@transitrix/cli 1.0.0

package/dist/export-compliance.js

@@ -0,0 +1,1076 @@
+import { createRequire as __createRequire__ } from 'node:module'; const require = __createRequire__(import.meta.url);
+
+// ../../src/export-compliance.ts
+import { writeFileSync, readFileSync, readdirSync, mkdtempSync, rmSync } from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import { spawnSync } from "node:child_process";
+import yaml from "js-yaml";
+
+// ../diagrams/src/compliance/reverse-index.ts
+function push(map, key, value) {
+  const list = map.get(key);
+  if (list) list.push(value);
+  else map.set(key, [value]);
+}
+function buildComplianceIndex(input) {
+  const requirementById = /* @__PURE__ */ new Map();
+  const requirementsByLaw = /* @__PURE__ */ new Map();
+  const assertionsByRequirement = /* @__PURE__ */ new Map();
+  const assertionsBySubject = /* @__PURE__ */ new Map();
+  for (const r of input.requirements) {
+    requirementById.set(r.id, r);
+    for (const law of r.derived_from ?? []) push(requirementsByLaw, law, r);
+  }
+  for (const a of input.assertions) {
+    push(assertionsByRequirement, a.about, a);
+    push(assertionsBySubject, a.subject, a);
+  }
+  return { requirementById, requirementsByLaw, assertionsByRequirement, assertionsBySubject };
+}
+
+// ../diagrams/src/compliance/views.ts
+function byId(a, b) {
+  return a.id < b.id ? -1 : a.id > b.id ? 1 : 0;
+}
+function buildLawTree(lawId, index) {
+  const requirements = [...index.requirementsByLaw.get(lawId) ?? []].sort(byId);
+  return {
+    lawId,
+    requirements: requirements.map((requirement) => ({
+      requirement,
+      assertions: [...index.assertionsByRequirement.get(requirement.id) ?? []].sort(byId)
+    }))
+  };
+}
+function buildProductView(productId, index) {
+  const assertions = [...index.assertionsBySubject.get(productId) ?? []];
+  const requirements = assertions.map((assertion) => {
+    const requirement = index.requirementById.get(assertion.about) ?? { id: assertion.about, name: assertion.about };
+    return { requirement, assertion };
+  }).sort((a, b) => byId(a.requirement, b.requirement));
+  return { productId, requirements };
+}
+
+// ../diagrams/src/compliance/impact.ts
+var COMPLIANCE_IMPACT_DEFAULTS = {
+  /** Accept all four active statuses + n_a in cell aggregation. */
+  status_display: {
+    show: ["compliant", "partial", "non_compliant", "under_review", "n_a"]
+  },
+  /** Order rows by canonical REQUIREMENT ID (lexicographic). */
+  order_rows_by: "id",
+  /** §5.3 empty-cell labels. */
+  empty_cells: {
+    no_obligation_label: "No mapped obligation (current model)",
+    no_obligation_applies_label: "No obligation applies"
+  },
+  /** Obligation scope: all known REQUIREMENTs in the canon (no filter). */
+  obligations: { include: void 0, filter: void 0 },
+  /** Subjects: empty — must be supplied explicitly in the view config. */
+  subjects: { products: [], processes: [] },
+  /** Column grain: one column per business object (no stage decomposition). */
+  grouping: { columns: "object" }
+};
+function parseImpactViewConfig(raw) {
+  if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+    return { ok: false, errors: ["view config: expected an object at the document root"] };
+  }
+  const top = raw;
+  const v = "view" in top && top.view && typeof top.view === "object" && !Array.isArray(top.view) ? top.view : top;
+  const errors = [];
+  if (!v.id || typeof v.id !== "string") errors.push("view.id: required string");
+  if (!v.name || typeof v.name !== "string") errors.push("view.name: required string");
+  if (v.subjects !== void 0 && (typeof v.subjects !== "object" || Array.isArray(v.subjects))) {
+    errors.push("view.subjects: expected an object");
+  }
+  if (errors.length) return { ok: false, errors };
+  const subjects = v.subjects && typeof v.subjects === "object" && !Array.isArray(v.subjects) ? v.subjects : {};
+  const obligations = v.obligations && typeof v.obligations === "object" && !Array.isArray(v.obligations) ? v.obligations : {};
+  const obFilter = obligations.filter && typeof obligations.filter === "object" && !Array.isArray(obligations.filter) ? obligations.filter : null;
+  const statusDisplay = v.status_display && typeof v.status_display === "object" && !Array.isArray(v.status_display) ? v.status_display : {};
+  const emptyCells = v.empty_cells && typeof v.empty_cells === "object" && !Array.isArray(v.empty_cells) ? v.empty_cells : {};
+  const config = {
+    id: v.id,
+    name: v.name,
+    description: typeof v.description === "string" ? v.description : void 0,
+    snapshot_at: typeof v.snapshot_at === "string" ? v.snapshot_at : void 0,
+    subjects: {
+      products: Array.isArray(subjects.products) ? subjects.products.filter((x) => typeof x === "string") : [...COMPLIANCE_IMPACT_DEFAULTS.subjects.products],
+      processes: Array.isArray(subjects.processes) ? subjects.processes.filter((x) => typeof x === "string") : [...COMPLIANCE_IMPACT_DEFAULTS.subjects.processes]
+    },
+    obligations: {
+      include: Array.isArray(obligations.include) ? obligations.include.filter((x) => typeof x === "string") : void 0,
+      filter: obFilter ? {
+        derived_from_codex: Array.isArray(obFilter.derived_from_codex) ? obFilter.derived_from_codex.filter((x) => typeof x === "string") : void 0
+      } : void 0
+    },
+    status_display: {
+      show: Array.isArray(statusDisplay.show) ? statusDisplay.show.filter((x) => typeof x === "string") : [...COMPLIANCE_IMPACT_DEFAULTS.status_display.show]
+    },
+    empty_cells: {
+      no_obligation_label: typeof emptyCells.no_obligation_label === "string" ? emptyCells.no_obligation_label : COMPLIANCE_IMPACT_DEFAULTS.empty_cells.no_obligation_label,
+      no_obligation_applies_label: typeof emptyCells.no_obligation_applies_label === "string" ? emptyCells.no_obligation_applies_label : COMPLIANCE_IMPACT_DEFAULTS.empty_cells.no_obligation_applies_label
+    },
+    order_rows_by: v.order_rows_by === "name" ? "name" : COMPLIANCE_IMPACT_DEFAULTS.order_rows_by
+  };
+  return { ok: true, config };
+}
+var DEFAULT_NO_OBLIGATION_LABEL = "No mapped obligation (current model)";
+var DEFAULT_NO_OBLIGATION_APPLIES_LABEL = "No obligation applies";
+var IN_FORCE_HORIZON_DAYS = 30;
+function computeDeadlineStatus(deadline, today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10)) {
+  if (!deadline) return "none";
+  if (deadline < today) return "past_due";
+  const daysAway = Math.round(
+    (new Date(deadline).getTime() - new Date(today).getTime()) / (1e3 * 60 * 60 * 24)
+  );
+  return daysAway <= IN_FORCE_HORIZON_DAYS ? "in_force" : "upcoming";
+}
+function byId2(a, b) {
+  return a.id < b.id ? -1 : a.id > b.id ? 1 : 0;
+}
+function resolveObligations(config, index, allRequirements) {
+  if (config.obligations.include?.length) {
+    const out2 = [];
+    for (const id of config.obligations.include) {
+      const r = index.requirementById.get(id);
+      if (r) out2.push(r);
+    }
+    return out2;
+  }
+  const codices = config.obligations.filter?.derived_from_codex ?? [];
+  if (codices.length === 0) return [...allRequirements].sort(byId2);
+  const seen = /* @__PURE__ */ new Set();
+  const out = [];
+  for (const codex of codices) {
+    for (const r of index.requirementsByLaw.get(codex) ?? []) {
+      if (!seen.has(r.id)) {
+        seen.add(r.id);
+        out.push(r);
+      }
+    }
+  }
+  return out;
+}
+function orderRows(rows, key) {
+  const sorted = [...rows];
+  if (key === "name") {
+    sorted.sort((a, b) => a.name < b.name ? -1 : a.name > b.name ? 1 : 0);
+  } else {
+    sorted.sort(byId2);
+  }
+  return sorted;
+}
+function aggregateStatus(assertions) {
+  let sawPartial = false;
+  let sawUnderReview = false;
+  let sawCompliant = false;
+  for (const a of assertions) {
+    if (a.status === "non_compliant") return "non_compliant";
+    if (a.status === "partial") sawPartial = true;
+    else if (a.status === "under_review") sawUnderReview = true;
+    else if (a.status === "compliant") sawCompliant = true;
+  }
+  if (sawPartial) return "partial";
+  if (sawUnderReview) return "under_review";
+  if (sawCompliant) return "compliant";
+  return "n_a";
+}
+function buildProductColumns(config) {
+  const subjects = [...config.subjects.products ?? [], ...config.subjects.processes ?? []];
+  return subjects.map((id) => ({ subjectId: id, label: id }));
+}
+function buildObjectDetailColumns(config, objectDetails) {
+  const detailMap = new Map(objectDetails.map((d) => [d.objectId, d.details]));
+  const subjects = [...config.subjects.products ?? [], ...config.subjects.processes ?? []];
+  const cols = [];
+  for (const subjectId of subjects) {
+    const details = detailMap.get(subjectId);
+    if (!details || details.length === 0) {
+      cols.push({ subjectId, label: subjectId });
+    } else {
+      for (const detail of details) {
+        cols.push({ subjectId, stageId: detail.id, label: `${subjectId}:${detail.id}` });
+      }
+    }
+  }
+  return cols;
+}
+function assertionMatchesColumn(a, col) {
+  if (a.subject !== col.subjectId) return false;
+  if (!col.stageId) return true;
+  if (!a.realised_via || a.realised_via.length === 0) return true;
+  return a.realised_via.includes(col.stageId);
+}
+function buildImpactMatrix(canon, config, objectDetails) {
+  const index = buildComplianceIndex({
+    requirements: canon.requirements,
+    assertions: canon.assertions
+  });
+  const obligations = orderRows(resolveObligations(config, index, canon.requirements), config.order_rows_by);
+  const useStageGrain = config.grouping?.columns === "object-details" && objectDetails && objectDetails.length > 0;
+  const columns = useStageGrain ? buildObjectDetailColumns(config, objectDetails) : buildProductColumns(config);
+  const allowedStatuses = new Set(
+    config.status_display?.show ?? ["compliant", "partial", "non_compliant", "under_review", "n_a"]
+  );
+  const rowIndex = new Set(obligations.map((r) => r.id));
+  const cells = obligations.map(() => columns.map(() => emptyCell()));
+  for (let c = 0; c < columns.length; c++) {
+    const col = columns[c];
+    const subjectAssertions = index.assertionsBySubject.get(col.subjectId) ?? [];
+    for (const a of subjectAssertions) {
+      if (!rowIndex.has(a.about)) continue;
+      if (!allowedStatuses.has(a.status)) continue;
+      if (!assertionMatchesColumn(a, col)) continue;
+      const rowIdx = obligations.findIndex((r) => r.id === a.about);
+      if (rowIdx < 0) continue;
+      cells[rowIdx][c].assertions.push(a);
+    }
+  }
+  for (let r = 0; r < cells.length; r++) {
+    for (let c = 0; c < cells[r].length; c++) {
+      const cell2 = cells[r][c];
+      cell2.assertions.sort(byId2);
+      if (cell2.assertions.length === 0) {
+        cell2.kind = "gap";
+        cell2.status = null;
+        continue;
+      }
+      if (cell2.assertions.every((a) => a.status === "n_a")) {
+        cell2.kind = "n_a_only";
+        cell2.status = "n_a";
+        continue;
+      }
+      cell2.kind = "bound";
+      cell2.status = aggregateStatus(cell2.assertions);
+    }
+  }
+  const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  for (let r = 0; r < cells.length; r++) {
+    const req = obligations[r];
+    const deadlineStatus = computeDeadlineStatus(req.deadline, today);
+    const isNew = !!config.snapshot_at && !!req.admitted_at && req.admitted_at > config.snapshot_at;
+    for (let c = 0; c < cells[r].length; c++) {
+      const cell2 = cells[r][c];
+      const isUrgent = cell2.kind === "gap" && (deadlineStatus === "past_due" || deadlineStatus === "in_force");
+      cell2.decoration = { isNew, isUrgent, deadlineStatus };
+    }
+  }
+  const obligationsLane = columns.map((_, c) => {
+    const codexIds = /* @__PURE__ */ new Set();
+    for (let r = 0; r < cells.length; r++) {
+      if (cells[r][c].kind !== "gap") {
+        for (const src of obligations[r].derived_from ?? []) {
+          codexIds.add(src);
+        }
+      }
+    }
+    return [...codexIds].sort();
+  });
+  return {
+    viewId: config.id,
+    viewName: config.name,
+    description: config.description,
+    snapshotAt: config.snapshot_at,
+    rows: obligations,
+    columns,
+    cells,
+    emptyLabels: {
+      no_obligation_label: config.empty_cells?.no_obligation_label ?? DEFAULT_NO_OBLIGATION_LABEL,
+      no_obligation_applies_label: config.empty_cells?.no_obligation_applies_label ?? DEFAULT_NO_OBLIGATION_APPLIES_LABEL
+    },
+    obligationsLane
+  };
+}
+function emptyCell() {
+  return {
+    status: null,
+    kind: "gap",
+    assertions: [],
+    decoration: { isNew: false, isUrgent: false, deadlineStatus: "none" }
+  };
+}
+var STATUS_GLYPH = {
+  compliant: "OK",
+  partial: "PARTIAL",
+  non_compliant: "FAIL",
+  under_review: "REVIEW",
+  n_a: "N/A"
+};
+function escMd(s) {
+  return s.replace(/\|/g, "\\|");
+}
+function renderImpactMarkdown(matrix) {
+  const lines = [];
+  lines.push(`# ${matrix.viewName}`);
+  lines.push("");
+  lines.push(`View ID: \`${matrix.viewId}\``);
+  if (matrix.snapshotAt) lines.push(`Report snapshot: ${matrix.snapshotAt}`);
+  if (matrix.description) {
+    lines.push("");
+    lines.push(matrix.description);
+  }
+  lines.push("");
+  if (matrix.rows.length === 0) {
+    lines.push("_No obligations in scope \u2014 the configured filter / include selected zero REQUIREMENTs._");
+    return lines.join("\n") + "\n";
+  }
+  if (matrix.columns.length === 0) {
+    lines.push("_No subjects in scope \u2014 `view.subjects` is empty._");
+    return lines.join("\n") + "\n";
+  }
+  const header = ["Obligation", ...matrix.columns.map((col) => escMd(col.label))];
+  lines.push("| " + header.join(" | ") + " |");
+  lines.push("|" + header.map(() => "---").join("|") + "|");
+  for (let r = 0; r < matrix.rows.length; r++) {
+    const row = matrix.rows[r];
+    const rowLabel = `${row.id}${row.name && row.name !== row.id ? ` \u2014 ${row.name}` : ""}`;
+    const cells = matrix.cells[r].map((cell2) => renderCell(cell2, matrix.emptyLabels));
+    lines.push("| " + [escMd(rowLabel), ...cells].join(" | ") + " |");
+  }
+  lines.push("");
+  lines.push("## Legend");
+  lines.push("");
+  lines.push("- **OK / PARTIAL / FAIL / REVIEW / N/A** \u2014 aggregated `ASSERTION.status` per \xA75.2.");
+  lines.push(`- **${escMd(matrix.emptyLabels.no_obligation_label)}** \u2014 modelling gap; no admitted ASSERTION binds this (obligation, subject) pair.`);
+  lines.push(`- **${escMd(matrix.emptyLabels.no_obligation_applies_label)}** \u2014 modelled fact; an admitted ASSERTION with status \`n_a\` excludes this pair.`);
+  return lines.join("\n") + "\n";
+}
+function renderCell(cell2, labels) {
+  if (cell2.kind === "gap") return escMd(labels.no_obligation_label);
+  if (cell2.kind === "n_a_only") return escMd(labels.no_obligation_applies_label);
+  return STATUS_GLYPH[cell2.status];
+}
+
+// ../diagrams/src/compliance/gap-report.ts
+var SEVERITY_RANK = { high: 0, medium: 1, low: 2 };
+function severityRank(s) {
+  return s !== void 0 && s in SEVERITY_RANK ? SEVERITY_RANK[s] : 3;
+}
+function allAssertions(index) {
+  const out = [];
+  for (const list of index.assertionsByRequirement.values()) out.push(...list);
+  return out;
+}
+function buildGapReport(index, options = {}) {
+  const { today } = options;
+  const requirementsWithoutAssertions = [...index.requirementById.values()].filter((r) => (index.assertionsByRequirement.get(r.id) ?? []).length === 0).sort((a, b) => {
+    const d = severityRank(a.severity) - severityRank(b.severity);
+    return d !== 0 ? d : a.id < b.id ? -1 : a.id > b.id ? 1 : 0;
+  });
+  const assertions = allAssertions(index);
+  const assertionsWithoutEvidence = assertions.filter((a) => (a.status === "compliant" || a.status === "partial") && (a.evidenceCount ?? 0) === 0).sort((a, b) => a.id < b.id ? -1 : a.id > b.id ? 1 : 0);
+  const staleAssertions = (today ? assertions.filter((a) => typeof a.next_review_at === "string" && a.next_review_at < today) : []).sort((a, b) => {
+    const ra = a.next_review_at ?? "";
+    const rb = b.next_review_at ?? "";
+    return ra < rb ? -1 : ra > rb ? 1 : a.id < b.id ? -1 : 1;
+  });
+  const pastDeadlineRequirements = today ? [...index.requirementById.values()].filter((r) => {
+    if (computeDeadlineStatus(r.deadline, today) !== "past_due") return false;
+    const assertions2 = index.assertionsByRequirement.get(r.id) ?? [];
+    const hasCompliant = assertions2.some((a) => a.status === "compliant");
+    return !hasCompliant;
+  }).sort((a, b) => {
+    const da = a.deadline ?? "";
+    const db = b.deadline ?? "";
+    return da < db ? -1 : da > db ? 1 : a.id < b.id ? -1 : 1;
+  }) : [];
+  return { requirementsWithoutAssertions, assertionsWithoutEvidence, staleAssertions, pastDeadlineRequirements };
+}
+
+// ../diagrams/src/compliance/classify.ts
+function emptyCanon() {
+  return { products: [], requirements: [], assertions: [], codex: [] };
+}
+var str = (v) => typeof v === "string" ? v : void 0;
+var strArray = (v) => Array.isArray(v) ? v.filter((x) => typeof x === "string") : void 0;
+function ingestComplianceDoc(canon, doc) {
+  if (doc === null || typeof doc !== "object" || Array.isArray(doc)) return null;
+  const d = doc;
+  const id = str(d.id);
+  if (!id) return null;
+  if (d.notation === "product") {
+    canon.products.push({ id, name: str(d.name) ?? id });
+    return id;
+  }
+  if (d.notation === "requirement") {
+    canon.requirements.push({
+      id,
+      name: str(d.name) ?? id,
+      severity: str(d.severity),
+      derived_from: strArray(d.derived_from),
+      admitted_at: str(d.admitted_at),
+      deadline: str(d.deadline)
+    });
+    return id;
+  }
+  if (d.notation === "assertion") {
+    const about = str(d.about);
+    const subject = str(d.subject);
+    const status = str(d.status);
+    if (!about || !subject || !status) return null;
+    canon.assertions.push({
+      id,
+      about,
+      subject,
+      status,
+      assessed_at: str(d.assessed_at),
+      next_review_at: str(d.next_review_at),
+      evidenceCount: Array.isArray(d.evidence) ? d.evidence.length : 0,
+      admitted_at: str(d.admitted_at),
+      realised_via: strArray(d.realised_via)
+    });
+    return id;
+  }
+  if (d.zone === "codex") {
+    canon.codex.push({ id, name: str(d.name) ?? id, type: str(d.type), jurisdiction: str(d.jurisdiction) });
+    return id;
+  }
+  return null;
+}
+
+// ../diagrams/src/typed-id.ts
+var TYPE_PREFIX_RE = /^([A-Z][A-Z0-9_]*)-/;
+function typeOfId(id) {
+  if (typeof id !== "string") return null;
+  const m = TYPE_PREFIX_RE.exec(id);
+  return m ? m[1] : null;
+}
+
+// ../diagrams/src/compliance-matrix/build.ts
+function pairKey(subject, about) {
+  return `${subject}\0${about}`;
+}
+function byId3(a, b) {
+  return a.id < b.id ? -1 : a.id > b.id ? 1 : 0;
+}
+function buildComplianceMatrix(input) {
+  const productMap = /* @__PURE__ */ new Map();
+  for (const p of input.products) productMap.set(p.id, { id: p.id, name: p.name });
+  const byPair = /* @__PURE__ */ new Map();
+  let productAssertions = 0;
+  for (const a of input.assertions) {
+    if (typeOfId(a.subject) !== "PRODUCT") continue;
+    productAssertions++;
+    if (!productMap.has(a.subject)) {
+      productMap.set(a.subject, { id: a.subject, name: a.subject, unresolved: true });
+    }
+    byPair.set(pairKey(a.subject, a.about), a);
+  }
+  const products = [...productMap.values()].sort(byId3);
+  const jurisdictionByCodex = /* @__PURE__ */ new Map();
+  for (const c of input.codex ?? []) {
+    if (c.jurisdiction) jurisdictionByCodex.set(c.id, c.jurisdiction);
+  }
+  const requirements = [...input.requirements].sort(byId3).map((r) => {
+    const jset = /* @__PURE__ */ new Set();
+    for (const src of r.derived_from ?? []) {
+      const j = jurisdictionByCodex.get(src);
+      if (j) jset.add(j);
+    }
+    const jurisdictions = jset.size ? [...jset].sort() : void 0;
+    return { ...r, jurisdictions };
+  });
+  let gaps = 0;
+  const cells = products.map(
+    (p) => requirements.map((r) => {
+      const a = byPair.get(pairKey(p.id, r.id));
+      if (!a) {
+        gaps++;
+        return { productId: p.id, requirementId: r.id };
+      }
+      return {
+        productId: p.id,
+        requirementId: r.id,
+        assertionId: a.id,
+        status: a.status,
+        assessed_at: a.assessed_at,
+        next_review_at: a.next_review_at
+      };
+    })
+  );
+  return {
+    products,
+    requirements,
+    cells,
+    summary: {
+      products: products.length,
+      requirements: requirements.length,
+      assertions: productAssertions,
+      gaps
+    }
+  };
+}
+
+// ../diagrams/src/compliance/markdown.ts
+var STATUS_LABELS = {
+  compliant: "Compliant",
+  partial: "Partial",
+  non_compliant: "Non-compliant",
+  under_review: "Under review",
+  n_a: "N/A"
+};
+function cell(s) {
+  return s.replace(/\|/g, "\\|").replace(/\r?\n/g, " ");
+}
+function renderComplianceMarkdown(canon, scope, options = {}) {
+  switch (scope.mode) {
+    case "matrix":
+      return matrixMarkdown(canon);
+    case "law":
+      return lawMarkdown(canon, scope.id);
+    case "product":
+      return productMarkdown(canon, scope.id);
+    case "gap":
+      return gapMarkdown(canon, options.today);
+  }
+}
+function matrixMarkdown(canon) {
+  const m = buildComplianceMatrix({ products: canon.products, requirements: canon.requirements, assertions: canon.assertions });
+  const out = ["# Compliance Matrix", ""];
+  out.push(`_${m.summary.products} products \xD7 ${m.summary.requirements} requirements \xB7 ${m.summary.gaps} gaps \xB7 ${m.summary.assertions} assertions_`, "");
+  if (m.products.length === 0 || m.requirements.length === 0) {
+    out.push("_No products or requirements found in the scanned canon._", "");
+    return out.join("\n");
+  }
+  out.push(`| Product \\ Requirement | ${m.requirements.map((r) => cell(r.name)).join(" | ")} |`);
+  out.push(`|---|${m.requirements.map(() => "---").join("|")}|`);
+  m.products.forEach((p, ri) => {
+    const cells = m.requirements.map((_r, ci) => {
+      const c = m.cells[ri][ci];
+      return c.status ? STATUS_LABELS[c.status] : "\u2014";
+    });
+    const name = cell(p.name) + (p.unresolved ? " \u26A0" : "");
+    out.push(`| ${name} | ${cells.join(" | ")} |`);
+  });
+  out.push("");
+  return out.join("\n");
+}
+function lawMarkdown(canon, lawId) {
+  const index = buildComplianceIndex({ requirements: canon.requirements, assertions: canon.assertions });
+  const tree = buildLawTree(lawId, index);
+  const law = canon.codex.find((c) => c.id === lawId);
+  const out = [`# Compliance \u2014 ${law ? law.name : lawId}`, ""];
+  out.push(`\`${lawId}\` \xB7 ${tree.requirements.length} requirement(s)`, "");
+  if (tree.requirements.length === 0) {
+    out.push(`_No requirements derive from \`${lawId}\`._`, "");
+    return out.join("\n");
+  }
+  for (const node of tree.requirements) {
+    const sev = node.requirement.severity ? ` \u2014 severity: ${node.requirement.severity}` : "";
+    out.push(`## ${node.requirement.name} (\`${node.requirement.id}\`)${sev}`, "");
+    if (node.assertions.length === 0) {
+      out.push("_No assertion \u2014 compliance gap._", "");
+      continue;
+    }
+    for (const a of node.assertions) {
+      const meta = [a.assessed_at ? `assessed ${a.assessed_at}` : null, a.next_review_at ? `review by ${a.next_review_at}` : null].filter(Boolean).join(", ");
+      out.push(`- **${STATUS_LABELS[a.status]}** \u2014 \`${a.id}\` (subject \`${a.subject}\`${meta ? `; ${meta}` : ""})`);
+    }
+    out.push("");
+  }
+  return out.join("\n");
+}
+function productMarkdown(canon, productId) {
+  const index = buildComplianceIndex({ requirements: canon.requirements, assertions: canon.assertions });
+  const view = buildProductView(productId, index);
+  const product = canon.products.find((p) => p.id === productId);
+  const out = [`# Compliance \u2014 ${product ? product.name : productId}`, ""];
+  out.push(`\`${productId}\` \xB7 ${view.requirements.length} requirement(s) asserted`, "");
+  if (view.requirements.length === 0) {
+    out.push("_No assertion names this product as its subject._", "");
+    return out.join("\n");
+  }
+  out.push("| Requirement | Status | Assertion | Next review |", "|---|---|---|---|");
+  for (const { requirement, assertion } of view.requirements) {
+    out.push(`| ${cell(requirement.name)} (\`${requirement.id}\`) | ${STATUS_LABELS[assertion.status]} | \`${assertion.id}\` | ${assertion.next_review_at ?? "\u2014"} |`);
+  }
+  out.push("");
+  return out.join("\n");
+}
+function gapMarkdown(canon, today) {
+  const index = buildComplianceIndex({ requirements: canon.requirements, assertions: canon.assertions });
+  const report = buildGapReport(index, { today });
+  const total = report.requirementsWithoutAssertions.length + report.assertionsWithoutEvidence.length + report.staleAssertions.length + report.pastDeadlineRequirements.length;
+  const out = ["# Compliance Gap Dashboard", "", `_${total} gap(s) across 4 checks_`, ""];
+  out.push(`## Requirements without assertions (${report.requirementsWithoutAssertions.length})`, "");
+  if (report.requirementsWithoutAssertions.length === 0) out.push("_\u2713 none_", "");
+  else {
+    for (const r of report.requirementsWithoutAssertions) out.push(`- [ ] \`${r.id}\` ${r.name}${r.severity ? ` \u2014 severity: ${r.severity}` : ""}${r.deadline ? ` \u2014 deadline: ${r.deadline}` : ""}`);
+    out.push("");
+  }
+  out.push(`## Assertions without evidence \u2014 ASSERT-007 (${report.assertionsWithoutEvidence.length})`, "");
+  if (report.assertionsWithoutEvidence.length === 0) out.push("_\u2713 none_", "");
+  else {
+    for (const a of report.assertionsWithoutEvidence) out.push(`- [ ] \`${a.id}\` \u2014 about \`${a.about}\`, subject \`${a.subject}\`, status ${a.status}`);
+    out.push("");
+  }
+  out.push(`## Stale assertions \u2014 ASSERT-008 (${report.staleAssertions.length})`, "");
+  if (report.staleAssertions.length === 0) out.push("_\u2713 none_", "");
+  else {
+    for (const a of report.staleAssertions) out.push(`- [ ] \`${a.id}\` \u2014 review due ${a.next_review_at ?? "\u2014"}, subject \`${a.subject}\``);
+    out.push("");
+  }
+  out.push(`## Past-deadline requirements \u2014 CV-5 (${report.pastDeadlineRequirements.length})`, "");
+  if (report.pastDeadlineRequirements.length === 0) out.push("_\u2713 none_", "");
+  else {
+    for (const r of report.pastDeadlineRequirements) out.push(`- [ ] \`${r.id}\` ${r.name} \u2014 deadline: ${r.deadline ?? "\u2014"}${r.severity ? `, severity: ${r.severity}` : ""}`);
+    out.push("");
+  }
+  return out.join("\n");
+}
+
+// ../diagrams/src/compliance/html.ts
+var STATUS_LABELS2 = {
+  compliant: "Compliant",
+  partial: "Partial",
+  non_compliant: "Non-compliant",
+  under_review: "Under review",
+  n_a: "N/A"
+};
+function escHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function badge(status) {
+  return `<span class="cmp-badge cmp-${status}">${escHtml(STATUS_LABELS2[status])}</span>`;
+}
+var CSS = `
+@page {
+  size: A4 portrait;
+  margin: 18mm 16mm 22mm;
+  @bottom-left { content: "Transitrix \u2014 compliance report"; font: 9pt "Helvetica", "Arial", sans-serif; color: #475569; }
+  @bottom-right { content: "Page " counter(page) " / " counter(pages); font: 9pt "Helvetica", "Arial", sans-serif; color: #475569; }
+}
+html, body { margin: 0; padding: 0; }
+body { font-family: "Helvetica", "Arial", sans-serif; font-size: 10pt; color: #0f172a; line-height: 1.4; }
+.cmp-header { border-bottom: 2px solid #004d67; padding-bottom: 6pt; margin-bottom: 14pt; }
+.cmp-header .cmp-eyebrow { font-size: 8.5pt; letter-spacing: 0.08em; text-transform: uppercase; color: #004d67; font-weight: 700; }
+.cmp-header h1 { font-size: 17pt; margin: 2pt 0 4pt; color: #0f172a; }
+.cmp-header .cmp-stamp { font-size: 9pt; color: #475569; }
+h2 { font-size: 12pt; margin: 16pt 0 6pt; color: #0f172a; page-break-after: avoid; }
+h2 .cmp-count { color: #64748b; font-weight: 400; font-size: 10pt; }
+p.cmp-empty { color: #64748b; font-style: italic; }
+table { border-collapse: collapse; width: 100%; font-size: 9.5pt; margin-bottom: 10pt; }
+th, td { border: 0.5pt solid #cbd5e1; padding: 4pt 6pt; text-align: left; vertical-align: top; }
+th { background: #f1f5f9; font-weight: 700; color: #0f172a; }
+table.cmp-matrix th:first-child, table.cmp-matrix td:first-child { background: #f8fafc; font-weight: 600; }
+code, .cmp-id { font-family: "Menlo", "Consolas", monospace; font-size: 9pt; color: #475569; }
+.cmp-badge { display: inline-block; padding: 1pt 6pt; border-radius: 8pt; font-size: 8.5pt; font-weight: 700; }
+.cmp-compliant { background: #d1fae5; color: #065f46; }
+.cmp-partial { background: #fef9c3; color: #854d0e; }
+.cmp-non_compliant { background: #fee2e2; color: #991b1b; }
+.cmp-under_review { background: #e0f2fe; color: #0c4a6e; }
+.cmp-n_a { background: #f1f5f9; color: #64748b; }
+.cmp-cell-gap { color: #94a3b8; text-align: center; }
+.cmp-req { border: 0.5pt solid #cbd5e1; border-radius: 3pt; margin-bottom: 8pt; page-break-inside: avoid; }
+.cmp-req-head { background: #f1f5f9; padding: 5pt 8pt; }
+.cmp-req-head .cmp-req-name { font-weight: 700; color: #0f172a; }
+.cmp-req-head .cmp-req-id { margin-left: 6pt; color: #475569; font-size: 9pt; font-family: "Menlo", "Consolas", monospace; }
+.cmp-sev { font-size: 8pt; text-transform: uppercase; letter-spacing: 0.06em; margin-left: 8pt; }
+.cmp-sev-high { color: #b91c1c; }
+.cmp-sev-medium { color: #b45309; }
+.cmp-sev-low { color: #2563eb; }
+.cmp-assertions { list-style: none; margin: 0; padding: 0; }
+.cmp-assertions li { padding: 4pt 8pt 4pt 16pt; border-top: 0.5pt solid #e2e8f0; }
+.cmp-assertions li .cmp-meta { color: #475569; font-size: 8.5pt; margin-left: 6pt; }
+.cmp-section { margin-bottom: 12pt; }
+.cmp-rows { list-style: none; margin: 0; padding: 0; }
+.cmp-rows li { padding: 3pt 0 3pt 14pt; border-bottom: 0.5pt solid #e2e8f0; text-indent: -10pt; }
+.cmp-rows li::before { content: "\u2610"; color: #94a3b8; margin-right: 6pt; }
+.cmp-ok { color: #065f46; font-weight: 600; }
+.cmp-summary { font-size: 9pt; color: #475569; }
+`;
+function htmlDoc(title, today, body) {
+  const stamp = today ? `Generated ${escHtml(today)}` : "";
+  return [
+    "<!doctype html>",
+    '<html lang="en">',
+    "<head>",
+    '<meta charset="utf-8"/>',
+    `<title>${escHtml(title)}</title>`,
+    `<style>${CSS}</style>`,
+    "</head>",
+    "<body>",
+    '<header class="cmp-header">',
+    '<div class="cmp-eyebrow">Transitrix \xB7 Compliance</div>',
+    `<h1>${escHtml(title)}</h1>`,
+    stamp ? `<div class="cmp-stamp">${stamp}</div>` : "",
+    "</header>",
+    body,
+    "</body>",
+    "</html>",
+    ""
+  ].join("\n");
+}
+function renderComplianceHtml(canon, scope, options = {}) {
+  switch (scope.mode) {
+    case "matrix": {
+      const m = buildComplianceMatrix({ products: canon.products, requirements: canon.requirements, assertions: canon.assertions });
+      const title = options.title ?? "Compliance Matrix";
+      const summary = `<p class="cmp-summary">${m.summary.products} products \xD7 ${m.summary.requirements} requirements \xB7 ${m.summary.gaps} gaps \xB7 ${m.summary.assertions} assertions</p>`;
+      if (m.products.length === 0 || m.requirements.length === 0) {
+        return htmlDoc(title, options.today, `${summary}<p class="cmp-empty">No products or requirements found in the scanned canon.</p>`);
+      }
+      const head = `<tr><th>Product \\ Requirement</th>${m.requirements.map((r) => `<th>${escHtml(r.name)}</th>`).join("")}</tr>`;
+      const rows = m.products.map((p, ri) => {
+        const cells = m.requirements.map((_r, ci) => {
+          const c = m.cells[ri][ci];
+          return c.status ? `<td>${badge(c.status)}</td>` : '<td class="cmp-cell-gap">\u2014</td>';
+        }).join("");
+        const name = escHtml(p.name) + (p.unresolved ? ' <span class="cmp-sev cmp-sev-high">unresolved</span>' : "");
+        return `<tr><td>${name}</td>${cells}</tr>`;
+      }).join("");
+      return htmlDoc(title, options.today, `${summary}<table class="cmp-matrix"><thead>${head}</thead><tbody>${rows}</tbody></table>`);
+    }
+    case "law": {
+      const index = buildComplianceIndex({ requirements: canon.requirements, assertions: canon.assertions });
+      const tree = buildLawTree(scope.id, index);
+      const law = canon.codex.find((c) => c.id === scope.id);
+      const title = options.title ?? `Compliance \u2014 ${law ? law.name : scope.id}`;
+      const summary = `<p class="cmp-summary"><code>${escHtml(scope.id)}</code> \xB7 ${tree.requirements.length} requirement(s)</p>`;
+      if (tree.requirements.length === 0) {
+        return htmlDoc(title, options.today, `${summary}<p class="cmp-empty">No requirements derive from <code>${escHtml(scope.id)}</code>.</p>`);
+      }
+      const blocks = tree.requirements.map((node) => {
+        const sev = node.requirement.severity ? ` <span class="cmp-sev cmp-sev-${escHtml(node.requirement.severity)}">${escHtml(node.requirement.severity)}</span>` : "";
+        const head = `<div class="cmp-req-head"><span class="cmp-req-name">${escHtml(node.requirement.name)}</span><span class="cmp-req-id">${escHtml(node.requirement.id)}</span>${sev}</div>`;
+        if (node.assertions.length === 0) {
+          return `<section class="cmp-req">${head}<ul class="cmp-assertions"><li><em>No assertion \u2014 compliance gap.</em></li></ul></section>`;
+        }
+        const items = node.assertions.map((a) => {
+          const metaParts = [];
+          if (a.assessed_at) metaParts.push(`assessed ${escHtml(a.assessed_at)}`);
+          if (a.next_review_at) metaParts.push(`review by ${escHtml(a.next_review_at)}`);
+          const meta = metaParts.length > 0 ? `<span class="cmp-meta">${metaParts.join(" \xB7 ")}</span>` : "";
+          return `<li>${badge(a.status)} <code>${escHtml(a.id)}</code> <span class="cmp-meta">subject <code>${escHtml(a.subject)}</code></span> ${meta}</li>`;
+        }).join("");
+        return `<section class="cmp-req">${head}<ul class="cmp-assertions">${items}</ul></section>`;
+      }).join("");
+      return htmlDoc(title, options.today, `${summary}${blocks}`);
+    }
+    case "product": {
+      const index = buildComplianceIndex({ requirements: canon.requirements, assertions: canon.assertions });
+      const view = buildProductView(scope.id, index);
+      const product = canon.products.find((p) => p.id === scope.id);
+      const title = options.title ?? `Compliance \u2014 ${product ? product.name : scope.id}`;
+      const summary = `<p class="cmp-summary"><code>${escHtml(scope.id)}</code> \xB7 ${view.requirements.length} requirement(s) asserted</p>`;
+      if (view.requirements.length === 0) {
+        return htmlDoc(title, options.today, `${summary}<p class="cmp-empty">No assertion names this product as its subject.</p>`);
+      }
+      const rows = view.requirements.map(({ requirement, assertion }) => `<tr><td>${escHtml(requirement.name)} <code>${escHtml(requirement.id)}</code></td><td>${badge(assertion.status)}</td><td><code>${escHtml(assertion.id)}</code></td><td>${assertion.next_review_at ? escHtml(assertion.next_review_at) : "\u2014"}</td></tr>`).join("");
+      const head = "<tr><th>Requirement</th><th>Status</th><th>Assertion</th><th>Next review</th></tr>";
+      return htmlDoc(title, options.today, `${summary}<table><thead>${head}</thead><tbody>${rows}</tbody></table>`);
+    }
+    case "gap": {
+      const index = buildComplianceIndex({ requirements: canon.requirements, assertions: canon.assertions });
+      const report = buildGapReport(index, { today: options.today });
+      const title = options.title ?? "Compliance Gap Dashboard";
+      const total = report.requirementsWithoutAssertions.length + report.assertionsWithoutEvidence.length + report.staleAssertions.length;
+      const summary = `<p class="cmp-summary">${total} gap(s)</p>`;
+      const section = (heading, count, items) => {
+        const body2 = items.length === 0 ? '<p class="cmp-ok">\u2713 none</p>' : `<ul class="cmp-rows">${items.join("")}</ul>`;
+        return `<section class="cmp-section"><h2>${escHtml(heading)} <span class="cmp-count">(${count})</span></h2>${body2}</section>`;
+      };
+      const reqs = report.requirementsWithoutAssertions.map((r) => `<li><code>${escHtml(r.id)}</code> ${escHtml(r.name)}${r.severity ? ` <span class="cmp-meta">severity ${escHtml(r.severity)}</span>` : ""}${r.deadline ? ` <span class="cmp-meta">deadline ${escHtml(r.deadline)}</span>` : ""}</li>`);
+      const noEvidence = report.assertionsWithoutEvidence.map((a) => `<li><code>${escHtml(a.id)}</code> <span class="cmp-meta">about <code>${escHtml(a.about)}</code>, subject <code>${escHtml(a.subject)}</code>, status ${escHtml(a.status)}</span></li>`);
+      const stale = report.staleAssertions.map((a) => `<li><code>${escHtml(a.id)}</code> <span class="cmp-meta">review due ${a.next_review_at ? escHtml(a.next_review_at) : "\u2014"}, subject <code>${escHtml(a.subject)}</code></span></li>`);
+      const pastDl = report.pastDeadlineRequirements.map((r) => `<li><code>${escHtml(r.id)}</code> ${escHtml(r.name)} <span class="cmp-meta">deadline ${r.deadline ? escHtml(r.deadline) : "\u2014"}${r.severity ? `, severity ${escHtml(r.severity)}` : ""}</span></li>`);
+      const total4 = report.requirementsWithoutAssertions.length + report.assertionsWithoutEvidence.length + report.staleAssertions.length + report.pastDeadlineRequirements.length;
+      const body = [
+        `<p class="cmp-summary">${total4} gap(s) across 4 checks</p>`,
+        section("Requirements without assertions", report.requirementsWithoutAssertions.length, reqs),
+        section("Assertions without evidence \u2014 ASSERT-007", report.assertionsWithoutEvidence.length, noEvidence),
+        section("Stale assertions \u2014 ASSERT-008", report.staleAssertions.length, stale),
+        section("Past-deadline requirements (CV-5)", report.pastDeadlineRequirements.length, pastDl)
+      ].join("");
+      return htmlDoc(title, options.today, body);
+    }
+  }
+}
+function renderImpactMatrixHtml(matrix, options = {}) {
+  const STATUS_GLYPH2 = {
+    compliant: "OK",
+    partial: "PARTIAL",
+    non_compliant: "FAIL",
+    under_review: "REVIEW",
+    n_a: "N/A"
+  };
+  const statusClass = (s) => s ?? "gap";
+  const colHeaders = matrix.columns.map((c) => `<th>${escHtml(c.label)}</th>`).join("");
+  const head = `<tr><th>Obligation</th>${colHeaders}</tr>`;
+  const rows = matrix.rows.map((req, ri) => {
+    const rowLabel = `${escHtml(req.id)}${req.name && req.name !== req.id ? ` \u2014 ${escHtml(req.name)}` : ""}`;
+    const cells = matrix.cells[ri].map((cell2) => {
+      if (cell2.kind === "gap") return `<td class="cmp-gap">${escHtml(matrix.emptyLabels.no_obligation_label)}</td>`;
+      if (cell2.kind === "n_a_only") return `<td class="cmp-na">${escHtml(matrix.emptyLabels.no_obligation_applies_label)}</td>`;
+      const glyph = STATUS_GLYPH2[cell2.status ?? ""] ?? String(cell2.status);
+      return `<td class="cmp-${statusClass(cell2.status)}">${escHtml(glyph)}</td>`;
+    }).join("");
+    const dlInfo = req.deadline ? ` <span class="cmp-dl">\u2691 ${escHtml(req.deadline)}</span>` : "";
+    return `<tr><td class="cmp-row-label">${rowLabel}${dlInfo}</td>${cells}</tr>`;
+  }).join("");
+  const snapshotLine = matrix.snapshotAt ? `<span>Snapshot: ${escHtml(matrix.snapshotAt)}</span>` : "";
+  const desc = matrix.description ? `<p>${escHtml(matrix.description)}</p>` : "";
+  const extraCss = `
+table { border-collapse: collapse; width: 100%; font-size: 9pt; }
+th, td { border: 1px solid #cbd5e1; padding: 3pt 5pt; text-align: center; vertical-align: middle; }
+td.cmp-row-label { text-align: left; font-size: 8.5pt; max-width: 180pt; white-space: normal; }
+.cmp-compliant { background: #d1fae5; color: #065f46; font-weight: 700; }
+.cmp-partial { background: #fef9c3; color: #854d0e; font-weight: 700; }
+.cmp-non_compliant { background: #fee2e2; color: #991b1b; font-weight: 700; }
+.cmp-under_review { background: #e0f2fe; color: #0c4a6e; }
+.cmp-gap { background: #f8fafc; color: #94a3b8; font-size: 8pt; }
+.cmp-na { background: #f1f5f9; color: #94a3b8; font-size: 8pt; }
+.cmp-dl { color: #b45309; font-size: 8pt; }`;
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<style>
+${CSS}
+${extraCss}
+</style>
+</head>
+<body>
+<div class="cmp-header">
+  <div class="cmp-eyebrow">Compliance Impact Matrix</div>
+  <h1>${escHtml(matrix.viewName)}</h1>
+  <div class="cmp-stamp">View: <code>${escHtml(matrix.viewId)}</code> ${snapshotLine}${options.today ? ` \xB7 Generated: ${escHtml(options.today)}` : ""}</div>
+</div>
+${desc}
+<table><thead>${head}</thead><tbody>${rows}</tbody></table>
+</body>
+</html>`;
+}
+
+// ../diagrams/src/confidence/score.ts
+var SOURCE_TRUST_WEIGHTS = {
+  authoritative: 1,
+  corroborated: 0.8,
+  single_source: 0.5,
+  unverified: 0.25
+};
+var UNVERIFIED_WEIGHT = SOURCE_TRUST_WEIGHTS.unverified;
+
+// ../../src/export-compliance.ts
+function flagValue(argv, name) {
+  const i = argv.indexOf(name);
+  return i >= 0 && i + 1 < argv.length ? argv[i + 1] : void 0;
+}
+function loadViewConfigRaw(registry, reportId, root) {
+  const candidates = [];
+  if (registry) {
+    candidates.push(
+      path.join(registry, `${reportId}.compliance-impact.view.yaml`),
+      path.join(registry, `${reportId}.yaml`)
+    );
+  }
+  candidates.push(
+    path.join(root, `${reportId}.compliance-impact.view.yaml`),
+    path.join(root, `${reportId}.yaml`)
+  );
+  for (const candidate of candidates) {
+    try {
+      const raw = yaml.load(readFileSync(candidate, "utf-8"));
+      return raw;
+    } catch {
+    }
+  }
+  try {
+    const entries = readdirSync(root, { recursive: true });
+    for (const rel of entries) {
+      if (typeof rel !== "string") continue;
+      if (!/\.ya?ml$/i.test(rel)) continue;
+      if (rel.split(/[\\/]/).includes("node_modules")) continue;
+      try {
+        const raw = yaml.load(readFileSync(path.join(root, rel), "utf-8"));
+        if (raw && typeof raw === "object") {
+          const r = raw;
+          const inner = r.view && typeof r.view === "object" ? r.view : r;
+          if (inner.id === reportId) return raw;
+        }
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return null;
+}
+function scanCanonFs(root) {
+  const canon = emptyCanon();
+  let entries = [];
+  try {
+    entries = readdirSync(root, { recursive: true });
+  } catch {
+    return canon;
+  }
+  for (const rel of entries) {
+    if (typeof rel !== "string" || !/\.ya?ml$/i.test(rel)) continue;
+    if (rel.split(/[\\/]/).includes("node_modules")) continue;
+    let parsed;
+    try {
+      parsed = yaml.load(readFileSync(path.join(root, rel), "utf-8"));
+    } catch {
+      continue;
+    }
+    ingestComplianceDoc(canon, parsed);
+  }
+  return canon;
+}
+function parseScope(scopeArg) {
+  if (!scopeArg || scopeArg === "matrix") return { mode: "matrix" };
+  if (scopeArg === "gap") return { mode: "gap" };
+  if (scopeArg.startsWith("law:")) return { mode: "law", id: scopeArg.slice("law:".length) };
+  if (scopeArg.startsWith("product:")) return { mode: "product", id: scopeArg.slice("product:".length) };
+  return null;
+}
+var WEASYPRINT_TIMEOUT_MS = 12e4;
+function runWeasyPrint(htmlPath, pdfPath, opts) {
+  const timeoutMs = opts?.timeoutMs ?? WEASYPRINT_TIMEOUT_MS;
+  const candidates = process.platform === "win32" ? ["weasyprint.exe", "weasyprint"] : ["weasyprint"];
+  let lastErr = null;
+  for (const cmd of candidates) {
+    const res = spawnSync(cmd, [htmlPath, pdfPath], { encoding: "utf-8", timeout: timeoutMs });
+    if (res.error) {
+      const err = res.error;
+      if (err.code === "ENOENT") {
+        lastErr = err;
+        continue;
+      }
+      if (err.code === "ETIMEDOUT") {
+        return {
+          ok: false,
+          message: `weasyprint timed out after ${Math.round(timeoutMs / 1e3)}s \u2014 the report may be too large or WeasyPrint may be hung.`
+        };
+      }
+      return { ok: false, message: `weasyprint failed to launch: ${err.message}` };
+    }
+    if (res.status !== 0) {
+      const stderr = (res.stderr || "").trim();
+      return {
+        ok: false,
+        message: `weasyprint exited with code ${res.status}${stderr ? `:
+${stderr}` : ""}`
+      };
+    }
+    return { ok: true };
+  }
+  return {
+    ok: false,
+    message: "weasyprint executable not found on PATH. PDF export requires WeasyPrint (https://weasyprint.org/) \u2014 install it (e.g. `pipx install weasyprint`) and re-run." + (lastErr ? ` Last error: ${lastErr.message}` : "")
+  };
+}
+function defaultPdfFilename(scope) {
+  switch (scope.mode) {
+    case "matrix":
+      return "compliance-matrix.pdf";
+    case "gap":
+      return "compliance-gap.pdf";
+    case "law":
+      return `compliance-${scope.id}.pdf`;
+    case "product":
+      return `compliance-${scope.id}.pdf`;
+  }
+}
+async function handleExportComplianceCommand(argv) {
+  const format = (flagValue(argv, "--format") ?? "md").toLowerCase();
+  const output = flagValue(argv, "--output");
+  const root = flagValue(argv, "--root") ?? process.cwd();
+  const reportId = flagValue(argv, "--report");
+  const registry = flagValue(argv, "--registry");
+  if (format !== "md" && format !== "pdf") {
+    console.error(`export-compliance: unknown --format '${format}' (expected md or pdf).`);
+    process.exit(1);
+  }
+  const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  if (reportId) {
+    const rawCfg = loadViewConfigRaw(registry, reportId, root);
+    if (!rawCfg) {
+      console.error(`export-compliance: view-config '${reportId}' not found. Searched${registry ? ` registry '${registry}'` : ""} and root '${root}'.`);
+      process.exit(1);
+    }
+    const parseResult = parseImpactViewConfig(rawCfg);
+    if (!parseResult.ok) {
+      console.error(`export-compliance: view-config '${reportId}' is invalid:
+${parseResult.errors.map((e) => `  - ${e}`).join("\n")}`);
+      process.exit(1);
+    }
+    const viewConfig = parseResult.config;
+    console.error(`[export-compliance] report: ${viewConfig.id} | format: ${format}`);
+    const canon2 = scanCanonFs(root);
+    const effectiveProducts = viewConfig.subjects?.products?.length ? viewConfig.subjects.products : canon2.products.map((p) => p.id).sort();
+    const matrix = buildImpactMatrix(
+      { products: canon2.products, requirements: canon2.requirements, assertions: canon2.assertions, codex: canon2.codex },
+      { ...viewConfig, subjects: { ...viewConfig.subjects, products: effectiveProducts } }
+    );
+    if (format === "md") {
+      const markdown = renderImpactMarkdown(matrix);
+      if (output) {
+        writeFileSync(output, markdown, "utf-8");
+        console.error(`Wrote ${output}`);
+      } else {
+        process.stdout.write(markdown);
+      }
+      return;
+    }
+    const html2 = renderImpactMatrixHtml(matrix, { today });
+    const pdfPath2 = output ?? `compliance-impact-${viewConfig.id}.pdf`;
+    const tmpDir2 = mkdtempSync(path.join(os.tmpdir(), "cervin-export-"));
+    const htmlPath2 = path.join(tmpDir2, "report.html");
+    try {
+      writeFileSync(htmlPath2, html2, "utf-8");
+      const result = runWeasyPrint(htmlPath2, pdfPath2);
+      if (!result.ok) {
+        console.error(`export-compliance: ${result.message}`);
+        process.exit(1);
+      }
+      console.error(`Wrote ${pdfPath2}`);
+    } finally {
+      try {
+        rmSync(tmpDir2, { recursive: true, force: true });
+      } catch {
+      }
+    }
+    return;
+  }
+  const scope = parseScope(flagValue(argv, "--scope"));
+  if (scope === null) {
+    console.error("export-compliance: unknown --scope (expected law:<LAW-ID>, product:<PRODUCT-ID>, gap, or omit for the full matrix). Use --report <id> for named view-config.");
+    process.exit(1);
+  }
+  const canon = scanCanonFs(root);
+  if (format === "md") {
+    const markdown = renderComplianceMarkdown(canon, scope, { today });
+    if (output) {
+      writeFileSync(output, markdown, "utf-8");
+      console.error(`Wrote ${output}`);
+    } else {
+      process.stdout.write(markdown);
+    }
+    return;
+  }
+  const html = renderComplianceHtml(canon, scope, { today });
+  const pdfPath = output ?? defaultPdfFilename(scope);
+  const tmpDir = mkdtempSync(path.join(os.tmpdir(), "cervin-export-"));
+  const htmlPath = path.join(tmpDir, "report.html");
+  try {
+    writeFileSync(htmlPath, html, "utf-8");
+    const result = runWeasyPrint(htmlPath, pdfPath);
+    if (!result.ok) {
+      console.error(`export-compliance: ${result.message}`);
+      process.exit(1);
+    }
+    console.error(`Wrote ${pdfPath}`);
+  } finally {
+    try {
+      rmSync(tmpDir, { recursive: true, force: true });
+    } catch {
+    }
+  }
+}
+export {
+  WEASYPRINT_TIMEOUT_MS,
+  handleExportComplianceCommand,
+  runWeasyPrint
+};