@tracegraph/shared-types 0.1.0

package/LICENSE

@@ -0,0 +1,181 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other derivative
+      works represent, as a whole, an original work of authorship. For the
+      purposes of this License, Derivative Works shall not include works
+      that remain separable from, or merely link (or bind by name) to the
+      interfaces of, the Work and Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the
+      purposes of this definition, "submitted" means any form of electronic,
+      verbal, or written communication sent to the Licensor or its
+      representatives, including but not limited to communication on
+      electronic mailing lists, source code control systems, and issue
+      tracking systems that are managed by, or on behalf of, the Licensor
+      for the purpose of discussing and improving the Work, but excluding
+      communication that is conspicuously marked or designated in writing
+      by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and included
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by the combined work to with their
+      Contribution(s) was submitted. If You institute patent litigation
+      against any entity (including a cross-claim or counterclaim in a
+      lawsuit) alleging that the Work or any Contribution embodied within
+      the Work constitutes direct or contributory patent infringement,
+      then any patent licenses granted to You under this License for that
+      Work shall terminate as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or as an addendum to
+          the NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Derivative Works, and to permit persons to whom the Derivative
+      Works is furnished to do so.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any conditions of TITLE,
+      NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR
+      PURPOSE. You are solely responsible for determining the
+      appropriateness of using or reproducing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may offer
+      only conditions consistent with this License, in a way that does
+      not create a new obligation for any Contributor to provide such
+      acceptance.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 TraceGraph Contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/dist/index.d.mts

@@ -0,0 +1,529 @@
+declare const SCHEMA_VERSIONS: {
+    readonly trace: "tracegraph.trace.v1";
+    readonly event: "tracegraph.event.v1";
+    readonly baseline: "tracegraph.baseline.v1";
+    readonly bundle: "tracegraph.bundle.v1";
+    readonly report: "tracegraph.report.v1";
+    readonly diff: "tracegraph.diff.v1";
+    readonly suppression: "tracegraph.suppressions.v1";
+    readonly findingApproval: "tracegraph.finding-approvals.v1";
+    readonly scenario: "tracegraph.scenario.v1";
+    readonly index: "tracegraph.index.v1";
+    readonly coverage: "tracegraph.coverage.v1";
+};
+type SchemaVersions = typeof SCHEMA_VERSIONS;
+type TraceEntrypoint = {
+    type: 'http_request';
+    method: string;
+    path: string;
+    handler?: string;
+} | {
+    type: 'test_case';
+    testName: string;
+    testFile?: string;
+} | {
+    type: 'function';
+    functionName: string;
+    file?: string;
+    line?: number;
+} | {
+    type: 'cli_command';
+    command: string;
+};
+/**
+ * Levels:
+ *  0 = runner metadata only (zero config)
+ *  1 = framework adapters (Express middleware, Laravel hooks)
+ *  2 = manual traceFunction wrappers
+ *  3 = CJS require hook auto-instrumentation
+ *  4 = ESM --import hook (limited — cannot replace live bindings)
+ *  5 = build-time transform (Vitest reporter, Babel/SWC plugin)
+ */
+type CaptureLevelValue = 0 | 1 | 2 | 3 | 4 | 5;
+type AdapterCaptureInfo = {
+    level: number;
+    mode: string;
+    captured: string[];
+    notCaptured: string[];
+    recommendation?: string;
+};
+type CaptureLevel = {
+    overall: CaptureLevelValue;
+    label: string;
+    adapters: Record<string, AdapterCaptureInfo>;
+};
+type TraceEventType = 'trace_start' | 'trace_end' | 'http_request' | 'http_response' | 'function_call' | 'method_call' | 'db_query' | 'external_http_call' | 'file_operation' | 'cache_operation' | 'queue_event' | 'log' | 'error' | 'branch' | 'return' | 'auth_check' | 'authorization_check' | 'rate_limit_check' | 'lock_acquire' | 'lock_release' | 'transaction_start' | 'transaction_commit' | 'transaction_rollback'
+/** One per test file; parent = trace_start. */
+ | 'test_file'
+/** One per describe() block; parent = test_file or enclosing test_suite. */
+ | 'test_suite'
+/** One per it()/test() call; parent = nearest test_suite or test_file. */
+ | 'test_run';
+type ConcurrencyType = 'sequential' | 'parallel' | 'promise_all' | 'race' | 'background';
+type LanguageId = 'typescript' | 'javascript' | 'php';
+type FrameworkId = 'express' | 'nestjs' | 'nextjs' | 'fastify' | 'laravel' | 'symfony' | 'vitest' | 'jest' | 'xdebug' | 'plain';
+/** Cross-trace event reference for causal links (e.g. HTTP request → dispatched job). */
+type EventRef = {
+    traceId: string;
+    eventId: string;
+};
+type TraceError = {
+    type: string;
+    message: string;
+    stack?: string;
+};
+type TraceResource = {
+    type: string;
+    key: string;
+    operation: string;
+};
+type SanitizedValue = Record<string, unknown> | unknown[] | string | number | null;
+type SecurityMetadata = Record<string, unknown>;
+type ReliabilityMetadata = Record<string, unknown>;
+type TraceEvent = {
+    schemaVersion: 'tracegraph.event.v1';
+    eventId: string;
+    traceId: string;
+    /** Structural parent: the containing call in the call stack. */
+    parentEventId?: string | null;
+    /**
+     * Causal parent: the event that caused this one.
+     * Same as parentEventId for synchronous calls; different for async/queue scenarios.
+     */
+    causalParentEventId?: string | null;
+    /**
+     * Cross-trace causal reference.
+     * Used when a job's causal parent is an event in a different trace (e.g. HTTP → queue worker).
+     */
+    causalParentRef?: EventRef | null;
+    /** Parallel execution grouping (Promise.all, concurrent requests). */
+    asyncGroupId?: string;
+    branchId?: string;
+    concurrencyType?: ConcurrencyType;
+    type: TraceEventType;
+    language: LanguageId;
+    name: string;
+    displayName?: string;
+    file?: string;
+    line?: number;
+    column?: number;
+    className?: string;
+    functionName?: string;
+    moduleName?: string;
+    framework?: FrameworkId;
+    startTime: number;
+    endTime?: number;
+    durationMs?: number;
+    input?: SanitizedValue;
+    output?: SanitizedValue;
+    error?: TraceError;
+    resource?: TraceResource;
+    security?: SecurityMetadata;
+    reliability?: ReliabilityMetadata;
+    tags?: string[];
+    metadata?: Record<string, unknown>;
+};
+type DetailStreams = {
+    xdebug?: {
+        events: TraceEvent[];
+        /** Map from semantic event ID → attached Xdebug event IDs. */
+        attachedTo: Record<string, string[]>;
+    };
+};
+type TraceSessionStatus = 'running' | 'passed' | 'failed' | 'error';
+type TraceSession = {
+    schemaVersion: 'tracegraph.trace.v1';
+    traceId: string;
+    sessionId: string;
+    runId: string;
+    scenarioId?: string;
+    projectId?: string;
+    workspaceRoot: string;
+    language: LanguageId;
+    framework?: string;
+    entrypoint: TraceEntrypoint;
+    startedAt: number;
+    endedAt?: number;
+    status: TraceSessionStatus;
+    captureLevel: CaptureLevel;
+    events: TraceEvent[];
+    detailStreams?: DetailStreams;
+    metadata?: Record<string, unknown>;
+};
+type TraceIndexEntry = {
+    traceId: string;
+    runId: string;
+    file: string;
+    status: TraceSessionStatus;
+    createdAt: number;
+    entrypoint: TraceEntrypoint;
+};
+type TraceIndex = {
+    schemaVersion: 'tracegraph.index.v1';
+    traces: TraceIndexEntry[];
+};
+type BundleLink = {
+    source: EventRef;
+    target: EventRef;
+    type: 'causes' | 'correlates' | 'spawns';
+    correlationId: string;
+};
+type TraceBundle = {
+    schemaVersion: 'tracegraph.bundle.v1';
+    bundleId: string;
+    scenarioId: string;
+    createdAt: number;
+    traces: Array<{
+        language: LanguageId;
+        traceId: string;
+        file: string;
+    }>;
+    links: BundleLink[];
+};
+type CliEventType = 'run.started' | 'run.progress' | 'run.completed' | 'trace.started' | 'trace.progress' | 'trace.completed' | 'finding' | 'report.created' | 'approval.required' | 'error';
+type CliEventEnvelope = {
+    protocol: 'tracegraph.cli.v1';
+    type: CliEventType;
+    runId: string;
+    traceId?: string;
+    timestamp: number;
+    captureLevel?: Pick<CaptureLevel, 'overall' | 'label'>;
+    payload?: Record<string, unknown>;
+};
+type EventRole = 'validation' | 'authorization' | 'business_logic' | 'db' | 'external_call';
+type SemanticSignature = {
+    eventType: string;
+    language: LanguageId;
+    framework?: string;
+    className?: string;
+    methodName?: string;
+    functionName?: string;
+    moduleName?: string;
+    routeMethod?: string;
+    routePathPattern?: string;
+    resourceType?: string;
+    resourceKey?: string;
+    resourceOperation?: 'read' | 'write' | 'update' | 'delete';
+    role?: EventRole;
+};
+type JsonShape = {
+    type: 'string' | 'number' | 'boolean' | 'object' | 'array' | 'null' | 'unknown';
+    properties?: Record<string, JsonShape>;
+    items?: JsonShape;
+};
+type CompactBaseline = {
+    schemaVersion: 'tracegraph.baseline.v1';
+    baselineId: string;
+    testId: string;
+    entrypoint: TraceEntrypoint;
+    approvedAt: number;
+    approvedBy: string;
+    reason: string;
+    captureLevel: number;
+    events: Array<{
+        signature: SemanticSignature;
+        role: string;
+        count: number;
+        critical?: boolean;
+    }>;
+    resources: Array<{
+        type: string;
+        key: string;
+        operation: string;
+        count: number;
+    }>;
+    responseShape: JsonShape;
+};
+type FindingSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+type FindingCategory = 'behavior_change' | 'race_condition' | 'rate_limit' | 'idempotency' | 'retry_storm' | 'security_authentication' | 'security_authorization' | 'security_sensitive_data' | 'security_injection' | 'security_mass_assignment' | 'performance' | 'data_integrity' | 'tracegraph_policy_change';
+type Finding = {
+    id: string;
+    /** Stable hash of (ruleId + semantic target + risk resource/action) — never includes file path. */
+    fingerprint: string;
+    ruleId: string;
+    severity: FindingSeverity;
+    category: FindingCategory;
+    title: string;
+    description: string;
+    evidence: Array<{
+        traceId: string;
+        eventIds: string[];
+        file?: string;
+        line?: number;
+    }>;
+    recommendation?: string;
+};
+type FindingFingerprintInput = {
+    ruleId: string;
+    semanticTarget: {
+        routeMethod?: string;
+        routePathPattern?: string;
+        resourceType?: string;
+        resourceKey?: string;
+        resourceOperation?: 'read' | 'write' | 'update' | 'delete';
+        className?: string;
+        methodName?: string;
+        functionName?: string;
+        role?: EventRole;
+    };
+    findingKind: string;
+};
+type Suppression = {
+    id: string;
+    ruleId: string;
+    semanticTarget: Partial<SemanticSignature>;
+    requiresEvidence?: Array<{
+        type: string;
+        name: string;
+    }>;
+    reason: string;
+    expiresAt: string;
+    approvedBy: string;
+    createdAt: string;
+};
+type SuppressionsFile = {
+    schemaVersion: 'tracegraph.suppressions.v1';
+    suppressions: Suppression[];
+};
+type FindingApproval = {
+    findingFingerprint: string;
+    ruleId: string;
+    semanticTarget: Partial<SemanticSignature>;
+    approvedBy: string;
+    reason: string;
+    expiresAt: string;
+    createdAt: string;
+};
+type FindingApprovalsFile = {
+    schemaVersion: 'tracegraph.finding-approvals.v1';
+    approvals: FindingApproval[];
+};
+type SignatureChange = {
+    signature: SemanticSignature;
+    identityHash: string;
+    role: EventRole;
+    critical: boolean;
+    /** Present for added signatures (candidate eventId). */
+    eventId?: string;
+    eventName?: string;
+};
+type ResourceChange = {
+    type: string;
+    key: string;
+    operation: string;
+    baselineCount: number;
+    candidateCount: number;
+};
+type ResponseShapeChange = {
+    addedFields: string[];
+    removedFields: string[];
+    typeChanges: Array<{
+        field: string;
+        from: string;
+        to: string;
+    }>;
+};
+type BehaviorDiff = {
+    traceId: string;
+    baselineId: string;
+    addedSignatures: SignatureChange[];
+    removedSignatures: SignatureChange[];
+    changedResources: ResourceChange[];
+    responseShapeChange?: ResponseShapeChange;
+};
+type FindingStatus = 'open' | 'approved' | 'suppressed';
+type EvaluatedFinding = Finding & {
+    status: FindingStatus;
+    suppressedBy?: string;
+    approvedBy?: string;
+    approvedReason?: string;
+};
+type ReportSummary = {
+    tracesCompared: number;
+    findingsBySeverity: Record<FindingSeverity, number>;
+    hasOpenCritical: boolean;
+    suppressionsModified: boolean;
+};
+type TraceReport = {
+    schemaVersion: 'tracegraph.report.v1';
+    reportId: string;
+    createdAt: number;
+    baselineDir: string;
+    candidateFiles: string[];
+    diffs: BehaviorDiff[];
+    findings: EvaluatedFinding[];
+    summary: ReportSummary;
+};
+/**
+ * Written to `.tracegraph/latest.json` after every successful `tracegraph run`.
+ * Provides a stable, cross-platform pointer to the most recent run's artifacts
+ * without relying on symlinks (Windows-safe).
+ */
+type LatestPointer = {
+    /** The run ID of the most recent `tracegraph run` invocation. */
+    latestRunId: string;
+    /** All trace IDs produced by the latest run (main + per-test). */
+    latestTraceIds: string[];
+    /** Report ID written by the most recent `tracegraph compare`, or null. */
+    latestReportId: string | null;
+    /** Unix epoch ms when this file was last written. */
+    updatedAt: number;
+};
+/**
+ * A TraceGraph scenario — a declarative definition of one or more servers to
+ * start plus an ordered sequence of HTTP steps to execute against them.
+ *
+ * Stored in `.tracegraph/scenarios/<name>.scenario.json`.
+ */
+type ScenarioDefinition = {
+    schemaVersion: 'tracegraph.scenario.v1';
+    scenarioId: string;
+    name: string;
+    description?: string;
+    servers?: ScenarioServer[];
+    steps: ScenarioStep[];
+    tags?: string[];
+};
+/**
+ * A server that the scenario runner will start and manage.
+ * The process is spawned with `TRACEGRAPH_ENABLED=1` and related env vars so
+ * that the server's instrumentation can write trace files automatically.
+ */
+type ScenarioServer = {
+    name: string;
+    /** Shell command to start the server (e.g. "node dist/server.js"). */
+    command: string;
+    port: number;
+    env?: Record<string, string>;
+    /** Maximum milliseconds to wait for the server to pass its health check. Default 30000. */
+    readyTimeoutMs?: number;
+    healthCheck?: {
+        /** URL path to poll (e.g. "/health"). Default "/health". */
+        path: string;
+        method?: string;
+        /** Expected HTTP status code. Default 200. */
+        expectedStatus?: number;
+        /** Poll interval in milliseconds. Default 500. */
+        intervalMs?: number;
+        /** Maximum number of poll attempts before giving up. Default 60. */
+        maxAttempts?: number;
+    };
+};
+/** One HTTP step in a scenario. */
+type ScenarioStep = {
+    name: string;
+    description?: string;
+    http: {
+        method: string;
+        url: string;
+        headers?: Record<string, string>;
+        body?: unknown;
+        /** Request timeout in milliseconds. Default 30000. */
+        timeoutMs?: number;
+    };
+    assert?: {
+        /** Expected HTTP status code. */
+        status?: number;
+        /** String that must appear in the response body. */
+        bodyContains?: string;
+    };
+    /** Milliseconds to pause after this step before continuing. */
+    delayMs?: number;
+};
+/** Result of a single scenario step execution. */
+type ScenarioStepResult = {
+    name: string;
+    status: 'passed' | 'failed' | 'skipped';
+    statusCode?: number;
+    durationMs: number;
+    error?: string;
+};
+/** Aggregate result of a full scenario run. */
+type ScenarioRunResult = {
+    scenarioId: string;
+    runId: string;
+    bundleFile?: string;
+    steps: ScenarioStepResult[];
+    passed: boolean;
+    durationMs: number;
+};
+/**
+ * A function or method identified as changed by a git diff.
+ * Either `functionName` (standalone) or `className`+`methodName` (class method) is set.
+ */
+type ChangedFunction = {
+    /** File path relative to workspace root (forward slashes). */
+    file: string;
+    /** Standalone function name — mutually exclusive with className/methodName. */
+    functionName?: string;
+    /** Class that owns the method — set together with methodName. */
+    className?: string;
+    /** Method name within the class — set together with className. */
+    methodName?: string;
+    /** Line number within the new (post-diff) file where the declaration starts. */
+    startLine: number;
+};
+/**
+ * A changed function that was matched by at least one runtime trace event.
+ */
+type CoverageEntry = {
+    changed: ChangedFunction;
+    coveredBy: Array<{
+        traceId: string;
+        eventId: string;
+        traceFile: string;
+    }>;
+};
+/**
+ * Output of the AI change coverage analysis.
+ * Stored in `.tracegraph/reports/<id>.coverage.json`.
+ */
+type ChangeCoverageReport = {
+    schemaVersion: 'tracegraph.coverage.v1';
+    reportId: string;
+    createdAt: number;
+    /** Git ref used as the diff base (e.g. "HEAD~1", "main"). */
+    baseRef: string;
+    /** Git ref used as the diff head (e.g. "HEAD"). */
+    headRef: string;
+    covered: CoverageEntry[];
+    uncovered: ChangedFunction[];
+    summary: {
+        changedFunctions: number;
+        coveredCount: number;
+        uncoveredCount: number;
+        /** 0–100, integer. */
+        coveragePercent: number;
+    };
+};
+/** AI tool format that the pack targets. */
+type PromptPackFormat = 'cursor' | 'claude-code' | 'copilot' | 'mcp';
+/**
+ * A generated AI context pack for a specific tool format.
+ */
+type PromptPack = {
+    format: PromptPackFormat;
+    /** Rendered pack content (markdown, XML, or JSON). */
+    content: string;
+    /** Conventional file name for the pack (e.g. ".cursor/tracegraph-context.md"). */
+    fileName: string;
+};
+declare const EXIT_CODES: {
+    /** Wrapped command and compare both passed cleanly. */
+    readonly SUCCESS: 0;
+    /** Wrapped command (npm test, etc.) exited with non-zero. */
+    readonly COMMAND_FAILURE: 1;
+    /** Bad arguments, missing file, or internal CLI error. */
+    readonly CLI_ERROR: 2;
+    /** Open findings at or above the severity threshold (--fail-on-critical). */
+    readonly FINDINGS_THRESHOLD: 3;
+    /** Suppressions file was modified since the last approved baseline. */
+    readonly POLICY_REVIEW: 4;
+    /** Trace or baseline schema version does not match the current CLI. */
+    readonly SCHEMA_MIGRATION: 5;
+    /** Capture level is below the project-configured minimum requirement. */
+    readonly CAPTURE_LEVEL_INSUFFICIENT: 6;
+};
+type ExitCode = typeof EXIT_CODES[keyof typeof EXIT_CODES];
+
+export { type AdapterCaptureInfo, type BehaviorDiff, type BundleLink, type CaptureLevel, type CaptureLevelValue, type ChangeCoverageReport, type ChangedFunction, type CliEventEnvelope, type CliEventType, type CompactBaseline, type ConcurrencyType, type CoverageEntry, type DetailStreams, EXIT_CODES, type EvaluatedFinding, type EventRef, type EventRole, type ExitCode, type Finding, type FindingApproval, type FindingApprovalsFile, type FindingCategory, type FindingFingerprintInput, type FindingSeverity, type FindingStatus, type FrameworkId, type JsonShape, type LanguageId, type LatestPointer, type PromptPack, type PromptPackFormat, type ReliabilityMetadata, type ReportSummary, type ResourceChange, type ResponseShapeChange, SCHEMA_VERSIONS, type SanitizedValue, type ScenarioDefinition, type ScenarioRunResult, type ScenarioServer, type ScenarioStep, type ScenarioStepResult, type SchemaVersions, type SecurityMetadata, type SemanticSignature, type SignatureChange, type Suppression, type SuppressionsFile, type TraceBundle, type TraceEntrypoint, type TraceError, type TraceEvent, type TraceEventType, type TraceIndex, type TraceIndexEntry, type TraceReport, type TraceResource, type TraceSession, type TraceSessionStatus };

package/dist/index.d.ts

@@ -0,0 +1,529 @@
+declare const SCHEMA_VERSIONS: {
+    readonly trace: "tracegraph.trace.v1";
+    readonly event: "tracegraph.event.v1";
+    readonly baseline: "tracegraph.baseline.v1";
+    readonly bundle: "tracegraph.bundle.v1";
+    readonly report: "tracegraph.report.v1";
+    readonly diff: "tracegraph.diff.v1";
+    readonly suppression: "tracegraph.suppressions.v1";
+    readonly findingApproval: "tracegraph.finding-approvals.v1";
+    readonly scenario: "tracegraph.scenario.v1";
+    readonly index: "tracegraph.index.v1";
+    readonly coverage: "tracegraph.coverage.v1";
+};
+type SchemaVersions = typeof SCHEMA_VERSIONS;
+type TraceEntrypoint = {
+    type: 'http_request';
+    method: string;
+    path: string;
+    handler?: string;
+} | {
+    type: 'test_case';
+    testName: string;
+    testFile?: string;
+} | {
+    type: 'function';
+    functionName: string;
+    file?: string;
+    line?: number;
+} | {
+    type: 'cli_command';
+    command: string;
+};
+/**
+ * Levels:
+ *  0 = runner metadata only (zero config)
+ *  1 = framework adapters (Express middleware, Laravel hooks)
+ *  2 = manual traceFunction wrappers
+ *  3 = CJS require hook auto-instrumentation
+ *  4 = ESM --import hook (limited — cannot replace live bindings)
+ *  5 = build-time transform (Vitest reporter, Babel/SWC plugin)
+ */
+type CaptureLevelValue = 0 | 1 | 2 | 3 | 4 | 5;
+type AdapterCaptureInfo = {
+    level: number;
+    mode: string;
+    captured: string[];
+    notCaptured: string[];
+    recommendation?: string;
+};
+type CaptureLevel = {
+    overall: CaptureLevelValue;
+    label: string;
+    adapters: Record<string, AdapterCaptureInfo>;
+};
+type TraceEventType = 'trace_start' | 'trace_end' | 'http_request' | 'http_response' | 'function_call' | 'method_call' | 'db_query' | 'external_http_call' | 'file_operation' | 'cache_operation' | 'queue_event' | 'log' | 'error' | 'branch' | 'return' | 'auth_check' | 'authorization_check' | 'rate_limit_check' | 'lock_acquire' | 'lock_release' | 'transaction_start' | 'transaction_commit' | 'transaction_rollback'
+/** One per test file; parent = trace_start. */
+ | 'test_file'
+/** One per describe() block; parent = test_file or enclosing test_suite. */
+ | 'test_suite'
+/** One per it()/test() call; parent = nearest test_suite or test_file. */
+ | 'test_run';
+type ConcurrencyType = 'sequential' | 'parallel' | 'promise_all' | 'race' | 'background';
+type LanguageId = 'typescript' | 'javascript' | 'php';
+type FrameworkId = 'express' | 'nestjs' | 'nextjs' | 'fastify' | 'laravel' | 'symfony' | 'vitest' | 'jest' | 'xdebug' | 'plain';
+/** Cross-trace event reference for causal links (e.g. HTTP request → dispatched job). */
+type EventRef = {
+    traceId: string;
+    eventId: string;
+};
+type TraceError = {
+    type: string;
+    message: string;
+    stack?: string;
+};
+type TraceResource = {
+    type: string;
+    key: string;
+    operation: string;
+};
+type SanitizedValue = Record<string, unknown> | unknown[] | string | number | null;
+type SecurityMetadata = Record<string, unknown>;
+type ReliabilityMetadata = Record<string, unknown>;
+type TraceEvent = {
+    schemaVersion: 'tracegraph.event.v1';
+    eventId: string;
+    traceId: string;
+    /** Structural parent: the containing call in the call stack. */
+    parentEventId?: string | null;
+    /**
+     * Causal parent: the event that caused this one.
+     * Same as parentEventId for synchronous calls; different for async/queue scenarios.
+     */
+    causalParentEventId?: string | null;
+    /**
+     * Cross-trace causal reference.
+     * Used when a job's causal parent is an event in a different trace (e.g. HTTP → queue worker).
+     */
+    causalParentRef?: EventRef | null;
+    /** Parallel execution grouping (Promise.all, concurrent requests). */
+    asyncGroupId?: string;
+    branchId?: string;
+    concurrencyType?: ConcurrencyType;
+    type: TraceEventType;
+    language: LanguageId;
+    name: string;
+    displayName?: string;
+    file?: string;
+    line?: number;
+    column?: number;
+    className?: string;
+    functionName?: string;
+    moduleName?: string;
+    framework?: FrameworkId;
+    startTime: number;
+    endTime?: number;
+    durationMs?: number;
+    input?: SanitizedValue;
+    output?: SanitizedValue;
+    error?: TraceError;
+    resource?: TraceResource;
+    security?: SecurityMetadata;
+    reliability?: ReliabilityMetadata;
+    tags?: string[];
+    metadata?: Record<string, unknown>;
+};
+type DetailStreams = {
+    xdebug?: {
+        events: TraceEvent[];
+        /** Map from semantic event ID → attached Xdebug event IDs. */
+        attachedTo: Record<string, string[]>;
+    };
+};
+type TraceSessionStatus = 'running' | 'passed' | 'failed' | 'error';
+type TraceSession = {
+    schemaVersion: 'tracegraph.trace.v1';
+    traceId: string;
+    sessionId: string;
+    runId: string;
+    scenarioId?: string;
+    projectId?: string;
+    workspaceRoot: string;
+    language: LanguageId;
+    framework?: string;
+    entrypoint: TraceEntrypoint;
+    startedAt: number;
+    endedAt?: number;
+    status: TraceSessionStatus;
+    captureLevel: CaptureLevel;
+    events: TraceEvent[];
+    detailStreams?: DetailStreams;
+    metadata?: Record<string, unknown>;
+};
+type TraceIndexEntry = {
+    traceId: string;
+    runId: string;
+    file: string;
+    status: TraceSessionStatus;
+    createdAt: number;
+    entrypoint: TraceEntrypoint;
+};
+type TraceIndex = {
+    schemaVersion: 'tracegraph.index.v1';
+    traces: TraceIndexEntry[];
+};
+type BundleLink = {
+    source: EventRef;
+    target: EventRef;
+    type: 'causes' | 'correlates' | 'spawns';
+    correlationId: string;
+};
+type TraceBundle = {
+    schemaVersion: 'tracegraph.bundle.v1';
+    bundleId: string;
+    scenarioId: string;
+    createdAt: number;
+    traces: Array<{
+        language: LanguageId;
+        traceId: string;
+        file: string;
+    }>;
+    links: BundleLink[];
+};
+type CliEventType = 'run.started' | 'run.progress' | 'run.completed' | 'trace.started' | 'trace.progress' | 'trace.completed' | 'finding' | 'report.created' | 'approval.required' | 'error';
+type CliEventEnvelope = {
+    protocol: 'tracegraph.cli.v1';
+    type: CliEventType;
+    runId: string;
+    traceId?: string;
+    timestamp: number;
+    captureLevel?: Pick<CaptureLevel, 'overall' | 'label'>;
+    payload?: Record<string, unknown>;
+};
+type EventRole = 'validation' | 'authorization' | 'business_logic' | 'db' | 'external_call';
+type SemanticSignature = {
+    eventType: string;
+    language: LanguageId;
+    framework?: string;
+    className?: string;
+    methodName?: string;
+    functionName?: string;
+    moduleName?: string;
+    routeMethod?: string;
+    routePathPattern?: string;
+    resourceType?: string;
+    resourceKey?: string;
+    resourceOperation?: 'read' | 'write' | 'update' | 'delete';
+    role?: EventRole;
+};
+type JsonShape = {
+    type: 'string' | 'number' | 'boolean' | 'object' | 'array' | 'null' | 'unknown';
+    properties?: Record<string, JsonShape>;
+    items?: JsonShape;
+};
+type CompactBaseline = {
+    schemaVersion: 'tracegraph.baseline.v1';
+    baselineId: string;
+    testId: string;
+    entrypoint: TraceEntrypoint;
+    approvedAt: number;
+    approvedBy: string;
+    reason: string;
+    captureLevel: number;
+    events: Array<{
+        signature: SemanticSignature;
+        role: string;
+        count: number;
+        critical?: boolean;
+    }>;
+    resources: Array<{
+        type: string;
+        key: string;
+        operation: string;
+        count: number;
+    }>;
+    responseShape: JsonShape;
+};
+type FindingSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+type FindingCategory = 'behavior_change' | 'race_condition' | 'rate_limit' | 'idempotency' | 'retry_storm' | 'security_authentication' | 'security_authorization' | 'security_sensitive_data' | 'security_injection' | 'security_mass_assignment' | 'performance' | 'data_integrity' | 'tracegraph_policy_change';
+type Finding = {
+    id: string;
+    /** Stable hash of (ruleId + semantic target + risk resource/action) — never includes file path. */
+    fingerprint: string;
+    ruleId: string;
+    severity: FindingSeverity;
+    category: FindingCategory;
+    title: string;
+    description: string;
+    evidence: Array<{
+        traceId: string;
+        eventIds: string[];
+        file?: string;
+        line?: number;
+    }>;
+    recommendation?: string;
+};
+type FindingFingerprintInput = {
+    ruleId: string;
+    semanticTarget: {
+        routeMethod?: string;
+        routePathPattern?: string;
+        resourceType?: string;
+        resourceKey?: string;
+        resourceOperation?: 'read' | 'write' | 'update' | 'delete';
+        className?: string;
+        methodName?: string;
+        functionName?: string;
+        role?: EventRole;
+    };
+    findingKind: string;
+};
+type Suppression = {
+    id: string;
+    ruleId: string;
+    semanticTarget: Partial<SemanticSignature>;
+    requiresEvidence?: Array<{
+        type: string;
+        name: string;
+    }>;
+    reason: string;
+    expiresAt: string;
+    approvedBy: string;
+    createdAt: string;
+};
+type SuppressionsFile = {
+    schemaVersion: 'tracegraph.suppressions.v1';
+    suppressions: Suppression[];
+};
+type FindingApproval = {
+    findingFingerprint: string;
+    ruleId: string;
+    semanticTarget: Partial<SemanticSignature>;
+    approvedBy: string;
+    reason: string;
+    expiresAt: string;
+    createdAt: string;
+};
+type FindingApprovalsFile = {
+    schemaVersion: 'tracegraph.finding-approvals.v1';
+    approvals: FindingApproval[];
+};
+type SignatureChange = {
+    signature: SemanticSignature;
+    identityHash: string;
+    role: EventRole;
+    critical: boolean;
+    /** Present for added signatures (candidate eventId). */
+    eventId?: string;
+    eventName?: string;
+};
+type ResourceChange = {
+    type: string;
+    key: string;
+    operation: string;
+    baselineCount: number;
+    candidateCount: number;
+};
+type ResponseShapeChange = {
+    addedFields: string[];
+    removedFields: string[];
+    typeChanges: Array<{
+        field: string;
+        from: string;
+        to: string;
+    }>;
+};
+type BehaviorDiff = {
+    traceId: string;
+    baselineId: string;
+    addedSignatures: SignatureChange[];
+    removedSignatures: SignatureChange[];
+    changedResources: ResourceChange[];
+    responseShapeChange?: ResponseShapeChange;
+};
+type FindingStatus = 'open' | 'approved' | 'suppressed';
+type EvaluatedFinding = Finding & {
+    status: FindingStatus;
+    suppressedBy?: string;
+    approvedBy?: string;
+    approvedReason?: string;
+};
+type ReportSummary = {
+    tracesCompared: number;
+    findingsBySeverity: Record<FindingSeverity, number>;
+    hasOpenCritical: boolean;
+    suppressionsModified: boolean;
+};
+type TraceReport = {
+    schemaVersion: 'tracegraph.report.v1';
+    reportId: string;
+    createdAt: number;
+    baselineDir: string;
+    candidateFiles: string[];
+    diffs: BehaviorDiff[];
+    findings: EvaluatedFinding[];
+    summary: ReportSummary;
+};
+/**
+ * Written to `.tracegraph/latest.json` after every successful `tracegraph run`.
+ * Provides a stable, cross-platform pointer to the most recent run's artifacts
+ * without relying on symlinks (Windows-safe).
+ */
+type LatestPointer = {
+    /** The run ID of the most recent `tracegraph run` invocation. */
+    latestRunId: string;
+    /** All trace IDs produced by the latest run (main + per-test). */
+    latestTraceIds: string[];
+    /** Report ID written by the most recent `tracegraph compare`, or null. */
+    latestReportId: string | null;
+    /** Unix epoch ms when this file was last written. */
+    updatedAt: number;
+};
+/**
+ * A TraceGraph scenario — a declarative definition of one or more servers to
+ * start plus an ordered sequence of HTTP steps to execute against them.
+ *
+ * Stored in `.tracegraph/scenarios/<name>.scenario.json`.
+ */
+type ScenarioDefinition = {
+    schemaVersion: 'tracegraph.scenario.v1';
+    scenarioId: string;
+    name: string;
+    description?: string;
+    servers?: ScenarioServer[];
+    steps: ScenarioStep[];
+    tags?: string[];
+};
+/**
+ * A server that the scenario runner will start and manage.
+ * The process is spawned with `TRACEGRAPH_ENABLED=1` and related env vars so
+ * that the server's instrumentation can write trace files automatically.
+ */
+type ScenarioServer = {
+    name: string;
+    /** Shell command to start the server (e.g. "node dist/server.js"). */
+    command: string;
+    port: number;
+    env?: Record<string, string>;
+    /** Maximum milliseconds to wait for the server to pass its health check. Default 30000. */
+    readyTimeoutMs?: number;
+    healthCheck?: {
+        /** URL path to poll (e.g. "/health"). Default "/health". */
+        path: string;
+        method?: string;
+        /** Expected HTTP status code. Default 200. */
+        expectedStatus?: number;
+        /** Poll interval in milliseconds. Default 500. */
+        intervalMs?: number;
+        /** Maximum number of poll attempts before giving up. Default 60. */
+        maxAttempts?: number;
+    };
+};
+/** One HTTP step in a scenario. */
+type ScenarioStep = {
+    name: string;
+    description?: string;
+    http: {
+        method: string;
+        url: string;
+        headers?: Record<string, string>;
+        body?: unknown;
+        /** Request timeout in milliseconds. Default 30000. */
+        timeoutMs?: number;
+    };
+    assert?: {
+        /** Expected HTTP status code. */
+        status?: number;
+        /** String that must appear in the response body. */
+        bodyContains?: string;
+    };
+    /** Milliseconds to pause after this step before continuing. */
+    delayMs?: number;
+};
+/** Result of a single scenario step execution. */
+type ScenarioStepResult = {
+    name: string;
+    status: 'passed' | 'failed' | 'skipped';
+    statusCode?: number;
+    durationMs: number;
+    error?: string;
+};
+/** Aggregate result of a full scenario run. */
+type ScenarioRunResult = {
+    scenarioId: string;
+    runId: string;
+    bundleFile?: string;
+    steps: ScenarioStepResult[];
+    passed: boolean;
+    durationMs: number;
+};
+/**
+ * A function or method identified as changed by a git diff.
+ * Either `functionName` (standalone) or `className`+`methodName` (class method) is set.
+ */
+type ChangedFunction = {
+    /** File path relative to workspace root (forward slashes). */
+    file: string;
+    /** Standalone function name — mutually exclusive with className/methodName. */
+    functionName?: string;
+    /** Class that owns the method — set together with methodName. */
+    className?: string;
+    /** Method name within the class — set together with className. */
+    methodName?: string;
+    /** Line number within the new (post-diff) file where the declaration starts. */
+    startLine: number;
+};
+/**
+ * A changed function that was matched by at least one runtime trace event.
+ */
+type CoverageEntry = {
+    changed: ChangedFunction;
+    coveredBy: Array<{
+        traceId: string;
+        eventId: string;
+        traceFile: string;
+    }>;
+};
+/**
+ * Output of the AI change coverage analysis.
+ * Stored in `.tracegraph/reports/<id>.coverage.json`.
+ */
+type ChangeCoverageReport = {
+    schemaVersion: 'tracegraph.coverage.v1';
+    reportId: string;
+    createdAt: number;
+    /** Git ref used as the diff base (e.g. "HEAD~1", "main"). */
+    baseRef: string;
+    /** Git ref used as the diff head (e.g. "HEAD"). */
+    headRef: string;
+    covered: CoverageEntry[];
+    uncovered: ChangedFunction[];
+    summary: {
+        changedFunctions: number;
+        coveredCount: number;
+        uncoveredCount: number;
+        /** 0–100, integer. */
+        coveragePercent: number;
+    };
+};
+/** AI tool format that the pack targets. */
+type PromptPackFormat = 'cursor' | 'claude-code' | 'copilot' | 'mcp';
+/**
+ * A generated AI context pack for a specific tool format.
+ */
+type PromptPack = {
+    format: PromptPackFormat;
+    /** Rendered pack content (markdown, XML, or JSON). */
+    content: string;
+    /** Conventional file name for the pack (e.g. ".cursor/tracegraph-context.md"). */
+    fileName: string;
+};
+declare const EXIT_CODES: {
+    /** Wrapped command and compare both passed cleanly. */
+    readonly SUCCESS: 0;
+    /** Wrapped command (npm test, etc.) exited with non-zero. */
+    readonly COMMAND_FAILURE: 1;
+    /** Bad arguments, missing file, or internal CLI error. */
+    readonly CLI_ERROR: 2;
+    /** Open findings at or above the severity threshold (--fail-on-critical). */
+    readonly FINDINGS_THRESHOLD: 3;
+    /** Suppressions file was modified since the last approved baseline. */
+    readonly POLICY_REVIEW: 4;
+    /** Trace or baseline schema version does not match the current CLI. */
+    readonly SCHEMA_MIGRATION: 5;
+    /** Capture level is below the project-configured minimum requirement. */
+    readonly CAPTURE_LEVEL_INSUFFICIENT: 6;
+};
+type ExitCode = typeof EXIT_CODES[keyof typeof EXIT_CODES];
+
+export { type AdapterCaptureInfo, type BehaviorDiff, type BundleLink, type CaptureLevel, type CaptureLevelValue, type ChangeCoverageReport, type ChangedFunction, type CliEventEnvelope, type CliEventType, type CompactBaseline, type ConcurrencyType, type CoverageEntry, type DetailStreams, EXIT_CODES, type EvaluatedFinding, type EventRef, type EventRole, type ExitCode, type Finding, type FindingApproval, type FindingApprovalsFile, type FindingCategory, type FindingFingerprintInput, type FindingSeverity, type FindingStatus, type FrameworkId, type JsonShape, type LanguageId, type LatestPointer, type PromptPack, type PromptPackFormat, type ReliabilityMetadata, type ReportSummary, type ResourceChange, type ResponseShapeChange, SCHEMA_VERSIONS, type SanitizedValue, type ScenarioDefinition, type ScenarioRunResult, type ScenarioServer, type ScenarioStep, type ScenarioStepResult, type SchemaVersions, type SecurityMetadata, type SemanticSignature, type SignatureChange, type Suppression, type SuppressionsFile, type TraceBundle, type TraceEntrypoint, type TraceError, type TraceEvent, type TraceEventType, type TraceIndex, type TraceIndexEntry, type TraceReport, type TraceResource, type TraceSession, type TraceSessionStatus };

package/dist/index.js

@@ -0,0 +1,60 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  EXIT_CODES: () => EXIT_CODES,
+  SCHEMA_VERSIONS: () => SCHEMA_VERSIONS
+});
+module.exports = __toCommonJS(index_exports);
+var SCHEMA_VERSIONS = {
+  trace: "tracegraph.trace.v1",
+  event: "tracegraph.event.v1",
+  baseline: "tracegraph.baseline.v1",
+  bundle: "tracegraph.bundle.v1",
+  report: "tracegraph.report.v1",
+  diff: "tracegraph.diff.v1",
+  suppression: "tracegraph.suppressions.v1",
+  findingApproval: "tracegraph.finding-approvals.v1",
+  scenario: "tracegraph.scenario.v1",
+  index: "tracegraph.index.v1",
+  coverage: "tracegraph.coverage.v1"
+};
+var EXIT_CODES = {
+  /** Wrapped command and compare both passed cleanly. */
+  SUCCESS: 0,
+  /** Wrapped command (npm test, etc.) exited with non-zero. */
+  COMMAND_FAILURE: 1,
+  /** Bad arguments, missing file, or internal CLI error. */
+  CLI_ERROR: 2,
+  /** Open findings at or above the severity threshold (--fail-on-critical). */
+  FINDINGS_THRESHOLD: 3,
+  /** Suppressions file was modified since the last approved baseline. */
+  POLICY_REVIEW: 4,
+  /** Trace or baseline schema version does not match the current CLI. */
+  SCHEMA_MIGRATION: 5,
+  /** Capture level is below the project-configured minimum requirement. */
+  CAPTURE_LEVEL_INSUFFICIENT: 6
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  EXIT_CODES,
+  SCHEMA_VERSIONS
+});

package/dist/index.mjs

@@ -0,0 +1,34 @@
+// src/index.ts
+var SCHEMA_VERSIONS = {
+  trace: "tracegraph.trace.v1",
+  event: "tracegraph.event.v1",
+  baseline: "tracegraph.baseline.v1",
+  bundle: "tracegraph.bundle.v1",
+  report: "tracegraph.report.v1",
+  diff: "tracegraph.diff.v1",
+  suppression: "tracegraph.suppressions.v1",
+  findingApproval: "tracegraph.finding-approvals.v1",
+  scenario: "tracegraph.scenario.v1",
+  index: "tracegraph.index.v1",
+  coverage: "tracegraph.coverage.v1"
+};
+var EXIT_CODES = {
+  /** Wrapped command and compare both passed cleanly. */
+  SUCCESS: 0,
+  /** Wrapped command (npm test, etc.) exited with non-zero. */
+  COMMAND_FAILURE: 1,
+  /** Bad arguments, missing file, or internal CLI error. */
+  CLI_ERROR: 2,
+  /** Open findings at or above the severity threshold (--fail-on-critical). */
+  FINDINGS_THRESHOLD: 3,
+  /** Suppressions file was modified since the last approved baseline. */
+  POLICY_REVIEW: 4,
+  /** Trace or baseline schema version does not match the current CLI. */
+  SCHEMA_MIGRATION: 5,
+  /** Capture level is below the project-configured minimum requirement. */
+  CAPTURE_LEVEL_INSUFFICIENT: 6
+};
+export {
+  EXIT_CODES,
+  SCHEMA_VERSIONS
+};

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@tracegraph/shared-types",
+  "version": "0.1.0",
+  "description": "Canonical TypeScript types and schema version constants for TraceGraph",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm --dts",
+    "typecheck": "tsc --noEmit"
+  }
+}