@schemashift/core 0.11.0 → 0.12.0

package/dist/index.js

@@ -505,6 +505,88 @@ var MigrationAuditLog = class {
   clear() {
     this.write({ version: AUDIT_VERSION, entries: [] });
   }
+  /**
+   * Export a compliance report in SOC2 or HIPAA format.
+   */
+  exportComplianceReport(format) {
+    const log = this.read();
+    const summary = this.getSummary();
+    if (format === "soc2") {
+      return this.generateSoc2Report(log, summary);
+    }
+    return this.generateHipaaReport(log, summary);
+  }
+  generateSoc2Report(log, summary) {
+    const sections = [];
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    sections.push("# SOC2 Compliance Report \u2014 Schema Migration");
+    sections.push(`Generated: ${now}`);
+    sections.push("");
+    sections.push("## Change Control Summary");
+    sections.push(`- Total Migrations: ${summary.totalMigrations}`);
+    sections.push(`- Total Files Processed: ${summary.totalFiles}`);
+    sections.push(`- Successful: ${summary.successCount}`);
+    sections.push(`- Failed: ${summary.failureCount}`);
+    sections.push(`- Migration Paths: ${summary.migrationPaths.join(", ")}`);
+    sections.push("");
+    sections.push("## Change Control Entries");
+    for (const entry of log.entries) {
+      sections.push("");
+      sections.push(`### ${entry.filePath}`);
+      sections.push(`- Change ID: ${entry.migrationId}`);
+      sections.push(`- Timestamp: ${entry.timestamp}`);
+      sections.push(`- Action: ${entry.action}`);
+      sections.push(`- Migration: ${entry.from} \u2192 ${entry.to}`);
+      sections.push(`- Status: ${entry.success ? "Success" : "Failed"}`);
+      sections.push(`- Implementer: ${entry.user || "Unknown"}`);
+      sections.push(`- Before Hash: ${entry.beforeHash}`);
+      if (entry.afterHash) sections.push(`- After Hash: ${entry.afterHash}`);
+      sections.push(`- Warnings: ${entry.warningCount}`);
+      sections.push(`- Errors: ${entry.errorCount}`);
+      if (entry.riskScore !== void 0) sections.push(`- Risk Score: ${entry.riskScore}`);
+      if (entry.metadata?.ciProvider) sections.push(`- CI Provider: ${entry.metadata.ciProvider}`);
+      if (entry.metadata?.gitCommit) sections.push(`- Git Commit: ${entry.metadata.gitCommit}`);
+      if (entry.metadata?.gitBranch) sections.push(`- Git Branch: ${entry.metadata.gitBranch}`);
+    }
+    sections.push("");
+    sections.push("## Rollback Procedure");
+    sections.push("SchemaShift maintains automatic backups in `.schemashift/backups/`.");
+    sections.push("Use `schemashift rollback [backupId]` to restore files from any backup.");
+    sections.push("");
+    return sections.join("\n");
+  }
+  generateHipaaReport(log, summary) {
+    const sections = [];
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    sections.push("# HIPAA Compliance Audit Trail \u2014 Schema Migration");
+    sections.push(`Generated: ${now}`);
+    sections.push("");
+    sections.push("## Data Transformation Summary");
+    sections.push(`- Total Transformations: ${summary.totalFiles}`);
+    sections.push(`- Successful: ${summary.successCount}`);
+    sections.push(`- Failed: ${summary.failureCount}`);
+    sections.push("");
+    sections.push("## Integrity Verification");
+    for (const entry of log.entries) {
+      sections.push("");
+      sections.push(`### ${entry.filePath}`);
+      sections.push(`- Timestamp: ${entry.timestamp}`);
+      sections.push(`- User: ${entry.user || "Unknown"}`);
+      sections.push(`- Action: ${entry.action} (${entry.from} \u2192 ${entry.to})`);
+      sections.push(`- Integrity Before: SHA256:${entry.beforeHash}`);
+      if (entry.afterHash) sections.push(`- Integrity After: SHA256:${entry.afterHash}`);
+      sections.push(`- Status: ${entry.success ? "Completed" : "Failed"}`);
+      if (entry.metadata?.hostname) sections.push(`- Host: ${entry.metadata.hostname}`);
+      if (entry.metadata?.nodeVersion)
+        sections.push(`- Runtime: Node.js ${entry.metadata.nodeVersion}`);
+    }
+    sections.push("");
+    sections.push("## Access Control");
+    const users = [...new Set(log.entries.map((e) => e.user).filter(Boolean))];
+    sections.push(`- Users Who Performed Migrations: ${users.join(", ") || "Unknown"}`);
+    sections.push("");
+    return sections.join("\n");
+  }
   collectMetadata() {
     return {
       hostname: process.env.HOSTNAME || void 0,
@@ -1637,6 +1719,25 @@ var ComplexityEstimator = class {
       riskAreas
     };
   }
+  estimateDuration(estimate) {
+    const EFFORT_RANGES = {
+      trivial: { label: "1\u20135 minutes", range: [1, 5] },
+      low: { label: "5\u201315 minutes", range: [5, 15] },
+      moderate: { label: "15\u201345 minutes", range: [15, 45] },
+      high: { label: "1\u20133 hours", range: [60, 180] },
+      extreme: { label: "3\u20138 hours", range: [180, 480] }
+    };
+    const base = EFFORT_RANGES[estimate.effort];
+    const fileMultiplier = Math.max(1, Math.log2(estimate.totalFiles + 1));
+    const low = Math.round(base.range[0] * fileMultiplier);
+    const high = Math.round(base.range[1] * fileMultiplier);
+    if (high >= 120) {
+      const lowHours = Math.round(low / 60 * 10) / 10;
+      const highHours = Math.round(high / 60 * 10) / 10;
+      return { label: `${lowHours}\u2013${highHours} hours`, rangeMinutes: [low, high] };
+    }
+    return { label: `${low}\u2013${high} minutes`, rangeMinutes: [low, high] };
+  }
   calculateEffort(totalSchemas, advancedCount, hasDeepDU) {
     if (totalSchemas >= 500 && hasDeepDU) return "extreme";
     if (totalSchemas >= 200 || advancedCount >= 20) return "high";
@@ -3600,6 +3701,22 @@ var IncrementalTracker = class {
       percent
     };
   }
+  /**
+   * Get a canary batch — a percentage of remaining files, sorted simplest first.
+   * Used for phased rollouts where you migrate a small batch, verify, then continue.
+   */
+  getCanaryBatch(percent, fileSizes) {
+    const state = this.getState();
+    if (!state) return [];
+    const count = Math.max(1, Math.ceil(state.remainingFiles.length * (percent / 100)));
+    if (fileSizes) {
+      const sorted = [...state.remainingFiles].sort((a, b) => {
+        return (fileSizes.get(a) ?? 0) - (fileSizes.get(b) ?? 0);
+      });
+      return sorted.slice(0, count);
+    }
+    return state.remainingFiles.slice(0, count);
+  }
   clear() {
     if (existsSync8(this.statePath)) {
       unlinkSync(this.statePath);
@@ -3814,11 +3931,111 @@ var WebhookNotifier = class {
     }
     return results;
   }
+  /**
+   * Format event as Slack Block Kit message.
+   */
+  formatSlackPayload(event) {
+    const emoji = this.getEventEmoji(event.type);
+    const title = this.getEventTitle(event.type);
+    const details = event.details;
+    const blocks = [
+      {
+        type: "header",
+        text: { type: "plain_text", text: `${emoji} ${title}`, emoji: true }
+      },
+      {
+        type: "section",
+        fields: Object.entries(details).map(([key, value]) => ({
+          type: "mrkdwn",
+          text: `*${key}:* ${String(value)}`
+        }))
+      },
+      {
+        type: "context",
+        elements: [
+          {
+            type: "mrkdwn",
+            text: `SchemaShift | ${event.timestamp}${event.project ? ` | ${event.project}` : ""}`
+          }
+        ]
+      }
+    ];
+    return { blocks };
+  }
+  /**
+   * Format event as Microsoft Teams Adaptive Card.
+   */
+  formatTeamsPayload(event) {
+    const title = this.getEventTitle(event.type);
+    const details = event.details;
+    const facts = Object.entries(details).map(([key, value]) => ({
+      title: key,
+      value: String(value)
+    }));
+    return {
+      type: "message",
+      attachments: [
+        {
+          contentType: "application/vnd.microsoft.card.adaptive",
+          content: {
+            $schema: "http://adaptivecards.io/schemas/adaptive-card.json",
+            type: "AdaptiveCard",
+            version: "1.4",
+            body: [
+              {
+                type: "TextBlock",
+                text: title,
+                weight: "Bolder",
+                size: "Medium"
+              },
+              {
+                type: "FactSet",
+                facts
+              },
+              {
+                type: "TextBlock",
+                text: `SchemaShift | ${event.timestamp}`,
+                isSubtle: true,
+                size: "Small"
+              }
+            ]
+          }
+        }
+      ]
+    };
+  }
+  getEventEmoji(type) {
+    const emojis = {
+      migration_started: "\u{1F504}",
+      migration_completed: "\u2705",
+      migration_failed: "\u274C",
+      governance_violation: "\u26A0\uFE0F",
+      drift_detected: "\u{1F50D}"
+    };
+    return emojis[type];
+  }
+  getEventTitle(type) {
+    const titles = {
+      migration_started: "Migration Started",
+      migration_completed: "Migration Completed",
+      migration_failed: "Migration Failed",
+      governance_violation: "Governance Violation",
+      drift_detected: "Schema Drift Detected"
+    };
+    return titles[type];
+  }
   /**
    * Send event to a single webhook endpoint.
    */
   async sendToWebhook(webhook, event) {
-    const payload = JSON.stringify(event);
+    let payload;
+    if (webhook.type === "slack") {
+      payload = JSON.stringify(this.formatSlackPayload(event));
+    } else if (webhook.type === "teams") {
+      payload = JSON.stringify(this.formatTeamsPayload(event));
+    } else {
+      payload = JSON.stringify(event);
+    }
     const headers = {
       "Content-Type": "application/json",
       "User-Agent": "SchemaShift-Webhook/1.0",
@@ -4134,6 +4351,161 @@ var PluginLoader = class {
   }
 };
 
+// src/schema-verifier.ts
+var PRIMITIVE_SAMPLES = {
+  string: [
+    { name: "empty string", input: "", expectedValid: true },
+    { name: "normal string", input: "hello world", expectedValid: true },
+    { name: "number as string", input: "12345", expectedValid: true },
+    { name: "null input", input: null, expectedValid: false },
+    { name: "number input", input: 42, expectedValid: false },
+    { name: "boolean input", input: true, expectedValid: false },
+    { name: "undefined input", input: void 0, expectedValid: false }
+  ],
+  number: [
+    { name: "zero", input: 0, expectedValid: true },
+    { name: "positive int", input: 42, expectedValid: true },
+    { name: "negative int", input: -1, expectedValid: true },
+    { name: "float", input: 3.14, expectedValid: true },
+    { name: "string input", input: "hello", expectedValid: false },
+    { name: "null input", input: null, expectedValid: false },
+    { name: "NaN input", input: Number.NaN, expectedValid: false }
+  ],
+  boolean: [
+    { name: "true", input: true, expectedValid: true },
+    { name: "false", input: false, expectedValid: true },
+    { name: "string input", input: "true", expectedValid: false },
+    { name: "number input", input: 1, expectedValid: false },
+    { name: "null input", input: null, expectedValid: false }
+  ],
+  date: [
+    { name: "valid date", input: /* @__PURE__ */ new Date("2024-01-01"), expectedValid: true },
+    { name: "string input", input: "2024-01-01", expectedValid: false },
+    { name: "null input", input: null, expectedValid: false }
+  ]
+};
+var EMAIL_SAMPLES = [
+  { name: "valid email", input: "test@example.com", expectedValid: true },
+  { name: "invalid email", input: "not-an-email", expectedValid: false },
+  { name: "empty string", input: "", expectedValid: false }
+];
+var URL_SAMPLES = [
+  { name: "valid url", input: "https://example.com", expectedValid: true },
+  { name: "invalid url", input: "not a url", expectedValid: false }
+];
+var UUID_SAMPLES = [
+  { name: "valid uuid", input: "550e8400-e29b-41d4-a716-446655440000", expectedValid: true },
+  { name: "invalid uuid", input: "not-a-uuid", expectedValid: false }
+];
+function extractSchemaNames(sourceText) {
+  const schemas = [];
+  const patterns = [
+    /(?:const|let|var)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|v\.|t\.|S\.|type\(|object\(|string\()/g,
+    /export\s+(?:const|let|var)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|v\.|t\.|S\.|type\(|object\(|string\()/g
+  ];
+  for (const pattern of patterns) {
+    for (const match of sourceText.matchAll(pattern)) {
+      const name = match[1];
+      if (name && !schemas.includes(name)) {
+        schemas.push(name);
+      }
+    }
+  }
+  return schemas;
+}
+function generateSamples(sourceText, schemaName, maxSamples) {
+  const samples = [];
+  const schemaBlock = extractSchemaBlock(sourceText, schemaName);
+  if (!schemaBlock) return PRIMITIVE_SAMPLES.string?.slice(0, maxSamples) ?? [];
+  if (/\.email\s*\(/.test(schemaBlock)) {
+    samples.push(...EMAIL_SAMPLES);
+  }
+  if (/\.url\s*\(/.test(schemaBlock)) {
+    samples.push(...URL_SAMPLES);
+  }
+  if (/\.uuid\s*\(/.test(schemaBlock)) {
+    samples.push(...UUID_SAMPLES);
+  }
+  if (/string\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.string ?? []);
+  }
+  if (/number\s*\(/.test(schemaBlock) || /\.int\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.number ?? []);
+  }
+  if (/boolean\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.boolean ?? []);
+  }
+  if (/date\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.date ?? []);
+  }
+  if (/\.optional\s*\(/.test(schemaBlock) || /optional\s*\(/.test(schemaBlock)) {
+    samples.push({ name: "undefined (optional)", input: void 0, expectedValid: true });
+  }
+  if (/\.nullable\s*\(/.test(schemaBlock) || /nullable\s*\(/.test(schemaBlock)) {
+    samples.push({ name: "null (nullable)", input: null, expectedValid: true });
+  }
+  if (/\.min\s*\(\s*(\d+)/.test(schemaBlock)) {
+    const minMatch = schemaBlock.match(/\.min\s*\(\s*(\d+)/);
+    const minVal = minMatch ? Number.parseInt(minMatch[1] ?? "0", 10) : 0;
+    samples.push({
+      name: `below min (${minVal})`,
+      input: minVal > 0 ? "a".repeat(minVal - 1) : "",
+      expectedValid: false
+    });
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const unique = [];
+  for (const s of samples) {
+    if (!seen.has(s.name)) {
+      seen.add(s.name);
+      unique.push(s);
+    }
+  }
+  return unique.slice(0, maxSamples);
+}
+function extractSchemaBlock(sourceText, schemaName) {
+  const escapedName = schemaName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const pattern = new RegExp(
+    `(?:const|let|var|export\\s+const)\\s+${escapedName}\\s*=\\s*([\\s\\S]*?)(?:;\\s*$|;\\s*(?:const|let|var|export|function|class|type|interface))`,
+    "m"
+  );
+  const match = sourceText.match(pattern);
+  return match?.[1] ?? null;
+}
+function createVerificationReport(from, to, results) {
+  const totalSchemas = results.length;
+  const overallParityScore = totalSchemas > 0 ? results.reduce((sum, r) => sum + r.parityScore, 0) / totalSchemas : 100;
+  return {
+    from,
+    to,
+    totalSchemas,
+    results,
+    overallParityScore: Math.round(overallParityScore * 100) / 100,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function formatVerificationReport(report) {
+  const lines = [];
+  lines.push(`
+Schema Verification Report: ${report.from} \u2192 ${report.to}`);
+  lines.push("\u2500".repeat(50));
+  for (const result of report.results) {
+    const icon = result.parityScore === 100 ? "\u2713" : result.parityScore >= 80 ? "\u26A0" : "\u2717";
+    lines.push(
+      `  ${icon} ${result.schemaName} \u2014 ${result.parityScore}% parity (${result.matchingSamples}/${result.totalSamples} samples)`
+    );
+    for (const mismatch of result.mismatches) {
+      lines.push(
+        `    \u2514\u2500 ${mismatch.sampleName}: source=${mismatch.sourceResult.valid ? "valid" : "invalid"}, target=${mismatch.targetResult.valid ? "valid" : "invalid"}`
+      );
+    }
+  }
+  lines.push("\u2500".repeat(50));
+  lines.push(`Overall Parity: ${report.overallParityScore}%`);
+  lines.push("");
+  return lines.join("\n");
+}
+
 // src/standard-schema.ts
 import { existsSync as existsSync10, readFileSync as readFileSync10 } from "fs";
 import { join as join10 } from "path";
@@ -4632,10 +5004,14 @@ export {
   buildCallChain,
   computeParallelBatches,
   conditionalValidation,
+  createVerificationReport,
   dependentFields,
   detectFormLibraries,
   detectSchemaLibrary,
   detectStandardSchema,
+  extractSchemaNames,
+  formatVerificationReport,
+  generateSamples,
   getAllMigrationTemplates,
   getGovernanceTemplate,
   getGovernanceTemplateNames,