limina 0.0.2 → 0.0.3

package/cli.js

@@ -1,18 +1,18 @@
 #!/usr/bin/env node
 import "./chunks/dep-lkQg1P9Q.js";
-import { d as normalizeSlashes, f as normalizeWorkspacePath, h as toRelativePath, i as loadConfig, l as isPathInsideDirectory, m as toPosixPath, n as getActiveCheckerExtensions, p as toAbsolutePath, r as getActiveCheckers, u as normalizeAbsolutePath } from "./chunks/dep-jgc7X0zw.js";
-import { A as shouldResolveThroughGraph$1, B as createExtensionPattern, C as formatArtifactDependencyPolicy, D as isRelativeSpecifier, E as isDtsProjectConfig, F as collectCheckerEntryProjectRoutes, G as isDtsConfigPath, H as formatReferences, I as collectGraphProjectRoute, J as parseProjectFileNamesForExtensions, K as isOrdinaryTypecheckConfigPath, L as collectGraphProjectRouteFromRoot, M as collectWorkspacePackages, N as findPackageForSpecifier, O as parseProject$1, P as getPackageRootSpecifier, R as collectGraphProjectRoutes, S as findTargetProject, T as inferPackageProject$1, U as getDtsCompanionConfigPath, V as createFormatHost, W as getRawReferencePaths, X as resolveProjectConfigPath, Y as readJsonConfig, Z as resolveReferencePath, _ as normalizeGraphRules, a as runSourceCheck, b as findImporterForFile$1, c as GraphLogger, d as ProofLogger, f as clearCliScreen, g as getDeniedRefRule, h as getDeniedDepRuleForSpecifier, i as runCheckerTypecheck, j as collectImporters, k as resolveInternalImport$1, l as PackageLogger, m as getDeniedDepRuleForPackage, n as createLiminaFlowReporter, o as runInit, p as formatErrorMessage$1, q as parseProjectFileNames, r as runCheckerBuild, s as CliLogger, u as PathsLogger, v as collectImportsFromFile$1, w as getTypecheckConfigPath, x as findPackageForFile, y as createFileOwnerLookup$1 } from "./chunks/dep-uPXyoC0V.js";
-import { builtinModules } from "node:module";
+import { c as getCheckerAdapter, d as normalizeAbsolutePath, f as normalizeSlashes, g as toRelativePath, h as toPosixPath, i as loadConfig, l as normalizeExtensions, m as toAbsolutePath, n as getActiveCheckerExtensions, p as normalizeWorkspacePath, r as getActiveCheckers, u as isPathInsideDirectory } from "./chunks/dep-DzYrmtQJ.js";
+import { A as shouldResolveThroughGraph$1, B as collectGraphProjectRoutes, C as formatArtifactDependencyPolicy, D as isRelativeSpecifier, E as isDtsProjectConfig, F as getPublishDependencySections, G as formatReferences, H as createExtensionPattern, I as isWorkspaceDependencySpecifier, J as isOrdinaryTypecheckConfigPath, K as getDtsCompanionConfigPath, L as collectCheckerEntryProjectRoutes, M as collectWorkspacePackages, N as findPackageForSpecifier, O as parseProject$1, P as getPackageRootSpecifier, Q as resolveReferencePath, R as collectGraphProjectRoute, S as findTargetProject, T as inferPackageProject$1, U as createExtraFileExtensions, V as collectSourceGraphProjectExtensions, W as createFormatHost, X as readJsonConfig, Y as parseProjectFileNamesForExtensions, Z as resolveProjectConfigPath, _ as normalizeGraphRules, a as runSourceCheck, b as findImporterForFile$1, c as GraphLogger, d as ProofLogger, f as clearCliScreen, g as getDeniedRefRule, h as getDeniedDepRuleForSpecifier, i as runCheckerTypecheck, j as collectImporters, k as resolveInternalImport$1, l as PackageLogger, m as getDeniedDepRuleForPackage, n as createLiminaFlowReporter, o as runInit, p as formatErrorMessage$1, q as getRawReferencePaths, r as runCheckerBuild, s as CliLogger, u as PathsLogger, v as collectImportsFromFile$1, w as getTypecheckConfigPath, x as findPackageForFile, y as createFileOwnerLookup$1, z as collectGraphProjectRouteFromRoot } from "./chunks/dep-UWxsul2A.js";
+import { builtinModules, createRequire } from "node:module";
 import { cac } from "cac";
 import { createElapsedTimer } from "logaria/helper";
 import { existsSync, readFileSync } from "node:fs";
 import path from "node:path";
 import ts from "typescript";
-import { spawn, spawnSync } from "node:child_process";
+import { execFile, spawn, spawnSync } from "node:child_process";
 import { glob } from "tinyglobby";
 import { mkdir, mkdtemp, readFile, readdir, rm, writeFile } from "node:fs/promises";
 import { checkPackage, createPackageFromTarballData } from "@arethetypeswrong/core";
-import { pack } from "@publint/pack";
+import { pack, unpack } from "@publint/pack";
 import { init, parse } from "es-module-lexer";
 import { tmpdir } from "node:os";
 import { publint } from "publint";
@@ -112,7 +112,7 @@ function addTypecheckParityProblems(config, dtsProject, problems) {
 		].join("\n"));
 		return;
 	}
-	const typecheckProject = parseProject$1(config, typecheckConfigPath);
+	const typecheckProject = parseProject$1(config, typecheckConfigPath, dtsProject.extensions);
 	for (const optionName of comparableTypecheckOptions) {
 		const buildValue = dtsProject.options[optionName];
 		const typecheckValue = typecheckProject.options[optionName];
@@ -224,9 +224,9 @@ function addWorkspaceReferenceDependencyProblems(config, project, projectsByPath
 	}
 }
 async function runGraphCheckInternal(config, options = {}) {
-	const graphRoute = collectGraphProjectRoute(config);
-	const projectPaths = graphRoute.projectPaths;
-	const projects = projectPaths.map((projectPath) => parseProject$1(config, projectPath));
+	const graphRoute = collectSourceGraphProjectExtensions(config);
+	const projectPaths = [...graphRoute.projectExtensionsByPath.keys()].sort();
+	const projects = projectPaths.map((projectPath) => parseProject$1(config, projectPath, graphRoute.projectExtensionsByPath.get(projectPath)));
 	const projectsByPath = new Map(projects.map((project) => [project.configPath, project]));
 	const fileOwnerLookup = createFileOwnerLookup$1(projects);
 	const packages = await collectWorkspacePackages(config);
@@ -255,7 +255,7 @@ async function runGraphCheckInternal(config, options = {}) {
 			rules: graphRules
 		});
 		addWorkspaceReferenceDependencyProblems(config, project, projectsByPath, packages, importers, problems);
-		for (const filePath of project.fileNames) for (const importRecord of collectImportsFromFile$1(filePath)) {
+		for (const filePath of project.fileNames) for (const importRecord of collectImportsFromFile$1(filePath, config.rootDir)) {
 			const rawDeniedDepRule = getDeniedDepRuleForSpecifier(graphRules, project.label, importRecord.specifier);
 			if (rawDeniedDepRule) {
 				addDeniedDepImportProblem({
@@ -267,7 +267,7 @@ async function runGraphCheckInternal(config, options = {}) {
 				});
 				continue;
 			}
-			const resolvedFilePath = resolveInternalImport$1(importRecord.specifier, filePath, project.options);
+			const resolvedFilePath = resolveInternalImport$1(importRecord.specifier, filePath, project.options, project.extensions);
 			const targetPackage = findPackageForSpecifier(importRecord.specifier, packages);
 			const importer = findImporterForFile$1(importRecord.filePath, importers);
 			if (!resolvedFilePath) {
@@ -422,6 +422,362 @@ async function runGraphCheck(config, options = {}) {
 	}
 }
 
+//#endregion
+//#region src/package-release-consistency.ts
+var PackageReleaseConsistencyError = class extends Error {
+	name = "PackageReleaseConsistencyError";
+};
+const semver = createRequire(import.meta.url)("semver");
+function isRecord$1(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isLinkDependencySpecifier(specifier) {
+	return specifier.startsWith("link:");
+}
+function createReleaseConsistencyState() {
+	return {
+		directWorkspaceDependencies: [],
+		edges: /* @__PURE__ */ new Map(),
+		missingWorkspaceDependencies: [],
+		packedManifestProblems: [],
+		privateWorkspaceDependencies: [],
+		registryMetadataCache: /* @__PURE__ */ new Map(),
+		registryProblems: [],
+		sourceLinkDependencies: [],
+		unpublishedPackageNames: /* @__PURE__ */ new Set(),
+		visitedPackages: /* @__PURE__ */ new Set()
+	};
+}
+function collectPublishDependencyEntries(manifest) {
+	const entries = [];
+	for (const { dependencies, name } of getPublishDependencySections(manifest)) for (const [dependencyName, specifier] of Object.entries(dependencies)) entries.push({
+		dependencyName,
+		sectionName: name,
+		specifier
+	});
+	return entries;
+}
+function addEdge(edges, importerName, dependencyName) {
+	const dependencies = edges.get(importerName) ?? /* @__PURE__ */ new Set();
+	dependencies.add(dependencyName);
+	edges.set(importerName, dependencies);
+}
+function formatDependencyLocation(problem) {
+	const dependency = problem.dependencyName ? ` -> ${problem.dependencyName}` : "";
+	const section = problem.sectionName ? ` [${problem.sectionName}]` : "";
+	const specifier = problem.specifier ? ` (${problem.specifier})` : "";
+	return `${problem.importerName}${dependency}${section}${specifier}`;
+}
+function formatProblemLines(title, problems) {
+	if (problems.length === 0) return [];
+	return [
+		"",
+		title,
+		...problems.map((problem) => `  - ${formatDependencyLocation(problem)}: ${problem.message}`)
+	];
+}
+function getPackedDependencySpecifier(manifest, dependencyName) {
+	for (const { dependencies } of getPublishDependencySections(manifest)) {
+		const specifier = dependencies[dependencyName];
+		if (specifier) return specifier;
+	}
+}
+function getNpmPackageMetadataUrl(packageName) {
+	return `https://registry.npmjs.org/${encodeURIComponent(packageName)}`;
+}
+async function fetchRegistryPackageMetadata(packageName, state) {
+	if (state.registryMetadataCache.has(packageName)) return state.registryMetadataCache.get(packageName) ?? null;
+	const response = await fetch(getNpmPackageMetadataUrl(packageName), { headers: { accept: "application/vnd.npm.install-v1+json, application/json" } });
+	if (!response.ok) {
+		state.registryMetadataCache.set(packageName, null);
+		return null;
+	}
+	const metadata = await response.json();
+	const registryMetadata = isRecord$1(metadata) ? metadata : null;
+	state.registryMetadataCache.set(packageName, registryMetadata);
+	return registryMetadata;
+}
+function findRegistryVersionMetadata(metadata, version) {
+	if (!isRecord$1(metadata.versions)) return null;
+	const versionMetadata = metadata.versions[version];
+	return isRecord$1(versionMetadata) ? versionMetadata : null;
+}
+function execGitCommand(config, args) {
+	return new Promise((resolve, reject) => {
+		execFile("git", [
+			"-C",
+			config.rootDir,
+			...args
+		], {
+			encoding: "utf8",
+			maxBuffer: 10 * 1024 * 1024
+		}, (error, stdout) => {
+			if (error) {
+				reject(error);
+				return;
+			}
+			resolve(stdout);
+		});
+	});
+}
+async function hasWorkspacePackageChangesSinceGitHead(options) {
+	const relativeDirectory = toRelativePath(options.config.rootDir, options.workspacePackage.directory);
+	try {
+		await execGitCommand(options.config, [
+			"diff",
+			"--quiet",
+			options.gitHead,
+			"--",
+			relativeDirectory
+		]);
+	} catch (error) {
+		if (isRecord$1(error) && error.code === 1) return true;
+		throw error;
+	}
+	return (await execGitCommand(options.config, [
+		"ls-files",
+		"--others",
+		"--exclude-standard",
+		"--",
+		relativeDirectory
+	])).trim().length > 0;
+}
+async function verifyWorkspacePackagePublished(options) {
+	const { state, workspacePackage } = options;
+	const version = workspacePackage.manifest.version;
+	if (!version || !semver.valid(version)) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: ["workspace package must declare a valid semver version", "before another publishable package can depend on it"].join(" "),
+			packageName: workspacePackage.name
+		});
+		return;
+	}
+	let metadata;
+	try {
+		metadata = await fetchRegistryPackageMetadata(workspacePackage.name, state);
+	} catch (error) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: [`unable to read npm registry metadata for ${workspacePackage.name}@${version}:`, formatErrorMessage$1(error)].join(" "),
+			packageName: workspacePackage.name
+		});
+		return;
+	}
+	if (!metadata) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: `${workspacePackage.name}@${version} is not published to the npm registry`,
+			packageName: workspacePackage.name
+		});
+		return;
+	}
+	const versionMetadata = findRegistryVersionMetadata(metadata, version);
+	if (!versionMetadata) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: `${workspacePackage.name}@${version} is not published to the npm registry`,
+			packageName: workspacePackage.name
+		});
+		return;
+	}
+	if (typeof versionMetadata.gitHead !== "string" || versionMetadata.gitHead.trim().length === 0) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: [`${workspacePackage.name}@${version} registry metadata has no gitHead,`, "so limina cannot prove the published source baseline"].join(" "),
+			packageName: workspacePackage.name
+		});
+		return;
+	}
+	let hasChanges;
+	try {
+		hasChanges = await hasWorkspacePackageChangesSinceGitHead({
+			config: options.config,
+			gitHead: versionMetadata.gitHead,
+			workspacePackage
+		});
+	} catch (error) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: [
+				`unable to compare ${workspacePackage.name}@${version}`,
+				`against published gitHead ${versionMetadata.gitHead}:`,
+				formatErrorMessage$1(error)
+			].join(" "),
+			packageName: workspacePackage.name
+		});
+		return;
+	}
+	if (hasChanges) {
+		state.unpublishedPackageNames.add(workspacePackage.name);
+		state.registryProblems.push({
+			importerName: workspacePackage.name,
+			message: [`${workspacePackage.name}@${version} has workspace changes`, `after the published npm registry gitHead ${versionMetadata.gitHead}`].join(" "),
+			packageName: workspacePackage.name
+		});
+	}
+}
+async function visitWorkspacePackageDependencies(options) {
+	const { config, importerName, isRoot, manifest, state, workspacePackagesByName } = options;
+	for (const entry of collectPublishDependencyEntries(manifest)) {
+		if (isLinkDependencySpecifier(entry.specifier)) {
+			state.sourceLinkDependencies.push({
+				dependencyName: entry.dependencyName,
+				importerName,
+				message: "publishable dependency sections must not use link:",
+				sectionName: entry.sectionName,
+				specifier: entry.specifier
+			});
+			continue;
+		}
+		if (!isWorkspaceDependencySpecifier(entry.specifier)) continue;
+		const targetPackage = workspacePackagesByName.get(entry.dependencyName);
+		if (!targetPackage) {
+			state.missingWorkspaceDependencies.push({
+				dependencyName: entry.dependencyName,
+				importerName,
+				message: "workspace: publish dependency does not match a named workspace package",
+				sectionName: entry.sectionName,
+				specifier: entry.specifier
+			});
+			continue;
+		}
+		addEdge(state.edges, importerName, targetPackage.name);
+		if (isRoot) state.directWorkspaceDependencies.push({
+			dependencyName: entry.dependencyName,
+			sectionName: entry.sectionName,
+			targetPackage
+		});
+		if (targetPackage.manifest.private === true) {
+			state.privateWorkspaceDependencies.push({
+				dependencyName: entry.dependencyName,
+				importerName,
+				message: "publishable packages cannot depend on a private workspace package",
+				packageName: targetPackage.name,
+				sectionName: entry.sectionName,
+				specifier: entry.specifier
+			});
+			continue;
+		}
+		if (!state.visitedPackages.has(targetPackage.name)) {
+			state.visitedPackages.add(targetPackage.name);
+			await verifyWorkspacePackagePublished({
+				config,
+				state,
+				workspacePackage: targetPackage
+			});
+			await visitWorkspacePackageDependencies({
+				config,
+				importerName: targetPackage.name,
+				isRoot: false,
+				manifest: targetPackage.manifest,
+				state,
+				workspacePackagesByName
+			});
+		}
+	}
+}
+async function readPackedPackageJson(tarball) {
+	const unpacked = await unpack(tarball);
+	const packageJsonFile = unpacked.files.find((file) => file.name === `${unpacked.rootDir}/package.json`);
+	if (!packageJsonFile) throw new Error("packed tarball does not contain package.json");
+	return JSON.parse(Buffer.from(packageJsonFile.data).toString("utf8"));
+}
+function validatePackedManifest(options) {
+	const { manifest, rootPackageName, state } = options;
+	for (const entry of collectPublishDependencyEntries(manifest)) if (isWorkspaceDependencySpecifier(entry.specifier) || isLinkDependencySpecifier(entry.specifier)) state.packedManifestProblems.push({
+		dependencyName: entry.dependencyName,
+		importerName: rootPackageName,
+		message: "packed package manifest must not expose workspace: or link: dependency specifiers",
+		sectionName: entry.sectionName,
+		specifier: entry.specifier
+	});
+	for (const dependency of state.directWorkspaceDependencies) {
+		const packedSpecifier = getPackedDependencySpecifier(manifest, dependency.dependencyName);
+		if (!packedSpecifier) {
+			state.packedManifestProblems.push({
+				dependencyName: dependency.dependencyName,
+				importerName: rootPackageName,
+				message: "packed package manifest must keep every source workspace publish dependency",
+				sectionName: dependency.sectionName
+			});
+			continue;
+		}
+		if (isWorkspaceDependencySpecifier(packedSpecifier) || isLinkDependencySpecifier(packedSpecifier)) continue;
+		const targetVersion = dependency.targetPackage.manifest.version;
+		if (!targetVersion || !semver.satisfies(targetVersion, packedSpecifier, { includePrerelease: true })) state.packedManifestProblems.push({
+			dependencyName: dependency.dependencyName,
+			importerName: rootPackageName,
+			message: `packed dependency range must include ${dependency.targetPackage.name}@${targetVersion ?? "(missing version)"}`,
+			sectionName: dependency.sectionName,
+			specifier: packedSpecifier
+		});
+	}
+}
+function createPublishOrder(rootPackageName, state) {
+	const publishOrder = [];
+	const seen = /* @__PURE__ */ new Set();
+	function visit(packageName) {
+		if (seen.has(packageName)) return;
+		seen.add(packageName);
+		for (const dependencyName of state.edges.get(packageName) ?? []) visit(dependencyName);
+		if (packageName === rootPackageName || state.unpublishedPackageNames.has(packageName)) publishOrder.push(packageName);
+	}
+	visit(rootPackageName);
+	return publishOrder;
+}
+function createReleaseConsistencyError(options) {
+	const { config, label, outDir, rootPackageName, state } = options;
+	if (state.sourceLinkDependencies.length + state.privateWorkspaceDependencies.length + state.missingWorkspaceDependencies.length + state.registryProblems.length + state.packedManifestProblems.length === 0) return null;
+	const publishOrder = createPublishOrder(rootPackageName, state);
+	const lines = [
+		`package release dependency consistency failed for ${label}:`,
+		`  output: ${toRelativePath(config.rootDir, outDir)}`,
+		...formatProblemLines("Source manifest contains local link: publish dependencies:", state.sourceLinkDependencies),
+		...formatProblemLines("Source manifest depends on private workspace packages:", state.privateWorkspaceDependencies),
+		...formatProblemLines("Source manifest has invalid workspace: publish dependencies:", state.missingWorkspaceDependencies),
+		...formatProblemLines("Workspace packages must be published before this package:", state.registryProblems),
+		...formatProblemLines("Packed package manifest is inconsistent with workspace publish dependencies:", state.packedManifestProblems)
+	];
+	if (publishOrder.length > 1) lines.push("", `Suggested publish order: ${publishOrder.join(" -> ")}`);
+	return new PackageReleaseConsistencyError(lines.join("\n"));
+}
+async function assertPackageReleaseConsistency(options) {
+	const workspacePackages = await collectWorkspacePackages(options.config);
+	const sourcePackage = workspacePackages.find((workspacePackage) => workspacePackage.name === options.outputManifest.name);
+	const state = createReleaseConsistencyState();
+	if (sourcePackage) {
+		state.visitedPackages.add(sourcePackage.name);
+		await visitWorkspacePackageDependencies({
+			config: options.config,
+			importerName: sourcePackage.name,
+			isRoot: true,
+			manifest: sourcePackage.manifest,
+			state,
+			workspacePackagesByName: new Map(workspacePackages.map((workspacePackage) => [workspacePackage.name, workspacePackage]))
+		});
+	}
+	validatePackedManifest({
+		manifest: await readPackedPackageJson(options.packedTarball),
+		rootPackageName: options.outputManifest.name,
+		state
+	});
+	const error = createReleaseConsistencyError({
+		config: options.config,
+		label: options.label,
+		outDir: options.outDir,
+		rootPackageName: options.outputManifest.name,
+		state
+	});
+	if (error) throw error;
+}
+
 //#endregion
 //#region src/commands/package.ts
 const DEFAULT_PACKAGE_CHECKS = [
@@ -666,13 +1022,14 @@ async function readDistPackageJson(options) {
 	return JSON.parse(await readFile(options.packageJsonPath, "utf8"));
 }
 async function assertPublicPackageMetadata(options) {
-	if ((await readDistPackageJson({
+	const manifest = await readDistPackageJson({
 		config: options.config,
 		label: options.label,
 		packageJsonPath: options.packageJsonPath
-	})).private === true) return;
+	});
+	if (manifest.private === true) return manifest;
 	const missingFiles = REQUIRED_PUBLIC_PACKAGE_FILES.filter((fileName) => !existsSync(path.join(options.outDir, fileName)));
-	if (missingFiles.length === 0) return;
+	if (missingFiles.length === 0) return manifest;
 	throw new Error(`publishable package output for ${options.label} at ${toRelativePath(options.config.rootDir, options.outDir)} is missing required file(s): ${missingFiles.join(", ")}. Add them to the built output or set "private": true in the output package.json.`);
 }
 async function runPublintCheck(options) {
@@ -755,13 +1112,13 @@ async function runPackageCheckTarget(options) {
 	const task = options.flow?.start(`package target: ${label}`, { depth: options.flowDepth ?? 0 });
 	let packedDist;
 	try {
-		await assertPublicPackageMetadata({
+		const outputManifest = await assertPublicPackageMetadata({
 			config: options.config,
 			label,
 			outDir: target.outDir,
 			packageJsonPath: outputPackageJsonPath
 		});
-		if (options.checks.includes("publint") || options.checks.includes("attw")) {
+		if (outputManifest.private !== true || options.checks.includes("publint") || options.checks.includes("attw")) {
 			const packTask = options.flow?.start(`package tarball: ${label}`, { depth: (options.flowDepth ?? 0) + 1 });
 			PackageLogger.info(`package tarball packing started: ${label}`);
 			const packElapsed = createElapsedTimer();
@@ -775,6 +1132,20 @@ async function runPackageCheckTarget(options) {
 			if (!options.flow?.interactive) PackageLogger.success(`package tarball packed: ${label}`, packElapsed());
 			packTask?.pass();
 		}
+		if (outputManifest.private !== true) try {
+			await assertPackageReleaseConsistency({
+				config: options.config,
+				label,
+				outDir: target.outDir,
+				outputManifest,
+				packedTarball: packedDist.tarball
+			});
+		} catch (error) {
+			if (!(error instanceof PackageReleaseConsistencyError)) throw error;
+			PackageLogger.error(formatErrorMessage$1(error));
+			task?.fail(`package checks failed: ${label}`);
+			return false;
+		}
 		let passed = true;
 		if (options.checks.includes("publint")) passed = await runPublintCheck({
 			flow: options.flow,
@@ -1444,6 +1815,14 @@ const ignoredSemanticCompilerOptions = new Set([
 	"sourceRoot",
 	"tsBuildInfoFile"
 ]);
+const typeScriptCheckerExtensions = getCheckerAdapter("tsc")?.defaultExtensions ?? [];
+function getFirstClassCoverageExtensions(extensions) {
+	return normalizeExtensions([...typeScriptCheckerExtensions, ...extensions]);
+}
+function getCheckerCoverageExtensions(checker) {
+	if (!getCheckerAdapter(checker.preset)?.sourceGraph) return checker.extensions;
+	return getFirstClassCoverageExtensions(checker.extensions);
+}
 async function collectTsconfigPaths(config, pattern) {
 	return (await glob(pattern, {
 		cwd: config.rootDir,
@@ -1605,24 +1984,19 @@ function addCoverage(coverageByFile, filePath, source) {
 }
 function collectCoverage(options) {
 	const coverageByFile = /* @__PURE__ */ new Map();
-	const proofFilePattern = createExtensionPattern(getActiveCheckerExtensions(options.config));
-	const typeScriptChecker = getActiveCheckers(options.config).find((checker) => checker.preset === "tsc");
-	for (const graphProjectPath of options.graphProjectPaths) for (const filePath of parseProjectFileNames(options.config, graphProjectPath, proofFilePattern)) {
+	for (const route of options.graphRoutes) for (const graphProjectPath of route.projectPaths) for (const filePath of parseProjectFileNamesForExtensions(options.config, graphProjectPath, getFirstClassCoverageExtensions(route.extensions))) {
 		if (!options.sourceFiles.has(filePath)) continue;
 		addCoverage(coverageByFile, filePath, {
 			label: toRelativePath(options.config.rootDir, graphProjectPath),
 			type: "graph"
 		});
 	}
-	for (const checkerTarget of options.checkerTargets) {
-		const checkerExtensions = [...typeScriptChecker?.extensions ?? [], ...checkerTarget.checker.extensions];
-		for (const configPath of checkerTarget.coverageConfigPaths) for (const filePath of parseProjectFileNamesForExtensions(options.config, configPath, checkerExtensions)) {
-			if (!options.sourceFiles.has(filePath)) continue;
-			addCoverage(coverageByFile, filePath, {
-				label: `${toRelativePath(options.config.rootDir, configPath)} via ${checkerTarget.label}`,
-				type: "checker"
-			});
-		}
+	for (const checkerTarget of options.checkerTargets) for (const configPath of checkerTarget.coverageConfigPaths) for (const filePath of parseProjectFileNamesForExtensions(options.config, configPath, getCheckerCoverageExtensions(checkerTarget.checker))) {
+		if (!options.sourceFiles.has(filePath)) continue;
+		addCoverage(coverageByFile, filePath, {
+			label: `${toRelativePath(options.config.rootDir, configPath)} via ${checkerTarget.label}`,
+			type: "checker"
+		});
 	}
 	if (options.includeAllowlist !== false) for (const entry of options.allowlistEntries) {
 		if (!options.sourceFiles.has(entry.filePath)) continue;
@@ -1633,15 +2007,19 @@ function collectCoverage(options) {
 	}
 	return coverageByFile;
 }
-function parseConfig(config, configPath) {
+function collectProjectExtensionsByPath(routes) {
+	const projectExtensionsByPath = /* @__PURE__ */ new Map();
+	for (const route of routes) for (const projectPath of route.projectPaths) {
+		const extensions = new Set([...projectExtensionsByPath.get(projectPath) ?? [], ...route.extensions]);
+		projectExtensionsByPath.set(projectPath, [...extensions].sort());
+	}
+	return projectExtensionsByPath;
+}
+function parseConfig(config, configPath, extensions = []) {
 	const diagnostics = [];
-	const parsed = ts.getParsedCommandLineOfConfigFile(configPath, {}, {
-		...ts.sys,
-		onUnRecoverableConfigFileDiagnostic: (diagnostic) => {
-			diagnostics.push(diagnostic);
-		}
-	});
-	if (!parsed) throw new Error(ts.formatDiagnosticsWithColorAndContext(diagnostics, createFormatHost(config.rootDir)));
+	const configObject = readJsonConfig(config, configPath);
+	const parsed = ts.parseJsonConfigFileContent(configObject, ts.sys, path.dirname(configPath), {}, configPath, void 0, createExtraFileExtensions(extensions));
+	if (diagnostics.length > 0) throw new Error(ts.formatDiagnosticsWithColorAndContext(diagnostics, createFormatHost(config.rootDir)));
 	if (parsed.errors.length > 0) throw new Error(ts.formatDiagnosticsWithColorAndContext(parsed.errors, createFormatHost(config.rootDir)));
 	return {
 		fileNames: parsed.fileNames.map(normalizeAbsolutePath).sort(),
@@ -1704,8 +2082,9 @@ function addDtsConfigProblems(options) {
 			].join("\n"));
 			continue;
 		}
-		const dtsConfig = parseConfig(options.config, configPath);
-		const localConfig = parseConfig(options.config, localConfigPath);
+		const extensions = options.projectExtensionsByPath.get(configPath) ?? [];
+		const dtsConfig = parseConfig(options.config, configPath, extensions);
+		const localConfig = parseConfig(options.config, localConfigPath, extensions);
 		if (dtsConfig.options.composite !== true) options.problems.push([
 			"DTS config is not valid for tsc -b:",
 			`  config: ${toRelativePath(options.config.rootDir, configPath)}`,
@@ -1846,12 +2225,11 @@ function addDefaultTsconfigEnvironmentProblems(options) {
 		].join("\n"));
 	}
 }
-function collectConfigFileOwners(config, configPaths, sourceFiles) {
+function collectConfigFileOwners(config, graphRoutes, sourceFiles) {
 	const ownersByFile = /* @__PURE__ */ new Map();
-	const proofFilePattern = createExtensionPattern(getActiveCheckerExtensions(config));
-	for (const configPath of configPaths) {
+	for (const route of graphRoutes) for (const configPath of route.projectPaths) {
 		if (!existsSync(configPath)) continue;
-		for (const filePath of parseProjectFileNames(config, configPath, proofFilePattern)) {
+		for (const filePath of parseProjectFileNamesForExtensions(config, configPath, route.extensions)) {
 			if (!sourceFiles.has(filePath)) continue;
 			const owners = ownersByFile.get(filePath) ?? [];
 			owners.push(configPath);
@@ -1873,19 +2251,6 @@ function addDuplicateGraphCoverageProblems(options) {
 		].join("\n"));
 	}
 }
-function addDuplicateGraphOwnerProblems(options) {
-	for (const [configPath, ownerCheckerNames] of options.graphOwnersByConfigPath.entries()) {
-		const uniqueOwnerCheckerNames = [...new Set(ownerCheckerNames)].sort();
-		if (uniqueOwnerCheckerNames.length <= 1) continue;
-		options.problems.push([
-			"Duplicate checker graph declaration owner:",
-			`  config: ${toRelativePath(options.config.rootDir, configPath)}`,
-			"  owned by:",
-			...uniqueOwnerCheckerNames.map((checkerName) => `    - ${checkerName}`),
-			"  reason: each tsconfig*.dts.json must be reached by exactly one graph-capable checker entry."
-		].join("\n"));
-	}
-}
 function addAllowlistProblems(options) {
 	for (const entry of options.allowlistEntries) {
 		if (!existsSync(entry.filePath)) {
@@ -1913,34 +2278,25 @@ function addUncoveredSourceProblems(options) {
 		"  reason: every file in config.source must be covered by a checker entry or an explicit allowlist entry."
 	].filter(Boolean).join("\n"));
 }
-function addGraphOwner(ownersByConfigPath, configPath, checkerName) {
-	const owners = ownersByConfigPath.get(configPath) ?? [];
-	owners.push(checkerName);
-	ownersByConfigPath.set(configPath, owners);
-}
 async function runProofCheckInternal(config, options = {}) {
 	const problems = [];
 	const graphRouteCollection = collectGraphProjectRoutes(config);
 	const entryRouteCollection = collectCheckerEntryProjectRoutes(config);
-	const graphProjectPaths = [...new Set(graphRouteCollection.routes.flatMap((route) => route.projectPaths))].sort();
 	const entryProjectPaths = [...new Set(entryRouteCollection.routes.flatMap((route) => route.projectPaths))].sort();
 	const entryProjectPathSet = new Set(entryProjectPaths);
+	const entryProjectExtensionsByPath = collectProjectExtensionsByPath(entryRouteCollection.routes);
 	const dtsConfigPaths = await collectDtsConfigPaths(config);
 	const buildGraphConfigPaths = await collectBuildGraphConfigPaths(config);
 	const defaultTsconfigPaths = await collectDefaultTsconfigPaths(config);
 	const ordinaryTypecheckConfigPaths = await collectOrdinaryTypecheckConfigPaths(config);
-	const graphOwnersByConfigPath = /* @__PURE__ */ new Map();
 	problems.push(...graphRouteCollection.problems);
 	problems.push(...entryRouteCollection.problems);
-	for (const route of graphRouteCollection.routes) for (const projectPath of route.projectPaths) {
-		if (!isDtsConfigPath(projectPath)) continue;
-		addGraphOwner(graphOwnersByConfigPath, projectPath, route.checkerName);
-	}
 	addDtsConfigProblems({
 		config,
 		dtsConfigPaths,
 		graphProjectPaths: entryProjectPathSet,
-		problems
+		problems,
+		projectExtensionsByPath: entryProjectExtensionsByPath
 	});
 	addBuildGraphConfigProblems({
 		buildGraphConfigPaths,
@@ -1957,11 +2313,6 @@ async function runProofCheckInternal(config, options = {}) {
 		ordinaryConfigPaths: ordinaryTypecheckConfigPaths,
 		problems
 	});
-	addDuplicateGraphOwnerProblems({
-		config,
-		graphOwnersByConfigPath,
-		problems
-	});
 	if (problems.length > 0) {
 		ProofLogger.error(problems.join("\n\n"));
 		return false;
@@ -1981,7 +2332,7 @@ async function runProofCheckInternal(config, options = {}) {
 		allowlistEntries,
 		checkerTargets,
 		config,
-		graphProjectPaths,
+		graphRoutes: graphRouteCollection.routes,
 		includeAllowlist: false,
 		sourceFiles
 	});
@@ -1989,12 +2340,12 @@ async function runProofCheckInternal(config, options = {}) {
 		allowlistEntries,
 		checkerTargets,
 		config,
-		graphProjectPaths,
+		graphRoutes: graphRouteCollection.routes,
 		sourceFiles
 	});
 	addDuplicateGraphCoverageProblems({
 		config,
-		ownersByFile: collectConfigFileOwners(config, graphProjectPaths, sourceFiles),
+		ownersByFile: collectConfigFileOwners(config, graphRouteCollection.routes, sourceFiles),
 		problems
 	});
 	addAllowlistProblems({
@@ -2061,8 +2412,26 @@ const defaultCheckPipeline = [
 	"graph:check",
 	"source:check",
 	"proof:check",
+	"checker:build",
 	"checker:typecheck"
 ];
+function reportCheckerCapabilities(config, flow) {
+	if (!flow) return;
+	const firstClass = [];
+	const sourceOnly = [];
+	for (const checker of getActiveCheckers(config)) {
+		const adapter = getCheckerAdapter(checker.preset);
+		const label = `${checker.name} (${checker.preset})`;
+		if (adapter?.tier === "first-class") firstClass.push(label);
+		else if (adapter?.tier === "source-only") sourceOnly.push(label);
+	}
+	flow.info([
+		"checker capability summary:",
+		`  first-class: ${firstClass.length > 0 ? firstClass.join(", ") : "(none)"}`,
+		`  source-only: ${sourceOnly.length > 0 ? sourceOnly.join(", ") : "(none)"}`,
+		...sourceOnly.length > 0 ? ["  note: source-only checkers get coverage proof and direct typecheck, but Limina does not parse their internal import graph."] : []
+	].join("\n"), { depth: 1 });
+}
 function isBuiltinTaskName(value) {
 	return builtInTaskNames.has(value);
 }
@@ -2191,6 +2560,7 @@ async function runPipeline(config, pipelineName, options = {}) {
 async function runDefaultCheck(config, options = {}) {
 	const normalizedSteps = defaultCheckPipeline.map(normalizePipelineStep);
 	const pipelineTask = options.flow?.start("default check", { collapseOnSuccess: false });
+	reportCheckerCapabilities(config, options.flow);
 	for (const [stepIndex, step] of normalizedSteps.entries()) if (!(step.type === "task" ? await runBuiltinTask(config, step.name, options) : await runCommandStep(config, step, options))) {
 		const label = getPipelineStepLabel(step);
 		pipelineTask?.fail(`default check blocked at ${label}`);
@@ -2221,12 +2591,6 @@ function parsePackageAttwProfile(profile) {
 	if (profile === "strict" || profile === "node16" || profile === "esm-only") return profile;
 	throw new Error(`Invalid package check --attw-profile "${profile}". Expected one of: strict, node16, esm-only.`);
 }
-function parseConcurrency(value) {
-	if (value === void 0) return;
-	const parsed = Number(value);
-	if (!Number.isInteger(parsed) || parsed < 1) throw new Error("Invalid --concurrency value. Expected a positive integer.");
-	return parsed;
-}
 function createCliFlow() {
 	clearCliScreen();
 	return createLiminaFlowReporter();
@@ -2306,8 +2670,8 @@ async function main() {
 		if (!passed) process.exitCode = 1;
 		flow.outro(passed ? "limina source passed" : "limina source failed");
 	});
-	cli.command("checker <action>", "Run configured checker typecheck or build entries").option("--concurrency <n>", "Maximum concurrent checker processes").action(async (action, flags) => {
-		if (action !== "typecheck" && action !== "build") throw new Error(`Unknown checker action "${action}". Expected typecheck or build.`);
+	cli.command("checker <action>", "Run configured checker build or typecheck entries").action(async (action, flags) => {
+		if (action !== "typecheck" && action !== "build") throw new Error(`Unknown checker action "${action}". Expected build or typecheck.`);
 		const flow = createCliFlow();
 		flow.intro(`limina checker ${action}`);
 		if (action === "build") {
@@ -2324,7 +2688,6 @@ async function main() {
 		const result = await runCheckerTypecheck({
 			clearScreen: false,
 			config: await load(flags, "check"),
-			concurrency: parseConcurrency(flags.concurrency),
 			cwd: process.cwd(),
 			flow
 		});