npm - @schemashift/core - Versions diffs - 0.8.0 → 0.10.0 - Mend

@schemashift/core 0.8.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -10,6 +10,9 @@ var LIBRARY_PATTERNS = {
   joi: [/^joi$/, /^@hapi\/joi$/],
   "io-ts": [/^io-ts$/, /^io-ts\//],
   valibot: [/^valibot$/],
+  arktype: [/^arktype$/],
+  superstruct: [/^superstruct$/],
+  effect: [/^@effect\/schema$/],
   v4: [],
   // Target version, not detectable from imports
   unknown: []
@@ -264,6 +267,521 @@ function transformMethodChain(chain, newBase, factoryMapper, methodMapper) {
   return buildCallChain(newBase, factory.name, factory.args, mappedMethods);
 }
+// src/audit-log.ts
+import { createHash } from "crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+var AUDIT_DIR = ".schemashift";
+var AUDIT_FILE = "audit-log.json";
+var AUDIT_VERSION = 1;
+var MigrationAuditLog = class {
+  logDir;
+  logPath;
+  constructor(projectPath) {
+    this.logDir = join(projectPath, AUDIT_DIR);
+    this.logPath = join(this.logDir, AUDIT_FILE);
+  }
+  /**
+   * Append a new entry to the audit log.
+   */
+  append(entry) {
+    const log = this.read();
+    log.entries.push(entry);
+    this.write(log);
+  }
+  /**
+   * Create an audit entry for a file transformation.
+   */
+  createEntry(params) {
+    return {
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      migrationId: params.migrationId,
+      filePath: params.filePath,
+      action: "transform",
+      from: params.from,
+      to: params.to,
+      success: params.success,
+      beforeHash: this.hashContent(params.originalCode),
+      afterHash: params.transformedCode ? this.hashContent(params.transformedCode) : void 0,
+      warningCount: params.warningCount,
+      errorCount: params.errorCount,
+      riskScore: params.riskScore,
+      duration: params.duration,
+      user: this.getCurrentUser(),
+      metadata: params.metadata || this.collectMetadata()
+    };
+  }
+  /**
+   * Read the current audit log.
+   */
+  read() {
+    if (!existsSync(this.logPath)) {
+      return { version: AUDIT_VERSION, entries: [] };
+    }
+    try {
+      const content = readFileSync(this.logPath, "utf-8");
+      if (!content.trim()) {
+        return { version: AUDIT_VERSION, entries: [] };
+      }
+      return JSON.parse(content);
+    } catch {
+      return { version: AUDIT_VERSION, entries: [] };
+    }
+  }
+  /**
+   * Get entries for a specific migration.
+   */
+  getByMigration(migrationId) {
+    const log = this.read();
+    return log.entries.filter((e) => e.migrationId === migrationId);
+  }
+  /**
+   * Get summary statistics for the audit log.
+   */
+  getSummary() {
+    const log = this.read();
+    const migrationIds = new Set(log.entries.map((e) => e.migrationId));
+    const migrationPaths = [...new Set(log.entries.map((e) => `${e.from}->${e.to}`))];
+    return {
+      totalMigrations: migrationIds.size,
+      totalFiles: log.entries.length,
+      successCount: log.entries.filter((e) => e.success).length,
+      failureCount: log.entries.filter((e) => !e.success).length,
+      migrationPaths
+    };
+  }
+  /**
+   * Export audit log as JSON string.
+   */
+  exportJson() {
+    const log = this.read();
+    return JSON.stringify(log, null, 2);
+  }
+  /**
+   * Export audit log as CSV string.
+   */
+  exportCsv() {
+    const log = this.read();
+    const headers = [
+      "timestamp",
+      "migrationId",
+      "filePath",
+      "action",
+      "from",
+      "to",
+      "success",
+      "warningCount",
+      "errorCount",
+      "riskScore",
+      "user",
+      "duration"
+    ];
+    const rows = log.entries.map(
+      (e) => headers.map((h) => {
+        const val = e[h];
+        if (val === void 0 || val === null) return "";
+        return String(val).includes(",") ? `"${String(val)}"` : String(val);
+      }).join(",")
+    );
+    return [headers.join(","), ...rows].join("\n");
+  }
+  /**
+   * Get entries filtered by date range.
+   */
+  getByDateRange(start, end) {
+    const log = this.read();
+    return log.entries.filter((e) => {
+      const ts = new Date(e.timestamp);
+      return ts >= start && ts <= end;
+    });
+  }
+  /**
+   * Clear the audit log.
+   */
+  clear() {
+    this.write({ version: AUDIT_VERSION, entries: [] });
+  }
+  collectMetadata() {
+    return {
+      hostname: process.env.HOSTNAME || void 0,
+      nodeVersion: process.version,
+      ciJobId: process.env.CI_JOB_ID || process.env.GITHUB_RUN_ID || void 0,
+      ciProvider: process.env.GITHUB_ACTIONS ? "github" : process.env.GITLAB_CI ? "gitlab" : process.env.CIRCLECI ? "circleci" : process.env.JENKINS_URL ? "jenkins" : void 0,
+      gitBranch: process.env.GITHUB_REF_NAME || process.env.CI_COMMIT_BRANCH || void 0,
+      gitCommit: process.env.GITHUB_SHA || process.env.CI_COMMIT_SHA || void 0
+    };
+  }
+  write(log) {
+    if (!existsSync(this.logDir)) {
+      mkdirSync(this.logDir, { recursive: true });
+    }
+    writeFileSync(this.logPath, JSON.stringify(log, null, 2));
+  }
+  hashContent(content) {
+    return createHash("sha256").update(content).digest("hex").substring(0, 16);
+  }
+  getCurrentUser() {
+    return process.env.USER || process.env.USERNAME || void 0;
+  }
+};
+// src/behavioral-warnings.ts
+var BEHAVIORAL_RULES = [
+  // Yup -> Zod: Type coercion differences
+  {
+    category: "type-coercion",
+    migrations: ["yup->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/yup\.(number|date)\s*\(\)/.test(text)) {
+        warnings.push({
+          category: "type-coercion",
+          message: "Yup silently coerces types; Zod rejects mismatches.",
+          detail: `Yup's number() accepts strings like "42" and coerces them. Zod's number() rejects strings. Use z.coerce.number() for equivalent behavior, especially for HTML form inputs which always return strings.`,
+          filePath,
+          severity: "warning",
+          migration: "yup->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Yup -> Zod: Form input string values
+  {
+    category: "form-input",
+    migrations: ["yup->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      const hasFormImport = /yupResolver|useFormik|from\s+['"]formik['"]|from\s+['"]@hookform/.test(
+        text
+      );
+      const hasNumberOrDate = /yup\.(number|date)\s*\(\)/.test(text);
+      if (hasFormImport && hasNumberOrDate) {
+        warnings.push({
+          category: "form-input",
+          message: "HTML inputs return strings \u2014 Zod will reject unless using z.coerce.*",
+          detail: 'HTML <input type="number"> returns strings. Yup coerces automatically, but Zod requires explicit coercion. Use z.coerce.number() or register({ valueAsNumber: true }) in React Hook Form.',
+          filePath,
+          severity: "error",
+          migration: "yup->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Joi -> Zod: Error handling paradigm shift
+  {
+    category: "error-handling",
+    migrations: ["joi->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.validate\s*\(/.test(text) && /[Jj]oi/.test(text)) {
+        warnings.push({
+          category: "error-handling",
+          message: "Joi .validate() returns { value, error }; Zod .parse() throws.",
+          detail: "Joi uses an inspection pattern: .validate() returns an object with value and error. Zod .parse() throws a ZodError on failure. Use .safeParse() for a non-throwing equivalent that returns { success, data, error }.",
+          filePath,
+          severity: "warning",
+          migration: "joi->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Joi -> Zod: Null handling differences
+  {
+    category: "null-handling",
+    migrations: ["joi->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.allow\s*\(\s*null\s*\)/.test(text)) {
+        warnings.push({
+          category: "null-handling",
+          message: "Joi .allow(null) vs Zod .nullable() have subtle differences.",
+          detail: 'Joi .allow(null) permits null alongside the base type. Zod .nullable() wraps the type in a union with null. Joi .allow("", null) has no single Zod equivalent \u2014 use z.union() or .transform().',
+          filePath,
+          severity: "info",
+          migration: "joi->zod"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod v3 -> v4: Default value behavior change
+  {
+    category: "default-values",
+    migrations: ["zod-v3->v4"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.default\s*\(/.test(text) && /\.optional\s*\(\)/.test(text)) {
+        warnings.push({
+          category: "default-values",
+          message: ".default() + .optional() behavior changed silently in Zod v4.",
+          detail: "In Zod v3, .default(val).optional() returned undefined when property was missing. In Zod v4, it always returns the default value. This can cause unexpected behavior in API responses and form handling.",
+          filePath,
+          severity: "error",
+          migration: "zod-v3->v4"
+        });
+      }
+      if (/\.catch\s*\(/.test(text) && /\.optional\s*\(\)/.test(text)) {
+        warnings.push({
+          category: "default-values",
+          message: ".catch() + .optional() behavior changed in Zod v4.",
+          detail: "In Zod v4, object properties with .catch() that are .optional() now always return the caught value, even when the property is missing from input.",
+          filePath,
+          severity: "warning",
+          migration: "zod-v3->v4"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod v3 -> v4: Error format differences
+  {
+    category: "error-format",
+    migrations: ["zod-v3->v4"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/ZodError/.test(text) && /instanceof\s+Error/.test(text)) {
+        warnings.push({
+          category: "error-format",
+          message: "ZodError no longer extends Error in Zod v4.",
+          detail: 'In Zod v4, ZodError no longer extends Error. Code using "instanceof Error" to catch ZodErrors will silently miss them. Use "instanceof ZodError" or z.isZodError() instead.',
+          filePath,
+          severity: "error",
+          migration: "zod-v3->v4"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod v3 -> v4: Validation behavior differences
+  {
+    category: "validation-behavior",
+    migrations: ["zod-v3->v4"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.transform\s*\(/.test(text) && /\.refine\s*\(/.test(text)) {
+        warnings.push({
+          category: "validation-behavior",
+          message: ".transform() after .refine() behavior changed in Zod v4.",
+          detail: "In Zod v4, .transform() after .refine() may execute even if the refinement fails. Previously, transform was skipped on refinement failure.",
+          filePath,
+          severity: "warning",
+          migration: "zod-v3->v4"
+        });
+      }
+      return warnings;
+    }
+  },
+  // Zod -> Valibot: Error handling differences
+  {
+    category: "error-handling",
+    migrations: ["zod->valibot"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\.parse\s*\(/.test(text) && /z\./.test(text)) {
+        warnings.push({
+          category: "error-handling",
+          message: "Zod .parse() throws ZodError; Valibot v.parse() throws ValiError.",
+          detail: "Error class and structure differ between Zod and Valibot. ZodError has .issues array; ValiError has .issues with different structure. Update all error handling code that inspects validation errors.",
+          filePath,
+          severity: "warning",
+          migration: "zod->valibot"
+        });
+      }
+      return warnings;
+    }
+  },
+  // io-ts -> Zod: Either monad vs throw/safeParse
+  {
+    category: "error-handling",
+    migrations: ["io-ts->zod"],
+    detect: (text, filePath) => {
+      const warnings = [];
+      if (/\bEither\b/.test(text) || /\b(fold|chain|map)\s*\(/.test(text)) {
+        warnings.push({
+          category: "error-handling",
+          message: "io-ts uses Either monad for errors; Zod uses throw/safeParse.",
+          detail: "io-ts returns Either<Errors, T> (Right for success, Left for failure). Zod .parse() throws, .safeParse() returns { success, data, error }. All fold/chain/map patterns over Either must be rewritten.",
+          filePath,
+          severity: "error",
+          migration: "io-ts->zod"
+        });
+      }
+      return warnings;
+    }
+  }
+];
+var BehavioralWarningAnalyzer = class {
+  analyze(sourceFiles, from, to) {
+    const migration = `${from}->${to}`;
+    const warnings = [];
+    const applicableRules = BEHAVIORAL_RULES.filter((r) => r.migrations.includes(migration));
+    for (const sourceFile of sourceFiles) {
+      const filePath = sourceFile.getFilePath();
+      const text = sourceFile.getFullText();
+      const hasSourceLib = this.fileUsesLibrary(sourceFile, from);
+      if (!hasSourceLib) continue;
+      for (const rule of applicableRules) {
+        const ruleWarnings = rule.detect(text, filePath);
+        warnings.push(...ruleWarnings);
+      }
+    }
+    const summary = this.generateSummary(warnings, migration);
+    return { warnings, migrationPath: migration, summary };
+  }
+  fileUsesLibrary(sourceFile, library) {
+    for (const imp of sourceFile.getImportDeclarations()) {
+      const detected = detectSchemaLibrary(imp.getModuleSpecifierValue());
+      if (detected === library) return true;
+      if (library === "zod-v3" && detected === "zod") return true;
+      if (library === "zod" && detected === "zod") return true;
+    }
+    return false;
+  }
+  generateSummary(warnings, migration) {
+    if (warnings.length === 0) {
+      return `No behavioral differences detected for ${migration} migration.`;
+    }
+    const errorCount = warnings.filter((w) => w.severity === "error").length;
+    const warningCount = warnings.filter((w) => w.severity === "warning").length;
+    const infoCount = warnings.filter((w) => w.severity === "info").length;
+    const parts = [];
+    if (errorCount > 0) parts.push(`${errorCount} critical`);
+    if (warningCount > 0) parts.push(`${warningCount} warnings`);
+    if (infoCount > 0) parts.push(`${infoCount} info`);
+    return `Found ${warnings.length} behavioral difference(s) for ${migration}: ${parts.join(", ")}. Review before migrating.`;
+  }
+};
+// src/bundle-estimator.ts
+var LIBRARY_SIZES = {
+  zod: { fullKb: 14, baseKb: 14, treeShakable: false },
+  "zod-v3": { fullKb: 14, baseKb: 14, treeShakable: false },
+  v4: { fullKb: 17.7, baseKb: 17.7, treeShakable: false },
+  "zod-v4": { fullKb: 17.7, baseKb: 17.7, treeShakable: false },
+  "zod-mini": { fullKb: 7.5, baseKb: 3.5, treeShakable: true },
+  yup: { fullKb: 13.6, baseKb: 13.6, treeShakable: false },
+  joi: { fullKb: 29.7, baseKb: 29.7, treeShakable: false },
+  "io-ts": { fullKb: 6.5, baseKb: 6.5, treeShakable: true },
+  valibot: { fullKb: 5.8, baseKb: 1.4, treeShakable: true }
+};
+var VALIDATOR_OVERHEAD = {
+  valibot: 0.05
+};
+var COMMON_VALIDATORS = /* @__PURE__ */ new Set([
+  "string",
+  "number",
+  "boolean",
+  "object",
+  "array",
+  "optional",
+  "nullable",
+  "enum",
+  "union",
+  "literal",
+  "date",
+  "email",
+  "url",
+  "uuid",
+  "min",
+  "max",
+  "regex",
+  "transform",
+  "refine",
+  "default",
+  "record",
+  "tuple",
+  "lazy",
+  "discriminatedUnion",
+  "intersection",
+  "partial",
+  "pick",
+  "omit",
+  "brand",
+  "pipe"
+]);
+var BundleEstimator = class {
+  estimate(sourceFiles, from, to) {
+    const usedValidators = this.countUsedValidators(sourceFiles);
+    const fromInfo = this.getLibraryInfo(from, usedValidators);
+    const toInfo = this.getLibraryInfo(to, usedValidators);
+    const estimatedDelta = toInfo.estimatedUsedKb - fromInfo.estimatedUsedKb;
+    const deltaPercent = fromInfo.estimatedUsedKb > 0 ? Math.round(estimatedDelta / fromInfo.estimatedUsedKb * 100) : 0;
+    const caveats = this.generateCaveats(from, to, usedValidators);
+    const summary = this.generateSummary(fromInfo, toInfo, estimatedDelta, deltaPercent);
+    return {
+      from: fromInfo,
+      to: toInfo,
+      estimatedDelta,
+      deltaPercent,
+      summary,
+      caveats
+    };
+  }
+  countUsedValidators(sourceFiles) {
+    const usedSet = /* @__PURE__ */ new Set();
+    for (const file of sourceFiles) {
+      const text = file.getFullText();
+      for (const validator of COMMON_VALIDATORS) {
+        const pattern = new RegExp(`\\.${validator}\\s*[(<]`, "g");
+        if (pattern.test(text)) {
+          usedSet.add(validator);
+        }
+      }
+    }
+    return usedSet.size;
+  }
+  getLibraryInfo(library, usedValidators) {
+    const sizeKey = library === "zod-v3" ? "zod" : library;
+    const sizes = LIBRARY_SIZES[sizeKey] ?? { fullKb: 10, baseKb: 10, treeShakable: false };
+    let estimatedUsedKb;
+    if (sizes.treeShakable) {
+      const overhead = VALIDATOR_OVERHEAD[sizeKey] ?? 0.05;
+      estimatedUsedKb = Math.min(sizes.baseKb + usedValidators * overhead, sizes.fullKb);
+    } else {
+      estimatedUsedKb = sizes.fullKb;
+    }
+    return {
+      library: sizeKey,
+      minifiedGzipKb: sizes.fullKb,
+      treeShakable: sizes.treeShakable,
+      estimatedUsedKb: Math.round(estimatedUsedKb * 10) / 10
+    };
+  }
+  generateCaveats(from, to, _usedValidators) {
+    const caveats = [
+      "Sizes are estimates based on minified+gzipped bundle analysis.",
+      "Actual impact depends on bundler configuration, tree-shaking, and code splitting."
+    ];
+    if (to === "valibot") {
+      caveats.push(
+        "Valibot is fully tree-shakable \u2014 actual size depends on which validators you use."
+      );
+      caveats.push(
+        "Some developers report smaller-than-expected savings (6kB or less) in real projects."
+      );
+    }
+    if (from === "zod-v3" && to === "v4") {
+      caveats.push(
+        "Zod v4 is ~26% larger than v3 due to JIT compilation engine. Consider zod/mini for size-sensitive apps."
+      );
+    }
+    if (from === "joi") {
+      caveats.push(
+        "Joi is the largest schema library. Any migration will likely reduce bundle size."
+      );
+    }
+    return caveats;
+  }
+  generateSummary(from, to, delta, deltaPercent) {
+    const direction = delta > 0 ? "increase" : delta < 0 ? "decrease" : "no change";
+    const absDelta = Math.abs(Math.round(delta * 10) / 10);
+    return `Estimated bundle ${direction}: ${from.library} (${from.estimatedUsedKb}kB) \u2192 ${to.library} (${to.estimatedUsedKb}kB) = ${delta > 0 ? "+" : delta < 0 ? "-" : ""}${absDelta}kB (${deltaPercent > 0 ? "+" : ""}${deltaPercent}%)`;
+  }
+};
 // src/chain.ts
 import { Project as Project2 } from "ts-morph";
 var MigrationChain = class {
@@ -330,12 +848,12 @@ var MigrationChain = class {
 };
 // src/compatibility.ts
-import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
-import { join as join2 } from "path";
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
+import { join as join3 } from "path";
 // src/ecosystem.ts
-import { existsSync, readFileSync } from "fs";
-import { join } from "path";
+import { existsSync as existsSync2, readFileSync as readFileSync2 } from "fs";
+import { join as join2 } from "path";
 var ECOSYSTEM_RULES = [
   // ORM integrations
   {
@@ -488,6 +1006,177 @@ var ECOSYSTEM_RULES = [
       severity: "warning",
       upgradeCommand: "npm install @asteasolutions/zod-to-openapi@latest"
     })
+  },
+  // AI/MCP integrations
+  {
+    package: "@modelcontextprotocol/sdk",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "MCP SDK may have Zod v4 compatibility issues. MCP servers typically expect Zod v3 schemas.",
+      suggestion: "Check MCP SDK release notes for Zod v4 support before upgrading. Consider staying on Zod v3 for MCP servers.",
+      severity: "warning",
+      upgradeCommand: "npm install @modelcontextprotocol/sdk@latest"
+    })
+  },
+  {
+    package: "@openai/agents",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "OpenAI Agents SDK recommends pinning to zod@3.25.67 due to TS2589 errors with newer versions.",
+      suggestion: "Pin zod to 3.25.67 for OpenAI Agents SDK compatibility, or wait for an SDK update with Zod v4 support.",
+      severity: "error"
+    })
+  },
+  // Zod-based HTTP/API clients
+  {
+    package: "zodios",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "Zodios uses Zod schemas for API contract definitions. Zod v4 type changes may break contracts.",
+      suggestion: "Upgrade Zodios to a Zod v4-compatible version and verify all API contracts.",
+      severity: "warning",
+      upgradeCommand: "npm install @zodios/core@latest"
+    })
+  },
+  {
+    package: "@zodios/core",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "@zodios/core uses Zod schemas for API contract definitions. Zod v4 type changes may break contracts.",
+      suggestion: "Upgrade @zodios/core to a Zod v4-compatible version and verify all API contracts.",
+      severity: "warning",
+      upgradeCommand: "npm install @zodios/core@latest"
+    })
+  },
+  {
+    package: "@ts-rest/core",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "@ts-rest/core uses Zod for contract definitions. Zod v4 type incompatibilities may break runtime validation.",
+      suggestion: "Upgrade @ts-rest/core to a version with Zod v4 support.",
+      severity: "warning",
+      upgradeCommand: "npm install @ts-rest/core@latest"
+    })
+  },
+  {
+    package: "trpc-openapi",
+    category: "openapi",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "trpc-openapi needs a v4-compatible version for Zod v4.",
+      suggestion: "Check for a Zod v4-compatible version of trpc-openapi before upgrading.",
+      severity: "warning",
+      upgradeCommand: "npm install trpc-openapi@latest"
+    })
+  },
+  // Form data and URL state libraries
+  {
+    package: "zod-form-data",
+    category: "form",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "zod-form-data relies on Zod v3 internals (_def) which moved to _zod.def in v4.",
+      suggestion: "Upgrade zod-form-data to a Zod v4-compatible version.",
+      severity: "error",
+      upgradeCommand: "npm install zod-form-data@latest"
+    })
+  },
+  {
+    package: "@conform-to/zod",
+    category: "form",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "@conform-to/zod may have Zod v4 compatibility issues.",
+      suggestion: "Upgrade @conform-to/zod to the latest version with Zod v4 support.",
+      severity: "warning",
+      upgradeCommand: "npm install @conform-to/zod@latest"
+    })
+  },
+  {
+    package: "nuqs",
+    category: "validation-util",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "nuqs uses Zod for URL state parsing. Zod v4 changes may affect URL parameter validation.",
+      suggestion: "Upgrade nuqs to a version with Zod v4 support.",
+      severity: "warning",
+      upgradeCommand: "npm install nuqs@latest"
+    })
+  },
+  // Schema library detection for cross-library migrations
+  {
+    package: "@effect/schema",
+    category: "validation-util",
+    migrations: ["io-ts->zod"],
+    check: () => ({
+      issue: "@effect/schema detected \u2014 this is the successor to io-ts/fp-ts. Consider migrating to Effect Schema instead of Zod if you prefer FP patterns.",
+      suggestion: "If using fp-ts patterns heavily, consider Effect Schema as the migration target instead of Zod.",
+      severity: "info"
+    })
+  },
+  {
+    package: "arktype",
+    category: "validation-util",
+    migrations: ["zod->valibot", "zod-v3->v4"],
+    check: (_version, migration) => {
+      if (migration === "zod->valibot") {
+        return {
+          issue: "ArkType detected alongside Zod. Consider ArkType as a migration target \u2014 it offers 100x faster validation and Standard Schema support.",
+          suggestion: "Consider migrating to ArkType for performance-critical paths, or keep Zod for ecosystem compatibility.",
+          severity: "info"
+        };
+      }
+      return {
+        issue: "ArkType detected alongside Zod. ArkType supports Standard Schema, making it interoperable with Zod v4.",
+        suggestion: "No action needed \u2014 ArkType and Zod v4 can coexist via Standard Schema.",
+        severity: "info"
+      };
+    }
+  },
+  {
+    package: "superstruct",
+    category: "validation-util",
+    migrations: ["yup->zod", "joi->zod"],
+    check: () => ({
+      issue: "Superstruct detected in the project. Consider migrating Superstruct schemas to Zod as well for a unified validation approach.",
+      suggestion: "Use SchemaShift to migrate Superstruct schemas alongside Yup/Joi schemas.",
+      severity: "info"
+    })
+  },
+  // Additional validation utilities
+  {
+    package: "zod-to-json-schema",
+    category: "validation-util",
+    migrations: ["zod-v3->v4"],
+    check: (version) => {
+      const majorMatch = version.match(/(\d+)/);
+      const major = majorMatch?.[1] ? Number.parseInt(majorMatch[1], 10) : 0;
+      if (major < 4) {
+        return {
+          issue: "zod-to-json-schema v3 may not fully support Zod v4 schemas.",
+          suggestion: "Upgrade to zod-to-json-schema v4+ for full Zod v4 support.",
+          severity: "warning",
+          upgradeCommand: "npm install zod-to-json-schema@latest"
+        };
+      }
+      return null;
+    }
+  },
+  {
+    package: "react-hook-form",
+    category: "form",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "React Hook Form with zodResolver may throw uncaught ZodError instead of populating formState.errors with Zod v4.",
+      suggestion: "Upgrade @hookform/resolvers to the latest version and test form validation thoroughly.",
+      severity: "warning",
+      upgradeCommand: "npm install @hookform/resolvers@latest react-hook-form@latest"
+    })
   }
 ];
 var EcosystemAnalyzer = class {
@@ -496,13 +1185,13 @@ var EcosystemAnalyzer = class {
     const dependencies = [];
     const warnings = [];
     const blockers = [];
-    const pkgPath = join(projectPath, "package.json");
-    if (!existsSync(pkgPath)) {
+    const pkgPath = join2(projectPath, "package.json");
+    if (!existsSync2(pkgPath)) {
       return { dependencies, warnings, blockers };
     }
     let allDeps = {};
     try {
-      const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+      const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
       allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
     } catch {
       return { dependencies, warnings, blockers };
@@ -532,6 +1221,20 @@ var EcosystemAnalyzer = class {
     }
     return { dependencies, warnings, blockers };
   }
+  /**
+   * Returns a list of npm install commands needed to resolve ecosystem issues.
+   */
+  getUpgradeCommands(report) {
+    const commands = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const dep of report.dependencies) {
+      if (dep.upgradeCommand && !seen.has(dep.upgradeCommand)) {
+        seen.add(dep.upgradeCommand);
+        commands.push(dep.upgradeCommand);
+      }
+    }
+    return commands;
+  }
 };
 // src/compatibility.ts
@@ -609,10 +1312,10 @@ var CompatibilityAnalyzer = class {
   ecosystemAnalyzer = new EcosystemAnalyzer();
   detectVersions(projectPath) {
     const versions = [];
-    const pkgPath = join2(projectPath, "package.json");
-    if (!existsSync2(pkgPath)) return versions;
+    const pkgPath = join3(projectPath, "package.json");
+    if (!existsSync3(pkgPath)) return versions;
     try {
-      const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
+      const pkg = JSON.parse(readFileSync3(pkgPath, "utf-8"));
       const knownLibs = ["zod", "yup", "joi", "io-ts", "valibot"];
       const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
       for (const lib of knownLibs) {
@@ -834,8 +1537,8 @@ async function loadConfig(configPath) {
 }
 // src/dependency-graph.ts
-import { existsSync as existsSync3, readdirSync, readFileSync as readFileSync3 } from "fs";
-import { join as join3, resolve } from "path";
+import { existsSync as existsSync4, readdirSync, readFileSync as readFileSync4 } from "fs";
+import { join as join4, resolve } from "path";
 var SchemaDependencyResolver = class {
   resolve(project, filePaths) {
     const fileSet = new Set(filePaths);
@@ -922,39 +1625,96 @@ var SchemaDependencyResolver = class {
   }
 };
 var SCHEMA_PACKAGES = /* @__PURE__ */ new Set(["zod", "yup", "joi", "io-ts", "valibot", "@effect/schema"]);
+function computeParallelBatches(packages, suggestedOrder) {
+  const nameSet = new Set(packages.map((p) => p.name));
+  const depMap = /* @__PURE__ */ new Map();
+  for (const pkg of packages) {
+    depMap.set(pkg.name, new Set(pkg.dependencies.filter((d) => nameSet.has(d))));
+  }
+  const depths = /* @__PURE__ */ new Map();
+  const getDepth = (name, visited) => {
+    const cached = depths.get(name);
+    if (cached !== void 0) return cached;
+    if (visited.has(name)) return 0;
+    visited.add(name);
+    const deps = depMap.get(name) ?? /* @__PURE__ */ new Set();
+    let maxDepth = 0;
+    for (const dep of deps) {
+      maxDepth = Math.max(maxDepth, getDepth(dep, visited) + 1);
+    }
+    depths.set(name, maxDepth);
+    return maxDepth;
+  };
+  for (const name of suggestedOrder) {
+    getDepth(name, /* @__PURE__ */ new Set());
+  }
+  const batchMap = /* @__PURE__ */ new Map();
+  for (const name of suggestedOrder) {
+    const depth = depths.get(name) ?? 0;
+    const batch = batchMap.get(depth) ?? [];
+    batch.push(name);
+    batchMap.set(depth, batch);
+  }
+  const batches = [];
+  const sortedDepths = [...batchMap.keys()].sort((a, b) => a - b);
+  for (const depth of sortedDepths) {
+    const pkgs = batchMap.get(depth);
+    if (pkgs) batches.push({ index: batches.length, packages: pkgs });
+  }
+  return batches;
+}
 var MonorepoResolver = class {
   detect(projectPath) {
-    const pkgPath = join3(projectPath, "package.json");
-    if (!existsSync3(pkgPath)) return false;
-    try {
-      const pkg = JSON.parse(readFileSync3(pkgPath, "utf-8"));
-      return !!pkg.workspaces;
-    } catch {
-      return false;
+    const pkgPath = join4(projectPath, "package.json");
+    if (existsSync4(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        if (pkg.workspaces) return true;
+      } catch {
+      }
     }
+    if (existsSync4(join4(projectPath, "pnpm-workspace.yaml"))) return true;
+    return false;
+  }
+  /**
+   * Detect which workspace manager is being used.
+   */
+  detectManager(projectPath) {
+    if (existsSync4(join4(projectPath, "pnpm-workspace.yaml"))) return "pnpm";
+    const pkgPath = join4(projectPath, "package.json");
+    if (existsSync4(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        if (pkg.packageManager?.startsWith("yarn")) return "yarn";
+        if (pkg.packageManager?.startsWith("pnpm")) return "pnpm";
+      } catch {
+      }
+    }
+    if (existsSync4(join4(projectPath, "pnpm-lock.yaml"))) return "pnpm";
+    if (existsSync4(join4(projectPath, "yarn.lock"))) return "yarn";
+    return "npm";
   }
   analyze(projectPath) {
-    const pkgPath = join3(projectPath, "package.json");
-    if (!existsSync3(pkgPath)) {
+    const pkgPath = join4(projectPath, "package.json");
+    if (!existsSync4(pkgPath)) {
       return { isMonorepo: false, packages: [], suggestedOrder: [] };
     }
     let workspaceGlobs;
     try {
-      const pkg = JSON.parse(readFileSync3(pkgPath, "utf-8"));
-      if (!pkg.workspaces) {
+      workspaceGlobs = this.resolveWorkspaceGlobs(projectPath);
+      if (workspaceGlobs.length === 0) {
         return { isMonorepo: false, packages: [], suggestedOrder: [] };
       }
-      workspaceGlobs = Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces.packages;
     } catch {
       return { isMonorepo: false, packages: [], suggestedOrder: [] };
     }
     const packages = [];
     const resolvedDirs = this.resolveWorkspaceDirs(projectPath, workspaceGlobs);
     for (const dir of resolvedDirs) {
-      const wsPkgPath = join3(dir, "package.json");
-      if (!existsSync3(wsPkgPath)) continue;
+      const wsPkgPath = join4(dir, "package.json");
+      if (!existsSync4(wsPkgPath)) continue;
       try {
-        const wsPkg = JSON.parse(readFileSync3(wsPkgPath, "utf-8"));
+        const wsPkg = JSON.parse(readFileSync4(wsPkgPath, "utf-8"));
         if (!wsPkg.name) continue;
         const allDeps = { ...wsPkg.dependencies, ...wsPkg.devDependencies };
         const depNames = Object.keys(allDeps);
@@ -993,18 +1753,70 @@ var MonorepoResolver = class {
     }
     return sorted;
   }
+  /**
+   * Resolve workspace glob patterns from any supported format.
+   * Supports: npm/yarn workspaces (package.json), pnpm-workspace.yaml
+   */
+  resolveWorkspaceGlobs(projectPath) {
+    const pnpmPath = join4(projectPath, "pnpm-workspace.yaml");
+    if (existsSync4(pnpmPath)) {
+      return this.parsePnpmWorkspace(pnpmPath);
+    }
+    const pkgPath = join4(projectPath, "package.json");
+    if (existsSync4(pkgPath)) {
+      try {
+        const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+        if (pkg.workspaces) {
+          return Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces.packages;
+        }
+      } catch {
+      }
+    }
+    return [];
+  }
+  /**
+   * Parse pnpm-workspace.yaml to extract workspace package globs.
+   * Simple YAML parsing for the common format:
+   * ```
+   * packages:
+   *   - 'packages/*'
+   *   - 'apps/*'
+   * ```
+   */
+  parsePnpmWorkspace(filePath) {
+    const content = readFileSync4(filePath, "utf-8");
+    const globs = [];
+    let inPackages = false;
+    for (const line of content.split("\n")) {
+      const trimmed = line.trim();
+      if (trimmed === "packages:") {
+        inPackages = true;
+        continue;
+      }
+      if (inPackages && /^\w/.test(trimmed) && !trimmed.startsWith("-")) {
+        break;
+      }
+      if (inPackages && trimmed.startsWith("-")) {
+        const pattern = trimmed.replace(/^-\s*/, "").replace(/^['"]|['"]$/g, "");
+        if (pattern) {
+          globs.push(pattern);
+        }
+      }
+    }
+    return globs;
+  }
   resolveWorkspaceDirs(projectPath, globs) {
     const dirs = [];
     for (const glob of globs) {
       const clean = glob.replace(/\/?\*$/, "");
       const base = resolve(projectPath, clean);
-      if (!existsSync3(base)) continue;
+      if (!existsSync4(base)) continue;
       if (glob.endsWith("*")) {
         try {
           const entries = readdirSync(base, { withFileTypes: true });
           for (const entry of entries) {
             if (entry.isDirectory()) {
-              dirs.push(join3(base, entry.name));
+              dirs.push(join4(base, entry.name));
             }
           }
         } catch {
@@ -1018,8 +1830,8 @@ var MonorepoResolver = class {
 };
 // src/detailed-analyzer.ts
-import { existsSync as existsSync4, readFileSync as readFileSync4 } from "fs";
-import { join as join4 } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
+import { join as join5 } from "path";
 var COMPLEXITY_CHAIN_WEIGHT = 2;
 var COMPLEXITY_DEPTH_WEIGHT = 3;
 var COMPLEXITY_VALIDATION_WEIGHT = 1;
@@ -1084,10 +1896,10 @@ var DetailedAnalyzer = class {
   }
   detectLibraryVersions(projectPath) {
     const versions = [];
-    const pkgPath = join4(projectPath, "package.json");
-    if (!existsSync4(pkgPath)) return versions;
+    const pkgPath = join5(projectPath, "package.json");
+    if (!existsSync5(pkgPath)) return versions;
     try {
-      const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+      const pkg = JSON.parse(readFileSync5(pkgPath, "utf-8"));
       const knownLibs = ["zod", "yup", "joi", "io-ts", "valibot"];
       const allDeps = {
         ...pkg.dependencies,
@@ -1260,6 +2072,165 @@ var DetailedAnalyzer = class {
   }
 };
+// src/drift-detector.ts
+import { createHash as createHash2 } from "crypto";
+import { existsSync as existsSync6, mkdirSync as mkdirSync2, readFileSync as readFileSync6, writeFileSync as writeFileSync2 } from "fs";
+import { join as join6, relative } from "path";
+var SNAPSHOT_DIR = ".schemashift";
+var SNAPSHOT_FILE = "schema-snapshot.json";
+var SNAPSHOT_VERSION = 1;
+var DriftDetector = class {
+  snapshotDir;
+  snapshotPath;
+  constructor(projectPath) {
+    this.snapshotDir = join6(projectPath, SNAPSHOT_DIR);
+    this.snapshotPath = join6(this.snapshotDir, SNAPSHOT_FILE);
+  }
+  /**
+   * Take a snapshot of the current schema state
+   */
+  snapshot(files, projectPath) {
+    const schemas = [];
+    for (const filePath of files) {
+      if (!existsSync6(filePath)) continue;
+      const content = readFileSync6(filePath, "utf-8");
+      const library = this.detectLibraryFromContent(content);
+      if (library === "unknown") continue;
+      const schemaNames = this.extractSchemaNames(content);
+      schemas.push({
+        filePath: relative(projectPath, filePath),
+        library,
+        contentHash: this.hashContent(content),
+        schemaCount: schemaNames.length,
+        schemaNames
+      });
+    }
+    const snapshot = {
+      version: SNAPSHOT_VERSION,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      projectPath,
+      schemas
+    };
+    return snapshot;
+  }
+  /**
+   * Save a snapshot to disk
+   */
+  saveSnapshot(snapshot) {
+    if (!existsSync6(this.snapshotDir)) {
+      mkdirSync2(this.snapshotDir, { recursive: true });
+    }
+    writeFileSync2(this.snapshotPath, JSON.stringify(snapshot, null, 2));
+  }
+  /**
+   * Load saved snapshot from disk
+   */
+  loadSnapshot() {
+    if (!existsSync6(this.snapshotPath)) {
+      return null;
+    }
+    try {
+      const content = readFileSync6(this.snapshotPath, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Compare current state against saved snapshot
+   */
+  detect(currentFiles, projectPath) {
+    const saved = this.loadSnapshot();
+    if (!saved) {
+      return {
+        hasDrift: false,
+        added: [],
+        removed: [],
+        modified: [],
+        unchanged: 0,
+        totalFiles: 0,
+        snapshotTimestamp: ""
+      };
+    }
+    const current = this.snapshot(currentFiles, projectPath);
+    return this.compareSnapshots(saved, current);
+  }
+  /**
+   * Compare two snapshots and return drift results
+   */
+  compareSnapshots(baseline, current) {
+    const baselineMap = new Map(baseline.schemas.map((s) => [s.filePath, s]));
+    const currentMap = new Map(current.schemas.map((s) => [s.filePath, s]));
+    const added = [];
+    const removed = [];
+    const modified = [];
+    let unchanged = 0;
+    for (const [path, currentFile] of currentMap) {
+      const baselineFile = baselineMap.get(path);
+      if (!baselineFile) {
+        added.push(currentFile);
+      } else if (currentFile.contentHash !== baselineFile.contentHash) {
+        const addedSchemas = currentFile.schemaNames.filter(
+          (n) => !baselineFile.schemaNames.includes(n)
+        );
+        const removedSchemas = baselineFile.schemaNames.filter(
+          (n) => !currentFile.schemaNames.includes(n)
+        );
+        modified.push({
+          filePath: path,
+          library: currentFile.library,
+          previousHash: baselineFile.contentHash,
+          currentHash: currentFile.contentHash,
+          previousSchemaCount: baselineFile.schemaCount,
+          currentSchemaCount: currentFile.schemaCount,
+          addedSchemas,
+          removedSchemas
+        });
+      } else {
+        unchanged++;
+      }
+    }
+    for (const [path, baselineFile] of baselineMap) {
+      if (!currentMap.has(path)) {
+        removed.push(baselineFile);
+      }
+    }
+    return {
+      hasDrift: added.length > 0 || removed.length > 0 || modified.length > 0,
+      added,
+      removed,
+      modified,
+      unchanged,
+      totalFiles: currentMap.size,
+      snapshotTimestamp: baseline.timestamp
+    };
+  }
+  extractSchemaNames(content) {
+    const names = [];
+    const pattern = /(?:const|let|var)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|t\.|v\.|type\(|object\(|string\(|S\.)/g;
+    for (const match of content.matchAll(pattern)) {
+      if (match[1]) names.push(match[1]);
+    }
+    return names;
+  }
+  detectLibraryFromContent(content) {
+    if (/from\s*['"]zod['"]/.test(content) || /\bz\./.test(content)) return "zod";
+    if (/from\s*['"]yup['"]/.test(content) || /\byup\./.test(content)) return "yup";
+    if (/from\s*['"]joi['"]/.test(content) || /\bJoi\./.test(content)) return "joi";
+    if (/from\s*['"]io-ts['"]/.test(content) || /\bt\./.test(content) && /from\s*['"]io-ts/.test(content))
+      return "io-ts";
+    if (/from\s*['"]valibot['"]/.test(content) || /\bv\./.test(content) && /from\s*['"]valibot/.test(content))
+      return "valibot";
+    if (/from\s*['"]arktype['"]/.test(content)) return "arktype";
+    if (/from\s*['"]superstruct['"]/.test(content)) return "superstruct";
+    if (/from\s*['"]@effect\/schema['"]/.test(content)) return "effect";
+    return "unknown";
+  }
+  hashContent(content) {
+    return createHash2("sha256").update(content).digest("hex").substring(0, 16);
+  }
+};
 // src/form-resolver-migrator.ts
 var RESOLVER_MAPPINGS = {
   "yup->zod": [
@@ -1347,6 +2318,7 @@ var FormResolverMigrator = class {
 // src/governance.ts
 var GovernanceEngine = class {
   rules = /* @__PURE__ */ new Map();
+  customRuleFunctions = /* @__PURE__ */ new Map();
   configure(rules) {
     this.rules.clear();
     for (const [name, config] of Object.entries(rules)) {
@@ -1355,6 +2327,13 @@ var GovernanceEngine = class {
       }
     }
   }
+  /**
+   * Register a custom governance rule function.
+   * Custom rules are executed per-file alongside built-in rules.
+   */
+  registerRule(name, fn) {
+    this.customRuleFunctions.set(name, fn);
+  }
   analyze(project) {
     const violations = [];
     let schemasChecked = 0;
@@ -1430,6 +2409,104 @@ var GovernanceEngine = class {
             });
           }
         }
+        if (this.rules.has("require-safeParse")) {
+          if (text.includes(".parse(") && !text.includes(".safeParse(")) {
+            violations.push({
+              rule: "require-safeParse",
+              message: `Schema "${schemaName}" uses .parse() \u2014 prefer .safeParse() for safer error handling`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+        if (this.rules.has("require-description")) {
+          if (!text.includes(".describe(")) {
+            violations.push({
+              rule: "require-description",
+              message: `Schema "${schemaName}" missing .describe() \u2014 add a description for documentation`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+        if (this.rules.has("no-coerce-in-api")) {
+          if (/\.coerce\./.test(text)) {
+            violations.push({
+              rule: "no-coerce-in-api",
+              message: `Schema "${schemaName}" uses z.coerce.* \u2014 coercion in API validation is a security risk`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "error",
+              fixable: false
+            });
+          }
+        }
+        if (this.rules.has("require-max-length")) {
+          if (text.includes(".string()") && !text.includes(".max(") && !text.includes(".length(")) {
+            violations.push({
+              rule: "require-max-length",
+              message: `Schema "${schemaName}" has string without max length \u2014 required for DoS prevention`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "error",
+              fixable: true
+            });
+          }
+        }
+        if (this.rules.has("max-nesting-depth")) {
+          const config = this.rules.get("max-nesting-depth") ?? {};
+          const maxDepth = config.threshold ?? 5;
+          const depth = this.measureNestingDepth(text);
+          if (depth > maxDepth) {
+            violations.push({
+              rule: "max-nesting-depth",
+              message: `Schema "${schemaName}" nesting depth (${depth}) exceeds limit (${maxDepth})`,
+              filePath,
+              lineNumber,
+              schemaName,
+              severity: "warning",
+              fixable: false
+            });
+          }
+        }
+      }
+    }
+    for (const sourceFile of project.getSourceFiles()) {
+      const library = this.detectFileLibrary(sourceFile);
+      if (library === "unknown") continue;
+      const filePath = sourceFile.getFilePath();
+      const text = sourceFile.getFullText();
+      if (this.rules.has("no-dynamic-schemas")) {
+        const dynamicPatterns = this.detectDynamicSchemas(text, library);
+        for (const lineNumber of dynamicPatterns) {
+          violations.push({
+            rule: "no-dynamic-schemas",
+            message: "Schema created inside function body \u2014 move to module level for performance",
+            filePath,
+            lineNumber,
+            schemaName: "(dynamic)",
+            severity: "warning",
+            fixable: false
+          });
+        }
+      }
+    }
+    for (const [ruleName, ruleFn] of this.customRuleFunctions) {
+      const config = this.rules.get(ruleName);
+      if (!config) continue;
+      for (const sourceFile of project.getSourceFiles()) {
+        const library = this.detectFileLibrary(sourceFile);
+        if (library === "unknown") continue;
+        const ruleViolations = ruleFn(sourceFile, config);
+        violations.push(...ruleViolations);
       }
     }
     return {
@@ -1446,6 +2523,57 @@ var GovernanceEngine = class {
     }
     return "unknown";
   }
+  measureNestingDepth(text) {
+    let maxDepth = 0;
+    let current = 0;
+    for (const char of text) {
+      if (char === "(") {
+        current++;
+        if (current > maxDepth) maxDepth = current;
+      } else if (char === ")") {
+        current--;
+      }
+    }
+    return maxDepth;
+  }
+  detectDynamicSchemas(text, library) {
+    const lineNumbers = [];
+    const prefix = this.getSchemaPrefix(library);
+    if (!prefix) return lineNumbers;
+    const lines = text.split("\n");
+    let insideFunction = 0;
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i] ?? "";
+      const opens = (line.match(/\{/g) || []).length;
+      const closes = (line.match(/\}/g) || []).length;
+      if (/(?:function\s+\w+|=>)\s*\{/.test(line)) {
+        insideFunction += opens;
+        insideFunction -= closes;
+        continue;
+      }
+      insideFunction += opens - closes;
+      if (insideFunction > 0 && line.includes(prefix)) {
+        lineNumbers.push(i + 1);
+      }
+    }
+    return lineNumbers;
+  }
+  getSchemaPrefix(library) {
+    switch (library) {
+      case "zod":
+        return "z.";
+      case "yup":
+        return "yup.";
+      case "joi":
+        return "Joi.";
+      case "io-ts":
+        return "t.";
+      case "valibot":
+        return "v.";
+      default:
+        return null;
+    }
+  }
   isSchemaExpression(text, library) {
     switch (library) {
       case "zod":
@@ -1464,17 +2592,265 @@ var GovernanceEngine = class {
   }
 };
+// src/governance-templates.ts
+var GOVERNANCE_TEMPLATES = [
+  {
+    name: "no-any-schemas",
+    description: "Disallow z.any(), yup.mixed() without constraints, and similar unrestricted types",
+    category: "security",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      const anyPatterns = [
+        /\bz\.any\(\)/,
+        /\byup\.mixed\(\)/,
+        /\bt\.any\b/,
+        /\bv\.any\(\)/,
+        /\bunknown\(\)/
+      ];
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        for (const pattern of anyPatterns) {
+          if (pattern.test(line)) {
+            violations.push({
+              rule: "no-any-schemas",
+              message: "Unrestricted type (any/mixed/unknown) found. Use a specific type with constraints.",
+              filePath,
+              lineNumber: i + 1,
+              schemaName: "",
+              severity: "error",
+              fixable: false
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "require-descriptions",
+    description: "All exported schemas must have .describe() for documentation",
+    category: "quality",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (/export\s+(const|let)\s+\w+.*=\s*(z\.|yup\.)/.test(line)) {
+          let fullStatement = line;
+          let j = i + 1;
+          while (j < lines.length && !lines[j]?.includes(";") && j < i + 10) {
+            fullStatement += lines[j] ?? "";
+            j++;
+          }
+          if (j < lines.length) fullStatement += lines[j] ?? "";
+          if (!fullStatement.includes(".describe(")) {
+            const nameMatch = line.match(/(?:const|let)\s+(\w+)/);
+            violations.push({
+              rule: "require-descriptions",
+              message: `Exported schema ${nameMatch?.[1] || "unknown"} should include .describe() for documentation.`,
+              filePath,
+              lineNumber: i + 1,
+              schemaName: nameMatch?.[1] || "",
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "max-nesting-depth",
+    description: "Limit schema nesting depth to prevent TypeScript performance issues",
+    category: "performance",
+    rule: (sourceFile, config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const maxDepth = config.threshold || 5;
+      const lines = text.split("\n");
+      let currentDepth = 0;
+      let maxFoundDepth = 0;
+      let deepestLine = 0;
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        for (const char of line) {
+          if (char === "(" || char === "{" || char === "[") {
+            currentDepth++;
+            if (currentDepth > maxFoundDepth) {
+              maxFoundDepth = currentDepth;
+              deepestLine = i + 1;
+            }
+          }
+          if (char === ")" || char === "}" || char === "]") {
+            currentDepth = Math.max(0, currentDepth - 1);
+          }
+        }
+      }
+      if (maxFoundDepth > maxDepth) {
+        violations.push({
+          rule: "max-nesting-depth",
+          message: `Schema nesting depth ${maxFoundDepth} exceeds maximum of ${maxDepth}. Consider breaking into smaller schemas.`,
+          filePath,
+          lineNumber: deepestLine,
+          schemaName: "",
+          severity: "warning",
+          fixable: false
+        });
+      }
+      return violations;
+    }
+  },
+  {
+    name: "no-deprecated-methods",
+    description: "Flag usage of deprecated schema methods",
+    category: "quality",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      const deprecatedPatterns = [
+        {
+          pattern: /\.deepPartial\(\)/,
+          message: ".deepPartial() is removed in Zod v4. Use recursive .partial() instead."
+        },
+        {
+          pattern: /\.strip\(\)/,
+          message: ".strip() is deprecated. Use z.strictObject() or explicit stripping."
+        },
+        {
+          pattern: /z\.promise\(/,
+          message: "z.promise() is deprecated in Zod v4. Use native Promise types."
+        },
+        {
+          pattern: /z\.ostring\(\)/,
+          message: "z.ostring() is removed in Zod v4. Use z.string().optional()."
+        },
+        {
+          pattern: /z\.onumber\(\)/,
+          message: "z.onumber() is removed in Zod v4. Use z.number().optional()."
+        },
+        {
+          pattern: /z\.oboolean\(\)/,
+          message: "z.oboolean() is removed in Zod v4. Use z.boolean().optional()."
+        },
+        {
+          pattern: /z\.preprocess\(/,
+          message: "z.preprocess() is removed in Zod v4. Use z.coerce.* instead."
+        }
+      ];
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        for (const { pattern, message } of deprecatedPatterns) {
+          if (pattern.test(line)) {
+            violations.push({
+              rule: "no-deprecated-methods",
+              message,
+              filePath,
+              lineNumber: i + 1,
+              schemaName: "",
+              severity: "warning",
+              fixable: false
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "naming-convention",
+    description: "Enforce schema naming pattern (e.g., must end with Schema)",
+    category: "quality",
+    rule: (sourceFile, config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      const pattern = new RegExp(config.pattern || ".*Schema$");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        const match = line.match(
+          /(?:const|let)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|t\.|v\.|type\(|object\(|string\()/
+        );
+        if (match?.[1] && !pattern.test(match[1])) {
+          violations.push({
+            rule: "naming-convention",
+            message: `Schema "${match[1]}" does not match naming pattern ${pattern.source}.`,
+            filePath,
+            lineNumber: i + 1,
+            schemaName: match[1],
+            severity: "warning",
+            fixable: false
+          });
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "require-max-length",
+    description: "String schemas must have .max() to prevent DoS via unbounded input",
+    category: "security",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (/z\.string\(\)/.test(line) && !line.includes(".max(") && !line.includes(".length(")) {
+          let fullChain = line;
+          let j = i + 1;
+          while (j < lines.length && j < i + 5 && /^\s*\./.test(lines[j] ?? "")) {
+            fullChain += lines[j] ?? "";
+            j++;
+          }
+          if (!fullChain.includes(".max(") && !fullChain.includes(".length(")) {
+            violations.push({
+              rule: "require-max-length",
+              message: "String schema should have .max() to prevent unbounded input (DoS protection).",
+              filePath,
+              lineNumber: i + 1,
+              schemaName: "",
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  }
+];
+function getGovernanceTemplate(name) {
+  return GOVERNANCE_TEMPLATES.find((t) => t.name === name);
+}
+function getGovernanceTemplatesByCategory(category) {
+  return GOVERNANCE_TEMPLATES.filter((t) => t.category === category);
+}
+function getGovernanceTemplateNames() {
+  return GOVERNANCE_TEMPLATES.map((t) => t.name);
+}
 // src/incremental.ts
-import { existsSync as existsSync5, mkdirSync, readFileSync as readFileSync5, writeFileSync } from "fs";
-import { join as join5 } from "path";
+import { existsSync as existsSync7, mkdirSync as mkdirSync3, readFileSync as readFileSync7, unlinkSync, writeFileSync as writeFileSync3 } from "fs";
+import { join as join7 } from "path";
 var STATE_DIR = ".schemashift";
 var STATE_FILE = "incremental.json";
 var IncrementalTracker = class {
   stateDir;
   statePath;
   constructor(projectPath) {
-    this.stateDir = join5(projectPath, STATE_DIR);
-    this.statePath = join5(this.stateDir, STATE_FILE);
+    this.stateDir = join7(projectPath, STATE_DIR);
+    this.statePath = join7(this.stateDir, STATE_FILE);
   }
   start(files, from, to) {
     const state = {
@@ -1509,9 +2885,9 @@ var IncrementalTracker = class {
     this.saveState(state);
   }
   getState() {
-    if (!existsSync5(this.statePath)) return null;
+    if (!existsSync7(this.statePath)) return null;
     try {
-      return JSON.parse(readFileSync5(this.statePath, "utf-8"));
+      return JSON.parse(readFileSync7(this.statePath, "utf-8"));
     } catch {
       return null;
     }
@@ -1538,21 +2914,21 @@ var IncrementalTracker = class {
     };
   }
   clear() {
-    if (existsSync5(this.statePath)) {
-      writeFileSync(this.statePath, "");
+    if (existsSync7(this.statePath)) {
+      unlinkSync(this.statePath);
     }
   }
   saveState(state) {
-    if (!existsSync5(this.stateDir)) {
-      mkdirSync(this.stateDir, { recursive: true });
+    if (!existsSync7(this.stateDir)) {
+      mkdirSync3(this.stateDir, { recursive: true });
     }
-    writeFileSync(this.statePath, JSON.stringify(state, null, 2));
+    writeFileSync3(this.statePath, JSON.stringify(state, null, 2));
   }
 };
 // src/package-updater.ts
-import { existsSync as existsSync6, readFileSync as readFileSync6, writeFileSync as writeFileSync2 } from "fs";
-import { join as join6 } from "path";
+import { existsSync as existsSync8, readFileSync as readFileSync8, writeFileSync as writeFileSync4 } from "fs";
+import { join as join8 } from "path";
 var TARGET_VERSIONS = {
   "yup->zod": { zod: "^3.24.0" },
   "joi->zod": { zod: "^3.24.0" },
@@ -1573,14 +2949,14 @@ var PackageUpdater = class {
     const add = {};
     const remove = [];
     const warnings = [];
-    const pkgPath = join6(projectPath, "package.json");
-    if (!existsSync6(pkgPath)) {
+    const pkgPath = join8(projectPath, "package.json");
+    if (!existsSync8(pkgPath)) {
       warnings.push("No package.json found. Cannot plan dependency updates.");
       return { add, remove, warnings };
     }
     let pkg;
     try {
-      pkg = JSON.parse(readFileSync6(pkgPath, "utf-8"));
+      pkg = JSON.parse(readFileSync8(pkgPath, "utf-8"));
     } catch {
       warnings.push("Could not parse package.json.");
       return { add, remove, warnings };
@@ -1610,9 +2986,9 @@ var PackageUpdater = class {
     return { add, remove, warnings };
   }
   apply(projectPath, plan) {
-    const pkgPath = join6(projectPath, "package.json");
-    if (!existsSync6(pkgPath)) return;
-    const pkgText = readFileSync6(pkgPath, "utf-8");
+    const pkgPath = join8(projectPath, "package.json");
+    if (!existsSync8(pkgPath)) return;
+    const pkgText = readFileSync8(pkgPath, "utf-8");
     const pkg = JSON.parse(pkgText);
     if (!pkg.dependencies) pkg.dependencies = {};
     for (const [name, version] of Object.entries(plan.add)) {
@@ -1622,11 +2998,133 @@ var PackageUpdater = class {
         pkg.dependencies[name] = version;
       }
     }
-    writeFileSync2(pkgPath, `${JSON.stringify(pkg, null, 2)}
+    writeFileSync4(pkgPath, `${JSON.stringify(pkg, null, 2)}
 `);
   }
 };
+// src/performance-analyzer.ts
+var PerformanceAnalyzer = class {
+  analyze(sourceFiles, from, to) {
+    const warnings = [];
+    let parseCallSites = 0;
+    let dynamicSchemaCount = 0;
+    for (const file of sourceFiles) {
+      const text = file.getFullText();
+      const filePath = file.getFilePath();
+      const parseMatches = text.match(/\.(parse|safeParse)\s*\(/g);
+      if (parseMatches) {
+        parseCallSites += parseMatches.length;
+      }
+      const dynamicResult = this.detectDynamicSchemas(text, filePath);
+      dynamicSchemaCount += dynamicResult.count;
+      warnings.push(...dynamicResult.warnings);
+      this.addMigrationWarnings(text, filePath, from, to, warnings);
+    }
+    const recommendation = this.getRecommendation(from, to, parseCallSites, dynamicSchemaCount);
+    const summary = this.generateSummary(warnings, parseCallSites, dynamicSchemaCount);
+    return {
+      warnings,
+      parseCallSites,
+      dynamicSchemaCount,
+      recommendation,
+      summary
+    };
+  }
+  detectDynamicSchemas(text, filePath) {
+    const warnings = [];
+    let count = 0;
+    const functionBodyPattern = /(?:function\s+\w+\s*\([^)]*\)|const\s+\w+\s*=\s*(?:async\s+)?(?:\([^)]*\)|[a-zA-Z_]\w*)\s*=>)\s*\{[^}]*(?:z\.|yup\.|Joi\.|v\.)\w+\s*\(/g;
+    for (const match of text.matchAll(functionBodyPattern)) {
+      count++;
+      const lineNumber = text.substring(0, match.index).split("\n").length;
+      warnings.push({
+        category: "dynamic-schemas",
+        message: "Schema created inside function body \u2014 may cause performance issues with Zod v4.",
+        detail: "Zod v4 uses JIT compilation, making schema creation ~17x slower than v3. Move schema definitions to module level to avoid re-creation on every call.",
+        filePath,
+        lineNumber,
+        severity: "warning"
+      });
+    }
+    const reactComponentPattern = /(?:function\s+[A-Z]\w*\s*\([^)]*\)|const\s+[A-Z]\w*\s*[:=])[^{]*\{[^}]*(?:z\.|yup\.|Joi\.)\w+\s*\(/g;
+    for (const match of text.matchAll(reactComponentPattern)) {
+      count++;
+      const lineNumber = text.substring(0, match.index).split("\n").length;
+      warnings.push({
+        category: "schema-creation",
+        message: "Schema appears to be created inside a React component.",
+        detail: "Schemas created inside React components are re-created on every render. Move schema definitions outside the component or wrap in useMemo(). This is especially important for Zod v4 due to JIT compilation overhead.",
+        filePath,
+        lineNumber,
+        severity: "warning"
+      });
+    }
+    return { count, warnings };
+  }
+  addMigrationWarnings(text, filePath, from, to, warnings) {
+    const migration = `${from}->${to}`;
+    if (migration === "zod-v3->v4") {
+      if (/edge-runtime|@vercel\/edge|cloudflare.*workers|deno\.serve|Deno\.serve/i.test(text) || /export\s+const\s+runtime\s*=\s*['"]edge['"]/i.test(text)) {
+        warnings.push({
+          category: "cold-start",
+          message: "Edge/serverless environment detected \u2014 Zod v4 JIT compilation increases cold start time.",
+          detail: "Zod v4 JIT trades slower schema creation for faster repeated parsing. In serverless/edge environments with short-lived instances, the JIT cost may not amortize. Consider Valibot or staying on Zod v3 for cold-start-sensitive code.",
+          filePath,
+          severity: "warning"
+        });
+      }
+      const parseCount = (text.match(/\.parse\s*\(/g) || []).length;
+      if (parseCount > 10) {
+        warnings.push({
+          category: "repeated-parsing",
+          message: `High parse() usage (${parseCount} call sites) \u2014 Zod v4 JIT will benefit here.`,
+          detail: "Zod v4 JIT compilation makes repeated parsing ~8x faster. This file has many parse() calls and will see performance improvement.",
+          filePath,
+          severity: "info"
+        });
+      }
+    }
+    if (migration === "zod->valibot" && /\.parse\s*\(/.test(text)) {
+      warnings.push({
+        category: "repeated-parsing",
+        message: "Valibot parsing performance is comparable to Zod v4 for most schemas.",
+        detail: "Valibot v1+ offers similar runtime performance to Zod v4 with significantly smaller bundle size. No JIT overhead means consistent performance across all environments.",
+        filePath,
+        severity: "info"
+      });
+    }
+  }
+  getRecommendation(from, to, parseCallSites, dynamicSchemaCount) {
+    const migration = `${from}->${to}`;
+    if (migration === "zod-v3->v4") {
+      if (dynamicSchemaCount > 5) {
+        return "Many dynamic schemas detected. Zod v4 JIT makes schema creation 17x slower. Move schemas to module level before migrating, or consider Valibot for size-sensitive apps.";
+      }
+      if (parseCallSites > 50) {
+        return "High parse() volume detected. Zod v4 JIT will significantly benefit repeated parsing (up to 8x faster). Migration recommended for performance.";
+      }
+      return "Moderate usage detected. Zod v4 trades slower startup for faster runtime parsing.";
+    }
+    if (migration === "zod->valibot") {
+      return "Valibot offers similar runtime performance with significantly smaller bundle size. Best suited for bundle-size-sensitive applications.";
+    }
+    if (from === "yup" || from === "joi") {
+      return `Migrating from ${from} to ${to} should have neutral or positive performance impact.`;
+    }
+    return "Performance impact depends on usage patterns. Review warnings for details.";
+  }
+  generateSummary(warnings, parseCallSites, dynamicSchemaCount) {
+    const parts = [];
+    parts.push(`${parseCallSites} parse/safeParse call sites`);
+    if (dynamicSchemaCount > 0) {
+      parts.push(`${dynamicSchemaCount} dynamic schema creation sites`);
+    }
+    parts.push(`${warnings.length} performance warning(s)`);
+    return parts.join(", ");
+  }
+};
 // src/plugin-loader.ts
 var PluginLoader = class {
   async loadPlugins(pluginPaths) {
@@ -1672,8 +3170,8 @@ var PluginLoader = class {
 };
 // src/standard-schema.ts
-import { existsSync as existsSync7, readFileSync as readFileSync7 } from "fs";
-import { join as join7 } from "path";
+import { existsSync as existsSync9, readFileSync as readFileSync9 } from "fs";
+import { join as join9 } from "path";
 var STANDARD_SCHEMA_LIBRARIES = {
   zod: { minMajor: 3, minMinor: 23 },
   // Zod v3.23+ and v4+
@@ -1702,16 +3200,16 @@ function isVersionCompatible(version, minMajor, minMinor) {
   return false;
 }
 function detectStandardSchema(projectPath) {
-  const pkgPath = join7(projectPath, "package.json");
-  if (!existsSync7(pkgPath)) {
-    return { detected: false, compatibleLibraries: [], recommendation: "" };
+  const pkgPath = join9(projectPath, "package.json");
+  if (!existsSync9(pkgPath)) {
+    return { detected: false, compatibleLibraries: [], recommendation: "", interopTools: [] };
   }
   let allDeps = {};
   try {
-    const pkg = JSON.parse(readFileSync7(pkgPath, "utf-8"));
+    const pkg = JSON.parse(readFileSync9(pkgPath, "utf-8"));
     allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
   } catch {
-    return { detected: false, compatibleLibraries: [], recommendation: "" };
+    return { detected: false, compatibleLibraries: [], recommendation: "", interopTools: [] };
   }
   const hasExplicitStandardSchema = "@standard-schema/spec" in allDeps;
   const compatibleLibraries = [];
@@ -1730,9 +3228,155 @@ function detectStandardSchema(projectPath) {
   } else if (hasExplicitStandardSchema) {
     recommendation = "Standard Schema spec detected. Ensure your validation library supports Standard Schema for maximum interoperability.";
   }
-  return { detected, compatibleLibraries, recommendation };
+  let adoptionPath;
+  if (detected && !hasExplicitStandardSchema) {
+    adoptionPath = "Install @standard-schema/spec for explicit Standard Schema support. This enables library-agnostic validation consumers to accept your schemas without depending on a specific library. Run: npm install @standard-schema/spec";
+  } else if (!detected) {
+    adoptionPath = "Consider migrating to a Standard Schema-compatible library (Zod v3.23+, Valibot v1+, ArkType v2+) to future-proof your validation layer and reduce library lock-in.";
+  }
+  const interopTools = detected ? [
+    "tRPC v11+ (Standard Schema input validation)",
+    "TanStack Form (schema-agnostic validation)",
+    "TanStack Router (route parameter validation)",
+    "Hono (request validation middleware)",
+    "Conform (progressive form validation)",
+    "Nuxt (runtime config validation)"
+  ] : [];
+  return { detected, compatibleLibraries, recommendation, adoptionPath, interopTools };
 }
+// src/test-scaffolder.ts
+var TestScaffolder = class {
+  scaffold(sourceFiles, from, to) {
+    const tests = [];
+    let totalSchemas = 0;
+    for (const file of sourceFiles) {
+      const schemas = this.extractSchemaNames(file, from);
+      if (schemas.length === 0) continue;
+      totalSchemas += schemas.length;
+      const testCode = this.generateTestFile(file, schemas, from, to);
+      const filePath = file.getFilePath().replace(/\.tsx?$/, ".migration-test.ts");
+      tests.push({ filePath, testCode, schemaCount: schemas.length });
+    }
+    const summary = tests.length > 0 ? `Generated ${tests.length} test file(s) covering ${totalSchemas} schema(s) for ${from}->${to} migration.` : "No schemas found to generate tests for.";
+    return { tests, totalSchemas, summary };
+  }
+  extractSchemaNames(file, library) {
+    const names = [];
+    const prefixes = this.getLibraryPrefixes(library);
+    for (const varDecl of file.getVariableDeclarations()) {
+      const initializer = varDecl.getInitializer();
+      if (!initializer) continue;
+      const text = initializer.getText();
+      if (prefixes.some((p) => text.startsWith(p))) {
+        names.push(varDecl.getName());
+      }
+    }
+    return names;
+  }
+  getLibraryPrefixes(library) {
+    switch (library) {
+      case "zod":
+      case "zod-v3":
+        return ["z.", "zod."];
+      case "yup":
+        return ["yup.", "Yup."];
+      case "joi":
+        return ["Joi.", "joi."];
+      case "io-ts":
+        return ["t."];
+      case "valibot":
+        return ["v.", "valibot."];
+      default:
+        return ["z."];
+    }
+  }
+  generateTestFile(file, schemaNames, from, to) {
+    const relativePath = file.getFilePath();
+    const schemaImports = schemaNames.join(", ");
+    const parseMethod = this.getParseMethod(to);
+    const errorClass = this.getErrorClass(to);
+    const testCases = schemaNames.map((name) => this.generateSchemaTests(name, to, parseMethod, errorClass)).join("\n\n");
+    return `/**
+ * Migration validation tests for ${from} -> ${to}
+ * Auto-generated by SchemaShift
+ *
+ * These tests verify that schema behavior is preserved after migration.
+ * Run before and after migration to ensure equivalence.
+ *
+ * Source: ${relativePath}
+ */
+import { describe, expect, it } from 'vitest';
+import { ${schemaImports} } from '${relativePath.replace(/\.ts$/, ".js")}';
+describe('Migration validation: ${relativePath}', () => {
+${testCases}
+});
+`;
+  }
+  getParseMethod(to) {
+    switch (to) {
+      case "valibot":
+        return "v.safeParse";
+      default:
+        return ".safeParse";
+    }
+  }
+  getErrorClass(to) {
+    switch (to) {
+      case "valibot":
+        return "ValiError";
+      case "zod":
+      case "v4":
+        return "ZodError";
+      default:
+        return "Error";
+    }
+  }
+  generateSchemaTests(schemaName, to, _parseMethod, _errorClass) {
+    if (to === "valibot") {
+      return `  describe('${schemaName}', () => {
+    it('should accept valid data', () => {
+      // TODO(schemashift): Add valid test data for ${schemaName}
+      // const result = v.safeParse(${schemaName}, validData);
+      // expect(result.success).toBe(true);
+    });
+    it('should reject invalid data', () => {
+      // TODO(schemashift): Add invalid test data for ${schemaName}
+      // const result = v.safeParse(${schemaName}, invalidData);
+      // expect(result.success).toBe(false);
+    });
+    it('should preserve error messages', () => {
+      // TODO(schemashift): Verify custom error messages are preserved
+      // const result = v.safeParse(${schemaName}, invalidData);
+      // expect(result.issues?.[0]?.message).toContain('expected message');
+    });
+  });`;
+    }
+    return `  describe('${schemaName}', () => {
+    it('should accept valid data', () => {
+      // TODO(schemashift): Add valid test data for ${schemaName}
+      // const result = ${schemaName}.safeParse(validData);
+      // expect(result.success).toBe(true);
+    });
+    it('should reject invalid data', () => {
+      // TODO(schemashift): Add invalid test data for ${schemaName}
+      // const result = ${schemaName}.safeParse(invalidData);
+      // expect(result.success).toBe(false);
+    });
+    it('should preserve error messages', () => {
+      // TODO(schemashift): Verify custom error messages are preserved
+      // const result = ${schemaName}.safeParse(invalidData);
+      // expect(result.error?.issues[0]?.message).toContain('expected message');
+    });
+  });`;
+  }
+};
 // src/transform.ts
 var TransformEngine = class {
   handlers = /* @__PURE__ */ new Map();
@@ -1747,9 +3391,10 @@ var TransformEngine = class {
   }
   getSupportedPaths() {
     return Array.from(this.handlers.keys()).map((key) => {
-      const [from, to] = key.split("->");
-      return { from, to };
-    });
+      const parts = key.split("->");
+      if (parts.length !== 2) return null;
+      return { from: parts[0], to: parts[1] };
+    }).filter((entry) => entry !== null);
   }
   transform(sourceFile, from, to, options) {
     const handler = this.getHandler(from, to);
@@ -1765,25 +3410,164 @@ var TransformEngine = class {
     return handler.transform(sourceFile, options);
   }
 };
+// src/type-dedup-detector.ts
+import { Node } from "ts-morph";
+var TypeDedupDetector = class {
+  detect(sourceFiles) {
+    const typeDefinitions = this.collectTypeDefinitions(sourceFiles);
+    const schemaDefinitions = this.collectSchemaDefinitions(sourceFiles);
+    const candidates = this.findMatches(typeDefinitions, schemaDefinitions);
+    const summary = candidates.length > 0 ? `Found ${candidates.length} type definition(s) that may duplicate schema shapes. After migration, replace with z.infer<typeof schema>.` : "No duplicate type definitions detected.";
+    return { candidates, summary };
+  }
+  collectTypeDefinitions(sourceFiles) {
+    const types = [];
+    for (const file of sourceFiles) {
+      const filePath = file.getFilePath();
+      for (const iface of file.getInterfaces()) {
+        const fields = iface.getProperties().map((p) => p.getName());
+        if (fields.length > 0) {
+          types.push({
+            name: iface.getName(),
+            fields,
+            filePath,
+            lineNumber: iface.getStartLineNumber()
+          });
+        }
+      }
+      for (const typeAlias of file.getTypeAliases()) {
+        const typeNode = typeAlias.getTypeNode();
+        if (!typeNode) continue;
+        if (Node.isTypeLiteral(typeNode)) {
+          const fields = typeNode.getProperties().map((p) => p.getName());
+          if (fields.length > 0) {
+            types.push({
+              name: typeAlias.getName(),
+              fields,
+              filePath,
+              lineNumber: typeAlias.getStartLineNumber()
+            });
+          }
+        }
+      }
+    }
+    return types;
+  }
+  collectSchemaDefinitions(sourceFiles) {
+    const schemas = [];
+    for (const file of sourceFiles) {
+      const filePath = file.getFilePath();
+      for (const varDecl of file.getVariableDeclarations()) {
+        const initializer = varDecl.getInitializer();
+        if (!initializer) continue;
+        const text = initializer.getText();
+        const isSchema = /(?:z|zod|yup|Yup|Joi|joi|t|v|valibot)\.object\s*\(/.test(text) || /Joi\.object\s*\(/.test(text);
+        if (!isSchema) continue;
+        const fields = this.extractSchemaFields(text);
+        if (fields.length > 0) {
+          schemas.push({
+            name: varDecl.getName(),
+            fields,
+            filePath,
+            lineNumber: varDecl.getStartLineNumber()
+          });
+        }
+      }
+    }
+    return schemas;
+  }
+  extractSchemaFields(text) {
+    const fields = [];
+    const fieldPattern = /\b(\w+)\s*:\s*(?:z|zod|yup|Yup|Joi|joi|t|v|valibot)\./g;
+    for (const match of text.matchAll(fieldPattern)) {
+      if (match[1]) {
+        fields.push(match[1]);
+      }
+    }
+    return fields;
+  }
+  findMatches(types, schemas) {
+    const candidates = [];
+    for (const typeDef of types) {
+      for (const schemaDef of schemas) {
+        const matchedFields = this.getMatchedFields(typeDef.fields, schemaDef.fields);
+        if (matchedFields.length < 2) continue;
+        const typeFieldCount = typeDef.fields.length;
+        const schemaFieldCount = schemaDef.fields.length;
+        const matchRatio = matchedFields.length / Math.max(typeFieldCount, schemaFieldCount);
+        let confidence;
+        if (matchRatio >= 0.8) {
+          confidence = "high";
+        } else if (matchRatio >= 0.5) {
+          confidence = "medium";
+        } else {
+          confidence = "low";
+        }
+        if (confidence === "low" && !this.namesRelated(typeDef.name, schemaDef.name)) {
+          continue;
+        }
+        candidates.push({
+          typeName: typeDef.name,
+          typeFilePath: typeDef.filePath,
+          typeLineNumber: typeDef.lineNumber,
+          schemaName: schemaDef.name,
+          schemaFilePath: schemaDef.filePath,
+          schemaLineNumber: schemaDef.lineNumber,
+          matchedFields,
+          confidence,
+          suggestion: `Replace "type/interface ${typeDef.name}" with "type ${typeDef.name} = z.infer<typeof ${schemaDef.name}>" (${matchedFields.length}/${typeFieldCount} fields match).`
+        });
+      }
+    }
+    candidates.sort((a, b) => {
+      const confidenceOrder = { high: 0, medium: 1, low: 2 };
+      const diff = confidenceOrder[a.confidence] - confidenceOrder[b.confidence];
+      if (diff !== 0) return diff;
+      return b.matchedFields.length - a.matchedFields.length;
+    });
+    return candidates;
+  }
+  getMatchedFields(typeFields, schemaFields) {
+    const schemaSet = new Set(schemaFields);
+    return typeFields.filter((f) => schemaSet.has(f));
+  }
+  namesRelated(typeName, schemaName) {
+    const normalize = (name) => name.toLowerCase().replace(/schema|type|interface|i$/gi, "");
+    return normalize(typeName) === normalize(schemaName);
+  }
+};
 export {
+  BehavioralWarningAnalyzer,
+  BundleEstimator,
   CompatibilityAnalyzer,
   ComplexityEstimator,
   DetailedAnalyzer,
+  DriftDetector,
   EcosystemAnalyzer,
   FormResolverMigrator,
+  GOVERNANCE_TEMPLATES,
   GovernanceEngine,
   IncrementalTracker,
+  MigrationAuditLog,
   MigrationChain,
   MonorepoResolver,
   PackageUpdater,
+  PerformanceAnalyzer,
   PluginLoader,
   SchemaAnalyzer,
   SchemaDependencyResolver,
+  TestScaffolder,
   TransformEngine,
+  TypeDedupDetector,
   buildCallChain,
+  computeParallelBatches,
   detectFormLibraries,
   detectSchemaLibrary,
   detectStandardSchema,
+  getGovernanceTemplate,
+  getGovernanceTemplateNames,
+  getGovernanceTemplatesByCategory,
   isInsideComment,
   isInsideStringLiteral,
   loadConfig,