@schemashift/core 0.7.0 → 0.9.0

package/dist/index.js

@@ -264,6 +264,465 @@ function transformMethodChain(chain, newBase, factoryMapper, methodMapper) {
   return buildCallChain(newBase, factory.name, factory.args, mappedMethods);
 }
 
+// src/audit-log.ts
+import { createHash } from "crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+var AUDIT_DIR = ".schemashift";
+var AUDIT_FILE = "audit-log.json";
+var AUDIT_VERSION = 1;
+var MigrationAuditLog = class {
+  logDir;
+  logPath;
+  constructor(projectPath) {
+    this.logDir = join(projectPath, AUDIT_DIR);
+    this.logPath = join(this.logDir, AUDIT_FILE);
+  }
+  /**
+   * Append a new entry to the audit log.
+   */
+  append(entry) {
+    const log = this.read();
+    log.entries.push(entry);
+    this.write(log);
+  }
+  /**
+   * Create an audit entry for a file transformation.
+   */
+  createEntry(params) {
+    return {
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      migrationId: params.migrationId,
+      filePath: params.filePath,
+      action: "transform",
+      from: params.from,
+      to: params.to,
+      success: params.success,
+      beforeHash: this.hashContent(params.originalCode),
+      afterHash: params.transformedCode ? this.hashContent(params.transformedCode) : void 0,
+      warningCount: params.warningCount,
+      errorCount: params.errorCount,
+      riskScore: params.riskScore,
+      duration: params.duration,
+      user: this.getCurrentUser()
+    };
+  }
+  /**
+   * Read the current audit log.
+   */
+  read() {
+    if (!existsSync(this.logPath)) {
+      return { version: AUDIT_VERSION, entries: [] };
+    }
+    try {
+      const content = readFileSync(this.logPath, "utf-8");
+      if (!content.trim()) {
+        return { version: AUDIT_VERSION, entries: [] };
+      }
+      return JSON.parse(content);
+    } catch {
+      return { version: AUDIT_VERSION, entries: [] };
+    }
+  }
+  /**
+   * Get entries for a specific migration.
+   */
+  getByMigration(migrationId) {
+    const log = this.read();
+    return log.entries.filter((e) => e.migrationId === migrationId);
+  }
+  /**
+   * Get summary statistics for the audit log.
+   */
+  getSummary() {
+    const log = this.read();
+    const migrationIds = new Set(log.entries.map((e) => e.migrationId));
+    const migrationPaths = [...new Set(log.entries.map((e) => `${e.from}->${e.to}`))];
+    return {
+      totalMigrations: migrationIds.size,
+      totalFiles: log.entries.length,
+      successCount: log.entries.filter((e) => e.success).length,
+      failureCount: log.entries.filter((e) => !e.success).length,
+      migrationPaths
+    };
+  }
+  /**
+   * Clear the audit log.
+   */
+  clear() {
+    this.write({ version: AUDIT_VERSION, entries: [] });
+  }
+  write(log) {
+    if (!existsSync(this.logDir)) {
+      mkdirSync(this.logDir, { recursive: true });
+    }
+    writeFileSync(this.logPath, JSON.stringify(log, null, 2));
+  }
+  hashContent(content) {
+    return createHash("sha256").update(content).digest("hex").substring(0, 16);
+  }
+  getCurrentUser() {
+    return process.env.USER || process.env.USERNAME || void 0;
+  }
+};
+
+// src/behavioral-warnings.ts
+var BEHAVIORAL_RULES = [
+  // Yup -> Zod: Type coercion differences
+  {
+    category: "type-coercion",
+    migrations: ["yup->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/yup\.(number|date)\s*\(\)/.test(text)) {
+        warnings.push({
+          category: "type-coercion",
+          message: "Yup silently coerces types; Zod rejects mismatches.",
+          detail: `Yup's number() accepts strings like "42" and coerces them. Zod's number() rejects strings. Use z.coerce.number() for equivalent behavior, especially for HTML form inputs which always return strings.`,
+          filePath,
+          severity: "warning",
+          migration: "yup->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Yup -> Zod: Form input string values
+  {
+    category: "form-input",
+    migrations: ["yup->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      const hasFormImport = /yupResolver|useFormik|from\s+['"]formik['"]|from\s+['"]@hookform/.test(
+        text
+      );
+      const hasNumberOrDate = /yup\.(number|date)\s*\(\)/.test(text);
+      if (hasFormImport && hasNumberOrDate) {
+        warnings.push({
+          category: "form-input",
+          message: "HTML inputs return strings \u2014 Zod will reject unless using z.coerce.*",
+          detail: 'HTML <input type="number"> returns strings. Yup coerces automatically, but Zod requires explicit coercion. Use z.coerce.number() or register({ valueAsNumber: true }) in React Hook Form.',
+          filePath,
+          severity: "error",
+          migration: "yup->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Joi -> Zod: Error handling paradigm shift
+  {
+    category: "error-handling",
+    migrations: ["joi->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.validate\s*\(/.test(text) && /[Jj]oi/.test(text)) {
+        warnings.push({
+          category: "error-handling",
+          message: "Joi .validate() returns { value, error }; Zod .parse() throws.",
+          detail: "Joi uses an inspection pattern: .validate() returns an object with value and error. Zod .parse() throws a ZodError on failure. Use .safeParse() for a non-throwing equivalent that returns { success, data, error }.",
+          filePath,
+          severity: "warning",
+          migration: "joi->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Joi -> Zod: Null handling differences
+  {
+    category: "null-handling",
+    migrations: ["joi->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.allow\s*\(\s*null\s*\)/.test(text)) {
+        warnings.push({
+          category: "null-handling",
+          message: "Joi .allow(null) vs Zod .nullable() have subtle differences.",
+          detail: 'Joi .allow(null) permits null alongside the base type. Zod .nullable() wraps the type in a union with null. Joi .allow("", null) has no single Zod equivalent \u2014 use z.union() or .transform().',
+          filePath,
+          severity: "info",
+          migration: "joi->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod v3 -> v4: Default value behavior change
+  {
+    category: "default-values",
+    migrations: ["zod-v3->v4"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.default\s*\(/.test(text) && /\.optional\s*\(\)/.test(text)) {
+        warnings.push({
+          category: "default-values",
+          message: ".default() + .optional() behavior changed silently in Zod v4.",
+          detail: "In Zod v3, .default(val).optional() returned undefined when property was missing. In Zod v4, it always returns the default value. This can cause unexpected behavior in API responses and form handling.",
+          filePath,
+          severity: "error",
+          migration: "zod-v3->v4"
+        });
+      }
+      if (/\.catch\s*\(/.test(text) && /\.optional\s*\(\)/.test(text)) {
+        warnings.push({
+          category: "default-values",
+          message: ".catch() + .optional() behavior changed in Zod v4.",
+          detail: "In Zod v4, object properties with .catch() that are .optional() now always return the caught value, even when the property is missing from input.",
+          filePath,
+          severity: "warning",
+          migration: "zod-v3->v4"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod v3 -> v4: Error format differences
+  {
+    category: "error-format",
+    migrations: ["zod-v3->v4"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/ZodError/.test(text) && /instanceof\s+Error/.test(text)) {
+        warnings.push({
+          category: "error-format",
+          message: "ZodError no longer extends Error in Zod v4.",
+          detail: 'In Zod v4, ZodError no longer extends Error. Code using "instanceof Error" to catch ZodErrors will silently miss them. Use "instanceof ZodError" or z.isZodError() instead.',
+          filePath,
+          severity: "error",
+          migration: "zod-v3->v4"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod v3 -> v4: Validation behavior differences
+  {
+    category: "validation-behavior",
+    migrations: ["zod-v3->v4"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.transform\s*\(/.test(text) && /\.refine\s*\(/.test(text)) {
+        warnings.push({
+          category: "validation-behavior",
+          message: ".transform() after .refine() behavior changed in Zod v4.",
+          detail: "In Zod v4, .transform() after .refine() may execute even if the refinement fails. Previously, transform was skipped on refinement failure.",
+          filePath,
+          severity: "warning",
+          migration: "zod-v3->v4"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod -> Valibot: Error handling differences
+  {
+    category: "error-handling",
+    migrations: ["zod->valibot"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.parse\s*\(/.test(text) && /z\./.test(text)) {
+        warnings.push({
+          category: "error-handling",
+          message: "Zod .parse() throws ZodError; Valibot v.parse() throws ValiError.",
+          detail: "Error class and structure differ between Zod and Valibot. ZodError has .issues array; ValiError has .issues with different structure. Update all error handling code that inspects validation errors.",
+          filePath,
+          severity: "warning",
+          migration: "zod->valibot"
+        });
+      }
+      return warnings;
+    }
+  },
+  // io-ts -> Zod: Either monad vs throw/safeParse
+  {
+    category: "error-handling",
+    migrations: ["io-ts->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\bEither\b/.test(text) || /\b(fold|chain|map)\s*\(/.test(text)) {
+        warnings.push({
+          category: "error-handling",
+          message: "io-ts uses Either monad for errors; Zod uses throw/safeParse.",
+          detail: "io-ts returns Either<Errors, T> (Right for success, Left for failure). Zod .parse() throws, .safeParse() returns { success, data, error }. All fold/chain/map patterns over Either must be rewritten.",
+          filePath,
+          severity: "error",
+          migration: "io-ts->zod"
+        });
+      }
+      return warnings;
+    }
+  }
+];
+var BehavioralWarningAnalyzer = class {
+  analyze(sourceFiles, from, to) {
+    const migration = `${from}->${to}`;
+    const warnings = [];
+    const applicableRules = BEHAVIORAL_RULES.filter((r) => r.migrations.includes(migration));
+    for (const sourceFile of sourceFiles) {
+      const filePath = sourceFile.getFilePath();
+      const text = sourceFile.getFullText();
+      const hasSourceLib = this.fileUsesLibrary(sourceFile, from);
+      if (!hasSourceLib) continue;
+      for (const rule of applicableRules) {
+        const ruleWarnings = rule.detect(text, filePath);
+        warnings.push(...ruleWarnings);
+      }
+    }
+    const summary = this.generateSummary(warnings, migration);
+    return { warnings, migrationPath: migration, summary };
+  }
+  fileUsesLibrary(sourceFile, library) {
+    for (const imp of sourceFile.getImportDeclarations()) {
+      const detected = detectSchemaLibrary(imp.getModuleSpecifierValue());
+      if (detected === library) return true;
+      if (library === "zod-v3" && detected === "zod") return true;
+      if (library === "zod" && detected === "zod") return true;
+    }
+    return false;
+  }
+  generateSummary(warnings, migration) {
+    if (warnings.length === 0) {
+      return `No behavioral differences detected for ${migration} migration.`;
+    }
+    const errorCount = warnings.filter((w) => w.severity === "error").length;
+    const warningCount = warnings.filter((w) => w.severity === "warning").length;
+    const infoCount = warnings.filter((w) => w.severity === "info").length;
+    const parts = [];
+    if (errorCount > 0) parts.push(`${errorCount} critical`);
+    if (warningCount > 0) parts.push(`${warningCount} warnings`);
+    if (infoCount > 0) parts.push(`${infoCount} info`);
+    return `Found ${warnings.length} behavioral difference(s) for ${migration}: ${parts.join(", ")}. Review before migrating.`;
+  }
+};
+
+// src/bundle-estimator.ts
+var LIBRARY_SIZES = {
+  zod: { fullKb: 14, baseKb: 14, treeShakable: false },
+  "zod-v3": { fullKb: 14, baseKb: 14, treeShakable: false },
+  v4: { fullKb: 17.7, baseKb: 17.7, treeShakable: false },
+  "zod-v4": { fullKb: 17.7, baseKb: 17.7, treeShakable: false },
+  "zod-mini": { fullKb: 7.5, baseKb: 3.5, treeShakable: true },
+  yup: { fullKb: 13.6, baseKb: 13.6, treeShakable: false },
+  joi: { fullKb: 29.7, baseKb: 29.7, treeShakable: false },
+  "io-ts": { fullKb: 6.5, baseKb: 6.5, treeShakable: true },
+  valibot: { fullKb: 5.8, baseKb: 1.4, treeShakable: true }
+};
+var VALIDATOR_OVERHEAD = {
+  valibot: 0.05
+};
+var COMMON_VALIDATORS = /* @__PURE__ */ new Set([
+  "string",
+  "number",
+  "boolean",
+  "object",
+  "array",
+  "optional",
+  "nullable",
+  "enum",
+  "union",
+  "literal",
+  "date",
+  "email",
+  "url",
+  "uuid",
+  "min",
+  "max",
+  "regex",
+  "transform",
+  "refine",
+  "default",
+  "record",
+  "tuple",
+  "lazy",
+  "discriminatedUnion",
+  "intersection",
+  "partial",
+  "pick",
+  "omit",
+  "brand",
+  "pipe"
+]);
+var BundleEstimator = class {
+  estimate(sourceFiles, from, to) {
+    const usedValidators = this.countUsedValidators(sourceFiles);
+    const fromInfo = this.getLibraryInfo(from, usedValidators);
+    const toInfo = this.getLibraryInfo(to, usedValidators);
+    const estimatedDelta = toInfo.estimatedUsedKb - fromInfo.estimatedUsedKb;
+    const deltaPercent = fromInfo.estimatedUsedKb > 0 ? Math.round(estimatedDelta / fromInfo.estimatedUsedKb * 100) : 0;
+    const caveats = this.generateCaveats(from, to, usedValidators);
+    const summary = this.generateSummary(fromInfo, toInfo, estimatedDelta, deltaPercent);
+    return {
+      from: fromInfo,
+      to: toInfo,
+      estimatedDelta,
+      deltaPercent,
+      summary,
+      caveats
+    };
+  }
+  countUsedValidators(sourceFiles) {
+    const usedSet = /* @__PURE__ */ new Set();
+    for (const file of sourceFiles) {
+      const text = file.getFullText();
+      for (const validator of COMMON_VALIDATORS) {
+        const pattern = new RegExp(`\\.${validator}\\s*[(<]`, "g");
+        if (pattern.test(text)) {
+          usedSet.add(validator);
+        }
+      }
+    }
+    return usedSet.size;
+  }
+  getLibraryInfo(library, usedValidators) {
+    const sizeKey = library === "zod-v3" ? "zod" : library;
+    const sizes = LIBRARY_SIZES[sizeKey] ?? { fullKb: 10, baseKb: 10, treeShakable: false };
+    let estimatedUsedKb;
+    if (sizes.treeShakable) {
+      const overhead = VALIDATOR_OVERHEAD[sizeKey] ?? 0.05;
+      estimatedUsedKb = Math.min(sizes.baseKb + usedValidators * overhead, sizes.fullKb);
+    } else {
+      estimatedUsedKb = sizes.fullKb;
+    }
+    return {
+      library: sizeKey,
+      minifiedGzipKb: sizes.fullKb,
+      treeShakable: sizes.treeShakable,
+      estimatedUsedKb: Math.round(estimatedUsedKb * 10) / 10
+    };
+  }
+  generateCaveats(from, to, _usedValidators) {
+    const caveats = [
+      "Sizes are estimates based on minified+gzipped bundle analysis.",
+      "Actual impact depends on bundler configuration, tree-shaking, and code splitting."
+    ];
+    if (to === "valibot") {
+      caveats.push(
+        "Valibot is fully tree-shakable \u2014 actual size depends on which validators you use."
+      );
+      caveats.push(
+        "Some developers report smaller-than-expected savings (6kB or less) in real projects."
+      );
+    }
+    if (from === "zod-v3" && to === "v4") {
+      caveats.push(
+        "Zod v4 is ~26% larger than v3 due to JIT compilation engine. Consider zod/mini for size-sensitive apps."
+      );
+    }
+    if (from === "joi") {
+      caveats.push(
+        "Joi is the largest schema library. Any migration will likely reduce bundle size."
+      );
+    }
+    return caveats;
+  }
+  generateSummary(from, to, delta, deltaPercent) {
+    const direction = delta > 0 ? "increase" : delta < 0 ? "decrease" : "no change";
+    const absDelta = Math.abs(Math.round(delta * 10) / 10);
+    return `Estimated bundle ${direction}: ${from.library} (${from.estimatedUsedKb}kB) \u2192 ${to.library} (${to.estimatedUsedKb}kB) = ${delta > 0 ? "+" : delta < 0 ? "-" : ""}${absDelta}kB (${deltaPercent > 0 ? "+" : ""}${deltaPercent}%)`;
+  }
+};
+
 // src/chain.ts
 import { Project as Project2 } from "ts-morph";
 var MigrationChain = class {
@@ -330,12 +789,12 @@ var MigrationChain = class {
 };
 
 // src/compatibility.ts
-import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
-import { join as join2 } from "path";
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
+import { join as join3 } from "path";
 
 // src/ecosystem.ts
-import { existsSync, readFileSync } from "fs";
-import { join } from "path";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
+import { join as join2 } from "path";
 var ECOSYSTEM_RULES = [
   // ORM integrations
   {
@@ -345,7 +804,8 @@ var ECOSYSTEM_RULES = [
     check: () => ({
       issue: "drizzle-zod may not support Zod v4. Check for a compatible version before upgrading.",
       suggestion: "Upgrade drizzle-zod to the latest version that supports Zod v4, or use --legacy-peer-deps.",
-      severity: "warning"
+      severity: "warning",
+      upgradeCommand: "npm install drizzle-zod@latest"
     })
   },
   {
@@ -355,7 +815,8 @@ var ECOSYSTEM_RULES = [
     check: () => ({
       issue: "zod-prisma generates Zod v3 schemas. Generated files will need regeneration after upgrading to Zod v4.",
       suggestion: "Upgrade zod-prisma to a v4-compatible version and regenerate schemas.",
-      severity: "warning"
+      severity: "warning",
+      upgradeCommand: "npm install zod-prisma@latest"
     })
   },
   {
@@ -365,7 +826,8 @@ var ECOSYSTEM_RULES = [
     check: () => ({
       issue: "zod-prisma-types generates Zod v3 schemas. Generated files will need regeneration.",
       suggestion: "Check for a Zod v4-compatible version of zod-prisma-types.",
-      severity: "warning"
+      severity: "warning",
+      upgradeCommand: "npm install zod-prisma-types@latest"
     })
   },
   // API framework integrations
@@ -380,7 +842,8 @@ var ECOSYSTEM_RULES = [
         return {
           issue: `tRPC v${major} expects Zod v3 types. A v3 ZodType is not assignable to a v4 ZodType.`,
           suggestion: "Upgrade to tRPC v11+ which supports Zod v4 via Standard Schema.",
-          severity: "error"
+          severity: "error",
+          upgradeCommand: "npm install @trpc/server@latest"
         };
       }
       return {
@@ -397,7 +860,8 @@ var ECOSYSTEM_RULES = [
     check: () => ({
       issue: "trpc-ui breaks entirely with Zod v4 schemas.",
       suggestion: "Check for a Zod v4-compatible version of trpc-ui before upgrading.",
-      severity: "error"
+      severity: "error",
+      upgradeCommand: "npm install trpc-ui@latest"
     })
   },
   // Validation utilities
@@ -412,7 +876,8 @@ var ECOSYSTEM_RULES = [
         return {
           issue: `zod-validation-error v${major} is not compatible with Zod v4.`,
           suggestion: "Upgrade zod-validation-error to v5.0.0+ for Zod v4 support.",
-          severity: "error"
+          severity: "error",
+          upgradeCommand: "npm install zod-validation-error@^5.0.0"
         };
       }
       return null;
@@ -428,13 +893,15 @@ var ECOSYSTEM_RULES = [
         return {
           issue: "@hookform/resolvers zodResolver may need updating for Zod v4.",
           suggestion: "Upgrade @hookform/resolvers to the latest version with Zod v4 support.",
-          severity: "warning"
+          severity: "warning",
+          upgradeCommand: "npm install @hookform/resolvers@latest"
         };
       }
       return {
         issue: "@hookform/resolvers will need its resolver import updated for the new schema library.",
         suggestion: "Switch from the old resolver (e.g., yupResolver) to zodResolver from @hookform/resolvers/zod.",
-        severity: "warning"
+        severity: "warning",
+        upgradeCommand: "npm install @hookform/resolvers@latest"
       };
     }
   },
@@ -466,7 +933,8 @@ var ECOSYSTEM_RULES = [
     check: () => ({
       issue: "zod-openapi may not support Zod v4 yet.",
       suggestion: "Check for a Zod v4-compatible version of zod-openapi.",
-      severity: "warning"
+      severity: "warning",
+      upgradeCommand: "npm install zod-openapi@latest"
     })
   },
   {
@@ -476,7 +944,60 @@ var ECOSYSTEM_RULES = [
     check: () => ({
       issue: "@asteasolutions/zod-to-openapi may not support Zod v4 yet.",
       suggestion: "Check for a Zod v4-compatible version of @asteasolutions/zod-to-openapi.",
-      severity: "warning"
+      severity: "warning",
+      upgradeCommand: "npm install @asteasolutions/zod-to-openapi@latest"
+    })
+  },
+  // AI/MCP integrations
+  {
+    package: "@modelcontextprotocol/sdk",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "MCP SDK may have Zod v4 compatibility issues. MCP servers typically expect Zod v3 schemas.",
+      suggestion: "Check MCP SDK release notes for Zod v4 support before upgrading. Consider staying on Zod v3 for MCP servers.",
+      severity: "warning",
+      upgradeCommand: "npm install @modelcontextprotocol/sdk@latest"
+    })
+  },
+  {
+    package: "@openai/agents",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "OpenAI Agents SDK recommends pinning to zod@3.25.67 due to TS2589 errors with newer versions.",
+      suggestion: "Pin zod to 3.25.67 for OpenAI Agents SDK compatibility, or wait for an SDK update with Zod v4 support.",
+      severity: "error"
+    })
+  },
+  // Additional validation utilities
+  {
+    package: "zod-to-json-schema",
+    category: "validation-util",
+    migrations: ["zod-v3->v4"],
+    check: (version) => {
+      const majorMatch = version.match(/(\d+)/);
+      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      if (major < 4) {
+        return {
+          issue: "zod-to-json-schema v3 may not fully support Zod v4 schemas.",
+          suggestion: "Upgrade to zod-to-json-schema v4+ for full Zod v4 support.",
+          severity: "warning",
+          upgradeCommand: "npm install zod-to-json-schema@latest"
+        };
+      }
+      return null;
+    }
+  },
+  {
+    package: "react-hook-form",
+    category: "form",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "React Hook Form with zodResolver may throw uncaught ZodError instead of populating formState.errors with Zod v4.",
+      suggestion: "Upgrade @hookform/resolvers to the latest version and test form validation thoroughly.",
+      severity: "warning",
+      upgradeCommand: "npm install @hookform/resolvers@latest react-hook-form@latest"
     })
   }
 ];
@@ -486,13 +1007,13 @@ var EcosystemAnalyzer = class {
     const dependencies = [];
     const warnings = [];
     const blockers = [];
-    const pkgPath = join(projectPath, "package.json");
-    if (!existsSync(pkgPath)) {
+    const pkgPath = join2(projectPath, "package.json");
+    if (!existsSync2(pkgPath)) {
       return { dependencies, warnings, blockers };
     }
     let allDeps = {};
     try {
-      const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+      const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
       allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
     } catch {
       return { dependencies, warnings, blockers };
@@ -510,7 +1031,8 @@ var EcosystemAnalyzer = class {
         issue: result.issue,
         suggestion: result.suggestion,
         severity: result.severity,
-        category: rule.category
+        category: rule.category,
+        ...result.upgradeCommand ? { upgradeCommand: result.upgradeCommand } : {}
       };
       dependencies.push(issue);
       if (result.severity === "error") {
@@ -521,6 +1043,20 @@ var EcosystemAnalyzer = class {
     }
     return { dependencies, warnings, blockers };
   }
+  /**
+   * Returns a list of npm install commands needed to resolve ecosystem issues.
+   */
+  getUpgradeCommands(report) {
+    const commands = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const dep of report.dependencies) {
+      if (dep.upgradeCommand && !seen.has(dep.upgradeCommand)) {
+        seen.add(dep.upgradeCommand);
+        commands.push(dep.upgradeCommand);
+      }
+    }
+    return commands;
+  }
 };
 
 // src/compatibility.ts
@@ -598,10 +1134,10 @@ var CompatibilityAnalyzer = class {
   ecosystemAnalyzer = new EcosystemAnalyzer();
   detectVersions(projectPath) {
     const versions = [];
-    const pkgPath = join2(projectPath, "package.json");
-    if (!existsSync2(pkgPath)) return versions;
+    const pkgPath = join3(projectPath, "package.json");
+    if (!existsSync3(pkgPath)) return versions;
     try {
-      const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
+      const pkg = JSON.parse(readFileSync3(pkgPath, "utf-8"));
       const knownLibs = ["zod", "yup", "joi", "io-ts", "valibot"];
       const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
       for (const lib of knownLibs) {
@@ -648,6 +1184,120 @@ var CompatibilityAnalyzer = class {
   }
 };
 
+// src/complexity-estimator.ts
+var SCHEMA_FACTORY_PATTERN = /z\.(object|string|number|boolean|array|enum|union|discriminatedUnion|intersection|lazy|tuple|record|literal|nativeEnum|any|unknown|void|null|undefined|never|date|bigint|symbol|function|promise|map|set|custom|preprocess|pipeline|brand|coerce)\s*\(/g;
+var ADVANCED_PATTERNS = [
+  [/z\.discriminatedUnion\s*\(/g, "discriminatedUnion"],
+  [/z\.intersection\s*\(/g, "intersection"],
+  [/z\.lazy\s*\(/g, "recursive"],
+  [/\.brand\s*[<(]/g, "branded"],
+  [/\.superRefine\s*\(/g, "superRefine"],
+  [/\.transform\s*\(/g, "transform"],
+  [/\.pipe\s*\(/g, "pipe"],
+  [/\.refine\s*\(/g, "refine"]
+];
+function countMatches(text, pattern) {
+  pattern.lastIndex = 0;
+  let count = 0;
+  while (pattern.exec(text)) count++;
+  return count;
+}
+function getMaxChainDepth(text) {
+  let maxDepth = 0;
+  const lines = text.split("\n");
+  for (const line of lines) {
+    const dotCalls = line.match(/\.\w+\s*\(/g);
+    if (dotCalls && dotCalls.length > maxDepth) {
+      maxDepth = dotCalls.length;
+    }
+  }
+  return maxDepth;
+}
+var ComplexityEstimator = class {
+  estimate(files) {
+    const fileResults = [];
+    const warnings = [];
+    const riskAreas = [];
+    let totalSchemas = 0;
+    let advancedPatternCount = 0;
+    let hasDeepDiscriminatedUnions = false;
+    for (const file of files) {
+      const text = file.getFullText();
+      const filePath = file.getFilePath();
+      const lineCount = file.getEndLineNumber();
+      const schemaCount = countMatches(text, new RegExp(SCHEMA_FACTORY_PATTERN.source, "g"));
+      totalSchemas += schemaCount;
+      const advancedPatterns = [];
+      for (const [pattern, name] of ADVANCED_PATTERNS) {
+        const count = countMatches(text, new RegExp(pattern.source, "g"));
+        if (count > 0) {
+          advancedPatterns.push(name);
+          advancedPatternCount += count;
+        }
+      }
+      const chainDepth = getMaxChainDepth(text);
+      fileResults.push({ filePath, schemaCount, advancedPatterns, chainDepth, lineCount });
+      if (lineCount > 500) {
+        warnings.push({
+          file: filePath,
+          message: `Large file (${lineCount} lines) may be difficult to migrate in one pass`,
+          severity: "warning"
+        });
+      }
+      if (schemaCount > 50) {
+        warnings.push({
+          file: filePath,
+          message: `High schema density (${schemaCount} schemas) \u2014 consider splitting before migration`,
+          severity: "warning"
+        });
+      }
+      if (chainDepth > 20) {
+        warnings.push({
+          file: filePath,
+          message: `Long method chain (${chainDepth} calls) \u2014 higher transformation risk`,
+          severity: "warning"
+        });
+      }
+      const duCount = countMatches(text, /z\.discriminatedUnion\s*\(/g);
+      if (duCount > 10) {
+        hasDeepDiscriminatedUnions = true;
+        warnings.push({
+          file: filePath,
+          message: `${duCount} discriminated unions \u2014 TypeScript TS2589 performance risk in Zod v4`,
+          severity: "error"
+        });
+      }
+      if (advancedPatterns.includes("recursive")) {
+        riskAreas.push(`Recursive schemas in ${filePath}`);
+      }
+      if (advancedPatterns.includes("branded")) {
+        riskAreas.push(`Branded types in ${filePath}`);
+      }
+    }
+    const effort = this.calculateEffort(
+      totalSchemas,
+      advancedPatternCount,
+      hasDeepDiscriminatedUnions
+    );
+    return {
+      effort,
+      totalSchemas,
+      totalFiles: files.length,
+      advancedPatternCount,
+      files: fileResults,
+      warnings,
+      riskAreas
+    };
+  }
+  calculateEffort(totalSchemas, advancedCount, hasDeepDU) {
+    if (totalSchemas >= 500 && hasDeepDU) return "extreme";
+    if (totalSchemas >= 200 || advancedCount >= 20) return "high";
+    if (totalSchemas >= 50 || advancedCount >= 5) return "moderate";
+    if (totalSchemas >= 10) return "low";
+    return "trivial";
+  }
+};
+
 // src/config.ts
 import { cosmiconfig } from "cosmiconfig";
 function validateConfig(config) {
@@ -709,6 +1359,8 @@ async function loadConfig(configPath) {
 }
 
 // src/dependency-graph.ts
+import { existsSync as existsSync4, readdirSync, readFileSync as readFileSync4 } from "fs";
+import { join as join4, resolve } from "path";
 var SchemaDependencyResolver = class {
   resolve(project, filePaths) {
     const fileSet = new Set(filePaths);
@@ -794,10 +1446,214 @@ var SchemaDependencyResolver = class {
     return parts.slice(-2).join("/");
   }
 };
+var SCHEMA_PACKAGES = /* @__PURE__ */ new Set(["zod", "yup", "joi", "io-ts", "valibot", "@effect/schema"]);
+function computeParallelBatches(packages, suggestedOrder) {
+  const nameSet = new Set(packages.map((p) => p.name));
+  const depMap = /* @__PURE__ */ new Map();
+  for (const pkg of packages) {
+    depMap.set(pkg.name, new Set(pkg.dependencies.filter((d) => nameSet.has(d))));
+  }
+  const depths = /* @__PURE__ */ new Map();
+  const getDepth = (name, visited) => {
+    const cached = depths.get(name);
+    if (cached !== void 0) return cached;
+    if (visited.has(name)) return 0;
+    visited.add(name);
+    const deps = depMap.get(name) ?? /* @__PURE__ */ new Set();
+    let maxDepth = 0;
+    for (const dep of deps) {
+      maxDepth = Math.max(maxDepth, getDepth(dep, visited) + 1);
+    }
+    depths.set(name, maxDepth);
+    return maxDepth;
+  };
+  for (const name of suggestedOrder) {
+    getDepth(name, /* @__PURE__ */ new Set());
+  }
+  const batchMap = /* @__PURE__ */ new Map();
+  for (const name of suggestedOrder) {
+    const depth = depths.get(name) ?? 0;
+    const batch = batchMap.get(depth) ?? [];
+    batch.push(name);
+    batchMap.set(depth, batch);
+  }
+  const batches = [];
+  const sortedDepths = [...batchMap.keys()].sort((a, b) => a - b);
+  for (const depth of sortedDepths) {
+    const pkgs = batchMap.get(depth);
+    if (pkgs) batches.push({ index: batches.length, packages: pkgs });
+  }
+  return batches;
+}
+var MonorepoResolver = class {
+  detect(projectPath) {
+    const pkgPath = join4(projectPath, "package.json");
+    if (existsSync4(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        if (pkg.workspaces) return true;
+      } catch {
+      }
+    }
+    if (existsSync4(join4(projectPath, "pnpm-workspace.yaml"))) return true;
+    return false;
+  }
+  /**
+   * Detect which workspace manager is being used.
+   */
+  detectManager(projectPath) {
+    if (existsSync4(join4(projectPath, "pnpm-workspace.yaml"))) return "pnpm";
+    const pkgPath = join4(projectPath, "package.json");
+    if (existsSync4(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        if (pkg.packageManager?.startsWith("yarn")) return "yarn";
+        if (pkg.packageManager?.startsWith("pnpm")) return "pnpm";
+      } catch {
+      }
+    }
+    if (existsSync4(join4(projectPath, "pnpm-lock.yaml"))) return "pnpm";
+    if (existsSync4(join4(projectPath, "yarn.lock"))) return "yarn";
+    return "npm";
+  }
+  analyze(projectPath) {
+    const pkgPath = join4(projectPath, "package.json");
+    if (!existsSync4(pkgPath)) {
+      return { isMonorepo: false, packages: [], suggestedOrder: [] };
+    }
+    let workspaceGlobs;
+    try {
+      workspaceGlobs = this.resolveWorkspaceGlobs(projectPath);
+      if (workspaceGlobs.length === 0) {
+        return { isMonorepo: false, packages: [], suggestedOrder: [] };
+      }
+    } catch {
+      return { isMonorepo: false, packages: [], suggestedOrder: [] };
+    }
+    const packages = [];
+    const resolvedDirs = this.resolveWorkspaceDirs(projectPath, workspaceGlobs);
+    for (const dir of resolvedDirs) {
+      const wsPkgPath = join4(dir, "package.json");
+      if (!existsSync4(wsPkgPath)) continue;
+      try {
+        const wsPkg = JSON.parse(readFileSync4(wsPkgPath, "utf-8"));
+        if (!wsPkg.name) continue;
+        const allDeps = { ...wsPkg.dependencies, ...wsPkg.devDependencies };
+        const depNames = Object.keys(allDeps);
+        const schemaLibrary = depNames.find((d) => SCHEMA_PACKAGES.has(d));
+        packages.push({
+          name: wsPkg.name,
+          path: dir,
+          schemaLibrary,
+          dependencies: depNames
+        });
+      } catch {
+      }
+    }
+    const suggestedOrder = this.suggestOrder(packages);
+    return { isMonorepo: true, packages, suggestedOrder };
+  }
+  suggestOrder(packages) {
+    const nameSet = new Set(packages.map((p) => p.name));
+    const depMap = /* @__PURE__ */ new Map();
+    for (const pkg of packages) {
+      const internalDeps = pkg.dependencies.filter((d) => nameSet.has(d));
+      depMap.set(pkg.name, internalDeps);
+    }
+    const visited = /* @__PURE__ */ new Set();
+    const sorted = [];
+    const visit = (name) => {
+      if (visited.has(name)) return;
+      visited.add(name);
+      for (const dep of depMap.get(name) ?? []) {
+        visit(dep);
+      }
+      sorted.push(name);
+    };
+    for (const pkg of packages) {
+      visit(pkg.name);
+    }
+    return sorted;
+  }
+  /**
+   * Resolve workspace glob patterns from any supported format.
+   * Supports: npm/yarn workspaces (package.json), pnpm-workspace.yaml
+   */
+  resolveWorkspaceGlobs(projectPath) {
+    const pnpmPath = join4(projectPath, "pnpm-workspace.yaml");
+    if (existsSync4(pnpmPath)) {
+      return this.parsePnpmWorkspace(pnpmPath);
+    }
+    const pkgPath = join4(projectPath, "package.json");
+    if (existsSync4(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        if (pkg.workspaces) {
+          return Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces.packages;
+        }
+      } catch {
+      }
+    }
+    return [];
+  }
+  /**
+   * Parse pnpm-workspace.yaml to extract workspace package globs.
+   * Simple YAML parsing for the common format:
+   * ```
+   * packages:
+   *   - 'packages/*'
+   *   - 'apps/*'
+   * ```
+   */
+  parsePnpmWorkspace(filePath) {
+    const content = readFileSync4(filePath, "utf-8");
+    const globs = [];
+    let inPackages = false;
+    for (const line of content.split("\n")) {
+      const trimmed = line.trim();
+      if (trimmed === "packages:") {
+        inPackages = true;
+        continue;
+      }
+      if (inPackages && /^\w/.test(trimmed) && !trimmed.startsWith("-")) {
+        break;
+      }
+      if (inPackages && trimmed.startsWith("-")) {
+        const pattern = trimmed.replace(/^-\s*/, "").replace(/^['"]|['"]$/g, "");
+        if (pattern) {
+          globs.push(pattern);
+        }
+      }
+    }
+    return globs;
+  }
+  resolveWorkspaceDirs(projectPath, globs) {
+    const dirs = [];
+    for (const glob of globs) {
+      const clean = glob.replace(/\/?\*$/, "");
+      const base = resolve(projectPath, clean);
+      if (!existsSync4(base)) continue;
+      if (glob.endsWith("*")) {
+        try {
+          const entries = readdirSync(base, { withFileTypes: true });
+          for (const entry of entries) {
+            if (entry.isDirectory()) {
+              dirs.push(join4(base, entry.name));
+            }
+          }
+        } catch {
+        }
+      } else {
+        dirs.push(base);
+      }
+    }
+    return dirs;
+  }
+};
 
 // src/detailed-analyzer.ts
-import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
-import { join as join3 } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
+import { join as join5 } from "path";
 var COMPLEXITY_CHAIN_WEIGHT = 2;
 var COMPLEXITY_DEPTH_WEIGHT = 3;
 var COMPLEXITY_VALIDATION_WEIGHT = 1;
@@ -862,10 +1718,10 @@ var DetailedAnalyzer = class {
   }
   detectLibraryVersions(projectPath) {
     const versions = [];
-    const pkgPath = join3(projectPath, "package.json");
-    if (!existsSync3(pkgPath)) return versions;
+    const pkgPath = join5(projectPath, "package.json");
+    if (!existsSync5(pkgPath)) return versions;
     try {
-      const pkg = JSON.parse(readFileSync3(pkgPath, "utf-8"));
+      const pkg = JSON.parse(readFileSync5(pkgPath, "utf-8"));
       const knownLibs = ["zod", "yup", "joi", "io-ts", "valibot"];
       const allDeps = {
         ...pkg.dependencies,
@@ -1038,9 +1894,94 @@ var DetailedAnalyzer = class {
   }
 };
 
+// src/form-resolver-migrator.ts
+var RESOLVER_MAPPINGS = {
+  "yup->zod": [
+    {
+      fromImport: "@hookform/resolvers/yup",
+      toImport: "@hookform/resolvers/zod",
+      fromResolver: "yupResolver",
+      toResolver: "zodResolver"
+    }
+  ],
+  "joi->zod": [
+    {
+      fromImport: "@hookform/resolvers/joi",
+      toImport: "@hookform/resolvers/zod",
+      fromResolver: "joiResolver",
+      toResolver: "zodResolver"
+    }
+  ],
+  "zod->valibot": [
+    {
+      fromImport: "@hookform/resolvers/zod",
+      toImport: "@hookform/resolvers/valibot",
+      fromResolver: "zodResolver",
+      toResolver: "valibotResolver"
+    }
+  ]
+};
+var TODO_PATTERNS = [
+  {
+    pattern: /from\s+['"]formik['"]/,
+    comment: "/* TODO(schemashift): Formik is unmaintained. Consider migrating to React Hook Form with zodResolver */"
+  },
+  {
+    pattern: /from\s+['"]@mantine\/form['"]/,
+    comment: "/* TODO(schemashift): Update @mantine/form to use Zod schema adapter */"
+  }
+];
+var FormResolverMigrator = class {
+  migrate(sourceFile, from, to) {
+    const migration = `${from}->${to}`;
+    let code = sourceFile.getFullText();
+    const changes = [];
+    const warnings = [];
+    const mappings = RESOLVER_MAPPINGS[migration];
+    if (mappings) {
+      for (const mapping of mappings) {
+        if (code.includes(mapping.fromImport)) {
+          code = code.replaceAll(mapping.fromImport, mapping.toImport);
+          code = code.replaceAll(mapping.fromResolver, mapping.toResolver);
+          changes.push(
+            `Replaced ${mapping.fromResolver} import from '${mapping.fromImport}' with ${mapping.toResolver} from '${mapping.toImport}'`
+          );
+        }
+      }
+    }
+    const lines = code.split("\n");
+    const insertions = [];
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i] ?? "";
+      for (const { pattern, comment } of TODO_PATTERNS) {
+        if (pattern.test(line) && !code.includes(comment)) {
+          insertions.push({ index: i, comment });
+          warnings.push(comment.replace(/\/\*\s*|\s*\*\//g, "").trim());
+        }
+      }
+    }
+    for (let i = insertions.length - 1; i >= 0; i--) {
+      const insertion = insertions[i];
+      if (!insertion) continue;
+      lines.splice(insertion.index, 0, insertion.comment);
+      changes.push(`Added TODO comment for ${lines[insertion.index + 1]?.trim()}`);
+    }
+    if (insertions.length > 0) {
+      code = lines.join("\n");
+    }
+    return {
+      success: true,
+      transformedCode: code,
+      changes,
+      warnings
+    };
+  }
+};
+
 // src/governance.ts
 var GovernanceEngine = class {
   rules = /* @__PURE__ */ new Map();
+  customRuleFunctions = /* @__PURE__ */ new Map();
   configure(rules) {
     this.rules.clear();
     for (const [name, config] of Object.entries(rules)) {
@@ -1049,6 +1990,13 @@ var GovernanceEngine = class {
       }
     }
   }
+  /**
+   * Register a custom governance rule function.
+   * Custom rules are executed per-file alongside built-in rules.
+   */
+  registerRule(name, fn) {
+    this.customRuleFunctions.set(name, fn);
+  }
   analyze(project) {
     const violations = [];
     let schemasChecked = 0;
@@ -1124,6 +2072,104 @@ var GovernanceEngine = class {
             });
           }
         }
+        if (this.rules.has("require-safeParse")) {
+          if (text.includes(".parse(") && !text.includes(".safeParse(")) {
+            violations.push({
+              rule: "require-safeParse",
+              message: `Schema "${schemaName}" uses .parse() \u2014 prefer .safeParse() for safer error handling`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+        if (this.rules.has("require-description")) {
+          if (!text.includes(".describe(")) {
+            violations.push({
+              rule: "require-description",
+              message: `Schema "${schemaName}" missing .describe() \u2014 add a description for documentation`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+        if (this.rules.has("no-coerce-in-api")) {
+          if (/\.coerce\./.test(text)) {
+            violations.push({
+              rule: "no-coerce-in-api",
+              message: `Schema "${schemaName}" uses z.coerce.* \u2014 coercion in API validation is a security risk`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "error",
+              fixable: false
+            });
+          }
+        }
+        if (this.rules.has("require-max-length")) {
+          if (text.includes(".string()") && !text.includes(".max(") && !text.includes(".length(")) {
+            violations.push({
+              rule: "require-max-length",
+              message: `Schema "${schemaName}" has string without max length \u2014 required for DoS prevention`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "error",
+              fixable: true
+            });
+          }
+        }
+        if (this.rules.has("max-nesting-depth")) {
+          const config = this.rules.get("max-nesting-depth") ?? {};
+          const maxDepth = config.threshold ?? 5;
+          const depth = this.measureNestingDepth(text);
+          if (depth > maxDepth) {
+            violations.push({
+              rule: "max-nesting-depth",
+              message: `Schema "${schemaName}" nesting depth (${depth}) exceeds limit (${maxDepth})`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "warning",
+              fixable: false
+            });
+          }
+        }
+      }
+    }
+    for (const sourceFile of project.getSourceFiles()) {
+      const library = this.detectFileLibrary(sourceFile);
+      if (library === "unknown") continue;
+      const filePath = sourceFile.getFilePath();
+      const text = sourceFile.getFullText();
+      if (this.rules.has("no-dynamic-schemas")) {
+        const dynamicPatterns = this.detectDynamicSchemas(text, library);
+        for (const lineNumber of dynamicPatterns) {
+          violations.push({
+            rule: "no-dynamic-schemas",
+            message: "Schema created inside function body \u2014 move to module level for performance",
+            filePath,
+            lineNumber,
+            schemaName: "(dynamic)",
+            severity: "warning",
+            fixable: false
+          });
+        }
+      }
+    }
+    for (const [ruleName, ruleFn] of this.customRuleFunctions) {
+      const config = this.rules.get(ruleName);
+      if (!config) continue;
+      for (const sourceFile of project.getSourceFiles()) {
+        const library = this.detectFileLibrary(sourceFile);
+        if (library === "unknown") continue;
+        const ruleViolations = ruleFn(sourceFile, config);
+        violations.push(...ruleViolations);
       }
     }
     return {
@@ -1140,6 +2186,57 @@ var GovernanceEngine = class {
     }
     return "unknown";
   }
+  measureNestingDepth(text) {
+    let maxDepth = 0;
+    let current = 0;
+    for (const char of text) {
+      if (char === "(") {
+        current++;
+        if (current > maxDepth) maxDepth = current;
+      } else if (char === ")") {
+        current--;
+      }
+    }
+    return maxDepth;
+  }
+  detectDynamicSchemas(text, library) {
+    const lineNumbers = [];
+    const prefix = this.getSchemaPrefix(library);
+    if (!prefix) return lineNumbers;
+    const lines = text.split("\n");
+    let insideFunction = 0;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i] ?? "";
+      const opens = (line.match(/\{/g) || []).length;
+      const closes = (line.match(/\}/g) || []).length;
+      if (/(?:function\s+\w+|=>)\s*\{/.test(line)) {
+        insideFunction += opens;
+        insideFunction -= closes;
+        continue;
+      }
+      insideFunction += opens - closes;
+      if (insideFunction > 0 && line.includes(prefix)) {
+        lineNumbers.push(i + 1);
+      }
+    }
+    return lineNumbers;
+  }
+  getSchemaPrefix(library) {
+    switch (library) {
+      case "zod":
+        return "z.";
+      case "yup":
+        return "yup.";
+      case "joi":
+        return "Joi.";
+      case "io-ts":
+        return "t.";
+      case "valibot":
+        return "v.";
+      default:
+        return null;
+    }
+  }
   isSchemaExpression(text, library) {
     switch (library) {
       case "zod":
@@ -1159,16 +2256,16 @@ var GovernanceEngine = class {
 };
 
 // src/incremental.ts
-import { existsSync as existsSync4, mkdirSync, readFileSync as readFileSync4, writeFileSync } from "fs";
-import { join as join4 } from "path";
+import { existsSync as existsSync6, mkdirSync as mkdirSync2, readFileSync as readFileSync6, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
+import { join as join6 } from "path";
 var STATE_DIR = ".schemashift";
 var STATE_FILE = "incremental.json";
 var IncrementalTracker = class {
   stateDir;
   statePath;
   constructor(projectPath) {
-    this.stateDir = join4(projectPath, STATE_DIR);
-    this.statePath = join4(this.stateDir, STATE_FILE);
+    this.stateDir = join6(projectPath, STATE_DIR);
+    this.statePath = join6(this.stateDir, STATE_FILE);
   }
   start(files, from, to) {
     const state = {
@@ -1203,9 +2300,9 @@ var IncrementalTracker = class {
     this.saveState(state);
   }
   getState() {
-    if (!existsSync4(this.statePath)) return null;
+    if (!existsSync6(this.statePath)) return null;
     try {
-      return JSON.parse(readFileSync4(this.statePath, "utf-8"));
+      return JSON.parse(readFileSync6(this.statePath, "utf-8"));
     } catch {
       return null;
     }
@@ -1232,21 +2329,21 @@ var IncrementalTracker = class {
     };
   }
   clear() {
-    if (existsSync4(this.statePath)) {
-      writeFileSync(this.statePath, "");
+    if (existsSync6(this.statePath)) {
+      unlinkSync(this.statePath);
     }
   }
   saveState(state) {
-    if (!existsSync4(this.stateDir)) {
-      mkdirSync(this.stateDir, { recursive: true });
+    if (!existsSync6(this.stateDir)) {
+      mkdirSync2(this.stateDir, { recursive: true });
     }
-    writeFileSync(this.statePath, JSON.stringify(state, null, 2));
+    writeFileSync2(this.statePath, JSON.stringify(state, null, 2));
   }
 };
 
 // src/package-updater.ts
-import { existsSync as existsSync5, readFileSync as readFileSync5, writeFileSync as writeFileSync2 } from "fs";
-import { join as join5 } from "path";
+import { existsSync as existsSync7, readFileSync as readFileSync7, writeFileSync as writeFileSync3 } from "fs";
+import { join as join7 } from "path";
 var TARGET_VERSIONS = {
   "yup->zod": { zod: "^3.24.0" },
   "joi->zod": { zod: "^3.24.0" },
@@ -1267,14 +2364,14 @@ var PackageUpdater = class {
     const add = {};
     const remove = [];
     const warnings = [];
-    const pkgPath = join5(projectPath, "package.json");
-    if (!existsSync5(pkgPath)) {
+    const pkgPath = join7(projectPath, "package.json");
+    if (!existsSync7(pkgPath)) {
       warnings.push("No package.json found. Cannot plan dependency updates.");
       return { add, remove, warnings };
     }
     let pkg;
     try {
-      pkg = JSON.parse(readFileSync5(pkgPath, "utf-8"));
+      pkg = JSON.parse(readFileSync7(pkgPath, "utf-8"));
     } catch {
       warnings.push("Could not parse package.json.");
       return { add, remove, warnings };
@@ -1304,9 +2401,9 @@ var PackageUpdater = class {
     return { add, remove, warnings };
   }
   apply(projectPath, plan) {
-    const pkgPath = join5(projectPath, "package.json");
-    if (!existsSync5(pkgPath)) return;
-    const pkgText = readFileSync5(pkgPath, "utf-8");
+    const pkgPath = join7(projectPath, "package.json");
+    if (!existsSync7(pkgPath)) return;
+    const pkgText = readFileSync7(pkgPath, "utf-8");
     const pkg = JSON.parse(pkgText);
     if (!pkg.dependencies) pkg.dependencies = {};
     for (const [name, version] of Object.entries(plan.add)) {
@@ -1316,11 +2413,133 @@ var PackageUpdater = class {
         pkg.dependencies[name] = version;
       }
     }
-    writeFileSync2(pkgPath, `${JSON.stringify(pkg, null, 2)}
+    writeFileSync3(pkgPath, `${JSON.stringify(pkg, null, 2)}
 `);
   }
 };
 
+// src/performance-analyzer.ts
+var PerformanceAnalyzer = class {
+  analyze(sourceFiles, from, to) {
+    const warnings = [];
+    let parseCallSites = 0;
+    let dynamicSchemaCount = 0;
+    for (const file of sourceFiles) {
+      const text = file.getFullText();
+      const filePath = file.getFilePath();
+      const parseMatches = text.match(/\.(parse|safeParse)\s*\(/g);
+      if (parseMatches) {
+        parseCallSites += parseMatches.length;
+      }
+      const dynamicResult = this.detectDynamicSchemas(text, filePath);
+      dynamicSchemaCount += dynamicResult.count;
+      warnings.push(...dynamicResult.warnings);
+      this.addMigrationWarnings(text, filePath, from, to, warnings);
+    }
+    const recommendation = this.getRecommendation(from, to, parseCallSites, dynamicSchemaCount);
+    const summary = this.generateSummary(warnings, parseCallSites, dynamicSchemaCount);
+    return {
+      warnings,
+      parseCallSites,
+      dynamicSchemaCount,
+      recommendation,
+      summary
+    };
+  }
+  detectDynamicSchemas(text, filePath) {
+    const warnings = [];
+    let count = 0;
+    const functionBodyPattern = /(?:function\s+\w+\s*\([^)]*\)|const\s+\w+\s*=\s*(?:async\s+)?(?:\([^)]*\)|[a-zA-Z_]\w*)\s*=>)\s*\{[^}]*(?:z\.|yup\.|Joi\.|v\.)\w+\s*\(/g;
+    for (const match of text.matchAll(functionBodyPattern)) {
+      count++;
+      const lineNumber = text.substring(0, match.index).split("\n").length;
+      warnings.push({
+        category: "dynamic-schemas",
+        message: "Schema created inside function body \u2014 may cause performance issues with Zod v4.",
+        detail: "Zod v4 uses JIT compilation, making schema creation ~17x slower than v3. Move schema definitions to module level to avoid re-creation on every call.",
+        filePath,
+        lineNumber,
+        severity: "warning"
+      });
+    }
+    const reactComponentPattern = /(?:function\s+[A-Z]\w*\s*\([^)]*\)|const\s+[A-Z]\w*\s*[:=])[^{]*\{[^}]*(?:z\.|yup\.|Joi\.)\w+\s*\(/g;
+    for (const match of text.matchAll(reactComponentPattern)) {
+      count++;
+      const lineNumber = text.substring(0, match.index).split("\n").length;
+      warnings.push({
+        category: "schema-creation",
+        message: "Schema appears to be created inside a React component.",
+        detail: "Schemas created inside React components are re-created on every render. Move schema definitions outside the component or wrap in useMemo(). This is especially important for Zod v4 due to JIT compilation overhead.",
+        filePath,
+        lineNumber,
+        severity: "warning"
+      });
+    }
+    return { count, warnings };
+  }
+  addMigrationWarnings(text, filePath, from, to, warnings) {
+    const migration = `${from}->${to}`;
+    if (migration === "zod-v3->v4") {
+      if (/edge-runtime|@vercel\/edge|cloudflare.*workers|deno\.serve|Deno\.serve/i.test(text) || /export\s+const\s+runtime\s*=\s*['"]edge['"]/i.test(text)) {
+        warnings.push({
+          category: "cold-start",
+          message: "Edge/serverless environment detected \u2014 Zod v4 JIT compilation increases cold start time.",
+          detail: "Zod v4 JIT trades slower schema creation for faster repeated parsing. In serverless/edge environments with short-lived instances, the JIT cost may not amortize. Consider Valibot or staying on Zod v3 for cold-start-sensitive code.",
+          filePath,
+          severity: "warning"
+        });
+      }
+      const parseCount = (text.match(/\.parse\s*\(/g) || []).length;
+      if (parseCount > 10) {
+        warnings.push({
+          category: "repeated-parsing",
+          message: `High parse() usage (${parseCount} call sites) \u2014 Zod v4 JIT will benefit here.`,
+          detail: "Zod v4 JIT compilation makes repeated parsing ~8x faster. This file has many parse() calls and will see performance improvement.",
+          filePath,
+          severity: "info"
+        });
+      }
+    }
+    if (migration === "zod->valibot" && /\.parse\s*\(/.test(text)) {
+      warnings.push({
+        category: "repeated-parsing",
+        message: "Valibot parsing performance is comparable to Zod v4 for most schemas.",
+        detail: "Valibot v1+ offers similar runtime performance to Zod v4 with significantly smaller bundle size. No JIT overhead means consistent performance across all environments.",
+        filePath,
+        severity: "info"
+      });
+    }
+  }
+  getRecommendation(from, to, parseCallSites, dynamicSchemaCount) {
+    const migration = `${from}->${to}`;
+    if (migration === "zod-v3->v4") {
+      if (dynamicSchemaCount > 5) {
+        return "Many dynamic schemas detected. Zod v4 JIT makes schema creation 17x slower. Move schemas to module level before migrating, or consider Valibot for size-sensitive apps.";
+      }
+      if (parseCallSites > 50) {
+        return "High parse() volume detected. Zod v4 JIT will significantly benefit repeated parsing (up to 8x faster). Migration recommended for performance.";
+      }
+      return "Moderate usage detected. Zod v4 trades slower startup for faster runtime parsing.";
+    }
+    if (migration === "zod->valibot") {
+      return "Valibot offers similar runtime performance with significantly smaller bundle size. Best suited for bundle-size-sensitive applications.";
+    }
+    if (from === "yup" || from === "joi") {
+      return `Migrating from ${from} to ${to} should have neutral or positive performance impact.`;
+    }
+    return "Performance impact depends on usage patterns. Review warnings for details.";
+  }
+  generateSummary(warnings, parseCallSites, dynamicSchemaCount) {
+    const parts = [];
+    parts.push(`${parseCallSites} parse/safeParse call sites`);
+    if (dynamicSchemaCount > 0) {
+      parts.push(`${dynamicSchemaCount} dynamic schema creation sites`);
+    }
+    parts.push(`${warnings.length} performance warning(s)`);
+    return parts.join(", ");
+  }
+};
+
 // src/plugin-loader.ts
 var PluginLoader = class {
   async loadPlugins(pluginPaths) {
@@ -1366,8 +2585,8 @@ var PluginLoader = class {
 };
 
 // src/standard-schema.ts
-import { existsSync as existsSync6, readFileSync as readFileSync6 } from "fs";
-import { join as join6 } from "path";
+import { existsSync as existsSync8, readFileSync as readFileSync8 } from "fs";
+import { join as join8 } from "path";
 var STANDARD_SCHEMA_LIBRARIES = {
   zod: { minMajor: 3, minMinor: 23 },
   // Zod v3.23+ and v4+
@@ -1396,16 +2615,16 @@ function isVersionCompatible(version, minMajor, minMinor) {
   return false;
 }
 function detectStandardSchema(projectPath) {
-  const pkgPath = join6(projectPath, "package.json");
-  if (!existsSync6(pkgPath)) {
-    return { detected: false, compatibleLibraries: [], recommendation: "" };
+  const pkgPath = join8(projectPath, "package.json");
+  if (!existsSync8(pkgPath)) {
+    return { detected: false, compatibleLibraries: [], recommendation: "", interopTools: [] };
   }
   let allDeps = {};
   try {
-    const pkg = JSON.parse(readFileSync6(pkgPath, "utf-8"));
+    const pkg = JSON.parse(readFileSync8(pkgPath, "utf-8"));
     allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
   } catch {
-    return { detected: false, compatibleLibraries: [], recommendation: "" };
+    return { detected: false, compatibleLibraries: [], recommendation: "", interopTools: [] };
   }
   const hasExplicitStandardSchema = "@standard-schema/spec" in allDeps;
   const compatibleLibraries = [];
@@ -1424,9 +2643,155 @@ function detectStandardSchema(projectPath) {
   } else if (hasExplicitStandardSchema) {
     recommendation = "Standard Schema spec detected. Ensure your validation library supports Standard Schema for maximum interoperability.";
   }
-  return { detected, compatibleLibraries, recommendation };
+  let adoptionPath;
+  if (detected && !hasExplicitStandardSchema) {
+    adoptionPath = "Install @standard-schema/spec for explicit Standard Schema support. This enables library-agnostic validation consumers to accept your schemas without depending on a specific library. Run: npm install @standard-schema/spec";
+  } else if (!detected) {
+    adoptionPath = "Consider migrating to a Standard Schema-compatible library (Zod v3.23+, Valibot v1+, ArkType v2+) to future-proof your validation layer and reduce library lock-in.";
+  }
+  const interopTools = detected ? [
+    "tRPC v11+ (Standard Schema input validation)",
+    "TanStack Form (schema-agnostic validation)",
+    "TanStack Router (route parameter validation)",
+    "Hono (request validation middleware)",
+    "Conform (progressive form validation)",
+    "Nuxt (runtime config validation)"
+  ] : [];
+  return { detected, compatibleLibraries, recommendation, adoptionPath, interopTools };
 }
 
+// src/test-scaffolder.ts
+var TestScaffolder = class {
+  scaffold(sourceFiles, from, to) {
+    const tests = [];
+    let totalSchemas = 0;
+    for (const file of sourceFiles) {
+      const schemas = this.extractSchemaNames(file, from);
+      if (schemas.length === 0) continue;
+      totalSchemas += schemas.length;
+      const testCode = this.generateTestFile(file, schemas, from, to);
+      const filePath = file.getFilePath().replace(/\.tsx?$/, ".migration-test.ts");
+      tests.push({ filePath, testCode, schemaCount: schemas.length });
+    }
+    const summary = tests.length > 0 ? `Generated ${tests.length} test file(s) covering ${totalSchemas} schema(s) for ${from}->${to} migration.` : "No schemas found to generate tests for.";
+    return { tests, totalSchemas, summary };
+  }
+  extractSchemaNames(file, library) {
+    const names = [];
+    const prefixes = this.getLibraryPrefixes(library);
+    for (const varDecl of file.getVariableDeclarations()) {
+      const initializer = varDecl.getInitializer();
+      if (!initializer) continue;
+      const text = initializer.getText();
+      if (prefixes.some((p) => text.startsWith(p))) {
+        names.push(varDecl.getName());
+      }
+    }
+    return names;
+  }
+  getLibraryPrefixes(library) {
+    switch (library) {
+      case "zod":
+      case "zod-v3":
+        return ["z.", "zod."];
+      case "yup":
+        return ["yup.", "Yup."];
+      case "joi":
+        return ["Joi.", "joi."];
+      case "io-ts":
+        return ["t."];
+      case "valibot":
+        return ["v.", "valibot."];
+      default:
+        return ["z."];
+    }
+  }
+  generateTestFile(file, schemaNames, from, to) {
+    const relativePath = file.getFilePath();
+    const schemaImports = schemaNames.join(", ");
+    const parseMethod = this.getParseMethod(to);
+    const errorClass = this.getErrorClass(to);
+    const testCases = schemaNames.map((name) => this.generateSchemaTests(name, to, parseMethod, errorClass)).join("\n\n");
+    return `/**
+ * Migration validation tests for ${from} -> ${to}
+ * Auto-generated by SchemaShift
+ *
+ * These tests verify that schema behavior is preserved after migration.
+ * Run before and after migration to ensure equivalence.
+ *
+ * Source: ${relativePath}
+ */
+import { describe, expect, it } from 'vitest';
+import { ${schemaImports} } from '${relativePath.replace(/\.ts$/, ".js")}';
+
+describe('Migration validation: ${relativePath}', () => {
+${testCases}
+});
+`;
+  }
+  getParseMethod(to) {
+    switch (to) {
+      case "valibot":
+        return "v.safeParse";
+      default:
+        return ".safeParse";
+    }
+  }
+  getErrorClass(to) {
+    switch (to) {
+      case "valibot":
+        return "ValiError";
+      case "zod":
+      case "v4":
+        return "ZodError";
+      default:
+        return "Error";
+    }
+  }
+  generateSchemaTests(schemaName, to, _parseMethod, _errorClass) {
+    if (to === "valibot") {
+      return `  describe('${schemaName}', () => {
+    it('should accept valid data', () => {
+      // TODO(schemashift): Add valid test data for ${schemaName}
+      // const result = v.safeParse(${schemaName}, validData);
+      // expect(result.success).toBe(true);
+    });
+
+    it('should reject invalid data', () => {
+      // TODO(schemashift): Add invalid test data for ${schemaName}
+      // const result = v.safeParse(${schemaName}, invalidData);
+      // expect(result.success).toBe(false);
+    });
+
+    it('should preserve error messages', () => {
+      // TODO(schemashift): Verify custom error messages are preserved
+      // const result = v.safeParse(${schemaName}, invalidData);
+      // expect(result.issues?.[0]?.message).toContain('expected message');
+    });
+  });`;
+    }
+    return `  describe('${schemaName}', () => {
+    it('should accept valid data', () => {
+      // TODO(schemashift): Add valid test data for ${schemaName}
+      // const result = ${schemaName}.safeParse(validData);
+      // expect(result.success).toBe(true);
+    });
+
+    it('should reject invalid data', () => {
+      // TODO(schemashift): Add invalid test data for ${schemaName}
+      // const result = ${schemaName}.safeParse(invalidData);
+      // expect(result.success).toBe(false);
+    });
+
+    it('should preserve error messages', () => {
+      // TODO(schemashift): Verify custom error messages are preserved
+      // const result = ${schemaName}.safeParse(invalidData);
+      // expect(result.error?.issues[0]?.message).toContain('expected message');
+    });
+  });`;
+  }
+};
+
 // src/transform.ts
 var TransformEngine = class {
   handlers = /* @__PURE__ */ new Map();
@@ -1441,9 +2806,10 @@ var TransformEngine = class {
   }
   getSupportedPaths() {
     return Array.from(this.handlers.keys()).map((key) => {
-      const [from, to] = key.split("->");
-      return { from, to };
-    });
+      const parts = key.split("->");
+      if (parts.length !== 2) return null;
+      return { from: parts[0], to: parts[1] };
+    }).filter((entry) => entry !== null);
   }
   transform(sourceFile, from, to, options) {
     const handler = this.getHandler(from, to);
@@ -1459,19 +2825,156 @@ var TransformEngine = class {
     return handler.transform(sourceFile, options);
   }
 };
+
+// src/type-dedup-detector.ts
+import { Node } from "ts-morph";
+var TypeDedupDetector = class {
+  detect(sourceFiles) {
+    const typeDefinitions = this.collectTypeDefinitions(sourceFiles);
+    const schemaDefinitions = this.collectSchemaDefinitions(sourceFiles);
+    const candidates = this.findMatches(typeDefinitions, schemaDefinitions);
+    const summary = candidates.length > 0 ? `Found ${candidates.length} type definition(s) that may duplicate schema shapes. After migration, replace with z.infer<typeof schema>.` : "No duplicate type definitions detected.";
+    return { candidates, summary };
+  }
+  collectTypeDefinitions(sourceFiles) {
+    const types = [];
+    for (const file of sourceFiles) {
+      const filePath = file.getFilePath();
+      for (const iface of file.getInterfaces()) {
+        const fields = iface.getProperties().map((p) => p.getName());
+        if (fields.length > 0) {
+          types.push({
+            name: iface.getName(),
+            fields,
+            filePath,
+            lineNumber: iface.getStartLineNumber()
+          });
+        }
+      }
+      for (const typeAlias of file.getTypeAliases()) {
+        const typeNode = typeAlias.getTypeNode();
+        if (!typeNode) continue;
+        if (Node.isTypeLiteral(typeNode)) {
+          const fields = typeNode.getProperties().map((p) => p.getName());
+          if (fields.length > 0) {
+            types.push({
+              name: typeAlias.getName(),
+              fields,
+              filePath,
+              lineNumber: typeAlias.getStartLineNumber()
+            });
+          }
+        }
+      }
+    }
+    return types;
+  }
+  collectSchemaDefinitions(sourceFiles) {
+    const schemas = [];
+    for (const file of sourceFiles) {
+      const filePath = file.getFilePath();
+      for (const varDecl of file.getVariableDeclarations()) {
+        const initializer = varDecl.getInitializer();
+        if (!initializer) continue;
+        const text = initializer.getText();
+        const isSchema = /(?:z|zod|yup|Yup|Joi|joi|t|v|valibot)\.object\s*\(/.test(text) || /Joi\.object\s*\(/.test(text);
+        if (!isSchema) continue;
+        const fields = this.extractSchemaFields(text);
+        if (fields.length > 0) {
+          schemas.push({
+            name: varDecl.getName(),
+            fields,
+            filePath,
+            lineNumber: varDecl.getStartLineNumber()
+          });
+        }
+      }
+    }
+    return schemas;
+  }
+  extractSchemaFields(text) {
+    const fields = [];
+    const fieldPattern = /\b(\w+)\s*:\s*(?:z|zod|yup|Yup|Joi|joi|t|v|valibot)\./g;
+    for (const match of text.matchAll(fieldPattern)) {
+      if (match[1]) {
+        fields.push(match[1]);
+      }
+    }
+    return fields;
+  }
+  findMatches(types, schemas) {
+    const candidates = [];
+    for (const typeDef of types) {
+      for (const schemaDef of schemas) {
+        const matchedFields = this.getMatchedFields(typeDef.fields, schemaDef.fields);
+        if (matchedFields.length < 2) continue;
+        const typeFieldCount = typeDef.fields.length;
+        const schemaFieldCount = schemaDef.fields.length;
+        const matchRatio = matchedFields.length / Math.max(typeFieldCount, schemaFieldCount);
+        let confidence;
+        if (matchRatio >= 0.8) {
+          confidence = "high";
+        } else if (matchRatio >= 0.5) {
+          confidence = "medium";
+        } else {
+          confidence = "low";
+        }
+        if (confidence === "low" && !this.namesRelated(typeDef.name, schemaDef.name)) {
+          continue;
+        }
+        candidates.push({
+          typeName: typeDef.name,
+          typeFilePath: typeDef.filePath,
+          typeLineNumber: typeDef.lineNumber,
+          schemaName: schemaDef.name,
+          schemaFilePath: schemaDef.filePath,
+          schemaLineNumber: schemaDef.lineNumber,
+          matchedFields,
+          confidence,
+          suggestion: `Replace "type/interface ${typeDef.name}" with "type ${typeDef.name} = z.infer<typeof ${schemaDef.name}>" (${matchedFields.length}/${typeFieldCount} fields match).`
+        });
+      }
+    }
+    candidates.sort((a, b) => {
+      const confidenceOrder = { high: 0, medium: 1, low: 2 };
+      const diff = confidenceOrder[a.confidence] - confidenceOrder[b.confidence];
+      if (diff !== 0) return diff;
+      return b.matchedFields.length - a.matchedFields.length;
+    });
+    return candidates;
+  }
+  getMatchedFields(typeFields, schemaFields) {
+    const schemaSet = new Set(schemaFields);
+    return typeFields.filter((f) => schemaSet.has(f));
+  }
+  namesRelated(typeName, schemaName) {
+    const normalize = (name) => name.toLowerCase().replace(/schema|type|interface|i$/gi, "");
+    return normalize(typeName) === normalize(schemaName);
+  }
+};
 export {
+  BehavioralWarningAnalyzer,
+  BundleEstimator,
   CompatibilityAnalyzer,
+  ComplexityEstimator,
   DetailedAnalyzer,
   EcosystemAnalyzer,
+  FormResolverMigrator,
   GovernanceEngine,
   IncrementalTracker,
+  MigrationAuditLog,
   MigrationChain,
+  MonorepoResolver,
   PackageUpdater,
+  PerformanceAnalyzer,
   PluginLoader,
   SchemaAnalyzer,
   SchemaDependencyResolver,
+  TestScaffolder,
   TransformEngine,
+  TypeDedupDetector,
   buildCallChain,
+  computeParallelBatches,
   detectFormLibraries,
   detectSchemaLibrary,
   detectStandardSchema,