. */
+function fromDependencyAudits(audits, opts) {
+	if (!opts.osvSnapshotLoaded) return {
+		pillar: "deps",
+		status: "no-signal",
+		severity: "none",
+		headline: "no OSV snapshot loaded — vulnerability status unknown",
+		counts: { packages: audits.length }
+	};
+	let worst = "none";
+	let hasUnknown = false;
+	let vulnerable = 0;
+	let deprecated = 0;
+	for (const a of audits) {
+		const sev = bucketToSeverity(a.worstSeverity);
+		if (sev === "unknown") hasUnknown = true;
+		else {
+			worst = maxSeverity(worst, sev);
+			if (sev !== "none") vulnerable++;
+		}
+		if (a.deprecated.isDeprecated) deprecated++;
+	}
+	const counts = {
+		packages: audits.length,
+		vulnerable,
+		deprecated
+	};
+	if (worst !== "none") return {
+		pillar: "deps",
+		status: "warn",
+		severity: worst,
+		headline: `${vulnerable} vulnerable package(s), worst ${worst}`,
+		counts
+	};
+	if (deprecated > 0) return {
+		pillar: "deps",
+		status: "warn",
+		severity: "low",
+		headline: `${deprecated} deprecated package(s)`,
+		counts
+	};
+	if (hasUnknown) return {
+		pillar: "deps",
+		status: "no-signal",
+		severity: "none",
+		headline: "a matched advisory has an undetermined severity",
+		counts
+	};
+	return {
+		pillar: "deps",
+		status: "pass",
+		severity: "none",
+		headline: `${audits.length} package(s) clean`,
+		counts
+	};
+}
+/** Severity of a flaky test scaled by its conservative flake magnitude. */
+function flakeSeverity(flakeScore) {
+	if (flakeScore >= .5) return "high";
+	if (flakeScore >= .2) return "moderate";
+	return "low";
+}
+/** Flaky/broken test detection over recorded run histories. */
+function fromFlakeVerdicts(verdicts) {
+	if (verdicts.length === 0) return {
+		pillar: "flake",
+		status: "no-signal",
+		severity: "none",
+		headline: "no test histories supplied"
+	};
+	let broken = 0;
+	let flaky = 0;
+	let reliable = 0;
+	let insufficient = 0;
+	let worstFlakeScore = 0;
+	for (const v of verdicts) switch (v.state) {
+		case "broken":
+			broken++;
+			break;
+		case "flaky":
+			flaky++;
+			worstFlakeScore = Math.max(worstFlakeScore, v.flakeScore);
+			break;
+		case "reliable":
+			reliable++;
+			break;
+		default: insufficient++;
+	}
+	const counts = {
+		broken,
+		flaky,
+		reliable,
+		insufficientData: insufficient,
+		total: verdicts.length
+	};
+	if (broken > 0) return {
+		pillar: "flake",
+		status: "fail",
+		severity: "high",
+		headline: `${broken} broken test(s)`,
+		counts
+	};
+	if (flaky > 0) return {
+		pillar: "flake",
+		status: "warn",
+		severity: flakeSeverity(worstFlakeScore),
+		headline: `${flaky} flaky test(s)`,
+		counts
+	};
+	if (insufficient > 0) return {
+		pillar: "flake",
+		status: "no-signal",
+		severity: "none",
+		headline: `${insufficient} test(s) with insufficient run history`,
+		counts
+	};
+	return {
+		pillar: "flake",
+		status: "pass",
+		severity: "none",
+		headline: `${reliable} reliable test(s)`,
+		counts
+	};
+}
+/** Mutation testing — are the tests meaningful? Keyed off survivors, not only score. */
+function fromMutationSummary(summary) {
+	const survivors = summary.survivors.length;
+	if (summary.metrics.mutationScore === null && survivors === 0) return {
+		pillar: "mutate",
+		status: "no-signal",
+		severity: "none",
+		headline: "no valid mutants evaluated"
+	};
+	if (survivors > 0) return {
+		pillar: "mutate",
+		status: "warn",
+		severity: "moderate",
+		headline: `${survivors} surviving mutant(s)`,
+		counts: {
+			survivors,
+			valid: summary.metrics.valid
+		}
+	};
+	return {
+		pillar: "mutate",
+		status: "pass",
+		severity: "none",
+		headline: "all valid mutants detected",
+		counts: {
+			survivors: 0,
+			valid: summary.metrics.valid
+		}
+	};
+}
+//#endregion
+//#region src/compose.ts
+/** Stable pillar order for the breakdown + tie-breaking the worst pillar. */
+const ORDER = [
+	"contract",
+	"coverage",
+	"deps",
+	"flake",
+	"mutate"
+];
+function missingPillar(pillar) {
+	return {
+		pillar,
+		status: "missing",
+		severity: "none",
+		headline: "no input supplied"
+	};
+}
+/**
+* Fold the per-pillar verdicts into one composite verdict (ADR 0013 §1). Pure and
+* deterministic. The load-bearing invariant: **absence is never a pass** — an
+* empty fold, or any present `missing`/`no-signal` pillar with no failing/warning
+* signal elsewhere, yields `inconclusive` (`ok:false`), never `pass`.
+*
+* The overall posture has NO baked-in threshold: a pillar only escalates the whole
+* verdict to `fail` either because the pillar itself decided `fail`, or because the
+* caller's `policy.failAtOrAbove` says its severity is failing. With no policy, a
+* severity-only finding stays `warn`.
+*/
+function composeVerdict(inputs, policy = {}) {
+	const pillars = ORDER.map((name) => inputs[name] ?? missingPillar(name));
+	const missing = pillars.filter((p) => p.status === "missing").map((p) => p.pillar);
+	const worstSeverity = maxSeverity(...pillars.map((p) => p.severity));
+	let worstPillar;
+	if (worstSeverity !== "none") {
+		for (const p of pillars) if (SEVERITY_RANK[p.severity] === SEVERITY_RANK[worstSeverity]) {
+			worstPillar = p.pillar;
+			break;
+		}
+	}
+	const failsByPolicy = (p) => policy.failAtOrAbove !== void 0 && (p.status === "warn" || p.status === "fail") && atLeast(p.severity, policy.failAtOrAbove);
+	const anyFail = pillars.some((p) => p.status === "fail" || failsByPolicy(p));
+	const anyWarn = pillars.some((p) => p.status === "warn");
+	const anyInconclusive = pillars.some((p) => p.status === "missing" || p.status === "no-signal" || p.skipReason !== void 0 || p.errorReason !== void 0);
+	let status;
+	if (anyFail) status = "fail";
+	else if (anyWarn) status = "warn";
+	else if (anyInconclusive) status = "inconclusive";
+	else status = "pass";
+	return {
+		ok: status === "pass",
+		status,
+		worstSeverity,
+		...worstPillar ? { worstPillar } : {},
+		pillars,
+		missing
+	};
+}
+//#endregion
+export { SEVERITY_RANK, atLeast, composeVerdict, fromCaptureVerdict, fromContractResults, fromDependencyAudits, fromDiffCoverage, fromFlakeVerdicts, fromMutationSummary, maxSeverity };
+
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../src/adapters.ts","../src/compose.ts"],"sourcesContent":["/**\n * The five per-pillar adapters (ADR 0013 §1, slices 8–9). Each maps a pillar's\n * native result onto the shared `PillarVerdict` shape. **Type-only imports** of the\n * pillar result interfaces — `@sackville-mcp/verdict` must never import a pillar runtime\n * (that would drag `better-sqlite3`/`playwright-core` in and break the\n * independent-gate posture). The inline severity choices are documented per\n * mapping; the load-bearing rule is that no `no-signal`/absence path ever returns\n * `pass`.\n */\nimport type { ContractResult } from '@sackville-mcp/api'\nimport type { DiffCoverageReport } from '@sackville-mcp/coverage'\nimport type { DependencyAudit } from '@sackville-mcp/deps'\nimport type { FlakeVerdict } from '@sackville-mcp/flake'\nimport type { MutationSummary } from '@sackville-mcp/mutate'\nimport { maxSeverity, type Severity } from './severity.js'\nimport type { PillarVerdict } from './types.js'\n\n/** Contract drift over validated responses (live run or capture-from-HAR). */\nexport function fromContractResults(\n  results: ContractResult[],\n  source: 'run' | 'capture-from-HAR' = 'capture-from-HAR',\n): PillarVerdict {\n  if (results.length === 0) {\n    // Zero entries validated = no signal, NOT a pass (ADR 0013 §1).\n    return {\n      pillar: 'contract',\n      status: 'no-signal',\n      severity: 'none',\n      headline: 'no contract entries validated',\n      source,\n    }\n  }\n  let errors = 0\n  let warnings = 0\n  for (const r of results) {\n    for (const f of r.findings) {\n      if (f.severity === 'error') errors++\n      else warnings++\n    }\n  }\n  if (errors > 0) {\n    // A response-schema violation / undocumented operation is a real breach → high.\n    return {\n      pillar: 'contract',\n      status: 'fail',\n      severity: 'high',\n      headline: `${errors} contract error(s) across ${results.length} response(s)`,\n      counts: { errors, warnings, entries: results.length },\n      source,\n    }\n  }\n  if (warnings > 0) {\n    return {\n      pillar: 'contract',\n      status: 'warn',\n      severity: 'low',\n      headline: `${warnings} contract warning(s)`,\n      counts: { errors, warnings, entries: results.length },\n      source,\n    }\n  }\n  return {\n    pillar: 'contract',\n    status: 'pass',\n    severity: 'none',\n    headline: `${results.length} response(s) match the contract`,\n    counts: { errors, warnings, entries: results.length },\n    source,\n  }\n}\n\n/**\n * The capture-verdict facts a contract sub-verdict needs to fold WITHOUT laundering an\n * unverifiable entry into a pass (5f, ADR 0013 Addendum 4). A superset of\n * `@sackville-mcp/api`'s `CaptureContractVerdict` — its no-signal/unresolved entries push NO\n * `ContractResult`, so `fromContractResults` (results-only) can't see them. `clean` is\n * the load-bearing flag (`entriesValidated>0 ∧ unresolvedBodies===0 ∧ noSignal===0 ∧ all\n * valid`).\n */\nexport interface CaptureVerdictFacts {\n  results: ContractResult[]\n  clean: boolean\n  noSignal: number\n  unresolvedBodies: number\n  entriesValidated: number\n}\n\n/**\n * Fold the FULL capture verdict (clean-aware): an error finding is a real breach (`fail`);\n * else a NOT-clean capture (no-signal / unresolved / zero validated) is `no-signal`\n * (inconclusive) — NEVER a pass riding on a sibling valid entry (ADR 0013 §1, the latent\n * hole this closes in the shipped 5e produce + consume paths); else a warning is `warn`;\n * else `pass`. Used by the verify orchestrator for the consume + both produce capture paths.\n */\nexport function fromCaptureVerdict(\n  v: CaptureVerdictFacts,\n  source: 'run' | 'capture-from-HAR' = 'capture-from-HAR',\n): PillarVerdict {\n  let errors = 0\n  let warnings = 0\n  for (const r of v.results) {\n    for (const f of r.findings) {\n      if (f.severity === 'error') errors++\n      else warnings++\n    }\n  }\n  if (errors > 0) {\n    return {\n      pillar: 'contract',\n      status: 'fail',\n      severity: 'high',\n      headline: `${errors} contract error(s) across ${v.entriesValidated} response(s)`,\n      counts: { errors, warnings, entries: v.entriesValidated },\n      source,\n    }\n  }\n  if (!v.clean) {\n    const headline =\n      v.entriesValidated === 0\n        ? 'no contract entries validated'\n        : v.unresolvedBodies > 0\n          ? `${v.unresolvedBodies} captured body(ies) could not be resolved`\n          : `${v.noSignal} captured entr(ies) had no matching contract`\n    return { pillar: 'contract', status: 'no-signal', severity: 'none', headline, source }\n  }\n  if (warnings > 0) {\n    return {\n      pillar: 'contract',\n      status: 'warn',\n      severity: 'low',\n      headline: `${warnings} contract warning(s)`,\n      counts: { errors, warnings, entries: v.entriesValidated },\n      source,\n    }\n  }\n  return {\n    pillar: 'contract',\n    status: 'pass',\n    severity: 'none',\n    headline: `${v.entriesValidated} response(s) match the contract`,\n    counts: { errors, warnings, entries: v.entriesValidated },\n    source,\n  }\n}\n\n/** Coverage of a diff — the forgotten-assertion catch. */\nexport function fromDiffCoverage(report: DiffCoverageReport): PillarVerdict {\n  const { summary, uncovered } = report\n  if (summary.total === 0) {\n    // No new executable lines were classified — nothing to assert on.\n    return {\n      pillar: 'coverage',\n      status: 'no-signal',\n      severity: 'none',\n      headline: 'no new executable lines classified',\n      counts: { filesWithoutCoverage: summary.filesWithoutCoverage },\n    }\n  }\n  if (uncovered.length > 0) {\n    // A new executable line with no covering test under a TDD gate is a real gap,\n    // but not a security-grade severity → moderate.\n    return {\n      pillar: 'coverage',\n      status: 'fail',\n      severity: 'moderate',\n      headline: `${uncovered.length} uncovered new line(s)`,\n      counts: {\n        uncovered: uncovered.length,\n        covered: summary.covered,\n        filesWithoutCoverage: summary.filesWithoutCoverage,\n      },\n    }\n  }\n  return {\n    pillar: 'coverage',\n    status: 'pass',\n    severity: 'none',\n    headline: `all ${summary.covered} new executable line(s) covered`,\n    counts: { covered: summary.covered },\n  }\n}\n\n/** deps' `SeverityBucket` → the shared scale. `'unknown'` is NOT a severity here. */\nfunction bucketToSeverity(bucket: DependencyAudit['worstSeverity']): Severity | 'unknown' {\n  switch (bucket) {\n    case 'critical':\n    case 'high':\n    case 'moderate':\n    case 'low':\n    case 'none':\n      return bucket\n    default:\n      // 'unknown' — never silently map to low/none (ADR 0013 slice 8 invariant).\n      return 'unknown'\n  }\n}\n\n/** Dependency vulnerability/deprecation audit over the installed versions. */\nexport function fromDependencyAudits(\n  audits: DependencyAudit[],\n  opts: { osvSnapshotLoaded: boolean },\n): PillarVerdict {\n  if (!opts.osvSnapshotLoaded) {\n    // \"No known vulnerabilities\" without a snapshot is not authoritative — no-signal,\n    // never a pass (deps' own `osvSnapshotLoaded:false` honesty; ADR 0013 §1).\n    return {\n      pillar: 'deps',\n      status: 'no-signal',\n      severity: 'none',\n      headline: 'no OSV snapshot loaded — vulnerability status unknown',\n      counts: { packages: audits.length },\n    }\n  }\n  let worst: Severity = 'none'\n  let hasUnknown = false\n  let vulnerable = 0\n  let deprecated = 0\n  for (const a of audits) {\n    const sev = bucketToSeverity(a.worstSeverity)\n    if (sev === 'unknown') hasUnknown = true\n    else {\n      worst = maxSeverity(worst, sev)\n      if (sev !== 'none') vulnerable++\n    }\n    if (a.deprecated.isDeprecated) deprecated++\n  }\n  const counts = { packages: audits.length, vulnerable, deprecated }\n  if (worst !== 'none') {\n    // A real, severity-rated vulnerability — `warn` here; the caller's policy decides\n    // whether that severity escalates the whole verdict to `fail`.\n    return {\n      pillar: 'deps',\n      status: 'warn',\n      severity: worst,\n      headline: `${vulnerable} vulnerable package(s), worst ${worst}`,\n      counts,\n    }\n  }\n  if (deprecated > 0) {\n    return {\n      pillar: 'deps',\n      status: 'warn',\n      severity: 'low',\n      headline: `${deprecated} deprecated package(s)`,\n      counts,\n    }\n  }\n  if (hasUnknown) {\n    // Some advisory severity could not be determined — not clean, not a pass.\n    return {\n      pillar: 'deps',\n      status: 'no-signal',\n      severity: 'none',\n      headline: 'a matched advisory has an undetermined severity',\n      counts,\n    }\n  }\n  return {\n    pillar: 'deps',\n    status: 'pass',\n    severity: 'none',\n    headline: `${audits.length} package(s) clean`,\n    counts,\n  }\n}\n\n/** Severity of a flaky test scaled by its conservative flake magnitude. */\nfunction flakeSeverity(flakeScore: number): Severity {\n  if (flakeScore >= 0.5) return 'high'\n  if (flakeScore >= 0.2) return 'moderate'\n  return 'low'\n}\n\n/** Flaky/broken test detection over recorded run histories. */\nexport function fromFlakeVerdicts(verdicts: FlakeVerdict[]): PillarVerdict {\n  if (verdicts.length === 0) {\n    return {\n      pillar: 'flake',\n      status: 'no-signal',\n      severity: 'none',\n      headline: 'no test histories supplied',\n    }\n  }\n  let broken = 0\n  let flaky = 0\n  let reliable = 0\n  let insufficient = 0\n  let worstFlakeScore = 0\n  for (const v of verdicts) {\n    switch (v.state) {\n      case 'broken':\n        broken++\n        break\n      case 'flaky':\n        flaky++\n        worstFlakeScore = Math.max(worstFlakeScore, v.flakeScore)\n        break\n      case 'reliable':\n        reliable++\n        break\n      default:\n        insufficient++\n    }\n  }\n  const counts = { broken, flaky, reliable, insufficientData: insufficient, total: verdicts.length }\n  if (broken > 0) {\n    // A consistently-failing test is a real failure → high.\n    return {\n      pillar: 'flake',\n      status: 'fail',\n      severity: 'high',\n      headline: `${broken} broken test(s)`,\n      counts,\n    }\n  }\n  if (flaky > 0) {\n    return {\n      pillar: 'flake',\n      status: 'warn',\n      severity: flakeSeverity(worstFlakeScore),\n      headline: `${flaky} flaky test(s)`,\n      counts,\n    }\n  }\n  if (insufficient > 0) {\n    // Not enough runs to call the rest reliable — no-signal, never a pass.\n    return {\n      pillar: 'flake',\n      status: 'no-signal',\n      severity: 'none',\n      headline: `${insufficient} test(s) with insufficient run history`,\n      counts,\n    }\n  }\n  return {\n    pillar: 'flake',\n    status: 'pass',\n    severity: 'none',\n    headline: `${reliable} reliable test(s)`,\n    counts,\n  }\n}\n\n/** Mutation testing — are the tests meaningful? Keyed off survivors, not only score. */\nexport function fromMutationSummary(summary: MutationSummary): PillarVerdict {\n  const survivors = summary.survivors.length\n  // No valid mutants AND nothing survived = nothing ran meaningfully → no-signal.\n  // (Keying only off `mutationScore===null` would launder a real gap — ADR slice 9.)\n  if (summary.metrics.mutationScore === null && survivors === 0) {\n    return {\n      pillar: 'mutate',\n      status: 'no-signal',\n      severity: 'none',\n      headline: 'no valid mutants evaluated',\n    }\n  }\n  if (survivors > 0) {\n    // Surviving / never-covered mutants are the actionable test gap → moderate.\n    return {\n      pillar: 'mutate',\n      status: 'warn',\n      severity: 'moderate',\n      headline: `${survivors} surviving mutant(s)`,\n      counts: { survivors, valid: summary.metrics.valid },\n    }\n  }\n  return {\n    pillar: 'mutate',\n    status: 'pass',\n    severity: 'none',\n    headline: 'all valid mutants detected',\n    counts: { survivors: 0, valid: summary.metrics.valid },\n  }\n}\n","import { atLeast, maxSeverity, SEVERITY_RANK, type Severity } from './severity.js'\nimport type {\n  CompositeVerdict,\n  OverallStatus,\n  PillarName,\n  PillarVerdict,\n  VerdictPolicy,\n} from './types.js'\n\n/** Per-pillar adapter outputs. Any omitted pillar is folded as `missing`. */\nexport interface ComposeInputs {\n  contract?: PillarVerdict\n  coverage?: PillarVerdict\n  deps?: PillarVerdict\n  flake?: PillarVerdict\n  mutate?: PillarVerdict\n}\n\n/** Stable pillar order for the breakdown + tie-breaking the worst pillar. */\nconst ORDER: PillarName[] = ['contract', 'coverage', 'deps', 'flake', 'mutate']\n\nfunction missingPillar(pillar: PillarName): PillarVerdict {\n  return { pillar, status: 'missing', severity: 'none', headline: 'no input supplied' }\n}\n\n/**\n * Fold the per-pillar verdicts into one composite verdict (ADR 0013 §1). Pure and\n * deterministic. The load-bearing invariant: **absence is never a pass** — an\n * empty fold, or any present `missing`/`no-signal` pillar with no failing/warning\n * signal elsewhere, yields `inconclusive` (`ok:false`), never `pass`.\n *\n * The overall posture has NO baked-in threshold: a pillar only escalates the whole\n * verdict to `fail` either because the pillar itself decided `fail`, or because the\n * caller's `policy.failAtOrAbove` says its severity is failing. With no policy, a\n * severity-only finding stays `warn`.\n */\nexport function composeVerdict(\n  inputs: ComposeInputs,\n  policy: VerdictPolicy = {},\n): CompositeVerdict {\n  const pillars = ORDER.map((name) => inputs[name] ?? missingPillar(name))\n  const missing = pillars.filter((p) => p.status === 'missing').map((p) => p.pillar)\n\n  const worstSeverity = maxSeverity(...pillars.map((p) => p.severity))\n  // The worst pillar: highest severity, ties broken by ORDER; only when non-`none`.\n  let worstPillar: PillarName | undefined\n  if (worstSeverity !== 'none') {\n    for (const p of pillars) {\n      if (SEVERITY_RANK[p.severity] === SEVERITY_RANK[worstSeverity]) {\n        worstPillar = p.pillar\n        break\n      }\n    }\n  }\n\n  const failsByPolicy = (p: PillarVerdict): boolean =>\n    policy.failAtOrAbove !== undefined &&\n    (p.status === 'warn' || p.status === 'fail') &&\n    atLeast(p.severity, policy.failAtOrAbove)\n\n  const anyFail = pillars.some((p) => p.status === 'fail' || failsByPolicy(p))\n  const anyWarn = pillars.some((p) => p.status === 'warn')\n  // `missing`/`no-signal` are absence; so is any present run-driving provenance\n  // (`skipReason`/`errorReason`). The provenance check is defensive — it ensures a\n  // gate-blocked/errored pillar can never be laundered into a pass even if a future\n  // adapter mislabels its status (ADR 0013 Addendum, milestone 5c).\n  const anyInconclusive = pillars.some(\n    (p) =>\n      p.status === 'missing' ||\n      p.status === 'no-signal' ||\n      p.skipReason !== undefined ||\n      p.errorReason !== undefined,\n  )\n\n  let status: OverallStatus\n  if (anyFail) status = 'fail'\n  else if (anyWarn) status = 'warn'\n  else if (anyInconclusive) status = 'inconclusive'\n  else status = 'pass'\n\n  return {\n    ok: status === 'pass',\n    status,\n    worstSeverity,\n    ...(worstPillar ? { worstPillar } : {}),\n    pillars,\n    missing,\n  }\n}\n\nexport type { Severity }\n"],"mappings":";;;AAkBA,SAAgB,oBACd,SACA,SAAqC,oBACtB;CACf,IAAI,QAAQ,WAAW,GAErB,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;EACV;CACF;CAEF,IAAI,SAAS;CACb,IAAI,WAAW;CACf,KAAK,MAAM,KAAK,SACd,KAAK,MAAM,KAAK,EAAE,UAChB,IAAI,EAAE,aAAa,SAAS;MACvB;CAGT,IAAI,SAAS,GAEX,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,OAAO,4BAA4B,QAAQ,OAAO;EAC/D,QAAQ;GAAE;GAAQ;GAAU,SAAS,QAAQ;EAAO;EACpD;CACF;CAEF,IAAI,WAAW,GACb,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,SAAS;EACtB,QAAQ;GAAE;GAAQ;GAAU,SAAS,QAAQ;EAAO;EACpD;CACF;CAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,QAAQ,OAAO;EAC5B,QAAQ;GAAE;GAAQ;GAAU,SAAS,QAAQ;EAAO;EACpD;CACF;AACF;;;;;;;;AAyBA,SAAgB,mBACd,GACA,SAAqC,oBACtB;CACf,IAAI,SAAS;CACb,IAAI,WAAW;CACf,KAAK,MAAM,KAAK,EAAE,SAChB,KAAK,MAAM,KAAK,EAAE,UAChB,IAAI,EAAE,aAAa,SAAS;MACvB;CAGT,IAAI,SAAS,GACX,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,OAAO,4BAA4B,EAAE,iBAAiB;EACnE,QAAQ;GAAE;GAAQ;GAAU,SAAS,EAAE;EAAiB;EACxD;CACF;CAEF,IAAI,CAAC,EAAE,OAOL,OAAO;EAAE,QAAQ;EAAY,QAAQ;EAAa,UAAU;EAAQ,UALlE,EAAE,qBAAqB,IACnB,kCACA,EAAE,mBAAmB,IACnB,GAAG,EAAE,iBAAiB,6CACtB,GAAG,EAAE,SAAS;EACwD;CAAO;CAEvF,IAAI,WAAW,GACb,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,SAAS;EACtB,QAAQ;GAAE;GAAQ;GAAU,SAAS,EAAE;EAAiB;EACxD;CACF;CAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,EAAE,iBAAiB;EAChC,QAAQ;GAAE;GAAQ;GAAU,SAAS,EAAE;EAAiB;EACxD;CACF;AACF;;AAGA,SAAgB,iBAAiB,QAA2C;CAC1E,MAAM,EAAE,SAAS,cAAc;CAC/B,IAAI,QAAQ,UAAU,GAEpB,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;EACV,QAAQ,EAAE,sBAAsB,QAAQ,qBAAqB;CAC/D;CAEF,IAAI,UAAU,SAAS,GAGrB,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,UAAU,OAAO;EAC9B,QAAQ;GACN,WAAW,UAAU;GACrB,SAAS,QAAQ;GACjB,sBAAsB,QAAQ;EAChC;CACF;CAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,OAAO,QAAQ,QAAQ;EACjC,QAAQ,EAAE,SAAS,QAAQ,QAAQ;CACrC;AACF;;AAGA,SAAS,iBAAiB,QAAgE;CACxF,QAAQ,QAAR;EACE,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK;EACL,KAAK,QACH,OAAO;EACT,SAEE,OAAO;CACX;AACF;;AAGA,SAAgB,qBACd,QACA,MACe;CACf,IAAI,CAAC,KAAK,mBAGR,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;EACV,QAAQ,EAAE,UAAU,OAAO,OAAO;CACpC;CAEF,IAAI,QAAkB;CACtB,IAAI,aAAa;CACjB,IAAI,aAAa;CACjB,IAAI,aAAa;CACjB,KAAK,MAAM,KAAK,QAAQ;EACtB,MAAM,MAAM,iBAAiB,EAAE,aAAa;EAC5C,IAAI,QAAQ,WAAW,aAAa;OAC/B;GACH,QAAQ,YAAY,OAAO,GAAG;GAC9B,IAAI,QAAQ,QAAQ;EACtB;EACA,IAAI,EAAE,WAAW,cAAc;CACjC;CACA,MAAM,SAAS;EAAE,UAAU,OAAO;EAAQ;EAAY;CAAW;CACjE,IAAI,UAAU,QAGZ,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,WAAW,gCAAgC;EACxD;CACF;CAEF,IAAI,aAAa,GACf,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,WAAW;EACxB;CACF;CAEF,IAAI,YAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;EACV;CACF;CAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,OAAO,OAAO;EAC3B;CACF;AACF;;AAGA,SAAS,cAAc,YAA8B;CACnD,IAAI,cAAc,IAAK,OAAO;CAC9B,IAAI,cAAc,IAAK,OAAO;CAC9B,OAAO;AACT;;AAGA,SAAgB,kBAAkB,UAAyC;CACzE,IAAI,SAAS,WAAW,GACtB,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;CACZ;CAEF,IAAI,SAAS;CACb,IAAI,QAAQ;CACZ,IAAI,WAAW;CACf,IAAI,eAAe;CACnB,IAAI,kBAAkB;CACtB,KAAK,MAAM,KAAK,UACd,QAAQ,EAAE,OAAV;EACE,KAAK;GACH;GACA;EACF,KAAK;GACH;GACA,kBAAkB,KAAK,IAAI,iBAAiB,EAAE,UAAU;GACxD;EACF,KAAK;GACH;GACA;EACF,SACE;CACJ;CAEF,MAAM,SAAS;EAAE;EAAQ;EAAO;EAAU,kBAAkB;EAAc,OAAO,SAAS;CAAO;CACjG,IAAI,SAAS,GAEX,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,OAAO;EACpB;CACF;CAEF,IAAI,QAAQ,GACV,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU,cAAc,eAAe;EACvC,UAAU,GAAG,MAAM;EACnB;CACF;CAEF,IAAI,eAAe,GAEjB,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,aAAa;EAC1B;CACF;CAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,SAAS;EACtB;CACF;AACF;;AAGA,SAAgB,oBAAoB,SAAyC;CAC3E,MAAM,YAAY,QAAQ,UAAU;CAGpC,IAAI,QAAQ,QAAQ,kBAAkB,QAAQ,cAAc,GAC1D,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;CACZ;CAEF,IAAI,YAAY,GAEd,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU,GAAG,UAAU;EACvB,QAAQ;GAAE;GAAW,OAAO,QAAQ,QAAQ;EAAM;CACpD;CAEF,OAAO;EACL,QAAQ;EACR,QAAQ;EACR,UAAU;EACV,UAAU;EACV,QAAQ;GAAE,WAAW;GAAG,OAAO,QAAQ,QAAQ;EAAM;CACvD;AACF;;;;AClWA,MAAM,QAAsB;CAAC;CAAY;CAAY;CAAQ;CAAS;AAAQ;AAE9E,SAAS,cAAc,QAAmC;CACxD,OAAO;EAAE;EAAQ,QAAQ;EAAW,UAAU;EAAQ,UAAU;CAAoB;AACtF;;;;;;;;;;;;AAaA,SAAgB,eACd,QACA,SAAwB,CAAC,GACP;CAClB,MAAM,UAAU,MAAM,KAAK,SAAS,OAAO,SAAS,cAAc,IAAI,CAAC;CACvE,MAAM,UAAU,QAAQ,QAAQ,MAAM,EAAE,WAAW,SAAS,EAAE,KAAK,MAAM,EAAE,MAAM;CAEjF,MAAM,gBAAgB,YAAY,GAAG,QAAQ,KAAK,MAAM,EAAE,QAAQ,CAAC;CAEnE,IAAI;CACJ,IAAI,kBAAkB;OACf,MAAM,KAAK,SACd,IAAI,cAAc,EAAE,cAAc,cAAc,gBAAgB;GAC9D,cAAc,EAAE;GAChB;EACF;;CAIJ,MAAM,iBAAiB,MACrB,OAAO,kBAAkB,KAAA,MACxB,EAAE,WAAW,UAAU,EAAE,WAAW,WACrC,QAAQ,EAAE,UAAU,OAAO,aAAa;CAE1C,MAAM,UAAU,QAAQ,MAAM,MAAM,EAAE,WAAW,UAAU,cAAc,CAAC,CAAC;CAC3E,MAAM,UAAU,QAAQ,MAAM,MAAM,EAAE,WAAW,MAAM;CAKvD,MAAM,kBAAkB,QAAQ,MAC7B,MACC,EAAE,WAAW,aACb,EAAE,WAAW,eACb,EAAE,eAAe,KAAA,KACjB,EAAE,gBAAgB,KAAA,CACtB;CAEA,IAAI;CACJ,IAAI,SAAS,SAAS;MACjB,IAAI,SAAS,SAAS;MACtB,IAAI,iBAAiB,SAAS;MAC9B,SAAS;CAEd,OAAO;EACL,IAAI,WAAW;EACf;EACA;EACA,GAAI,cAAc,EAAE,YAAY,IAAI,CAAC;EACrC;EACA;CACF;AACF"}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@sackville-mcp/verdict",
+  "version": "0.0.1-alpha.0",
+  "type": "module",
+  "license": "Apache-2.0",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      }
+    }
+  },
+  "main": "./dist/index.mjs",
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@sackville-mcp/severity": "0.0.1-alpha.0"
+  },
+  "devDependencies": {
+    "@sackville-mcp/api": "0.0.1-alpha.0",
+    "@sackville-mcp/coverage": "0.0.1-alpha.0",
+    "@sackville-mcp/deps": "0.0.1-alpha.0",
+    "@sackville-mcp/flake": "0.0.1-alpha.0",
+    "@sackville-mcp/mutate": "0.0.1-alpha.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ceautery/sackville.git",
+    "directory": "packages/verdict"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "typecheck": "tsc --noEmit"
+  }
+}