vaspera 2.14.0 → 2.15.0

package/dist/__tests__/compliance/ai-frameworks.test.js

@@ -0,0 +1,87 @@
+import { describe, it, expect } from "vitest";
+import { ISO_42001_CONTROLS } from "../../compliance/iso42001.js";
+import { NIST_AI_RMF_CONTROLS } from "../../compliance/nist-ai-rmf.js";
+import { EU_AI_ACT_CONTROLS } from "../../compliance/frameworks/eu-ai-act.js";
+import { getControlsForFramework } from "../../compliance/mapper.js";
+import { buildComplianceDimension } from "../../certification/agent-certificate-map.js";
+function finding(partial) {
+    return {
+        id: "f",
+        description: "test finding",
+        evidence: "…",
+        confidence: 100,
+        verifications: [],
+        created_at: "2026-06-12T00:00:00.000Z",
+        ...partial,
+    };
+}
+describe("AI compliance frameworks", () => {
+    it("ISO 42001 control set is non-empty and well-formed", () => {
+        expect(ISO_42001_CONTROLS.length).toBeGreaterThan(8);
+        for (const c of ISO_42001_CONTROLS) {
+            expect(c.framework).toBe("ISO-42001");
+            expect(c.id).toMatch(/^A\./);
+            expect(Array.isArray(c.findingCategories)).toBe(true);
+        }
+    });
+    it("NIST AI RMF control set covers all four functions", () => {
+        const fns = new Set(NIST_AI_RMF_CONTROLS.map((c) => c.category));
+        expect(fns).toEqual(new Set(["GOVERN", "MAP", "MEASURE", "MANAGE"]));
+        for (const c of NIST_AI_RMF_CONTROLS) {
+            expect(c.framework).toBe("NIST-AI-RMF");
+        }
+    });
+    it("EU AI Act control set is non-empty and well-formed", () => {
+        expect(EU_AI_ACT_CONTROLS.length).toBeGreaterThan(20);
+        for (const c of EU_AI_ACT_CONTROLS) {
+            expect(c.framework).toBe("EU-AI-ACT");
+            expect(c.id).toMatch(/^EUAIAct-/);
+            expect(Array.isArray(c.findingCategories)).toBe(true);
+        }
+    });
+    it("mapper resolves the AI frameworks (previously returned empty)", () => {
+        expect(getControlsForFramework("ISO-42001").length).toBeGreaterThan(0);
+        expect(getControlsForFramework("NIST-AI-RMF").length).toBeGreaterThan(0);
+        // EU AI Act was authored under frameworks/ but never wired into the mapper.
+        expect(getControlsForFramework("EU-AI-ACT").length).toBeGreaterThan(0);
+    });
+    it("buildComplianceDimension maps real findings to EU AI Act controls", () => {
+        const findings = [
+            finding({ id: "f1", category: "prompt-injection", severity: "critical" }),
+        ];
+        const dim = buildComplianceDimension(findings, ["EU-AI-ACT"]);
+        expect(dim.frameworks).toHaveLength(1);
+        const eu = dim.frameworks[0];
+        expect(eu.framework).toBe("EU-AI-ACT");
+        expect(eu.controlsTotal).toBeGreaterThan(0);
+        expect(eu.controlsFailed).toBeGreaterThan(0);
+        expect(dim.status).toBe("fail");
+    });
+    it("buildComplianceDimension maps real findings to ISO 42001 controls", () => {
+        const findings = [
+            finding({ id: "f1", category: "prompt-injection", severity: "high" }),
+            finding({ id: "f2", category: "exfil-path", severity: "critical" }),
+        ];
+        const dim = buildComplianceDimension(findings, ["ISO-42001"]);
+        expect(dim.frameworks).toHaveLength(1);
+        const iso = dim.frameworks[0];
+        expect(iso.framework).toBe("ISO-42001");
+        expect(iso.controlsTotal).toBeGreaterThan(0);
+        // a critical/high finding should fail at least one control
+        expect(iso.controlsFailed).toBeGreaterThan(0);
+        expect(dim.status).toBe("fail");
+    });
+    it("clean findings produce a passing compliance dimension", () => {
+        const dim = buildComplianceDimension([], ["ISO-42001", "NIST-AI-RMF"]);
+        expect(dim.status).toBe("pass");
+        expect(dim.score).toBe(100);
+        expect(dim.frameworks).toHaveLength(2);
+        expect(dim.frameworks.every((f) => f.controlsFailed === 0)).toBe(true);
+    });
+    it("no frameworks requested -> empty result", () => {
+        const dim = buildComplianceDimension([], []);
+        expect(dim.status).toBe("not_assessed");
+        expect(dim.frameworks).toHaveLength(0);
+    });
+});
+//# sourceMappingURL=ai-frameworks.test.js.map

package/dist/__tests__/compliance/ai-frameworks.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-frameworks.test.js","sourceRoot":"","sources":["../../../src/__tests__/compliance/ai-frameworks.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0CAA0C,CAAC;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8CAA8C,CAAC;AAGxF,SAAS,OAAO,CAAC,OAA+E;IAC9F,OAAO;QACL,EAAE,EAAE,GAAG;QACP,WAAW,EAAE,cAAc;QAC3B,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE,GAAG;QACf,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,0BAA0B;QACtC,GAAG,OAAO;KACA,CAAC;AACf,CAAC;AAED,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACrD,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;YACnC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACrE,KAAK,MAAM,CAAC,IAAI,oBAAoB,EAAE,CAAC;YACrC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,IAAI,kBAAkB,EAAE,CAAC;YACnC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACtC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAClC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACvE,MAAM,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACzE,4EAA4E;QAC5E,MAAM,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,QAAQ,GAAG;YACf,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;SAC1E,CAAC;QACF,MAAM,GAAG,GAAG,wBAAwB,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACvC,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,QAAQ,GAAG;YACf,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YACrE,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;SACpE,CAAC;QACF,MAAM,GAAG,GAAG,wBAAwB,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC7C,2DAA2D;QAC3D,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,GAAG,GAAG,wBAAwB,CAAC,EAAE,EAAE,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;QACvE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,GAAG,GAAG,wBAAwB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/eval/llm-analyzer.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=llm-analyzer.test.d.ts.map

package/dist/__tests__/eval/llm-analyzer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-analyzer.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/eval/llm-analyzer.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/eval/llm-analyzer.test.js

@@ -0,0 +1,93 @@
+import { describe, it, expect, afterEach } from "vitest";
+import { providerAvailable, findingsAgree, consensusOf, } from "../../eval/llm-analyzer.js";
+function finding(over = {}) {
+    return {
+        scanner: "llm:anthropic",
+        ruleId: "anthropic:sql-injection",
+        file: "app.ts",
+        line: 10,
+        severity: "high",
+        message: "sql-injection: untrusted input into query",
+        confidence: 100,
+        ...over,
+    };
+}
+describe("providerAvailable", () => {
+    const orig = { ...process.env };
+    afterEach(() => {
+        process.env = { ...orig };
+    });
+    it("reflects ANTHROPIC_API_KEY presence", () => {
+        delete process.env.ANTHROPIC_API_KEY;
+        expect(providerAvailable("anthropic")).toBe(false);
+        process.env.ANTHROPIC_API_KEY = "sk-test";
+        expect(providerAvailable("anthropic")).toBe(true);
+    });
+    it("reflects OPENAI_API_KEY presence", () => {
+        delete process.env.OPENAI_API_KEY;
+        expect(providerAvailable("openai")).toBe(false);
+        process.env.OPENAI_API_KEY = "sk-test";
+        expect(providerAvailable("openai")).toBe(true);
+    });
+});
+describe("findingsAgree", () => {
+    it("agrees when file, category, and nearby line match across providers", () => {
+        const a = finding({ ruleId: "anthropic:sql-injection", line: 10 });
+        const b = finding({
+            scanner: "llm:openai",
+            ruleId: "openai:sql-injection",
+            line: 12,
+        });
+        expect(findingsAgree(a, b)).toBe(true);
+    });
+    it("disagrees when categories differ", () => {
+        const a = finding({ ruleId: "anthropic:sql-injection" });
+        const b = finding({ ruleId: "openai:xss" });
+        expect(findingsAgree(a, b)).toBe(false);
+    });
+    it("disagrees when files differ", () => {
+        const a = finding({ file: "a.ts" });
+        const b = finding({ file: "b.ts", ruleId: "openai:sql-injection" });
+        expect(findingsAgree(a, b)).toBe(false);
+    });
+    it("disagrees when lines are beyond the tolerance", () => {
+        const a = finding({ line: 10 });
+        const b = finding({ ruleId: "openai:sql-injection", line: 20 });
+        expect(findingsAgree(a, b)).toBe(false);
+    });
+    it("agrees exactly at the line tolerance boundary (±3)", () => {
+        const a = finding({ line: 10 });
+        const b = finding({ ruleId: "openai:sql-injection", line: 13 });
+        expect(findingsAgree(a, b)).toBe(true);
+    });
+});
+describe("consensusOf", () => {
+    it("keeps only primary findings corroborated by the other provider", () => {
+        const anthropic = [
+            finding({ ruleId: "anthropic:sql-injection", line: 10 }),
+            finding({ ruleId: "anthropic:auth-bypass", line: 50 }),
+        ];
+        const openai = [
+            finding({
+                scanner: "llm:openai",
+                ruleId: "openai:sql-injection",
+                line: 11,
+            }),
+        ];
+        const result = consensusOf(anthropic, openai);
+        expect(result).toHaveLength(1);
+        expect(result[0]?.ruleId).toBe("anthropic:sql-injection");
+    });
+    it("returns nothing when the providers share no findings", () => {
+        const anthropic = [finding({ ruleId: "anthropic:xss", line: 5 })];
+        const openai = [
+            finding({ scanner: "llm:openai", ruleId: "openai:ssrf", line: 5 }),
+        ];
+        expect(consensusOf(anthropic, openai)).toEqual([]);
+    });
+    it("returns nothing when either side is empty", () => {
+        expect(consensusOf([], [finding()])).toEqual([]);
+        expect(consensusOf([finding()], [])).toEqual([]);
+    });
+});
+//# sourceMappingURL=llm-analyzer.test.js.map

package/dist/__tests__/eval/llm-analyzer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-analyzer.test.js","sourceRoot":"","sources":["../../../src/__tests__/eval/llm-analyzer.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzD,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,WAAW,GACZ,MAAM,4BAA4B,CAAC;AAGpC,SAAS,OAAO,CAAC,OAA+B,EAAE;IAChD,OAAO;QACL,OAAO,EAAE,eAAe;QACxB,MAAM,EAAE,yBAAyB;QACjC,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,EAAE;QACR,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,2CAA2C;QACpD,UAAU,EAAE,GAAG;QACf,GAAG,IAAI;KACR,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,MAAM,IAAI,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAChC,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,SAAS,CAAC;QAC1C,MAAM,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAClC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,cAAc,GAAG,SAAS,CAAC;QACvC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;QAC5E,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,yBAAyB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QACnE,MAAM,CAAC,GAAG,OAAO,CAAC;YAChB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,sBAAsB;YAC9B,IAAI,EAAE,EAAE;SACT,CAAC,CAAC;QACH,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QAC5C,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACpC,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC,CAAC;QACpE,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,SAAS,GAAG;YAChB,OAAO,CAAC,EAAE,MAAM,EAAE,yBAAyB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YACxD,OAAO,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;SACvD,CAAC;QACF,MAAM,MAAM,GAAG;YACb,OAAO,CAAC;gBACN,OAAO,EAAE,YAAY;gBACrB,MAAM,EAAE,sBAAsB;gBAC9B,IAAI,EAAE,EAAE;aACT,CAAC;SACH,CAAC;QACF,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG;YACb,OAAO,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;SACnE,CAAC;QACF,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/eval/redteam-harness.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redteam-harness.test.d.ts.map

package/dist/__tests__/eval/redteam-harness.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redteam-harness.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/eval/redteam-harness.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/eval/redteam-harness.test.js

@@ -0,0 +1,136 @@
+import { describe, it, expect } from "vitest";
+import { injectionResistanceScore, summarizeExposure, runRedTeamBenchmark, } from "../../eval/redteam-harness.js";
+function piFinding(tool, severity = "high") {
+    return {
+        scanner: "semgrep",
+        ruleId: "prompt-injection:override-instructions",
+        file: "mcp-manifest",
+        line: 0,
+        message: `Tool "${tool}" vulnerable`,
+        severity,
+        confidence: 100,
+        metadata: { tool },
+    };
+}
+describe("injectionResistanceScore (pure)", () => {
+    it("scores 100 when no tool has an injection finding", () => {
+        const r = injectionResistanceScore([], 5);
+        expect(r.score).toBe(100);
+        expect(r.grade).toBe("A+");
+        expect(r.resistantTools).toBe(5);
+        expect(r.vulnerableTools).toBe(0);
+    });
+    it("scores the share of resistant tools", () => {
+        const findings = [piFinding("a"), piFinding("b")];
+        const r = injectionResistanceScore(findings, 10);
+        expect(r.vulnerableTools).toBe(2);
+        expect(r.resistantTools).toBe(8);
+        expect(r.score).toBe(80);
+    });
+    it("dedupes multiple findings on the same tool", () => {
+        const findings = [piFinding("a"), piFinding("a"), piFinding("a")];
+        const r = injectionResistanceScore(findings, 4);
+        expect(r.vulnerableTools).toBe(1);
+        expect(r.score).toBe(75);
+    });
+    it("excludes the prompt-injection:summary aggregate finding", () => {
+        const summary = {
+            scanner: "semgrep",
+            ruleId: "prompt-injection:summary",
+            file: "mcp-manifest",
+            line: 0,
+            message: "summary",
+            severity: "high",
+            confidence: 100,
+        };
+        const r = injectionResistanceScore([summary, piFinding("a")], 2);
+        expect(r.vulnerableTools).toBe(1);
+        expect(r.score).toBe(50);
+    });
+    it("ignores non-injection findings", () => {
+        const other = {
+            scanner: "semgrep",
+            ruleId: "exfil:path",
+            file: "x",
+            line: 0,
+            message: "exfil",
+            severity: "critical",
+            confidence: 100,
+        };
+        const r = injectionResistanceScore([other], 3);
+        expect(r.vulnerableTools).toBe(0);
+        expect(r.score).toBe(100);
+    });
+    it("returns 0 for zero tools", () => {
+        expect(injectionResistanceScore([], 0).score).toBe(0);
+    });
+});
+describe("summarizeExposure (pure)", () => {
+    it("counts findings by severity and flags critical/high", () => {
+        const findings = [
+            piFinding("a", "critical"),
+            piFinding("b", "high"),
+            piFinding("c", "low"),
+        ];
+        const e = summarizeExposure("exfil-path", "exfil-path-graph", findings);
+        expect(e.findingCount).toBe(3);
+        expect(e.criticalHigh).toBe(2);
+        expect(e.bySeverity.critical).toBe(1);
+        expect(e.bySeverity.low).toBe(1);
+        expect(e.clean).toBe(false);
+    });
+    it("marks an empty dimension clean", () => {
+        const e = summarizeExposure("manifest-hygiene", "manifest-audit", []);
+        expect(e.clean).toBe(true);
+        expect(e.criticalHigh).toBe(0);
+    });
+});
+describe("runRedTeamBenchmark (integration — fuzzer false-positive regression guard)", () => {
+    const benign = {
+        name: "benign",
+        version: "1.0.0",
+        tools: [
+            {
+                name: "add_numbers",
+                description: "Add two integers and return the sum.",
+                inputSchema: {
+                    type: "object",
+                    properties: { a: { type: "number" }, b: { type: "number" } },
+                    required: ["a", "b"],
+                },
+            },
+        ],
+    };
+    const vulnerable = {
+        name: "vuln",
+        version: "1.0.0",
+        tools: [
+            {
+                name: "run_anything",
+                description: "Runs shell commands and fetches arbitrary URLs.",
+                networkAccess: true,
+                codeExecution: true,
+                destructiveHint: true,
+            },
+        ],
+    };
+    it("scores a benign, schema-constrained tool as fully resistant (100)", async () => {
+        const report = await runRedTeamBenchmark({ manifest: benign, corpus: "quick" });
+        // Regression guard: before the BLOCKED_INDICATORS fix the fuzzer flagged
+        // EVERY tool (its own "Jailbreak attempt blocked" refusal matched the
+        // /jailbreak/ indicator), so even this would have scored 0.
+        expect(report.injectionResistance.score).toBe(100);
+        expect(report.injectionResistance.resistantTools).toBe(1);
+        expect(report.grade).toBe("A+");
+    });
+    it("does not give a capability-heavy, schema-less tool a clean pass", async () => {
+        const report = await runRedTeamBenchmark({ manifest: vulnerable, corpus: "quick" });
+        expect(report.injectionResistance.score).toBeLessThan(100);
+    });
+    it("reports exposure dimensions as an array", async () => {
+        const report = await runRedTeamBenchmark({ manifest: benign, corpus: "quick" });
+        expect(Array.isArray(report.exposure)).toBe(true);
+        expect(report.overallScore).toBe(report.injectionResistance.score);
+    });
+});
+//# sourceMappingURL=redteam-harness.test.js.map

package/dist/__tests__/eval/redteam-harness.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redteam-harness.test.js","sourceRoot":"","sources":["../../../src/__tests__/eval/redteam-harness.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,+BAA+B,CAAC;AAIvC,SAAS,SAAS,CAAC,IAAY,EAAE,WAA6C,MAAM;IAClF,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,wCAAwC;QAChD,IAAI,EAAE,cAAc;QACpB,IAAI,EAAE,CAAC;QACP,OAAO,EAAE,SAAS,IAAI,cAAc;QACpC,QAAQ;QACR,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE,EAAE,IAAI,EAAE;KACnB,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,GAAG,wBAAwB,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,QAAQ,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,wBAAwB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,QAAQ,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,wBAAwB,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,OAAO,GAAyB;YACpC,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,0BAA0B;YAClC,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,CAAC;YACP,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,MAAM;YAChB,UAAU,EAAE,GAAG;SAChB,CAAC;QACF,MAAM,CAAC,GAAG,wBAAwB,CAAC,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,KAAK,GAAyB;YAClC,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,YAAY;YACpB,IAAI,EAAE,GAAG;YACT,IAAI,EAAE,CAAC;YACP,OAAO,EAAE,OAAO;YAChB,QAAQ,EAAE,UAAU;YACpB,UAAU,EAAE,GAAG;SAChB,CAAC;QACF,MAAM,CAAC,GAAG,wBAAwB,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,CAAC,wBAAwB,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,QAAQ,GAA2B;YACvC,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC;YAC1B,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC;YACtB,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC;SACtB,CAAC;QACF,MAAM,CAAC,GAAG,iBAAiB,CAAC,YAAY,EAAE,kBAAkB,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,GAAG,iBAAiB,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,EAAE,CAAC,CAAC;QACtE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4EAA4E,EAAE,GAAG,EAAE;IAC1F,MAAM,MAAM,GAAgB;QAC1B,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,OAAO;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,aAAa;gBACnB,WAAW,EAAE,sCAAsC;gBACnD,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBAC5D,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;iBACrB;aACF;SACF;KACwB,CAAC;IAE5B,MAAM,UAAU,GAAgB;QAC9B,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,OAAO;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,cAAc;gBACpB,WAAW,EAAE,iDAAiD;gBAC9D,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,IAAI;gBACnB,eAAe,EAAE,IAAI;aACtB;SACF;KACwB,CAAC;IAE5B,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAChF,yEAAyE;QACzE,sEAAsE;QACtE,4DAA4D;QAC5D,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC1D,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QACpF,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAChF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/evidence/evidence.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=evidence.test.d.ts.map

package/dist/__tests__/evidence/evidence.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/evidence/evidence.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/evidence/evidence.test.js

@@ -0,0 +1,240 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm, mkdir, writeFile } from "fs/promises";
+import { tmpdir } from "os";
+import { join } from "path";
+import { createHash } from "crypto";
+import { collectEvidence, calculateBundleDigest, formatEvidenceBundleAsMarkdown, } from "../../evidence/collector.js";
+import { storeEvidenceBundle, loadEvidenceBundle, listEvidenceBundles, verifyEvidenceBundle, getEvidenceStats, } from "../../evidence/store.js";
+const sha256 = (s) => createHash("sha256").update(Buffer.from(s, "utf-8")).digest("hex");
+function artifact(name, content) {
+    return {
+        type: "scan_result",
+        name,
+        description: `${name} artifact`,
+        contentDigest: sha256(content),
+        sizeBytes: Buffer.byteLength(content),
+        collectedAt: "2026-01-01T00:00:00.000Z",
+        content,
+    };
+}
+/** Seed a .vaspera dir with the files collectEvidence looks for. */
+async function seedVasperaDir(projectPath) {
+    const v = join(projectPath, ".vaspera");
+    await mkdir(join(v, "scans"), { recursive: true });
+    await writeFile(join(v, "config.json"), JSON.stringify({ rules: ["a"] }), "utf-8");
+    await writeFile(join(v, "history.jsonl"), '{"type":"scan","hash":"abc"}\n', "utf-8");
+    await writeFile(join(v, "sbom.json"), JSON.stringify({ bomFormat: "CycloneDX" }), "utf-8");
+    await writeFile(join(v, "scans", "scan-001.json"), JSON.stringify({ findings: [] }), "utf-8");
+}
+describe("calculateBundleDigest", () => {
+    it("is deterministic and order-independent (artifacts are sorted)", () => {
+        const a = artifact("a", "alpha");
+        const b = artifact("b", "beta");
+        const c = artifact("c", "gamma");
+        const d1 = calculateBundleDigest([a, b, c]);
+        const d2 = calculateBundleDigest([c, a, b]);
+        expect(d1).toBe(d2);
+        expect(d1).toMatch(/^[a-f0-9]{64}$/);
+    });
+    it("changes when any artifact content digest changes", () => {
+        const base = calculateBundleDigest([artifact("a", "alpha"), artifact("b", "beta")]);
+        const altered = calculateBundleDigest([artifact("a", "alpha"), artifact("b", "BETA")]);
+        expect(altered).not.toBe(base);
+    });
+    it("is empty-set stable", () => {
+        expect(calculateBundleDigest([])).toBe(sha256(""));
+    });
+});
+describe("collectEvidence", () => {
+    let dir;
+    beforeEach(async () => {
+        dir = await mkdtemp(join(tmpdir(), "evidence-collect-"));
+    });
+    afterEach(async () => {
+        await rm(dir, { recursive: true, force: true });
+    });
+    it("collects artifacts from .vaspera and produces a self-consistent bundle digest", async () => {
+        await seedVasperaDir(dir);
+        const result = await collectEvidence({ projectPath: dir, certificationId: "cert-1" });
+        expect(result.success).toBe(true);
+        const bundle = result.bundle;
+        expect(bundle.certificationId).toBe("cert-1");
+        expect(bundle.artifacts.length).toBeGreaterThan(0);
+        // bundle digest recomputes to the same value from its own artifacts
+        expect(calculateBundleDigest(bundle.artifacts)).toBe(bundle.bundleDigest);
+        // every artifact's digest matches its inline content
+        for (const a of bundle.artifacts) {
+            if (a.content)
+                expect(sha256(a.content)).toBe(a.contentDigest);
+        }
+    });
+    it("warns (not fails) when expected files are missing", async () => {
+        const result = await collectEvidence({ projectPath: dir, includeScanResults: true });
+        expect(result.success).toBe(true);
+        expect(result.warnings.length).toBeGreaterThan(0);
+    });
+});
+describe("verifyEvidenceBundle — the integrity guarantee", () => {
+    let dir;
+    beforeEach(async () => {
+        dir = await mkdtemp(join(tmpdir(), "evidence-verify-"));
+        await seedVasperaDir(dir);
+    });
+    afterEach(async () => {
+        await rm(dir, { recursive: true, force: true });
+    });
+    it("verifies an untampered freshly collected bundle", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.verified).toBe(true);
+        expect(result.artifactsIntact).toBe(true);
+        expect(result.failedArtifacts).toEqual([]);
+    });
+    it("detects tampered inline artifact content (digest mismatch)", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        // Tamper with content but recompute the bundle digest so the top-level
+        // check passes — forcing the per-artifact check to be the thing that catches it.
+        const target = bundle.artifacts.find((a) => a.content);
+        target.content = `${target.content} /* injected */`;
+        bundle.bundleDigest = calculateBundleDigest(bundle.artifacts);
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.verified).toBe(false);
+        expect(result.artifactsIntact).toBe(false);
+        expect(result.failedArtifacts).toContain(target.name);
+    });
+    it("detects a forged bundle digest", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        bundle.bundleDigest = "0".repeat(64);
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.verified).toBe(false);
+        expect(result.artifactsIntact).toBe(false);
+        expect(result.error).toMatch(/digest mismatch/i);
+    });
+    it("detects an artifact added without updating the bundle digest", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        bundle.artifacts.push(artifact("smuggled", "malicious payload"));
+        // bundleDigest left stale on purpose
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.verified).toBe(false);
+        expect(result.error).toMatch(/digest mismatch/i);
+    });
+    it("an unsigned bundle verifies with signatureValid undefined", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.verified).toBe(true);
+        expect(result.signatureValid).toBeUndefined();
+    });
+    it("verifies a real-shaped Sigstore signature over the bundle digest", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        // Mirror what collectEvidence({sign:true}) attaches: the signature is over
+        // bundleDigest, with a Sigstore bundle carrying a transparency-log entry.
+        bundle.signature = {
+            signed: true,
+            digest: sha256(bundle.bundleDigest),
+            signedAt: "2026-01-01T00:00:00.000Z",
+            rekorLogIndex: "12345",
+            bundle: { verificationMaterial: { tlogEntries: [{ logIndex: "12345" }] } },
+        };
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.signatureValid).toBe(true);
+        expect(result.verified).toBe(true);
+    });
+    it("rejects a signature whose digest does not match the bundle digest", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        bundle.signature = {
+            signed: true,
+            digest: sha256("not-the-bundle-digest"),
+            signedAt: "2026-01-01T00:00:00.000Z",
+            bundle: { verificationMaterial: { tlogEntries: [{ logIndex: "1" }] } },
+        };
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.signatureValid).toBe(false);
+        expect(result.verified).toBe(false);
+        expect(result.error).toMatch(/signature/i);
+    });
+    it("rejects a signature with no transparency-log entry", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir });
+        bundle.signature = {
+            signed: true,
+            digest: sha256(bundle.bundleDigest),
+            signedAt: "2026-01-01T00:00:00.000Z",
+            bundle: { verificationMaterial: { tlogEntries: [] } },
+        };
+        const result = await verifyEvidenceBundle(bundle);
+        expect(result.signatureValid).toBe(false);
+    });
+});
+describe("evidence store round-trip", () => {
+    let dir;
+    beforeEach(async () => {
+        dir = await mkdtemp(join(tmpdir(), "evidence-store-"));
+        await seedVasperaDir(dir);
+    });
+    afterEach(async () => {
+        await rm(dir, { recursive: true, force: true });
+    });
+    it("stores and loads a bundle byte-for-byte, and it still verifies", async () => {
+        const { bundle } = await collectEvidence({ projectPath: dir, certificationId: "cert-x" });
+        const path = await storeEvidenceBundle(dir, bundle);
+        expect(path).toContain(`${bundle.id}.json`);
+        const loaded = await loadEvidenceBundle(dir, bundle.id);
+        expect(loaded).not.toBeNull();
+        expect(loaded.bundleDigest).toBe(bundle.bundleDigest);
+        const result = await verifyEvidenceBundle(loaded);
+        expect(result.verified).toBe(true);
+    });
+    it("returns null loading an unknown bundle id", async () => {
+        expect(await loadEvidenceBundle(dir, "evidence-nope")).toBeNull();
+    });
+    it("lists stored bundles newest-first and reports stats", async () => {
+        const b1 = (await collectEvidence({ projectPath: dir })).bundle;
+        b1.id = "evidence-aaa";
+        b1.createdAt = "2026-01-01T00:00:00.000Z";
+        const b2 = (await collectEvidence({ projectPath: dir })).bundle;
+        b2.id = "evidence-bbb";
+        b2.createdAt = "2026-02-01T00:00:00.000Z";
+        await storeEvidenceBundle(dir, b1);
+        await storeEvidenceBundle(dir, b2);
+        const list = await listEvidenceBundles(dir);
+        expect(list.map((b) => b.id)).toEqual(["evidence-bbb", "evidence-aaa"]);
+        const stats = await getEvidenceStats(dir);
+        expect(stats.bundleCount).toBe(2);
+        expect(stats.totalSizeBytes).toBeGreaterThan(0);
+        expect(stats.oldestBundle).toBe("2026-01-01T00:00:00.000Z");
+        expect(stats.newestBundle).toBe("2026-02-01T00:00:00.000Z");
+    });
+    it("returns empty results for a project with no evidence dir", async () => {
+        const empty = await mkdtemp(join(tmpdir(), "evidence-empty-"));
+        try {
+            expect(await listEvidenceBundles(empty)).toEqual([]);
+            expect(await getEvidenceStats(empty)).toEqual({ bundleCount: 0, totalSizeBytes: 0 });
+        }
+        finally {
+            await rm(empty, { recursive: true, force: true });
+        }
+    });
+});
+describe("formatEvidenceBundleAsMarkdown", () => {
+    it("renders digest, artifacts, and unsigned status", () => {
+        const bundle = {
+            id: "evidence-md",
+            createdAt: "2026-01-01T00:00:00.000Z",
+            projectPath: "/p",
+            frameworks: [],
+            environment: {
+                os: "linux",
+                osVersion: "6",
+                nodeVersion: "v20",
+                vasperaVersion: "2.14.0",
+                capturedAt: "2026-01-01T00:00:00.000Z",
+            },
+            artifacts: [artifact("scan", "data")],
+            bundleDigest: calculateBundleDigest([artifact("scan", "data")]),
+        };
+        const md = formatEvidenceBundleAsMarkdown(bundle);
+        expect(md).toContain("# Evidence Bundle");
+        expect(md).toContain(bundle.bundleDigest);
+        expect(md).toContain("**Signature**: Not signed");
+    });
+});
+//# sourceMappingURL=evidence.test.js.map

package/dist/__tests__/evidence/evidence.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.test.js","sourceRoot":"","sources":["../../../src/__tests__/evidence/evidence.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,8BAA8B,GAC/B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,yBAAyB,CAAC;AAGjC,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAEjG,SAAS,QAAQ,CAAC,IAAY,EAAE,OAAe;IAC7C,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,IAAI;QACJ,WAAW,EAAE,GAAG,IAAI,WAAW;QAC/B,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC;QAC9B,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;QACrC,WAAW,EAAE,0BAA0B;QACvC,OAAO;KACR,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,KAAK,UAAU,cAAc,CAAC,WAAmB;IAC/C,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACxC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;IACnF,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,eAAe,CAAC,EAAE,gCAAgC,EAAE,OAAO,CAAC,CAAC;IACrF,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;IAC3F,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;AAChG,CAAC;AAED,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACjC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAChC,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,EAAE,GAAG,qBAAqB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpB,MAAM,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,IAAI,GAAG,qBAAqB,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,qBAAqB,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QACvF,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAI,GAAW,CAAC;IAChB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,KAAK,IAAI,EAAE;QAC7F,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC,CAAC;QAEtF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAO,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACnD,oEAAoE;QACpE,MAAM,CAAC,qBAAqB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC1E,qDAAqD;QACrD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,OAAO;gBAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QACjE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;QACrF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gDAAgD,EAAE,GAAG,EAAE;IAC9D,IAAI,GAAW,CAAC;IAChB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;QACxD,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,uEAAuE;QACvE,iFAAiF;QACjF,MAAM,MAAM,GAAG,MAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAE,CAAC;QACzD,MAAM,CAAC,OAAO,GAAG,GAAG,MAAM,CAAC,OAAO,iBAAiB,CAAC;QACpD,MAAO,CAAC,YAAY,GAAG,qBAAqB,CAAC,MAAO,CAAC,SAAS,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,MAAO,CAAC,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,MAAO,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAClE,qCAAqC;QACrC,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,aAAa,EAAE,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,2EAA2E;QAC3E,0EAA0E;QAC1E,MAAO,CAAC,SAAS,GAAG;YAClB,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,MAAM,CAAC,MAAO,CAAC,YAAY,CAAC;YACpC,QAAQ,EAAE,0BAA0B;YACpC,aAAa,EAAE,OAAO;YACtB,MAAM,EAAE,EAAE,oBAAoB,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;SAC3E,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,MAAO,CAAC,SAAS,GAAG;YAClB,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,MAAM,CAAC,uBAAuB,CAAC;YACvC,QAAQ,EAAE,0BAA0B;YACpC,MAAM,EAAE,EAAE,oBAAoB,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;SACvE,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,MAAO,CAAC,SAAS,GAAG;YAClB,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,MAAM,CAAC,MAAO,CAAC,YAAY,CAAC;YACpC,QAAQ,EAAE,0BAA0B;YACpC,MAAM,EAAE,EAAE,oBAAoB,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE;SACtD,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,IAAI,GAAW,CAAC;IAChB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,GAAG,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAC;QACvD,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1F,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,GAAG,EAAE,MAAO,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,MAAO,CAAC,EAAE,OAAO,CAAC,CAAC;QAE7C,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,MAAO,CAAC,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,MAAO,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,MAAO,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,MAAO,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,CAAC,MAAM,kBAAkB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,EAAE,GAAG,CAAC,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,MAAO,CAAC;QACjE,EAAE,CAAC,EAAE,GAAG,cAAc,CAAC;QACvB,EAAE,CAAC,SAAS,GAAG,0BAA0B,CAAC;QAC1C,MAAM,EAAE,GAAG,CAAC,MAAM,eAAe,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,MAAO,CAAC;QACjE,EAAE,CAAC,EAAE,GAAG,cAAc,CAAC;QACvB,EAAE,CAAC,SAAS,GAAG,0BAA0B,CAAC;QAC1C,MAAM,mBAAmB,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,mBAAmB,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEnC,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;QAExE,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;gBAAS,CAAC;YACT,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAmB;YAC7B,EAAE,EAAE,aAAa;YACjB,SAAS,EAAE,0BAA0B;YACrC,WAAW,EAAE,IAAI;YACjB,UAAU,EAAE,EAAE;YACd,WAAW,EAAE;gBACX,EAAE,EAAE,OAAO;gBACX,SAAS,EAAE,GAAG;gBACd,WAAW,EAAE,KAAK;gBAClB,cAAc,EAAE,QAAQ;gBACxB,UAAU,EAAE,0BAA0B;aACvC;YACD,SAAS,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YACrC,YAAY,EAAE,qBAAqB,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;SAChE,CAAC;QACF,MAAM,EAAE,GAAG,8BAA8B,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QAC1C,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC1C,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/history/decisions.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=decisions.test.d.ts.map

package/dist/__tests__/history/decisions.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decisions.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/history/decisions.test.ts"],"names":[],"mappings":""}