@schemashift/core 0.9.0 → 0.10.0

package/dist/index.cjs

@@ -25,8 +25,10 @@ __export(index_exports, {
   CompatibilityAnalyzer: () => CompatibilityAnalyzer,
   ComplexityEstimator: () => ComplexityEstimator,
   DetailedAnalyzer: () => DetailedAnalyzer,
+  DriftDetector: () => DriftDetector,
   EcosystemAnalyzer: () => EcosystemAnalyzer,
   FormResolverMigrator: () => FormResolverMigrator,
+  GOVERNANCE_TEMPLATES: () => GOVERNANCE_TEMPLATES,
   GovernanceEngine: () => GovernanceEngine,
   IncrementalTracker: () => IncrementalTracker,
   MigrationAuditLog: () => MigrationAuditLog,
@@ -45,6 +47,9 @@ __export(index_exports, {
   detectFormLibraries: () => detectFormLibraries,
   detectSchemaLibrary: () => detectSchemaLibrary,
   detectStandardSchema: () => detectStandardSchema,
+  getGovernanceTemplate: () => getGovernanceTemplate,
+  getGovernanceTemplateNames: () => getGovernanceTemplateNames,
+  getGovernanceTemplatesByCategory: () => getGovernanceTemplatesByCategory,
   isInsideComment: () => isInsideComment,
   isInsideStringLiteral: () => isInsideStringLiteral,
   loadConfig: () => loadConfig,
@@ -68,6 +73,9 @@ var LIBRARY_PATTERNS = {
   joi: [/^joi$/, /^@hapi\/joi$/],
   "io-ts": [/^io-ts$/, /^io-ts\//],
   valibot: [/^valibot$/],
+  arktype: [/^arktype$/],
+  superstruct: [/^superstruct$/],
+  effect: [/^@effect\/schema$/],
   v4: [],
   // Target version, not detectable from imports
   unknown: []
@@ -362,7 +370,8 @@ var MigrationAuditLog = class {
       errorCount: params.errorCount,
       riskScore: params.riskScore,
       duration: params.duration,
-      user: this.getCurrentUser()
+      user: this.getCurrentUser(),
+      metadata: params.metadata || this.collectMetadata()
     };
   }
   /**
@@ -404,12 +413,67 @@ var MigrationAuditLog = class {
       migrationPaths
     };
   }
+  /**
+   * Export audit log as JSON string.
+   */
+  exportJson() {
+    const log = this.read();
+    return JSON.stringify(log, null, 2);
+  }
+  /**
+   * Export audit log as CSV string.
+   */
+  exportCsv() {
+    const log = this.read();
+    const headers = [
+      "timestamp",
+      "migrationId",
+      "filePath",
+      "action",
+      "from",
+      "to",
+      "success",
+      "warningCount",
+      "errorCount",
+      "riskScore",
+      "user",
+      "duration"
+    ];
+    const rows = log.entries.map(
+      (e) => headers.map((h) => {
+        const val = e[h];
+        if (val === void 0 || val === null) return "";
+        return String(val).includes(",") ? `"${String(val)}"` : String(val);
+      }).join(",")
+    );
+    return [headers.join(","), ...rows].join("\n");
+  }
+  /**
+   * Get entries filtered by date range.
+   */
+  getByDateRange(start, end) {
+    const log = this.read();
+    return log.entries.filter((e) => {
+      const ts = new Date(e.timestamp);
+      return ts >= start && ts <= end;
+    });
+  }
   /**
    * Clear the audit log.
    */
   clear() {
     this.write({ version: AUDIT_VERSION, entries: [] });
   }
+  collectMetadata() {
+    return {
+      hostname: process.env.HOSTNAME || void 0,
+      nodeVersion: process.version,
+      ciJobId: process.env.CI_JOB_ID || process.env.GITHUB_RUN_ID || void 0,
+      ciProvider: process.env.GITHUB_ACTIONS ? "github" : process.env.GITLAB_CI ? "gitlab" : process.env.CIRCLECI ? "circleci" : process.env.JENKINS_URL ? "jenkins" : void 0,
+      gitBranch: process.env.GITHUB_REF_NAME || process.env.CI_COMMIT_BRANCH || void 0,
+      gitCommit: process.env.GITHUB_SHA || process.env.CI_COMMIT_SHA || void 0
+    };
+  }
   write(log) {
     if (!(0, import_node_fs.existsSync)(this.logDir)) {
       (0, import_node_fs.mkdirSync)(this.logDir, { recursive: true });
@@ -1028,6 +1092,125 @@ var ECOSYSTEM_RULES = [
       severity: "error"
     })
   },
+  // Zod-based HTTP/API clients
+  {
+    package: "zodios",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "Zodios uses Zod schemas for API contract definitions. Zod v4 type changes may break contracts.",
+      suggestion: "Upgrade Zodios to a Zod v4-compatible version and verify all API contracts.",
+      severity: "warning",
+      upgradeCommand: "npm install @zodios/core@latest"
+    })
+  },
+  {
+    package: "@zodios/core",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "@zodios/core uses Zod schemas for API contract definitions. Zod v4 type changes may break contracts.",
+      suggestion: "Upgrade @zodios/core to a Zod v4-compatible version and verify all API contracts.",
+      severity: "warning",
+      upgradeCommand: "npm install @zodios/core@latest"
+    })
+  },
+  {
+    package: "@ts-rest/core",
+    category: "api",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "@ts-rest/core uses Zod for contract definitions. Zod v4 type incompatibilities may break runtime validation.",
+      suggestion: "Upgrade @ts-rest/core to a version with Zod v4 support.",
+      severity: "warning",
+      upgradeCommand: "npm install @ts-rest/core@latest"
+    })
+  },
+  {
+    package: "trpc-openapi",
+    category: "openapi",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "trpc-openapi needs a v4-compatible version for Zod v4.",
+      suggestion: "Check for a Zod v4-compatible version of trpc-openapi before upgrading.",
+      severity: "warning",
+      upgradeCommand: "npm install trpc-openapi@latest"
+    })
+  },
+  // Form data and URL state libraries
+  {
+    package: "zod-form-data",
+    category: "form",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "zod-form-data relies on Zod v3 internals (_def) which moved to _zod.def in v4.",
+      suggestion: "Upgrade zod-form-data to a Zod v4-compatible version.",
+      severity: "error",
+      upgradeCommand: "npm install zod-form-data@latest"
+    })
+  },
+  {
+    package: "@conform-to/zod",
+    category: "form",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "@conform-to/zod may have Zod v4 compatibility issues.",
+      suggestion: "Upgrade @conform-to/zod to the latest version with Zod v4 support.",
+      severity: "warning",
+      upgradeCommand: "npm install @conform-to/zod@latest"
+    })
+  },
+  {
+    package: "nuqs",
+    category: "validation-util",
+    migrations: ["zod-v3->v4"],
+    check: () => ({
+      issue: "nuqs uses Zod for URL state parsing. Zod v4 changes may affect URL parameter validation.",
+      suggestion: "Upgrade nuqs to a version with Zod v4 support.",
+      severity: "warning",
+      upgradeCommand: "npm install nuqs@latest"
+    })
+  },
+  // Schema library detection for cross-library migrations
+  {
+    package: "@effect/schema",
+    category: "validation-util",
+    migrations: ["io-ts->zod"],
+    check: () => ({
+      issue: "@effect/schema detected \u2014 this is the successor to io-ts/fp-ts. Consider migrating to Effect Schema instead of Zod if you prefer FP patterns.",
+      suggestion: "If using fp-ts patterns heavily, consider Effect Schema as the migration target instead of Zod.",
+      severity: "info"
+    })
+  },
+  {
+    package: "arktype",
+    category: "validation-util",
+    migrations: ["zod->valibot", "zod-v3->v4"],
+    check: (_version, migration) => {
+      if (migration === "zod->valibot") {
+        return {
+          issue: "ArkType detected alongside Zod. Consider ArkType as a migration target \u2014 it offers 100x faster validation and Standard Schema support.",
+          suggestion: "Consider migrating to ArkType for performance-critical paths, or keep Zod for ecosystem compatibility.",
+          severity: "info"
+        };
+      }
+      return {
+        issue: "ArkType detected alongside Zod. ArkType supports Standard Schema, making it interoperable with Zod v4.",
+        suggestion: "No action needed \u2014 ArkType and Zod v4 can coexist via Standard Schema.",
+        severity: "info"
+      };
+    }
+  },
+  {
+    package: "superstruct",
+    category: "validation-util",
+    migrations: ["yup->zod", "joi->zod"],
+    check: () => ({
+      issue: "Superstruct detected in the project. Consider migrating Superstruct schemas to Zod as well for a unified validation approach.",
+      suggestion: "Use SchemaShift to migrate Superstruct schemas alongside Yup/Joi schemas.",
+      severity: "info"
+    })
+  },
   // Additional validation utilities
   {
     package: "zod-to-json-schema",
@@ -1952,6 +2135,165 @@ var DetailedAnalyzer = class {
   }
 };
 
+// src/drift-detector.ts
+var import_node_crypto2 = require("crypto");
+var import_node_fs6 = require("fs");
+var import_node_path6 = require("path");
+var SNAPSHOT_DIR = ".schemashift";
+var SNAPSHOT_FILE = "schema-snapshot.json";
+var SNAPSHOT_VERSION = 1;
+var DriftDetector = class {
+  snapshotDir;
+  snapshotPath;
+  constructor(projectPath) {
+    this.snapshotDir = (0, import_node_path6.join)(projectPath, SNAPSHOT_DIR);
+    this.snapshotPath = (0, import_node_path6.join)(this.snapshotDir, SNAPSHOT_FILE);
+  }
+  /**
+   * Take a snapshot of the current schema state
+   */
+  snapshot(files, projectPath) {
+    const schemas = [];
+    for (const filePath of files) {
+      if (!(0, import_node_fs6.existsSync)(filePath)) continue;
+      const content = (0, import_node_fs6.readFileSync)(filePath, "utf-8");
+      const library = this.detectLibraryFromContent(content);
+      if (library === "unknown") continue;
+      const schemaNames = this.extractSchemaNames(content);
+      schemas.push({
+        filePath: (0, import_node_path6.relative)(projectPath, filePath),
+        library,
+        contentHash: this.hashContent(content),
+        schemaCount: schemaNames.length,
+        schemaNames
+      });
+    }
+    const snapshot = {
+      version: SNAPSHOT_VERSION,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      projectPath,
+      schemas
+    };
+    return snapshot;
+  }
+  /**
+   * Save a snapshot to disk
+   */
+  saveSnapshot(snapshot) {
+    if (!(0, import_node_fs6.existsSync)(this.snapshotDir)) {
+      (0, import_node_fs6.mkdirSync)(this.snapshotDir, { recursive: true });
+    }
+    (0, import_node_fs6.writeFileSync)(this.snapshotPath, JSON.stringify(snapshot, null, 2));
+  }
+  /**
+   * Load saved snapshot from disk
+   */
+  loadSnapshot() {
+    if (!(0, import_node_fs6.existsSync)(this.snapshotPath)) {
+      return null;
+    }
+    try {
+      const content = (0, import_node_fs6.readFileSync)(this.snapshotPath, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Compare current state against saved snapshot
+   */
+  detect(currentFiles, projectPath) {
+    const saved = this.loadSnapshot();
+    if (!saved) {
+      return {
+        hasDrift: false,
+        added: [],
+        removed: [],
+        modified: [],
+        unchanged: 0,
+        totalFiles: 0,
+        snapshotTimestamp: ""
+      };
+    }
+    const current = this.snapshot(currentFiles, projectPath);
+    return this.compareSnapshots(saved, current);
+  }
+  /**
+   * Compare two snapshots and return drift results
+   */
+  compareSnapshots(baseline, current) {
+    const baselineMap = new Map(baseline.schemas.map((s) => [s.filePath, s]));
+    const currentMap = new Map(current.schemas.map((s) => [s.filePath, s]));
+    const added = [];
+    const removed = [];
+    const modified = [];
+    let unchanged = 0;
+    for (const [path, currentFile] of currentMap) {
+      const baselineFile = baselineMap.get(path);
+      if (!baselineFile) {
+        added.push(currentFile);
+      } else if (currentFile.contentHash !== baselineFile.contentHash) {
+        const addedSchemas = currentFile.schemaNames.filter(
+          (n) => !baselineFile.schemaNames.includes(n)
+        );
+        const removedSchemas = baselineFile.schemaNames.filter(
+          (n) => !currentFile.schemaNames.includes(n)
+        );
+        modified.push({
+          filePath: path,
+          library: currentFile.library,
+          previousHash: baselineFile.contentHash,
+          currentHash: currentFile.contentHash,
+          previousSchemaCount: baselineFile.schemaCount,
+          currentSchemaCount: currentFile.schemaCount,
+          addedSchemas,
+          removedSchemas
+        });
+      } else {
+        unchanged++;
+      }
+    }
+    for (const [path, baselineFile] of baselineMap) {
+      if (!currentMap.has(path)) {
+        removed.push(baselineFile);
+      }
+    }
+    return {
+      hasDrift: added.length > 0 || removed.length > 0 || modified.length > 0,
+      added,
+      removed,
+      modified,
+      unchanged,
+      totalFiles: currentMap.size,
+      snapshotTimestamp: baseline.timestamp
+    };
+  }
+  extractSchemaNames(content) {
+    const names = [];
+    const pattern = /(?:const|let|var)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|t\.|v\.|type\(|object\(|string\(|S\.)/g;
+    for (const match of content.matchAll(pattern)) {
+      if (match[1]) names.push(match[1]);
+    }
+    return names;
+  }
+  detectLibraryFromContent(content) {
+    if (/from\s*['"]zod['"]/.test(content) || /\bz\./.test(content)) return "zod";
+    if (/from\s*['"]yup['"]/.test(content) || /\byup\./.test(content)) return "yup";
+    if (/from\s*['"]joi['"]/.test(content) || /\bJoi\./.test(content)) return "joi";
+    if (/from\s*['"]io-ts['"]/.test(content) || /\bt\./.test(content) && /from\s*['"]io-ts/.test(content))
+      return "io-ts";
+    if (/from\s*['"]valibot['"]/.test(content) || /\bv\./.test(content) && /from\s*['"]valibot/.test(content))
+      return "valibot";
+    if (/from\s*['"]arktype['"]/.test(content)) return "arktype";
+    if (/from\s*['"]superstruct['"]/.test(content)) return "superstruct";
+    if (/from\s*['"]@effect\/schema['"]/.test(content)) return "effect";
+    return "unknown";
+  }
+  hashContent(content) {
+    return (0, import_node_crypto2.createHash)("sha256").update(content).digest("hex").substring(0, 16);
+  }
+};
+
 // src/form-resolver-migrator.ts
 var RESOLVER_MAPPINGS = {
   "yup->zod": [
@@ -2313,17 +2655,265 @@ var GovernanceEngine = class {
   }
 };
 
+// src/governance-templates.ts
+var GOVERNANCE_TEMPLATES = [
+  {
+    name: "no-any-schemas",
+    description: "Disallow z.any(), yup.mixed() without constraints, and similar unrestricted types",
+    category: "security",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      const anyPatterns = [
+        /\bz\.any\(\)/,
+        /\byup\.mixed\(\)/,
+        /\bt\.any\b/,
+        /\bv\.any\(\)/,
+        /\bunknown\(\)/
+      ];
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        for (const pattern of anyPatterns) {
+          if (pattern.test(line)) {
+            violations.push({
+              rule: "no-any-schemas",
+              message: "Unrestricted type (any/mixed/unknown) found. Use a specific type with constraints.",
+              filePath,
+              lineNumber: i + 1,
+              schemaName: "",
+              severity: "error",
+              fixable: false
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "require-descriptions",
+    description: "All exported schemas must have .describe() for documentation",
+    category: "quality",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (/export\s+(const|let)\s+\w+.*=\s*(z\.|yup\.)/.test(line)) {
+          let fullStatement = line;
+          let j = i + 1;
+          while (j < lines.length && !lines[j]?.includes(";") && j < i + 10) {
+            fullStatement += lines[j] ?? "";
+            j++;
+          }
+          if (j < lines.length) fullStatement += lines[j] ?? "";
+          if (!fullStatement.includes(".describe(")) {
+            const nameMatch = line.match(/(?:const|let)\s+(\w+)/);
+            violations.push({
+              rule: "require-descriptions",
+              message: `Exported schema ${nameMatch?.[1] || "unknown"} should include .describe() for documentation.`,
+              filePath,
+              lineNumber: i + 1,
+              schemaName: nameMatch?.[1] || "",
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "max-nesting-depth",
+    description: "Limit schema nesting depth to prevent TypeScript performance issues",
+    category: "performance",
+    rule: (sourceFile, config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const maxDepth = config.threshold || 5;
+      const lines = text.split("\n");
+      let currentDepth = 0;
+      let maxFoundDepth = 0;
+      let deepestLine = 0;
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        for (const char of line) {
+          if (char === "(" || char === "{" || char === "[") {
+            currentDepth++;
+            if (currentDepth > maxFoundDepth) {
+              maxFoundDepth = currentDepth;
+              deepestLine = i + 1;
+            }
+          }
+          if (char === ")" || char === "}" || char === "]") {
+            currentDepth = Math.max(0, currentDepth - 1);
+          }
+        }
+      }
+      if (maxFoundDepth > maxDepth) {
+        violations.push({
+          rule: "max-nesting-depth",
+          message: `Schema nesting depth ${maxFoundDepth} exceeds maximum of ${maxDepth}. Consider breaking into smaller schemas.`,
+          filePath,
+          lineNumber: deepestLine,
+          schemaName: "",
+          severity: "warning",
+          fixable: false
+        });
+      }
+      return violations;
+    }
+  },
+  {
+    name: "no-deprecated-methods",
+    description: "Flag usage of deprecated schema methods",
+    category: "quality",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      const deprecatedPatterns = [
+        {
+          pattern: /\.deepPartial\(\)/,
+          message: ".deepPartial() is removed in Zod v4. Use recursive .partial() instead."
+        },
+        {
+          pattern: /\.strip\(\)/,
+          message: ".strip() is deprecated. Use z.strictObject() or explicit stripping."
+        },
+        {
+          pattern: /z\.promise\(/,
+          message: "z.promise() is deprecated in Zod v4. Use native Promise types."
+        },
+        {
+          pattern: /z\.ostring\(\)/,
+          message: "z.ostring() is removed in Zod v4. Use z.string().optional()."
+        },
+        {
+          pattern: /z\.onumber\(\)/,
+          message: "z.onumber() is removed in Zod v4. Use z.number().optional()."
+        },
+        {
+          pattern: /z\.oboolean\(\)/,
+          message: "z.oboolean() is removed in Zod v4. Use z.boolean().optional()."
+        },
+        {
+          pattern: /z\.preprocess\(/,
+          message: "z.preprocess() is removed in Zod v4. Use z.coerce.* instead."
+        }
+      ];
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        for (const { pattern, message } of deprecatedPatterns) {
+          if (pattern.test(line)) {
+            violations.push({
+              rule: "no-deprecated-methods",
+              message,
+              filePath,
+              lineNumber: i + 1,
+              schemaName: "",
+              severity: "warning",
+              fixable: false
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "naming-convention",
+    description: "Enforce schema naming pattern (e.g., must end with Schema)",
+    category: "quality",
+    rule: (sourceFile, config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      const pattern = new RegExp(config.pattern || ".*Schema$");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        const match = line.match(
+          /(?:const|let)\s+(\w+)\s*=\s*(?:z\.|yup\.|Joi\.|t\.|v\.|type\(|object\(|string\()/
+        );
+        if (match?.[1] && !pattern.test(match[1])) {
+          violations.push({
+            rule: "naming-convention",
+            message: `Schema "${match[1]}" does not match naming pattern ${pattern.source}.`,
+            filePath,
+            lineNumber: i + 1,
+            schemaName: match[1],
+            severity: "warning",
+            fixable: false
+          });
+        }
+      }
+      return violations;
+    }
+  },
+  {
+    name: "require-max-length",
+    description: "String schemas must have .max() to prevent DoS via unbounded input",
+    category: "security",
+    rule: (sourceFile, _config) => {
+      const violations = [];
+      const text = sourceFile.getFullText();
+      const filePath = sourceFile.getFilePath();
+      const lines = text.split("\n");
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i] ?? "";
+        if (/z\.string\(\)/.test(line) && !line.includes(".max(") && !line.includes(".length(")) {
+          let fullChain = line;
+          let j = i + 1;
+          while (j < lines.length && j < i + 5 && /^\s*\./.test(lines[j] ?? "")) {
+            fullChain += lines[j] ?? "";
+            j++;
+          }
+          if (!fullChain.includes(".max(") && !fullChain.includes(".length(")) {
+            violations.push({
+              rule: "require-max-length",
+              message: "String schema should have .max() to prevent unbounded input (DoS protection).",
+              filePath,
+              lineNumber: i + 1,
+              schemaName: "",
+              severity: "warning",
+              fixable: true
+            });
+          }
+        }
+      }
+      return violations;
+    }
+  }
+];
+function getGovernanceTemplate(name) {
+  return GOVERNANCE_TEMPLATES.find((t) => t.name === name);
+}
+function getGovernanceTemplatesByCategory(category) {
+  return GOVERNANCE_TEMPLATES.filter((t) => t.category === category);
+}
+function getGovernanceTemplateNames() {
+  return GOVERNANCE_TEMPLATES.map((t) => t.name);
+}
+
 // src/incremental.ts
-var import_node_fs6 = require("fs");
-var import_node_path6 = require("path");
+var import_node_fs7 = require("fs");
+var import_node_path7 = require("path");
 var STATE_DIR = ".schemashift";
 var STATE_FILE = "incremental.json";
 var IncrementalTracker = class {
   stateDir;
   statePath;
   constructor(projectPath) {
-    this.stateDir = (0, import_node_path6.join)(projectPath, STATE_DIR);
-    this.statePath = (0, import_node_path6.join)(this.stateDir, STATE_FILE);
+    this.stateDir = (0, import_node_path7.join)(projectPath, STATE_DIR);
+    this.statePath = (0, import_node_path7.join)(this.stateDir, STATE_FILE);
   }
   start(files, from, to) {
     const state = {
@@ -2358,9 +2948,9 @@ var IncrementalTracker = class {
     this.saveState(state);
   }
   getState() {
-    if (!(0, import_node_fs6.existsSync)(this.statePath)) return null;
+    if (!(0, import_node_fs7.existsSync)(this.statePath)) return null;
     try {
-      return JSON.parse((0, import_node_fs6.readFileSync)(this.statePath, "utf-8"));
+      return JSON.parse((0, import_node_fs7.readFileSync)(this.statePath, "utf-8"));
     } catch {
       return null;
     }
@@ -2387,21 +2977,21 @@ var IncrementalTracker = class {
     };
   }
   clear() {
-    if ((0, import_node_fs6.existsSync)(this.statePath)) {
-      (0, import_node_fs6.unlinkSync)(this.statePath);
+    if ((0, import_node_fs7.existsSync)(this.statePath)) {
+      (0, import_node_fs7.unlinkSync)(this.statePath);
     }
   }
   saveState(state) {
-    if (!(0, import_node_fs6.existsSync)(this.stateDir)) {
-      (0, import_node_fs6.mkdirSync)(this.stateDir, { recursive: true });
+    if (!(0, import_node_fs7.existsSync)(this.stateDir)) {
+      (0, import_node_fs7.mkdirSync)(this.stateDir, { recursive: true });
     }
-    (0, import_node_fs6.writeFileSync)(this.statePath, JSON.stringify(state, null, 2));
+    (0, import_node_fs7.writeFileSync)(this.statePath, JSON.stringify(state, null, 2));
   }
 };
 
 // src/package-updater.ts
-var import_node_fs7 = require("fs");
-var import_node_path7 = require("path");
+var import_node_fs8 = require("fs");
+var import_node_path8 = require("path");
 var TARGET_VERSIONS = {
   "yup->zod": { zod: "^3.24.0" },
   "joi->zod": { zod: "^3.24.0" },
@@ -2422,14 +3012,14 @@ var PackageUpdater = class {
     const add = {};
     const remove = [];
     const warnings = [];
-    const pkgPath = (0, import_node_path7.join)(projectPath, "package.json");
-    if (!(0, import_node_fs7.existsSync)(pkgPath)) {
+    const pkgPath = (0, import_node_path8.join)(projectPath, "package.json");
+    if (!(0, import_node_fs8.existsSync)(pkgPath)) {
       warnings.push("No package.json found. Cannot plan dependency updates.");
       return { add, remove, warnings };
     }
     let pkg;
     try {
-      pkg = JSON.parse((0, import_node_fs7.readFileSync)(pkgPath, "utf-8"));
+      pkg = JSON.parse((0, import_node_fs8.readFileSync)(pkgPath, "utf-8"));
     } catch {
       warnings.push("Could not parse package.json.");
       return { add, remove, warnings };
@@ -2459,9 +3049,9 @@ var PackageUpdater = class {
     return { add, remove, warnings };
   }
   apply(projectPath, plan) {
-    const pkgPath = (0, import_node_path7.join)(projectPath, "package.json");
-    if (!(0, import_node_fs7.existsSync)(pkgPath)) return;
-    const pkgText = (0, import_node_fs7.readFileSync)(pkgPath, "utf-8");
+    const pkgPath = (0, import_node_path8.join)(projectPath, "package.json");
+    if (!(0, import_node_fs8.existsSync)(pkgPath)) return;
+    const pkgText = (0, import_node_fs8.readFileSync)(pkgPath, "utf-8");
     const pkg = JSON.parse(pkgText);
     if (!pkg.dependencies) pkg.dependencies = {};
     for (const [name, version] of Object.entries(plan.add)) {
@@ -2471,7 +3061,7 @@ var PackageUpdater = class {
         pkg.dependencies[name] = version;
       }
     }
-    (0, import_node_fs7.writeFileSync)(pkgPath, `${JSON.stringify(pkg, null, 2)}
+    (0, import_node_fs8.writeFileSync)(pkgPath, `${JSON.stringify(pkg, null, 2)}
 `);
   }
 };
@@ -2643,8 +3233,8 @@ var PluginLoader = class {
 };
 
 // src/standard-schema.ts
-var import_node_fs8 = require("fs");
-var import_node_path8 = require("path");
+var import_node_fs9 = require("fs");
+var import_node_path9 = require("path");
 var STANDARD_SCHEMA_LIBRARIES = {
   zod: { minMajor: 3, minMinor: 23 },
   // Zod v3.23+ and v4+
@@ -2673,13 +3263,13 @@ function isVersionCompatible(version, minMajor, minMinor) {
   return false;
 }
 function detectStandardSchema(projectPath) {
-  const pkgPath = (0, import_node_path8.join)(projectPath, "package.json");
-  if (!(0, import_node_fs8.existsSync)(pkgPath)) {
+  const pkgPath = (0, import_node_path9.join)(projectPath, "package.json");
+  if (!(0, import_node_fs9.existsSync)(pkgPath)) {
     return { detected: false, compatibleLibraries: [], recommendation: "", interopTools: [] };
   }
   let allDeps = {};
   try {
-    const pkg = JSON.parse((0, import_node_fs8.readFileSync)(pkgPath, "utf-8"));
+    const pkg = JSON.parse((0, import_node_fs9.readFileSync)(pkgPath, "utf-8"));
     allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
   } catch {
     return { detected: false, compatibleLibraries: [], recommendation: "", interopTools: [] };
@@ -3017,8 +3607,10 @@ var TypeDedupDetector = class {
   CompatibilityAnalyzer,
   ComplexityEstimator,
   DetailedAnalyzer,
+  DriftDetector,
   EcosystemAnalyzer,
   FormResolverMigrator,
+  GOVERNANCE_TEMPLATES,
   GovernanceEngine,
   IncrementalTracker,
   MigrationAuditLog,
@@ -3037,6 +3629,9 @@ var TypeDedupDetector = class {
   detectFormLibraries,
   detectSchemaLibrary,
   detectStandardSchema,
+  getGovernanceTemplate,
+  getGovernanceTemplateNames,
+  getGovernanceTemplatesByCategory,
   isInsideComment,
   isInsideStringLiteral,
   loadConfig,