soloforge 1.1.45 → 1.1.46

package/dist/verify/audit/runtime_safety.js

@@ -1,209 +0,0 @@
-/**
- * Runtime Safety — 审计层模块。
- *
- * 职责边界：
- * - 负责：EvidenceBlock 等 审计层职责
- * - 不负责：不属于本模块的职责由对应模块承担
- *
- * 被谁调用：发布门禁、质量检查
- * 调用谁：node:crypto、logger
- *
- * 数据流：审计输入（代码/配置） → 检查 → 评分/报告
- * 持久化：无持久化（纯计算/内存态）
- */
-import crypto from "node:crypto";
-import { debug } from "../../shared/logger.js";
-/**
- * 构建证据链 — 每个步骤产出带 hash 的证据块，与前一个块链式连接。
- */
-export function buildEvidenceChain(steps) {
-    const chain = [];
-    let prevHash = null;
-    for (const s of steps) {
-        const timestamp = s.timestamp ?? new Date().toISOString();
-        const dataHash = crypto
-            .createHash("sha256")
-            .update(s.payload)
-            .digest("hex")
-            .slice(0, 16);
-        const chainInput = `${s.step}:${timestamp}:${dataHash}:${prevHash ?? "genesis"}`;
-        const chainHash = crypto
-            .createHash("sha256")
-            .update(chainInput)
-            .digest("hex")
-            .slice(0, 16);
-        const block = {
-            step: s.step,
-            timestamp,
-            data_hash: dataHash,
-            prev_hash: prevHash,
-            chain_hash: chainHash,
-            payload: s.payload,
-        };
-        chain.push(block);
-        prevHash = chainHash;
-    }
-    return chain;
-}
-/**
- * 验证证据链完整性 — 检查每个块的 chain_hash 是否与重算结果一致。
- */
-export function verifyEvidenceChain(chain) {
-    if (chain.length > 0)
-        debug("运行安全", "验证证据链，块数:", chain.length);
-    if (chain.length === 0) {
-        return { valid: true, broken_at: null, advisory: "证据链为空，无需校验" };
-    }
-    for (let i = 0; i < chain.length; i++) {
-        const block = chain[i];
-        const expectedPrev = i === 0 ? null : chain[i - 1].chain_hash;
-        if (block.prev_hash !== expectedPrev) {
-            return {
-                valid: false,
-                broken_at: i,
-                advisory: `证据链在第 ${i} 步断裂: prev_hash 不匹配，请检查步骤顺序是否被篡改`,
-            };
-        }
-        // 从 payload 重算 data_hash 以检测篡改
-        const expectedDataHash = crypto
-            .createHash("sha256")
-            .update(block.payload)
-            .digest("hex")
-            .slice(0, 16);
-        if (block.data_hash !== expectedDataHash) {
-            return {
-                valid: false,
-                broken_at: i,
-                advisory: `证据链在第 ${i} 步断裂: data_hash 不匹配（payload 被篡改），请恢复原始执行记录`,
-            };
-        }
-        const chainInput = `${block.step}:${block.timestamp}:${block.data_hash}:${block.prev_hash ?? "genesis"}`;
-        const expectedHash = crypto
-            .createHash("sha256")
-            .update(chainInput)
-            .digest("hex")
-            .slice(0, 16);
-        if (block.chain_hash !== expectedHash) {
-            return {
-                valid: false,
-                broken_at: i,
-                advisory: `证据链在第 ${i} 步断裂: chain_hash 不匹配，请重新执行并生成完整证据链`,
-            };
-        }
-    }
-    return {
-        valid: true,
-        broken_at: null,
-        advisory: `证据链完整: ${chain.length} 个步骤已验证通过`,
-    };
-}
-const DESTRUCTIVE_PATTERNS = [
-    { pattern: /\brm\s+(-[rf]+\s+|--no-preserve-root)/, example: "rm -rf" },
-    { pattern: /\bgit\s+(push\s+--force|reset\s+--hard|clean\s+-fd)/, example: "git push --force" },
-    { pattern: /\bdd\s+if=/, example: "dd" },
-    { pattern: /\b(format|mkfs)\b/, example: "format" },
-    { pattern: /\bdrop\s+(table|database|schema)\b/i, example: "DROP TABLE" },
-    { pattern: /\bTRUNCATE\b/i, example: "TRUNCATE" },
-    { pattern: /\bDELETE\s+FROM\b/i, example: "DELETE FROM" },
-    { pattern: /\b(npm\s+publish|yarn\s+publish|pnpm\s+publish)\b/, example: "npm publish" },
-];
-const MUTATING_PATTERNS = [
-    { pattern: /\bgit\s+(add|commit|push|merge|rebase|checkout)\b/, example: "git commit" },
-    { pattern: /\b(npm\s+install|yarn\s+add|pnpm\s+add)\b/, example: "npm install" },
-    { pattern: /\bmv\s+/, example: "mv" },
-    { pattern: /\bcp\s+/, example: "cp" },
-    { pattern: /\bmkdir\s+/, example: "mkdir" },
-    { pattern: /\bdocker\s+(run|build|push|rmi|rm)\b/, example: "docker run" },
-    { pattern: /\b(INSERT|UPDATE|ALTER|CREATE)\b/i, example: "INSERT" },
-];
-/**
- * 分类命令的副作用级别。
- */
-export function classifyCommand(command) {
-    for (const dp of DESTRUCTIVE_PATTERNS) {
-        if (dp.pattern.test(command)) {
-            debug("运行安全", "检测到破坏性命令:", command);
-            return {
-                command,
-                risk: "destructive",
-                advisory: `检测到破坏性命令: ${dp.example} — 需要人工确认后方可执行`,
-                requires_human_confirm: true,
-            };
-        }
-    }
-    for (const mp of MUTATING_PATTERNS) {
-        if (mp.pattern.test(command)) {
-            return {
-                command,
-                risk: "mutating",
-                advisory: `变更类命令: ${mp.example}`,
-                requires_human_confirm: false,
-            };
-        }
-    }
-    return {
-        command,
-        risk: "read_only",
-        advisory: "只读命令",
-        requires_human_confirm: false,
-    };
-}
-/**
- * 检查迁移契约 — 确保 schema 变更有回滚路径。
- */
-export function checkMigrationContract(migration) {
-    const forwardClassified = classifyCommand(migration.forward_command);
-    const rollbackClassified = classifyCommand(migration.rollback_command);
-    if (!migration.rollback_command || migration.rollback_command.trim().length === 0) {
-        return {
-            migration_id: migration.migration_id,
-            has_rollback: false,
-            rollback_valid: false,
-            advisory: `迁移 "${migration.migration_id}" 缺少回滚命令 — 如果迁移失败需要手动恢复，建议补充 rollback_command`,
-        };
-    }
-    // 回滚命令应是正向操作的反向操作
-    const rollbackValid = migration.rollback_command.length > 0;
-    return {
-        migration_id: migration.migration_id,
-        has_rollback: true,
-        rollback_valid: rollbackValid,
-        advisory: `迁移 "${migration.migration_id}": 正向风险=${forwardClassified.risk}, 回滚风险=${rollbackClassified.risk}`,
-    };
-}
-const LOCKFILE_NAMES = [
-    "package-lock.json",
-    "pnpm-lock.yaml",
-    "yarn.lock",
-    "go.sum",
-    "Cargo.lock",
-];
-/**
- * 检查供应链安全 — 验证依赖有 lockfile 和完整性 hash。
- * 此为轻量级检查，不读取实际文件内容。
- */
-export function checkSupplyChain(rootDirFiles, dependencies) {
-    const hasLockfile = LOCKFILE_NAMES.some((lf) => rootDirFiles.includes(lf));
-    debug("运行安全", "检查供应链安全，依赖数:", dependencies.length, "lockfile:", hasLockfile);
-    const checks = dependencies.map((dep) => ({
-        package_name: dep.name,
-        version: dep.version,
-        has_lockfile: hasLockfile,
-        has_integrity_hash: hasLockfile, // lockfile 意味着存在完整性哈希
-        advisory: hasLockfile
-            ? "已通过 lockfile 锁定，含完整性哈希"
-            : `${dep.name}@${dep.version} 未锁定 — 存在供应链风险，建议添加 lockfile`,
-    }));
-    const locked = checks.filter((c) => c.has_lockfile).length;
-    const unlocked = checks.length - locked;
-    return {
-        total_dependencies: dependencies.length,
-        locked_dependencies: locked,
-        unlocked_dependencies: unlocked,
-        checks,
-        advisory: unlocked > 0
-            ? `${unlocked}/${dependencies.length} 个依赖未锁定 — 建议添加 lockfile 以保障供应链安全`
-            : `全部 ${dependencies.length} 个依赖已锁定`,
-    };
-}
-//# sourceMappingURL=runtime_safety.js.map

package/dist/verify/audit/runtime_safety.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"runtime_safety.js","sourceRoot":"","sources":["../../../src/verify/audit/runtime_safety.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAC;AAa/C;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAmE;IAEnE,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,IAAI,QAAQ,GAAkB,IAAI,CAAC;IAEnC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,SAAS,GAAG,CAAC,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM;aACpB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;aACjB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEhB,MAAM,UAAU,GAAW,GAAG,CAAC,CAAC,IAAI,IAAI,SAAS,IAAI,QAAQ,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;QACzF,MAAM,SAAS,GAAW,MAAM;aAC7B,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,UAAU,CAAC;aAClB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEhB,MAAM,KAAK,GAAkB;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,SAAS;YACT,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC;QAEF,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClB,QAAQ,GAAG,SAAS,CAAC;IACvB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAsB;IAKxD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IAClE,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,YAAY,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC;QAC9D,IAAI,KAAK,CAAC,SAAS,KAAK,YAAY,EAAE,CAAC;YACrC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,CAAC;gBACZ,QAAQ,EAAE,SAAS,CAAC,kCAAkC;aACvD,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,MAAM,gBAAgB,GAAG,MAAM;aAC5B,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;aACrB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChB,IAAI,KAAK,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;YACzC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,CAAC;gBACZ,QAAQ,EAAE,SAAS,CAAC,4CAA4C;aACjE,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,IAAI,SAAS,EAAE,CAAC;QACzG,MAAM,YAAY,GAAG,MAAM;aACxB,UAAU,CAAC,QAAQ,CAAC;aACpB,MAAM,CAAC,UAAU,CAAC;aAClB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEhB,IAAI,KAAK,CAAC,UAAU,KAAK,YAAY,EAAE,CAAC;YACtC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,CAAC;gBACZ,QAAQ,EAAE,SAAS,CAAC,oCAAoC;aACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,IAAI;QACf,QAAQ,EAAE,UAAU,KAAK,CAAC,MAAM,WAAW;KAC5C,CAAC;AACJ,CAAC;AAaD,MAAM,oBAAoB,GAAgD;IACxE,EAAE,OAAO,EAAE,uCAAuC,EAAE,OAAO,EAAE,QAAQ,EAAE;IACvE,EAAE,OAAO,EAAE,qDAAqD,EAAE,OAAO,EAAE,kBAAkB,EAAE;IAC/F,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE;IACxC,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,QAAQ,EAAE;IACnD,EAAE,OAAO,EAAE,qCAAqC,EAAE,OAAO,EAAE,YAAY,EAAE;IACzE,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,UAAU,EAAE;IACjD,EAAE,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,aAAa,EAAE;IACzD,EAAE,OAAO,EAAE,mDAAmD,EAAE,OAAO,EAAE,aAAa,EAAE;CACzF,CAAC;AAEF,MAAM,iBAAiB,GAAgD;IACrE,EAAE,OAAO,EAAE,mDAAmD,EAAE,OAAO,EAAE,YAAY,EAAE;IACvF,EAAE,OAAO,EAAE,2CAA2C,EAAE,OAAO,EAAE,aAAa,EAAE;IAChF,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;IACrC,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;IACrC,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE;IAC3C,EAAE,OAAO,EAAE,sCAAsC,EAAE,OAAO,EAAE,YAAY,EAAE;IAC1E,EAAE,OAAO,EAAE,mCAAmC,EAAE,OAAO,EAAE,QAAQ,EAAE;CACpE,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,EAAE,IAAI,oBAAoB,EAAE,CAAC;QACtC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;YACpC,OAAO;gBACL,OAAO;gBACP,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,aAAa,EAAE,CAAC,OAAO,gBAAgB;gBACjD,sBAAsB,EAAE,IAAI;aAC7B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;QACnC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,OAAO;gBACP,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE;gBAChC,sBAAsB,EAAE,KAAK;aAC9B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO;QACP,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,sBAAsB,EAAE,KAAK;KAC9B,CAAC;AACJ,CAAC;AAoBD;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAA4B;IAE5B,MAAM,iBAAiB,GAAG,eAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IACrE,MAAM,kBAAkB,GAAG,eAAe,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAEvE,IAAI,CAAC,SAAS,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,YAAY,EAAE,SAAS,CAAC,YAAY;YACpC,YAAY,EAAE,KAAK;YACnB,cAAc,EAAE,KAAK;YACrB,QAAQ,EAAE,OAAO,SAAS,CAAC,YAAY,+CAA+C;SACvF,CAAC;IACJ,CAAC;IAED,kBAAkB;IAClB,MAAM,aAAa,GAAG,SAAS,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC;IAE5D,OAAO;QACL,YAAY,EAAE,SAAS,CAAC,YAAY;QACpC,YAAY,EAAE,IAAI;QAClB,cAAc,EAAE,aAAa;QAC7B,QAAQ,EAAE,OAAO,SAAS,CAAC,YAAY,WAAW,iBAAiB,CAAC,IAAI,UAAU,kBAAkB,CAAC,IAAI,EAAE;KAC5G,CAAC;AACJ,CAAC;AAoBD,MAAM,cAAc,GAAG;IACrB,mBAAmB;IACnB,gBAAgB;IAChB,WAAW;IACX,QAAQ;IACR,YAAY;CACb,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,YAAsB,EACtB,YAAsD;IAEtD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3E,KAAK,CAAC,MAAM,EAAE,cAAc,EAAE,YAAY,CAAC,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAsB,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3D,YAAY,EAAE,GAAG,CAAC,IAAI;QACtB,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,YAAY,EAAE,WAAW;QACzB,kBAAkB,EAAE,WAAW,EAAE,sBAAsB;QACvD,QAAQ,EAAE,WAAW;YACnB,CAAC,CAAC,wBAAwB;YAC1B,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,8BAA8B;KAC7D,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;IAExC,OAAO;QACL,kBAAkB,EAAE,YAAY,CAAC,MAAM;QACvC,mBAAmB,EAAE,MAAM;QAC3B,qBAAqB,EAAE,QAAQ;QAC/B,MAAM;QACN,QAAQ,EACN,QAAQ,GAAG,CAAC;YACV,CAAC,CAAC,GAAG,QAAQ,IAAI,YAAY,CAAC,MAAM,kCAAkC;YACtE,CAAC,CAAC,MAAM,YAAY,CAAC,MAAM,SAAS;KACzC,CAAC;AACJ,CAAC"}

package/dist/verify/audit/semantic_evidence.d.ts

@@ -1,36 +0,0 @@
-/**
- * Semantic Evidence — 审计层模块。
- *
- * 职责边界：
- * - 负责：computeSemanticEvidence 等 审计层职责
- * - 不负责：不属于本模块的职责由对应模块承担
- *
- * 被谁调用：发布门禁、质量检查
- * 调用谁：logger、task、pipeline、delivery
- *
- * 数据流：审计输入（代码/配置） → 检查 → 评分/报告
- * 持久化：无持久化（纯计算/内存态）
- */
-import type { TaskContext } from "../../types/pipeline_types.js";
-import type { RequirementPoint, SemanticEvidence } from "../../types/pipeline_types.js";
-import type { DeliveryEvidenceChain } from "../../gate/types.js";
-/**
- * 从任务上下文计算语义证据。
- * 基于变更文件和需求点，推断变更行为和需求覆盖状态。
- * @param changedFiles - 变更文件路径列表
- * @param requirementPoints - 需求点列表
- * @param acceptanceResults - 可选的验收测试结果列表
- * @returns 语义证据对象
- */
-export declare function computeSemanticEvidence(changedFiles: string[], requirementPoints: RequirementPoint[], acceptanceResults?: Array<{
-    id: string;
-    passed: boolean;
-}>): SemanticEvidence;
-/**
- * 从任务上下文构建完整交付证据链。
- * 聚合 expand 的需求点、verify 的语义证据、execution 的变更文件。
- * @param taskContext - 任务上下文
- * @returns 完整交付证据链，无需求点且无变更文件时返回 null
- */
-export declare function buildDeliveryEvidenceChain(taskContext: TaskContext): DeliveryEvidenceChain | null;
-//# sourceMappingURL=semantic_evidence.d.ts.map

package/dist/verify/audit/semantic_evidence.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"semantic_evidence.d.ts","sourceRoot":"","sources":["../../../src/verify/audit/semantic_evidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACxF,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAEjE;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,MAAM,EAAE,EACtB,iBAAiB,EAAE,gBAAgB,EAAE,EACrC,iBAAiB,CAAC,EAAE,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,CAAC,GACzD,gBAAgB,CA4ClB;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,WAAW,GACvB,qBAAqB,GAAG,IAAI,CAmC9B"}

package/dist/verify/audit/semantic_evidence.js

@@ -1,90 +0,0 @@
-/**
- * Semantic Evidence — 审计层模块。
- *
- * 职责边界：
- * - 负责：computeSemanticEvidence 等 审计层职责
- * - 不负责：不属于本模块的职责由对应模块承担
- *
- * 被谁调用：发布门禁、质量检查
- * 调用谁：logger、task、pipeline、delivery
- *
- * 数据流：审计输入（代码/配置） → 检查 → 评分/报告
- * 持久化：无持久化（纯计算/内存态）
- */
-import { debug } from "../../shared/logger.js";
-/**
- * 从任务上下文计算语义证据。
- * 基于变更文件和需求点，推断变更行为和需求覆盖状态。
- * @param changedFiles - 变更文件路径列表
- * @param requirementPoints - 需求点列表
- * @param acceptanceResults - 可选的验收测试结果列表
- * @returns 语义证据对象
- */
-export function computeSemanticEvidence(changedFiles, requirementPoints, acceptanceResults) {
-    debug("SemanticEvidence", "计算语义证据", "文件数:", changedFiles.length, "需求点:", requirementPoints.length);
-    const changedBehaviors = changedFiles.map((f) => {
-        const matchedReq = requirementPoints.find((rp) => rp.acceptance_test_ids?.some((tid) => f.toLowerCase().includes(tid.toLowerCase().replace(/[^a-z0-9]/g, ""))));
-        return {
-            file_path: f,
-            description: `modified: ${f}`,
-            requirement_point_id: matchedReq?.id,
-        };
-    });
-    const requirementCoverage = requirementPoints.map((rp) => {
-        const hasMatchingFile = changedBehaviors.some((cb) => cb.requirement_point_id === rp.id);
-        const acceptancePassed = acceptanceResults?.filter((ar) => rp.acceptance_test_ids?.includes(ar.id));
-        const allAcceptancePassed = acceptancePassed
-            ? acceptancePassed.length > 0 && acceptancePassed.every((a) => a.passed)
-            : false;
-        const covered = hasMatchingFile || allAcceptancePassed;
-        return {
-            requirement_point_id: rp.id,
-            covered,
-            evidence: covered
-                ? hasMatchingFile
-                    ? "file change matched"
-                    : "acceptance tests passed"
-                : "no matching evidence",
-        };
-    });
-    return {
-        changed_behaviors: changedBehaviors,
-        unchanged_assertions: [],
-        requirement_coverage: requirementCoverage,
-    };
-}
-/**
- * 从任务上下文构建完整交付证据链。
- * 聚合 expand 的需求点、verify 的语义证据、execution 的变更文件。
- * @param taskContext - 任务上下文
- * @returns 完整交付证据链，无需求点且无变更文件时返回 null
- */
-export function buildDeliveryEvidenceChain(taskContext) {
-    debug("SemanticEvidence", "构建交付证据链");
-    const requirementPoints = taskContext.expansion?.requirement_points ?? [];
-    const changedFiles = taskContext.execution?.changed_files ?? [];
-    if (requirementPoints.length === 0 && changedFiles.length === 0) {
-        debug("SemanticEvidence", "无需求点且无变更文件，无法构建证据链");
-        return null;
-    }
-    // ctx.verification 已删（死字段，从不写入）— semantic 覆盖数据不可得：
-    // 文件↔需求映射留空、需求点全标未覆盖（反映真实：无验证语义证据）。
-    const fileToRequirements = changedFiles.map((f) => ({
-        file_path: f,
-        requirement_point_ids: [],
-    }));
-    const uncoveredPoints = requirementPoints.map((rp) => rp.id);
-    return {
-        requirement_points: requirementPoints,
-        semantic_evidence: undefined,
-        file_to_requirements: fileToRequirements,
-        completeness: {
-            all_requirements_covered: uncoveredPoints.length === 0,
-            uncovered_points: uncoveredPoints,
-            advisory: uncoveredPoints.length > 0
-                ? `advisory: ${uncoveredPoints.length} requirement point(s) not covered by evidence: ${uncoveredPoints.join(", ")}`
-                : "all requirement points covered",
-        },
-    };
-}
-//# sourceMappingURL=semantic_evidence.js.map

package/dist/verify/audit/semantic_evidence.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"semantic_evidence.js","sourceRoot":"","sources":["../../../src/verify/audit/semantic_evidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAC;AAK/C;;;;;;;GAOG;AACH,MAAM,UAAU,uBAAuB,CACrC,YAAsB,EACtB,iBAAqC,EACrC,iBAA0D;IAE1D,KAAK,CAAC,kBAAkB,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAEnG,MAAM,gBAAgB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC9C,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC/C,EAAE,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACnC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CACtE,CACF,CAAC;QACF,OAAO;YACL,SAAS,EAAE,CAAC;YACZ,WAAW,EAAE,aAAa,CAAC,EAAE;YAC7B,oBAAoB,EAAE,UAAU,EAAE,EAAE;SACrC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QACvD,MAAM,eAAe,GAAG,gBAAgB,CAAC,IAAI,CAC3C,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,oBAAoB,KAAK,EAAE,CAAC,EAAE,CAC1C,CAAC;QACF,MAAM,gBAAgB,GAAG,iBAAiB,EAAE,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CACxD,EAAE,CAAC,mBAAmB,EAAE,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,CACxC,CAAC;QACF,MAAM,mBAAmB,GAAG,gBAAgB;YAC1C,CAAC,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;YACxE,CAAC,CAAC,KAAK,CAAC;QAEV,MAAM,OAAO,GAAG,eAAe,IAAI,mBAAmB,CAAC;QACvD,OAAO;YACL,oBAAoB,EAAE,EAAE,CAAC,EAAE;YAC3B,OAAO;YACP,QAAQ,EAAE,OAAO;gBACf,CAAC,CAAC,eAAe;oBACf,CAAC,CAAC,qBAAqB;oBACvB,CAAC,CAAC,yBAAyB;gBAC7B,CAAC,CAAC,sBAAsB;SAC3B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,iBAAiB,EAAE,gBAAgB;QACnC,oBAAoB,EAAE,EAAE;QACxB,oBAAoB,EAAE,mBAAmB;KAC1C,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CACxC,WAAwB;IAExB,KAAK,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;IAErC,MAAM,iBAAiB,GACrB,WAAW,CAAC,SAAS,EAAE,kBAAkB,IAAI,EAAE,CAAC;IAClD,MAAM,YAAY,GAChB,WAAW,CAAC,SAAS,EAAE,aAAa,IAAI,EAAE,CAAC;IAE7C,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,KAAK,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mDAAmD;IACnD,oCAAoC;IACpC,MAAM,kBAAkB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAClD,SAAS,EAAE,CAAC;QACZ,qBAAqB,EAAE,EAAc;KACtC,CAAC,CAAC,CAAC;IAEJ,MAAM,eAAe,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAE7D,OAAO;QACL,kBAAkB,EAAE,iBAAiB;QACrC,iBAAiB,EAAE,SAAS;QAC5B,oBAAoB,EAAE,kBAAkB;QACxC,YAAY,EAAE;YACZ,wBAAwB,EAAE,eAAe,CAAC,MAAM,KAAK,CAAC;YACtD,gBAAgB,EAAE,eAAe;YACjC,QAAQ,EACN,eAAe,CAAC,MAAM,GAAG,CAAC;gBACxB,CAAC,CAAC,aAAa,eAAe,CAAC,MAAM,kDAAkD,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACnH,CAAC,CAAC,gCAAgC;SACvC;KACF,CAAC;AACJ,CAAC"}

package/dist/verify/audit/test_generator.d.ts

@@ -1,23 +0,0 @@
-/**
- * Test Generator — 审计层模块。
- *
- * 职责边界：
- * - 负责：generateTestGuide 等 审计层职责
- * - 不负责：不属于本模块的职责由对应模块承担
- *
- * 被谁调用：发布门禁、质量检查
- * 调用谁：node:path、index、logger
- *
- * 数据流：审计输入（代码/配置） → 检查 → 评分/报告
- * 持久化：无持久化（纯计算/内存态）
- */
-import type { TestGenGuide, ProjectConfig } from "../../types/index.js";
-/**
- * 为变更文件生成测试引导 — 根据文件类型匹配测试策略，叠加知识驱动场景。
- * @param changedFiles - 变更文件路径列表
- * @param knowledgePatterns - 从知识库提取的关键词模式列表
- * @param _config - 项目配置（预留，当前未使用）
- * @returns 测试引导数组，每项包含测试类型、测试文件建议路径、场景列表和 Mock 要点
- */
-export declare function generateTestGuide(changedFiles: string[], knowledgePatterns: string[], _config: ProjectConfig): TestGenGuide[];
-//# sourceMappingURL=test_generator.d.ts.map

package/dist/verify/audit/test_generator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"test_generator.d.ts","sourceRoot":"","sources":["../../../src/verify/audit/test_generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAgB,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAqMtF;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,MAAM,EAAE,EACtB,iBAAiB,EAAE,MAAM,EAAE,EAC3B,OAAO,EAAE,aAAa,GACrB,YAAY,EAAE,CAqChB"}

package/dist/verify/audit/test_generator.js

@@ -1,278 +0,0 @@
-/**
- * Test Generator — 审计层模块。
- *
- * 职责边界：
- * - 负责：generateTestGuide 等 审计层职责
- * - 不负责：不属于本模块的职责由对应模块承担
- *
- * 被谁调用：发布门禁、质量检查
- * 调用谁：node:path、index、logger
- *
- * 数据流：审计输入（代码/配置） → 检查 → 评分/报告
- * 持久化：无持久化（纯计算/内存态）
- */
-import path from "node:path";
-import { debug } from "../../shared/logger.js";
-/** 文件类型 → 测试策略映射表: 根据文件名模式匹配测试类型、夹具方式和 Mock 策略 */
-const FILE_TEST_MAP = [
-    {
-        pattern: /Controller\.java$/,
-        test_type: "integration",
-        fixture: "@SpringBootTest + MockMvc",
-        mock: "@MockBean Service 层依赖",
-    },
-    {
-        pattern: /Service\.java$/,
-        test_type: "unit",
-        fixture: "@ExtendWith(MockitoExtension)",
-        mock: "@Mock Mapper/Repository 层依赖",
-    },
-    {
-        pattern: /Mapper\.java$|Repository\.java$/,
-        test_type: "integration",
-        fixture: "@MybatisTest / @DataJpaTest",
-        mock: "测试数据库或 H2 内存库",
-    },
-    {
-        pattern: /api\/|route/,
-        test_type: "e2e",
-        fixture: "supertest(app)",
-        mock: "数据库和外部服务模拟",
-    },
-    {
-        pattern: /\.tsx?$/,
-        test_type: "unit",
-        fixture: "render() + fireEvent()",
-        mock: "jest.mock() 模拟外部依赖",
-    },
-];
-// ────────────────────────────────────────────
-// 各测试类型的默认场景
-// ────────────────────────────────────────────
-/** 各测试类型的默认场景集 — 单元/集成/E2E 测试的 Given-When-Then 标准场景 */
-const DEFAULT_SCENARIOS = {
-    unit: [
-        {
-            name: "正常输入返回预期结果",
-            given: "输入合法的参数",
-            when: "调用被测函数/方法",
-            then: "返回值符合预期",
-            priority: "high",
-        },
-        {
-            name: "空值/null 输入正确处理",
-            given: "输入为 null / undefined / 空字符串",
-            when: "调用被测函数/方法",
-            then: "抛出异常或返回安全的默认值",
-            priority: "high",
-        },
-        {
-            name: "边界条件处理",
-            given: "输入处于边界值 (如 0, MAX_VALUE, 空数组)",
-            when: "调用被测函数/方法",
-            then: "返回值符合边界约定",
-            priority: "medium",
-        },
-    ],
-    integration: [
-        {
-            name: "完整请求链路返回正确状态码",
-            given: "发起一个完整的 HTTP 请求",
-            when: "请求经过 Controller → Service → Mapper/Repository",
-            then: "返回正确的状态码和响应体",
-            priority: "high",
-        },
-        {
-            name: "数据持久化后可正确查询",
-            given: "通过接口写入一条数据",
-            when: "查询相同条件",
-            then: "能正确检索到写入的数据",
-            priority: "high",
-        },
-        {
-            name: "异常输入返回适当错误码",
-            given: "发送格式错误或非法参数的请求",
-            when: "请求经过各层处理",
-            then: "返回 400/422 等适当的错误状态码和错误信息",
-            priority: "medium",
-        },
-    ],
-    e2e: [
-        {
-            name: "用户完整操作流程畅通",
-            given: "用户处于初始状态",
-            when: "执行完整的用户操作链路",
-            then: "最终状态符合预期",
-            priority: "high",
-        },
-        {
-            name: "错误状态正确展示",
-            given: "用户触发一个错误场景",
-            when: "页面渲染错误响应",
-            then: "错误信息正确展示且不影响其他功能",
-            priority: "medium",
-        },
-    ],
-};
-/** 知识关键词 → 额外测试场景映射表: 当文件路径或知识模式包含关键词时自动追加场景 */
-const KNOWLEDGE_SCENARIOS = [
-    {
-        keywords: ["并发", "concurrent", "thread", "lock", "mutex", "race"],
-        scenario: {
-            name: "并发场景下数据一致性",
-            given: "多个请求同时操作同一资源",
-            when: "并发执行",
-            then: "数据保持一致性，无脏写",
-            priority: "high",
-        },
-    },
-    {
-        keywords: ["权限", "permission", "auth", "rbac", "role"],
-        scenario: {
-            name: "权限校验正确拦截非法访问",
-            given: "用户无对应操作权限",
-            when: "尝试访问受限资源",
-            then: "返回 403 或抛出权限异常",
-            priority: "high",
-        },
-    },
-    {
-        keywords: ["缓存", "cache", "redis", "expire", "ttl"],
-        scenario: {
-            name: "缓存命中与未命中行为一致",
-            given: "同一请求首次和后续调用",
-            when: "缓存从空到有再到过期",
-            then: "业务结果一致",
-            priority: "medium",
-        },
-    },
-    {
-        keywords: ["分页", "pagination", "page", "limit", "offset"],
-        scenario: {
-            name: "分页参数边界验证",
-            given: "传入 page=0, page=-1, limit=0 等非法分页参数",
-            when: "执行分页查询",
-            then: "返回合理结果或参数校验错误",
-            priority: "medium",
-        },
-    },
-    {
-        keywords: ["文件上传", "upload", "multipart", "attachment"],
-        scenario: {
-            name: "文件大小和格式校验",
-            given: "上传超大文件或非法格式文件",
-            when: "执行上传操作",
-            then: "返回明确的校验错误信息",
-            priority: "high",
-        },
-    },
-    {
-        keywords: ["事务", "transaction", "rollback", "commit"],
-        scenario: {
-            name: "事务回滚后数据恢复原状",
-            given: "操作执行过程中发生异常",
-            when: "事务触发回滚",
-            then: "所有变更被正确撤销",
-            priority: "high",
-        },
-    },
-];
-/**
- * 为变更文件生成测试引导 — 根据文件类型匹配测试策略，叠加知识驱动场景。
- * @param changedFiles - 变更文件路径列表
- * @param knowledgePatterns - 从知识库提取的关键词模式列表
- * @param _config - 项目配置（预留，当前未使用）
- * @returns 测试引导数组，每项包含测试类型、测试文件建议路径、场景列表和 Mock 要点
- */
-export function generateTestGuide(changedFiles, knowledgePatterns, _config) {
-    debug("测试生成", "generateTestGuide() 开始, ${changedFiles.length} 个变更文件, ${knowledgePatterns.length} 个知识模式");
-    const guides = [];
-    for (const file of changedFiles) {
-        // 匹配 FILE_TEST_MAP
-        const mapping = matchFileTestMapping(file);
-        if (!mapping) {
-            debug("测试生成", "文件 ${file} 未匹配测试策略，跳过");
-            continue;
-        }
-        // 确定测试文件建议路径
-        const testFileSuggestion = suggestTestFilePath(file, mapping.test_type);
-        // 该测试类型的基础场景
-        const scenarios = structuredClone(DEFAULT_SCENARIOS[mapping.test_type]);
-        // 如果关键词匹配则追加知识驱动场景
-        const extraScenarios = matchKnowledgeScenarios(file, knowledgePatterns);
-        if (extraScenarios.length > 0) {
-            debug("测试生成", "文件 ${file} 追加 ${extraScenarios.length} 个知识驱动场景");
-        }
-        scenarios.push(...extraScenarios);
-        guides.push({
-            source_file: file,
-            test_type: mapping.test_type,
-            test_file_suggestion: testFileSuggestion,
-            scenarios,
-            fixtures_needed: [mapping.fixture],
-            mock_points: [mapping.mock],
-        });
-    }
-    debug("测试生成", "生成 ${guides.length} 个测试引导");
-    return guides;
-}
-// ────────────────────────────────────────────
-// 内部辅助函数
-// ────────────────────────────────────────────
-/** 根据文件路径匹配测试策略 — 遍历 FILE_TEST_MAP 返回首个命中的映射规则 */
-function matchFileTestMapping(filePath) {
-    for (const mapping of FILE_TEST_MAP) {
-        if (mapping.pattern.test(filePath)) {
-            return mapping;
-        }
-    }
-    return null;
-}
-/**
- * 推荐测试文件路径 — Java 文件遵循 src/main → src/test 和 *Test.java 命名约定，TS/JS 文件追加 .test 后缀。
- * @param sourceFile - 源文件路径
- * @param testType - 测试类型（用于未来扩展不同约定）
- * @returns 推荐的测试文件路径
- */
-function suggestTestFilePath(sourceFile, _testType) {
-    const ext = path.extname(sourceFile);
-    const base = sourceFile.slice(0, -ext.length);
-    if (ext === ".java") {
-        // Java 约定: ClassName → ClassNameTest，src/main/java → src/test/java
-        const dir = path.dirname(sourceFile);
-        const fileName = path.basename(sourceFile, ext);
-        const testDir = dir
-            .replace(/(^|\/)src\/main\/java(\/|$)/, "$1src/test/java$2")
-            .replace(/(^|\/)src\/main\/kotlin(\/|$)/, "$1src/test/kotlin$2");
-        return path.join(testDir, `${fileName}Test.java`);
-    }
-    // TypeScript / JavaScript: *.ts → *.test.ts，*.tsx → *.test.tsx（测试文件命名映射）
-    const testExt = `.test${ext}`;
-    return `${base}${testExt}`;
-}
-/**
- * 匹配知识驱动的额外测试场景 — 将文件路径和知识模式拼接后搜索关键词命中。
- * @param file - 源文件路径（用于关键词匹配）
- * @param knowledgePatterns - 知识库关键词列表
- * @returns 命中的额外测试场景数组（自动去重）
- */
-function matchKnowledgeScenarios(file, knowledgePatterns) {
-    const matched = [];
-    const seenNames = new Set();
-    // 将文件路径与所有知识关键词拼接为搜索文本，统一转小写进行匹配
-    const searchText = (file + " " + knowledgePatterns.join(" ")).toLowerCase();
-    for (const entry of KNOWLEDGE_SCENARIOS) {
-        if (seenNames.has(entry.scenario.name)) {
-            continue;
-        }
-        for (const keyword of entry.keywords) {
-            if (searchText.includes(keyword.toLowerCase())) {
-                matched.push(structuredClone(entry.scenario));
-                seenNames.add(entry.scenario.name);
-                break;
-            }
-        }
-    }
-    return matched;
-}
-//# sourceMappingURL=test_generator.js.map