guardrail-ship 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Ship Package Exports
+ */
+export * from "./ship-badge";
+export * from "./mockproof";
+export * from "./reality-mode";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+/**
+ * Ship Package Exports
+ */
+export * from "./ship-badge";
+export * from "./mockproof";
+export * from "./reality-mode";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,gBAAgB,CAAC"}

package/dist/mock-implementation.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=mock-implementation.d.ts.map

package/dist/mock-implementation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mock-implementation.d.ts","sourceRoot":"","sources":["../src/mock-implementation.ts"],"names":[],"mappings":""}

package/dist/mock-implementation.js

@@ -0,0 +1,2 @@
+"use strict";
+//# sourceMappingURL=mock-implementation.js.map

package/dist/mock-implementation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mock-implementation.js","sourceRoot":"","sources":["../src/mock-implementation.ts"],"names":[],"mappings":""}

package/dist/mockproof/__tests__/import-graph-scanner.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Tests for MockProof Build Gate - Import Graph Scanner
+ */
+export {};
+//# sourceMappingURL=import-graph-scanner.test.d.ts.map

package/dist/mockproof/__tests__/import-graph-scanner.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import-graph-scanner.test.d.ts","sourceRoot":"","sources":["../../../src/mockproof/__tests__/import-graph-scanner.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/mockproof/__tests__/import-graph-scanner.test.js

@@ -0,0 +1,92 @@
+/**
+ * Tests for MockProof Build Gate - Import Graph Scanner
+ */
+import * as path from "path";
+import * as fs from "fs";
+import { ImportGraphScanner } from "../import-graph-scanner";
+describe("ImportGraphScanner", () => {
+    let scanner;
+    beforeEach(() => {
+        scanner = new ImportGraphScanner();
+    });
+    describe("scan", () => {
+        it("should detect MockProvider in import chain", async () => {
+            // Create a temp test fixture
+            const tempDir = path.join(__dirname, "__fixtures__", "mock-test");
+            // Skip if fixtures don't exist (test in isolation)
+            if (!fs.existsSync(tempDir)) {
+                console.log("Skipping: no test fixtures");
+                return;
+            }
+            const result = await scanner.scan(tempDir);
+            expect(result).toHaveProperty("verdict");
+            expect(result).toHaveProperty("violations");
+            expect(result).toHaveProperty("scannedFiles");
+        });
+        it("should pass for clean project", async () => {
+            const scanner = new ImportGraphScanner({
+                entrypoints: [],
+                bannedImports: [],
+            });
+            const result = await scanner.scan(__dirname);
+            expect(result.verdict).toBe("pass");
+            expect(result.violations).toHaveLength(0);
+        });
+        it("should generate readable report", async () => {
+            const mockResult = {
+                verdict: "fail",
+                violations: [
+                    {
+                        entrypoint: "src/app/layout.tsx",
+                        bannedImport: "src/contexts/MockProvider.tsx",
+                        importChain: [
+                            "src/app/layout.tsx",
+                            "src/contexts/index.ts",
+                            "src/contexts/MockProvider.tsx",
+                        ],
+                        pattern: "MockProvider",
+                        message: "MockProvider should not be reachable from production entrypoints",
+                    },
+                ],
+                scannedFiles: 42,
+                entrypoints: ["src/app/layout.tsx"],
+                timestamp: new Date().toISOString(),
+                summary: {
+                    totalViolations: 1,
+                    uniqueBannedImports: 1,
+                    affectedEntrypoints: 1,
+                },
+            };
+            const report = scanner.generateReport(mockResult);
+            expect(report).toContain("MockProof Build Gate");
+            expect(report).toContain("FAIL");
+            expect(report).toContain("MockProvider");
+            expect(report).toContain("src/app/layout.tsx");
+        });
+    });
+    describe("banned patterns", () => {
+        it("should have default banned patterns", () => {
+            const scanner = new ImportGraphScanner();
+            // Access private config via any for testing
+            const config = scanner.config;
+            expect(config.bannedImports.length).toBeGreaterThan(0);
+            expect(config.bannedImports.some((p) => p.pattern === "MockProvider")).toBe(true);
+            expect(config.bannedImports.some((p) => p.pattern.includes("localhost"))).toBe(true);
+        });
+        it("should allow custom banned patterns", () => {
+            const customScanner = new ImportGraphScanner({
+                bannedImports: [
+                    {
+                        pattern: "MyCustomMock",
+                        message: "Custom mock not allowed",
+                        isRegex: false,
+                        allowedIn: ["**/__tests__/**"],
+                    },
+                ],
+            });
+            const config = customScanner.config;
+            expect(config.bannedImports.some((p) => p.pattern === "MyCustomMock")).toBe(true);
+        });
+    });
+});
+//# sourceMappingURL=import-graph-scanner.test.js.map

package/dist/mockproof/__tests__/import-graph-scanner.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"import-graph-scanner.test.js","sourceRoot":"","sources":["../../../src/mockproof/__tests__/import-graph-scanner.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAI,OAA2B,CAAC;IAEhC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,GAAG,IAAI,kBAAkB,EAAE,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,6BAA6B;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC;YAElE,mDAAmD;YACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,OAAO,GAAG,IAAI,kBAAkB,CAAC;gBACrC,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,EAAE;aAClB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,UAAU,GAAG;gBACjB,OAAO,EAAE,MAAe;gBACxB,UAAU,EAAE;oBACV;wBACE,UAAU,EAAE,oBAAoB;wBAChC,YAAY,EAAE,+BAA+B;wBAC7C,WAAW,EAAE;4BACX,oBAAoB;4BACpB,uBAAuB;4BACvB,+BAA+B;yBAChC;wBACD,OAAO,EAAE,cAAc;wBACvB,OAAO,EACL,kEAAkE;qBACrE;iBACF;gBACD,YAAY,EAAE,EAAE;gBAChB,WAAW,EAAE,CAAC,oBAAoB,CAAC;gBACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE;oBACP,eAAe,EAAE,CAAC;oBAClB,mBAAmB,EAAE,CAAC;oBACtB,mBAAmB,EAAE,CAAC;iBACvB;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAElD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,OAAO,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACzC,4CAA4C;YAC5C,MAAM,MAAM,GAAI,OAAe,CAAC,MAAM,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACvD,MAAM,CACJ,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC,CACpE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,MAAM,CACJ,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CACvE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACf,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,aAAa,GAAG,IAAI,kBAAkB,CAAC;gBAC3C,aAAa,EAAE;oBACb;wBACE,OAAO,EAAE,cAAc;wBACvB,OAAO,EAAE,yBAAyB;wBAClC,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,CAAC,iBAAiB,CAAC;qBAC/B;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,MAAM,GAAI,aAAqB,CAAC,MAAM,CAAC;YAC7C,MAAM,CACJ,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC,CACpE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/mockproof/import-graph-scanner.d.ts

@@ -0,0 +1,93 @@
+/**
+ * MockProof Build Gate - Import Graph Scanner
+ *
+ * Scans the import graph from production entrypoints to detect
+ * banned imports (MockProvider, useMock, mock-context, localhost, etc.)
+ * that would ship to production.
+ *
+ * This is the "one rule, one red line" feature that vibecoders love.
+ */
+export interface BannedImport {
+    pattern: string;
+    message: string;
+    isRegex: boolean;
+    allowedIn: string[];
+}
+export interface ImportNode {
+    file: string;
+    imports: string[];
+    importedBy: string[];
+}
+export interface ViolationPath {
+    entrypoint: string;
+    bannedImport: string;
+    importChain: string[];
+    pattern: string;
+    message: string;
+}
+export interface MockProofResult {
+    verdict: "pass" | "fail";
+    violations: ViolationPath[];
+    scannedFiles: number;
+    entrypoints: string[];
+    timestamp: string;
+    summary: {
+        totalViolations: number;
+        uniqueBannedImports: number;
+        affectedEntrypoints: number;
+    };
+}
+export interface MockProofConfig {
+    entrypoints: string[];
+    bannedImports: BannedImport[];
+    excludeDirs: string[];
+    includeExtensions: string[];
+}
+export declare class ImportGraphScanner {
+    private config;
+    private importGraph;
+    private fileContents;
+    constructor(config?: Partial<MockProofConfig>);
+    /**
+     * Scan a project for banned imports reachable from production entrypoints
+     */
+    scan(projectPath: string): Promise<MockProofResult>;
+    /**
+     * Find all source files in the project
+     */
+    private findSourceFiles;
+    /**
+     * Parse a file and extract its imports
+     */
+    private parseFile;
+    /**
+     * Extract import statements from file content
+     */
+    private extractImports;
+    /**
+     * Resolve an import path to an absolute file path
+     */
+    private resolveImport;
+    /**
+     * Trace from an entrypoint to find all reachable files with violations
+     */
+    private traceFromEntrypoint;
+    /**
+     * Check if a file matches any allowed patterns
+     */
+    private isFileAllowed;
+    /**
+     * Simple glob matching
+     */
+    private matchGlob;
+    /**
+     * Escape special regex characters
+     */
+    private escapeRegex;
+    /**
+     * Generate a human-readable report
+     */
+    generateReport(result: MockProofResult): string;
+}
+export declare const importGraphScanner: ImportGraphScanner;
+//# sourceMappingURL=import-graph-scanner.d.ts.map

package/dist/mockproof/import-graph-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import-graph-scanner.d.ts","sourceRoot":"","sources":["../../src/mockproof/import-graph-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE;QACP,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAwGD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,WAAW,CAAsC;IACzD,OAAO,CAAC,YAAY,CAAkC;gBAE1C,MAAM,GAAE,OAAO,CAAC,eAAe,CAAM;IAIjD;;OAEG;IACG,IAAI,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IA8CzD;;OAEG;YACW,eAAe;IAkC7B;;OAEG;YACW,SAAS;IA8BvB;;OAEG;IACH,OAAO,CAAC,cAAc;IA8BtB;;OAEG;IACH,OAAO,CAAC,aAAa;IA6CrB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAuD3B;;OAEG;IACH,OAAO,CAAC,aAAa;IAgBrB;;OAEG;IACH,OAAO,CAAC,SAAS;IAYjB;;OAEG;IACH,OAAO,CAAC,WAAW;IAInB;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM;CAsEhD;AAED,eAAO,MAAM,kBAAkB,oBAA2B,CAAC"}

package/dist/mockproof/import-graph-scanner.js

@@ -0,0 +1,411 @@
+/**
+ * MockProof Build Gate - Import Graph Scanner
+ *
+ * Scans the import graph from production entrypoints to detect
+ * banned imports (MockProvider, useMock, mock-context, localhost, etc.)
+ * that would ship to production.
+ *
+ * This is the "one rule, one red line" feature that vibecoders love.
+ */
+import * as fs from "fs";
+import * as path from "path";
+const DEFAULT_BANNED_IMPORTS = [
+    {
+        pattern: "MockProvider",
+        message: "MockProvider should not be reachable from production entrypoints",
+        isRegex: false,
+        allowedIn: [
+            "**/__tests__/**",
+            "**/test/**",
+            "**/stories/**",
+            "**/landing/**",
+            "**/*.test.*",
+            "**/*.spec.*",
+        ],
+    },
+    {
+        pattern: "useMock",
+        message: "useMock hook should not be reachable from production entrypoints",
+        isRegex: false,
+        allowedIn: ["**/__tests__/**", "**/test/**", "**/stories/**"],
+    },
+    {
+        pattern: "mock-context",
+        message: "mock-context imports are not allowed in production",
+        isRegex: false,
+        allowedIn: ["**/__tests__/**", "**/test/**"],
+    },
+    {
+        pattern: "localhost:\\d+",
+        message: "Hardcoded localhost URLs will break in production",
+        isRegex: true,
+        allowedIn: [
+            "**/*.test.*",
+            "**/*.spec.*",
+            "**/docs/**",
+            "**/.env.example",
+            "**/e2e/**",
+        ],
+    },
+    {
+        pattern: "jsonplaceholder\\.typicode\\.com",
+        message: "JSONPlaceholder is a mock API - not for production",
+        isRegex: true,
+        allowedIn: ["**/__tests__/**", "**/docs/**", "**/examples/**"],
+    },
+    {
+        pattern: "\\.ngrok\\.io",
+        message: "ngrok URLs are temporary and will break in production",
+        isRegex: true,
+        allowedIn: ["**/__tests__/**", "**/docs/**"],
+    },
+    {
+        pattern: "sk_test_|pk_test_",
+        message: "Test API keys should not be in production code",
+        isRegex: true,
+        allowedIn: ["**/__tests__/**", "**/docs/**", "**/*.example"],
+    },
+    {
+        pattern: "demo_|inv_demo|fake_",
+        message: "Demo/fake identifiers detected - not for production",
+        isRegex: true,
+        allowedIn: ["**/__tests__/**", "**/docs/**"],
+    },
+    {
+        pattern: "DEMO_MODE|MOCK_MODE|USE_MOCKS",
+        message: "Feature flags for mock mode detected",
+        isRegex: true,
+        allowedIn: ["**/__tests__/**", "**/.env.example"],
+    },
+];
+const DEFAULT_CONFIG = {
+    entrypoints: [
+        "src/app/layout.tsx",
+        "src/app/page.tsx",
+        "src/pages/_app.tsx",
+        "src/pages/index.tsx",
+        "src/index.tsx",
+        "src/main.tsx",
+        "apps/web-ui/src/app/layout.tsx",
+        "apps/web-ui/src/app/page.tsx",
+        "apps/api/src/index.ts",
+        "apps/api/src/main.ts",
+    ],
+    bannedImports: DEFAULT_BANNED_IMPORTS,
+    excludeDirs: [
+        "node_modules",
+        ".git",
+        ".next",
+        "dist",
+        "build",
+        "coverage",
+        "__tests__",
+        "__mocks__",
+        "test",
+        "tests",
+        "e2e",
+        "stories",
+        ".storybook",
+    ],
+    includeExtensions: [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"],
+};
+export class ImportGraphScanner {
+    config;
+    importGraph = new Map();
+    fileContents = new Map();
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+    }
+    /**
+     * Scan a project for banned imports reachable from production entrypoints
+     */
+    async scan(projectPath) {
+        this.importGraph.clear();
+        this.fileContents.clear();
+        // 1. Find all source files
+        const files = await this.findSourceFiles(projectPath);
+        // 2. Build import graph
+        for (const file of files) {
+            await this.parseFile(file, projectPath);
+        }
+        // 3. Find valid entrypoints
+        const validEntrypoints = this.config.entrypoints
+            .map((ep) => path.join(projectPath, ep))
+            .filter((ep) => fs.existsSync(ep));
+        // 4. Trace from entrypoints to find violations
+        const violations = [];
+        for (const entrypoint of validEntrypoints) {
+            const entrypointViolations = this.traceFromEntrypoint(entrypoint, projectPath);
+            violations.push(...entrypointViolations);
+        }
+        // 5. Build result
+        const uniqueBanned = new Set(violations.map((v) => v.bannedImport));
+        const affectedEntrypoints = new Set(violations.map((v) => v.entrypoint));
+        return {
+            verdict: violations.length > 0 ? "fail" : "pass",
+            violations,
+            scannedFiles: this.importGraph.size,
+            entrypoints: validEntrypoints.map((ep) => path.relative(projectPath, ep)),
+            timestamp: new Date().toISOString(),
+            summary: {
+                totalViolations: violations.length,
+                uniqueBannedImports: uniqueBanned.size,
+                affectedEntrypoints: affectedEntrypoints.size,
+            },
+        };
+    }
+    /**
+     * Find all source files in the project
+     */
+    async findSourceFiles(projectPath) {
+        const files = [];
+        const walk = async (dir) => {
+            try {
+                const entries = await fs.promises.readdir(dir, { withFileTypes: true });
+                for (const entry of entries) {
+                    const fullPath = path.join(dir, entry.name);
+                    if (entry.isDirectory()) {
+                        // Skip excluded directories
+                        if (!this.config.excludeDirs.includes(entry.name) &&
+                            !entry.name.startsWith(".")) {
+                            await walk(fullPath);
+                        }
+                    }
+                    else if (entry.isFile()) {
+                        const ext = path.extname(entry.name);
+                        if (this.config.includeExtensions.includes(ext)) {
+                            files.push(fullPath);
+                        }
+                    }
+                }
+            }
+            catch (error) {
+                // Skip directories that can't be read
+            }
+        };
+        await walk(projectPath);
+        return files;
+    }
+    /**
+     * Parse a file and extract its imports
+     */
+    async parseFile(filePath, projectPath) {
+        try {
+            const content = await fs.promises.readFile(filePath, "utf-8");
+            this.fileContents.set(filePath, content);
+            const imports = this.extractImports(content, filePath, projectPath);
+            const node = {
+                file: filePath,
+                imports,
+                importedBy: [],
+            };
+            this.importGraph.set(filePath, node);
+            // Update importedBy for resolved imports
+            for (const imp of imports) {
+                const resolved = this.resolveImport(imp, filePath, projectPath);
+                if (resolved && this.importGraph.has(resolved)) {
+                    this.importGraph.get(resolved).importedBy.push(filePath);
+                }
+            }
+        }
+        catch (error) {
+            // Skip files that can't be read
+        }
+    }
+    /**
+     * Extract import statements from file content
+     */
+    extractImports(content, filePath, projectPath) {
+        const imports = [];
+        // ES6 imports: import X from 'Y', import { X } from 'Y', import 'Y'
+        const es6ImportRegex = /import\s+(?:(?:\{[^}]*\}|[\w*]+(?:\s+as\s+\w+)?|\*\s+as\s+\w+)\s+from\s+)?['"]([^'"]+)['"]/g;
+        let match;
+        while ((match = es6ImportRegex.exec(content)) !== null) {
+            if (match[1])
+                imports.push(match[1]);
+        }
+        // Dynamic imports: import('Y')
+        const dynamicImportRegex = /import\s*\(\s*['"]([^'"]+)['"]\s*\)/g;
+        while ((match = dynamicImportRegex.exec(content)) !== null) {
+            if (match[1])
+                imports.push(match[1]);
+        }
+        // CommonJS requires: require('Y')
+        const requireRegex = /require\s*\(\s*['"]([^'"]+)['"]\s*\)/g;
+        while ((match = requireRegex.exec(content)) !== null) {
+            if (match[1])
+                imports.push(match[1]);
+        }
+        return imports;
+    }
+    /**
+     * Resolve an import path to an absolute file path
+     */
+    resolveImport(importPath, fromFile, projectPath) {
+        // Skip node_modules imports
+        if (!importPath.startsWith(".") &&
+            !importPath.startsWith("/") &&
+            !importPath.startsWith("@/")) {
+            return null;
+        }
+        const fromDir = path.dirname(fromFile);
+        let resolved;
+        if (importPath.startsWith("@/")) {
+            // Alias resolution (common in Next.js/React projects)
+            resolved = path.join(projectPath, "src", importPath.slice(2));
+        }
+        else {
+            resolved = path.resolve(fromDir, importPath);
+        }
+        // Try different extensions
+        for (const ext of [
+            "",
+            ".ts",
+            ".tsx",
+            ".js",
+            ".jsx",
+            "/index.ts",
+            "/index.tsx",
+            "/index.js",
+            "/index.jsx",
+        ]) {
+            const candidate = resolved + ext;
+            if (fs.existsSync(candidate) && fs.statSync(candidate).isFile()) {
+                return candidate;
+            }
+        }
+        return null;
+    }
+    /**
+     * Trace from an entrypoint to find all reachable files with violations
+     */
+    traceFromEntrypoint(entrypoint, projectPath) {
+        const violations = [];
+        const visited = new Set();
+        const queue = [
+            { file: entrypoint, chain: [entrypoint] },
+        ];
+        while (queue.length > 0) {
+            const { file, chain } = queue.shift();
+            if (visited.has(file))
+                continue;
+            visited.add(file);
+            const content = this.fileContents.get(file);
+            if (!content)
+                continue;
+            // Check for banned patterns in file content
+            for (const banned of this.config.bannedImports) {
+                if (this.isFileAllowed(file, banned.allowedIn, projectPath)) {
+                    continue;
+                }
+                const regex = banned.isRegex
+                    ? new RegExp(banned.pattern, "g")
+                    : new RegExp(this.escapeRegex(banned.pattern), "g");
+                if (regex.test(content)) {
+                    violations.push({
+                        entrypoint: path.relative(projectPath, entrypoint),
+                        bannedImport: path.relative(projectPath, file),
+                        importChain: chain.map((f) => path.relative(projectPath, f)),
+                        pattern: banned.pattern,
+                        message: banned.message,
+                    });
+                }
+            }
+            // Add imports to queue
+            const node = this.importGraph.get(file);
+            if (node) {
+                for (const imp of node.imports) {
+                    const resolved = this.resolveImport(imp, file, projectPath);
+                    if (resolved && !visited.has(resolved)) {
+                        queue.push({ file: resolved, chain: [...chain, resolved] });
+                    }
+                }
+            }
+        }
+        return violations;
+    }
+    /**
+     * Check if a file matches any allowed patterns
+     */
+    isFileAllowed(file, allowedPatterns, projectPath) {
+        const relativePath = path.relative(projectPath, file);
+        for (const pattern of allowedPatterns) {
+            if (this.matchGlob(relativePath, pattern)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Simple glob matching
+     */
+    matchGlob(filePath, pattern) {
+        // Convert glob to regex
+        const regexPattern = pattern
+            .replace(/\*\*/g, "{{DOUBLE_STAR}}")
+            .replace(/\*/g, "[^/]*")
+            .replace(/\{\{DOUBLE_STAR\}\}/g, ".*")
+            .replace(/\?/g, ".");
+        const regex = new RegExp(`^${regexPattern}$`);
+        return regex.test(filePath.replace(/\\/g, "/"));
+    }
+    /**
+     * Escape special regex characters
+     */
+    escapeRegex(str) {
+        return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    }
+    /**
+     * Generate a human-readable report
+     */
+    generateReport(result) {
+        const lines = [];
+        lines.push("╔══════════════════════════════════════════════════════════════╗");
+        lines.push("║           🛡️  MockProof Build Gate Report  🛡️               ║");
+        lines.push("╚══════════════════════════════════════════════════════════════╝");
+        lines.push("");
+        if (result.verdict === "pass") {
+            lines.push("✅ VERDICT: PASS - No banned imports reachable from production");
+            lines.push("");
+            lines.push(`   Scanned ${result.scannedFiles} files from ${result.entrypoints.length} entrypoints`);
+        }
+        else {
+            lines.push("❌ VERDICT: FAIL - Banned imports detected in production code");
+            lines.push("");
+            lines.push(`   Found ${result.summary.totalViolations} violations`);
+            lines.push(`   ${result.summary.uniqueBannedImports} unique banned patterns`);
+            lines.push(`   ${result.summary.affectedEntrypoints} affected entrypoints`);
+            lines.push("");
+            lines.push("─".repeat(64));
+            lines.push("");
+            // Group violations by entrypoint
+            const byEntrypoint = new Map();
+            for (const v of result.violations) {
+                if (!byEntrypoint.has(v.entrypoint)) {
+                    byEntrypoint.set(v.entrypoint, []);
+                }
+                byEntrypoint.get(v.entrypoint).push(v);
+            }
+            byEntrypoint.forEach((violations, entrypoint) => {
+                lines.push(`📍 Entrypoint: ${entrypoint}`);
+                lines.push("");
+                for (const v of violations) {
+                    lines.push(`   ❌ ${v.pattern}`);
+                    lines.push(`      Message: ${v.message}`);
+                    lines.push(`      Found in: ${v.bannedImport}`);
+                    lines.push(`      Import chain:`);
+                    for (let i = 0; i < v.importChain.length; i++) {
+                        const prefix = i === 0 ? "      📦" : "         ↓";
+                        lines.push(`${prefix} ${v.importChain[i]}`);
+                    }
+                    lines.push("");
+                }
+            });
+        }
+        lines.push("─".repeat(64));
+        lines.push(`Generated: ${result.timestamp}`);
+        return lines.join("\n");
+    }
+}
+export const importGraphScanner = new ImportGraphScanner();
+//# sourceMappingURL=import-graph-scanner.js.map