martin-loop 0.1.4 → 1.3.0

package/dist/vendor/core/cost/tagged-cost.js

@@ -0,0 +1,55 @@
+// SLICE-17 — Per-run cost attribution by tag
+// Groups cost ledger entries by arbitrary key-value tags for chargeback reporting.
+/**
+ * Groups cost entries by the value of a specific tag key.
+ * Entries missing the tag key are grouped under "(untagged)".
+ * Results are sorted descending by totalUsd.
+ */
+export function aggregateCostsByTag(entries, tagKey) {
+    const groups = new Map();
+    for (const entry of entries) {
+        const tagValue = entry.tags[tagKey] ?? "(untagged)";
+        const existing = groups.get(tagValue);
+        if (existing) {
+            existing.push(entry);
+        }
+        else {
+            groups.set(tagValue, [entry]);
+        }
+    }
+    const summaries = [];
+    for (const [value, groupEntries] of groups) {
+        const totalUsd = groupEntries.reduce((sum, e) => sum + e.totalUsd, 0);
+        summaries.push({
+            tag: tagKey,
+            value,
+            totalUsd,
+            runCount: groupEntries.length,
+            entries: groupEntries
+        });
+    }
+    // Sort descending by totalUsd
+    summaries.sort((a, b) => b.totalUsd - a.totalUsd);
+    return summaries;
+}
+/**
+ * Formats a list of TaggedCostSummary objects as a plain-text table.
+ * Columns: tag value | runs | total USD
+ * Sorted descending by totalUsd (aggregateCostsByTag already sorts).
+ */
+export function formatCostReport(summaries) {
+    if (summaries.length === 0) {
+        return "No cost data available.";
+    }
+    const tagKey = summaries[0].tag;
+    const header = `${tagKey.padEnd(30)} | ${"runs".padStart(6)} | ${"total USD".padStart(10)}`;
+    const separator = "-".repeat(header.length);
+    const rows = summaries.map((s) => {
+        const value = s.value.padEnd(30);
+        const runs = String(s.runCount).padStart(6);
+        const cost = `$${s.totalUsd.toFixed(4)}`.padStart(10);
+        return `${value} | ${runs} | ${cost}`;
+    });
+    return [header, separator, ...rows].join("\n");
+}
+//# sourceMappingURL=tagged-cost.js.map

package/dist/vendor/core/cost-governor.d.ts

@@ -0,0 +1,2 @@
+import type { CostGovernorInput, CostGovernorState } from "./types.js";
+export declare function evaluateCostGovernor(input: CostGovernorInput): CostGovernorState;

package/dist/vendor/core/cost-governor.js

@@ -0,0 +1,50 @@
+export function evaluateCostGovernor(input) {
+    const totalTokens = input.cost.tokensIn + input.cost.tokensOut;
+    const projectedUsd = input.cost.actualUsd + (input.projectedUsage?.actualUsd ?? 0);
+    const projectedTokens = totalTokens +
+        (input.projectedUsage?.tokensIn ?? 0) +
+        (input.projectedUsage?.tokensOut ?? 0);
+    const remainingBudgetUsd = clamp(input.budget.maxUsd - input.cost.actualUsd);
+    const remainingIterations = Math.max(0, input.budget.maxIterations - input.attemptsUsed);
+    const remainingTokens = Math.max(0, input.budget.maxTokens - totalTokens);
+    const hardLimitReached = input.cost.actualUsd >= input.budget.maxUsd ||
+        projectedUsd > input.budget.maxUsd ||
+        totalTokens >= input.budget.maxTokens ||
+        projectedTokens > input.budget.maxTokens ||
+        input.attemptsUsed >= input.budget.maxIterations;
+    if (hardLimitReached) {
+        return {
+            pressure: "hard_limit",
+            shouldStop: true,
+            remainingBudgetUsd,
+            remainingIterations,
+            remainingTokens,
+            recommendedIntervention: "stop_loop"
+        };
+    }
+    const softLimitReached = input.cost.actualUsd >= input.budget.softLimitUsd ||
+        projectedUsd >= input.budget.softLimitUsd ||
+        totalTokens >= input.budget.maxTokens * 0.75 ||
+        remainingIterations <= 1;
+    if (softLimitReached) {
+        return {
+            pressure: "soft_limit",
+            shouldStop: false,
+            remainingBudgetUsd,
+            remainingIterations,
+            remainingTokens,
+            recommendedIntervention: "compress_context"
+        };
+    }
+    return {
+        pressure: "healthy",
+        shouldStop: false,
+        remainingBudgetUsd,
+        remainingIterations,
+        remainingTokens
+    };
+}
+function clamp(value) {
+    return value < 0 ? 0 : Number(value.toFixed(4));
+}
+//# sourceMappingURL=cost-governor.js.map

package/dist/vendor/core/cve/cve-check.d.ts

@@ -0,0 +1,80 @@
+/**
+ * cve-check.ts — SLICE-22
+ *
+ * CVE-watch pre-execution hook.
+ *
+ * Before a patch is applied, scans the diff for any package.json changes that
+ * introduce or upgrade a dependency. Each new/upgraded package is checked against
+ * the OSV (Open Source Vulnerabilities) API.
+ *
+ * Blocking behavior (configurable via martin.policy.yaml):
+ *   cveCheck:
+ *     enabled: true           # default: true
+ *     blockSeverity: HIGH     # CRITICAL | HIGH | MEDIUM | LOW
+ *     failClosed: false       # true = block on API error (default: false = warn)
+ *
+ * The result is written to cve-check.json in the attempt artifacts directory.
+ */
+export type CveSeverity = "CRITICAL" | "HIGH" | "MEDIUM" | "LOW" | "UNKNOWN";
+export interface CveCheckPolicy {
+    enabled: boolean;
+    /** Block when any finding is at or above this severity. */
+    blockSeverity: CveSeverity;
+    /** When true, an OSV API error blocks the patch. Default false (fail-open). */
+    failClosed: boolean;
+}
+export interface PackageRef {
+    name: string;
+    version: string;
+    ecosystem: "npm" | "PyPI" | "crates.io" | "Go";
+}
+export interface CveFinding {
+    vulnerabilityId: string;
+    severity: CveSeverity;
+    packageName: string;
+    packageVersion: string;
+    summary?: string;
+}
+export interface CveCheckResult {
+    blocked: boolean;
+    /** Populated when blocked:true due to a CVE finding. */
+    reasonCode?: "cve_blocked" | "cve_api_error";
+    /** Human-readable explanation. */
+    reason?: string;
+    findings: CveFinding[];
+    /** Populated when the OSV call failed. */
+    apiError?: string;
+    /** true when cveCheck.enabled:false in policy. */
+    skipped?: boolean;
+    /** ISO timestamp of when the check ran. */
+    checkedAt: string;
+    /** Number of packages checked. */
+    checkedCount: number;
+}
+export interface OsvQueryResult {
+    results: Array<{
+        vulns?: Array<{
+            id: string;
+            summary?: string;
+            database_specific?: {
+                severity?: string;
+            };
+            severity?: Array<{
+                type: string;
+                score: string;
+            }>;
+        }>;
+    }>;
+}
+/**
+ * Extracts added/upgraded npm package name+version pairs from a unified diff.
+ *
+ * Looks for `+ "name": "version"` patterns on lines added within package.json hunks.
+ * Supports regular and scoped packages (@scope/name).
+ */
+export declare function parseDependencyChanges(diff: string): PackageRef[];
+export declare function checkCves(options: {
+    packages: PackageRef[];
+    policy: CveCheckPolicy;
+    fetchFn?: typeof fetch;
+}): Promise<CveCheckResult>;

package/dist/vendor/core/cve/cve-check.js

@@ -0,0 +1,172 @@
+/**
+ * cve-check.ts — SLICE-22
+ *
+ * CVE-watch pre-execution hook.
+ *
+ * Before a patch is applied, scans the diff for any package.json changes that
+ * introduce or upgrade a dependency. Each new/upgraded package is checked against
+ * the OSV (Open Source Vulnerabilities) API.
+ *
+ * Blocking behavior (configurable via martin.policy.yaml):
+ *   cveCheck:
+ *     enabled: true           # default: true
+ *     blockSeverity: HIGH     # CRITICAL | HIGH | MEDIUM | LOW
+ *     failClosed: false       # true = block on API error (default: false = warn)
+ *
+ * The result is written to cve-check.json in the attempt artifacts directory.
+ */
+// ---------------------------------------------------------------------------
+// Diff parsing
+// ---------------------------------------------------------------------------
+/**
+ * Extracts added/upgraded npm package name+version pairs from a unified diff.
+ *
+ * Looks for `+ "name": "version"` patterns on lines added within package.json hunks.
+ * Supports regular and scoped packages (@scope/name).
+ */
+export function parseDependencyChanges(diff) {
+    const found = [];
+    let inPackageJson = false;
+    for (const line of diff.split("\n")) {
+        // Track when we're inside a package.json diff block
+        if (line.startsWith("diff --git")) {
+            inPackageJson = /\bpackage\.json\b/.test(line);
+            continue;
+        }
+        if (!inPackageJson)
+            continue;
+        // Only look at added lines (+ prefix, not +++ header)
+        if (!line.startsWith("+") || line.startsWith("+++"))
+            continue;
+        const content = line.slice(1); // strip leading +
+        // Match: "name": "version" or "name": "^version" etc.
+        // Supports scoped packages like @scope/name
+        const match = content.match(/"(@?[\w/.-]+)":\s*"[~^]?([0-9][^"]*|latest|next)"/u);
+        if (match?.[1] && match[2]) {
+            const name = match[1];
+            const version = match[2].replace(/^[~^]/, "");
+            // Skip non-package keys that might look like packages
+            const SKIP_KEYS = new Set(["version", "main", "module", "types", "license", "description"]);
+            if (!SKIP_KEYS.has(name)) {
+                found.push({ name, version, ecosystem: "npm" });
+            }
+        }
+    }
+    return found;
+}
+// ---------------------------------------------------------------------------
+// OSV query
+// ---------------------------------------------------------------------------
+const OSV_BATCH_URL = "https://api.osv.dev/v1/querybatch";
+const SEVERITY_ORDER = ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
+function severityFromString(raw) {
+    const upper = (raw ?? "").toUpperCase();
+    if (upper === "CRITICAL")
+        return "CRITICAL";
+    if (upper === "HIGH")
+        return "HIGH";
+    if (upper === "MEDIUM")
+        return "MEDIUM";
+    if (upper === "LOW")
+        return "LOW";
+    return "UNKNOWN";
+}
+function isSeverityAtOrAbove(finding, threshold) {
+    const fi = SEVERITY_ORDER.indexOf(finding);
+    const ti = SEVERITY_ORDER.indexOf(threshold);
+    if (fi === -1 || ti === -1)
+        return false;
+    return fi >= ti;
+}
+// ---------------------------------------------------------------------------
+// Main entry point
+// ---------------------------------------------------------------------------
+export async function checkCves(options) {
+    const checkedAt = new Date().toISOString();
+    const { packages, policy, fetchFn = fetch } = options;
+    // Fast exit: disabled by policy
+    if (!policy.enabled) {
+        return { blocked: false, findings: [], skipped: true, checkedAt, checkedCount: 0 };
+    }
+    // Fast exit: nothing to check
+    if (packages.length === 0) {
+        return { blocked: false, findings: [], checkedAt, checkedCount: 0 };
+    }
+    // Build OSV batch request
+    const queries = packages.map((pkg) => ({
+        package: { name: pkg.name, ecosystem: "npm" },
+        version: pkg.version
+    }));
+    let osvData;
+    try {
+        const response = await fetchFn(OSV_BATCH_URL, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ queries }),
+            signal: AbortSignal.timeout(10_000)
+        });
+        if (!response.ok) {
+            throw new Error(`OSV API returned HTTP ${response.status}`);
+        }
+        osvData = (await response.json());
+    }
+    catch (err) {
+        const apiError = err instanceof Error ? err.message : String(err);
+        if (policy.failClosed) {
+            return {
+                blocked: true,
+                reasonCode: "cve_api_error",
+                reason: `CVE check failed: OSV API error (failClosed:true). Error: ${apiError}`,
+                findings: [],
+                apiError,
+                checkedAt,
+                checkedCount: packages.length
+            };
+        }
+        // Fail-open: warn but do not block
+        return {
+            blocked: false,
+            findings: [],
+            apiError,
+            reason: `CVE check skipped (OSV API unavailable, failClosed:false): ${apiError}`,
+            checkedAt,
+            checkedCount: packages.length
+        };
+    }
+    // Parse findings
+    const findings = [];
+    for (let i = 0; i < (osvData.results ?? []).length; i++) {
+        const pkg = packages[i];
+        const result = osvData.results[i];
+        for (const vuln of result?.vulns ?? []) {
+            const severity = severityFromString(vuln.database_specific?.severity);
+            findings.push({
+                vulnerabilityId: vuln.id,
+                severity,
+                packageName: pkg?.name ?? "unknown",
+                packageVersion: pkg?.version ?? "unknown",
+                summary: vuln.summary
+            });
+        }
+    }
+    // Apply threshold
+    const blockingFindings = findings.filter((f) => isSeverityAtOrAbove(f.severity, policy.blockSeverity));
+    if (blockingFindings.length > 0) {
+        const names = blockingFindings.map((f) => `${f.packageName}@${f.packageVersion} (${f.severity})`).join(", ");
+        return {
+            blocked: true,
+            reasonCode: "cve_blocked",
+            reason: `CVE check blocked patch: ${blockingFindings.length} ${policy.blockSeverity}+ advisory(ies) found: ${names}`,
+            findings,
+            checkedAt,
+            checkedCount: packages.length
+        };
+    }
+    return {
+        blocked: false,
+        findings,
+        checkedAt,
+        checkedCount: packages.length
+    };
+}
+//# sourceMappingURL=cve-check.js.map

package/dist/vendor/core/digital-twin/index.d.ts

@@ -0,0 +1,27 @@
+import type { ApprovalPolicy } from "../../contracts/index.js";
+export interface DigitalTwinSimulationInput {
+    scenarioId: string;
+    objective?: string;
+    changedFiles: string[];
+    verificationPlan: string[];
+    requestedSurfaces: string[];
+    allowedSurfaces: string[];
+    approvalPolicy?: ApprovalPolicy;
+    allowedPaths?: string[];
+    deniedPaths?: string[];
+    allowedNetworkDomains?: string[];
+    requiresHumanApproval?: boolean;
+}
+export interface DigitalTwinSimulationReport {
+    scenarioId: string;
+    riskTier: "low" | "medium" | "high" | "critical";
+    blastRadiusScore: number;
+    rollbackConfidence: number;
+    protectedSurfaceTouched: boolean;
+    requiresIndependentVerification: boolean;
+    recommendedAction: "proceed" | "require_review" | "block";
+    reasons: string[];
+    allowedClaimWording: string;
+    nonClaims: string[];
+}
+export declare function runDigitalTwinSimulation(input: DigitalTwinSimulationInput): DigitalTwinSimulationReport;

package/dist/vendor/core/digital-twin/index.js

@@ -0,0 +1,90 @@
+import { evaluateAutonomyEnvelopeV2 } from "../autonomy/envelope-v2.js";
+import { analyzeLoopSurface } from "../surface-signals.js";
+export function runDigitalTwinSimulation(input) {
+    const envelopeDecision = evaluateAutonomyEnvelopeV2({
+        taskId: input.scenarioId,
+        taskFamily: "digital-twin",
+        requestedSurfaces: input.requestedSurfaces,
+        allowedSurfaces: input.allowedSurfaces,
+        verificationPlan: input.verificationPlan,
+        commands: input.verificationPlan,
+        changedFiles: input.changedFiles,
+        allowedPaths: input.allowedPaths,
+        deniedPaths: input.deniedPaths,
+        allowedNetworkDomains: input.allowedNetworkDomains,
+        approvalPolicy: input.approvalPolicy,
+        requiresHumanApproval: input.requiresHumanApproval
+    });
+    const surfaceSignals = analyzeLoopSurface({
+        objective: input.objective,
+        verificationPlan: input.verificationPlan,
+        changedFiles: input.changedFiles
+    });
+    const protectedSurfaceTouched = input.changedFiles.some(isProtectedSurface);
+    const blastRadiusScore = clampScore(10 +
+        surfaceSignals.workspaceGraphRiskScore * 25 +
+        surfaceSignals.crossBoundaryRiskScore * 25 +
+        (protectedSurfaceTouched ? 20 : 0) +
+        (envelopeDecision.blockedSurfaces.includes("command") ? 20 : 0) +
+        (envelopeDecision.blockedSurfaces.includes("dependency") ? 15 : 0) +
+        (input.requiresHumanApproval ? 15 : 0));
+    const riskTier = classifyRiskTier(blastRadiusScore);
+    const rollbackConfidence = clampRatio(0.92 -
+        surfaceSignals.workspaceGraphRiskScore * 0.25 -
+        surfaceSignals.crossBoundaryRiskScore * 0.2 -
+        (protectedSurfaceTouched ? 0.15 : 0) -
+        (input.requiresHumanApproval ? 0.12 : 0) -
+        (envelopeDecision.blockedSurfaces.includes("command") ? 0.1 : 0));
+    const reasons = [...envelopeDecision.reasons];
+    if (protectedSurfaceTouched) {
+        reasons.push("protected release or deployment surface touched");
+    }
+    if (surfaceSignals.workspaceGraphRiskScore >= 0.5) {
+        reasons.push("workspace graph risk is elevated");
+    }
+    if (surfaceSignals.crossBoundaryRiskScore >= 0.5) {
+        reasons.push("cross-boundary change risk is elevated");
+    }
+    return {
+        scenarioId: input.scenarioId,
+        riskTier,
+        blastRadiusScore,
+        rollbackConfidence,
+        protectedSurfaceTouched,
+        requiresIndependentVerification: riskTier === "high" || riskTier === "critical" || protectedSurfaceTouched,
+        recommendedAction: riskTier === "critical"
+            ? "block"
+            : riskTier === "high" || envelopeDecision.decision === "escalate"
+                ? "require_review"
+                : "proceed",
+        reasons,
+        allowedClaimWording: "High-risk runs are simulated in a pre-merge digital twin with blast-radius scoring, rollback confidence, and explicit review recommendations.",
+        nonClaims: ["perfect predictive safety", "simulation replaces human judgment"]
+    };
+}
+function classifyRiskTier(score) {
+    if (score >= 80)
+        return "critical";
+    if (score >= 55)
+        return "high";
+    if (score >= 30)
+        return "medium";
+    return "low";
+}
+function isProtectedSurface(file) {
+    const normalized = file.replace(/\\/gu, "/").toLowerCase();
+    return (normalized.startsWith(".github/workflows/") ||
+        normalized.startsWith("deploy/") ||
+        normalized.startsWith("infra/") ||
+        normalized.includes("/migrations/") ||
+        normalized.endsWith("/package.json") ||
+        normalized === "package.json" ||
+        normalized === "pnpm-lock.yaml");
+}
+function clampScore(value) {
+    return Math.max(0, Math.min(100, Math.round(value)));
+}
+function clampRatio(value) {
+    return Math.max(0, Math.min(1, Math.round(value * 100) / 100));
+}
+//# sourceMappingURL=index.js.map

package/dist/vendor/core/drift/drift-graph.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Lightweight adjacency-list graph used by scope pruning (SLICE-02).
+ * Nodes are file paths (or symbol names). Edges represent import/reference
+ * relationships: for each node, the array contains its direct dependents.
+ */
+export interface DriftGraph {
+    /** Complete set of known node identifiers (file paths or symbol names). */
+    nodes: Set<string>;
+    /** Adjacency list: node → list of directly connected nodes (1 hop). */
+    edges: Record<string, string[]>;
+}
+export interface DriftReport {
+    changedExports: string[];
+    affectedImporters: Array<{
+        file: string;
+        importedSymbol: string;
+    }>;
+    /** Importers with no test coverage for the changed symbol */
+    unvalidatedDownstream: string[];
+    /** true only if unvalidatedDownstream is empty */
+    safe: boolean;
+}
+export interface DriftInput {
+    /** Workspace root — ts-morph will glob all .ts files under it */
+    rootDir: string;
+    /** Path of the changed file, relative to rootDir (forward slashes) */
+    changedFile: string;
+    /** List of exported symbol names that changed */
+    changedExports: string[];
+    /** List of test file paths (absolute or relative to rootDir) that cover the changed symbols */
+    testFiles: string[];
+}
+/**
+ * Builds a DriftReport by walking the workspace with ts-morph.
+ *
+ * Algorithm:
+ * 1. If changedExports is empty → safe: true immediately (no public API touched)
+ * 2. Walk all .ts files (excluding node_modules) looking for imports of any changed symbol
+ * 3. For each importer, check if a test file also imports the same changed symbol
+ * 4. Importers without test coverage → unvalidatedDownstream → safe: false
+ */
+export declare function buildDriftReport(input: DriftInput): Promise<DriftReport>;
+/**
+ * Builds and writes drift-report.json to the run output directory.
+ * Only writes if changedExports is non-empty (no drift = no report needed).
+ */
+export declare function emitDriftReport(input: DriftInput, runDir: string): Promise<DriftReport>;

package/dist/vendor/core/drift/drift-graph.js

@@ -0,0 +1,100 @@
+import { writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { Project } from "ts-morph";
+// ─── Core builder ─────────────────────────────────────────────────────────────
+/**
+ * Builds a DriftReport by walking the workspace with ts-morph.
+ *
+ * Algorithm:
+ * 1. If changedExports is empty → safe: true immediately (no public API touched)
+ * 2. Walk all .ts files (excluding node_modules) looking for imports of any changed symbol
+ * 3. For each importer, check if a test file also imports the same changed symbol
+ * 4. Importers without test coverage → unvalidatedDownstream → safe: false
+ */
+export async function buildDriftReport(input) {
+    if (input.changedExports.length === 0) {
+        return {
+            changedExports: [],
+            affectedImporters: [],
+            unvalidatedDownstream: [],
+            safe: true
+        };
+    }
+    const project = new Project({
+        skipAddingFilesFromTsConfig: true
+    });
+    // Add all .ts files from rootDir (not node_modules, not .d.ts)
+    project.addSourceFilesAtPaths([
+        normalizePath(join(input.rootDir, "**/*.ts")),
+        `!${normalizePath(join(input.rootDir, "**/node_modules/**"))}`,
+        `!${normalizePath(join(input.rootDir, "**/*.d.ts"))}`
+    ]);
+    const changedFilePath = normalizePath(join(input.rootDir, input.changedFile));
+    const affectedImporters = [];
+    for (const sourceFile of project.getSourceFiles()) {
+        const filePath = normalizePath(sourceFile.getFilePath());
+        // Skip the changed file itself
+        if (filePath === changedFilePath)
+            continue;
+        // Check import declarations for any of the changed symbols
+        for (const importDecl of sourceFile.getImportDeclarations()) {
+            const namedImports = importDecl.getNamedImports();
+            for (const namedImport of namedImports) {
+                const symbolName = namedImport.getName();
+                if (input.changedExports.includes(symbolName)) {
+                    affectedImporters.push({
+                        file: filePath,
+                        importedSymbol: symbolName
+                    });
+                }
+            }
+        }
+    }
+    // Determine which importers are test files (by path convention or explicit list)
+    const testFilePaths = new Set(input.testFiles.map(f => normalizePath(f.startsWith("/") || /^[A-Za-z]:/.test(f)
+        ? f
+        : join(input.rootDir, f))));
+    // Also treat files matching *.test.ts or *.spec.ts as test files
+    const testSymbolsCovered = new Set();
+    for (const importer of affectedImporters) {
+        const isTestFile = testFilePaths.has(importer.file) ||
+            /\.(test|spec)\.[tj]s$/.test(importer.file);
+        if (isTestFile) {
+            testSymbolsCovered.add(importer.importedSymbol);
+        }
+    }
+    // unvalidatedDownstream = non-test importers whose symbol has no test coverage
+    const unvalidatedDownstream = [];
+    for (const importer of affectedImporters) {
+        const isTestFile = testFilePaths.has(importer.file) ||
+            /\.(test|spec)\.[tj]s$/.test(importer.file);
+        if (!isTestFile && !testSymbolsCovered.has(importer.importedSymbol)) {
+            if (!unvalidatedDownstream.includes(importer.file)) {
+                unvalidatedDownstream.push(importer.file);
+            }
+        }
+    }
+    return {
+        changedExports: input.changedExports,
+        affectedImporters,
+        unvalidatedDownstream,
+        safe: unvalidatedDownstream.length === 0
+    };
+}
+// ─── Emitter ──────────────────────────────────────────────────────────────────
+/**
+ * Builds and writes drift-report.json to the run output directory.
+ * Only writes if changedExports is non-empty (no drift = no report needed).
+ */
+export async function emitDriftReport(input, runDir) {
+    const report = await buildDriftReport(input);
+    if (input.changedExports.length > 0) {
+        await writeFile(join(runDir, "drift-report.json"), JSON.stringify(report, null, 2), "utf8");
+    }
+    return report;
+}
+// ─── Internal helpers ─────────────────────────────────────────────────────────
+function normalizePath(p) {
+    return p.replace(/\\/g, "/");
+}
+//# sourceMappingURL=drift-graph.js.map