npm - agentskeptic - Versions diffs - 8.0.1 → 8.2.0 - Mend

agentskeptic 8.0.1 → 8.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/README.md +10 -0
package/dist/certificateVerificationDiff.d.ts +77 -0
package/dist/certificateVerificationDiff.d.ts.map +1 -0
package/dist/certificateVerificationDiff.js +249 -0
package/dist/certificateVerificationDiff.js.map +1 -0
package/dist/certificateVerificationDiff.test.d.ts +2 -0
package/dist/certificateVerificationDiff.test.d.ts.map +1 -0
package/dist/certificateVerificationDiff.test.js +53 -0
package/dist/certificateVerificationDiff.test.js.map +1 -0
package/dist/cli.js +96 -4
package/dist/cli.js.map +1 -1
package/dist/compareCertificatesCli.test.d.ts +2 -0
package/dist/compareCertificatesCli.test.d.ts.map +1 -0
package/dist/compareCertificatesCli.test.js +144 -0
package/dist/compareCertificatesCli.test.js.map +1 -0
package/dist/evidenceCompleteness.d.ts +3 -0
package/dist/evidenceCompleteness.d.ts.map +1 -1
package/dist/evidenceCompleteness.js +3 -0
package/dist/evidenceCompleteness.js.map +1 -1
package/dist/execution-identity.v1.json +1 -1
package/dist/publicDistribution.generated.d.ts +1 -1
package/dist/publicDistribution.generated.js +1 -1
package/dist/remediationDecision.parity.test.js +12 -0
package/dist/remediationDecision.parity.test.js.map +1 -1
package/dist/schemaLoad.d.ts +1 -1
package/dist/schemaLoad.d.ts.map +1 -1
package/dist/schemaLoad.js +3 -0
package/dist/schemaLoad.js.map +1 -1
package/dist/witnessCoverageRollup.d.ts +23 -0
package/dist/witnessCoverageRollup.d.ts.map +1 -0
package/dist/witnessCoverageRollup.js +138 -0
package/dist/witnessCoverageRollup.js.map +1 -0
package/dist/witnessCoverageRollup.test.d.ts +2 -0
package/dist/witnessCoverageRollup.test.d.ts.map +1 -0
package/dist/witnessCoverageRollup.test.js +187 -0
package/dist/witnessCoverageRollup.test.js.map +1 -0
package/package.json +1 -1
package/schemas/evidence-completeness-v1.schema.json +53 -0
package/schemas/openapi-commercial-v1.yaml +1 -1
package/schemas/verification-diff-certificate-v1.schema.json +229 -0

package/README.md CHANGED Viewed

@@ -70,6 +70,16 @@ Full verdict and stderr contract: [`docs/first-truth-check.md`](docs/first-truth
 2. Emit observations via the canonical SDK emitter, then append emitted rows to the gate buffer. Optionally mirror the same JSON lines to **`agentskeptic/events.ndjson`** for CI replay.
 3. On the code path **before** irreversible work you control (ship, bill, ticket close), call **`await gate.assertSafeForIrreversibleAction()`** so **unsafe** trust (or required emissions that never reached the gate) blocks **that** branch — it is not a substitute for wiring the gate everywhere it matters, and outcomes can still be **`unknown`** when **`highStakesReliance`** is not **`permitted`** (see [`docs/outcome-certificate-normative.md`](docs/outcome-certificate-normative.md)).
+### Compare two saved Outcome Certificates (semantic diff)
+To compare **trust posture** between two saved **`schemaVersion: 3`** Outcome Certificate JSON files (no workflow payloads or event streams):
+```bash
+npx agentskeptic compare certificates --before ./prior-outcome.json --after ./current-outcome.json
+```
+**Stdout** is **`VerificationDiffCertificateV1`** ([`schemas/verification-diff-certificate-v1.schema.json`](schemas/verification-diff-certificate-v1.schema.json)); **stderr** is human-readable text (not JSON). Multi-run **structural** regression compare still uses **`agentskeptic compare --manifest`** ([`docs/regression-artifact-normative.md`](docs/regression-artifact-normative.md)). Full CLI contract: **[`docs/agentskeptic.md`](docs/agentskeptic.md#verification-diff-outcome-certificate-v3)**.
 ### Install
 ```bash

package/dist/certificateVerificationDiff.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import type { OutcomeCertificateV3, OutcomeCertificateStateRelation } from "./outcomeCertificate.js";
+export declare const VERIFICATION_DIFF_SCHEMA_URL: "https://agentskeptic.com/schemas/verification-diff-certificate-v1.schema.json";
+export declare const VERIFICATION_DIFF_NEXT_STEP: {
+    readonly command: "agentskeptic compare --manifest <compare-run-manifest.json>";
+    readonly docAnchor: "docs/agentskeptic.md#cross-run-comparison-normative";
+};
+export declare const VERIFICATION_DIFF_LIMITS: {
+    readonly certificateOnly: true;
+    readonly noEvents: true;
+    readonly noStepStructuralDiff: true;
+};
+export type PostureMovement = "improved" | "weakened" | "unchanged" | "less_determinate" | "drifted";
+export type DeterminacyClass = "established_positive" | "established_negative" | "not_established";
+export type EvidenceProjection = {
+    blockerCategory: string;
+    supportLabel: string | null;
+};
+export type VerificationDiffCertificateV1 = {
+    $schema: typeof VERIFICATION_DIFF_SCHEMA_URL;
+    schemaVersion: 1;
+    comparisonKind: "outcome_certificate_v3_semantic";
+    workflowId: string;
+    prior: {
+        certificateSha256: string;
+        runKind: OutcomeCertificateV3["runKind"];
+        stateRelation: OutcomeCertificateStateRelation;
+        releaseCriticalVerdict: OutcomeCertificateV3["releaseCriticalVerdict"];
+        highStakesReliance: OutcomeCertificateV3["highStakesReliance"];
+    };
+    current: VerificationDiffCertificateV1["prior"];
+    stateRelation: {
+        prior: OutcomeCertificateStateRelation;
+        current: OutcomeCertificateStateRelation;
+        changed: boolean;
+    };
+    releaseCriticalVerdict: {
+        prior: OutcomeCertificateV3["releaseCriticalVerdict"];
+        current: OutcomeCertificateV3["releaseCriticalVerdict"];
+        changed: boolean;
+    };
+    highStakesReliance: {
+        prior: OutcomeCertificateV3["highStakesReliance"];
+        current: OutcomeCertificateV3["highStakesReliance"];
+        changed: boolean;
+    };
+    runKind: {
+        prior: OutcomeCertificateV3["runKind"];
+        current: OutcomeCertificateV3["runKind"];
+        changed: boolean;
+    };
+    evidenceCompletenessProjection: {
+        prior: EvidenceProjection;
+        current: EvidenceProjection;
+    };
+    completenessChanged: boolean;
+    determinacy: {
+        priorClass: DeterminacyClass;
+        currentClass: DeterminacyClass;
+        priorRank: 0 | 1 | 2;
+        currentRank: 0 | 1 | 2;
+    };
+    lessDeterminate: boolean;
+    postureMovement: PostureMovement;
+    headline: string;
+    recommendedNextAction: string;
+    limits: typeof VERIFICATION_DIFF_LIMITS;
+    nextStepHint: typeof VERIFICATION_DIFF_NEXT_STEP;
+};
+export declare function verificationDiffStderrFirstLine(): string;
+export declare function evidenceProjection(c: OutcomeCertificateV3): EvidenceProjection;
+export declare function canonicalEvidenceFingerprint(proj: EvidenceProjection): string;
+/** Build Verification Diff from two validated Outcome Certificate v3 objects (before = prior artifact, after = current). */
+export declare function buildVerificationDiffFromOutcomeCertificates(before: OutcomeCertificateV3, after: OutcomeCertificateV3): VerificationDiffCertificateV1;
+/** Multi-line stderr block (no JSON) after deterministic first line. */
+export declare function buildVerificationDiffHumanText(diff: VerificationDiffCertificateV1): string;
+export declare function stringifyVerificationDiffCertificate(diff: VerificationDiffCertificateV1): string;
+//# sourceMappingURL=certificateVerificationDiff.d.ts.map

package/dist/certificateVerificationDiff.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"certificateVerificationDiff.d.ts","sourceRoot":"","sources":["../src/certificateVerificationDiff.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,oBAAoB,EAAE,+BAA+B,EAAE,MAAM,yBAAyB,CAAC;AAKrG,eAAO,MAAM,4BAA4B,EACvC,+EAAwF,CAAC;AAE3F,eAAO,MAAM,2BAA2B;;;CAG9B,CAAC;AAEX,eAAO,MAAM,wBAAwB;;;;CAI3B,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,UAAU,GAAG,WAAW,GAAG,kBAAkB,GAAG,SAAS,CAAC;AAErG,MAAM,MAAM,gBAAgB,GAAG,sBAAsB,GAAG,sBAAsB,GAAG,iBAAiB,CAAC;AAEnG,MAAM,MAAM,kBAAkB,GAAG;IAC/B,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG;IAC1C,OAAO,EAAE,OAAO,4BAA4B,CAAC;IAC7C,aAAa,EAAE,CAAC,CAAC;IACjB,cAAc,EAAE,iCAAiC,CAAC;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE;QACL,iBAAiB,EAAE,MAAM,CAAC;QAC1B,OAAO,EAAE,oBAAoB,CAAC,SAAS,CAAC,CAAC;QACzC,aAAa,EAAE,+BAA+B,CAAC;QAC/C,sBAAsB,EAAE,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;QACvE,kBAAkB,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;KAChE,CAAC;IACF,OAAO,EAAE,6BAA6B,CAAC,OAAO,CAAC,CAAC;IAChD,aAAa,EAAE;QAAE,KAAK,EAAE,+BAA+B,CAAC;QAAC,OAAO,EAAE,+BAA+B,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IACtH,sBAAsB,EAAE;QACtB,KAAK,EAAE,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;QACtD,OAAO,EAAE,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;QACxD,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;IACF,kBAAkB,EAAE;QAClB,KAAK,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;QAClD,OAAO,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;QACpD,OAAO,EAAE,OAAO,CAAC;KAClB,CAAC;IACF,OAAO,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAAC,OAAO,EAAE,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAChH,8BAA8B,EAAE;QAAE,KAAK,EAAE,kBAAkB,CAAC;QAAC,OAAO,EAAE,kBAAkB,CAAA;KAAE,CAAC;IAC3F,mBAAmB,EAAE,OAAO,CAAC;IAC7B,WAAW,EAAE;QACX,UAAU,EAAE,gBAAgB,CAAC;QAC7B,YAAY,EAAE,gBAAgB,CAAC;QAC/B,SAAS,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACrB,WAAW,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;KACxB,CAAC;IACF,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,eAAe,CAAC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,OAAO,wBAAwB,CAAC;IACxC,YAAY,EAAE,OAAO,2BAA2B,CAAC;CAClD,CAAC;AAEF,wBAAgB,+BAA+B,IAAI,MAAM,CAExD;AAED,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,oBAAoB,GAAG,kBAAkB,CAS9E;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,kBAAkB,GAAG,MAAM,CAE7E;AA8JD,4HAA4H;AAC5H,wBAAgB,4CAA4C,CAC1D,MAAM,EAAE,oBAAoB,EAC5B,KAAK,EAAE,oBAAoB,GAC1B,6BAA6B,CAwE/B;AAED,wEAAwE;AACxE,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,6BAA6B,GAAG,MAAM,CAe1F;AAED,wBAAgB,oCAAoC,CAAC,IAAI,EAAE,6BAA6B,GAAG,MAAM,CAEhG"}

package/dist/certificateVerificationDiff.js ADDED Viewed

@@ -0,0 +1,249 @@
+/**
+ * Certificate-only Verification Diff kernel (Outcome Certificate v3).
+ * CLASSIFICATION_RULES_SYNC: docs/agentskeptic.md#verification-diff-outcome-certificate-v3 (normative prose)
+ *
+ * Invariant: no workflow results, events, or traces — semantic posture projection only.
+ */
+import { certificateCanonicalDigestHex } from "./certificateDigest.js";
+import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
+import { TruthLayerError } from "./truthLayerError.js";
+import { stringifyWithSortedKeys } from "./sortedJsonStringify.js";
+export const VERIFICATION_DIFF_SCHEMA_URL = "https://agentskeptic.com/schemas/verification-diff-certificate-v1.schema.json";
+export const VERIFICATION_DIFF_NEXT_STEP = {
+    command: "agentskeptic compare --manifest <compare-run-manifest.json>",
+    docAnchor: "docs/agentskeptic.md#cross-run-comparison-normative",
+};
+export const VERIFICATION_DIFF_LIMITS = {
+    certificateOnly: true,
+    noEvents: true,
+    noStepStructuralDiff: true,
+};
+export function verificationDiffStderrFirstLine() {
+    return "verification_diff_certificate: certificate-only semantic comparison (not structural run compare)";
+}
+export function evidenceProjection(c) {
+    const ec = c.evidenceCompleteness;
+    return {
+        blockerCategory: ec.blockerCategory,
+        supportLabel: ec.witnessCoverage?.supportLabel ?? null,
+    };
+}
+export function canonicalEvidenceFingerprint(proj) {
+    return stringifyWithSortedKeys({ blockerCategory: proj.blockerCategory, supportLabel: proj.supportLabel });
+}
+function determinacyClass(sr) {
+    if (sr === "matches_expectations")
+        return "established_positive";
+    if (sr === "does_not_match")
+        return "established_negative";
+    return "not_established";
+}
+function determinacyRank(c) {
+    if (c === "established_positive")
+        return 2;
+    if (c === "established_negative")
+        return 1;
+    return 0;
+}
+function rcScore(rc) {
+    if (rc === "not_trusted")
+        return 0;
+    if (rc === "unknown")
+        return 1;
+    return 2;
+}
+function headlineFor(pm) {
+    switch (pm) {
+        case "unchanged":
+            return "Verification posture unchanged between the two Outcome Certificates (projection-equal).";
+        case "less_determinate":
+            return "Verification became less determinate: trust dimensions lost a determinate established conclusion.";
+        case "improved":
+            return "Verification posture improved between prior and current Outcome Certificates.";
+        case "weakened":
+            return "Verification posture weakened between prior and current Outcome Certificates.";
+        case "drifted":
+            return "Verification posture drifted: material certificate fields changed without a single clear improved/weakened trust story.";
+        default: {
+            const _e = pm;
+            return _e;
+        }
+    }
+}
+function recommendedNextActionFor(pm) {
+    const boundary = "This conclusion is certificate-only semantic diff; it does not inspect events, traces, or step-level workflow structure.";
+    const deeper = ` For structural compare use \`${VERIFICATION_DIFF_NEXT_STEP.command}\` (${VERIFICATION_DIFF_NEXT_STEP.docAnchor}).`;
+    switch (pm) {
+        case "unchanged":
+            return `${boundary}${deeper}`;
+        case "less_determinate":
+            return `Treat the current artifact as withholding a determinate grounding that the prior certificate had; restore observability inputs or rerun verification.${deeper}`;
+        case "improved":
+            return `Promotion decision may proceed consistent with improved trust projections; archive both certificates.${deeper}`;
+        case "weakened":
+            return `Hold promotion or widen review: trust projections regressed versus the prior certificate; remediate downstream state / inputs before relying on current.${deeper}`;
+        case "drifted":
+            return `Reviewer should reconcile why evidence or run posture labels moved while primary trust projections stayed aligned; optionally rerun live verification.${deeper}`;
+        default: {
+            const _e = pm;
+            return _e;
+        }
+    }
+}
+function certificatesSemanticallyEqualForDiff(before, after, fpBefore, fpAfter) {
+    return (before.workflowId === after.workflowId &&
+        before.stateRelation === after.stateRelation &&
+        before.releaseCriticalVerdict === after.releaseCriticalVerdict &&
+        before.highStakesReliance === after.highStakesReliance &&
+        before.runKind === after.runKind &&
+        fpBefore === fpAfter);
+}
+function classifyPostureMovement(before, after, completenessChanged) {
+    const SB = before.stateRelation;
+    const SA = after.stateRelation;
+    /** Steps 2–6 matched earlier (explicit for step 10 guard). */
+    const steps2through6Matched = (SA === "not_established" && SB !== "not_established") ||
+        (SB === "does_not_match" && SA === "matches_expectations") ||
+        (SB === "matches_expectations" && SA === "does_not_match") ||
+        (SB === "not_established" && SA === "matches_expectations") ||
+        (SB === "not_established" && SA === "does_not_match");
+    const fb = canonicalEvidenceFingerprint(evidenceProjection(before));
+    const fa = canonicalEvidenceFingerprint(evidenceProjection(after));
+    // Step 1
+    if (certificatesSemanticallyEqualForDiff(before, after, fb, fa))
+        return "unchanged";
+    // Step 2
+    if (SA === "not_established" && SB !== "not_established")
+        return "less_determinate";
+    // Step 3
+    if (SB === "does_not_match" && SA === "matches_expectations")
+        return "improved";
+    // Step 4
+    if (SB === "matches_expectations" && SA === "does_not_match")
+        return "weakened";
+    // Step 5
+    if (SB === "not_established" && SA === "matches_expectations")
+        return "improved";
+    // Step 6
+    if (SB === "not_established" && SA === "does_not_match")
+        return "weakened";
+    // Step 7
+    if (before.runKind !== after.runKind &&
+        SB === SA &&
+        before.releaseCriticalVerdict === after.releaseCriticalVerdict &&
+        before.highStakesReliance === after.highStakesReliance &&
+        !completenessChanged) {
+        return "drifted";
+    }
+    // Step 8: RC improved + SR not strictly worse (before=matches ∧ after≠matches would be strictly worse SR)
+    if (rcScore(after.releaseCriticalVerdict) > rcScore(before.releaseCriticalVerdict) &&
+        !(SB === "matches_expectations" && SA !== "matches_expectations")) {
+        return "improved";
+    }
+    // Step 9
+    if (rcScore(after.releaseCriticalVerdict) < rcScore(before.releaseCriticalVerdict))
+        return "weakened";
+    // Step 10
+    if (before.highStakesReliance === "prohibited" && after.highStakesReliance === "permitted" && !steps2through6Matched) {
+        return "improved";
+    }
+    // Step 11
+    if (before.highStakesReliance === "permitted" && after.highStakesReliance === "prohibited")
+        return "weakened";
+    // Step 12
+    if (completenessChanged &&
+        SB === SA &&
+        before.releaseCriticalVerdict === after.releaseCriticalVerdict &&
+        before.highStakesReliance === after.highStakesReliance &&
+        before.runKind === after.runKind) {
+        return "drifted";
+    }
+    return "unchanged";
+}
+/** Build Verification Diff from two validated Outcome Certificate v3 objects (before = prior artifact, after = current). */
+export function buildVerificationDiffFromOutcomeCertificates(before, after) {
+    if (before.workflowId !== after.workflowId) {
+        throw new TruthLayerError(CLI_OPERATIONAL_CODES.COMPARE_WORKFLOW_ID_MISMATCH, `Compare certificates: workflowId differs (before=${before.workflowId}, after=${after.workflowId}).`);
+    }
+    const projBefore = evidenceProjection(before);
+    const projAfter = evidenceProjection(after);
+    const completenessChanged = canonicalEvidenceFingerprint(projBefore) !== canonicalEvidenceFingerprint(projAfter);
+    const dcB = determinacyClass(before.stateRelation);
+    const dcA = determinacyClass(after.stateRelation);
+    const pr = determinacyRank(dcB);
+    const cr = determinacyRank(dcA);
+    const lessDeterminate = dcB !== "not_established" && dcA === "not_established";
+    const postureMovement = classifyPostureMovement(before, after, completenessChanged);
+    const priorFace = {
+        certificateSha256: certificateCanonicalDigestHex(before),
+        runKind: before.runKind,
+        stateRelation: before.stateRelation,
+        releaseCriticalVerdict: before.releaseCriticalVerdict,
+        highStakesReliance: before.highStakesReliance,
+    };
+    const currentFace = {
+        certificateSha256: certificateCanonicalDigestHex(after),
+        runKind: after.runKind,
+        stateRelation: after.stateRelation,
+        releaseCriticalVerdict: after.releaseCriticalVerdict,
+        highStakesReliance: after.highStakesReliance,
+    };
+    return {
+        $schema: VERIFICATION_DIFF_SCHEMA_URL,
+        schemaVersion: 1,
+        comparisonKind: "outcome_certificate_v3_semantic",
+        workflowId: before.workflowId,
+        prior: priorFace,
+        current: currentFace,
+        stateRelation: {
+            prior: before.stateRelation,
+            current: after.stateRelation,
+            changed: before.stateRelation !== after.stateRelation,
+        },
+        releaseCriticalVerdict: {
+            prior: before.releaseCriticalVerdict,
+            current: after.releaseCriticalVerdict,
+            changed: before.releaseCriticalVerdict !== after.releaseCriticalVerdict,
+        },
+        highStakesReliance: {
+            prior: before.highStakesReliance,
+            current: after.highStakesReliance,
+            changed: before.highStakesReliance !== after.highStakesReliance,
+        },
+        runKind: {
+            prior: before.runKind,
+            current: after.runKind,
+            changed: before.runKind !== after.runKind,
+        },
+        evidenceCompletenessProjection: { prior: projBefore, current: projAfter },
+        completenessChanged,
+        determinacy: { priorClass: dcB, currentClass: dcA, priorRank: pr, currentRank: cr },
+        lessDeterminate,
+        postureMovement,
+        headline: headlineFor(postureMovement),
+        recommendedNextAction: recommendedNextActionFor(postureMovement),
+        limits: { ...VERIFICATION_DIFF_LIMITS },
+        nextStepHint: { ...VERIFICATION_DIFF_NEXT_STEP },
+    };
+}
+/** Multi-line stderr block (no JSON) after deterministic first line. */
+export function buildVerificationDiffHumanText(diff) {
+    const lines = [
+        verificationDiffStderrFirstLine(),
+        "",
+        diff.headline,
+        "",
+        diff.recommendedNextAction,
+        "",
+        `Posture classification: ${diff.postureMovement}`,
+        "",
+        `State relation: prior=${diff.stateRelation.prior} current=${diff.stateRelation.current}`,
+        "",
+        `Limits: certificateOnly semantic diff (noEvents, noStepStructuralDiff).`,
+    ];
+    return lines.join("\n");
+}
+export function stringifyVerificationDiffCertificate(diff) {
+    return stringifyWithSortedKeys(diff);
+}
+//# sourceMappingURL=certificateVerificationDiff.js.map

package/dist/certificateVerificationDiff.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"certificateVerificationDiff.js","sourceRoot":"","sources":["../src/certificateVerificationDiff.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,6BAA6B,EAAE,MAAM,wBAAwB,CAAC;AAEvE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAEnE,MAAM,CAAC,MAAM,4BAA4B,GACvC,+EAAwF,CAAC;AAE3F,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,OAAO,EAAE,6DAA6D;IACtE,SAAS,EAAE,qDAAqD;CACxD,CAAC;AAEX,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,eAAe,EAAE,IAAI;IACrB,QAAQ,EAAE,IAAI;IACd,oBAAoB,EAAE,IAAI;CAClB,CAAC;AAoDX,MAAM,UAAU,+BAA+B;IAC7C,OAAO,kGAAkG,CAAC;AAC5G,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,CAAuB;IACxD,MAAM,EAAE,GAAG,CAAC,CAAC,oBAGZ,CAAC;IACF,OAAO;QACL,eAAe,EAAE,EAAE,CAAC,eAAe;QACnC,YAAY,EAAE,EAAE,CAAC,eAAe,EAAE,YAAY,IAAI,IAAI;KACvD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,IAAwB;IACnE,OAAO,uBAAuB,CAAC,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;AAC7G,CAAC;AAED,SAAS,gBAAgB,CAAC,EAAmC;IAC3D,IAAI,EAAE,KAAK,sBAAsB;QAAE,OAAO,sBAAsB,CAAC;IACjE,IAAI,EAAE,KAAK,gBAAgB;QAAE,OAAO,sBAAsB,CAAC;IAC3D,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,SAAS,eAAe,CAAC,CAAmB;IAC1C,IAAI,CAAC,KAAK,sBAAsB;QAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,sBAAsB;QAAE,OAAO,CAAC,CAAC;IAC3C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,OAAO,CAAC,EAAkD;IACjE,IAAI,EAAE,KAAK,aAAa;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,CAAC,CAAC;IAC/B,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,WAAW,CAAC,EAAmB;IACtC,QAAQ,EAAE,EAAE,CAAC;QACX,KAAK,WAAW;YACd,OAAO,yFAAyF,CAAC;QACnG,KAAK,kBAAkB;YACrB,OAAO,mGAAmG,CAAC;QAC7G,KAAK,UAAU;YACb,OAAO,+EAA+E,CAAC;QACzF,KAAK,UAAU;YACb,OAAO,+EAA+E,CAAC;QACzF,KAAK,SAAS;YACZ,OAAO,yHAAyH,CAAC;QACnI,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,EAAE,GAAU,EAAE,CAAC;YACrB,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,EAAmB;IACnD,MAAM,QAAQ,GACZ,0HAA0H,CAAC;IAC7H,MAAM,MAAM,GAAG,iCAAiC,2BAA2B,CAAC,OAAO,OAAO,2BAA2B,CAAC,SAAS,IAAI,CAAC;IACpI,QAAQ,EAAE,EAAE,CAAC;QACX,KAAK,WAAW;YACd,OAAO,GAAG,QAAQ,GAAG,MAAM,EAAE,CAAC;QAChC,KAAK,kBAAkB;YACrB,OAAO,wJAAwJ,MAAM,EAAE,CAAC;QAC1K,KAAK,UAAU;YACb,OAAO,wGAAwG,MAAM,EAAE,CAAC;QAC1H,KAAK,UAAU;YACb,OAAO,2JAA2J,MAAM,EAAE,CAAC;QAC7K,KAAK,SAAS;YACZ,OAAO,yJAAyJ,MAAM,EAAE,CAAC;QAC3K,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,EAAE,GAAU,EAAE,CAAC;YACrB,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oCAAoC,CAC3C,MAA4B,EAC5B,KAA2B,EAC3B,QAAgB,EAChB,OAAe;IAEf,OAAO,CACL,MAAM,CAAC,UAAU,KAAK,KAAK,CAAC,UAAU;QACtC,MAAM,CAAC,aAAa,KAAK,KAAK,CAAC,aAAa;QAC5C,MAAM,CAAC,sBAAsB,KAAK,KAAK,CAAC,sBAAsB;QAC9D,MAAM,CAAC,kBAAkB,KAAK,KAAK,CAAC,kBAAkB;QACtD,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO;QAChC,QAAQ,KAAK,OAAO,CACrB,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAC9B,MAA4B,EAC5B,KAA2B,EAC3B,mBAA4B;IAE5B,MAAM,EAAE,GAAG,MAAM,CAAC,aAAa,CAAC;IAChC,MAAM,EAAE,GAAG,KAAK,CAAC,aAAa,CAAC;IAE/B,8DAA8D;IAC9D,MAAM,qBAAqB,GACzB,CAAC,EAAE,KAAK,iBAAiB,IAAI,EAAE,KAAK,iBAAiB,CAAC;QACtD,CAAC,EAAE,KAAK,gBAAgB,IAAI,EAAE,KAAK,sBAAsB,CAAC;QAC1D,CAAC,EAAE,KAAK,sBAAsB,IAAI,EAAE,KAAK,gBAAgB,CAAC;QAC1D,CAAC,EAAE,KAAK,iBAAiB,IAAI,EAAE,KAAK,sBAAsB,CAAC;QAC3D,CAAC,EAAE,KAAK,iBAAiB,IAAI,EAAE,KAAK,gBAAgB,CAAC,CAAC;IAExD,MAAM,EAAE,GAAG,4BAA4B,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,4BAA4B,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC;IAEnE,SAAS;IACT,IAAI,oCAAoC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC;QAAE,OAAO,WAAW,CAAC;IAEpF,SAAS;IACT,IAAI,EAAE,KAAK,iBAAiB,IAAI,EAAE,KAAK,iBAAiB;QAAE,OAAO,kBAAkB,CAAC;IAEpF,SAAS;IACT,IAAI,EAAE,KAAK,gBAAgB,IAAI,EAAE,KAAK,sBAAsB;QAAE,OAAO,UAAU,CAAC;IAEhF,SAAS;IACT,IAAI,EAAE,KAAK,sBAAsB,IAAI,EAAE,KAAK,gBAAgB;QAAE,OAAO,UAAU,CAAC;IAEhF,SAAS;IACT,IAAI,EAAE,KAAK,iBAAiB,IAAI,EAAE,KAAK,sBAAsB;QAAE,OAAO,UAAU,CAAC;IAEjF,SAAS;IACT,IAAI,EAAE,KAAK,iBAAiB,IAAI,EAAE,KAAK,gBAAgB;QAAE,OAAO,UAAU,CAAC;IAE3E,SAAS;IACT,IACE,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO;QAChC,EAAE,KAAK,EAAE;QACT,MAAM,CAAC,sBAAsB,KAAK,KAAK,CAAC,sBAAsB;QAC9D,MAAM,CAAC,kBAAkB,KAAK,KAAK,CAAC,kBAAkB;QACtD,CAAC,mBAAmB,EACpB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0GAA0G;IAC1G,IACE,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC;QAC9E,CAAC,CAAC,EAAE,KAAK,sBAAsB,IAAI,EAAE,KAAK,sBAAsB,CAAC,EACjE,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,SAAS;IACT,IAAI,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC;QAAE,OAAO,UAAU,CAAC;IAEtG,UAAU;IACV,IAAI,MAAM,CAAC,kBAAkB,KAAK,YAAY,IAAI,KAAK,CAAC,kBAAkB,KAAK,WAAW,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACrH,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,UAAU;IACV,IAAI,MAAM,CAAC,kBAAkB,KAAK,WAAW,IAAI,KAAK,CAAC,kBAAkB,KAAK,YAAY;QAAE,OAAO,UAAU,CAAC;IAE9G,UAAU;IACV,IACE,mBAAmB;QACnB,EAAE,KAAK,EAAE;QACT,MAAM,CAAC,sBAAsB,KAAK,KAAK,CAAC,sBAAsB;QAC9D,MAAM,CAAC,kBAAkB,KAAK,KAAK,CAAC,kBAAkB;QACtD,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,EAChC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,4HAA4H;AAC5H,MAAM,UAAU,4CAA4C,CAC1D,MAA4B,EAC5B,KAA2B;IAE3B,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,CAAC,UAAU,EAAE,CAAC;QAC3C,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,4BAA4B,EAClD,oDAAoD,MAAM,CAAC,UAAU,WAAW,KAAK,CAAC,UAAU,IAAI,CACrG,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,mBAAmB,GAAG,4BAA4B,CAAC,UAAU,CAAC,KAAK,4BAA4B,CAAC,SAAS,CAAC,CAAC;IAEjH,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,gBAAgB,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAClD,MAAM,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,eAAe,GAAG,GAAG,KAAK,iBAAiB,IAAI,GAAG,KAAK,iBAAiB,CAAC;IAE/E,MAAM,eAAe,GAAG,uBAAuB,CAAC,MAAM,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAC;IAEpF,MAAM,SAAS,GAAG;QAChB,iBAAiB,EAAE,6BAA6B,CAAC,MAAM,CAAC;QACxD,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,sBAAsB,EAAE,MAAM,CAAC,sBAAsB;QACrD,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;KAC9C,CAAC;IACF,MAAM,WAAW,GAAG;QAClB,iBAAiB,EAAE,6BAA6B,CAAC,KAAK,CAAC;QACvD,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;QACpD,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;KAC7C,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,4BAA4B;QACrC,aAAa,EAAE,CAAC;QAChB,cAAc,EAAE,iCAAiC;QACjD,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,WAAW;QACpB,aAAa,EAAE;YACb,KAAK,EAAE,MAAM,CAAC,aAAa;YAC3B,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,OAAO,EAAE,MAAM,CAAC,aAAa,KAAK,KAAK,CAAC,aAAa;SACtD;QACD,sBAAsB,EAAE;YACtB,KAAK,EAAE,MAAM,CAAC,sBAAsB;YACpC,OAAO,EAAE,KAAK,CAAC,sBAAsB;YACrC,OAAO,EAAE,MAAM,CAAC,sBAAsB,KAAK,KAAK,CAAC,sBAAsB;SACxE;QACD,kBAAkB,EAAE;YAClB,KAAK,EAAE,MAAM,CAAC,kBAAkB;YAChC,OAAO,EAAE,KAAK,CAAC,kBAAkB;YACjC,OAAO,EAAE,MAAM,CAAC,kBAAkB,KAAK,KAAK,CAAC,kBAAkB;SAChE;QACD,OAAO,EAAE;YACP,KAAK,EAAE,MAAM,CAAC,OAAO;YACrB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,OAAO,EAAE,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO;SAC1C;QACD,8BAA8B,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE;QACzE,mBAAmB;QACnB,WAAW,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;QACnF,eAAe;QACf,eAAe;QACf,QAAQ,EAAE,WAAW,CAAC,eAAe,CAAC;QACtC,qBAAqB,EAAE,wBAAwB,CAAC,eAAe,CAAC;QAChE,MAAM,EAAE,EAAE,GAAG,wBAAwB,EAAE;QACvC,YAAY,EAAE,EAAE,GAAG,2BAA2B,EAAE;KACjD,CAAC;AACJ,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,8BAA8B,CAAC,IAAmC;IAChF,MAAM,KAAK,GAAG;QACZ,+BAA+B,EAAE;QACjC,EAAE;QACF,IAAI,CAAC,QAAQ;QACb,EAAE;QACF,IAAI,CAAC,qBAAqB;QAC1B,EAAE;QACF,2BAA2B,IAAI,CAAC,eAAe,EAAE;QACjD,EAAE;QACF,yBAAyB,IAAI,CAAC,aAAa,CAAC,KAAK,YAAY,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE;QACzF,EAAE;QACF,yEAAyE;KAC1E,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,IAAmC;IACtF,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC"}

package/dist/certificateVerificationDiff.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=certificateVerificationDiff.test.d.ts.map

package/dist/certificateVerificationDiff.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"certificateVerificationDiff.test.d.ts","sourceRoot":"","sources":["../src/certificateVerificationDiff.test.ts"],"names":[],"mappings":""}

package/dist/certificateVerificationDiff.test.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { describe, expect, it } from "vitest";
+import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
+import { buildVerificationDiffFromOutcomeCertificates, stringifyVerificationDiffCertificate, } from "./certificateVerificationDiff.js";
+import { loadSchemaValidator } from "./schemaLoad.js";
+import { TruthLayerError } from "./truthLayerError.js";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const root = join(__dirname, "..");
+const casesDir = join(root, "test/fixtures/certificate-diff/cases");
+const expectedDir = join(root, "test/fixtures/certificate-diff/expected");
+const FIXTURE_CASES = [
+    { base: "A.less_determinate", expectedFile: "A.less_determinate.verification-diff.json" },
+    { base: "B.improved", expectedFile: "B.improved.verification-diff.json" },
+    { base: "C.weakened", expectedFile: "C.weakened.verification-diff.json" },
+    { base: "D.improved", expectedFile: "D.improved.verification-diff.json" },
+    { base: "E.weakened", expectedFile: "E.weakened.verification-diff.json" },
+    { base: "F.rc_improved", expectedFile: "F.rc_improved.verification-diff.json" },
+    { base: "G.drifted_runkind", expectedFile: "G.drifted_runkind.verification-diff.json" },
+    { base: "H.drifted_evidence", expectedFile: "H.drifted_evidence.verification-diff.json" },
+];
+describe("certificateVerificationDiff", () => {
+    const validateOutcome = loadSchemaValidator("outcome-certificate-v3");
+    const validateDiff = loadSchemaValidator("verification-diff-certificate-v1");
+    for (const { base, expectedFile } of FIXTURE_CASES) {
+        it(`golden ${base}`, () => {
+            const before = JSON.parse(readFileSync(join(casesDir, `${base}.before.json`), "utf8"));
+            const after = JSON.parse(readFileSync(join(casesDir, `${base}.after.json`), "utf8"));
+            expect(validateOutcome(before), JSON.stringify(validateOutcome.errors)).toBe(true);
+            expect(validateOutcome(after), JSON.stringify(validateOutcome.errors)).toBe(true);
+            const diff = buildVerificationDiffFromOutcomeCertificates(before, after);
+            expect(validateDiff(diff), JSON.stringify(validateDiff.errors)).toBe(true);
+            const expected = readFileSync(join(expectedDir, expectedFile), "utf8").trim();
+            expect(stringifyVerificationDiffCertificate(diff)).toBe(expected);
+        });
+    }
+    it("workflowId mismatch throws TruthLayerError COMPARE_WORKFLOW_ID_MISMATCH", () => {
+        const a = JSON.parse(readFileSync(join(casesDir, "A.less_determinate.before.json"), "utf8"));
+        const b = { ...a, workflowId: "other_wf" };
+        try {
+            buildVerificationDiffFromOutcomeCertificates(a, b);
+            expect.fail("expected throw");
+        }
+        catch (e) {
+            expect(e).toBeInstanceOf(TruthLayerError);
+            const err = e;
+            expect(err.code).toBe(CLI_OPERATIONAL_CODES.COMPARE_WORKFLOW_ID_MISMATCH);
+            expect(err.message).toBe("Compare certificates: workflowId differs (before=wf_fixture_diff, after=other_wf).");
+        }
+    });
+});
+//# sourceMappingURL=certificateVerificationDiff.test.js.map

package/dist/certificateVerificationDiff.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"certificateVerificationDiff.test.js","sourceRoot":"","sources":["../src/certificateVerificationDiff.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EACL,4CAA4C,EAC5C,oCAAoC,GACrC,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,sCAAsC,CAAC,CAAC;AACpE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,yCAAyC,CAAC,CAAC;AAE1E,MAAM,aAAa,GAA6C;IAC9D,EAAE,IAAI,EAAE,oBAAoB,EAAE,YAAY,EAAE,2CAA2C,EAAE;IACzF,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,mCAAmC,EAAE;IACzE,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,mCAAmC,EAAE;IACzE,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,mCAAmC,EAAE;IACzE,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY,EAAE,mCAAmC,EAAE;IACzE,EAAE,IAAI,EAAE,eAAe,EAAE,YAAY,EAAE,sCAAsC,EAAE;IAC/E,EAAE,IAAI,EAAE,mBAAmB,EAAE,YAAY,EAAE,0CAA0C,EAAE;IACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,YAAY,EAAE,2CAA2C,EAAE;CAC1F,CAAC;AAEF,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,MAAM,eAAe,GAAG,mBAAmB,CAAC,wBAAwB,CAAC,CAAC;IACtE,MAAM,YAAY,GAAG,mBAAmB,CAAC,kCAAkC,CAAC,CAAC;IAE7E,KAAK,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,aAAa,EAAE,CAAC;QACnD,EAAE,CAAC,UAAU,IAAI,EAAE,EAAE,GAAG,EAAE;YACxB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,CAAC,CAAY,CAAC;YAClG,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,aAAa,CAAC,EAAE,MAAM,CAAC,CAAY,CAAC;YAChG,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnF,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAElF,MAAM,IAAI,GAAG,4CAA4C,CACvD,MAA8B,EAC9B,KAA6B,CAC9B,CAAC;YACF,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE3E,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9E,MAAM,CAAC,oCAAoC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAClB,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,gCAAgC,CAAC,EAAE,MAAM,CAAC,CAC/C,CAAC;QAC1B,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,UAAU,EAAE,UAAU,EAA0B,CAAC;QACnE,IAAI,CAAC;YACH,4CAA4C,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,CAAoB,CAAC;YACjC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,4BAA4B,CAAC,CAAC;YAC1E,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CACtB,oFAAoF,CACrF,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/cli.js CHANGED Viewed

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
 import { randomUUID } from "node:crypto";
-import { readFileSync, statSync, writeSync } from "fs";
+import { existsSync, readFileSync, statSync, writeSync } from "fs";
 import path from "path";
 import { CLI_OPERATIONAL_CODES, cliErrorEnvelope, formatOperationalMessage, } from "./failureCatalog.js";
+import { buildVerificationDiffFromOutcomeCertificates, buildVerificationDiffHumanText, stringifyVerificationDiffCertificate, } from "./certificateVerificationDiff.js";
 import { buildRegressionArtifactFromCompareManifest, stringifyRegressionArtifact } from "./regressionArtifact.js";
 import { assertValidRunEventParentGraph, buildExecutionTraceView, formatExecutionTraceText } from "./executionTrace.js";
 import { loadEventsForWorkflow } from "./loadEvents.js";
@@ -200,6 +201,9 @@ Exit codes:
   agentskeptic compare --manifest <compare-run-manifest.json>
   Compare runs from a manifest (workflow results + events paths; see docs/regression-artifact-normative.md).
+  agentskeptic compare certificates --before <prior.json> --after <current.json>
+  Compare two saved Outcome Certificate v3 JSON files (semantic projection only; see docs/agentskeptic.md).
   agentskeptic validate-registry --registry <path>
   agentskeptic validate-registry --registry <path> --events <path> --workflow-id <id>
   Validate tools registry JSON (and optionally resolution vs events) without a database.
@@ -467,6 +471,12 @@ function usageCompare() {
   Manifest schema: schemas/compare-run-manifest-v1.schema.json.
   Success: stdout is UTF-8 RegressionArtifactV1 JSON (sorted keys); stderr is artifact.humanText only.
+  agentskeptic compare certificates --before <prior.json> --after <current.json>
+  Validates both inputs as Outcome Certificate v3 (schemas/outcome-certificate-v3.schema.json).
+  Success: stdout is UTF-8 VerificationDiffCertificateV1 JSON (sorted keys); stderr is multi-line human text (not JSON).
+  Do not combine this form with --manifest.
 Exit codes:
   0  comparison succeeded
   3  operational failure (stderr: JSON envelope only; stdout empty)
@@ -1067,9 +1077,91 @@ function runCompareSubcommand(args) {
         console.log(usageCompare());
         process.exit(0);
     }
-    const manifestPath = argValue(args, "--manifest");
-    if (!manifestPath) {
-        writeCliError(CLI_OPERATIONAL_CODES.COMPARE_USAGE, "compare requires --manifest <path>.");
+    const certSubcommand = args[0] === "certificates";
+    const tail = certSubcommand ? args.slice(1) : args;
+    const beforePath = argValue(tail, "--before");
+    const afterPath = argValue(tail, "--after");
+    const manifestPath = argValue(certSubcommand ? tail : args, "--manifest");
+    const certPairRequested = beforePath !== undefined || afterPath !== undefined;
+    if (certPairRequested && !certSubcommand) {
+        writeCliError(CLI_OPERATIONAL_CODES.COMPARE_USAGE, "Outcome certificate compare requires: agentskeptic compare certificates --before <path> --after <path>.");
+        process.exit(3);
+    }
+    if (certSubcommand) {
+        if (manifestPath !== undefined) {
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_USAGE, "Do not combine `compare certificates` with --manifest.");
+            process.exit(3);
+        }
+        if (beforePath === undefined || afterPath === undefined) {
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_USAGE, "compare certificates requires both --before <path> and --after <path>.");
+            process.exit(3);
+        }
+        const validateOutcome = loadSchemaValidator("outcome-certificate-v3");
+        const absBefore = path.resolve(beforePath);
+        const absAfter = path.resolve(afterPath);
+        let rawPrior;
+        let rawCurrent;
+        try {
+            if (!existsSync(absBefore)) {
+                throw new Error(`prior file not found: ${absBefore}`);
+            }
+            if (!existsSync(absAfter)) {
+                throw new Error(`current file not found: ${absAfter}`);
+            }
+            rawPrior = readFileSync(absBefore, "utf8");
+            rawCurrent = readFileSync(absAfter, "utf8");
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : String(e);
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_INPUT_READ_FAILED, formatOperationalMessage(msg));
+            process.exit(3);
+        }
+        let prior;
+        let current;
+        try {
+            prior = JSON.parse(rawPrior);
+        }
+        catch (e) {
+            const m = e instanceof Error ? e.message : String(e);
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_INPUT_JSON_SYNTAX, `prior: ${m}`);
+            process.exit(3);
+        }
+        try {
+            current = JSON.parse(rawCurrent);
+        }
+        catch (e) {
+            const m = e instanceof Error ? e.message : String(e);
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_INPUT_JSON_SYNTAX, `current: ${m}`);
+            process.exit(3);
+        }
+        if (!validateOutcome(prior)) {
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_INPUT_SCHEMA_INVALID, `prior: ${JSON.stringify(validateOutcome.errors ?? [])}`);
+            process.exit(3);
+        }
+        if (!validateOutcome(current)) {
+            writeCliError(CLI_OPERATIONAL_CODES.COMPARE_INPUT_SCHEMA_INVALID, `current: ${JSON.stringify(validateOutcome.errors ?? [])}`);
+            process.exit(3);
+        }
+        let diff;
+        try {
+            diff = buildVerificationDiffFromOutcomeCertificates(prior, current);
+        }
+        catch (e) {
+            if (e instanceof TruthLayerError) {
+                writeCliError(e.code, e.message);
+                process.exit(3);
+            }
+            const msg = e instanceof Error ? e.message : String(e);
+            writeCliError(CLI_OPERATIONAL_CODES.INTERNAL_ERROR, formatOperationalMessage(msg));
+            process.exit(3);
+        }
+        const human = buildVerificationDiffHumanText(diff);
+        process.stderr.write(human.endsWith("\n") ? human : `${human}\n`);
+        process.stdout.write(`${stringifyVerificationDiffCertificate(diff)}\n`);
+        process.exit(0);
+    }
+    if (manifestPath === undefined) {
+        writeCliError(CLI_OPERATIONAL_CODES.COMPARE_USAGE, "compare requires either --manifest <path> or `compare certificates --before … --after …`.");
         process.exit(3);
     }
     let artifact;