npm - @vibgrate/cli - Versions diffs - 2026.625.2 → 2026.628.1 - Mend

@vibgrate/cli 2026.625.2 → 2026.628.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/DOCS.md +24 -24
package/README.md +18 -18
package/dist/baseline-QM3PG3RY.js +1 -0
package/dist/{chunk-YF3NML7I.js → chunk-CKBCROBF.js} +1 -1
package/dist/chunk-RKH4N26K.js +75 -0
package/dist/{chunk-BHWXSLTQ.js → chunk-ROPIO52N.js} +2 -2
package/dist/cli.js +145 -145
package/dist/{dist-AP3RH35M.js → dist-LFSEE53Z.js} +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1
package/dist/baseline-2B6YIW6Z.js +0 -1
package/dist/chunk-I65B3ZRL.js +0 -78

package/DOCS.md CHANGED Viewed

@@ -53,7 +53,7 @@ For a quick overview, see the [README](./README.md). This document covers everyt
   - [Azure DevOps](#azure-devops)
   - [GitLab CI](#gitlab-ci)
   - [Generic Pipelines](#generic-pipelines)
-- [Dashboard Upload](#dashboard-upload)
+- [Vibgrate Cloud Upload](#vibgrate-cloud-upload)
   - [DSN Tokens](#dsn-tokens)
   - [Data Residency](#data-residency)
 - [Privacy & Security](#privacy--security)
@@ -73,7 +73,7 @@ Vibgrate recursively scans your repository for `package.json` (Node/TypeScript),
 4. **Generates** a deterministic Upgrade Drift Score (0–100)
 5. **Produces** findings, a full JSON artifact, and optional SARIF output
-Core drift analysis does not execute source code. Dashboard upload remains optional.
+Core drift analysis does not execute source code. Vibgrate Cloud upload remains optional.
 ---
@@ -86,8 +86,8 @@ Most teams adopt Vibgrate in two steps:
 | Mode               | Benefits                                                                    | Typical command                                           |
 | ------------------ | --------------------------------------------------------------------------- | --------------------------------------------------------- |
-| One-off scan       | Fast snapshot of current upgrade debt, useful for audits and planning       | `npx @vibgrate/cli scan .`                                |
-| CI-integrated scan | Continuous governance with automated failure thresholds and SARIF surfacing | `npx @vibgrate/cli scan . --format sarif --fail-on error` |
+| One-off scan       | Fast snapshot of current upgrade debt, useful for audits and planning       | `npx @vibgrate/cli scan`                                |
+| CI-integrated scan | Continuous governance with automated failure thresholds and SARIF surfacing | `npx @vibgrate/cli scan --format sarif --fail-on error` |
 In practice, one-off scans tell you where you are today; CI keeps you from drifting back tomorrow.
@@ -117,13 +117,13 @@ Example:
 ```bash
 # Step 1: first scan
-vibgrate scan .
+vibgrate scan
 # Step 2: baseline
-vibgrate baseline .
+vibgrate baseline
 # Step 3: policy in CI
-vibgrate scan . --baseline .vibgrate/baseline.json --drift-budget 40 --drift-worsening 5 --fail-on error
+vibgrate scan --baseline .vibgrate/baseline.json --drift-budget 40 --drift-worsening 5 --fail-on error
 # Step 4: produce report
 vibgrate report --in .vibgrate/scan_result.json --format md
@@ -176,7 +176,7 @@ vibgrate scan [path] [--format text|json|sarif|md] [--out <file>] [--fail-on war
 | `--concurrency <n>` | `8` | Max concurrent npm registry calls |
 | `--drift-budget <score>` | — | Fitness gate: fail if drift score is above this budget |
 | `--drift-worsening <percent>` | — | Fitness gate: fail if drift worsens by more than % vs baseline |
-| `--push` | — | Upload scan artifact to dashboard after a successful scan |
+| `--push` | — | Upload scan artifact to Vibgrate Cloud after a successful scan |
 | `--dsn <dsn>` | `VIBGRATE_DSN` env | DSN used for `--push` authentication |
 | `--region <region>` | — | Override data residency (`us`, `eu`) during push |
 | `--strict` | — | Fail scan command if push fails |
@@ -198,7 +198,7 @@ document is the predicate body for the `https://vibgrate.com/attestations/hcs/v0
 in-toto attestation, ready to bind to a published artifact:
 ```bash
-vibgrate scan . --emit-facts > vibgrate-facts.json
+vibgrate scan --emit-facts > vibgrate-facts.json
 cosign attest --yes \
   --type https://vibgrate.com/attestations/hcs/v0.5 \
   --predicate vibgrate-facts.json "$IMAGE_REF"
@@ -215,10 +215,10 @@ Use `--exclude` (alias `-e`) to skip directories or files from the scan. Values
 ```bash
 # Repeat the flag
-vibgrate scan . --exclude "legacy/**" --exclude "vendor/**"
+vibgrate scan --exclude "legacy/**" --exclude "vendor/**"
 # Or list multiple patterns in one flag (comma- or semicolon-separated)
-vibgrate scan . --exclude "legacy/**,vendor/**;**/fixtures/**"
+vibgrate scan --exclude "legacy/**,vendor/**;**/fixtures/**"
 ```
 CLI excludes are **additive**: they are merged (and de-duplicated) with any `exclude` patterns from your [config file](#configuration), so command-line excludes never replace your committed defaults.
@@ -239,19 +239,19 @@ Examples:
 ```bash
 # Standard text scan
-vibgrate scan .
+vibgrate scan
 # JSON output for automation
-vibgrate scan . --format json --out scan.json
+vibgrate scan --format json --out scan.json
 # Skip vendored and generated code
-vibgrate scan . --exclude "vendor/**,**/*.generated.ts;dist/**"
+vibgrate scan --exclude "vendor/**,**/*.generated.ts;dist/**"
 # CI gate with baseline regression protection
-vibgrate scan . --baseline .vibgrate/baseline.json --drift-budget 40 --drift-worsening 5 --fail-on error
+vibgrate scan --baseline .vibgrate/baseline.json --drift-budget 40 --drift-worsening 5 --fail-on error
 # Upload result in the same command
-vibgrate scan . --push --strict
+vibgrate scan --push --strict
 ```
 Expected results:
@@ -341,7 +341,7 @@ See [`docs/SIGNING-AND-PROVENANCE.md`](../../docs/SIGNING-AND-PROVENANCE.md).
 ### vibgrate push
-Upload scan results to the Vibgrate dashboard API.
+Upload scan results to the Vibgrate Cloud API.
 ```bash
 vibgrate push [--dsn <dsn>] [--file <file>] [--region <region>] [--strict]
@@ -405,7 +405,7 @@ Recommended workflow:
 1. Create baseline once on main branch:
    ```bash
-   vibgrate baseline .
+   vibgrate baseline
    ```
 2. In CI, run scan with comparison and gates:
    ```bash
@@ -413,7 +413,7 @@ Recommended workflow:
    ```
 3. When planned upgrades land, refresh baseline:
    ```bash
-   vibgrate baseline .
+   vibgrate baseline
    ```
 This makes drift a formal quality gate (fitness function), not just reporting.
@@ -709,14 +709,14 @@ Use the maintained templates in this package for copy-paste setup:
 ```yaml
 steps:
   - name: Vibgrate Scan
-    run: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+    run: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error
   - name: Upload SARIF
     uses: github/codeql-action/upload-sarif@v3
     with:
       sarif_file: vibgrate.sarif
-  # Optional: push metrics to dashboard
+  # Optional: push metrics to Vibgrate Cloud
   - name: Push Vibgrate Metrics
     env:
       VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
@@ -727,7 +727,7 @@ steps:
 ```yaml
 steps:
-  - script: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+  - script: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error
     displayName: Vibgrate Scan
   - task: PublishBuildArtifacts@1
@@ -741,7 +741,7 @@ steps:
 ```yaml
 vibgrate:
   script:
-    - npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+    - npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error
   artifacts:
     reports:
       sast: vibgrate.sarif
@@ -758,7 +758,7 @@ Vibgrate works in any CI environment. The CLI:
 ---
-## Dashboard Upload
+## Vibgrate Cloud Upload
 ### DSN Tokens

package/README.md CHANGED Viewed

@@ -54,14 +54,14 @@ Recommended rollout: start with a one-off scan now, then add Vibgrate to CI this
 Run instantly (no install):
 ```bash
-npx @vibgrate/cli scan .
+npx @vibgrate/cli scan
 ```
 Or install locally:
 ```bash
 npm install -D @vibgrate/cli
-npx vibgrate scan .
+npx vibgrate scan
 ```
 Add an npm script:
@@ -69,7 +69,7 @@ Add an npm script:
 ```json
 {
   "scripts": {
-    "drift": "vibgrate scan ."
+    "drift": "vibgrate scan"
   }
 }
 ```
@@ -87,7 +87,7 @@ Set up Vibgrate for upgrade drift tracking:
 1. Install: npm install -g @vibgrate/cli@latest
 2. Create DSN: npx vibgrate dsn create --workspace new
 3. Save DSN: echo 'export VIBGRATE_DSN="<dsn>"' >> ~/.zshrc && source ~/.zshrc
-4. Scan: npx vibgrate scan . --push
+4. Scan: npx vibgrate scan --push
 Then explain my drift score and top 3 upgrade priorities.
 ```
@@ -160,7 +160,7 @@ This keeps reports plain and actionable, so teams can go from scan output to bac
 Take a baseline snapshot, then enforce dependency drift fitness functions in CI:
 ```bash
-npx vibgrate baseline .
+npx vibgrate baseline
 npx vibgrate scan --baseline .vibgrate/baseline.json --drift-worsening 5 --drift-budget 40
 ```
@@ -185,7 +185,7 @@ Vibgrate now supports explicit privacy controls:
 Example:
 ```bash
-vibgrate scan . --offline --package-manifest ./package-versions.zip --max-privacy --format json --out scan.json
+vibgrate scan --offline --package-manifest ./package-versions.zip --max-privacy --format json --out scan.json
 ```
 When offline mode runs without a package manifest, package freshness is marked as unknown and drift scoring is necessarily partial.
@@ -205,7 +205,7 @@ vibgrate dsn create --workspace <id|new> [--region us|eu] [--write <path>]
 ```bash
 # 1) Scan current repo (text output)
-npx @vibgrate/cli scan .
+npx @vibgrate/cli scan
 ```
 Expected result:
@@ -216,7 +216,7 @@ Expected result:
 ```bash
 # 2) Scan with CI gating
-npx @vibgrate/cli scan . --fail-on error --drift-budget 40
+npx @vibgrate/cli scan --fail-on error --drift-budget 40
 ```
 Expected result:
@@ -228,7 +228,7 @@ Expected result:
 # 3) Scan while excluding vendored / generated paths
 #    --exclude is repeatable and accepts comma/semicolon-separated globs;
 #    patterns are merged with `exclude` from vibgrate.config.*
-npx @vibgrate/cli scan . --exclude "legacy/**,vendor/**" --exclude "**/*.generated.ts"
+npx @vibgrate/cli scan --exclude "legacy/**,vendor/**" --exclude "**/*.generated.ts"
 ```
 Expected result:
@@ -238,7 +238,7 @@ Expected result:
 ```bash
 # 4) Offline scan using local package-version bundle
-npx @vibgrate/cli scan . --offline --package-manifest ./latest-packages.zip --format json --out scan.json
+npx @vibgrate/cli scan --offline --package-manifest ./latest-packages.zip --format json --out scan.json
 ```
 Expected result:
@@ -262,14 +262,14 @@ Common usage:
 ```bash
 # Standard scan
-npx @vibgrate/cli scan .
+npx @vibgrate/cli scan
 # CI-ready SARIF output
-npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error
 # Baseline and compare drift deltas over time
-npx @vibgrate/cli baseline .
-npx @vibgrate/cli scan . --baseline .vibgrate/baseline.json
+npx @vibgrate/cli baseline
+npx @vibgrate/cli scan --baseline .vibgrate/baseline.json
 ```
 ---
@@ -288,7 +288,7 @@ Use the maintained templates in this package for copy-paste setup:
 - name: Vibgrate scan
   env:
     VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
-  run: npx @vibgrate/cli scan . --push --format sarif --out vibgrate.sarif --fail-on error
+  run: npx @vibgrate/cli scan --push --format sarif --out vibgrate.sarif --fail-on error
 - name: Upload SARIF
   if: always()
@@ -300,7 +300,7 @@ Use the maintained templates in this package for copy-paste setup:
 ### Azure DevOps
 ```yaml
-- script: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
+- script: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error
   displayName: Vibgrate scan
 ```
@@ -310,7 +310,7 @@ Use the maintained templates in this package for copy-paste setup:
 vibgrate:
   image: node:20
   script:
-    - npx @vibgrate/cli scan . --push --fail-on error
+    - npx @vibgrate/cli scan --push --fail-on error
 ```
 ---
@@ -323,7 +323,7 @@ If you want trend analysis across runs/repos, push scan artifacts with a DSN:
 ```bash
 VIBGRATE_DSN="vibgrate+https://<key_id>:<secret>@us.ingest.vibgrate.com/<workspace_id>" \
-  npx @vibgrate/cli scan . --push
+  npx @vibgrate/cli scan --push
 ```
 You can also upload an existing artifact:

package/dist/baseline-QM3PG3RY.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export{h as baselineCommand,g as runBaseline}from'./chunk-ROPIO52N.js';import'./chunk-RKH4N26K.js';import'./chunk-MKDRULJ6.js';import'./chunk-XTHPCEME.js';import'./chunk-EK7ODJWE.js';

package/dist/{chunk-YF3NML7I.js → chunk-CKBCROBF.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import {na as na$1,ua as ua$1}from'./chunk-I65B3ZRL.js';import {a}from'./chunk-MKDRULJ6.js';import {j as j$1,n,i,o,p,d}from'./chunk-XTHPCEME.js';import {b}from'./chunk-EK7ODJWE.js';import*as I from'path';import*as V from'fs/promises';import*as w from'typescript';var Y={healthyMax:33,elevatedMax:66},D={healthy:"#3FB0A4",elevated:"#D9A441",critical:"#D0463B"},na={healthy:"Healthy",elevated:"Elevated",critical:"Critical"};function X(e){return e==null||Number.isNaN(e)?null:e<=Y.healthyMax?"healthy":e<=Y.elevatedMax?"elevated":"critical"}function H(e){let a=X(e);return a?D[a]:"#6B7785"}function le(e){let a=X(e);return a?na[a]:"Not scored"}function de(e){return e==null||Number.isNaN(e)||e===0?"flat":e<0?"good":"bad"}function ce(e){if(e==null||Number.isNaN(e))return "\u2014";if(e===0)return "\xB1 0";let a=Math.abs(e);return e>0?`\u25B2 +${a}`:`\u25BC \u2212${a}`}var Ce=8;function ue(e){return `Q${Math.floor(e.getUTCMonth()/3)+1} ${e.getUTCFullYear()}`}function sa(e){return e<=30?30:e<=60?60:e<=90?90:180}function oa(e){return e>0?"breached":e>=-5?"at-risk":"on-track"}function ra(e){let a=e.kpis;if(!a||a.estateDriftScore==null)return "No scan data yet \u2014 run a scan to establish a baseline.";let s=e.budgets.filter(r=>r.current-r.budget>0).length,n=[],t=de(a.driftDelta);return t==="good"&&a.driftDelta!=null?n.push(`Portfolio drift improved ${Math.abs(a.driftDelta)} pts`):t==="bad"&&a.driftDelta!=null?n.push(`Portfolio drift rose ${a.driftDelta} pts`):n.push(`Portfolio drift held at ${a.estateDriftScore}`),s>0?n.push(`${s} ${s===1?"scope is":"scopes are"} over budget`):n.push("all scopes within budget"),`${n.join("; ")}.`}function ia(e){if(e.length<2)return null;let a=e[e.length-1],s=e[e.length-2],n=a.score-s.score;if(n<=0)return "At current pace, portfolio drift is flat or improving \u2014 no band crossing forecast.";let t=Y.healthyMax+1;if(a.score>=t)return "Portfolio is already in the amber band \u2014 prioritise remediation to return to healthy.";let r=Math.ceil((t-a.score)/n);return `At current pace, portfolio crosses into amber in ~${r} period${r===1?"":"s"}.`}function la(e){let a=e.generatedAt??new Date,s=e.period??ue(a),n=e.kpis,t=ca(e.trend),r=e.topRisks.slice(0,5).map((i,d)=>({rank:d+1,label:i.label,scope:i.scope,score:i.score,delta:i.delta??null,driver:i.driver,owner:i.owner})),o=e.budgets.map(i=>{let d=i.current-i.budget;return {...i,variance:d,state:oa(d)}}).sort((i,d)=>d.variance-i.variance),c=e.horizon.filter(i=>i.daysRemaining>=0).map(i=>({...i,lane:sa(i.daysRemaining)})).sort((i,d)=>i.daysRemaining-d.daysRemaining),u=o.filter(i=>i.state==="breached").length,p=e.benchmark?{...e.benchmark,anonymitySatisfied:e.benchmark.cohortSize>=Ce}:null;return {instanceId:`${s}-${(e.asOf??a.toISOString()).slice(0,10)}`,org:e.org,period:s,preparedFor:e.preparedFor,asOf:e.asOf??a.toISOString(),generatedAt:a.toISOString(),confidentiality:"Confidential",headline:{score:n?.estateDriftScore??null,priorScore:n?.priorScore??null,delta:n?.driftDelta??null,breachCount:u,verdict:ra(e)},commentary:e.commentary,trajectory:t,forecastNote:ia(t),risks:r,budgets:o,horizon:c,benchmark:p,roi:e.roi}}function ca(e){if(e.length===0)return [];let a=[...e].sort((t,r)=>t.day.localeCompare(r.day)),s=[],n=null;for(let t of a){let r=Math.round(t.avg_score),o=n==null?0:r-n;s.push({period:t.day,score:r,added:o>0?o:0,remediated:o<0?-o:0}),n=r;}return s}var N={navy:"#182346",teal:"#3FB0A4",ink:"#0E2330",paper:"#F4F6F5"};function x(e){return e==null?"":String(e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}function we(e,a){if(!e)return "\u2014";try{return new Date(e).toLocaleDateString(a,{year:"numeric",month:"short",day:"numeric"})}catch{return x(e)}}function Re(e,a){if(!e)return "\u2014";try{return new Date(e).toLocaleString(a,{year:"numeric",month:"short",day:"numeric",hour:"2-digit",minute:"2-digit",timeZoneName:"short"})}catch{return x(e)}}function pa(e){if(e.length<2)return '<div class="chart-empty">Baseline established \u2014 trend available next cycle.</div>';let t=e.map(b=>b.score),r=Math.min(...t,0),c=Math.max(...t,100)-r||1,u=592/(e.length-1),p=b=>24+b*u,i=b=>156-(b-r)/c*132,d=e.map((b,C)=>`${C===0?"M":"L"}${p(C).toFixed(1)},${i(b.score).toFixed(1)}`).join(" "),g=e[e.length-1],m=e[e.length-2],y=g.score-m.score,l={x:p(e.length-1)+u,v:g.score+y},f={x:l.x+u,v:g.score+y*2},h=`M${p(e.length-1).toFixed(1)},${i(g.score).toFixed(1)} L${l.x.toFixed(1)},${i(l.v).toFixed(1)} L${f.x.toFixed(1)},${i(f.v).toFixed(1)}`,k=i(34),v=e.map((b,C)=>`<circle cx="${p(C).toFixed(1)}" cy="${i(b.score).toFixed(1)}" r="2.5" fill="${H(b.score)}" />`).join("");return `<svg viewBox="0 0 ${640+u*2} 180" width="100%" role="img" aria-label="DriftScore trend with forecast">
+import {na as na$1,ua as ua$1}from'./chunk-RKH4N26K.js';import {a}from'./chunk-MKDRULJ6.js';import {j as j$1,n,i,o,p,d}from'./chunk-XTHPCEME.js';import {b}from'./chunk-EK7ODJWE.js';import*as I from'path';import*as V from'fs/promises';import*as w from'typescript';var Y={healthyMax:33,elevatedMax:66},D={healthy:"#3FB0A4",elevated:"#D9A441",critical:"#D0463B"},na={healthy:"Healthy",elevated:"Elevated",critical:"Critical"};function X(e){return e==null||Number.isNaN(e)?null:e<=Y.healthyMax?"healthy":e<=Y.elevatedMax?"elevated":"critical"}function H(e){let a=X(e);return a?D[a]:"#6B7785"}function le(e){let a=X(e);return a?na[a]:"Not scored"}function de(e){return e==null||Number.isNaN(e)||e===0?"flat":e<0?"good":"bad"}function ce(e){if(e==null||Number.isNaN(e))return "\u2014";if(e===0)return "\xB1 0";let a=Math.abs(e);return e>0?`\u25B2 +${a}`:`\u25BC \u2212${a}`}var Ce=8;function ue(e){return `Q${Math.floor(e.getUTCMonth()/3)+1} ${e.getUTCFullYear()}`}function sa(e){return e<=30?30:e<=60?60:e<=90?90:180}function oa(e){return e>0?"breached":e>=-5?"at-risk":"on-track"}function ra(e){let a=e.kpis;if(!a||a.estateDriftScore==null)return "No scan data yet \u2014 run a scan to establish a baseline.";let s=e.budgets.filter(r=>r.current-r.budget>0).length,n=[],t=de(a.driftDelta);return t==="good"&&a.driftDelta!=null?n.push(`Portfolio drift improved ${Math.abs(a.driftDelta)} pts`):t==="bad"&&a.driftDelta!=null?n.push(`Portfolio drift rose ${a.driftDelta} pts`):n.push(`Portfolio drift held at ${a.estateDriftScore}`),s>0?n.push(`${s} ${s===1?"scope is":"scopes are"} over budget`):n.push("all scopes within budget"),`${n.join("; ")}.`}function ia(e){if(e.length<2)return null;let a=e[e.length-1],s=e[e.length-2],n=a.score-s.score;if(n<=0)return "At current pace, portfolio drift is flat or improving \u2014 no band crossing forecast.";let t=Y.healthyMax+1;if(a.score>=t)return "Portfolio is already in the amber band \u2014 prioritise remediation to return to healthy.";let r=Math.ceil((t-a.score)/n);return `At current pace, portfolio crosses into amber in ~${r} period${r===1?"":"s"}.`}function la(e){let a=e.generatedAt??new Date,s=e.period??ue(a),n=e.kpis,t=ca(e.trend),r=e.topRisks.slice(0,5).map((i,d)=>({rank:d+1,label:i.label,scope:i.scope,score:i.score,delta:i.delta??null,driver:i.driver,owner:i.owner})),o=e.budgets.map(i=>{let d=i.current-i.budget;return {...i,variance:d,state:oa(d)}}).sort((i,d)=>d.variance-i.variance),c=e.horizon.filter(i=>i.daysRemaining>=0).map(i=>({...i,lane:sa(i.daysRemaining)})).sort((i,d)=>i.daysRemaining-d.daysRemaining),u=o.filter(i=>i.state==="breached").length,p=e.benchmark?{...e.benchmark,anonymitySatisfied:e.benchmark.cohortSize>=Ce}:null;return {instanceId:`${s}-${(e.asOf??a.toISOString()).slice(0,10)}`,org:e.org,period:s,preparedFor:e.preparedFor,asOf:e.asOf??a.toISOString(),generatedAt:a.toISOString(),confidentiality:"Confidential",headline:{score:n?.estateDriftScore??null,priorScore:n?.priorScore??null,delta:n?.driftDelta??null,breachCount:u,verdict:ra(e)},commentary:e.commentary,trajectory:t,forecastNote:ia(t),risks:r,budgets:o,horizon:c,benchmark:p,roi:e.roi}}function ca(e){if(e.length===0)return [];let a=[...e].sort((t,r)=>t.day.localeCompare(r.day)),s=[],n=null;for(let t of a){let r=Math.round(t.avg_score),o=n==null?0:r-n;s.push({period:t.day,score:r,added:o>0?o:0,remediated:o<0?-o:0}),n=r;}return s}var N={navy:"#182346",teal:"#3FB0A4",ink:"#0E2330",paper:"#F4F6F5"};function x(e){return e==null?"":String(e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}function we(e,a){if(!e)return "\u2014";try{return new Date(e).toLocaleDateString(a,{year:"numeric",month:"short",day:"numeric"})}catch{return x(e)}}function Re(e,a){if(!e)return "\u2014";try{return new Date(e).toLocaleString(a,{year:"numeric",month:"short",day:"numeric",hour:"2-digit",minute:"2-digit",timeZoneName:"short"})}catch{return x(e)}}function pa(e){if(e.length<2)return '<div class="chart-empty">Baseline established \u2014 trend available next cycle.</div>';let t=e.map(b=>b.score),r=Math.min(...t,0),c=Math.max(...t,100)-r||1,u=592/(e.length-1),p=b=>24+b*u,i=b=>156-(b-r)/c*132,d=e.map((b,C)=>`${C===0?"M":"L"}${p(C).toFixed(1)},${i(b.score).toFixed(1)}`).join(" "),g=e[e.length-1],m=e[e.length-2],y=g.score-m.score,l={x:p(e.length-1)+u,v:g.score+y},f={x:l.x+u,v:g.score+y*2},h=`M${p(e.length-1).toFixed(1)},${i(g.score).toFixed(1)} L${l.x.toFixed(1)},${i(l.v).toFixed(1)} L${f.x.toFixed(1)},${i(f.v).toFixed(1)}`,k=i(34),v=e.map((b,C)=>`<circle cx="${p(C).toFixed(1)}" cy="${i(b.score).toFixed(1)}" r="2.5" fill="${H(b.score)}" />`).join("");return `<svg viewBox="0 0 ${640+u*2} 180" width="100%" role="img" aria-label="DriftScore trend with forecast">
     <line x1="24" y1="${k.toFixed(1)}" x2="${640+u*2-24}" y2="${k.toFixed(1)}" stroke="${D.elevated}" stroke-width="1" stroke-dasharray="2 3" opacity="0.6" />
     <path d="${d}" fill="none" stroke="${N.teal}" stroke-width="2.5" />
     <path d="${h}" fill="none" stroke="${N.teal}" stroke-width="2" stroke-dasharray="4 4" opacity="0.7" />