@vibecheckai/cli 2.5.1

package/dist/scan/proof-bundle.js

@@ -0,0 +1,203 @@
+"use strict";
+/**
+ * Proof Bundle Generator
+ *
+ * Creates zip file with traces/HAR/screenshots/log excerpts
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProofBundleGenerator = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const crypto_1 = require("crypto");
+class ProofBundleGenerator {
+    /**
+     * Create proof bundle zip file
+     */
+    async createBundle(artifactsDir, scanResult, proofGraph, deadUI, playwright) {
+        // Only create bundle if there are failures
+        if (scanResult.verdict === 'PASS' && deadUI.findings.length === 0 && playwright.passed) {
+            return null;
+        }
+        const bundlePath = (0, path_1.join)(artifactsDir, 'proofbundle.zip');
+        const includes = [];
+        // Collect all artifacts
+        const artifacts = [];
+        // Add scan.json
+        const scanFile = (0, path_1.join)((0, path_1.dirname)(artifactsDir), 'scan.json');
+        if ((0, fs_1.existsSync)(scanFile)) {
+            artifacts.push({
+                path: 'scan.json',
+                content: (0, fs_1.readFileSync)(scanFile, 'utf-8'),
+            });
+            includes.push('scan.json');
+        }
+        // Add proof.json
+        const proofFile = (0, path_1.join)((0, path_1.dirname)(artifactsDir), 'proof.json');
+        if ((0, fs_1.existsSync)(proofFile)) {
+            artifacts.push({
+                path: 'proof.json',
+                content: (0, fs_1.readFileSync)(proofFile, 'utf-8'),
+            });
+            includes.push('proof.json');
+        }
+        // Add dead-ui.json
+        if (deadUI.findings.length > 0) {
+            artifacts.push({
+                path: 'dead-ui.json',
+                content: JSON.stringify(deadUI, null, 2),
+            });
+            includes.push('dead-ui.json');
+        }
+        // Add Playwright traces
+        if (playwright.traces && playwright.traces.length > 0) {
+            playwright.traces.forEach((trace, index) => {
+                if ((0, fs_1.existsSync)(trace)) {
+                    const traceName = `trace-${index}.zip`;
+                    artifacts.push({
+                        path: traceName,
+                        content: (0, fs_1.readFileSync)(trace),
+                    });
+                    includes.push(traceName);
+                }
+            });
+        }
+        // Add screenshots
+        if (playwright.failures) {
+            playwright.failures.forEach((failure, index) => {
+                if (failure.screenshot && (0, fs_1.existsSync)(failure.screenshot)) {
+                    const screenshotName = `screenshot-${index}.png`;
+                    artifacts.push({
+                        path: screenshotName,
+                        content: (0, fs_1.readFileSync)(failure.screenshot),
+                    });
+                    includes.push(screenshotName);
+                }
+            });
+        }
+        // Create manifest
+        const manifest = {
+            version: '1.0.0',
+            timestamp: new Date().toISOString(),
+            scanId: scanResult.timestamp || Date.now().toString(),
+            verdict: scanResult.verdict,
+            findings: {
+                scan: scanResult.summary?.totalFindings || 0,
+                deadUI: deadUI.summary?.total || 0,
+                playwright: playwright.summary?.failed || 0,
+            },
+            includes,
+        };
+        artifacts.push({
+            path: 'manifest.json',
+            content: JSON.stringify(manifest, null, 2),
+        });
+        includes.push('manifest.json');
+        // Create zip file
+        try {
+            // Try to use archiver if available
+            const archiver = await this.getArchiver();
+            if (archiver) {
+                await this.createZipWithArchiver(bundlePath, artifacts);
+            }
+            else {
+                // Fallback: create tar or just list files
+                await this.createBundleManifest(bundlePath, artifacts, manifest);
+            }
+        }
+        catch (error) {
+            // If zip creation fails, create a manifest file instead
+            await this.createBundleManifest(bundlePath.replace('.zip', '.json'), artifacts, manifest);
+            return {
+                path: bundlePath.replace('.zip', '.json'),
+                includes,
+                metadata: {
+                    scanId: manifest.scanId,
+                    timestamp: manifest.timestamp,
+                    verdict: manifest.verdict,
+                    findings: manifest.findings.scan + manifest.findings.deadUI + manifest.findings.playwright,
+                },
+            };
+        }
+        return {
+            path: bundlePath,
+            includes,
+            metadata: {
+                scanId: manifest.scanId,
+                timestamp: manifest.timestamp,
+                verdict: manifest.verdict,
+                findings: manifest.findings.scan + manifest.findings.deadUI + manifest.findings.playwright,
+            },
+        };
+    }
+    async getArchiver() {
+        try {
+            return await Promise.resolve().then(() => __importStar(require('archiver')));
+        }
+        catch {
+            return null;
+        }
+    }
+    async createZipWithArchiver(bundlePath, artifacts) {
+        const archiver = await this.getArchiver();
+        if (!archiver)
+            return;
+        return new Promise((resolve, reject) => {
+            const output = (0, fs_1.createWriteStream)(bundlePath);
+            const archive = archiver.default('zip', { zlib: { level: 9 } });
+            output.on('close', () => resolve());
+            archive.on('error', reject);
+            archive.pipe(output);
+            artifacts.forEach(artifact => {
+                archive.append(artifact.content, { name: artifact.path });
+            });
+            archive.finalize();
+        });
+    }
+    async createBundleManifest(manifestPath, artifacts, manifest) {
+        const manifestContent = {
+            ...manifest,
+            artifacts: artifacts.map(a => ({
+                path: a.path,
+                size: Buffer.isBuffer(a.content) ? a.content.length : Buffer.byteLength(a.content, 'utf-8'),
+                hash: (0, crypto_1.createHash)('sha256').update(a.content).digest('hex').substring(0, 16),
+            })),
+        };
+        const { writeFileSync } = await Promise.resolve().then(() => __importStar(require('fs')));
+        writeFileSync(manifestPath, JSON.stringify(manifestContent, null, 2));
+    }
+}
+exports.ProofBundleGenerator = ProofBundleGenerator;
+//# sourceMappingURL=proof-bundle.js.map

package/dist/scan/proof-bundle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proof-bundle.js","sourceRoot":"","sources":["../../src/scan/proof-bundle.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,2BAAiE;AACjE,+BAAqC;AACrC,mCAAoC;AAapC,MAAa,oBAAoB;IAC/B;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,YAAoB,EACpB,UAAe,EACf,UAAe,EACf,MAAW,EACX,UAAe;QAEf,2CAA2C;QAC3C,IAAI,UAAU,CAAC,OAAO,KAAK,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YACvF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,wBAAwB;QACxB,MAAM,SAAS,GAAsD,EAAE,CAAC;QAExE,gBAAgB;QAChB,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,IAAA,cAAO,EAAC,YAAY,CAAC,EAAE,WAAW,CAAC,CAAC;QAC1D,IAAI,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,IAAA,iBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC;aACzC,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,CAAC;QAED,iBAAiB;QACjB,MAAM,SAAS,GAAG,IAAA,WAAI,EAAC,IAAA,cAAO,EAAC,YAAY,CAAC,EAAE,YAAY,CAAC,CAAC;QAC5D,IAAI,IAAA,eAAU,EAAC,SAAS,CAAC,EAAE,CAAC;YAC1B,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,IAAA,iBAAY,EAAC,SAAS,EAAE,OAAO,CAAC;aAC1C,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9B,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,SAAS,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;aACzC,CAAC,CAAC;YACH,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChC,CAAC;QAED,wBAAwB;QACxB,IAAI,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtD,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAa,EAAE,KAAa,EAAE,EAAE;gBACzD,IAAI,IAAA,eAAU,EAAC,KAAK,CAAC,EAAE,CAAC;oBACtB,MAAM,SAAS,GAAG,SAAS,KAAK,MAAM,CAAC;oBACvC,SAAS,CAAC,IAAI,CAAC;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAA,iBAAY,EAAC,KAAK,CAAC;qBAC7B,CAAC,CAAC;oBACH,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,kBAAkB;QAClB,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;YACxB,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAY,EAAE,KAAa,EAAE,EAAE;gBAC1D,IAAI,OAAO,CAAC,UAAU,IAAI,IAAA,eAAU,EAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;oBACzD,MAAM,cAAc,GAAG,cAAc,KAAK,MAAM,CAAC;oBACjD,SAAS,CAAC,IAAI,CAAC;wBACb,IAAI,EAAE,cAAc;wBACpB,OAAO,EAAE,IAAA,iBAAY,EAAC,OAAO,CAAC,UAAU,CAAC;qBAC1C,CAAC,CAAC;oBACH,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,kBAAkB;QAClB,MAAM,QAAQ,GAAG;YACf,OAAO,EAAE,OAAO;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,UAAU,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;YACrD,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,QAAQ,EAAE;gBACR,IAAI,EAAE,UAAU,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC;gBAC5C,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC;gBAClC,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC;aAC5C;YACD,QAAQ;SACT,CAAC;QAEF,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;SAC3C,CAAC,CAAC;QACH,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/B,kBAAkB;QAClB,IAAI,CAAC;YACH,mCAAmC;YACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1C,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,0CAA0C;gBAC1C,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,wDAAwD;YACxD,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC1F,OAAO;gBACL,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC;gBACzC,QAAQ;gBACR,QAAQ,EAAE;oBACR,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,SAAS,EAAE,QAAQ,CAAC,SAAS;oBAC7B,OAAO,EAAE,QAAQ,CAAC,OAAc;oBAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,UAAU;iBAC3F;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,QAAQ;YACR,QAAQ,EAAE;gBACR,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,SAAS,EAAE,QAAQ,CAAC,SAAS;gBAC7B,OAAO,EAAE,QAAQ,CAAC,OAAc;gBAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,UAAU;aAC3F;SACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,IAAI,CAAC;YACH,OAAO,wDAAa,UAAU,GAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,UAAkB,EAAE,SAA4D;QAClH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,QAAQ;YAAE,OAAO;QAEtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAA,sBAAiB,EAAC,UAAU,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YAEhE,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YACpC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAE5B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAC3B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAChC,YAAoB,EACpB,SAA4D,EAC5D,QAAa;QAEb,MAAM,eAAe,GAAG;YACtB,GAAG,QAAQ;YACX,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC;gBAC3F,IAAI,EAAE,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;aAC5E,CAAC,CAAC;SACJ,CAAC;QAEF,MAAM,EAAE,aAAa,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;QAC7C,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,CAAC;CACF;AAtLD,oDAsLC"}

package/dist/scan/proof-graph.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Reality Proof Graph
+ *
+ * A graph model per scan that connects claims → evidence → verdict
+ */
+export interface ProofNode {
+    id: string;
+    type: 'route' | 'handler' | 'middleware' | 'auth' | 'env' | 'db_model' | 'runtime_probe';
+    name: string;
+    file?: string;
+    line?: number;
+    metadata?: Record<string, any>;
+}
+export interface ProofEdge {
+    from: string;
+    to: string;
+    type: 'reachable_via' | 'guarded_by' | 'depends_on' | 'validated_by';
+    evidence?: any;
+}
+export interface ProofGraph {
+    nodes: ProofNode[];
+    edges: ProofEdge[];
+    verdict: 'PASS' | 'FAIL' | 'WARN';
+    evidenceStrength: number;
+    findings: string[];
+}
+export declare class ProofGraphBuilder {
+    private nodes;
+    private edges;
+    /**
+     * Add node to graph
+     */
+    addNode(node: ProofNode): void;
+    /**
+     * Add edge to graph
+     */
+    addEdge(edge: ProofEdge): void;
+    /**
+     * Build final graph
+     */
+    build(verdict: 'PASS' | 'FAIL' | 'WARN', evidenceStrength: number, findings: string[]): ProofGraph;
+    /**
+     * Find node by type and name
+     */
+    findNode(type: ProofNode['type'], name: string): ProofNode | undefined;
+    /**
+     * Get all nodes of type
+     */
+    getNodesByType(type: ProofNode['type']): ProofNode[];
+    /**
+     * Get edges from node
+     */
+    getEdgesFrom(nodeId: string): ProofEdge[];
+    /**
+     * Get edges to node
+     */
+    getEdgesTo(nodeId: string): Promise<ProofEdge[]>;
+}
+//# sourceMappingURL=proof-graph.d.ts.map

package/dist/scan/proof-graph.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proof-graph.d.ts","sourceRoot":"","sources":["../../src/scan/proof-graph.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,YAAY,GAAG,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,eAAe,CAAC;IACzF,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,eAAe,GAAG,YAAY,GAAG,YAAY,GAAG,cAAc,CAAC;IACrE,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,KAAK,CAAqC;IAClD,OAAO,CAAC,KAAK,CAAmB;IAEhC;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU;IAUlG;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAItE;;OAEG;IACH,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,SAAS,EAAE;IAIpD;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE;IAIzC;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;CAGjD"}

package/dist/scan/proof-graph.js

@@ -0,0 +1,64 @@
+"use strict";
+/**
+ * Reality Proof Graph
+ *
+ * A graph model per scan that connects claims → evidence → verdict
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProofGraphBuilder = void 0;
+class ProofGraphBuilder {
+    constructor() {
+        this.nodes = new Map();
+        this.edges = [];
+    }
+    /**
+     * Add node to graph
+     */
+    addNode(node) {
+        this.nodes.set(node.id, node);
+    }
+    /**
+     * Add edge to graph
+     */
+    addEdge(edge) {
+        this.edges.push(edge);
+    }
+    /**
+     * Build final graph
+     */
+    build(verdict, evidenceStrength, findings) {
+        return {
+            nodes: Array.from(this.nodes.values()),
+            edges: this.edges,
+            verdict,
+            evidenceStrength,
+            findings,
+        };
+    }
+    /**
+     * Find node by type and name
+     */
+    findNode(type, name) {
+        return Array.from(this.nodes.values()).find(n => n.type === type && n.name === name);
+    }
+    /**
+     * Get all nodes of type
+     */
+    getNodesByType(type) {
+        return Array.from(this.nodes.values()).filter(n => n.type === type);
+    }
+    /**
+     * Get edges from node
+     */
+    getEdgesFrom(nodeId) {
+        return this.edges.filter(e => e.from === nodeId);
+    }
+    /**
+     * Get edges to node
+     */
+    getEdgesTo(nodeId) {
+        return Promise.resolve(this.edges.filter(e => e.to === nodeId));
+    }
+}
+exports.ProofGraphBuilder = ProofGraphBuilder;
+//# sourceMappingURL=proof-graph.js.map

package/dist/scan/proof-graph.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proof-graph.js","sourceRoot":"","sources":["../../src/scan/proof-graph.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AA0BH,MAAa,iBAAiB;IAA9B;QACU,UAAK,GAA2B,IAAI,GAAG,EAAE,CAAC;QAC1C,UAAK,GAAgB,EAAE,CAAC;IAwDlC,CAAC;IAtDC;;OAEG;IACH,OAAO,CAAC,IAAe;QACrB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAe;QACrB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAiC,EAAE,gBAAwB,EAAE,QAAkB;QACnF,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACtC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO;YACP,gBAAgB;YAChB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,IAAuB,EAAE,IAAY;QAC5C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACvF,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,IAAuB;QACpC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAAc;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,MAAc;QACvB,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC;IAClE,CAAC;CACF;AA1DD,8CA0DC"}

package/dist/scan/reality-sniff.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Advanced Lexical Reality Scan
+ *
+ * Lightning-fast first-pass sweep for AI artifacts + landmines
+ */
+export interface RealityFinding {
+    id: string;
+    type: 'placeholder' | 'stub' | 'fake_success' | 'silent_failure' | 'auth_bypass' | 'dangerous_default';
+    file: string;
+    line: number;
+    column?: number;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    score: number;
+    evidence: {
+        snippet: string;
+        context: string;
+        pattern: string;
+    };
+    fixGuidance?: string;
+    verifyCommand?: string;
+}
+export interface RealityScanResult {
+    findings: RealityFinding[];
+    hotspots: Array<{
+        file: string;
+        score: number;
+        findings: number;
+    }>;
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        totalScore: number;
+    };
+}
+export declare class RealitySniffScanner {
+    private findings;
+    private fileScores;
+    private findingCounter;
+    /**
+     * Scan project for reality issues
+     */
+    scan(projectPath: string, options?: {
+        exclude?: string[];
+        includeTests?: boolean;
+    }): Promise<RealityScanResult>;
+    private scanDirectory;
+    private scanFile;
+    private checkPatterns;
+    private isInErrorContext;
+    private getContext;
+    private getFixGuidance;
+}
+//# sourceMappingURL=reality-sniff.d.ts.map

package/dist/scan/reality-sniff.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reality-sniff.d.ts","sourceRoot":"","sources":["../../src/scan/reality-sniff.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,aAAa,GAAG,MAAM,GAAG,cAAc,GAAG,gBAAgB,GAAG,aAAa,GAAG,mBAAmB,CAAC;IACvG,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,QAAQ,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC,CAAC;IACH,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AA6DD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,UAAU,CAAkC;IACpD,OAAO,CAAC,cAAc,CAAK;IAE3B;;OAEG;IACG,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,GAAE;QACvC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QACnB,YAAY,CAAC,EAAE,OAAO,CAAC;KACnB,GAAG,OAAO,CAAC,iBAAiB,CAAC;YAsCrB,aAAa;YAyBb,QAAQ;IA8BtB,OAAO,CAAC,aAAa;IAqCrB,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,cAAc;CAWvB"}

package/dist/scan/reality-sniff.js

@@ -0,0 +1,200 @@
+"use strict";
+/**
+ * Advanced Lexical Reality Scan
+ *
+ * Lightning-fast first-pass sweep for AI artifacts + landmines
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RealitySniffScanner = void 0;
+const fs_1 = require("fs");
+const path_1 = require("path");
+// Placeholder patterns
+const PLACEHOLDER_PATTERNS = [
+    /\bplaceholder\b/i,
+    /\bstub\b/i,
+    /\bdummy\b/i,
+    /\bfake\b/i,
+    /\bsample\b/i,
+    /\bprototype\b/i,
+    /\bpoc\b/i,
+    /\bhardcoded\b/i,
+    /\bTODO\b.*(?:implement|fix|complete)/i,
+    /\bWIP\b/i,
+    /\bTBD\b/i,
+    /\bNYI\b/i,
+    /\bcoming\s+soon\b/i,
+    /\bbest\s+effort\b/i,
+    /\bfallback\b/i,
+    /\bgracefully\b/i,
+];
+// Fake success patterns
+const FAKE_SUCCESS_PATTERNS = [
+    /return\s+(?:true|"ok"|"success"|{[\s\S]*?success:\s*true)/i,
+    /status:\s*["']ok["']/i,
+    /ok:\s*true/i,
+    /success:\s*true/i,
+];
+// Silent failure patterns
+const SILENT_FAILURE_PATTERNS = [
+    /catch\s*\(\s*\)\s*{\s*}/, // empty catch {}
+    /catch\s*\(\s*e\s*\)\s*{\s*}/, // empty catch (e) {}
+    /catch\s*\([^)]*\)\s*{\s*return\s*;?\s*}/, // catch that just returns
+    /catch\s*\([^)]*\)\s*{\s*console\.(log|error|warn)/, // catch that only logs
+];
+// Auth bypass patterns
+const AUTH_BYPASS_PATTERNS = [
+    /\bowner\s*mode\b/i,
+    /\badmin\s*mode\b/i,
+    /\bskipAuth\b/i,
+    /\bdisableAuth\b/i,
+    /\bbypassAuth\b/i,
+    /\bisAdmin\s*=\s*true\b/i,
+    /\bALLOW_ALL\b/i,
+    /\bUI-only\s*gating\b/i,
+];
+// Dangerous defaults
+const DANGEROUS_DEFAULT_PATTERNS = [
+    /process\.env\.\w+\s*\|\|\s*["'](?:test|localhost|example\.com|CHANGEME|REPLACE_ME|YOUR_API_KEY)["']/i,
+    /process\.env\.\w+\s*\|\|\s*["']\s*["']/, // empty string default
+    /\bCHANGEME\b/i,
+    /\bREPLACE_ME\b/i,
+    /\bYOUR_API_KEY\b/i,
+    /\bexample\.com\b/i,
+    /localhost.*(?:auth|billing|webhook|secret)/i,
+];
+class RealitySniffScanner {
+    constructor() {
+        this.findings = [];
+        this.fileScores = new Map();
+        this.findingCounter = 1;
+    }
+    /**
+     * Scan project for reality issues
+     */
+    async scan(projectPath, options = {}) {
+        this.findings = [];
+        this.fileScores.clear();
+        this.findingCounter = 1;
+        const exclude = options.exclude || ['node_modules', '.git', 'dist', 'build', '.next'];
+        const includeTests = options.includeTests || false;
+        // Scan all code files
+        await this.scanDirectory(projectPath, exclude, includeTests);
+        // Calculate hotspots
+        const hotspots = Array.from(this.fileScores.entries())
+            .map(([file, score]) => ({
+            file,
+            score,
+            findings: this.findings.filter(f => f.file === file).length,
+        }))
+            .sort((a, b) => b.score - a.score)
+            .slice(0, 10);
+        // Calculate summary
+        const summary = {
+            total: this.findings.length,
+            critical: this.findings.filter(f => f.severity === 'critical').length,
+            high: this.findings.filter(f => f.severity === 'high').length,
+            medium: this.findings.filter(f => f.severity === 'medium').length,
+            low: this.findings.filter(f => f.severity === 'low').length,
+            totalScore: this.findings.reduce((sum, f) => sum + f.score, 0),
+        };
+        return {
+            findings: this.findings.sort((a, b) => b.score - a.score),
+            hotspots,
+            summary,
+        };
+    }
+    async scanDirectory(dir, exclude, includeTests) {
+        const entries = (0, fs_1.readdirSync)(dir);
+        for (const entry of entries) {
+            const fullPath = (0, path_1.join)(dir, entry);
+            const stat = (0, fs_1.statSync)(fullPath);
+            // Skip excluded directories
+            if (stat.isDirectory()) {
+                if (exclude.some(e => entry.includes(e)))
+                    continue;
+                if (!includeTests && (entry.includes('test') || entry.includes('spec')))
+                    continue;
+                await this.scanDirectory(fullPath, exclude, includeTests);
+                continue;
+            }
+            // Only scan code files
+            const ext = (0, path_1.extname)(entry);
+            if (!['.ts', '.tsx', '.js', '.jsx', '.py', '.java', '.go', '.rs'].includes(ext)) {
+                continue;
+            }
+            await this.scanFile(fullPath);
+        }
+    }
+    async scanFile(filePath) {
+        try {
+            const content = (0, fs_1.readFileSync)(filePath, 'utf-8');
+            const lines = content.split('\n');
+            // Check each line for patterns
+            lines.forEach((line, index) => {
+                const lineNum = index + 1;
+                // Placeholder detection
+                this.checkPatterns(line, lineNum, filePath, PLACEHOLDER_PATTERNS, 'placeholder', 1, 'medium');
+                // Fake success detection (higher score in catch/error handlers)
+                const inErrorContext = this.isInErrorContext(content, index);
+                this.checkPatterns(line, lineNum, filePath, FAKE_SUCCESS_PATTERNS, 'fake_success', inErrorContext ? 5 : 3, inErrorContext ? 'high' : 'medium');
+                // Silent failure detection
+                this.checkPatterns(line, lineNum, filePath, SILENT_FAILURE_PATTERNS, 'silent_failure', 5, 'high');
+                // Auth bypass detection
+                this.checkPatterns(line, lineNum, filePath, AUTH_BYPASS_PATTERNS, 'auth_bypass', 10, 'critical');
+                // Dangerous defaults
+                this.checkPatterns(line, lineNum, filePath, DANGEROUS_DEFAULT_PATTERNS, 'dangerous_default', 3, 'high');
+            });
+        }
+        catch (error) {
+            // Ignore files we can't read
+        }
+    }
+    checkPatterns(line, lineNum, filePath, patterns, type, baseScore, severity) {
+        for (const pattern of patterns) {
+            const match = line.match(pattern);
+            if (match) {
+                const finding = {
+                    id: `GR-REALITY-${String(this.findingCounter++).padStart(3, '0')}`,
+                    type,
+                    file: filePath,
+                    line: lineNum,
+                    severity,
+                    score: baseScore,
+                    evidence: {
+                        snippet: line.trim(),
+                        context: this.getContext(line, filePath),
+                        pattern: pattern.source,
+                    },
+                    fixGuidance: this.getFixGuidance(type),
+                    verifyCommand: `guardrail verify --id GR-REALITY-${String(this.findingCounter - 1).padStart(3, '0')}`,
+                };
+                this.findings.push(finding);
+                // Update file score
+                const currentScore = this.fileScores.get(filePath) || 0;
+                this.fileScores.set(filePath, currentScore + baseScore);
+            }
+        }
+    }
+    isInErrorContext(content, lineIndex) {
+        const lines = content.split('\n');
+        const beforeContext = lines.slice(Math.max(0, lineIndex - 5), lineIndex).join('\n');
+        return /catch|onError|fallback|error|exception/i.test(beforeContext);
+    }
+    getContext(line, filePath) {
+        // Return surrounding context (simplified)
+        return line.trim();
+    }
+    getFixGuidance(type) {
+        const guidance = {
+            placeholder: 'Replace placeholder with actual implementation',
+            stub: 'Implement stub function with real logic',
+            fake_success: 'Return actual error status instead of always true',
+            silent_failure: 'Add proper error handling and propagation',
+            auth_bypass: 'Remove auth bypass or add proper permission checks',
+            dangerous_default: 'Use secure defaults or require explicit configuration',
+        };
+        return guidance[type] || 'Review and fix';
+    }
+}
+exports.RealitySniffScanner = RealitySniffScanner;
+//# sourceMappingURL=reality-sniff.js.map

package/dist/scan/reality-sniff.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reality-sniff.js","sourceRoot":"","sources":["../../src/scan/reality-sniff.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,2BAAyD;AACzD,+BAAqC;AAoCrC,uBAAuB;AACvB,MAAM,oBAAoB,GAAG;IAC3B,kBAAkB;IAClB,WAAW;IACX,YAAY;IACZ,WAAW;IACX,aAAa;IACb,gBAAgB;IAChB,UAAU;IACV,gBAAgB;IAChB,uCAAuC;IACvC,UAAU;IACV,UAAU;IACV,UAAU;IACV,oBAAoB;IACpB,oBAAoB;IACpB,eAAe;IACf,iBAAiB;CAClB,CAAC;AAEF,wBAAwB;AACxB,MAAM,qBAAqB,GAAG;IAC5B,4DAA4D;IAC5D,uBAAuB;IACvB,aAAa;IACb,kBAAkB;CACnB,CAAC;AAEF,0BAA0B;AAC1B,MAAM,uBAAuB,GAAG;IAC9B,yBAAyB,EAAE,iBAAiB;IAC5C,6BAA6B,EAAE,qBAAqB;IACpD,yCAAyC,EAAE,0BAA0B;IACrE,mDAAmD,EAAE,uBAAuB;CAC7E,CAAC;AAEF,uBAAuB;AACvB,MAAM,oBAAoB,GAAG;IAC3B,mBAAmB;IACnB,mBAAmB;IACnB,eAAe;IACf,kBAAkB;IAClB,iBAAiB;IACjB,yBAAyB;IACzB,gBAAgB;IAChB,uBAAuB;CACxB,CAAC;AAEF,qBAAqB;AACrB,MAAM,0BAA0B,GAAG;IACjC,sGAAsG;IACtG,wCAAwC,EAAE,uBAAuB;IACjE,eAAe;IACf,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,6CAA6C;CAC9C,CAAC;AAEF,MAAa,mBAAmB;IAAhC;QACU,aAAQ,GAAqB,EAAE,CAAC;QAChC,eAAU,GAAwB,IAAI,GAAG,EAAE,CAAC;QAC5C,mBAAc,GAAG,CAAC,CAAC;IAgK7B,CAAC;IA9JC;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,WAAmB,EAAE,UAG5B,EAAE;QACJ,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC;QAExB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACtF,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;QAEnD,sBAAsB;QACtB,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAE7D,qBAAqB;QACrB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;aACnD,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACvB,IAAI;YACJ,KAAK;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,MAAM;SAC5D,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;aACjC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEhB,oBAAoB;QACpB,MAAM,OAAO,GAAG;YACd,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YACrE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YAC7D,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YACjE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;YAC3D,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;SAC/D,CAAC;QAEF,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;YACzD,QAAQ;YACR,OAAO;SACR,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAW,EAAE,OAAiB,EAAE,YAAqB;QAC/E,MAAM,OAAO,GAAG,IAAA,gBAAW,EAAC,GAAG,CAAC,CAAC;QAEjC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAClC,MAAM,IAAI,GAAG,IAAA,aAAQ,EAAC,QAAQ,CAAC,CAAC;YAEhC,4BAA4B;YAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACvB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBAAE,SAAS;gBACnD,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAAE,SAAS;gBAClF,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;gBAC1D,SAAS;YACX,CAAC;YAED,uBAAuB;YACvB,MAAM,GAAG,GAAG,IAAA,cAAO,EAAC,KAAK,CAAC,CAAC;YAC3B,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChF,SAAS;YACX,CAAC;YAED,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,QAAgB;QACrC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,+BAA+B;YAC/B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC5B,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,CAAC;gBAE1B,wBAAwB;gBACxB,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,aAAa,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;gBAE9F,gEAAgE;gBAChE,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC7D,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,qBAAqB,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAE/I,2BAA2B;gBAC3B,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;gBAElG,wBAAwB;gBACxB,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,aAAa,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC;gBAEjG,qBAAqB;gBACrB,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;YAC1G,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,6BAA6B;QAC/B,CAAC;IACH,CAAC;IAEO,aAAa,CACnB,IAAY,EACZ,OAAe,EACf,QAAgB,EAChB,QAAkB,EAClB,IAA4B,EAC5B,SAAiB,EACjB,QAAoC;QAEpC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,OAAO,GAAmB;oBAC9B,EAAE,EAAE,cAAc,MAAM,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBAClE,IAAI;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,OAAO;oBACb,QAAQ;oBACR,KAAK,EAAE,SAAS;oBAChB,QAAQ,EAAE;wBACR,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE;wBACpB,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC;wBACxC,OAAO,EAAE,OAAO,CAAC,MAAM;qBACxB;oBACD,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;oBACtC,aAAa,EAAE,oCAAoC,MAAM,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;iBACtG,CAAC;gBAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAE5B,oBAAoB;gBACpB,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACxD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,GAAG,SAAS,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,OAAe,EAAE,SAAiB;QACzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpF,OAAO,yCAAyC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACvE,CAAC;IAEO,UAAU,CAAC,IAAY,EAAE,QAAgB;QAC/C,0CAA0C;QAC1C,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;IACrB,CAAC;IAEO,cAAc,CAAC,IAA4B;QACjD,MAAM,QAAQ,GAA2C;YACvD,WAAW,EAAE,gDAAgD;YAC7D,IAAI,EAAE,yCAAyC;YAC/C,YAAY,EAAE,mDAAmD;YACjE,cAAc,EAAE,2CAA2C;YAC3D,WAAW,EAAE,oDAAoD;YACjE,iBAAiB,EAAE,uDAAuD;SAC3E,CAAC;QACF,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,gBAAgB,CAAC;IAC5C,CAAC;CACF;AAnKD,kDAmKC"}

package/dist/scan/structural-verifier.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Structural Verification (Level 2)
+ *
+ * AST + reachability + callsite context analysis
+ */
+import { RealityFinding } from './reality-sniff';
+import { Evidence } from './verification-engine';
+export declare class StructuralVerifier {
+    /**
+     * Verify finding using AST and structural analysis
+     */
+    verify(finding: RealityFinding, projectPath: string): Promise<Evidence | null>;
+    private verifyWithTypeScript;
+    private verifyBasic;
+    private isExported;
+    private isInErrorHandler;
+    private isDeadCode;
+    private isTypeScriptAvailable;
+}
+//# sourceMappingURL=structural-verifier.d.ts.map

package/dist/scan/structural-verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"structural-verifier.d.ts","sourceRoot":"","sources":["../../src/scan/structural-verifier.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEjD,qBAAa,kBAAkB;IAC7B;;OAEG;IACG,MAAM,CAAC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;YAetE,oBAAoB;YAqBpB,WAAW;IA2CzB,OAAO,CAAC,UAAU;IAMlB,OAAO,CAAC,gBAAgB;IAMxB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,qBAAqB;CAQ9B"}