@schemashift/core 0.11.0 → 0.13.0

package/dist/index.cjs

@@ -30,11 +30,16 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  AUDIT_LOG_FILE: () => AUDIT_LOG_FILE,
   ApprovalManager: () => ApprovalManager,
+  BACKUP_DIR: () => BACKUP_DIR,
   BehavioralWarningAnalyzer: () => BehavioralWarningAnalyzer,
   BundleEstimator: () => BundleEstimator,
+  CONFIG_FILE_NAMES: () => CONFIG_FILE_NAMES,
   CompatibilityAnalyzer: () => CompatibilityAnalyzer,
   ComplexityEstimator: () => ComplexityEstimator,
+  DEFAULT_CONFIG_FILE: () => DEFAULT_CONFIG_FILE,
+  DeadSchemaDetector: () => DeadSchemaDetector,
   DetailedAnalyzer: () => DetailedAnalyzer,
   DriftDetector: () => DriftDetector,
   EcosystemAnalyzer: () => EcosystemAnalyzer,
@@ -43,16 +48,22 @@ __export(index_exports, {
   GovernanceEngine: () => GovernanceEngine,
   GovernanceFixer: () => GovernanceFixer,
   GraphExporter: () => GraphExporter,
+  INCREMENTAL_STATE_FILE: () => INCREMENTAL_STATE_FILE,
+  ImportDeduplicator: () => ImportDeduplicator,
   IncrementalTracker: () => IncrementalTracker,
   MigrationAuditLog: () => MigrationAuditLog,
   MigrationChain: () => MigrationChain,
   MonorepoResolver: () => MonorepoResolver,
+  PENDING_DIR: () => PENDING_DIR,
   PackageUpdater: () => PackageUpdater,
   PerformanceAnalyzer: () => PerformanceAnalyzer,
   PluginLoader: () => PluginLoader,
+  SCHEMASHIFT_DIR: () => SCHEMASHIFT_DIR,
+  SCHEMA_SNAPSHOT_FILE: () => SCHEMA_SNAPSHOT_FILE,
   SchemaAnalyzer: () => SchemaAnalyzer,
   SchemaDependencyResolver: () => SchemaDependencyResolver,
   StandardSchemaAdvisor: () => StandardSchemaAdvisor,
+  TESTS_DIR: () => TESTS_DIR,
   TestScaffolder: () => TestScaffolder,
   TransformEngine: () => TransformEngine,
   TypeDedupDetector: () => TypeDedupDetector,
@@ -60,10 +71,14 @@ __export(index_exports, {
   buildCallChain: () => buildCallChain,
   computeParallelBatches: () => computeParallelBatches,
   conditionalValidation: () => conditionalValidation,
+  createVerificationReport: () => createVerificationReport,
   dependentFields: () => dependentFields,
   detectFormLibraries: () => detectFormLibraries,
   detectSchemaLibrary: () => detectSchemaLibrary,
   detectStandardSchema: () => detectStandardSchema,
+  extractSchemaNames: () => extractSchemaNames,
+  formatVerificationReport: () => formatVerificationReport,
+  generateSamples: () => generateSamples,
   getAllMigrationTemplates: () => getAllMigrationTemplates,
   getGovernanceTemplate: () => getGovernanceTemplate,
   getGovernanceTemplateNames: () => getGovernanceTemplateNames,
@@ -225,10 +240,30 @@ var SchemaAnalyzer = class {
 // src/approval.ts
 var import_node_fs = require("fs");
 var import_node_path = require("path");
+
+// src/constants.ts
+var SCHEMASHIFT_DIR = ".schemashift";
+var BACKUP_DIR = ".schemashift-backup";
+var CONFIG_FILE_NAMES = [
+  ".schemashiftrc",
+  ".schemashiftrc.json",
+  ".schemashiftrc.yaml",
+  ".schemashiftrc.yml",
+  ".schemashiftrc.js",
+  ".schemashiftrc.cjs"
+];
+var DEFAULT_CONFIG_FILE = ".schemashiftrc.json";
+var INCREMENTAL_STATE_FILE = "incremental.json";
+var AUDIT_LOG_FILE = "audit-log.json";
+var SCHEMA_SNAPSHOT_FILE = "schema-snapshot.json";
+var PENDING_DIR = "pending";
+var TESTS_DIR = "tests";
+
+// src/approval.ts
 var ApprovalManager = class {
   pendingDir;
   constructor(projectPath) {
-    this.pendingDir = (0, import_node_path.join)(projectPath, ".schemashift", "pending");
+    this.pendingDir = (0, import_node_path.join)(projectPath, SCHEMASHIFT_DIR, PENDING_DIR);
   }
   /**
    * Create a new migration request for review.
@@ -277,8 +312,16 @@ var ApprovalManager = class {
     if (!(0, import_node_fs.existsSync)(filePath)) {
       return null;
     }
-    const content = (0, import_node_fs.readFileSync)(filePath, "utf-8");
-    return JSON.parse(content);
+    try {
+      const content = (0, import_node_fs.readFileSync)(filePath, "utf-8");
+      const parsed = JSON.parse(content);
+      if (!this.isValidRequest(parsed)) {
+        return null;
+      }
+      return parsed;
+    } catch {
+      return null;
+    }
   }
   /**
    * List all migration requests, optionally filtered by status.
@@ -290,10 +333,14 @@ var ApprovalManager = class {
     const files = (0, import_node_fs.readdirSync)(this.pendingDir).filter((f) => f.endsWith(".json"));
     const requests = [];
     for (const file of files) {
-      const content = (0, import_node_fs.readFileSync)((0, import_node_path.join)(this.pendingDir, file), "utf-8");
-      const request = JSON.parse(content);
-      if (!status || request.status === status) {
-        requests.push(request);
+      try {
+        const content = (0, import_node_fs.readFileSync)((0, import_node_path.join)(this.pendingDir, file), "utf-8");
+        const parsed = JSON.parse(content);
+        if (!this.isValidRequest(parsed)) continue;
+        if (!status || parsed.status === status) {
+          requests.push(parsed);
+        }
+      } catch {
       }
     }
     return requests.sort(
@@ -319,6 +366,11 @@ var ApprovalManager = class {
     const request = this.getRequest(requestId);
     return request?.status === "approved";
   }
+  isValidRequest(data) {
+    if (typeof data !== "object" || data === null) return false;
+    const obj = data;
+    return typeof obj.id === "string" && typeof obj.from === "string" && typeof obj.to === "string" && Array.isArray(obj.files) && typeof obj.requestedBy === "string" && typeof obj.status === "string" && ["pending", "approved", "rejected"].includes(obj.status);
+  }
   ensureDir() {
     if (!(0, import_node_fs.existsSync)(this.pendingDir)) {
       (0, import_node_fs.mkdirSync)(this.pendingDir, { recursive: true });
@@ -464,15 +516,13 @@ function transformMethodChain(chain, newBase, factoryMapper, methodMapper) {
 var import_node_crypto = require("crypto");
 var import_node_fs2 = require("fs");
 var import_node_path2 = require("path");
-var AUDIT_DIR = ".schemashift";
-var AUDIT_FILE = "audit-log.json";
 var AUDIT_VERSION = 1;
 var MigrationAuditLog = class {
   logDir;
   logPath;
   constructor(projectPath) {
-    this.logDir = (0, import_node_path2.join)(projectPath, AUDIT_DIR);
-    this.logPath = (0, import_node_path2.join)(this.logDir, AUDIT_FILE);
+    this.logDir = (0, import_node_path2.join)(projectPath, SCHEMASHIFT_DIR);
+    this.logPath = (0, import_node_path2.join)(this.logDir, AUDIT_LOG_FILE);
   }
   /**
    * Append a new entry to the audit log.
@@ -516,7 +566,11 @@ var MigrationAuditLog = class {
       if (!content.trim()) {
         return { version: AUDIT_VERSION, entries: [] };
       }
-      return JSON.parse(content);
+      const parsed = JSON.parse(content);
+      if (!this.isValidAuditLog(parsed)) {
+        return { version: AUDIT_VERSION, entries: [] };
+      }
+      return parsed;
     } catch {
       return { version: AUDIT_VERSION, entries: [] };
     }
@@ -594,6 +648,88 @@ var MigrationAuditLog = class {
   clear() {
     this.write({ version: AUDIT_VERSION, entries: [] });
   }
+  /**
+   * Export a compliance report in SOC2 or HIPAA format.
+   */
+  exportComplianceReport(format) {
+    const log = this.read();
+    const summary = this.getSummary();
+    if (format === "soc2") {
+      return this.generateSoc2Report(log, summary);
+    }
+    return this.generateHipaaReport(log, summary);
+  }
+  generateSoc2Report(log, summary) {
+    const sections = [];
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    sections.push("# SOC2 Compliance Report \u2014 Schema Migration");
+    sections.push(`Generated: ${now}`);
+    sections.push("");
+    sections.push("## Change Control Summary");
+    sections.push(`- Total Migrations: ${summary.totalMigrations}`);
+    sections.push(`- Total Files Processed: ${summary.totalFiles}`);
+    sections.push(`- Successful: ${summary.successCount}`);
+    sections.push(`- Failed: ${summary.failureCount}`);
+    sections.push(`- Migration Paths: ${summary.migrationPaths.join(", ")}`);
+    sections.push("");
+    sections.push("## Change Control Entries");
+    for (const entry of log.entries) {
+      sections.push("");
+      sections.push(`### ${entry.filePath}`);
+      sections.push(`- Change ID: ${entry.migrationId}`);
+      sections.push(`- Timestamp: ${entry.timestamp}`);
+      sections.push(`- Action: ${entry.action}`);
+      sections.push(`- Migration: ${entry.from} \u2192 ${entry.to}`);
+      sections.push(`- Status: ${entry.success ? "Success" : "Failed"}`);
+      sections.push(`- Implementer: ${entry.user || "Unknown"}`);
+      sections.push(`- Before Hash: ${entry.beforeHash}`);
+      if (entry.afterHash) sections.push(`- After Hash: ${entry.afterHash}`);
+      sections.push(`- Warnings: ${entry.warningCount}`);
+      sections.push(`- Errors: ${entry.errorCount}`);
+      if (entry.riskScore !== void 0) sections.push(`- Risk Score: ${entry.riskScore}`);
+      if (entry.metadata?.ciProvider) sections.push(`- CI Provider: ${entry.metadata.ciProvider}`);
+      if (entry.metadata?.gitCommit) sections.push(`- Git Commit: ${entry.metadata.gitCommit}`);
+      if (entry.metadata?.gitBranch) sections.push(`- Git Branch: ${entry.metadata.gitBranch}`);
+    }
+    sections.push("");
+    sections.push("## Rollback Procedure");
+    sections.push("SchemaShift maintains automatic backups in `.schemashift/backups/`.");
+    sections.push("Use `schemashift rollback [backupId]` to restore files from any backup.");
+    sections.push("");
+    return sections.join("\n");
+  }
+  generateHipaaReport(log, summary) {
+    const sections = [];
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    sections.push("# HIPAA Compliance Audit Trail \u2014 Schema Migration");
+    sections.push(`Generated: ${now}`);
+    sections.push("");
+    sections.push("## Data Transformation Summary");
+    sections.push(`- Total Transformations: ${summary.totalFiles}`);
+    sections.push(`- Successful: ${summary.successCount}`);
+    sections.push(`- Failed: ${summary.failureCount}`);
+    sections.push("");
+    sections.push("## Integrity Verification");
+    for (const entry of log.entries) {
+      sections.push("");
+      sections.push(`### ${entry.filePath}`);
+      sections.push(`- Timestamp: ${entry.timestamp}`);
+      sections.push(`- User: ${entry.user || "Unknown"}`);
+      sections.push(`- Action: ${entry.action} (${entry.from} \u2192 ${entry.to})`);
+      sections.push(`- Integrity Before: SHA256:${entry.beforeHash}`);
+      if (entry.afterHash) sections.push(`- Integrity After: SHA256:${entry.afterHash}`);
+      sections.push(`- Status: ${entry.success ? "Completed" : "Failed"}`);
+      if (entry.metadata?.hostname) sections.push(`- Host: ${entry.metadata.hostname}`);
+      if (entry.metadata?.nodeVersion)
+        sections.push(`- Runtime: Node.js ${entry.metadata.nodeVersion}`);
+    }
+    sections.push("");
+    sections.push("## Access Control");
+    const users = [...new Set(log.entries.map((e) => e.user).filter(Boolean))];
+    sections.push(`- Users Who Performed Migrations: ${users.join(", ") || "Unknown"}`);
+    sections.push("");
+    return sections.join("\n");
+  }
   collectMetadata() {
     return {
       hostname: process.env.HOSTNAME || void 0,
@@ -604,6 +740,13 @@ var MigrationAuditLog = class {
       gitCommit: process.env.GITHUB_SHA || process.env.CI_COMMIT_SHA || void 0
     };
   }
+  isValidAuditLog(data) {
+    if (typeof data !== "object" || data === null) return false;
+    const obj = data;
+    if (typeof obj.version !== "number") return false;
+    if (!Array.isArray(obj.entries)) return false;
+    return true;
+  }
   write(log) {
     if (!(0, import_node_fs2.existsSync)(this.logDir)) {
       (0, import_node_fs2.mkdirSync)(this.logDir, { recursive: true });
@@ -1047,6 +1190,12 @@ var import_node_path4 = require("path");
 // src/ecosystem.ts
 var import_node_fs3 = require("fs");
 var import_node_path3 = require("path");
+function parseMajorVersion(version) {
+  const match = version.match(/(\d+)/);
+  const num = match?.[1] ? Number.parseInt(match[1], 10) : 0;
+  if (!Number.isFinite(num) || num < 0 || num > 999) return 0;
+  return num;
+}
 var ECOSYSTEM_RULES = [
   // ORM integrations
   {
@@ -1088,8 +1237,7 @@ var ECOSYSTEM_RULES = [
     category: "api",
     migrations: ["zod-v3->v4"],
     check: (version) => {
-      const majorMatch = version.match(/(\d+)/);
-      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      const major = parseMajorVersion(version);
       if (major < 11) {
         return {
           issue: `tRPC v${major} expects Zod v3 types. A v3 ZodType is not assignable to a v4 ZodType.`,
@@ -1122,8 +1270,7 @@ var ECOSYSTEM_RULES = [
     category: "validation-util",
     migrations: ["zod-v3->v4"],
     check: (version) => {
-      const majorMatch = version.match(/(\d+)/);
-      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      const major = parseMajorVersion(version);
       if (major < 4) {
         return {
           issue: `zod-validation-error v${major} is not compatible with Zod v4.`,
@@ -1413,8 +1560,7 @@ var ECOSYSTEM_RULES = [
     category: "validation-util",
     migrations: ["zod-v3->v4"],
     check: (version) => {
-      const majorMatch = version.match(/(\d+)/);
-      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      const major = parseMajorVersion(version);
       if (major < 4) {
         return {
           issue: "zod-to-json-schema v3 may not fully support Zod v4 schemas.",
@@ -1726,6 +1872,25 @@ var ComplexityEstimator = class {
       riskAreas
     };
   }
+  estimateDuration(estimate) {
+    const EFFORT_RANGES = {
+      trivial: { label: "1\u20135 minutes", range: [1, 5] },
+      low: { label: "5\u201315 minutes", range: [5, 15] },
+      moderate: { label: "15\u201345 minutes", range: [15, 45] },
+      high: { label: "1\u20133 hours", range: [60, 180] },
+      extreme: { label: "3\u20138 hours", range: [180, 480] }
+    };
+    const base = EFFORT_RANGES[estimate.effort];
+    const fileMultiplier = Math.max(1, Math.log2(estimate.totalFiles + 1));
+    const low = Math.round(base.range[0] * fileMultiplier);
+    const high = Math.round(base.range[1] * fileMultiplier);
+    if (high >= 120) {
+      const lowHours = Math.round(low / 60 * 10) / 10;
+      const highHours = Math.round(high / 60 * 10) / 10;
+      return { label: `${lowHours}\u2013${highHours} hours`, rangeMinutes: [low, high] };
+    }
+    return { label: `${low}\u2013${high} minutes`, rangeMinutes: [low, high] };
+  }
   calculateEffort(totalSchemas, advancedCount, hasDeepDU) {
     if (totalSchemas >= 500 && hasDeepDU) return "extreme";
     if (totalSchemas >= 200 || advancedCount >= 20) return "high";
@@ -1790,7 +1955,7 @@ async function loadConfig(configPath) {
     include: ["**/*.ts", "**/*.tsx"],
     exclude: ["**/node_modules/**", "**/dist/**", "**/*.d.ts"],
     git: { enabled: false },
-    backup: { enabled: true, dir: ".schemashift-backup" },
+    backup: { enabled: true, dir: BACKUP_DIR },
     ...result?.config
   };
 }
@@ -1901,6 +2066,75 @@ function suggestCrossFieldPattern(whenCode) {
   return null;
 }
 
+// src/dead-schema-detector.ts
+var DeadSchemaDetector = class {
+  detect(sourceFiles) {
+    const schemas = this.collectSchemaDefinitions(sourceFiles);
+    const unusedSchemas = this.findUnusedSchemas(schemas, sourceFiles);
+    return {
+      unusedSchemas,
+      totalSchemas: schemas.length,
+      summary: unusedSchemas.length > 0 ? `Found ${unusedSchemas.length} unused schema(s) out of ${schemas.length} total that may be safely removed.` : `All ${schemas.length} schema(s) are referenced.`
+    };
+  }
+  collectSchemaDefinitions(sourceFiles) {
+    const schemas = [];
+    const schemaPattern = /(?:const|let|var|export\s+(?:const|let|var))\s+(\w+)\s*=\s*(?:z\.|yup\.|Yup\.|Joi\.|t\.|v\.|type\(|object\(|string\(|S\.)/;
+    for (const file of sourceFiles) {
+      const text = file.getFullText();
+      const lines = text.split("\n");
+      const filePath = file.getFilePath();
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (!line) continue;
+        const match = schemaPattern.exec(line);
+        if (match?.[1]) {
+          schemas.push({
+            schemaName: match[1],
+            filePath,
+            lineNumber: i + 1
+          });
+        }
+      }
+    }
+    return schemas;
+  }
+  findUnusedSchemas(schemas, sourceFiles) {
+    const fileContents = /* @__PURE__ */ new Map();
+    for (const file of sourceFiles) {
+      fileContents.set(file.getFilePath(), file.getFullText());
+    }
+    const unused = [];
+    for (const schema of schemas) {
+      const { schemaName, filePath } = schema;
+      let referenceCount = 0;
+      for (const [path, content] of fileContents) {
+        const pattern = new RegExp(`\\b${schemaName}\\b`, "g");
+        const matches = content.match(pattern);
+        const matchCount = matches?.length ?? 0;
+        if (path === filePath) {
+          if (matchCount > 1) {
+            referenceCount += matchCount - 1;
+          }
+        } else {
+          referenceCount += matchCount;
+        }
+      }
+      const fileContent = fileContents.get(filePath) ?? "";
+      const exportPattern = new RegExp(
+        `export\\s+(?:const|let|var)\\s+${schemaName}\\b|export\\s*\\{[^}]*\\b${schemaName}\\b`
+      );
+      if (exportPattern.test(fileContent)) {
+        referenceCount++;
+      }
+      if (referenceCount === 0) {
+        unused.push(schema);
+      }
+    }
+    return unused;
+  }
+};
+
 // src/dependency-graph.ts
 var import_node_fs5 = require("fs");
 var import_node_path5 = require("path");
@@ -2441,15 +2675,13 @@ var DetailedAnalyzer = class {
 var import_node_crypto2 = require("crypto");
 var import_node_fs7 = require("fs");
 var import_node_path7 = require("path");
-var SNAPSHOT_DIR = ".schemashift";
-var SNAPSHOT_FILE = "schema-snapshot.json";
 var SNAPSHOT_VERSION = 1;
 var DriftDetector = class {
   snapshotDir;
   snapshotPath;
   constructor(projectPath) {
-    this.snapshotDir = (0, import_node_path7.join)(projectPath, SNAPSHOT_DIR);
-    this.snapshotPath = (0, import_node_path7.join)(this.snapshotDir, SNAPSHOT_FILE);
+    this.snapshotDir = (0, import_node_path7.join)(projectPath, SCHEMASHIFT_DIR);
+    this.snapshotPath = (0, import_node_path7.join)(this.snapshotDir, SCHEMA_SNAPSHOT_FILE);
   }
   /**
    * Take a snapshot of the current schema state
@@ -2719,7 +2951,8 @@ var GovernanceEngine = class {
         if (this.rules.has("naming-convention")) {
           const config = this.rules.get("naming-convention") ?? {};
           const pattern = config.pattern || ".*Schema$";
-          if (!new RegExp(pattern).test(schemaName)) {
+          const regex = this.safeRegExp(pattern);
+          if (regex && !regex.test(schemaName)) {
             violations.push({
               rule: "naming-convention",
               message: `Schema "${schemaName}" does not match naming pattern: ${pattern}`,
@@ -2881,6 +3114,14 @@ var GovernanceEngine = class {
       passed: violations.filter((v) => v.severity === "error").length === 0
     };
   }
+  safeRegExp(pattern) {
+    if (pattern.length > 500) return null;
+    try {
+      return new RegExp(pattern);
+    } catch {
+      return null;
+    }
+  }
   detectFileLibrary(sourceFile) {
     for (const imp of sourceFile.getImportDeclarations()) {
       const lib = detectSchemaLibrary(imp.getModuleSpecifierValue());
@@ -3616,17 +3857,77 @@ var GraphExporter = class {
   }
 };
 
+// src/import-deduplicator.ts
+var ImportDeduplicator = class {
+  detect(sourceFiles) {
+    const allGroups = [];
+    for (const file of sourceFiles) {
+      const groups = this.findDuplicatesInFile(file);
+      allGroups.push(...groups);
+    }
+    const totalDuplicates = allGroups.reduce((sum, g) => sum + g.occurrences.length, 0);
+    return {
+      duplicateGroups: allGroups,
+      totalDuplicates,
+      summary: allGroups.length > 0 ? `Found ${allGroups.length} duplicate import group(s) across ${new Set(allGroups.map((g) => g.occurrences[0]?.filePath)).size} file(s). Merge them for cleaner imports.` : "No duplicate imports found."
+    };
+  }
+  findDuplicatesInFile(sourceFile) {
+    const imports = sourceFile.getImportDeclarations();
+    const filePath = sourceFile.getFilePath();
+    const bySource = /* @__PURE__ */ new Map();
+    for (const imp of imports) {
+      const source = imp.getModuleSpecifierValue();
+      const namedImports = imp.getNamedImports().map((n) => n.getName());
+      const namespaceImport = imp.getNamespaceImport()?.getText();
+      const defaultImport = imp.getDefaultImport()?.getText();
+      const importedNames = [];
+      if (defaultImport) importedNames.push(defaultImport);
+      if (namespaceImport) importedNames.push(`* as ${namespaceImport}`);
+      importedNames.push(...namedImports);
+      if (importedNames.length === 0) continue;
+      const entry = {
+        source,
+        filePath,
+        lineNumber: imp.getStartLineNumber(),
+        importedNames
+      };
+      const existing = bySource.get(source);
+      if (existing) {
+        existing.push(entry);
+      } else {
+        bySource.set(source, [entry]);
+      }
+    }
+    const groups = [];
+    for (const [source, occurrences] of bySource) {
+      if (occurrences.length <= 1) continue;
+      const allNames = /* @__PURE__ */ new Set();
+      for (const occ of occurrences) {
+        for (const name of occ.importedNames) {
+          allNames.add(name);
+        }
+      }
+      const mergedNames = [...allNames].sort().join(", ");
+      groups.push({
+        source,
+        occurrences,
+        suggestion: `Merge into single import: import { ${mergedNames} } from '${source}';`
+      });
+    }
+    return groups;
+  }
+};
+
 // src/incremental.ts
 var import_node_fs8 = require("fs");
 var import_node_path8 = require("path");
-var STATE_DIR = ".schemashift";
-var STATE_FILE = "incremental.json";
 var IncrementalTracker = class {
   stateDir;
   statePath;
   constructor(projectPath) {
-    this.stateDir = (0, import_node_path8.join)(projectPath, STATE_DIR);
-    this.statePath = (0, import_node_path8.join)(this.stateDir, STATE_FILE);
+    this.stateDir = (0, import_node_path8.join)(projectPath, SCHEMASHIFT_DIR);
+    this.statePath = (0, import_node_path8.join)(this.stateDir, INCREMENTAL_STATE_FILE);
   }
   start(files, from, to) {
     const state = {
@@ -3663,7 +3964,9 @@ var IncrementalTracker = class {
   getState() {
     if (!(0, import_node_fs8.existsSync)(this.statePath)) return null;
     try {
-      return JSON.parse((0, import_node_fs8.readFileSync)(this.statePath, "utf-8"));
+      const parsed = JSON.parse((0, import_node_fs8.readFileSync)(this.statePath, "utf-8"));
+      if (!this.isValidState(parsed)) return null;
+      return parsed;
     } catch {
       return null;
     }
@@ -3689,11 +3992,32 @@ var IncrementalTracker = class {
       percent
     };
   }
+  /**
+   * Get a canary batch — a percentage of remaining files, sorted simplest first.
+   * Used for phased rollouts where you migrate a small batch, verify, then continue.
+   */
+  getCanaryBatch(percent, fileSizes) {
+    const state = this.getState();
+    if (!state) return [];
+    const count = Math.max(1, Math.ceil(state.remainingFiles.length * (percent / 100)));
+    if (fileSizes) {
+      const sorted = [...state.remainingFiles].sort((a, b) => {
+        return (fileSizes.get(a) ?? 0) - (fileSizes.get(b) ?? 0);
+      });
+      return sorted.slice(0, count);
+    }
+    return state.remainingFiles.slice(0, count);
+  }
   clear() {
     if ((0, import_node_fs8.existsSync)(this.statePath)) {
       (0, import_node_fs8.unlinkSync)(this.statePath);
     }
   }
+  isValidState(data) {
+    if (typeof data !== "object" || data === null) return false;
+    const obj = data;
+    return typeof obj.migrationId === "string" && typeof obj.from === "string" && typeof obj.to === "string" && typeof obj.startedAt === "string" && Array.isArray(obj.completedFiles) && Array.isArray(obj.remainingFiles) && Array.isArray(obj.failedFiles);
+  }
   saveState(state) {
     if (!(0, import_node_fs8.existsSync)(this.stateDir)) {
       (0, import_node_fs8.mkdirSync)(this.stateDir, { recursive: true });
@@ -3903,11 +4227,111 @@ var WebhookNotifier = class {
     }
     return results;
   }
+  /**
+   * Format event as Slack Block Kit message.
+   */
+  formatSlackPayload(event) {
+    const emoji = this.getEventEmoji(event.type);
+    const title = this.getEventTitle(event.type);
+    const details = event.details;
+    const blocks = [
+      {
+        type: "header",
+        text: { type: "plain_text", text: `${emoji} ${title}`, emoji: true }
+      },
+      {
+        type: "section",
+        fields: Object.entries(details).map(([key, value]) => ({
+          type: "mrkdwn",
+          text: `*${key}:* ${String(value)}`
+        }))
+      },
+      {
+        type: "context",
+        elements: [
+          {
+            type: "mrkdwn",
+            text: `SchemaShift | ${event.timestamp}${event.project ? ` | ${event.project}` : ""}`
+          }
+        ]
+      }
+    ];
+    return { blocks };
+  }
+  /**
+   * Format event as Microsoft Teams Adaptive Card.
+   */
+  formatTeamsPayload(event) {
+    const title = this.getEventTitle(event.type);
+    const details = event.details;
+    const facts = Object.entries(details).map(([key, value]) => ({
+      title: key,
+      value: String(value)
+    }));
+    return {
+      type: "message",
+      attachments: [
+        {
+          contentType: "application/vnd.microsoft.card.adaptive",
+          content: {
+            $schema: "http://adaptivecards.io/schemas/adaptive-card.json",
+            type: "AdaptiveCard",
+            version: "1.4",
+            body: [
+              {
+                type: "TextBlock",
+                text: title,
+                weight: "Bolder",
+                size: "Medium"
+              },
+              {
+                type: "FactSet",
+                facts
+              },
+              {
+                type: "TextBlock",
+                text: `SchemaShift | ${event.timestamp}`,
+                isSubtle: true,
+                size: "Small"
+              }
+            ]
+          }
+        }
+      ]
+    };
+  }
+  getEventEmoji(type) {
+    const emojis = {
+      migration_started: "\u{1F504}",
+      migration_completed: "\u2705",
+      migration_failed: "\u274C",
+      governance_violation: "\u26A0\uFE0F",
+      drift_detected: "\u{1F50D}"
+    };
+    return emojis[type];
+  }
+  getEventTitle(type) {
+    const titles = {
+      migration_started: "Migration Started",
+      migration_completed: "Migration Completed",
+      migration_failed: "Migration Failed",
+      governance_violation: "Governance Violation",
+      drift_detected: "Schema Drift Detected"
+    };
+    return titles[type];
+  }
   /**
    * Send event to a single webhook endpoint.
    */
   async sendToWebhook(webhook, event) {
-    const payload = JSON.stringify(event);
+    let payload;
+    if (webhook.type === "slack") {
+      payload = JSON.stringify(this.formatSlackPayload(event));
+    } else if (webhook.type === "teams") {
+      payload = JSON.stringify(this.formatTeamsPayload(event));
+    } else {
+      payload = JSON.stringify(event);
+    }
     const headers = {
       "Content-Type": "application/json",
       "User-Agent": "SchemaShift-Webhook/1.0",
@@ -3917,11 +4341,15 @@ var WebhookNotifier = class {
       const signature = await computeSignature(payload, webhook.secret);
       headers["X-SchemaShift-Signature"] = `sha256=${signature}`;
     }
+    const timeoutMs = webhook.timeoutMs ?? 1e4;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
     try {
       const response = await fetch(webhook.url, {
         method: "POST",
         headers,
-        body: payload
+        body: payload,
+        signal: controller.signal
       });
       return {
         success: response.ok,
@@ -3929,10 +4357,13 @@ var WebhookNotifier = class {
         error: response.ok ? void 0 : `HTTP ${response.status}: ${response.statusText}`
       };
     } catch (err) {
+      const message = err instanceof Error && err.name === "AbortError" ? `Webhook request timed out after ${timeoutMs}ms` : err instanceof Error ? err.message : String(err);
       return {
         success: false,
-        error: err instanceof Error ? err.message : String(err)
+        error: message
       };
+    } finally {
+      clearTimeout(timeoutId);
     }
   }
   /**
@@ -4223,6 +4654,161 @@ var PluginLoader = class {
   }
 };
 
+// src/schema-verifier.ts
+var PRIMITIVE_SAMPLES = {
+  string: [
+    { name: "empty string", input: "", expectedValid: true },
+    { name: "normal string", input: "hello world", expectedValid: true },
+    { name: "number as string", input: "12345", expectedValid: true },
+    { name: "null input", input: null, expectedValid: false },
+    { name: "number input", input: 42, expectedValid: false },
+    { name: "boolean input", input: true, expectedValid: false },
+    { name: "undefined input", input: void 0, expectedValid: false }
+  ],
+  number: [
+    { name: "zero", input: 0, expectedValid: true },
+    { name: "positive int", input: 42, expectedValid: true },
+    { name: "negative int", input: -1, expectedValid: true },
+    { name: "float", input: 3.14, expectedValid: true },
+    { name: "string input", input: "hello", expectedValid: false },
+    { name: "null input", input: null, expectedValid: false },
+    { name: "NaN input", input: Number.NaN, expectedValid: false }
+  ],
+  boolean: [
+    { name: "true", input: true, expectedValid: true },
+    { name: "false", input: false, expectedValid: true },
+    { name: "string input", input: "true", expectedValid: false },
+    { name: "number input", input: 1, expectedValid: false },
+    { name: "null input", input: null, expectedValid: false }
+  ],
+  date: [
+    { name: "valid date", input: /* @__PURE__ */ new Date("2024-01-01"), expectedValid: true },
+    { name: "string input", input: "2024-01-01", expectedValid: false },
+    { name: "null input", input: null, expectedValid: false }
+  ]
+};
+var EMAIL_SAMPLES = [
+  { name: "valid email", input: "test@example.com", expectedValid: true },
+  { name: "invalid email", input: "not-an-email", expectedValid: false },
+  { name: "empty string", input: "", expectedValid: false }
+];
+var URL_SAMPLES = [
+  { name: "valid url", input: "https://example.com", expectedValid: true },
+  { name: "invalid url", input: "not a url", expectedValid: false }
+];
+var UUID_SAMPLES = [
+  { name: "valid uuid", input: "550e8400-e29b-41d4-a716-446655440000", expectedValid: true },
+  { name: "invalid uuid", input: "not-a-uuid", expectedValid: false }
+];
+function extractSchemaNames(sourceText) {
+  const schemas = [];
+  const patterns = [
+    /(?:const|let|var)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|v\.|t\.|S\.|type\(|object\(|string\()/g,
+    /export\s+(?:const|let|var)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|v\.|t\.|S\.|type\(|object\(|string\()/g
+  ];
+  for (const pattern of patterns) {
+    for (const match of sourceText.matchAll(pattern)) {
+      const name = match[1];
+      if (name && !schemas.includes(name)) {
+        schemas.push(name);
+      }
+    }
+  }
+  return schemas;
+}
+function generateSamples(sourceText, schemaName, maxSamples) {
+  const samples = [];
+  const schemaBlock = extractSchemaBlock(sourceText, schemaName);
+  if (!schemaBlock) return PRIMITIVE_SAMPLES.string?.slice(0, maxSamples) ?? [];
+  if (/\.email\s*\(/.test(schemaBlock)) {
+    samples.push(...EMAIL_SAMPLES);
+  }
+  if (/\.url\s*\(/.test(schemaBlock)) {
+    samples.push(...URL_SAMPLES);
+  }
+  if (/\.uuid\s*\(/.test(schemaBlock)) {
+    samples.push(...UUID_SAMPLES);
+  }
+  if (/string\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.string ?? []);
+  }
+  if (/number\s*\(/.test(schemaBlock) || /\.int\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.number ?? []);
+  }
+  if (/boolean\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.boolean ?? []);
+  }
+  if (/date\s*\(/.test(schemaBlock)) {
+    samples.push(...PRIMITIVE_SAMPLES.date ?? []);
+  }
+  if (/\.optional\s*\(/.test(schemaBlock) || /optional\s*\(/.test(schemaBlock)) {
+    samples.push({ name: "undefined (optional)", input: void 0, expectedValid: true });
+  }
+  if (/\.nullable\s*\(/.test(schemaBlock) || /nullable\s*\(/.test(schemaBlock)) {
+    samples.push({ name: "null (nullable)", input: null, expectedValid: true });
+  }
+  if (/\.min\s*\(\s*(\d+)/.test(schemaBlock)) {
+    const minMatch = schemaBlock.match(/\.min\s*\(\s*(\d+)/);
+    const minVal = minMatch ? Number.parseInt(minMatch[1] ?? "0", 10) : 0;
+    samples.push({
+      name: `below min (${minVal})`,
+      input: minVal > 0 ? "a".repeat(minVal - 1) : "",
+      expectedValid: false
+    });
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const unique = [];
+  for (const s of samples) {
+    if (!seen.has(s.name)) {
+      seen.add(s.name);
+      unique.push(s);
+    }
+  }
+  return unique.slice(0, maxSamples);
+}
+function extractSchemaBlock(sourceText, schemaName) {
+  const escapedName = schemaName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const pattern = new RegExp(
+    `(?:const|let|var|export\\s+const)\\s+${escapedName}\\s*=\\s*([\\s\\S]*?)(?:;\\s*$|;\\s*(?:const|let|var|export|function|class|type|interface))`,
+    "m"
+  );
+  const match = sourceText.match(pattern);
+  return match?.[1] ?? null;
+}
+function createVerificationReport(from, to, results) {
+  const totalSchemas = results.length;
+  const overallParityScore = totalSchemas > 0 ? results.reduce((sum, r) => sum + r.parityScore, 0) / totalSchemas : 100;
+  return {
+    from,
+    to,
+    totalSchemas,
+    results,
+    overallParityScore: Math.round(overallParityScore * 100) / 100,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function formatVerificationReport(report) {
+  const lines = [];
+  lines.push(`
+Schema Verification Report: ${report.from} \u2192 ${report.to}`);
+  lines.push("\u2500".repeat(50));
+  for (const result of report.results) {
+    const icon = result.parityScore === 100 ? "\u2713" : result.parityScore >= 80 ? "\u26A0" : "\u2717";
+    lines.push(
+      `  ${icon} ${result.schemaName} \u2014 ${result.parityScore}% parity (${result.matchingSamples}/${result.totalSamples} samples)`
+    );
+    for (const mismatch of result.mismatches) {
+      lines.push(
+        `    \u2514\u2500 ${mismatch.sampleName}: source=${mismatch.sourceResult.valid ? "valid" : "invalid"}, target=${mismatch.targetResult.valid ? "valid" : "invalid"}`
+      );
+    }
+  }
+  lines.push("\u2500".repeat(50));
+  lines.push(`Overall Parity: ${report.overallParityScore}%`);
+  lines.push("");
+  return lines.join("\n");
+}
+
 // src/standard-schema.ts
 var import_node_fs10 = require("fs");
 var import_node_path10 = require("path");
@@ -4692,11 +5278,16 @@ var TypeDedupDetector = class {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AUDIT_LOG_FILE,
   ApprovalManager,
+  BACKUP_DIR,
   BehavioralWarningAnalyzer,
   BundleEstimator,
+  CONFIG_FILE_NAMES,
   CompatibilityAnalyzer,
   ComplexityEstimator,
+  DEFAULT_CONFIG_FILE,
+  DeadSchemaDetector,
   DetailedAnalyzer,
   DriftDetector,
   EcosystemAnalyzer,
@@ -4705,16 +5296,22 @@ var TypeDedupDetector = class {
   GovernanceEngine,
   GovernanceFixer,
   GraphExporter,
+  INCREMENTAL_STATE_FILE,
+  ImportDeduplicator,
   IncrementalTracker,
   MigrationAuditLog,
   MigrationChain,
   MonorepoResolver,
+  PENDING_DIR,
   PackageUpdater,
   PerformanceAnalyzer,
   PluginLoader,
+  SCHEMASHIFT_DIR,
+  SCHEMA_SNAPSHOT_FILE,
   SchemaAnalyzer,
   SchemaDependencyResolver,
   StandardSchemaAdvisor,
+  TESTS_DIR,
   TestScaffolder,
   TransformEngine,
   TypeDedupDetector,
@@ -4722,10 +5319,14 @@ var TypeDedupDetector = class {
   buildCallChain,
   computeParallelBatches,
   conditionalValidation,
+  createVerificationReport,
   dependentFields,
   detectFormLibraries,
   detectSchemaLibrary,
   detectStandardSchema,
+  extractSchemaNames,
+  formatVerificationReport,
+  generateSamples,
   getAllMigrationTemplates,
   getGovernanceTemplate,
   getGovernanceTemplateNames,