projscan 4.16.0 → 4.17.0

package/README.md

@@ -25,8 +25,9 @@ Use projscan when an agent asks one of these questions:
 - Which proof commands should I run before handoff?
 - Which risks need fixes, reviewer attention, or release sign-off?
 - Which risk should I fix first?
+- Did the agent stay inside the approved change boundary?
 
-projscan runs core scans on your machine. It respects `.gitignore`, keeps `.env` values out of scans unless you opt in, and exposes the same evidence through a CLI and a 48-tool MCP server. The language layer uses 11 AST adapters covering 12 named languages.
+projscan runs core scans on your machine. It respects `.gitignore`, keeps `.env` values out of scans unless you opt in, and exposes the same evidence through a CLI and a 49-tool MCP server. The language layer uses 11 AST adapters covering 12 named languages.
 
 ```text
 Your agent / engineer
@@ -41,6 +42,8 @@ Your agent / engineer
   |                         |              |              +- allowed files
   |                         |              |              +- forbidden files
   |                         |              |              +- proof receipt
+  |                         |              |              +- change passport
+  |                         |              |              +- live guard
   |                         |              +- bounded extraction       |
   |                         |              +- regression test first    |
   |                         |              +- leave unchanged          |
@@ -104,6 +107,7 @@ projscan prove --intent "is my agent allowed to change billing retry logic?" --s
 # Make the bounded edit, then run the proof command.
 projscan prove --run -- npm test -- tests/billing/retry.test.ts
 projscan prove --changed --contract .projscan/proof-contract.json --format markdown
+projscan passport --contract .projscan/proof-contract.json --format markdown
 ```
 
 The command path is `start -> prove -> run -> changed`. Make the bounded edit after the contract exists and before `prove --run`. `start` chooses the contract workflow. `prove --intent` writes `.projscan/proof-contract.json` only when `--save-contract` is present. `prove --run -- <command...>` executes a local proof command, records the exit code, captures a redacted log, and fingerprints the current changed files. `prove --record-command` remains available for imported CI or external evidence when projscan did not run the command. `prove --changed` checks the current working tree against the contract and local ledger.
@@ -119,6 +123,22 @@ Saved contracts are the source of truth for `prove --changed`; update the contra
 
 Every `prove` report includes `verifiedWorkflow`, a compact JSON summary for agents and MCP clients. It names the phase, next action, next command, scope status, proof status, proof sufficiency status, risk delta direction, reviewer decision, and stale/missing/failed proof flags.
 
+`projscan passport` turns the contract and receipt into one handoff artifact. It names allowed files, forbidden files, changed files, proof replay status, Proof Sufficiency, reviewer action, and next commands. Save it when a reviewer or another agent needs the whole change story in one JSON file:
+
+```bash
+projscan passport \
+  --intent "is my agent allowed to change billing retry logic?" \
+  --save-contract .projscan/proof-contract.json \
+  --output .projscan/passport.json
+```
+
+`projscan guard` checks the current working tree against a saved Proof Contract. Use it after an agent edits files, or run `--watch` during a session:
+
+```bash
+projscan guard --contract .projscan/proof-contract.json
+projscan guard --contract .projscan/proof-contract.json --watch
+```
+
 Success criteria: the reviewer sees scope, proof execution, proof freshness, and sufficiency for the changed risk surface.
 
 ### Before handoff or commit
@@ -222,6 +242,28 @@ npm run docs:screenshots
 npm run docs:demos
 ```
 
+## 4.17.0 Notes
+
+4.17.0 ships the Agent Change Passport and Live Guard:
+
+- `projscan passport --intent "<task>" --save-contract .projscan/proof-contract.json`
+  creates a Proof Contract, checks the current working tree, and returns one
+  local passport with boundary, receipt, proof replay, Proof Sufficiency,
+  reviewer action, and next commands.
+- `projscan passport --contract .projscan/proof-contract.json --output
+  .projscan/passport.json` writes a JSON handoff artifact. ProjScan writes to
+  `.projscan/passport.json` or `.projscan/passports/<name>.json`, rejects
+  traversal, checks symlink paths, and refuses to overwrite unrelated files.
+- `projscan guard --contract .projscan/proof-contract.json` reports whether the
+  current diff stayed inside the approved boundary. `--watch` polls during an
+  agent session, and `--fail-on-drift` exits non-zero when the guard sees drift.
+- MCP now includes `projscan_passport`, bringing the MCP surface to 49 tools.
+  The tool returns passport evidence for agents without adding proof-command
+  execution to MCP.
+- Passport can attach Baseframe assessment evidence with `--task-id <id>
+  --emit-baseframe`, while ProjScan limits ownership to its assessment artifact
+  and shared manifest update.
+
 ## 4.16.0 Notes
 
 4.16.0 ships Baseframe Suite assessment export:
@@ -385,6 +427,8 @@ npx -y projscan mcp --watch
 | Is this refactor worth doing?                | `projscan simulate --plan "split bugHunt.ts into ranking, evidence, and output modules"` |
 | Is my agent allowed to make this change?     | `projscan start --intent "is my agent allowed to change billing retry logic?"`           |
 | Did the change stay inside scope?            | `projscan prove --changed --contract .projscan/proof-contract.json --format markdown`    |
+| Can a reviewer trust this agent handoff?     | `projscan passport --contract .projscan/proof-contract.json --format markdown`           |
+| Is the agent drifting from the contract?     | `projscan guard --contract .projscan/proof-contract.json`                                |
 | Which files have high risk and low coverage? | `projscan coverage --format json`                                                        |
 | What should my agent do next?                | `projscan workplan --format json`                                                        |
 | Which proof belongs in this PR?              | `projscan evidence-pack --pr-comment`                                                    |
@@ -400,6 +444,8 @@ npx -y projscan mcp --watch
 | `projscan assess`         | proof-first assessment with Proof Cards, risk delta, and fix-first guidance |
 | `projscan simulate`       | risk delta simulator for a proposed change plan before editing              |
 | `projscan prove`          | executable Proof Contracts, Verified Workflow JSON, and Proof Receipts      |
+| `projscan passport`       | local change passport with boundary, receipt, proof, and reviewer action    |
+| `projscan guard`          | current working tree check against a saved Proof Contract                   |
 | `projscan evidence-pack`  | review evidence with risks, owners, proof receipts, and next commands       |
 | `projscan bug-hunt`       | ranked fix queue from health, hotspots, session, and preflight evidence     |
 | `projscan workplan`       | ordered agent tasks with proof and handoff text                             |
@@ -604,7 +650,7 @@ Supply-chain scanners may flag package strings or APIs used by `git`, `npm audit
 
 ## Install Notes
 
-`projscan@4.16.0` has seven direct runtime dependencies:
+`projscan@4.17.0` has seven direct runtime dependencies:
 
 - `@babel/parser`
 - `@babel/types`
@@ -614,7 +660,7 @@ Supply-chain scanners may flag package strings or APIs used by `git`, `npm audit
 - `ora`
 - `web-tree-sitter`
 
-If npm prints `allow-scripts` warnings during a global install, check which package names it lists. projscan core does not need `node-gyp` grammar builds at runtime in 4.16.0. Open an issue with the warning text if npm reports install scripts from `projscan@latest`, or run `projscan feedback intake --text "<warning text>" --format json` to turn it into a focused setup-trust task.
+If npm prints `allow-scripts` warnings during a global install, check which package names it lists. projscan core does not need `node-gyp` grammar builds at runtime in 4.17.0. Open an issue with the warning text if npm reports install scripts from `projscan@latest`, or run `projscan feedback intake --text "<warning text>" --format json` to turn it into a focused setup-trust task.
 
 The grammar packages are build-time sources, not global-install dependencies. Published grammar assets include `tree-sitter-python.wasm` and `tree-sitter-c_sharp.wasm`.
 

package/dist/cli/commands/guard.d.ts

@@ -0,0 +1,3 @@
+import type { GuardReport } from '../../types/guard.js';
+export declare function registerGuard(): void;
+export declare function renderGuardMarkdown(report: GuardReport): string;

package/dist/cli/commands/guard.js

@@ -0,0 +1,158 @@
+import chalk from 'chalk';
+import { assertFormatSupported, getRootPath, maybeCompactBanner, program, setupLogLevel, } from '../_shared.js';
+import { computeGuard } from '../../core/guard.js';
+import { escapeMarkdownText, markdownInlineCode } from '../../core/markdownSafety.js';
+export function registerGuard() {
+    program
+        .command('guard')
+        .description('Check the current working tree against a saved Proof Contract')
+        .option('--contract <path>', 'Proof Contract JSON path')
+        .option('--base-ref <ref>', 'base ref for changed-file detection')
+        .option('--ledger <path>', 'proof ledger JSONL path')
+        .option('--fail-on-drift', 'exit non-zero when scope drift or missing contract is detected')
+        .option('--watch', 'poll for guard status changes until interrupted')
+        .option('--interval-ms <ms>', 'watch poll interval in milliseconds', parsePositiveInt, 2000)
+        .action(async (cmdOpts) => {
+        setupLogLevel();
+        maybeCompactBanner();
+        const format = assertFormatSupported('guard');
+        try {
+            const options = {
+                contractPath: cmdOpts.contract,
+                baseRef: cmdOpts.baseRef,
+                ledgerPath: cmdOpts.ledger,
+            };
+            if (cmdOpts.watch) {
+                await watchGuard(options, {
+                    format,
+                    intervalMs: cmdOpts.intervalMs,
+                    failOnDrift: Boolean(cmdOpts.failOnDrift),
+                });
+                return;
+            }
+            const report = await computeGuard(getRootPath(), options);
+            printGuard(report, format);
+            if (cmdOpts.failOnDrift && (report.status === 'drift' || report.status === 'blocked')) {
+                process.exit(report.exitCode);
+            }
+        }
+        catch (err) {
+            console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+            process.exit(1);
+        }
+    });
+}
+async function watchGuard(options, settings) {
+    let last = '';
+    let stopped = false;
+    const stop = () => {
+        stopped = true;
+    };
+    process.once('SIGINT', stop);
+    while (!stopped) {
+        const report = await computeGuard(getRootPath(), options);
+        const key = JSON.stringify({
+            status: report.status,
+            drift: report.drift.files,
+            proof: report.proof.status,
+            missing: report.proof.missingCommands,
+            stale: report.proof.staleCommands,
+            failed: report.proof.failedCommands,
+        });
+        if (key !== last) {
+            printGuard(report, settings.format);
+            last = key;
+            if (settings.failOnDrift && (report.status === 'drift' || report.status === 'blocked')) {
+                process.exit(report.exitCode);
+            }
+        }
+        await delay(settings.intervalMs);
+    }
+}
+function printGuard(report, format) {
+    if (format === 'json') {
+        console.log(JSON.stringify(report, null, 2));
+        return;
+    }
+    if (format === 'markdown') {
+        console.log(renderGuardMarkdown(report));
+        return;
+    }
+    printGuardConsole(report);
+}
+function printGuardConsole(report) {
+    const color = report.status === 'blocked' || report.status === 'drift'
+        ? chalk.red
+        : report.status === 'attention'
+            ? chalk.yellow
+            : chalk.green;
+    console.log(color(`Projscan Guard: ${report.status}`));
+    console.log(report.summary);
+    console.log('');
+    console.log(chalk.bold('Drift'));
+    printList(report.drift.files, 'No scope drift detected');
+    console.log('');
+    console.log(chalk.bold('Proof'));
+    console.log(`- status: ${report.proof.status}`);
+    console.log(`- sufficiency: ${report.proof.sufficiencyStatus ?? 'unknown'}`);
+    printList(report.proof.missingCommands.slice(0, 5), 'No missing proof commands');
+}
+export function renderGuardMarkdown(report) {
+    const lines = [
+        '# Projscan Guard',
+        '',
+        `- **Status:** ${report.status}`,
+        `- **Summary:** ${escapeMarkdownText(report.summary)}`,
+        `- **Reviewer action:** ${report.reviewerAction}`,
+        `- **Exit code:** ${report.exitCode}`,
+        '',
+        '## Drift',
+        '',
+    ];
+    renderList(lines, report.drift.files);
+    lines.push('');
+    lines.push('## Proof');
+    lines.push('');
+    lines.push(`- **Status:** ${report.proof.status}`);
+    lines.push(`- **Sufficiency:** ${report.proof.sufficiencyStatus ?? 'unknown'}`);
+    renderCommandGroup(lines, 'Missing', report.proof.missingCommands);
+    renderCommandGroup(lines, 'Failed', report.proof.failedCommands);
+    renderCommandGroup(lines, 'Stale', report.proof.staleCommands);
+    return lines.join('\n');
+}
+function renderCommandGroup(lines, label, values) {
+    lines.push(`- **${label}:**`);
+    if (values.length === 0) {
+        lines.push('  - none');
+        return;
+    }
+    for (const value of values)
+        lines.push(`  - ${markdownInlineCode(value)}`);
+}
+function renderList(lines, values) {
+    if (values.length === 0) {
+        lines.push('- none');
+        return;
+    }
+    for (const value of values)
+        lines.push(`- ${markdownInlineCode(value)}`);
+}
+function printList(values, empty) {
+    if (values.length === 0) {
+        console.log(`- ${empty}`);
+        return;
+    }
+    for (const value of values)
+        console.log(`- ${value}`);
+}
+function parsePositiveInt(value) {
+    const parsed = Number.parseInt(value, 10);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        throw new Error('value must be a positive integer');
+    }
+    return parsed;
+}
+function delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+//# sourceMappingURL=guard.js.map

package/dist/cli/commands/guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.js","sourceRoot":"","sources":["../../../src/cli/commands/guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,kBAAkB,EAClB,OAAO,EACP,aAAa,GACd,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGtF,MAAM,UAAU,aAAa;IAC3B,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,+DAA+D,CAAC;SAC5E,MAAM,CAAC,mBAAmB,EAAE,0BAA0B,CAAC;SACvD,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;SACjE,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;SACpD,MAAM,CAAC,iBAAiB,EAAE,gEAAgE,CAAC;SAC3F,MAAM,CAAC,SAAS,EAAE,iDAAiD,CAAC;SACpE,MAAM,CAAC,oBAAoB,EAAE,qCAAqC,EAAE,gBAAgB,EAAE,IAAI,CAAC;SAC3F,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,aAAa,EAAE,CAAC;QAChB,kBAAkB,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAE9C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG;gBACd,YAAY,EAAE,OAAO,CAAC,QAAQ;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,UAAU,EAAE,OAAO,CAAC,MAAM;aAC3B,CAAC;YACF,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,MAAM,UAAU,CAAC,OAAO,EAAE;oBACxB,MAAM;oBACN,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;iBAC1C,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAC1D,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC3B,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;gBACtF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAyE,EACzE,QAAsE;IAEtE,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,IAAI,GAAG,GAAS,EAAE;QACtB,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC7B,OAAO,CAAC,OAAO,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;YAC1B,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,eAAe;YACrC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,aAAa;YACjC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,cAAc;SACpC,CAAC,CAAC;QACH,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YACpC,IAAI,GAAG,GAAG,CAAC;YACX,IAAI,QAAQ,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;gBACvF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QACD,MAAM,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAmB,EAAE,MAAc;IACrD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IACD,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IACD,iBAAiB,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAmB;IAC5C,MAAM,KAAK,GACT,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO;QACtD,CAAC,CAAC,KAAK,CAAC,GAAG;QACX,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,WAAW;YAC7B,CAAC,CAAC,KAAK,CAAC,MAAM;YACd,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;IACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,mBAAmB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACjC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,SAAS,EAAE,CAAC,CAAC;IAC7E,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAmB;IACrD,MAAM,KAAK,GAAG;QACZ,kBAAkB;QAClB,EAAE;QACF,iBAAiB,MAAM,CAAC,MAAM,EAAE;QAChC,kBAAkB,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE;QACtD,0BAA0B,MAAM,CAAC,cAAc,EAAE;QACjD,oBAAoB,MAAM,CAAC,QAAQ,EAAE;QACrC,EAAE;QACF,UAAU;QACV,EAAE;KACH,CAAC;IACF,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,SAAS,EAAE,CAAC,CAAC;IAChF,kBAAkB,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACnE,kBAAkB,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACjE,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAC/D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAe,EAAE,KAAa,EAAE,MAAgB;IAC1E,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;IAC9B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,OAAO;IACT,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,UAAU,CAAC,KAAe,EAAE,MAAgB;IACnD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,SAAS,CAAC,MAAgB,EAAE,KAAa;IAChD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,MAAM;QAAE,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/cli/commands/passport.d.ts

@@ -0,0 +1,3 @@
+import type { AgentChangePassport } from '../../types/passport.js';
+export declare function registerPassport(): void;
+export declare function renderPassportMarkdown(passport: AgentChangePassport): string;

package/dist/cli/commands/passport.js

@@ -0,0 +1,154 @@
+import chalk from 'chalk';
+import { assertFormatSupported, getRootPath, loadProjectConfig, maybeCompactBanner, program, setupLogLevel, } from '../_shared.js';
+import { computePassport } from '../../core/passport.js';
+import { escapeMarkdownText, markdownInlineCode } from '../../core/markdownSafety.js';
+export function registerPassport() {
+    program
+        .command('passport')
+        .description('Create an Agent Change Passport from a Proof Contract and current proof receipt')
+        .option('--intent <text>', 'plain-language change intent to contract before or during work')
+        .option('--contract <path>', 'existing Proof Contract JSON path')
+        .option('--save-contract <path>', 'write the generated Proof Contract JSON when --intent is supplied')
+        .option('--output <path>', 'write passport JSON to .projscan/passport.json or .projscan/passports/<name>.json')
+        .option('--max-files <count>', 'maximum likely touched files to include in a generated contract', parsePositiveInt)
+        .option('--feedback <path>', 'local projscan feedback artifact to apply as trust memory')
+        .option('--base-ref <ref>', 'base ref for changed-file detection')
+        .option('--ledger <path>', 'proof ledger JSONL path')
+        .option('--task-id <id>', 'Baseframe task ID for attached assessment evidence')
+        .option('--emit-baseframe', 'write the Baseframe ProjScan assessment artifact')
+        .action(async (cmdOpts) => {
+        setupLogLevel();
+        maybeCompactBanner();
+        const format = assertFormatSupported('passport');
+        try {
+            const config = await loadProjectConfig();
+            const passport = await computePassport(getRootPath(), {
+                intent: cmdOpts.intent,
+                contractPath: cmdOpts.contract,
+                saveContractPath: cmdOpts.saveContract,
+                outputPath: cmdOpts.output,
+                maxFiles: cmdOpts.maxFiles,
+                feedbackPath: cmdOpts.feedback,
+                baseRef: cmdOpts.baseRef,
+                ledgerPath: cmdOpts.ledger,
+                taskId: cmdOpts.taskId,
+                emitBaseframe: Boolean(cmdOpts.emitBaseframe),
+                proofRecipes: config.proofRecipes,
+            });
+            if (format === 'json') {
+                console.log(JSON.stringify(passport, null, 2));
+                return;
+            }
+            if (format === 'markdown') {
+                console.log(renderPassportMarkdown(passport));
+                return;
+            }
+            printPassportConsole(passport);
+        }
+        catch (err) {
+            console.error(chalk.red(err instanceof Error ? err.message : String(err)));
+            process.exit(1);
+        }
+    });
+}
+function printPassportConsole(passport) {
+    const color = passport.status === 'blocked' || passport.status === 'drifted'
+        ? chalk.red
+        : passport.status === 'needs-proof'
+            ? chalk.yellow
+            : chalk.green;
+    console.log(color(`Projscan Passport: ${passport.status}`));
+    console.log(passport.summary);
+    console.log('');
+    console.log(chalk.bold('Reviewer'));
+    console.log(`- decision: ${passport.reviewer.decision}`);
+    console.log(`- action: ${passport.reviewer.action}`);
+    console.log(`- ${passport.reviewer.summary}`);
+    console.log('');
+    console.log(chalk.bold('Boundary'));
+    printList(passport.boundary.allowedFiles.slice(0, 8), 'No allowed files in contract');
+    if (passport.boundary.forbiddenFiles.length > 0) {
+        console.log('');
+        console.log(chalk.bold('Forbidden'));
+        printList(passport.boundary.forbiddenFiles.slice(0, 8), 'No forbidden files in contract');
+    }
+    console.log('');
+    console.log(chalk.bold('Receipt'));
+    console.log(`- scope: ${passport.receipt.scopeStatus}`);
+    console.log(`- proof: ${passport.receipt.proofStatus}`);
+    console.log(`- sufficiency: ${passport.receipt.proofSufficiencyStatus ?? 'unknown'}`);
+    console.log(`- changed files: ${passport.receipt.changedFiles.length}`);
+    console.log('');
+    console.log(chalk.bold('Next Commands'));
+    printList(passport.nextCommands.slice(0, 8), 'No next commands');
+}
+export function renderPassportMarkdown(passport) {
+    const lines = [
+        '# Projscan Agent Change Passport',
+        '',
+        `- **Status:** ${passport.status}`,
+        `- **Summary:** ${escapeMarkdownText(passport.summary)}`,
+        `- **Reviewer action:** ${passport.reviewer.action}`,
+        `- **Reviewer decision:** ${passport.reviewer.decision}`,
+    ];
+    if (passport.intent)
+        lines.push(`- **Intent:** ${escapeMarkdownText(passport.intent)}`);
+    if (passport.artifacts.contractPath) {
+        lines.push(`- **Contract:** ${markdownInlineCode(passport.artifacts.contractPath)}`);
+    }
+    if (passport.artifacts.passportPath) {
+        lines.push(`- **Passport:** ${markdownInlineCode(passport.artifacts.passportPath)}`);
+    }
+    if (passport.baseframe) {
+        lines.push(`- **Baseframe assessment:** ${markdownInlineCode(passport.baseframe.assessmentPath)}`);
+    }
+    lines.push('');
+    lines.push('## Boundary');
+    lines.push('');
+    renderCommandOrFileList(lines, 'Allowed files', passport.boundary.allowedFiles);
+    renderCommandOrFileList(lines, 'Forbidden files', passport.boundary.forbiddenFiles);
+    renderCommandOrFileList(lines, 'Likely tests', passport.boundary.likelyTests);
+    renderCommandOrFileList(lines, 'Proof commands', passport.boundary.proofCommands);
+    lines.push('');
+    lines.push('## Receipt');
+    lines.push('');
+    lines.push(`- **Scope:** ${passport.receipt.scopeStatus}`);
+    lines.push(`- **Proof:** ${passport.receipt.proofStatus}`);
+    lines.push(`- **Proof sufficiency:** ${passport.receipt.proofSufficiencyStatus ?? 'unknown'}`);
+    lines.push(`- **Proof replay:** ${passport.receipt.proofReplayStatus ?? 'unknown'}`);
+    renderCommandOrFileList(lines, 'Changed files', passport.receipt.changedFiles);
+    renderCommandOrFileList(lines, 'Forbidden touched', passport.receipt.forbiddenTouched);
+    renderCommandOrFileList(lines, 'Outside allowed', passport.receipt.outsideAllowed);
+    renderCommandOrFileList(lines, 'Changed after proof', passport.receipt.changedAfterProof);
+    lines.push('');
+    lines.push('## Next Commands');
+    lines.push('');
+    for (const command of passport.nextCommands)
+        lines.push(`- ${markdownInlineCode(command)}`);
+    return lines.join('\n');
+}
+function renderCommandOrFileList(lines, label, values) {
+    lines.push(`- **${label}:**`);
+    if (values.length === 0) {
+        lines.push('  - none');
+        return;
+    }
+    for (const value of values.slice(0, 12))
+        lines.push(`  - ${markdownInlineCode(value)}`);
+}
+function printList(values, empty) {
+    if (values.length === 0) {
+        console.log(`- ${empty}`);
+        return;
+    }
+    for (const value of values)
+        console.log(`- ${value}`);
+}
+function parsePositiveInt(value) {
+    const parsed = Number.parseInt(value, 10);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        throw new Error('value must be a positive integer');
+    }
+    return parsed;
+}
+//# sourceMappingURL=passport.js.map

package/dist/cli/commands/passport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport.js","sourceRoot":"","sources":["../../../src/cli/commands/passport.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,aAAa,GACd,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGtF,MAAM,UAAU,gBAAgB;IAC9B,OAAO;SACJ,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,iFAAiF,CAAC;SAC9F,MAAM,CAAC,iBAAiB,EAAE,gEAAgE,CAAC;SAC3F,MAAM,CAAC,mBAAmB,EAAE,mCAAmC,CAAC;SAChE,MAAM,CAAC,wBAAwB,EAAE,mEAAmE,CAAC;SACrG,MAAM,CAAC,iBAAiB,EAAE,mFAAmF,CAAC;SAC9G,MAAM,CAAC,qBAAqB,EAAE,iEAAiE,EAAE,gBAAgB,CAAC;SAClH,MAAM,CAAC,mBAAmB,EAAE,2DAA2D,CAAC;SACxF,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;SACjE,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,CAAC;SACpD,MAAM,CAAC,gBAAgB,EAAE,oDAAoD,CAAC;SAC9E,MAAM,CAAC,kBAAkB,EAAE,kDAAkD,CAAC;SAC9E,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,aAAa,EAAE,CAAC;QAChB,kBAAkB,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QAEjD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,iBAAiB,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,EAAE;gBACpD,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,OAAO,CAAC,QAAQ;gBAC9B,gBAAgB,EAAE,OAAO,CAAC,YAAY;gBACtC,UAAU,EAAE,OAAO,CAAC,MAAM;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,YAAY,EAAE,OAAO,CAAC,QAAQ;gBAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,UAAU,EAAE,OAAO,CAAC,MAAM;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;gBAC7C,YAAY,EAAE,MAAM,CAAC,YAAY;aAClC,CAAC,CAAC;YAEH,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBAC/C,OAAO;YACT,CAAC;YACD,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YACD,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,oBAAoB,CAAC,QAA6B;IACzD,MAAM,KAAK,GACT,QAAQ,CAAC,MAAM,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS;QAC5D,CAAC,CAAC,KAAK,CAAC,GAAG;QACX,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,aAAa;YACjC,CAAC,CAAC,KAAK,CAAC,MAAM;YACd,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;IACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,sBAAsB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,eAAe,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,aAAa,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACpC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;IACtF,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,gCAAgC,CAAC,CAAC;IAC5F,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,kBAAkB,QAAQ,CAAC,OAAO,CAAC,sBAAsB,IAAI,SAAS,EAAE,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,CAAC,oBAAoB,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,QAA6B;IAClE,MAAM,KAAK,GAAa;QACtB,kCAAkC;QAClC,EAAE;QACF,iBAAiB,QAAQ,CAAC,MAAM,EAAE;QAClC,kBAAkB,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;QACxD,0BAA0B,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE;QACpD,4BAA4B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE;KACzD,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACxF,IAAI,QAAQ,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,mBAAmB,kBAAkB,CAAC,QAAQ,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,QAAQ,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,mBAAmB,kBAAkB,CAAC,QAAQ,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,+BAA+B,kBAAkB,CAAC,QAAQ,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IACrG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,uBAAuB,CAAC,KAAK,EAAE,eAAe,EAAE,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChF,uBAAuB,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IACpF,uBAAuB,CAAC,KAAK,EAAE,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC9E,uBAAuB,CAAC,KAAK,EAAE,gBAAgB,EAAE,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IAClF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,gBAAgB,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3D,KAAK,CAAC,IAAI,CAAC,gBAAgB,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3D,KAAK,CAAC,IAAI,CAAC,4BAA4B,QAAQ,CAAC,OAAO,CAAC,sBAAsB,IAAI,SAAS,EAAE,CAAC,CAAC;IAC/F,KAAK,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,OAAO,CAAC,iBAAiB,IAAI,SAAS,EAAE,CAAC,CAAC;IACrF,uBAAuB,CAAC,KAAK,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC/E,uBAAuB,CAAC,KAAK,EAAE,mBAAmB,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACvF,uBAAuB,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACnF,uBAAuB,CAAC,KAAK,EAAE,qBAAqB,EAAE,QAAQ,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,YAAY;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5F,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAe,EAAE,KAAa,EAAE,MAAgB;IAC/E,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;IAC9B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,OAAO;IACT,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AAC1F,CAAC;AAED,SAAS,SAAS,CAAC,MAAgB,EAAE,KAAa;IAChD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,MAAM;QAAE,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/cli/registerCommands.js

@@ -51,6 +51,8 @@ import { registerQualityScorecard } from './commands/qualityScorecard.js';
 import { registerAssess } from './commands/assess.js';
 import { registerSimulate } from './commands/simulate.js';
 import { registerProve } from './commands/prove.js';
+import { registerPassport } from './commands/passport.js';
+import { registerGuard } from './commands/guard.js';
 import { registerFirstRun, registerRecipes } from './commands/recipes.js';
 import { registerStart } from './commands/start.js';
 import { registerTrial } from './commands/trial.js';
@@ -113,6 +115,8 @@ export const CLI_COMMAND_REGISTRARS = [
     registerAssess,
     registerSimulate,
     registerProve,
+    registerPassport,
+    registerGuard,
     registerStart,
     registerTrial,
     registerTelemetry,

package/dist/cli/registerCommands.js.map

@@ -1 +1 @@
-{"version":3,"file":"registerCommands.js","sourceRoot":"","sources":["../../src/cli/registerCommands.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAIlE,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,eAAe;IACf,cAAc;IACd,UAAU;IACV,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,eAAe;IACf,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,kBAAkB;IAClB,oBAAoB;IACpB,cAAc;IACd,iBAAiB;IACjB,aAAa;IACb,iBAAiB;IACjB,aAAa;IACb,kBAAkB;IAClB,aAAa;IACb,kBAAkB;IAClB,gBAAgB;IAChB,aAAa;IACb,eAAe;IACf,cAAc;IACd,gBAAgB;IAChB,qBAAqB;IACrB,WAAW;IACX,eAAe;IACf,cAAc;IACd,iBAAiB;IACjB,gBAAgB;IAChB,YAAY;IACZ,mBAAmB;IACnB,aAAa;IACb,gBAAgB;IAChB,aAAa;IACb,cAAc;IACd,iBAAiB;IACjB,gBAAgB;IAChB,oBAAoB;IACpB,eAAe;IACf,oBAAoB;IACpB,eAAe;IACf,gBAAgB;IAChB,sBAAsB;IACtB,kBAAkB;IAClB,wBAAwB;IACxB,cAAc;IACd,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,aAAa;IACb,iBAAiB;IACjB,oBAAoB;IACpB,kBAAkB;IAClB,oBAAoB;IACpB,eAAe;IACf,gBAAgB;IAChB,YAAY;CACgB,CAAC;AAE/B,MAAM,UAAU,mBAAmB,CACjC,aAA0C,sBAAsB;IAEhE,KAAK,MAAM,eAAe,IAAI,UAAU,EAAE,CAAC;QACzC,eAAe,EAAE,CAAC;IACpB,CAAC;AACH,CAAC"}
+{"version":3,"file":"registerCommands.js","sourceRoot":"","sources":["../../src/cli/registerCommands.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAIlE,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,eAAe;IACf,cAAc;IACd,UAAU;IACV,YAAY;IACZ,WAAW;IACX,YAAY;IACZ,eAAe;IACf,iBAAiB;IACjB,oBAAoB;IACpB,gBAAgB;IAChB,gBAAgB;IAChB,cAAc;IACd,cAAc;IACd,kBAAkB;IAClB,oBAAoB;IACpB,cAAc;IACd,iBAAiB;IACjB,aAAa;IACb,iBAAiB;IACjB,aAAa;IACb,kBAAkB;IAClB,aAAa;IACb,kBAAkB;IAClB,gBAAgB;IAChB,aAAa;IACb,eAAe;IACf,cAAc;IACd,gBAAgB;IAChB,qBAAqB;IACrB,WAAW;IACX,eAAe;IACf,cAAc;IACd,iBAAiB;IACjB,gBAAgB;IAChB,YAAY;IACZ,mBAAmB;IACnB,aAAa;IACb,gBAAgB;IAChB,aAAa;IACb,cAAc;IACd,iBAAiB;IACjB,gBAAgB;IAChB,oBAAoB;IACpB,eAAe;IACf,oBAAoB;IACpB,eAAe;IACf,gBAAgB;IAChB,sBAAsB;IACtB,kBAAkB;IAClB,wBAAwB;IACxB,cAAc;IACd,gBAAgB;IAChB,aAAa;IACb,gBAAgB;IAChB,aAAa;IACb,aAAa;IACb,aAAa;IACb,iBAAiB;IACjB,oBAAoB;IACpB,kBAAkB;IAClB,oBAAoB;IACpB,eAAe;IACf,gBAAgB;IAChB,YAAY;CACgB,CAAC;AAE/B,MAAM,UAAU,mBAAmB,CACjC,aAA0C,sBAAsB;IAEhE,KAAK,MAAM,eAAe,IAAI,UAAU,EAAE,CAAC;QACzC,eAAe,EAAE,CAAC;IACpB,CAAC;AACH,CAAC"}

package/dist/core/guard.d.ts

@@ -0,0 +1,2 @@
+import type { ComputeGuardOptions, GuardReport } from '../types/guard.js';
+export declare function computeGuard(rootPath: string, options?: ComputeGuardOptions): Promise<GuardReport>;

package/dist/core/guard.js

@@ -0,0 +1,107 @@
+import { computeProve } from './prove.js';
+export async function computeGuard(rootPath, options = {}) {
+    const report = await computeProve(rootPath, {
+        changed: true,
+        contractPath: options.contractPath,
+        baseRef: options.baseRef,
+        ledgerPath: options.ledgerPath,
+    });
+    const receipt = report.receipt;
+    const status = guardStatus(receipt);
+    const reviewerAction = guardReviewerAction(status, receipt);
+    return {
+        schemaVersion: 1,
+        kind: 'agent-scope-guard',
+        status,
+        exitCode: exitCodeFor(status),
+        summary: guardSummary(status, receipt),
+        reviewerAction,
+        drift: {
+            status: receipt?.scope.status ?? 'missing-contract',
+            files: driftFiles(receipt),
+            forbiddenTouched: receipt?.scope.forbiddenTouched ?? [],
+            outsideAllowed: receipt?.scope.outsideAllowed ?? [],
+            changedAfterProof: receipt?.proofReplay?.changedAfterProof ?? [],
+        },
+        proof: {
+            status: receipt?.proofStatus.status ?? 'missing',
+            ...(receipt?.proofSufficiency?.status ? { sufficiencyStatus: receipt.proofSufficiency.status } : {}),
+            missingCommands: receipt?.proofStatus.missingCommands ?? [],
+            failedCommands: receipt?.proofStatus.failedCommands ?? [],
+            staleCommands: receipt?.proofStatus.staleCommands ?? [],
+        },
+        mutatedFiles: [],
+        ...(receipt ? { receipt } : {}),
+    };
+}
+function guardStatus(receipt) {
+    if (!receipt || receipt.scope.status === 'missing-contract')
+        return 'blocked';
+    if (receipt.scope.status === 'drifted' ||
+        receipt.scope.forbiddenTouched.length > 0 ||
+        receipt.scope.outsideAllowed.length > 0 ||
+        (receipt.proofReplay?.changedAfterProof.length ?? 0) > 0) {
+        return 'drift';
+    }
+    if (receipt.proofStatus.status === 'failed')
+        return 'blocked';
+    if (receipt.proofStatus.status === 'missing' ||
+        receipt.proofStatus.status === 'not-run' ||
+        receipt.proofStatus.status === 'partial' ||
+        receipt.proofStatus.status === 'stale' ||
+        receipt.proofSufficiency?.status === 'missing' ||
+        receipt.proofSufficiency?.status === 'weak' ||
+        receipt.proofSufficiency?.status === 'stale' ||
+        receipt.proofSufficiency?.status === 'failed') {
+        return 'attention';
+    }
+    return 'clear';
+}
+function guardReviewerAction(status, receipt) {
+    if (status === 'drift' || !receipt || receipt.scope.status === 'missing-contract') {
+        return 'stop-and-recontract';
+    }
+    if (status === 'blocked' || receipt.proofStatus.status === 'failed')
+        return 'rerun-proof';
+    if (status === 'attention') {
+        return receipt.proofStatus.status === 'stale' ? 'rerun-proof' : 'run-proof';
+    }
+    return 'continue';
+}
+function guardSummary(status, receipt) {
+    if (!receipt)
+        return 'blocked: no Proof Contract is available for guard evaluation.';
+    if (status === 'drift') {
+        const files = driftFiles(receipt);
+        return files.length > 0
+            ? `drift: ${files.join(', ')} changed outside the approved proof boundary.`
+            : 'drift: proof is stale because files changed after proof ran.';
+    }
+    if (status === 'blocked')
+        return 'blocked: proof failed or the Proof Contract is missing.';
+    if (status === 'attention')
+        return `attention: proof is ${receipt.proofStatus.status}.`;
+    return 'clear: scope and proof satisfy the current Proof Contract.';
+}
+function driftFiles(receipt) {
+    if (!receipt)
+        return [];
+    return unique([
+        ...receipt.scope.forbiddenTouched,
+        ...receipt.scope.outsideAllowed,
+        ...(receipt.proofReplay?.changedAfterProof ?? []),
+    ]);
+}
+function exitCodeFor(status) {
+    if (status === 'clear')
+        return 0;
+    if (status === 'attention')
+        return 1;
+    if (status === 'drift')
+        return 2;
+    return 3;
+}
+function unique(values) {
+    return [...new Set(values.filter(Boolean))];
+}
+//# sourceMappingURL=guard.js.map

package/dist/core/guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.js","sourceRoot":"","sources":["../../src/core/guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI1C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,UAA+B,EAAE;IAEjC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE;QAC1C,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,cAAc,GAAG,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5D,OAAO;QACL,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,mBAAmB;QACzB,MAAM;QACN,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC;QAC7B,OAAO,EAAE,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC;QACtC,cAAc;QACd,KAAK,EAAE;YACL,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,MAAM,IAAI,kBAAkB;YACnD,KAAK,EAAE,UAAU,CAAC,OAAO,CAAC;YAC1B,gBAAgB,EAAE,OAAO,EAAE,KAAK,CAAC,gBAAgB,IAAI,EAAE;YACvD,cAAc,EAAE,OAAO,EAAE,KAAK,CAAC,cAAc,IAAI,EAAE;YACnD,iBAAiB,EAAE,OAAO,EAAE,WAAW,EAAE,iBAAiB,IAAI,EAAE;SACjE;QACD,KAAK,EAAE;YACL,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,IAAI,SAAS;YAChD,GAAG,CAAC,OAAO,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACpG,eAAe,EAAE,OAAO,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAC3D,cAAc,EAAE,OAAO,EAAE,WAAW,CAAC,cAAc,IAAI,EAAE;YACzD,aAAa,EAAE,OAAO,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;SACxD;QACD,YAAY,EAAE,EAAE;QAChB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,OAAiC;IACpD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,kBAAkB;QAAE,OAAO,SAAS,CAAC;IAC9E,IACE,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS;QAClC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC;QACvC,CAAC,OAAO,CAAC,WAAW,EAAE,iBAAiB,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,EACxD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC9D,IACE,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,SAAS;QACxC,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,SAAS;QACxC,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,SAAS;QACxC,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO;QACtC,OAAO,CAAC,gBAAgB,EAAE,MAAM,KAAK,SAAS;QAC9C,OAAO,CAAC,gBAAgB,EAAE,MAAM,KAAK,MAAM;QAC3C,OAAO,CAAC,gBAAgB,EAAE,MAAM,KAAK,OAAO;QAC5C,OAAO,CAAC,gBAAgB,EAAE,MAAM,KAAK,QAAQ,EAC7C,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAmB,EAAE,OAAiC;IACjF,IAAI,MAAM,KAAK,OAAO,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;QAClF,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IACD,IAAI,MAAM,KAAK,SAAS,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,aAAa,CAAC;IAC1F,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC;IAC9E,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,YAAY,CAAC,MAAmB,EAAE,OAAiC;IAC1E,IAAI,CAAC,OAAO;QAAE,OAAO,+DAA+D,CAAC;IACrF,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAClC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC;YACrB,CAAC,CAAC,UAAU,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,+CAA+C;YAC3E,CAAC,CAAC,8DAA8D,CAAC;IACrE,CAAC;IACD,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,yDAAyD,CAAC;IAC3F,IAAI,MAAM,KAAK,WAAW;QAAE,OAAO,uBAAuB,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;IACxF,OAAO,4DAA4D,CAAC;AACtE,CAAC;AAED,SAAS,UAAU,CAAC,OAAiC;IACnD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IACxB,OAAO,MAAM,CAAC;QACZ,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB;QACjC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc;QAC/B,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,iBAAiB,IAAI,EAAE,CAAC;KAClD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,MAAmB;IACtC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,CAAC,CAAC;IACjC,IAAI,MAAM,KAAK,WAAW;QAAE,OAAO,CAAC,CAAC;IACrC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,CAAC,CAAC;IACjC,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,MAAM,CAAC,MAAgB;IAC9B,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC"}

package/dist/core/passport.d.ts

@@ -0,0 +1,2 @@
+import type { AgentChangePassport, ComputePassportOptions } from '../types/passport.js';
+export declare function computePassport(rootPath: string, options?: ComputePassportOptions): Promise<AgentChangePassport>;