deeplink-doctor 1.0.1

package/CHANGELOG.md

@@ -0,0 +1,24 @@
+# Changelog
+
+## [1.0.1](https://github.com/KMavr/deeplink-doctor/compare/deeplink-doctor-v1.0.0...deeplink-doctor-v1.0.1) (2026-06-25)
+
+
+### Bug Fixes
+
+* add repository metadata for provenance ([#16](https://github.com/KMavr/deeplink-doctor/issues/16)) ([7bbb22c](https://github.com/KMavr/deeplink-doctor/commit/7bbb22cbf1d4273cc849738111caa9abc028270c))
+
+## 1.0.0 (2026-06-25)
+
+
+### Features
+
+* parse the expo-router route tree from the app/ directory ([#1](https://github.com/KMavr/deeplink-doctor/issues/1)) ([a574747](https://github.com/KMavr/deeplink-doctor/commit/a574747b7dbdff78020d92c0057cbecf278e77ec))
+* read native deep-link config from `expo config --json` ([#2](https://github.com/KMavr/deeplink-doctor/issues/2)) ([43f4ad5](https://github.com/KMavr/deeplink-doctor/commit/43f4ad51ab9f32f92fe902555caefe119e913d23))
+* reconcile routes against native config — DL001/DL002 + check command ([#3](https://github.com/KMavr/deeplink-doctor/issues/3)) ([8ce30cd](https://github.com/KMavr/deeplink-doctor/commit/8ce30cd30f3b30015dfdf789da8b64e29cab3ef4))
+* add config-hygiene checks DL003 and DL101–DL104 ([#4](https://github.com/KMavr/deeplink-doctor/issues/4)) ([1cce5cc](https://github.com/KMavr/deeplink-doctor/commit/1cce5cc1287345843bfcfda6c14f4a5ea5eac69d))
+* add governed suppressions with DL901/DL902 accountability checks ([#5](https://github.com/KMavr/deeplink-doctor/issues/5)) ([ae7d789](https://github.com/KMavr/deeplink-doctor/commit/ae7d7893ed3949bcb8fb2bdfa53959255b585bf1))
+* verify hosted association files over the network — DL2xx via --remote ([#6](https://github.com/KMavr/deeplink-doctor/issues/6)) ([2ce500f](https://github.com/KMavr/deeplink-doctor/commit/2ce500f3c28c710a7c7f634b7b3f8eca5dc0c9fa))
+* add --config flag for suppression config path ([#7](https://github.com/KMavr/deeplink-doctor/issues/7)) ([cd581fe](https://github.com/KMavr/deeplink-doctor/commit/cd581fe6743af5e7b729ab6f9ac08e3a1d043ae1))
+* add --explain to append finding explanations ([#12](https://github.com/KMavr/deeplink-doctor/issues/12)) ([c0bc95c](https://github.com/KMavr/deeplink-doctor/commit/c0bc95c9d9eb1f5a58db9d48fc06ab308bcbb3e3))
+* add --silent flag to hide warnings ([#11](https://github.com/KMavr/deeplink-doctor/issues/11)) ([3055f94](https://github.com/KMavr/deeplink-doctor/commit/3055f94c73c7d2d65501a28ee1353ef800de35b8))
+* include suppressed findings in JSON output ([#8](https://github.com/KMavr/deeplink-doctor/issues/8)) ([1eb1f13](https://github.com/KMavr/deeplink-doctor/commit/1eb1f13d0f1818bcb164ad4cf95ed1dd36b74e39))

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Konstantinos Mavrikas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,188 @@
+# deeplink-doctor
+
+[![CI](https://github.com/KMavr/deeplink-doctor/actions/workflows/ci.yml/badge.svg)](https://github.com/KMavr/deeplink-doctor/actions/workflows/ci.yml)
+[![npm version](https://img.shields.io/npm/v/deeplink-doctor.svg)](https://www.npmjs.com/package/deeplink-doctor)
+[![npm downloads](https://img.shields.io/npm/dm/deeplink-doctor.svg)](https://www.npmjs.com/package/deeplink-doctor)
+
+> Statically reconcile an Expo project's **route tree**, its **native deep-link
+> config**, and (optionally) its **hosted association files** — and report where
+> they disagree.
+
+Deep links break in ways nothing catches until a user taps one in production: an
+`intentFilter` advertises a path no screen handles, a screen can never be reached
+by any link, or the `apple-app-site-association` file you hosted names the wrong
+bundle. Apple's validator and Android's `pm verify-app-links` check the _hosted
+file_ or _device state_ — none of them read your repo, so none can tell you the
+repo and the config disagree. That repo-aware cross-check is the whole point of
+this tool.
+
+Zero config, no setup, runs over `npx`.
+
+## Quickstart
+
+```sh
+# from the root of an Expo (expo-router) project
+npx deeplink-doctor
+```
+
+That runs every static check — no network, safe on every commit. Add `--remote`
+to also fetch and validate your hosted association files.
+
+Requires Node 18+ and an `expo-router` project (it reads your `app/` directory
+and `npx expo config --json`).
+
+## What it catches
+
+A project can look perfectly configured locally yet be dead in production. Static
+checks run offline:
+
+```sh
+$ npx deeplink-doctor
+  DL001  error  No route handles deep link target "/promo"
+
+1 issue (1 error, 0 warnings)
+```
+
+…and the hosted files are the other half of the handshake. `--remote` fetches
+them and confirms they name _your_ app:
+
+```sh
+$ npx deeplink-doctor check --remote --explain
+  DL202  error  AASA appID does not match ios.bundleIdentifier "com.example.app"
+      The hosted AASA lists no appID matching your ios.bundleIdentifier (an
+      appID is <teamId>.<bundleIdentifier>). iOS will not associate the domain
+      with your app. Fix: add your team + bundle to applinks.details[].appID(s)
+      in the hosted AASA.
+
+  DL203  error  assetlinks.json has no entry for android.package "com.example.app"
+      The hosted assetlinks.json has no statement for your android.package.
+      Android will not verify your App Links. Fix: add a statement whose
+      target.package_name is your package.
+
+2 issues (2 errors, 0 warnings)
+```
+
+Green offline, red against the live world — the classic "works in dev, broken in
+prod." That's exactly the gap `--remote` closes.
+
+## How it works
+
+It reconciles up to three sources of truth:
+
+1. **Route tree** — parses your `app/` directory the way expo-router does
+   (dynamic `[id]`, catch-all `[...rest]`, `(groups)`, `_layout`, `+`-special and
+   API routes).
+2. **Native config** — reads the _resolved_ config from `npx expo config --json`
+   (`scheme`, `ios.associatedDomains`/`bundleIdentifier`, `android.package`/
+   `intentFilters`).
+3. **Hosted association files** _(opt-in, `--remote`)_ — fetches
+   `https://<domain>/.well-known/apple-app-site-association` and
+   `assetlinks.json` and checks they point back at your app.
+
+## Commands
+
+| Command                                     | Description                                     |
+| ------------------------------------------- | ----------------------------------------------- |
+| `deeplink-doctor` / `deeplink-doctor check` | Run the checks and report mismatches (default). |
+| `deeplink-doctor routes`                    | Print the parsed route tree (debug).            |
+
+### Flags (for `check`)
+
+| Flag              | Effect                                                                     |
+| ----------------- | -------------------------------------------------------------------------- |
+| `--remote`        | Also fetch and validate hosted association files (makes network requests). |
+| `--domain <host>` | Override the domain(s) probed by `--remote`.                               |
+| `--strict`        | Promote warnings to failures (non-zero exit on any finding).               |
+| `--silent`        | Hide warnings (errors only). Ignored when `--strict` is set.               |
+| `--explain`       | Append a long-form explanation to each finding.                            |
+| `--config <path>` | Path to a `deeplink.config.json` (defaults to the project root).           |
+| `--json`          | Emit a stable machine-readable schema instead of the human report.         |
+
+### Exit codes
+
+| Code | Meaning                                                            |
+| ---- | ------------------------------------------------------------------ |
+| `0`  | Clean (or only warnings, without `--strict`).                      |
+| `1`  | One or more findings at failure severity.                          |
+| `2`  | Tool or usage error (e.g. not an Expo project, unreadable config). |
+
+## Checks
+
+Severity is the default; `--strict` promotes every warning to a failure.
+
+| Code    | Severity | Meaning                                                             |
+| ------- | -------- | ------------------------------------------------------------------- |
+| `DL001` | error    | A path advertised by the native config matches no route.            |
+| `DL002` | warn     | A deep-linkable route is reachable by no configured link.           |
+| `DL003` | error    | A custom-scheme link is configured but `scheme` is missing.         |
+| `DL101` | error    | An `associatedDomains` entry is missing its `applinks:` prefix.     |
+| `DL102` | error    | `ios.bundleIdentifier` missing while iOS deep links are configured. |
+| `DL103` | error    | `android.package` missing while Android deep links are configured.  |
+| `DL104` | warn     | `intentFilter` has `autoVerify` but no `data.host` to verify.       |
+| `DL201` | error    | A hosted file is unreachable, not JSON, or served via a redirect.   |
+| `DL202` | error    | The AASA names no appID matching `ios.bundleIdentifier`.            |
+| `DL203` | error    | `assetlinks.json` has no entry for `android.package`.               |
+| `DL204` | warn     | The matched `assetlinks` entry has empty cert fingerprints.         |
+| `DL901` | warn     | A suppression rule is missing a `reason`/`owner`.                   |
+| `DL902` | warn     | A suppression rule targets an unknown code (likely a typo).         |
+
+Run `check --explain` to print the full why-and-fix for each finding you have.
+
+## Suppressions
+
+`DL002` in particular is false-positive-prone by design (admin-only or
+intentionally unlinked screens). Suppress findings in a `deeplink.config.json` at
+your project root — but suppressions are **governed**, not silent: each one needs
+a `reason` and an `owner`, so an ignore is always accountable.
+
+```json
+{
+  "ignore": [
+    {
+      "code": "DL002",
+      "route": "/internal/debug",
+      "reason": "admin-only screen, never linked",
+      "owner": "your-handle",
+      "revisitWhen": "expo-router@>=6"
+    }
+  ]
+}
+```
+
+A rule missing `reason`/`owner` raises `DL901`; a rule targeting a code the tool
+doesn't emit raises `DL902`. Suppressed findings stay out of the exit code but are
+reported as a count (and listed in full under `--json`).
+
+## CI
+
+`--json` emits a stable schema for pipelines:
+
+```json
+{
+  "summary": { "total": 2, "errors": 2, "warnings": 0, "suppressed": 1 },
+  "findings": [{ "code": "DL202", "severity": "error", "message": "...", "target": "..." }],
+  "suppressed": [{ "code": "DL002", "severity": "warn", "message": "...", "route": "..." }]
+}
+```
+
+Gate a pull request with the static checks on every push, and the full
+`--remote` run before a release:
+
+```sh
+npx deeplink-doctor --strict            # fast, hermetic, every commit
+npx deeplink-doctor --remote --strict   # full, networked, pre-release
+```
+
+## Scope
+
+v1 is a focused linter for **expo-router** projects. Out of scope (by design):
+
+- **SHA-256 fingerprint verification** against real signing certs — that needs
+  EAS/Play credentials. `DL204` flags an empty fingerprint list; it does not
+  verify the values.
+- **React Navigation `linking.config`** — expo-router is the v1 target.
+- **Runtime/device testing** — `adb` and Apple's validator already own that.
+
+## License
+
+MIT © Konstantinos Mavrikas

package/dist/checks/calculateExitCode.d.ts

@@ -0,0 +1,4 @@
+import type { Finding } from '../types.js';
+export declare const calculateExitCode: (findings: Finding[], options: {
+    strict: boolean;
+}) => 0 | 1;

package/dist/checks/calculateExitCode.js

@@ -0,0 +1,4 @@
+export const calculateExitCode = (findings, options) => findings.some(({ severity }) => severity === 'error' || (severity === 'warn' && options.strict))
+    ? 1
+    : 0;
+//# sourceMappingURL=calculateExitCode.js.map

package/dist/checks/calculateExitCode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"calculateExitCode.js","sourceRoot":"","sources":["../../src/checks/calculateExitCode.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,QAAmB,EAAE,OAA4B,EAAS,EAAE,CAC5F,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9F,CAAC,CAAC,CAAC;IACH,CAAC,CAAC,CAAC,CAAC"}

package/dist/checks/checkAasaAppIds.d.ts

@@ -0,0 +1,2 @@
+import type { AasaModel, Finding, LinkConfig } from '../types.js';
+export declare const checkAasaAppIds: (aasa: AasaModel, config: LinkConfig) => Finding[];

package/dist/checks/checkAasaAppIds.js

@@ -0,0 +1,15 @@
+import { generateFinding } from '../lib/generateFinding.js';
+export const checkAasaAppIds = (aasa, config) => {
+    const bundleIdentifierConfig = config.ios.bundleIdentifier;
+    if (!bundleIdentifierConfig) {
+        return [];
+    }
+    const formattedAppIdsAasa = aasa.appIDs.map((appID) => appID.slice(appID.indexOf('.') + 1));
+    if (formattedAppIdsAasa.includes(bundleIdentifierConfig)) {
+        return [];
+    }
+    return [
+        generateFinding('DL202', `AASA appID does not match ios.bundleIdentifier "${bundleIdentifierConfig}"`),
+    ];
+};
+//# sourceMappingURL=checkAasaAppIds.js.map

package/dist/checks/checkAasaAppIds.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkAasaAppIds.js","sourceRoot":"","sources":["../../src/checks/checkAasaAppIds.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,IAAe,EAAE,MAAkB,EAAa,EAAE;IAChF,MAAM,sBAAsB,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC3D,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC5B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAE5F,IAAI,mBAAmB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;QACzD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO;QACL,eAAe,CACb,OAAO,EACP,mDAAmD,sBAAsB,GAAG,CAC7E;KACF,CAAC;AACJ,CAAC,CAAC"}

package/dist/checks/checkAppIdentifiers.d.ts

@@ -0,0 +1,2 @@
+import type { Finding, LinkConfig } from '../types.js';
+export declare const checkAppIdentifiers: (config: LinkConfig) => Finding[];

package/dist/checks/checkAppIdentifiers.js

@@ -0,0 +1,13 @@
+import { generateFinding } from '../lib/generateFinding.js';
+export const checkAppIdentifiers = (config) => {
+    const missingIosBundleIdentifier = config.ios.associatedDomains.length > 0 && !config.ios.bundleIdentifier
+        ? [
+            generateFinding('DL102', 'ios.bundleIdentifier is required when associatedDomains are configured'),
+        ]
+        : [];
+    const missingAndroidIntentFilters = config.android.intentFilters.length > 0 && !config.android.package
+        ? [generateFinding('DL103', 'android.package is required when intentFilters are configured')]
+        : [];
+    return [...missingIosBundleIdentifier, ...missingAndroidIntentFilters];
+};
+//# sourceMappingURL=checkAppIdentifiers.js.map

package/dist/checks/checkAppIdentifiers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkAppIdentifiers.js","sourceRoot":"","sources":["../../src/checks/checkAppIdentifiers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,MAAkB,EAAa,EAAE;IACnE,MAAM,0BAA0B,GAC9B,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB;QACrE,CAAC,CAAC;YACE,eAAe,CACb,OAAO,EACP,wEAAwE,CACzE;SACF;QACH,CAAC,CAAC,EAAE,CAAC;IAET,MAAM,2BAA2B,GAC/B,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;QAChE,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,EAAE,+DAA+D,CAAC,CAAC;QAC7F,CAAC,CAAC,EAAE,CAAC;IAET,OAAO,CAAC,GAAG,0BAA0B,EAAE,GAAG,2BAA2B,CAAC,CAAC;AACzE,CAAC,CAAC"}

package/dist/checks/checkAssetlinks.d.ts

@@ -0,0 +1,2 @@
+import type { AssetlinkEntry, Finding, LinkConfig } from '../types.js';
+export declare const checkAssetlinks: (assetlinks: AssetlinkEntry[], config: LinkConfig) => Finding[];

package/dist/checks/checkAssetlinks.js

@@ -0,0 +1,21 @@
+import { generateFinding } from '../lib/generateFinding.js';
+export const checkAssetlinks = (assetlinks, config) => {
+    const pkg = config.android.package;
+    if (!pkg) {
+        return [];
+    }
+    if (assetlinks.every(({ packageName }) => packageName !== pkg)) {
+        return [generateFinding('DL203', `assetlinks.json has no entry for android.package "${pkg}"`)];
+    }
+    return assetlinks.flatMap(({ packageName, fingerprints }) => {
+        if (pkg === packageName) {
+            return fingerprints.length > 0
+                ? []
+                : [
+                    generateFinding('DL204', `assetlinks entry for "${pkg}" has an empty sha256_cert_fingerprints array`),
+                ];
+        }
+        return [];
+    });
+};
+//# sourceMappingURL=checkAssetlinks.js.map

package/dist/checks/checkAssetlinks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkAssetlinks.js","sourceRoot":"","sources":["../../src/checks/checkAssetlinks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,UAA4B,EAAE,MAAkB,EAAa,EAAE;IAC7F,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;IACnC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,GAAG,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,eAAe,CAAC,OAAO,EAAE,qDAAqD,GAAG,GAAG,CAAC,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,EAAE,EAAE;QAC1D,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACxB,OAAO,YAAY,CAAC,MAAM,GAAG,CAAC;gBAC5B,CAAC,CAAC,EAAE;gBACJ,CAAC,CAAC;oBACE,eAAe,CACb,OAAO,EACP,yBAAyB,GAAG,+CAA+C,CAC5E;iBACF,CAAC;QACR,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC"}

package/dist/checks/checkAssociatedDomains.d.ts

@@ -0,0 +1,3 @@
+import type { Finding, LinkConfig } from '../types.js';
+export declare const RECOGNIZED_DOMAIN_PREFIXES: string[];
+export declare const checkAssociatedDomains: (config: LinkConfig) => Finding[];

package/dist/checks/checkAssociatedDomains.js

@@ -0,0 +1,7 @@
+import { generateFinding } from '../lib/generateFinding.js';
+export const RECOGNIZED_DOMAIN_PREFIXES = ['applinks:', 'webcredentials:', 'activitycontinuation:'];
+export const checkAssociatedDomains = (config) => {
+    const invalidAssociatedDomains = config.ios.associatedDomains.filter((domain) => RECOGNIZED_DOMAIN_PREFIXES.every((prefix) => !domain.startsWith(prefix)));
+    return invalidAssociatedDomains.map((domain) => generateFinding('DL101', `associatedDomains entry "${domain}" is missing a scheme prefix (e.g. "${RECOGNIZED_DOMAIN_PREFIXES.join('", "')}")`));
+};
+//# sourceMappingURL=checkAssociatedDomains.js.map

package/dist/checks/checkAssociatedDomains.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkAssociatedDomains.js","sourceRoot":"","sources":["../../src/checks/checkAssociatedDomains.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,WAAW,EAAE,iBAAiB,EAAE,uBAAuB,CAAC,CAAC;AAEpG,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,MAAkB,EAAa,EAAE;IACtE,MAAM,wBAAwB,GAAa,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CACxF,0BAA0B,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CACzE,CAAC;IAEF,OAAO,wBAAwB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC7C,eAAe,CACb,OAAO,EACP,4BAA4B,MAAM,uCAAuC,0BAA0B,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CACrH,CACF,CAAC;AACJ,CAAC,CAAC"}

package/dist/checks/checkAutoVerifyHosts.d.ts

@@ -0,0 +1,2 @@
+import type { Finding, LinkConfig } from '../types.js';
+export declare const checkAutoVerifyHosts: (config: LinkConfig) => Finding[];

package/dist/checks/checkAutoVerifyHosts.js

@@ -0,0 +1,6 @@
+import { generateFinding } from '../lib/generateFinding.js';
+export const checkAutoVerifyHosts = (config) => {
+    const missingHostIntentFilters = config.android.intentFilters.filter((intentFilter) => intentFilter.autoVerify && !intentFilter.data.find((item) => item.host !== undefined));
+    return missingHostIntentFilters.map(() => generateFinding('DL104', 'intentFilter has autoVerify enabled but no data.host to verify'));
+};
+//# sourceMappingURL=checkAutoVerifyHosts.js.map

package/dist/checks/checkAutoVerifyHosts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkAutoVerifyHosts.js","sourceRoot":"","sources":["../../src/checks/checkAutoVerifyHosts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,MAAkB,EAAa,EAAE;IACpE,MAAM,wBAAwB,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAClE,CAAC,YAAY,EAAE,EAAE,CACf,YAAY,CAAC,UAAU,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CACxF,CAAC;IAEF,OAAO,wBAAwB,CAAC,GAAG,CAAC,GAAG,EAAE,CACvC,eAAe,CAAC,OAAO,EAAE,gEAAgE,CAAC,CAC3F,CAAC;AACJ,CAAC,CAAC"}

package/dist/checks/checkConfig.d.ts

@@ -0,0 +1,2 @@
+import type { Finding, LinkConfig } from '../types.js';
+export declare const checkConfig: (config: LinkConfig) => Finding[];

package/dist/checks/checkConfig.js

@@ -0,0 +1,11 @@
+import { checkAppIdentifiers } from './checkAppIdentifiers.js';
+import { checkAssociatedDomains } from './checkAssociatedDomains.js';
+import { checkAutoVerifyHosts } from './checkAutoVerifyHosts.js';
+import { checkScheme } from './checkScheme.js';
+export const checkConfig = (config) => [
+    ...checkScheme(config),
+    ...checkAssociatedDomains(config),
+    ...checkAppIdentifiers(config),
+    ...checkAutoVerifyHosts(config),
+];
+//# sourceMappingURL=checkConfig.js.map

package/dist/checks/checkConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkConfig.js","sourceRoot":"","sources":["../../src/checks/checkConfig.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,MAAkB,EAAa,EAAE,CAAC;IAC5D,GAAG,WAAW,CAAC,MAAM,CAAC;IACtB,GAAG,sBAAsB,CAAC,MAAM,CAAC;IACjC,GAAG,mBAAmB,CAAC,MAAM,CAAC;IAC9B,GAAG,oBAAoB,CAAC,MAAM,CAAC;CAChC,CAAC"}

package/dist/checks/checkDeadLinks.d.ts

@@ -0,0 +1,2 @@
+import type { Finding, LinkTarget, PathData } from '../types.js';
+export declare const checkDeadLinks: (routes: PathData[], targets: LinkTarget[]) => Finding[];

package/dist/checks/checkDeadLinks.js

@@ -0,0 +1,9 @@
+import { generateFinding } from '../lib/generateFinding.js';
+import { targetMatchesRoute } from './targetMatchesRoute.js';
+export const checkDeadLinks = (routes, targets) => {
+    const deadTargets = targets.filter((target) => !routes.some((route) => targetMatchesRoute(route, target)));
+    return deadTargets.map((target) => generateFinding('DL001', `No route handles deep link target "${target.raw}"`, {
+        target: target.raw,
+    }));
+};
+//# sourceMappingURL=checkDeadLinks.js.map

package/dist/checks/checkDeadLinks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkDeadLinks.js","sourceRoot":"","sources":["../../src/checks/checkDeadLinks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAE5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,MAAkB,EAAE,OAAqB,EAAa,EAAE;IACrF,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAChC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CACvE,CAAC;IAEF,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAChC,eAAe,CAAC,OAAO,EAAE,sCAAsC,MAAM,CAAC,GAAG,GAAG,EAAE;QAC5E,MAAM,EAAE,MAAM,CAAC,GAAG;KACnB,CAAC,CACH,CAAC;AACJ,CAAC,CAAC"}

package/dist/checks/checkRemote.d.ts

@@ -0,0 +1,2 @@
+import type { AasaModel, AssetlinkEntry, Finding, LinkConfig } from '../types.js';
+export declare const checkRemote: (aasa: AasaModel, assetlinks: AssetlinkEntry[], config: LinkConfig) => Finding[];

package/dist/checks/checkRemote.js

@@ -0,0 +1,4 @@
+import { checkAasaAppIds } from './checkAasaAppIds.js';
+import { checkAssetlinks } from './checkAssetlinks.js';
+export const checkRemote = (aasa, assetlinks, config) => [...checkAasaAppIds(aasa, config), ...checkAssetlinks(assetlinks, config)];
+//# sourceMappingURL=checkRemote.js.map

package/dist/checks/checkRemote.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkRemote.js","sourceRoot":"","sources":["../../src/checks/checkRemote.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,IAAe,EACf,UAA4B,EAC5B,MAAkB,EACP,EAAE,CAAC,CAAC,GAAG,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,GAAG,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC"}

package/dist/checks/checkScheme.d.ts

@@ -0,0 +1,3 @@
+import type { Finding, LinkConfig } from '../types.js';
+export declare const WEB_SCHEMES: string[];
+export declare const checkScheme: (config: LinkConfig) => Finding[];

package/dist/checks/checkScheme.js

@@ -0,0 +1,13 @@
+import { generateFinding } from '../lib/generateFinding.js';
+export const WEB_SCHEMES = ['http', 'https'];
+export const checkScheme = (config) => {
+    const hasNoSchemes = config.schemes.length === 0;
+    const hasCustomScheme = config.android.intentFilters.some(({ data }) => data.some((d) => d.scheme !== undefined && !WEB_SCHEMES.includes(d.scheme.toLowerCase())));
+    if (hasNoSchemes && hasCustomScheme) {
+        return [
+            generateFinding('DL003', 'A custom-scheme deep link is configured but no scheme is declared; set "scheme" in your Expo config'),
+        ];
+    }
+    return [];
+};
+//# sourceMappingURL=checkScheme.js.map

package/dist/checks/checkScheme.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkScheme.js","sourceRoot":"","sources":["../../src/checks/checkScheme.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE7C,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,MAAkB,EAAa,EAAE;IAC3D,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;IACjD,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CACrE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAC1F,CAAC;IACF,IAAI,YAAY,IAAI,eAAe,EAAE,CAAC;QACpC,OAAO;YACL,eAAe,CACb,OAAO,EACP,qGAAqG,CACtG;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC,CAAC"}

package/dist/checks/checkUnreachableRoutes.d.ts

@@ -0,0 +1,2 @@
+import type { Finding, LinkTarget, PathData } from '../types.js';
+export declare const checkUnreachableRoutes: (routes: PathData[], targets: LinkTarget[]) => Finding[];

package/dist/checks/checkUnreachableRoutes.js

@@ -0,0 +1,11 @@
+import { generateFinding } from '../lib/generateFinding.js';
+import { isLinkableRoute } from '../routes/parseRoutePath.js';
+import { targetMatchesRoute } from './targetMatchesRoute.js';
+export const checkUnreachableRoutes = (routes, targets) => {
+    const linkableRoutes = routes.filter((route) => isLinkableRoute(route));
+    const unreachableRoutes = linkableRoutes.filter((route) => targets.every((target) => !targetMatchesRoute(route, target)));
+    return unreachableRoutes.map((route) => generateFinding('DL002', `Route "${route.pathname}" is not reachable by any configured link`, {
+        route: route.pathname,
+    }));
+};
+//# sourceMappingURL=checkUnreachableRoutes.js.map

package/dist/checks/checkUnreachableRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"checkUnreachableRoutes.js","sourceRoot":"","sources":["../../src/checks/checkUnreachableRoutes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,MAAkB,EAAE,OAAqB,EAAa,EAAE;IAC7F,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IAExE,MAAM,iBAAiB,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CACxD,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAC9D,CAAC;IAEF,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACrC,eAAe,CAAC,OAAO,EAAE,UAAU,KAAK,CAAC,QAAQ,2CAA2C,EAAE;QAC5F,KAAK,EAAE,KAAK,CAAC,QAAQ;KACtB,CAAC,CACH,CAAC;AACJ,CAAC,CAAC"}

package/dist/checks/runChecks.d.ts

@@ -0,0 +1,2 @@
+import type { LinkTarget, PathData, Finding } from '../types.js';
+export declare const runChecks: (routes: PathData[], targets: LinkTarget[]) => Finding[];

package/dist/checks/runChecks.js

@@ -0,0 +1,8 @@
+import { checkDeadLinks } from './checkDeadLinks.js';
+import { checkUnreachableRoutes } from './checkUnreachableRoutes.js';
+export const runChecks = (routes, targets) => {
+    const deadLinks = checkDeadLinks(routes, targets);
+    const unreachableRoutes = checkUnreachableRoutes(routes, targets);
+    return [...deadLinks, ...unreachableRoutes];
+};
+//# sourceMappingURL=runChecks.js.map

package/dist/checks/runChecks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runChecks.js","sourceRoot":"","sources":["../../src/checks/runChecks.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAC;AAErE,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,MAAkB,EAAE,OAAqB,EAAa,EAAE;IAChF,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAElE,OAAO,CAAC,GAAG,SAAS,EAAE,GAAG,iBAAiB,CAAC,CAAC;AAC9C,CAAC,CAAC"}

package/dist/checks/targetMatchesRoute.d.ts

@@ -0,0 +1,2 @@
+import type { PathData, LinkTarget } from '../types.js';
+export declare const targetMatchesRoute: (route: PathData, target: LinkTarget) => boolean;

package/dist/checks/targetMatchesRoute.js

@@ -0,0 +1,14 @@
+import { routeHandlesPath } from '../routes/routeHandlesPath.js';
+import { routeHandlesPrefix } from '../routes/routeHandlesPrefix.js';
+export const targetMatchesRoute = (route, target) => {
+    if (target.kind === 'exact') {
+        return routeHandlesPath(route, target.segments);
+    }
+    if (target.kind === 'prefix') {
+        return routeHandlesPrefix(route, target.segments);
+    }
+    const globPatternIndex = target.segments.findIndex((s) => s.includes('.') || s.includes('*'));
+    const truncatedSegments = globPatternIndex === -1 ? target.segments : target.segments.slice(0, globPatternIndex);
+    return routeHandlesPrefix(route, truncatedSegments);
+};
+//# sourceMappingURL=targetMatchesRoute.js.map

package/dist/checks/targetMatchesRoute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"targetMatchesRoute.js","sourceRoot":"","sources":["../../src/checks/targetMatchesRoute.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAGrE,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAe,EAAE,MAAkB,EAAW,EAAE;IACjF,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,OAAO,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,kBAAkB,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAE9F,MAAM,iBAAiB,GACrB,gBAAgB,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;IAEzF,OAAO,kBAAkB,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;AACtD,CAAC,CAAC"}

package/dist/commands/check.d.ts

@@ -0,0 +1,21 @@
+import type { Associations, LinkConfig, PathData, SuppressionRule } from '../types.js';
+type CheckDeps = {
+    readRoutes: (root: string) => PathData[];
+    readLinkConfig: (root: string) => LinkConfig;
+    readSuppressionConfig: (root: string, configPath?: string) => SuppressionRule[];
+    loadAssociations: (domain: string) => Promise<Associations>;
+};
+type CheckOptions = {
+    strict?: boolean;
+    json?: boolean;
+    remote?: boolean;
+    domain?: string;
+    config?: string;
+    silent?: boolean;
+    explain?: boolean;
+};
+export declare const runCheck: (root: string, deps: CheckDeps, options: CheckOptions) => Promise<{
+    report: string;
+    exitCode: 0 | 1 | 2;
+}>;
+export {};

package/dist/commands/check.js

@@ -0,0 +1,42 @@
+import { calculateExitCode } from '../checks/calculateExitCode.js';
+import { checkConfig } from '../checks/checkConfig.js';
+import { checkRemote } from '../checks/checkRemote.js';
+import { runChecks } from '../checks/runChecks.js';
+import { extractDomains } from '../links/extractDomains.js';
+import { extractLinkTargets } from '../links/extractLinkTargets.js';
+import * as human from '../report/human.js';
+import * as json from '../report/json.js';
+import { applySuppressions } from '../suppressions/applySuppressions.js';
+const remoteFindings = async (config, options, loadAssociations) => {
+    if (!options.remote) {
+        return [];
+    }
+    const domains = options.domain ? [options.domain] : extractDomains(config);
+    const associations = await Promise.all(domains.map((domain) => loadAssociations(domain)));
+    return associations.flatMap((association) => [
+        ...association.findings,
+        ...checkRemote(association.aasa, association.assetlinks, config),
+    ]);
+};
+export const runCheck = async (root, deps, options) => {
+    try {
+        const config = deps.readLinkConfig(root);
+        const targets = extractLinkTargets(config);
+        const findings = [
+            ...runChecks(deps.readRoutes(root), targets),
+            ...checkConfig(config),
+            ...(await remoteFindings(config, options, deps.loadAssociations)),
+        ];
+        const { active, suppressed } = applySuppressions(findings, deps.readSuppressionConfig(root, options.config));
+        const silent = options.silent === true && options.strict !== true;
+        const reported = silent ? active.filter((finding) => finding.severity === 'error') : active;
+        const report = options.json
+            ? json.renderFindings(reported, suppressed)
+            : human.renderFindings(reported, suppressed, options.explain);
+        return { report, exitCode: calculateExitCode(reported, { strict: options.strict ?? false }) };
+    }
+    catch (error) {
+        return { report: error instanceof Error ? error.message : String(error), exitCode: 2 };
+    }
+};
+//# sourceMappingURL=check.js.map

package/dist/commands/check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,KAAK,KAAK,MAAM,oBAAoB,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAC;AAmBzE,MAAM,cAAc,GAAG,KAAK,EAC1B,MAAkB,EAClB,OAAqB,EACrB,gBAA+C,EAC3B,EAAE;IACtB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACpB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1F,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3C,GAAG,WAAW,CAAC,QAAQ;QACvB,GAAG,WAAW,CAAC,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC;KACjE,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAC3B,IAAY,EACZ,IAAe,EACf,OAAqB,EAC6B,EAAE;IACpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG;YACf,GAAG,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC;YAC5C,GAAG,WAAW,CAAC,MAAM,CAAC;YACtB,GAAG,CAAC,MAAM,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;SAClE,CAAC;QAEF,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAC9C,QAAQ,EACR,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CACjD,CAAC;QAEF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC;QAClE,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAE5F,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI;YACzB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,CAAC;YAC3C,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,EAAE,CAAC;IAChG,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,MAAM,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzF,CAAC;AACH,CAAC,CAAC"}

package/dist/config/findingExplanations.d.ts

@@ -0,0 +1,2 @@
+import type { FindingCode } from '../types.js';
+export declare const FINDING_EXPLANATIONS: Record<FindingCode, string>;

package/dist/config/findingExplanations.js

@@ -0,0 +1,19 @@
+// Long-form help per finding code, surfaced by `check --explain`. Record<FindingCode, _>
+// is exhaustive — a new code can't ship without an explanation. Prose drafted to
+// say what the code means, why it matters, and how to fix it.
+export const FINDING_EXPLANATIONS = {
+    DL001: 'A path advertised by your native config (an Android intentFilter path/pathPrefix/pathPattern, or a custom-scheme link) matches no route in your app/ tree. The link opens the app but lands nowhere. Fix: add a route that handles the path, or correct/remove the intentFilter entry.',
+    DL002: 'A deep-linkable route exists but no configured link pattern can reach it. This is often intentional (admin or internal-only screens) and is the most false-positive-prone check by design — suppress those in deeplink.config.json. Otherwise add an intentFilter path or associatedDomain so the screen is reachable by a link.',
+    DL003: 'A custom-scheme deep link is configured but no `scheme` is declared in your Expo config. Without a scheme, custom-scheme links cannot resolve. Fix: set `scheme` in app.json/app.config.',
+    DL101: 'An `ios.associatedDomains` entry is missing its service prefix (e.g. `applinks:`). iOS silently ignores malformed entries, so the domain is never associated. Fix: prefix the entry, e.g. `applinks:example.com`.',
+    DL102: 'iOS deep links are configured (associatedDomains present) but `ios.bundleIdentifier` is missing. Universal Links cannot be associated without it. Fix: set `ios.bundleIdentifier`.',
+    DL103: 'Android intent filters are configured but `android.package` is missing. App Links cannot be verified without the package name. Fix: set `android.package`.',
+    DL104: 'An intentFilter has `autoVerify: true` but no `data.host` entries, so Android has nothing to verify. Fix: add a `data.host`, or drop `autoVerify` if the filter is scheme-only.',
+    DL201: 'A hosted association file (AASA or assetlinks.json) is unreachable, not served as JSON, or served via a redirect. Apple and Google reject all three. Fix: serve the file at the exact /.well-known path, as application/json, over HTTPS, with no redirect.',
+    DL202: 'The hosted AASA lists no appID matching your `ios.bundleIdentifier` (an appID is `<teamId>.<bundleIdentifier>`). iOS will not associate the domain with your app. Fix: add your team + bundle to applinks.details[].appID(s) in the hosted AASA.',
+    DL203: 'The hosted assetlinks.json has no statement for your `android.package`. Android will not verify your App Links. Fix: add a statement whose target.package_name is your package.',
+    DL204: 'The matched assetlinks statement has an empty sha256_cert_fingerprints array, so Android has no signing certificate to verify against. Fix: add your app’s release signing SHA-256 fingerprint(s).',
+    DL901: 'A suppression rule is missing a `reason` and/or `owner`. Suppressions are governed — every ignore carries accountability so it can be revisited. Fix: add `reason` and `owner` to the rule in deeplink.config.json.',
+    DL902: 'A suppression rule targets a code this tool never emits — almost always a typo (e.g. DL2O2 instead of DL202). Fix: correct the code, or remove the stale rule.',
+};
+//# sourceMappingURL=findingExplanations.js.map

package/dist/config/findingExplanations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"findingExplanations.js","sourceRoot":"","sources":["../../src/config/findingExplanations.ts"],"names":[],"mappings":"AAEA,yFAAyF;AACzF,iFAAiF;AACjF,8DAA8D;AAC9D,MAAM,CAAC,MAAM,oBAAoB,GAAgC;IAC/D,KAAK,EACH,wRAAwR;IAC1R,KAAK,EACH,kUAAkU;IACpU,KAAK,EACH,0LAA0L;IAC5L,KAAK,EACH,mNAAmN;IACrN,KAAK,EACH,oLAAoL;IACtL,KAAK,EACH,4JAA4J;IAC9J,KAAK,EACH,iLAAiL;IACnL,KAAK,EACH,6PAA6P;IAC/P,KAAK,EACH,kPAAkP;IACpP,KAAK,EACH,iLAAiL;IACnL,KAAK,EACH,oMAAoM;IACtM,KAAK,EACH,qNAAqN;IACvN,KAAK,EACH,gKAAgK;CACnK,CAAC"}