micro-contracts 0.9.0

package/dist/guardrails/manifest.js

@@ -0,0 +1,231 @@
+/**
+ * Generated artifact manifest management
+ *
+ * Creates and verifies manifests for generated files to detect tampering.
+ */
+import fs from 'fs';
+import path from 'path';
+import crypto from 'crypto';
+import { glob } from 'glob';
+/** Current manifest format version */
+const MANIFEST_VERSION = '1.0';
+/** Manifest file name */
+const MANIFEST_FILENAME = '.generated-manifest.json';
+/**
+ * Calculate SHA-256 hash of file content
+ */
+export function hashFile(filePath) {
+    const content = fs.readFileSync(filePath);
+    return crypto.createHash('sha256').update(content).digest('hex');
+}
+/**
+ * Get all generated files in a directory
+ */
+export async function getGeneratedFiles(baseDir, patterns = ['**/*']) {
+    const files = [];
+    for (const pattern of patterns) {
+        const matches = await glob(pattern, {
+            cwd: baseDir,
+            nodir: true,
+            ignore: [
+                '**/node_modules/**',
+                '**/.git/**',
+                MANIFEST_FILENAME,
+            ],
+        });
+        files.push(...matches);
+    }
+    // Deduplicate and sort
+    return [...new Set(files)].sort();
+}
+/**
+ * Generate manifest for a directory of generated files
+ */
+export async function generateManifest(baseDir, options = {}) {
+    const { generatorVersion = '1.0.0', sourceMap = new Map(), patterns = ['**/*'], } = options;
+    const files = await getGeneratedFiles(baseDir, patterns);
+    const fileInfos = {};
+    for (const relPath of files) {
+        const fullPath = path.join(baseDir, relPath);
+        if (!fs.existsSync(fullPath))
+            continue;
+        if (fs.statSync(fullPath).isDirectory())
+            continue;
+        const info = {
+            sha256: hashFile(fullPath),
+        };
+        // Add source if available
+        const source = sourceMap.get(relPath);
+        if (source) {
+            info.source = source;
+        }
+        fileInfos[relPath] = info;
+    }
+    return {
+        version: MANIFEST_VERSION,
+        generatedAt: new Date().toISOString(),
+        generatorVersion,
+        files: fileInfos,
+    };
+}
+/**
+ * Write manifest to file
+ */
+export function writeManifest(manifest, baseDir) {
+    const manifestPath = path.join(baseDir, MANIFEST_FILENAME);
+    fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2) + '\n');
+    return manifestPath;
+}
+/**
+ * Load manifest from file
+ */
+export function loadManifest(baseDir) {
+    const manifestPath = path.join(baseDir, MANIFEST_FILENAME);
+    if (!fs.existsSync(manifestPath)) {
+        return null;
+    }
+    try {
+        const content = fs.readFileSync(manifestPath, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Verify generated files against manifest
+ */
+export async function verifyManifest(baseDir) {
+    const manifest = loadManifest(baseDir);
+    if (!manifest) {
+        return {
+            valid: false,
+            mismatches: [{
+                    file: MANIFEST_FILENAME,
+                    reason: 'missing',
+                }],
+            manifestPath: path.join(baseDir, MANIFEST_FILENAME),
+        };
+    }
+    const mismatches = [];
+    // Check files in manifest
+    for (const [relPath, meta] of Object.entries(manifest.files)) {
+        const fullPath = path.join(baseDir, relPath);
+        if (!fs.existsSync(fullPath)) {
+            mismatches.push({
+                file: relPath,
+                reason: 'missing',
+            });
+            continue;
+        }
+        const actualHash = hashFile(fullPath);
+        if (actualHash !== meta.sha256) {
+            mismatches.push({
+                file: relPath,
+                reason: 'hash-mismatch',
+                expected: meta.sha256.slice(0, 16) + '...',
+                actual: actualHash.slice(0, 16) + '...',
+            });
+        }
+    }
+    // Check for extra files not in manifest
+    const currentFiles = await getGeneratedFiles(baseDir);
+    const manifestFiles = new Set(Object.keys(manifest.files));
+    for (const file of currentFiles) {
+        if (!manifestFiles.has(file)) {
+            mismatches.push({
+                file,
+                reason: 'extra',
+            });
+        }
+    }
+    return {
+        valid: mismatches.length === 0,
+        mismatches,
+        manifestPath: path.join(baseDir, MANIFEST_FILENAME),
+    };
+}
+/**
+ * Run manifest verification check
+ */
+export async function runManifestCheck(options) {
+    const start = Date.now();
+    const generatedDir = options.generatedDir || 'packages/';
+    try {
+        // Check if directory exists
+        if (!fs.existsSync(generatedDir)) {
+            return {
+                name: 'manifest',
+                status: 'skip',
+                duration: Date.now() - start,
+                message: `Generated directory not found: ${generatedDir}`,
+            };
+        }
+        const result = await verifyManifest(generatedDir);
+        if (result.valid) {
+            const manifest = loadManifest(generatedDir);
+            const fileCount = manifest ? Object.keys(manifest.files).length : 0;
+            return {
+                name: 'manifest',
+                status: 'pass',
+                duration: Date.now() - start,
+                message: `All ${fileCount} generated files match manifest`,
+            };
+        }
+        const details = result.mismatches.map(m => {
+            if (m.reason === 'missing') {
+                return `  - ${m.file}: FILE MISSING`;
+            }
+            else if (m.reason === 'hash-mismatch') {
+                return `  - ${m.file}: HASH MISMATCH\n    Expected: ${m.expected}\n    Actual:   ${m.actual}`;
+            }
+            else {
+                return `  - ${m.file}: EXTRA FILE (not in manifest)`;
+            }
+        });
+        return {
+            name: 'manifest',
+            status: 'fail',
+            duration: Date.now() - start,
+            message: `${result.mismatches.length} file(s) failed integrity check`,
+            details,
+        };
+    }
+    catch (error) {
+        return {
+            name: 'manifest',
+            status: 'fail',
+            duration: Date.now() - start,
+            message: error instanceof Error ? error.message : String(error),
+        };
+    }
+}
+/**
+ * Format manifest result for CLI output
+ */
+export function formatManifestResult(result) {
+    const lines = [];
+    if (result.valid) {
+        lines.push('✅ All generated files match manifest');
+    }
+    else {
+        lines.push('❌ Generated artifact integrity check failed:\n');
+        for (const m of result.mismatches) {
+            if (m.reason === 'missing') {
+                lines.push(`  - ${m.file}: FILE MISSING`);
+            }
+            else if (m.reason === 'hash-mismatch') {
+                lines.push(`  - ${m.file}: HASH MISMATCH`);
+                lines.push(`    Expected: ${m.expected}`);
+                lines.push(`    Actual:   ${m.actual}`);
+            }
+            else {
+                lines.push(`  - ${m.file}: EXTRA FILE (not in manifest)`);
+            }
+        }
+        lines.push('\n💡 Run `micro-contracts generate` to regenerate all artifacts.');
+        lines.push('💡 Do NOT edit files in packages/ directly.');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=manifest.js.map

package/dist/guardrails/manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../../src/guardrails/manifest.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAU5B,sCAAsC;AACtC,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAE/B,yBAAyB;AACzB,MAAM,iBAAiB,GAAG,0BAA0B,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,QAAgB;IACvC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAe,EACf,WAAqB,CAAC,MAAM,CAAC;IAE7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE;YAClC,GAAG,EAAE,OAAO;YACZ,KAAK,EAAE,IAAI;YACX,MAAM,EAAE;gBACN,oBAAoB;gBACpB,YAAY;gBACZ,iBAAiB;aAClB;SACF,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,uBAAuB;IACvB,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAe,EACf,UAII,EAAE;IAEN,MAAM,EACJ,gBAAgB,GAAG,OAAO,EAC1B,SAAS,GAAG,IAAI,GAAG,EAAE,EACrB,QAAQ,GAAG,CAAC,MAAM,CAAC,GACpB,GAAG,OAAO,CAAC;IAEZ,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACzD,MAAM,SAAS,GAAsC,EAAE,CAAC;IAExD,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,SAAS;QACvC,IAAI,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE;YAAE,SAAS;QAElD,MAAM,IAAI,GAAsB;YAC9B,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC;SAC3B,CAAC;QAEF,0BAA0B;QAC1B,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACvB,CAAC;QAED,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,gBAAgB;QAChB,KAAK,EAAE,SAAS;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAA2B,EAAE,OAAe;IACxE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAC3D,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACzE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IAE3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAsB,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAe;IAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,UAAU,EAAE,CAAC;oBACX,IAAI,EAAE,iBAAiB;oBACvB,MAAM,EAAE,SAAS;iBAClB,CAAC;YACF,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC;SACpD,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAuB,EAAE,CAAC;IAE1C,0BAA0B;IAC1B,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE7C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,SAAS;aAClB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEtC,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,eAAe;gBACvB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBAC1C,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aACxC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACtD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAE3D,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI;gBACJ,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;QAC9B,UAAU;QACV,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC;KACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAqB;IAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,WAAW,CAAC;IAEzD,IAAI,CAAC;QACH,4BAA4B;QAC5B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,OAAO,EAAE,kCAAkC,YAAY,EAAE;aAC1D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,YAAY,CAAC,CAAC;QAElD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAEpE,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC5B,OAAO,EAAE,OAAO,SAAS,iCAAiC;aAC3D,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;YACxC,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC3B,OAAO,OAAO,CAAC,CAAC,IAAI,gBAAgB,CAAC;YACvC,CAAC;iBAAM,IAAI,CAAC,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,OAAO,CAAC,CAAC,IAAI,kCAAkC,CAAC,CAAC,QAAQ,mBAAmB,CAAC,CAAC,MAAM,EAAE,CAAC;YAChG,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,CAAC,IAAI,gCAAgC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,iCAAiC;YACrE,OAAO;SACR,CAAC;IAEJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC5B,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAsB;IACzD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAE7D,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAClC,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,gBAAgB,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,CAAC,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;gBACxC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,iBAAiB,CAAC,CAAC;gBAC3C,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1C,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,gCAAgC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC/E,KAAK,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/guardrails/runner.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Check runner for guardrails
+ *
+ * Orchestrates running multiple guardrail checks.
+ * Supports both built-in checks and custom checks from guardrails.yaml.
+ */
+import type { CheckOptions, CheckSummary, CheckDefinition, GateNumber } from './types.js';
+/**
+ * Gate descriptions for display
+ */
+export declare const GATE_DESCRIPTIONS: Record<GateNumber, string>;
+/**
+ * Get list of available checks
+ */
+export declare function getAvailableChecks(options?: CheckOptions): CheckDefinition[];
+/**
+ * Extended check summary with gate info
+ */
+export interface CheckSummaryWithGates extends CheckSummary {
+    /** All checks with their gate assignments */
+    checks: CheckDefinition[];
+}
+/**
+ * Run all guardrail checks
+ */
+export declare function runAllChecks(options?: CheckOptions): Promise<CheckSummaryWithGates>;
+/**
+ * Format check results for CLI output
+ */
+export declare function formatCheckResults(summary: CheckSummary, verbose?: boolean, checksWithGates?: CheckDefinition[]): string;
+//# sourceMappingURL=runner.d.ts.map

package/dist/guardrails/runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../src/guardrails/runner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAe,YAAY,EAAE,eAAe,EAAsB,UAAU,EAAE,MAAM,YAAY,CAAC;AAU3H;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAMxD,CAAC;AA0FF;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,GAAE,YAAiB,GAAG,eAAe,EAAE,CAEhF;AA0BD;;GAEG;AACH,MAAM,WAAW,qBAAsB,SAAQ,YAAY;IACzD,6CAA6C;IAC7C,MAAM,EAAE,eAAe,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CA2C7F;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,YAAY,EACrB,OAAO,GAAE,OAAe,EACxB,eAAe,CAAC,EAAE,eAAe,EAAE,GAClC,MAAM,CA0GR"}

package/dist/guardrails/runner.js

@@ -0,0 +1,268 @@
+/**
+ * Check runner for guardrails
+ *
+ * Orchestrates running multiple guardrail checks.
+ * Supports both built-in checks and custom checks from guardrails.yaml.
+ */
+import { runAllowlistCheck } from './allowlist.js';
+import { runDriftCheck } from './drift.js';
+import { runManifestCheck } from './manifest.js';
+import { runCustomCommandCheck } from './lint.js';
+import { runSecurityCheck } from './security.js';
+import { loadGuardrailsConfigWithPath } from './config.js';
+/**
+ * Gate descriptions for display
+ */
+export const GATE_DESCRIPTIONS = {
+    1: 'Change Allowlist',
+    2: 'OpenAPI Contract Validation',
+    3: 'Generated Artifact Integrity',
+    4: 'Code Quality',
+    5: 'Doc Consistency & Static Analysis',
+};
+/**
+ * Built-in checks (always available)
+ */
+const builtinChecks = [
+    {
+        name: 'allowlist',
+        description: 'Verify changes are within allowed paths',
+        gate: 1,
+        run: runAllowlistCheck,
+    },
+    {
+        name: 'drift',
+        description: 'Check for uncommitted generated file changes',
+        gate: 3,
+        run: runDriftCheck,
+    },
+    {
+        name: 'manifest',
+        description: 'Verify generated artifact integrity',
+        gate: 3,
+        run: runManifestCheck,
+    },
+    {
+        name: 'security',
+        description: 'Verify security declarations match implementations',
+        gate: 5,
+        run: runSecurityCheck,
+    },
+];
+/**
+ * Legacy built-in checks (deprecated - use guardrails.yaml checks instead)
+ * These are only included if no custom checks are defined in guardrails.yaml
+ */
+const legacyChecks = [
+// Removed: use spec-lint in guardrails.yaml instead
+// Removed: use code-typecheck in guardrails.yaml instead
+// Removed: use docs-sync, docs-links in guardrails.yaml instead
+];
+/**
+ * Load custom checks from guardrails.yaml
+ */
+function loadCustomChecks(options) {
+    const { config } = loadGuardrailsConfigWithPath(options.guardrailsPath);
+    const customChecks = [];
+    if (config?.checks) {
+        for (const [name, checkConfig] of Object.entries(config.checks)) {
+            if (!checkConfig || checkConfig.enabled === false) {
+                continue;
+            }
+            customChecks.push({
+                name,
+                description: `Custom check: ${name}`,
+                gate: checkConfig.gate,
+                run: (opts) => runCustomCommandCheck(name, checkConfig.command, opts),
+            });
+        }
+    }
+    return customChecks;
+}
+/**
+ * Get all available checks (built-in + custom)
+ */
+function getAllChecks(options) {
+    const customChecks = loadCustomChecks(options);
+    const customNames = new Set(customChecks.map(c => c.name));
+    // Start with built-in checks
+    const allChecks = [...builtinChecks];
+    // Add legacy checks only if not overridden by custom checks
+    for (const legacyCheck of legacyChecks) {
+        if (!customNames.has(legacyCheck.name)) {
+            allChecks.push(legacyCheck);
+        }
+    }
+    // Add custom checks
+    allChecks.push(...customChecks);
+    return allChecks;
+}
+/**
+ * Get list of available checks
+ */
+export function getAvailableChecks(options = {}) {
+    return getAllChecks(options);
+}
+/**
+ * Filter checks based on options
+ */
+function filterChecks(allChecks, options) {
+    let filtered = [...allChecks];
+    // Filter by --gate (highest priority)
+    if (options.gates && options.gates.length > 0) {
+        filtered = filtered.filter(c => c.gate !== undefined && options.gates.includes(c.gate));
+    }
+    // Filter by --only
+    if (options.only && options.only.length > 0) {
+        filtered = filtered.filter(c => options.only.includes(c.name));
+    }
+    // Filter by --skip
+    if (options.skip && options.skip.length > 0) {
+        filtered = filtered.filter(c => !options.skip.includes(c.name));
+    }
+    return filtered;
+}
+/**
+ * Run all guardrail checks
+ */
+export async function runAllChecks(options = {}) {
+    const results = [];
+    const allChecks = getAllChecks(options);
+    const checksToRun = filterChecks(allChecks, options);
+    const skippedChecks = allChecks.filter(c => !checksToRun.includes(c));
+    // Add skipped results
+    for (const check of skippedChecks) {
+        results.push({
+            name: check.name,
+            status: 'skip',
+            duration: 0,
+            message: 'Skipped by filter',
+        });
+    }
+    // Run enabled checks
+    for (const check of checksToRun) {
+        try {
+            const result = await check.run(options);
+            results.push(result);
+        }
+        catch (error) {
+            results.push({
+                name: check.name,
+                status: 'fail',
+                duration: 0,
+                message: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    // Calculate summary
+    const passed = results.filter(r => r.status === 'pass').length;
+    const failed = results.filter(r => r.status === 'fail').length;
+    const skipped = results.filter(r => r.status === 'skip').length;
+    return {
+        passed,
+        failed,
+        skipped,
+        results,
+        checks: allChecks,
+    };
+}
+/**
+ * Format check results for CLI output
+ */
+export function formatCheckResults(summary, verbose = false, checksWithGates) {
+    const lines = [];
+    lines.push('');
+    lines.push('🔍 AI Guardrail Check Results');
+    lines.push('═'.repeat(50));
+    lines.push('');
+    // Build a map of check name -> gate for display
+    const gateMap = new Map();
+    if (checksWithGates) {
+        for (const check of checksWithGates) {
+            gateMap.set(check.name, check.gate);
+        }
+    }
+    // Group results by gate if gate info is available
+    const hasGateInfo = checksWithGates && checksWithGates.some(c => c.gate !== undefined);
+    if (hasGateInfo && verbose) {
+        // Group by gate for verbose output
+        const byGate = new Map();
+        for (const result of summary.results) {
+            const gate = gateMap.get(result.name);
+            if (!byGate.has(gate)) {
+                byGate.set(gate, []);
+            }
+            byGate.get(gate).push(result);
+        }
+        // Output by gate
+        const sortedGates = [...byGate.keys()].sort((a, b) => {
+            if (a === undefined)
+                return 1;
+            if (b === undefined)
+                return -1;
+            return a - b;
+        });
+        for (const gate of sortedGates) {
+            const results = byGate.get(gate);
+            if (gate !== undefined) {
+                lines.push(`  Gate ${gate}: ${GATE_DESCRIPTIONS[gate]}`);
+                lines.push('  ' + '─'.repeat(40));
+            }
+            else {
+                lines.push(`  Other Checks:`);
+                lines.push('  ' + '─'.repeat(40));
+            }
+            for (const result of results) {
+                const icon = result.status === 'pass' ? '✓' : result.status === 'fail' ? '✗' : '○';
+                const status = result.status.toUpperCase().padEnd(4);
+                lines.push(`    ${icon} ${result.name.padEnd(20)} ${status} (${result.duration}ms)`);
+                if (result.message && (verbose || result.status !== 'pass')) {
+                    lines.push(`      ${result.message}`);
+                }
+                if (verbose && result.details) {
+                    for (const detail of result.details) {
+                        lines.push(`      ${detail}`);
+                    }
+                }
+            }
+            lines.push('');
+        }
+    }
+    else {
+        // Flat output
+        for (const result of summary.results) {
+            const icon = result.status === 'pass' ? '✓' : result.status === 'fail' ? '✗' : '○';
+            const status = result.status.toUpperCase().padEnd(4);
+            const gate = gateMap.get(result.name);
+            const gateStr = gate !== undefined ? `[G${gate}] ` : '';
+            lines.push(`  ${icon} ${gateStr}${result.name.padEnd(20)} ${status} (${result.duration}ms)`);
+            if (result.message && (verbose || result.status !== 'pass')) {
+                lines.push(`    ${result.message}`);
+            }
+            if (verbose && result.details) {
+                for (const detail of result.details) {
+                    lines.push(`    ${detail}`);
+                }
+            }
+        }
+    }
+    // Summary
+    lines.push('');
+    lines.push('─'.repeat(50));
+    lines.push('');
+    lines.push(`  Passed:  ${summary.passed}`);
+    lines.push(`  Failed:  ${summary.failed}`);
+    if (summary.skipped > 0) {
+        lines.push(`  Skipped: ${summary.skipped}`);
+    }
+    lines.push('');
+    if (summary.failed > 0) {
+        lines.push('❌ Some checks failed. Fix issues before committing.');
+    }
+    else {
+        lines.push('✅ All checks passed!');
+    }
+    lines.push('');
+    return lines.join('\n');
+}
+//# sourceMappingURL=runner.js.map

package/dist/guardrails/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../src/guardrails/runner.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAgB,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAE3D;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA+B;IAC3D,CAAC,EAAE,kBAAkB;IACrB,CAAC,EAAE,6BAA6B;IAChC,CAAC,EAAE,8BAA8B;IACjC,CAAC,EAAE,cAAc;IACjB,CAAC,EAAE,mCAAmC;CACvC,CAAC;AAEF;;GAEG;AACH,MAAM,aAAa,GAAsB;IACvC;QACE,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,iBAAiB;KACvB;IACD;QACE,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,8CAA8C;QAC3D,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,aAAa;KACnB;IACD;QACE,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,qCAAqC;QAClD,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,gBAAgB;KACtB;IACD;QACE,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,oDAAoD;QACjE,IAAI,EAAE,CAAC;QACP,GAAG,EAAE,gBAAgB;KACtB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,YAAY,GAAsB;AACtC,oDAAoD;AACpD,yDAAyD;AACzD,gEAAgE;CACjE,CAAC;AAEF;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAqB;IAC7C,MAAM,EAAE,MAAM,EAAE,GAAG,4BAA4B,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACxE,MAAM,YAAY,GAAsB,EAAE,CAAC;IAE3C,IAAI,MAAM,EAAE,MAAM,EAAE,CAAC;QACnB,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gBAClD,SAAS;YACX,CAAC;YAED,YAAY,CAAC,IAAI,CAAC;gBAChB,IAAI;gBACJ,WAAW,EAAE,iBAAiB,IAAI,EAAE;gBACpC,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC;aACtE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,OAAqB;IACzC,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAE3D,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC;IAErC,4DAA4D;IAC5D,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAEhC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAwB,EAAE;IAC3D,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,SAA4B,EAAE,OAAqB;IACvE,IAAI,QAAQ,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;IAE9B,sCAAsC;IACtC,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC,KAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3F,CAAC;IAED,mBAAmB;IACnB,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,IAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,mBAAmB;IACnB,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,IAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAUD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAwB,EAAE;IAC3D,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEtE,sBAAsB;IACtB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,CAAC;YACX,OAAO,EAAE,mBAAmB;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,CAAC;gBACX,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAChE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAEhE,OAAO;QACL,MAAM;QACN,MAAM;QACN,OAAO;QACP,OAAO;QACP,MAAM,EAAE,SAAS;KAClB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAqB,EACrB,UAAmB,KAAK,EACxB,eAAmC;IAEnC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC5C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,gDAAgD;IAChD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkC,CAAC;IAC1D,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,MAAM,WAAW,GAAG,eAAe,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAEvF,IAAI,WAAW,IAAI,OAAO,EAAE,CAAC;QAC3B,mCAAmC;QACnC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkD,CAAC;QACzE,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACvB,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,iBAAiB;QACjB,MAAM,WAAW,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACnD,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,CAAC,CAAC,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,CAAC,CAAC,CAAC;QAEH,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;YAClC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,KAAK,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACzD,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;YACpC,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACnF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAErD,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC;gBAErF,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,CAAC;oBAC5D,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;gBACxC,CAAC;gBAED,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC9B,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpC,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;oBAChC,CAAC;gBACH,CAAC;YACH,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,cAAc;QACd,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACnF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAExD,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC;YAE7F,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,EAAE,CAAC;gBAC5D,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACtC,CAAC;YAED,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC9B,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpC,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,IAAI,OAAO,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACrC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/guardrails/security.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Security consistency check for guardrails
+ *
+ * Verifies that security declarations in OpenAPI specs (x-auth, x-authz, x-middleware)
+ * have corresponding implementations.
+ */
+import type { CheckResult, CheckOptions } from './types.js';
+import type { OpenAPISpec } from '../types.js';
+export interface SecurityIssue {
+    spec: string;
+    path: string;
+    method: string;
+    issue: string;
+}
+/**
+ * Extract exported function names from TypeScript files
+ */
+export declare function getImplementedOverlays(overlayDir: string): Promise<Set<string>>;
+/**
+ * Check a single OpenAPI spec for security consistency
+ */
+export declare function checkSecurityConsistency(specPath: string, spec: OpenAPISpec, implementedOverlays: Set<string>): SecurityIssue[];
+/**
+ * Find overlay implementation directories
+ */
+export declare function findOverlayDirs(): Promise<string[]>;
+/**
+ * Run security consistency check
+ */
+export declare function runSecurityCheck(options: CheckOptions): Promise<CheckResult>;
+//# sourceMappingURL=security.d.ts.map

package/dist/guardrails/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/guardrails/security.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC5D,OAAO,KAAK,EAAE,WAAW,EAAmB,MAAM,aAAa,CAAC;AAEhE,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CA2BrF;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,WAAW,EACjB,mBAAmB,EAAE,GAAG,CAAC,MAAM,CAAC,GAC/B,aAAa,EAAE,CAoDjB;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAsBzD;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAmFlF"}