🚀. Socket Launch Week Day 2:Introducing Manifest Alerts.Learn more
Sign In

@isl-lang/gate

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@isl-lang/gate - npm Package Compare versions

Comparing version
0.1.0
 to
0.1.1
+636
dist/chunk-7YIDYPSN.js
// src/verified-intent/types.ts
var DEFAULT_VERIFIED_INTENT_CONFIG = {
missingPillarVerdict: "NO_SHIP",
specFidelity: {
minSignatureMatch: 0.8,
minTypeMatch: 0.8
},
coverage: {
minPostconditions: 1,
minInvariants: 1,
minErrorCases: 1,
minCoverageRatio: 0.5
},
execution: {
minPassRate: 0.8,
maxSkipRate: 0.1,
requireAtLeastOneRan: true,
requireAttribution: true
}
};
var DEV_VERIFIED_INTENT_CONFIG = {
missingPillarVerdict: "WARN",
specFidelity: {
minSignatureMatch: 0.5,
minTypeMatch: 0.5
},
coverage: {
minPostconditions: 0,
minInvariants: 0,
minErrorCases: 0,
minCoverageRatio: 0
},
execution: {
minPassRate: 0.5,
maxSkipRate: 0.5,
requireAtLeastOneRan: false,
requireAttribution: false
}
};
// src/verified-intent/pillars.ts
function evaluateSpecFidelity(input, config) {
const details = [];
const provenance = [];
details.push({
check: "spec_parsed",
passed: input.specParsed,
message: input.specParsed ? "Spec parsed successfully" : "Spec failed to parse",
origin: input.specOrigin,
executionStatus: "ran"
});
provenance.push({
label: "ISL spec",
origin: input.specOrigin,
executionStatus: input.specParsed ? "ran" : "errored",
detail: input.specOrigin === "ai-generated" ? "Spec was AI-generated" : void 0
});
if (!input.specParsed) {
return {
pillar: "spec_fidelity",
status: "failed",
score: 0,
summary: "Spec Fidelity: FAILED \u2014 spec did not parse",
details,
provenance
};
}
details.push({
check: "spec_typechecked",
passed: input.specTypechecked,
message: input.specTypechecked ? "Spec typechecked" : "Spec has type errors",
origin: input.specOrigin,
executionStatus: "ran"
});
if (!input.specTypechecked) {
return {
pillar: "spec_fidelity",
status: "failed",
score: 0.1,
summary: "Spec Fidelity: FAILED \u2014 spec has type errors",
details,
provenance
};
}
const sigRatio = input.specSignatureCount > 0 ? input.matchedSignatureCount / input.specSignatureCount : 0;
const sigPassed = sigRatio >= config.specFidelity.minSignatureMatch;
details.push({
check: "signature_match",
passed: sigPassed,
message: `Signature match: ${input.matchedSignatureCount}/${input.specSignatureCount} (${pct(sigRatio)}, threshold ${pct(config.specFidelity.minSignatureMatch)})`,
origin: input.implOrigin,
executionStatus: "ran"
});
provenance.push({
label: "Signature matching",
origin: "inferred",
executionStatus: "ran",
detail: `${input.matchedSignatureCount}/${input.specSignatureCount} matched`
});
const typeRatio = input.specTypeCount > 0 ? input.matchedTypeCount / input.specTypeCount : 0;
const typePassed = typeRatio >= config.specFidelity.minTypeMatch;
details.push({
check: "type_match",
passed: typePassed,
message: `Type match: ${input.matchedTypeCount}/${input.specTypeCount} (${pct(typeRatio)}, threshold ${pct(config.specFidelity.minTypeMatch)})`,
origin: input.implOrigin,
executionStatus: "ran"
});
provenance.push({
label: "Type matching",
origin: "inferred",
executionStatus: "ran",
detail: `${input.matchedTypeCount}/${input.specTypeCount} matched`
});
const score = (sigRatio + typeRatio) / 2;
const allPassed = sigPassed && typePassed;
const status = allPassed ? "passed" : sigRatio > 0 || typeRatio > 0 ? "degraded" : "failed";
return {
pillar: "spec_fidelity",
status,
score,
summary: `Spec Fidelity: ${status.toUpperCase()} \u2014 signatures ${pct(sigRatio)}, types ${pct(typeRatio)}`,
details,
provenance
};
}
function evaluateCoverage(input, config) {
const details = [];
const provenance = [];
const postOk = input.postconditionCount >= config.coverage.minPostconditions;
details.push({
check: "postconditions_present",
passed: postOk,
message: postOk ? `Postconditions: ${input.postconditionCount} present (min ${config.coverage.minPostconditions})` : `Postconditions: ${input.postconditionCount} present, need at least ${config.coverage.minPostconditions}`,
origin: input.specOrigin,
executionStatus: input.postconditionCount > 0 ? "ran" : "not_run"
});
if (input.postconditionCount > 0) {
provenance.push({
label: `${input.postconditionCount} postcondition(s)`,
origin: input.specOrigin,
executionStatus: input.postconditionsVerified > 0 ? "ran" : "not_run",
detail: `${input.postconditionsVerified}/${input.postconditionCount} verified`
});
}
const invOk = input.invariantCount >= config.coverage.minInvariants;
details.push({
check: "invariants_present",
passed: invOk,
message: invOk ? `Invariants: ${input.invariantCount} present (min ${config.coverage.minInvariants})` : `Invariants: ${input.invariantCount} present, need at least ${config.coverage.minInvariants}`,
origin: input.specOrigin,
executionStatus: input.invariantCount > 0 ? "ran" : "not_run"
});
if (input.invariantCount > 0) {
provenance.push({
label: `${input.invariantCount} invariant(s)`,
origin: input.specOrigin,
executionStatus: input.invariantsVerified > 0 ? "ran" : "not_run",
detail: `${input.invariantsVerified}/${input.invariantCount} verified`
});
}
const errOk = input.errorCaseCount >= config.coverage.minErrorCases;
details.push({
check: "error_cases_present",
passed: errOk,
message: errOk ? `Error cases: ${input.errorCaseCount} present (min ${config.coverage.minErrorCases})` : `Error cases: ${input.errorCaseCount} present, need at least ${config.coverage.minErrorCases}`,
origin: input.specOrigin,
executionStatus: input.errorCaseCount > 0 ? "ran" : "not_run"
});
if (input.errorCaseCount > 0) {
provenance.push({
label: `${input.errorCaseCount} error case(s)`,
origin: input.specOrigin,
executionStatus: input.errorCasesVerified > 0 ? "ran" : "not_run",
detail: `${input.errorCasesVerified}/${input.errorCaseCount} verified`
});
}
const coverageRatio = input.totalClauses > 0 ? input.coveredClauses / input.totalClauses : 0;
const coverageOk = coverageRatio >= config.coverage.minCoverageRatio;
details.push({
check: "coverage_ratio",
passed: coverageOk,
message: `Coverage ratio: ${input.coveredClauses}/${input.totalClauses} (${pct(coverageRatio)}, threshold ${pct(config.coverage.minCoverageRatio)})`,
origin: "inferred",
executionStatus: "ran"
});
provenance.push({
label: "Clause coverage",
origin: "inferred",
executionStatus: "ran",
detail: `${input.coveredClauses}/${input.totalClauses} clauses covered`
});
const allPresent = postOk && invOk && errOk && coverageOk;
const presenceScore = [postOk, invOk, errOk, coverageOk].filter(Boolean).length / 4;
const score = (presenceScore + coverageRatio) / 2;
let status;
if (allPresent) {
status = "passed";
} else if (input.totalClauses === 0) {
status = "missing";
} else {
status = presenceScore >= 0.5 ? "degraded" : "failed";
}
return {
pillar: "coverage",
status,
score,
summary: `Coverage: ${status.toUpperCase()} \u2014 ${input.coveredClauses}/${input.totalClauses} clauses, ${input.postconditionCount} post, ${input.invariantCount} inv, ${input.errorCaseCount} err`,
details,
provenance
};
}
function evaluateExecution(input, config) {
const details = [];
const provenance = [];
const ranCount = input.passedTests + input.failedTests;
const hasRan = ranCount > 0;
if (config.execution.requireAtLeastOneRan) {
details.push({
check: "at_least_one_ran",
passed: hasRan,
message: hasRan ? `${ranCount} test(s) executed` : "No tests executed \u2014 all were skipped or absent",
origin: "inferred",
executionStatus: hasRan ? "ran" : "not_run"
});
}
const passRate = ranCount > 0 ? input.passedTests / ranCount : 0;
const passRateOk = passRate >= config.execution.minPassRate;
details.push({
check: "pass_rate",
passed: passRateOk,
message: `Pass rate: ${input.passedTests}/${ranCount} (${pct(passRate)}, threshold ${pct(config.execution.minPassRate)})`,
origin: "inferred",
executionStatus: ranCount > 0 ? "ran" : "not_run"
});
const skipRate = input.totalTests > 0 ? input.skippedTests / input.totalTests : 0;
const skipRateOk = skipRate <= config.execution.maxSkipRate;
details.push({
check: "skip_rate",
passed: skipRateOk,
message: `Skip rate: ${input.skippedTests}/${input.totalTests} (${pct(skipRate)}, max ${pct(config.execution.maxSkipRate)})`,
origin: "inferred",
executionStatus: "ran"
});
let attributionOk = true;
if (config.execution.requireAttribution) {
const attributionRatio = ranCount > 0 ? input.attributedTests / ranCount : 0;
attributionOk = attributionRatio > 0;
details.push({
check: "spec_attribution",
passed: attributionOk,
message: attributionOk ? `${input.attributedTests}/${ranCount} test result(s) attributable to spec clauses` : "No test results are attributable to spec clauses",
origin: "inferred",
executionStatus: ranCount > 0 ? "ran" : "not_run"
});
}
for (const tp of input.testProvenance) {
provenance.push({
label: `Test: ${tp.name}`,
origin: tp.origin,
executionStatus: tp.executionStatus,
detail: tp.specClause ? `Attributed to: ${tp.specClause}` : "No spec attribution"
});
}
if (input.testProvenance.length === 0 && input.totalTests > 0) {
provenance.push({
label: `${input.totalTests} test(s)`,
origin: "unknown",
executionStatus: hasRan ? "ran" : "not_run",
detail: `${input.passedTests} passed, ${input.failedTests} failed, ${input.skippedTests} skipped`
});
}
const requirementsMet = [
!config.execution.requireAtLeastOneRan || hasRan,
passRateOk,
skipRateOk,
!config.execution.requireAttribution || attributionOk
];
const metCount = requirementsMet.filter(Boolean).length;
const allMet = metCount === requirementsMet.length;
const score = ranCount > 0 ? passRate * 0.5 + (1 - skipRate) * 0.25 + (attributionOk ? 0.25 : 0) : 0;
let status;
if (!hasRan && config.execution.requireAtLeastOneRan) {
status = "missing";
} else if (allMet) {
status = "passed";
} else if (metCount >= 2) {
status = "degraded";
} else {
status = "failed";
}
return {
pillar: "execution",
status,
score,
summary: `Execution: ${status.toUpperCase()} \u2014 ${ranCount} ran, ${input.passedTests} passed, ${input.skippedTests} skipped, ${input.attributedTests} attributed`,
details,
provenance
};
}
function extractSpecFidelityInput(signals, evidence) {
const parserSignal = signals.find((s) => s.source === "parser");
const typecheckerSignal = signals.find((s) => s.source === "typechecker");
const verifierSignal = signals.find((s) => s.source === "verifier");
const sigChecks = evidence.filter((e) => e.check.includes("signature") || e.check.includes("function"));
const typeChecks = evidence.filter((e) => e.check.includes("type") || e.check.includes("interface"));
const sigTotal = sigChecks.length || (verifierSignal ? 1 : 0);
const sigMatched = sigChecks.filter((e) => e.result === "pass").length || (verifierSignal?.passed ? 1 : 0);
const typeTotal = typeChecks.length || (typecheckerSignal ? 1 : 0);
const typeMatched = typeChecks.filter((e) => e.result === "pass").length || (typecheckerSignal?.passed ? 1 : 0);
const hasAiEvidence = evidence.some((e) => e.details?.includes("AI-generated") || e.details?.includes("ai-generated"));
const specOrigin = hasAiEvidence ? "ai-generated" : "unknown";
return {
specParsed: parserSignal?.passed ?? false,
specTypechecked: typecheckerSignal?.passed ?? false,
specSignatureCount: Math.max(sigTotal, 1),
matchedSignatureCount: sigMatched,
specTypeCount: Math.max(typeTotal, 1),
matchedTypeCount: typeMatched,
specOrigin,
implOrigin: "unknown"
};
}
function extractCoverageInput(signals, evidence) {
const postconditions = evidence.filter(
(e) => e.check.includes("postcondition") || e.check.includes("ensures")
);
const invariants = evidence.filter(
(e) => e.check.includes("invariant")
);
const errorCases = evidence.filter(
(e) => e.check.includes("error") || e.check.includes("exception") || e.check.includes("throws")
);
const allClauses = [...postconditions, ...invariants, ...errorCases];
const uniqueChecks = new Set(allClauses.map((e) => e.check));
const coveredChecks = new Set(
allClauses.filter((e) => e.result === "pass" || e.result === "fail").map((e) => e.check)
);
const hasAiEvidence = evidence.some((e) => e.details?.includes("AI-generated") || e.details?.includes("ai-generated"));
return {
postconditionCount: postconditions.length,
postconditionsVerified: postconditions.filter((e) => e.result === "pass").length,
invariantCount: invariants.length,
invariantsVerified: invariants.filter((e) => e.result === "pass").length,
errorCaseCount: errorCases.length,
errorCasesVerified: errorCases.filter((e) => e.result === "pass").length,
totalClauses: uniqueChecks.size,
coveredClauses: coveredChecks.size,
specOrigin: hasAiEvidence ? "ai-generated" : "unknown"
};
}
function extractExecutionInput(aggregation, evidence) {
const { tests } = aggregation;
const testEvidence = evidence.filter(
(e) => e.source === "runtime-eval" || e.check.includes("test:") || e.check.includes("scenario:")
);
const attributed = testEvidence.filter(
(e) => e.check.includes("postcondition") || e.check.includes("invariant") || e.check.includes("scenario") || e.check.includes("ensures")
);
const testProvenance = testEvidence.map((e) => ({
name: e.check,
origin: e.details?.includes("AI-generated") ? "ai-generated" : "unknown",
executionStatus: mapResultToExecStatus(e.result),
specClause: attributed.some((a) => a.check === e.check) ? e.check : void 0
}));
return {
totalTests: tests.total,
passedTests: tests.passed,
failedTests: tests.failed,
skippedTests: tests.skipped,
attributedTests: attributed.length || (tests.passed > 0 ? tests.passed : 0),
testProvenance
};
}
function pct(ratio) {
return `${(ratio * 100).toFixed(1)}%`;
}
function mapResultToExecStatus(result) {
switch (result) {
case "pass":
return "ran";
case "fail":
return "ran";
case "warn":
return "ran";
case "skip":
return "skipped";
}
}
// src/verified-intent/provenance.ts
function buildProvenanceReport(pillarResults) {
const allRecords = [];
for (const pr of pillarResults) {
allRecords.push(...pr.provenance);
}
return partitionProvenance(allRecords);
}
function partitionProvenance(records) {
const inferred = [];
const aiGenerated = [];
const unknown = [];
const ran = [];
const didNotRun = [];
const evidence = [];
for (const r of records) {
switch (r.origin) {
case "inferred":
inferred.push(r);
break;
case "ai-generated":
aiGenerated.push(r);
break;
case "unknown":
unknown.push(r);
break;
}
if (r.executionStatus === "ran") {
ran.push(r);
} else {
didNotRun.push(r);
}
if (r.evidenceRef) {
evidence.push(r);
}
}
return { inferred, aiGenerated, unknown, ran, didNotRun, evidence };
}
function formatProvenanceReport(report) {
const lines = [];
lines.push("\u2550\u2550\u2550 Provenance Report \u2550\u2550\u2550");
lines.push("");
lines.push(`\u25B8 Inferred (${report.inferred.length}):`);
if (report.inferred.length === 0) {
lines.push(" (none)");
} else {
for (const r of report.inferred) {
lines.push(` \u2022 ${r.label}${r.detail ? ` \u2014 ${r.detail}` : ""}`);
}
}
lines.push("");
lines.push(`\u25B8 AI-Generated (${report.aiGenerated.length}):`);
if (report.aiGenerated.length === 0) {
lines.push(" (none)");
} else {
for (const r of report.aiGenerated) {
lines.push(` \u2022 ${r.label}${r.detail ? ` \u2014 ${r.detail}` : ""}`);
}
}
lines.push("");
lines.push(`\u25B8 Unknown Origin (${report.unknown.length}):`);
if (report.unknown.length === 0) {
lines.push(" (none)");
} else {
for (const r of report.unknown) {
lines.push(` \u2022 ${r.label}${r.detail ? ` \u2014 ${r.detail}` : ""}`);
}
}
lines.push("");
lines.push(`\u25B8 Ran (${report.ran.length}):`);
if (report.ran.length === 0) {
lines.push(" (none)");
} else {
for (const r of report.ran) {
lines.push(` \u2022 ${r.label}${r.detail ? ` \u2014 ${r.detail}` : ""}`);
}
}
lines.push("");
lines.push(`\u25B8 Did Not Run (${report.didNotRun.length}):`);
if (report.didNotRun.length === 0) {
lines.push(" (none)");
} else {
for (const r of report.didNotRun) {
lines.push(` \u2022 ${r.label} [${r.executionStatus}]${r.detail ? ` \u2014 ${r.detail}` : ""}`);
}
}
lines.push("");
lines.push(`\u25B8 Evidence (${report.evidence.length}):`);
if (report.evidence.length === 0) {
lines.push(" (none)");
} else {
for (const r of report.evidence) {
lines.push(` \u2022 ${r.label} \u2192 ${r.evidenceRef}`);
}
}
return lines.join("\n");
}
// src/verified-intent/evaluator.ts
function evaluateVerifiedIntent(signals, aggregation, evidence, config = DEFAULT_VERIFIED_INTENT_CONFIG) {
const specInput = extractSpecFidelityInput(signals, evidence);
const coverageInput = extractCoverageInput(signals, evidence);
const execInput = extractExecutionInput(aggregation, evidence);
return evaluateVerifiedIntentFromInputs(specInput, coverageInput, execInput, config);
}
function evaluateVerifiedIntentFromInputs(specInput, coverageInput, execInput, config = DEFAULT_VERIFIED_INTENT_CONFIG) {
const specFidelity = evaluateSpecFidelity(specInput, config);
const coverage = evaluateCoverage(coverageInput, config);
const execution = evaluateExecution(execInput, config);
const pillarResults = [specFidelity, coverage, execution];
const allPassed = pillarResults.every((p) => p.status === "passed");
const failedPillars = pillarResults.filter((p) => p.status !== "passed");
const missingPillars = pillarResults.filter((p) => p.status === "missing");
const provenance = buildProvenanceReport(pillarResults);
let verdict;
if (allPassed) {
verdict = "SHIP";
} else if (config.missingPillarVerdict === "NO_SHIP") {
verdict = "NO_SHIP";
} else {
const hasHardFailure = pillarResults.some((p) => p.status === "failed" || p.status === "missing");
verdict = hasHardFailure ? "NO_SHIP" : "WARN";
}
const compositeScore = allPassed ? (specFidelity.score + coverage.score + execution.score) / 3 : 0;
const blockers = [];
for (const p of failedPillars) {
blockers.push(`Pillar "${p.pillar}" ${p.status}: ${p.summary}`);
for (const d of p.details.filter((d2) => !d2.passed)) {
blockers.push(` \u2192 ${d.check}: ${d.message}`);
}
}
const recommendations = [];
if (specFidelity.status !== "passed") {
recommendations.push("Improve spec fidelity: ensure all signatures and types in the ISL spec match the source implementation.");
}
if (coverage.status !== "passed") {
recommendations.push("Improve coverage: add postconditions, invariants, and error cases to the ISL spec.");
}
if (execution.status !== "passed") {
recommendations.push("Improve execution: ensure tests run (not skipped) and results are attributable to spec clauses.");
}
if (missingPillars.length > 0) {
recommendations.push(`Missing pillars: ${missingPillars.map((p) => p.pillar).join(", ")}. These must be present for SHIP.`);
}
const pillarSummaries = [
`Fidelity:${statusBadge(specFidelity.status)}`,
`Coverage:${statusBadge(coverage.status)}`,
`Execution:${statusBadge(execution.status)}`
].join(" ");
const summary = `${verdict}: ${allPassed ? "All 3 pillars passed" : `${failedPillars.length}/3 pillar(s) not passing`} | ${pillarSummaries}`;
return {
verdict,
allPillarsPassed: allPassed,
pillars: {
specFidelity,
coverage,
execution
},
compositeScore,
provenance,
summary,
blockers,
recommendations
};
}
function applyVerifiedIntentCap(gateVerdict, intentResult) {
const order = { "NO_SHIP": 0, "WARN": 1, "SHIP": 2 };
const maxAllowed = intentResult.verdict;
return order[gateVerdict] <= order[maxAllowed] ? gateVerdict : maxAllowed;
}
function formatVerifiedIntentReport(result) {
const lines = [];
lines.push("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557");
lines.push(`\u2551 VERIFIED INTENT: ${result.verdict.padEnd(30)}\u2551`);
lines.push("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D");
lines.push("");
lines.push(result.summary);
lines.push("");
lines.push("\u2500\u2500\u2500 Pillar 1: Spec Fidelity \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
lines.push(formatPillar(result.pillars.specFidelity));
lines.push("");
lines.push("\u2500\u2500\u2500 Pillar 2: Coverage \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
lines.push(formatPillar(result.pillars.coverage));
lines.push("");
lines.push("\u2500\u2500\u2500 Pillar 3: Execution \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
lines.push(formatPillar(result.pillars.execution));
lines.push("");
if (result.blockers.length > 0) {
lines.push("\u2500\u2500\u2500 Blockers \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
for (const b of result.blockers) {
lines.push(` \u2717 ${b}`);
}
lines.push("");
}
if (result.recommendations.length > 0) {
lines.push("\u2500\u2500\u2500 Recommendations \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
for (const r of result.recommendations) {
lines.push(` \u2192 ${r}`);
}
lines.push("");
}
lines.push(formatProvenanceReport(result.provenance));
return lines.join("\n");
}
function formatPillar(p) {
const lines = [];
lines.push(` Status: ${statusBadge(p.status)} Score: ${(p.score * 100).toFixed(1)}%`);
lines.push(` ${p.summary}`);
for (const d of p.details) {
const icon = d.passed ? "\u2713" : "\u2717";
lines.push(` ${icon} ${d.check}: ${d.message}`);
}
return lines.join("\n");
}
function statusBadge(status) {
switch (status) {
case "passed":
return "PASS";
case "failed":
return "FAIL";
case "degraded":
return "DEGRADED";
case "missing":
return "MISSING";
default:
return status.toUpperCase();
}
}
export {
DEFAULT_VERIFIED_INTENT_CONFIG,
DEV_VERIFIED_INTENT_CONFIG,
evaluateSpecFidelity,
evaluateCoverage,
evaluateExecution,
extractSpecFidelityInput,
extractCoverageInput,
extractExecutionInput,
buildProvenanceReport,
partitionProvenance,
formatProvenanceReport,
evaluateVerifiedIntent,
evaluateVerifiedIntentFromInputs,
applyVerifiedIntentCap,
formatVerifiedIntentReport
};
+626
dist/chunk-TQSKAO5D.js
import {
__require
} from "./chunk-3RG5ZIWI.js";
// src/trust-score/types.ts
var TRUST_CATEGORIES = [
"preconditions",
"postconditions",
"invariants",
"temporal",
"chaos",
"coverage"
];
var EVIDENCE_PRIORITY = {
smt: 3,
// Formal verification (highest trust)
runtime: 2,
// Runtime testing/verification
heuristic: 1
// Static analysis, heuristics (lowest trust)
};
var DEFAULT_WEIGHTS = {
preconditions: 20,
postconditions: 20,
invariants: 20,
temporal: 15,
chaos: 10,
coverage: 15
};
// src/trust-score/calculator.ts
function resolveConfig(config) {
const weights = { ...DEFAULT_WEIGHTS, ...config?.weights };
const weightSum = Object.values(weights).reduce((a, b) => a + b, 0);
if (weightSum <= 0) {
throw new Error("Trust score weights must sum to a positive number");
}
const normalizedWeights = {};
for (const cat of TRUST_CATEGORIES) {
normalizedWeights[cat] = weights[cat] / weightSum;
}
return {
weights,
normalizedWeights,
unknownPenalty: clamp(config?.unknownPenalty ?? 0.5, 0, 1),
shipThreshold: config?.shipThreshold ?? 85,
warnThreshold: config?.warnThreshold ?? 60,
criticalFailsBlock: config?.criticalFailsBlock ?? true,
historyPath: config?.historyPath ?? ".isl-gate/trust-history.json",
maxHistoryEntries: config?.maxHistoryEntries ?? 50,
enableEvidencePriority: config?.enableEvidencePriority ?? true,
evidenceDecayHalfLifeDays: config?.evidenceDecayHalfLifeDays ?? 90
};
}
function calculateTrustScore(input, config) {
const resolved = resolveConfig(config);
const clauses = input.clauses;
const grouped = groupByCategory(clauses);
const categoryScores = TRUST_CATEGORIES.map((cat) => {
const catClauses = grouped.get(cat) ?? [];
return scoreSingleCategory(cat, catClauses, resolved);
});
const criticalBlock = resolved.criticalFailsBlock && hasCriticalFailure(clauses);
let overallScore;
if (criticalBlock) {
overallScore = 0;
} else {
overallScore = Math.round(
categoryScores.reduce((sum, cs) => sum + cs.weightedScore, 0)
);
}
overallScore = clamp(overallScore, 0, 100);
const counts = aggregateCounts(categoryScores);
const verdict = determineVerdict(overallScore, resolved);
const reasons = buildReasons(overallScore, verdict, criticalBlock, categoryScores, resolved);
return {
score: overallScore,
verdict,
categories: categoryScores,
totalClauses: clauses.length,
counts,
criticalBlock,
reasons,
config: resolved,
timestamp: input.metadata?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString()
};
}
function scoreSingleCategory(category, clauses, config) {
const weight = config.normalizedWeights[category];
if (clauses.length === 0) {
return {
category,
score: 0,
coverage_score: 0,
execution_score: 0,
pass_score: 0,
weight,
weightedScore: 0,
clauseCount: 0,
counts: { pass: 0, fail: 0, partial: 0, unknown: 0 },
gaps: [`no ${category} defined`],
confidence: 0
};
}
const counts = { pass: 0, fail: 0, partial: 0, unknown: 0 };
let weightedScoreSum = 0;
let totalWeight = 0;
const now = Date.now();
for (const clause of clauses) {
counts[clause.status]++;
const baseScore = clauseStatusToScore(clause.status, config.unknownPenalty);
const evidenceSource = clause.evidenceSource ?? "heuristic";
const priorityMultiplier = config.enableEvidencePriority ? EVIDENCE_PRIORITY[evidenceSource] / EVIDENCE_PRIORITY.heuristic : 1;
let decayMultiplier = 1;
if (config.evidenceDecayHalfLifeDays > 0 && clause.evidenceTimestamp) {
const evidenceTime = new Date(clause.evidenceTimestamp).getTime();
const ageDays = (now - evidenceTime) / (1e3 * 60 * 60 * 24);
if (ageDays > 0) {
decayMultiplier = Math.pow(2, -ageDays / config.evidenceDecayHalfLifeDays);
}
}
const clauseWeight = priorityMultiplier * decayMultiplier;
weightedScoreSum += baseScore * clauseWeight;
totalWeight += clauseWeight;
}
const total = clauses.length;
const executed = counts.pass + counts.fail + counts.partial;
const coverage_score = 100;
const execution_score = total > 0 ? Math.round(executed / total * 100) : 0;
const pass_score = executed > 0 ? Math.round(counts.pass / executed * 100) : 0;
const compositeScore = Math.floor(
0.45 * coverage_score + 0.35 * execution_score + 0.2 * pass_score
);
const evidenceScore = totalWeight > 0 ? Math.round(weightedScoreSum / totalWeight) : 0;
const score = clamp(Math.round((compositeScore + evidenceScore) / 2), 0, 100);
const gaps = [];
if (counts.unknown > 0) gaps.push(`${counts.unknown} unknown (unverified)`);
if (counts.fail > 0) gaps.push(`${counts.fail} failing clauses`);
if (executed === 0) gaps.push("no clauses executed");
const executionRate = total > 0 ? executed / total : 0;
const volumeFactor = Math.min(total / 5, 1);
const confidence = Math.round(executionRate * volumeFactor * 100) / 100;
return {
category,
score,
coverage_score,
execution_score,
pass_score,
weight,
weightedScore: score * weight,
clauseCount: clauses.length,
counts,
gaps,
confidence
};
}
function clauseStatusToScore(status, unknownPenalty) {
switch (status) {
case "pass":
return 100;
case "fail":
return 0;
case "partial":
return 50;
case "unknown":
return Math.round((1 - unknownPenalty) * 100);
}
}
function determineVerdict(score, config) {
if (score >= config.shipThreshold) return "SHIP";
if (score >= config.warnThreshold) return "WARN";
return "BLOCK";
}
function hasCriticalFailure(clauses) {
const criticalCategories = ["invariants", "preconditions"];
return clauses.some((c) => {
if (c.status !== "fail") return false;
if (c.confidence !== void 0 && c.confidence < 10) return true;
if (criticalCategories.includes(c.category)) return true;
return false;
});
}
function buildReasons(score, verdict, criticalBlock, categories, config) {
const reasons = [];
if (criticalBlock) {
reasons.push("Critical clause failure detected -- score forced to 0");
}
if (verdict === "SHIP") {
reasons.push(`Trust score ${score}/100 meets SHIP threshold (>= ${config.shipThreshold})`);
} else if (verdict === "WARN") {
reasons.push(`Trust score ${score}/100 is below SHIP threshold (${config.shipThreshold}) but above BLOCK (${config.warnThreshold})`);
} else {
reasons.push(`Trust score ${score}/100 is below BLOCK threshold (${config.warnThreshold})`);
}
const weakCategories = categories.filter((c) => c.score < config.warnThreshold && c.clauseCount > 0);
for (const wc of weakCategories) {
reasons.push(`${wc.category}: ${wc.score}/100 (${wc.counts.fail} failed, ${wc.counts.unknown} unknown)`);
}
const emptyCategories = categories.filter((c) => c.clauseCount === 0);
if (emptyCategories.length > 0) {
const names = emptyCategories.map((c) => c.category).join(", ");
reasons.push(`No coverage for categories: ${names} (score 0 applied)`);
}
for (const cat of categories) {
if (cat.gaps.length > 0) {
reasons.push(`${cat.category} gaps: ${cat.gaps.join("; ")}`);
}
}
return reasons;
}
function groupByCategory(clauses) {
const map = /* @__PURE__ */ new Map();
for (const clause of clauses) {
const existing = map.get(clause.category) ?? [];
existing.push(clause);
map.set(clause.category, existing);
}
return map;
}
function aggregateCounts(categories) {
return categories.reduce(
(acc, cs) => ({
pass: acc.pass + cs.counts.pass,
fail: acc.fail + cs.counts.fail,
partial: acc.partial + cs.counts.partial,
unknown: acc.unknown + cs.counts.unknown
}),
{ pass: 0, fail: 0, partial: 0, unknown: 0 }
);
}
function clamp(value, min, max) {
return Math.max(min, Math.min(max, value));
}
// src/trust-score/history.ts
import { readFile, writeFile, mkdir } from "fs/promises";
import { dirname } from "path";
async function loadHistory(historyPath) {
try {
const raw = await readFile(historyPath, "utf-8");
const parsed = JSON.parse(raw);
if (parsed.version !== 1) {
return createEmptyHistory();
}
return parsed;
} catch {
return createEmptyHistory();
}
}
async function saveHistory(historyPath, history) {
await mkdir(dirname(historyPath), { recursive: true });
const json = JSON.stringify(history, null, 2);
await writeFile(historyPath, json, "utf-8");
}
function createEmptyHistory(projectFingerprint) {
return {
version: 1,
entries: [],
lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
projectFingerprint
};
}
function recordEntry(history, result, config, commitHash, projectFingerprint) {
const categoryScores = {};
for (const cs of result.categories) {
categoryScores[cs.category] = cs.score;
}
const evidenceBreakdown = {
smt: 0,
runtime: 0,
heuristic: 0
};
const entry = {
score: result.score,
verdict: result.verdict,
categoryScores,
timestamp: result.timestamp,
specFile: result.config.historyPath,
commitHash,
projectFingerprint,
counts: { ...result.counts },
evidenceBreakdown
};
const existingEntries = projectFingerprint ? history.entries.filter((e) => e.projectFingerprint === projectFingerprint) : history.entries;
const entries = [entry, ...existingEntries].slice(0, config.maxHistoryEntries);
return {
version: 1,
entries,
lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
projectFingerprint: projectFingerprint ?? history.projectFingerprint
};
}
function computeDelta(current, history) {
if (history.entries.length === 0) {
return void 0;
}
const previous = history.entries[0];
return computeDeltaBetween(current, previous);
}
function computeDeltaBetween(current, previous) {
const scoreDelta = current.score - previous.score;
const verdictChanged = current.verdict !== previous.verdict;
const categoryDeltas = {};
const improved = [];
const regressed = [];
const unchanged = [];
for (const cat of TRUST_CATEGORIES) {
const currentScore = current.categories.find((c) => c.category === cat)?.score ?? 0;
const previousScore = previous.categoryScores[cat] ?? 0;
const delta = currentScore - previousScore;
categoryDeltas[cat] = delta;
if (delta > 0) {
improved.push(cat);
} else if (delta < 0) {
regressed.push(cat);
} else {
unchanged.push(cat);
}
}
const summary = buildDeltaSummary(scoreDelta, verdictChanged, current.verdict, previous.verdict, improved, regressed);
return {
scoreDelta,
verdictChanged,
previousVerdict: verdictChanged ? previous.verdict : void 0,
categoryDeltas,
improved,
regressed,
unchanged,
summary
};
}
function computeTrend(history, windowSize = 5) {
const entries = history.entries.slice(0, windowSize);
if (entries.length < 2) {
return "stable";
}
const scores = entries.map((e) => e.score).reverse();
const n = scores.length;
const xMean = (n - 1) / 2;
const yMean = scores.reduce((a, b) => a + b, 0) / n;
let numerator = 0;
let denominator = 0;
for (let i = 0; i < n; i++) {
numerator += (i - xMean) * (scores[i] - yMean);
denominator += (i - xMean) ** 2;
}
if (denominator === 0) return "stable";
const slope = numerator / denominator;
if (slope > 1) return "improving";
if (slope < -1) return "declining";
return "stable";
}
function buildDeltaSummary(scoreDelta, verdictChanged, currentVerdict, previousVerdict, improved, regressed) {
const parts = [];
if (scoreDelta === 0) {
parts.push("Trust score unchanged");
} else if (scoreDelta > 0) {
parts.push(`Trust score improved by +${scoreDelta} points`);
} else {
parts.push(`Trust score regressed by ${scoreDelta} points`);
}
if (verdictChanged) {
parts.push(`Verdict changed: ${previousVerdict} -> ${currentVerdict}`);
}
if (improved.length > 0) {
parts.push(`Improved: ${improved.join(", ")}`);
}
if (regressed.length > 0) {
parts.push(`Regressed: ${regressed.join(", ")}`);
}
return parts.join(". ");
}
// src/trust-score/report.ts
function generateReport(result, delta) {
return {
result,
delta,
text: formatTextReport(result, delta),
json: formatJSONReport(result, delta)
};
}
function formatTextReport(result, delta) {
const lines = [];
lines.push("");
lines.push(verdictBanner(result.verdict, result.score));
lines.push("");
const deltaStr = delta ? formatDeltaInline(delta.scoreDelta) : "";
lines.push(` Trust Score: ${result.score}/100 ${deltaStr}`);
lines.push(` Verdict: ${result.verdict}`);
lines.push(` Threshold: ${result.config.shipThreshold} (SHIP) / ${result.config.warnThreshold} (WARN)`);
lines.push("");
lines.push(" Category Breakdown:");
lines.push(" " + "-".repeat(68));
lines.push(
" " + padRight("Category", 16) + padRight("Score", 8) + padRight("Weight", 8) + padRight("Pass", 6) + padRight("Fail", 6) + padRight("Part", 6) + padRight("Unk", 6) + "Delta"
);
lines.push(" " + "-".repeat(68));
for (const cs of result.categories) {
const catDelta = delta?.categoryDeltas[cs.category];
const catDeltaStr = catDelta !== void 0 ? formatDeltaInline(catDelta) : "";
lines.push(
" " + padRight(cs.category, 16) + padRight(`${cs.score}`, 8) + padRight(`${Math.round(cs.weight * 100)}%`, 8) + padRight(`${cs.counts.pass}`, 6) + padRight(`${cs.counts.fail}`, 6) + padRight(`${cs.counts.partial}`, 6) + padRight(`${cs.counts.unknown}`, 6) + catDeltaStr
);
}
lines.push(" " + "-".repeat(68));
lines.push(
" " + padRight("TOTAL", 16) + padRight(`${result.score}`, 8) + padRight("100%", 8) + padRight(`${result.counts.pass}`, 6) + padRight(`${result.counts.fail}`, 6) + padRight(`${result.counts.partial}`, 6) + padRight(`${result.counts.unknown}`, 6) + deltaStr
);
lines.push("");
lines.push(" " + renderScoreBar(result.score, 40));
lines.push("");
if (result.criticalBlock) {
lines.push(" !! CRITICAL: A critical clause failure forced the score to 0");
lines.push("");
}
if (result.reasons.length > 0) {
lines.push(" Reasons:");
for (const reason of result.reasons) {
lines.push(` - ${reason}`);
}
lines.push("");
}
if (delta) {
lines.push(" Delta from previous run:");
lines.push(` ${delta.summary}`);
if (delta.improved.length > 0) {
lines.push(` Improved: ${delta.improved.join(", ")}`);
}
if (delta.regressed.length > 0) {
lines.push(` Regressed: ${delta.regressed.join(", ")}`);
}
lines.push("");
}
lines.push(` Evaluated ${result.totalClauses} clauses at ${result.timestamp}`);
lines.push("");
return lines.join("\n");
}
function formatJSONReport(result, delta) {
return {
score: result.score,
verdict: result.verdict,
threshold: result.config.shipThreshold,
categories: result.categories.map((cs) => ({
name: cs.category,
score: cs.score,
weight: Math.round(cs.weight * 100),
pass: cs.counts.pass,
fail: cs.counts.fail,
partial: cs.counts.partial,
unknown: cs.counts.unknown
})),
counts: {
pass: result.counts.pass,
fail: result.counts.fail,
partial: result.counts.partial,
unknown: result.counts.unknown,
total: result.totalClauses
},
delta: delta ? {
scoreDelta: delta.scoreDelta,
verdictChanged: delta.verdictChanged,
improved: delta.improved,
regressed: delta.regressed
} : void 0,
timestamp: result.timestamp,
reasons: result.reasons
};
}
function verdictBanner(verdict, score) {
const width = 42;
const border = verdict === "SHIP" ? "=" : verdict === "WARN" ? "~" : "!";
const bar = border.repeat(width);
const icon = verdict === "SHIP" ? "SHIP" : verdict === "WARN" ? "WARN" : "BLOCK";
const label = `${icon} (${score}/100)`;
const padding = Math.max(0, Math.floor((width - label.length) / 2));
return [
` ${bar}`,
` ${" ".repeat(padding)}${label}`,
` ${bar}`
].join("\n");
}
function renderScoreBar(score, width) {
const filled = Math.round(score / 100 * width);
const empty = width - filled;
const filledChar = "#";
const emptyChar = ".";
return `[${filledChar.repeat(filled)}${emptyChar.repeat(empty)}] ${score}/100`;
}
function formatDeltaInline(delta) {
if (delta === 0) return "(=)";
if (delta > 0) return `(+${delta})`;
return `(${delta})`;
}
function padRight(str, len) {
return str.padEnd(len);
}
// src/trust-score/fingerprint.ts
import { createHash } from "crypto";
import { existsSync, readFileSync, statSync } from "fs";
import { join, resolve } from "path";
function generateProjectFingerprint(projectRoot) {
const root = resolve(projectRoot ?? process.cwd());
const hash = createHash("sha256");
hash.update(`root:${root}
`);
const packageJsonPath = join(root, "package.json");
if (existsSync(packageJsonPath)) {
try {
const pkg = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
hash.update(`package:${pkg.name ?? "unknown"}:${pkg.version ?? "unknown"}
`);
} catch {
}
}
const islConfigPath = join(root, "isl.config.json");
if (existsSync(islConfigPath)) {
try {
const stats = statSync(islConfigPath);
hash.update(`isl-config:${stats.mtimeMs}
`);
} catch {
}
}
const shipgateConfigPath = join(root, ".shipgate", "project.json");
if (existsSync(shipgateConfigPath)) {
try {
const stats = statSync(shipgateConfigPath);
hash.update(`shipgate-config:${stats.mtimeMs}
`);
} catch {
}
}
try {
const { execSync } = __require("child_process");
const gitRoot = execSync("git rev-parse --show-toplevel", {
cwd: root,
encoding: "utf-8",
stdio: ["ignore", "pipe", "ignore"]
}).trim();
if (gitRoot) {
hash.update(`git-root:${gitRoot}
`);
}
} catch {
}
return hash.digest("hex").slice(0, 16);
}
function computeProjectFingerprint(projectRoot, providedFingerprint) {
if (providedFingerprint) {
return providedFingerprint;
}
if (projectRoot) {
return generateProjectFingerprint(projectRoot);
}
try {
const cwd = process.cwd();
return generateProjectFingerprint(cwd);
} catch {
return void 0;
}
}
// src/trust-score/orchestrator.ts
async function evaluateTrust(input, options) {
const config = resolveConfig(options);
const persist = options?.persist ?? true;
const projectFingerprint = computeProjectFingerprint(
input.metadata?.projectRoot,
input.metadata?.projectFingerprint
);
const result = calculateTrustScore(input, options);
const history = await loadHistory(config.historyPath);
const delta = computeDelta(result, history);
const report = generateReport(result, delta);
if (persist) {
const updatedHistory = recordEntry(
history,
result,
config,
options?.commitHash,
projectFingerprint
);
await saveHistory(config.historyPath, updatedHistory);
}
return report;
}
async function enforceTrustGate(input, options) {
const report = await evaluateTrust(input, options);
const { result } = report;
const threshold = result.config.shipThreshold;
const passed = result.score >= threshold;
const message = passed ? `GATE PASSED: Trust score ${result.score}/100 >= threshold ${threshold}` : `GATE FAILED: Trust score ${result.score}/100 < threshold ${threshold}`;
return {
passed,
score: result.score,
threshold,
verdict: result.verdict,
exitCode: passed ? 0 : 1,
report,
message
};
}
export {
TRUST_CATEGORIES,
EVIDENCE_PRIORITY,
DEFAULT_WEIGHTS,
resolveConfig,
calculateTrustScore,
loadHistory,
saveHistory,
createEmptyHistory,
recordEntry,
computeDelta,
computeDeltaBetween,
computeTrend,
generateReport,
formatTextReport,
formatJSONReport,
generateProjectFingerprint,
computeProjectFingerprint,
evaluateTrust,
enforceTrustGate
};
+184
dist/chunk-WGXJUASQ.js
// src/authoritative/verdict-engine.ts
var SCORING_THRESHOLDS = {
/** High confidence — all critical checks pass */
SHIP: 0.85,
/** Mixed signals — non-critical issues present */
WARN: 0.5,
/** Below WARN threshold or any critical failure */
NO_SHIP: 0
};
var CRITICAL_FAILURES = [
/** Spec says X, code does Y */
"postcondition_violation",
/** Auth bypass, secret exposure */
"security_violation",
/** CVE with CVSS ≥ 9.0 */
"critical_vulnerability",
/** Code compiles but doesn't work */
"fake_feature_detected",
/** Tests did not execute (import errors, TS config, runtime crash, all-skipped) */
"verification_blocked"
];
function createGateEvidence(source, check, result, confidence, details) {
const clampedConfidence = Math.max(0, Math.min(1, confidence));
return { source, check, result, confidence: clampedConfidence, details };
}
function sourceWeight(source) {
return source === "isl-spec" ? 2 : 1;
}
function resultFactor(result) {
switch (result) {
case "pass":
return 1;
case "warn":
return 0.5;
case "fail":
return 0;
case "skip":
return 0;
}
}
function computeScore(evidence) {
const scoreable = evidence.filter((e) => e.result !== "skip");
if (scoreable.length === 0) return 0;
let totalWeight = 0;
let weightedSum = 0;
for (const e of scoreable) {
const sw = sourceWeight(e.source);
totalWeight += sw;
weightedSum += e.confidence * resultFactor(e.result) * sw;
}
return totalWeight > 0 ? weightedSum / totalWeight : 0;
}
function findCriticalFailures(evidence) {
return evidence.filter(
(e) => e.result === "fail" && CRITICAL_FAILURES.some((cf) => e.check.includes(cf))
);
}
function hasCriticalFailure(evidence) {
return findCriticalFailures(evidence).length > 0;
}
function produceVerdict(evidence, thresholdsOrOptions) {
const options = thresholdsOrOptions && "SHIP" in thresholdsOrOptions ? { thresholds: thresholdsOrOptions } : thresholdsOrOptions ?? {};
const thresholds = options.thresholds ?? SCORING_THRESHOLDS;
const evidenceList = [...evidence];
const criticalFailures = findCriticalFailures(evidenceList);
if (criticalFailures.length > 0) {
const score2 = computeScore(evidenceList);
const blockers2 = criticalFailures.map((e) => `${e.check}: ${e.details}`);
const recommendations2 = criticalFailures.map(
(e) => `Fix critical issue in "${e.check}": ${e.details}`
);
const allBlockedOnly = criticalFailures.every((e) => e.check.includes("verification_blocked"));
if (allBlockedOnly && options.warnOnExecFailure) {
const hasHighConfidenceSpec = evidenceList.some(
(e) => e.source === "isl-spec" && e.result === "pass" && e.confidence >= 0.85
);
const hasMinimalRuntimeCheck = evidenceList.some(
(e) => (e.source === "runtime-eval" || e.source === "static-analysis") && e.result === "pass"
);
if (hasHighConfidenceSpec && hasMinimalRuntimeCheck) {
return {
decision: "WARN",
score: score2,
evidence: evidenceList,
summary: `WARN: Verification blocked (tests did not run) but specs are high-confidence \u2014 warn-on-exec-failure enabled`,
blockers: [],
recommendations: [
...recommendations2,
"Fix test execution to achieve full verification"
]
};
}
}
return {
decision: "NO_SHIP",
score: score2,
evidence: evidenceList,
summary: `NO_SHIP: Critical failure \u2014 ${criticalFailures[0].check}` + (criticalFailures.length > 1 ? ` (+${criticalFailures.length - 1} more)` : ""),
blockers: blockers2,
recommendations: recommendations2
};
}
const score = computeScore(evidenceList);
const failingEvidence = evidenceList.filter((e) => e.result === "fail");
const warningEvidence = evidenceList.filter((e) => e.result === "warn");
const scoreableEvidence = evidenceList.filter((e) => e.result !== "skip");
if (scoreableEvidence.length === 0) {
return {
decision: "NO_SHIP",
score: 0,
evidence: evidenceList,
summary: "NO_SHIP: No scoreable evidence \u2014 cannot verify intent",
blockers: ["No evidence collected: verification produced no actionable results"],
recommendations: ["Add ISL specs with behaviors, postconditions, and error cases"]
};
}
const passingEvidence = evidenceList.filter((e) => e.result === "pass");
if (passingEvidence.length === 0 && score >= thresholds.SHIP) {
return {
decision: "WARN",
score,
evidence: evidenceList,
summary: `WARN: Score ${formatPct(score)} but no checks passed \u2014 insufficient evidence for SHIP`,
blockers: [],
recommendations: ["Add executable checks that produce pass/fail evidence"]
};
}
if (score >= thresholds.SHIP) {
const recs = [];
for (const w of warningEvidence) {
recs.push(`Consider: ${w.check} \u2014 ${w.details}`);
}
return {
decision: "SHIP",
score,
evidence: evidenceList,
summary: `SHIP: All checks passed \u2014 score ${formatPct(score)}`,
blockers: [],
recommendations: recs
};
}
if (score >= thresholds.WARN) {
const recs = [];
for (const f of failingEvidence) {
recs.push(`Fix: ${f.check} \u2014 ${f.details}`);
}
for (const w of warningEvidence) {
recs.push(`Address: ${w.check} \u2014 ${w.details}`);
}
return {
decision: "WARN",
score,
evidence: evidenceList,
summary: `WARN: Mixed signals \u2014 score ${formatPct(score)}, ${failingEvidence.length} failure(s), ${warningEvidence.length} warning(s)`,
blockers: [],
recommendations: recs
};
}
const blockers = failingEvidence.map((e) => `${e.check}: ${e.details}`);
const recommendations = failingEvidence.map(
(e) => `Fix: ${e.check} \u2014 ${e.details}`
);
return {
decision: "NO_SHIP",
score,
evidence: evidenceList,
summary: `NO_SHIP: Score ${formatPct(score)} below threshold ${formatPct(thresholds.WARN)}`,
blockers,
recommendations
};
}
function formatPct(score) {
return `${(score * 100).toFixed(1)}%`;
}
export {
SCORING_THRESHOLDS,
CRITICAL_FAILURES,
createGateEvidence,
computeScore,
findCriticalFailures,
hasCriticalFailure,
produceVerdict
};
+662
dist/index-DH7vlAwI.d.ts
import { G as GateEvidence } from './verdict-engine-DYuXvnAQ.js';
/**
* Verified Intent — Contract Types
*
* "Verified" requires ALL three pillars:
* 1. Spec Fidelity — signatures + types match source
* 2. Coverage — postconditions/invariants/error cases at minimum thresholds
* 3. Execution — tests ran (not skipped), results attributable to the spec
*
* If ANY pillar is missing the run MUST produce WARN or NO_SHIP (configurable),
* never SHIP.
*
* @module @isl-lang/gate/verified-intent
*/
/** Outcome of evaluating a single pillar */
type PillarStatus = 'passed' | 'failed' | 'degraded' | 'missing';
/** One of the three verification pillars */
type PillarName = 'spec_fidelity' | 'coverage' | 'execution';
/** How a piece of knowledge was obtained */
type ProvenanceOrigin = 'human-authored' | 'ai-generated' | 'inferred' | 'unknown';
/** Whether a check actually executed */
type ExecutionStatus = 'ran' | 'skipped' | 'not_run' | 'errored';
/**
* Tracks the origin, execution, and evidence for a single verification item.
*/
interface ProvenanceRecord {
/** Human-readable label for this item */
label: string;
/** How this item was obtained */
origin: ProvenanceOrigin;
/** Whether it was actually executed */
executionStatus: ExecutionStatus;
/** Free-form detail (e.g. model name, file path) */
detail?: string;
/** Pointer to supporting evidence (file path, URL, hash) */
evidenceRef?: string;
}
/**
* Complete provenance report that explicitly answers:
* - what was inferred
* - what was AI-generated
* - what was unknown
* - what ran
* - what didn't run
* - what evidence exists
*/
interface ProvenanceReport {
/** Items whose origin is 'inferred' */
inferred: ProvenanceRecord[];
/** Items whose origin is 'ai-generated' */
aiGenerated: ProvenanceRecord[];
/** Items whose origin is 'unknown' */
unknown: ProvenanceRecord[];
/** Items that actually executed (executionStatus === 'ran') */
ran: ProvenanceRecord[];
/** Items that did NOT run (skipped | not_run | errored) */
didNotRun: ProvenanceRecord[];
/** All items that have evidence references */
evidence: ProvenanceRecord[];
}
/**
* Result of evaluating a single pillar.
*/
interface PillarResult {
/** Which pillar */
pillar: PillarName;
/** Overall status of this pillar */
status: PillarStatus;
/** Score 0–1 within this pillar */
score: number;
/** Human-readable summary */
summary: string;
/** Detailed findings within this pillar */
details: PillarDetail[];
/** Provenance records for items evaluated in this pillar */
provenance: ProvenanceRecord[];
}
/**
* A single detail finding within a pillar evaluation.
*/
interface PillarDetail {
/** What was checked */
check: string;
/** Did it pass? */
passed: boolean;
/** Human-readable message */
message: string;
/** Provenance origin */
origin: ProvenanceOrigin;
/** Execution status */
executionStatus: ExecutionStatus;
}
/**
* Complete Verified Intent result — the new contract.
*
* SHIP requires all three pillars to pass.
* If any pillar is missing/failed, verdict is WARN or NO_SHIP per config.
*/
interface VerifiedIntentResult {
/** Final verdict after enforcing 3-pillar rule */
verdict: 'SHIP' | 'WARN' | 'NO_SHIP';
/** Did all three pillars pass? */
allPillarsPassed: boolean;
/** Per-pillar results */
pillars: {
specFidelity: PillarResult;
coverage: PillarResult;
execution: PillarResult;
};
/** Composite score 0–1 (average of pillar scores, 0 if any missing) */
compositeScore: number;
/** Full provenance report */
provenance: ProvenanceReport;
/** Human-readable summary */
summary: string;
/** Blockers preventing SHIP */
blockers: string[];
/** Actionable recommendations */
recommendations: string[];
}
/** What verdict to produce when a pillar is missing or failed. */
type MissingPillarPolicy = 'WARN' | 'NO_SHIP';
/**
* Configuration for Verified Intent evaluation.
*/
interface VerifiedIntentConfig {
/** What to return when a pillar is missing (default: 'NO_SHIP') */
missingPillarVerdict: MissingPillarPolicy;
/** Spec Fidelity thresholds */
specFidelity: {
/** Minimum ratio of matched signatures (0–1, default 0.8) */
minSignatureMatch: number;
/** Minimum ratio of matched types (0–1, default 0.8) */
minTypeMatch: number;
};
/** Coverage thresholds */
coverage: {
/** Minimum number of postconditions required (default 1) */
minPostconditions: number;
/** Minimum number of invariants required (default 1) */
minInvariants: number;
/** Minimum number of error cases required (default 1) */
minErrorCases: number;
/** Minimum overall coverage ratio 0–1 (default 0.5) */
minCoverageRatio: number;
};
/** Execution thresholds */
execution: {
/** Minimum test pass rate 0–1 (default 0.8) */
minPassRate: number;
/** Maximum allowed skip rate 0–1 (default 0.1) */
maxSkipRate: number;
/** Require at least one test to have run (default true) */
requireAtLeastOneRan: boolean;
/** Require results to be attributable to spec (default true) */
requireAttribution: boolean;
};
}
/**
* Default strict configuration.
*/
declare const DEFAULT_VERIFIED_INTENT_CONFIG: VerifiedIntentConfig;
/**
* Relaxed configuration for development / bootstrapping.
*/
declare const DEV_VERIFIED_INTENT_CONFIG: VerifiedIntentConfig;
/**
* ISL Authoritative Gate - Type Definitions
*
* SHIP/NO_SHIP is BINARY. No intermediate states.
* All decisions are final and machine-readable.
*
* @module @isl-lang/gate/authoritative
*/
/**
* Guardrail policy — strict defaults for shipping safe AI code.
* Each flag controls whether a specific leniency is allowed.
* When false (default), the guardrail is enforced.
*/
interface GuardrailPolicy {
/** Allow auto-generated specs to reach SHIP (default: false → WARN at best) */
allowAutoSpecShip: boolean;
/** Allow shipping when no tests were executed (default: false → NO_SHIP) */
allowNoTestExecution: boolean;
/** Allow empty verification categories without penalty (default: false → penalized) */
allowEmptyCategories: boolean;
/** Allow AI-generated rules without evidence (default: false → require evidence) */
allowUnvalidatedAiRules: boolean;
}
/**
* A risk acceptance entry — recorded when a user overrides a guardrail.
* Stored in the evidence bundle for audit trail.
*/
interface RiskAcceptance {
/** Which guardrail was overridden */
guardrail: keyof GuardrailPolicy;
/** Human-readable description of what was allowed */
description: string;
/** Display label shown in CLI output (e.g. "user allowed warn-on-exec-failure") */
displayLabel: string;
/** ISO 8601 timestamp of when the override was recorded */
timestamp: string;
/** Path to the config file that contained the override */
configSource: string | null;
}
/**
* Authoritative verdict - SHIP or NO_SHIP, nothing else.
* This is the final, definitive decision.
*/
type AuthoritativeVerdict = 'SHIP' | 'NO_SHIP';
/**
* Exit codes for CI integration
*/
declare const EXIT_CODES: {
readonly SHIP: 0;
readonly NO_SHIP: 1;
};
/**
* Signal source identifier
*/
type SignalSource = 'parser' | 'typechecker' | 'verifier' | 'test_runner' | 'coverage' | 'static_analysis' | 'security_scan' | 'hallucination_scan' | 'contract_check' | 'env_validation' | 'gate_firewall' | 'dependency_audit';
/**
* Individual verification signal
*/
interface VerificationSignal {
/** Source of this signal */
source: SignalSource;
/** Signal passed? */
passed: boolean;
/** Score 0-100 (optional, for weighted signals) */
score?: number;
/** Weight for aggregation (default: 1) */
weight?: number;
/** Human-readable summary */
summary: string;
/** Detailed findings */
findings?: SignalFinding[];
/** Whether this signal blocks SHIP if failed */
blocking: boolean;
/** Duration in ms */
durationMs?: number;
}
/**
* Individual finding within a signal
*/
interface SignalFinding {
/** Unique ID */
id: string;
/** Severity */
severity: 'critical' | 'high' | 'medium' | 'low';
/** Message */
message: string;
/** File location */
file?: string;
/** Line number */
line?: number;
/** Whether this finding alone blocks SHIP */
blocking: boolean;
}
/**
* Threshold configuration for authoritative decisions
*/
interface ThresholdConfig {
/** Minimum overall score for SHIP (default: 80) */
minScore: number;
/** Minimum test pass rate for SHIP (default: 100%) */
minTestPassRate: number;
/** Minimum coverage for SHIP (default: 70%) */
minCoverage: number;
/** Maximum critical findings allowed (default: 0) */
maxCriticalFindings: number;
/** Maximum high findings allowed (default: 0) */
maxHighFindings: number;
/** Allow skipped tests (default: false) */
allowSkipped: boolean;
}
/**
* Default strict thresholds
*/
declare const DEFAULT_THRESHOLDS: ThresholdConfig;
/**
* Relaxed thresholds for development
*/
declare const DEV_THRESHOLDS: ThresholdConfig;
/**
* Signal aggregation result
*/
interface AggregatedSignals {
/** All signals collected */
signals: VerificationSignal[];
/** Weighted overall score 0-100 */
overallScore: number;
/** Test summary */
tests: {
total: number;
passed: number;
failed: number;
skipped: number;
passRate: number;
};
/** Finding counts by severity */
findings: {
critical: number;
high: number;
medium: number;
low: number;
total: number;
};
/** Coverage percentage (if available) */
coverage?: number;
/** Blocking issues that force NO_SHIP */
blockingIssues: string[];
}
/**
* Evidence artifact
*/
interface EvidenceArtifact {
/** Artifact type */
type: 'spec' | 'implementation' | 'test_results' | 'coverage' | 'report' | 'log';
/** Relative path within bundle */
path: string;
/** SHA-256 hash */
sha256: string;
/** Size in bytes */
sizeBytes: number;
}
/**
* Machine-readable evidence bundle
*/
interface EvidenceBundle {
/** Bundle schema version */
schemaVersion: '2.0.0';
/** Deterministic fingerprint */
fingerprint: string;
/** ISL toolchain version */
islVersion: string;
/** Timestamp (ISO 8601) */
timestamp: string;
/** Git commit SHA (if available) */
gitSha?: string;
/** Git branch (if available) */
gitBranch?: string;
/** CI run ID (if available) */
ciRunId?: string;
/** Input hashes */
inputs: {
specHash: string;
implHash: string;
configHash?: string;
};
/** Bundle artifacts */
artifacts: EvidenceArtifact[];
/** Risk acceptances — guardrail overrides with audit trail */
riskAcceptances?: RiskAcceptance[];
}
/**
* Authoritative gate result - the definitive output
*/
interface AuthoritativeGateResult {
/** SHIP or NO_SHIP - final decision */
verdict: AuthoritativeVerdict;
/** Exit code for CI (0 = SHIP, 1 = NO_SHIP) */
exitCode: 0 | 1;
/** Overall score 0-100 */
score: number;
/** Confidence in the decision 0-100 */
confidence: number;
/** Human-readable summary */
summary: string;
/** Aggregated signals */
aggregation: AggregatedSignals;
/** Thresholds used for decision */
thresholds: ThresholdConfig;
/** Evidence bundle manifest */
evidence: EvidenceBundle;
/** Reasons for the verdict */
reasons: VerdictReason[];
/** Suggestions for improvement (if NO_SHIP) */
suggestions?: string[];
/** Verified Intent 3-pillar evaluation result (when available) */
verifiedIntent?: VerifiedIntentResult;
/** Risk acceptances from guardrail overrides (audit trail) */
riskAcceptances?: RiskAcceptance[];
/** Total duration in ms */
durationMs: number;
}
/**
* Reason for verdict
*/
interface VerdictReason {
/** Machine-readable code */
code: string;
/** Human-readable message */
message: string;
/** Severity of this reason */
severity: 'critical' | 'high' | 'medium' | 'info';
/** Source signal */
source: SignalSource;
/** Whether this reason alone would block SHIP */
blocking: boolean;
}
/**
* Input for the authoritative gate
*/
interface AuthoritativeGateInput {
/** Project root directory */
projectRoot: string;
/** ISL spec source or path */
spec: string;
/** Implementation source or directory path */
implementation: string;
/** Custom thresholds (optional) */
thresholds?: Partial<ThresholdConfig>;
/** Write evidence bundle to disk (default: true) */
writeBundle?: boolean;
/** Evidence output path (default: './evidence') */
evidencePath?: string;
/** Git info for bundle */
git?: {
sha?: string;
branch?: string;
};
/** CI info for bundle */
ci?: {
runId?: string;
provider?: string;
};
/** When true, run dependency audit (e.g. pnpm audit) and add as signal; critical vulns = NO_SHIP */
dependencyAudit?: boolean;
/**
* When true, do not throw if spec is missing or invalid.
* Instead return a SHIP result with reason "no spec provided" (caller should run firewall/unified gate for full check).
*/
specOptional?: boolean;
/**
* Verified Intent configuration. When provided, the 3-pillar contract
* is enforced: SHIP requires spec fidelity + coverage + execution.
* Set to `false` to disable verified-intent checks entirely.
*/
verifiedIntent?: VerifiedIntentConfig | false;
/** Guardrail policy overrides (defaults are strict) */
guardrails?: Partial<GuardrailPolicy>;
/** Path to the config file that set guardrail overrides (for audit trail) */
guardrailConfigSource?: string | null;
/** Whether the spec was auto-generated (triggers WARN cap unless overridden) */
autoGeneratedSpec?: boolean;
}
/**
* Source that contributed to the combined verdict
*/
type VerdictSource = 'gate_spec' | 'gate_firewall';
/**
* Combined verdict result from running both spec gate and firewall gate.
* Single SHIP/NO_SHIP for "all AI code" in a branch.
*/
interface CombinedVerdictResult {
/** Final verdict: NO_SHIP if any source is NO_SHIP */
verdict: AuthoritativeVerdict;
/** Exit code for CI (0 = SHIP, 1 = NO_SHIP) */
exitCode: 0 | 1;
/** Which gates contributed (spec: when spec existed, gate_firewall: always when files checked) */
sources: VerdictSource[];
/** Combined score (min of both when both run, else the one that ran) */
score: number;
/** Merged reasons from all sources */
reasons: VerdictReason[];
/** Evidence path when bundle was written */
evidencePath?: string;
/** Spec gate result (when spec was provided and run) */
specResult?: AuthoritativeGateResult;
/** Firewall/build verification result (when files were checked) */
firewallResult?: {
verdict: AuthoritativeVerdict;
score: number;
reasons: VerdictReason[];
filesChecked: number;
};
}
/**
* Verified Intent — Pillar Evaluators
*
* Evaluates each of the three pillars:
* 1. Spec Fidelity — signatures + types match source
* 2. Coverage — postconditions/invariants/error cases present
* 3. Execution — tests ran (not skipped), results attributable to spec
*
* @module @isl-lang/gate/verified-intent/pillars
*/
/**
* Input data for spec fidelity evaluation.
*/
interface SpecFidelityInput {
/** Did the spec parse successfully? */
specParsed: boolean;
/** Did the spec typecheck? */
specTypechecked: boolean;
/** Total signatures declared in spec */
specSignatureCount: number;
/** Signatures that matched source */
matchedSignatureCount: number;
/** Total types declared in spec */
specTypeCount: number;
/** Types that matched source */
matchedTypeCount: number;
/** Was the spec AI-generated? */
specOrigin: ProvenanceOrigin;
/** Was the implementation AI-generated? */
implOrigin: ProvenanceOrigin;
}
/**
* Evaluate Pillar 1: Spec Fidelity.
*
* Checks that signatures + types in the spec match the source implementation.
*/
declare function evaluateSpecFidelity(input: SpecFidelityInput, config: VerifiedIntentConfig): PillarResult;
/**
* Input data for coverage evaluation.
*/
interface CoverageInput {
/** Number of postconditions declared in spec */
postconditionCount: number;
/** Number of postconditions verified/checked */
postconditionsVerified: number;
/** Number of invariants declared in spec */
invariantCount: number;
/** Number of invariants verified/checked */
invariantsVerified: number;
/** Number of error/exception cases declared */
errorCaseCount: number;
/** Number of error cases verified/checked */
errorCasesVerified: number;
/** Total checkable clauses */
totalClauses: number;
/** Clauses that have verification evidence */
coveredClauses: number;
/** Provenance of the spec containing these clauses */
specOrigin: ProvenanceOrigin;
}
/**
* Evaluate Pillar 2: Coverage.
*
* Checks that postconditions, invariants, and error cases are present
* at minimum thresholds.
*/
declare function evaluateCoverage(input: CoverageInput, config: VerifiedIntentConfig): PillarResult;
/**
* Input data for execution evaluation.
*/
interface ExecutionInput {
/** Total number of tests */
totalTests: number;
/** Tests that ran and passed */
passedTests: number;
/** Tests that ran and failed */
failedTests: number;
/** Tests that were skipped */
skippedTests: number;
/** Tests whose results are attributable to a spec clause */
attributedTests: number;
/** Per-test provenance (if available) */
testProvenance: Array<{
name: string;
origin: ProvenanceOrigin;
executionStatus: ExecutionStatus;
specClause?: string;
}>;
}
/**
* Evaluate Pillar 3: Execution.
*
* Checks that tests actually ran, weren't all skipped, and that results
* are attributable to spec clauses.
*/
declare function evaluateExecution(input: ExecutionInput, config: VerifiedIntentConfig): PillarResult;
/**
* Extract SpecFidelityInput from gate signals and evidence.
*/
declare function extractSpecFidelityInput(signals: VerificationSignal[], evidence: readonly GateEvidence[]): SpecFidelityInput;
/**
* Extract CoverageInput from gate signals and evidence.
*/
declare function extractCoverageInput(signals: VerificationSignal[], evidence: readonly GateEvidence[]): CoverageInput;
/**
* Extract ExecutionInput from aggregated signals.
*/
declare function extractExecutionInput(aggregation: AggregatedSignals, evidence: readonly GateEvidence[]): ExecutionInput;
/**
* Verified Intent — Provenance Report Builder
*
* Builds the provenance report that explicitly answers:
* - what was inferred
* - what was AI-generated
* - what was unknown
* - what ran
* - what didn't run
* - what evidence exists
*
* @module @isl-lang/gate/verified-intent/provenance
*/
/**
* Build a complete ProvenanceReport from all pillar results.
*
* Collects every ProvenanceRecord from all three pillars, then partitions
* into the six output categories.
*/
declare function buildProvenanceReport(pillarResults: PillarResult[]): ProvenanceReport;
/**
* Partition a flat list of ProvenanceRecords into the six report categories.
*/
declare function partitionProvenance(records: ProvenanceRecord[]): ProvenanceReport;
/**
* Format a ProvenanceReport as a human-readable multi-line string.
*/
declare function formatProvenanceReport(report: ProvenanceReport): string;
/**
* Verified Intent — Evaluator
*
* The core function that enforces the 3-pillar contract:
* SHIP requires ALL three pillars to pass.
* If ANY pillar is missing/failed → WARN or NO_SHIP (configurable).
*
* @module @isl-lang/gate/verified-intent/evaluator
*/
/**
* Evaluate the Verified Intent contract.
*
* Accepts raw signals + evidence (from the gate pipeline) and produces
* a VerifiedIntentResult that enforces the 3-pillar rule.
*
* SHIP is only possible when all three pillars pass.
*/
declare function evaluateVerifiedIntent(signals: VerificationSignal[], aggregation: AggregatedSignals, evidence: readonly GateEvidence[], config?: VerifiedIntentConfig): VerifiedIntentResult;
/**
* Evaluate from explicit pillar inputs (useful for testing or when
* callers have pre-computed data).
*/
declare function evaluateVerifiedIntentFromInputs(specInput: SpecFidelityInput, coverageInput: CoverageInput, execInput: ExecutionInput, config?: VerifiedIntentConfig): VerifiedIntentResult;
/**
* Apply the verified-intent 3-pillar rule as a verdict cap.
*
* If the gate would otherwise produce SHIP but verified-intent says
* not all pillars pass, cap the verdict to WARN or NO_SHIP.
*
* @param gateVerdict - The verdict the gate would produce without the cap
* @param intentResult - The verified-intent evaluation result
* @returns The capped verdict (never higher than what verified-intent allows)
*/
declare function applyVerifiedIntentCap(gateVerdict: 'SHIP' | 'WARN' | 'NO_SHIP', intentResult: VerifiedIntentResult): 'SHIP' | 'WARN' | 'NO_SHIP';
/**
* Format a complete VerifiedIntentResult as a human-readable report.
*/
declare function formatVerifiedIntentReport(result: VerifiedIntentResult): string;
export { type AuthoritativeGateInput as A, evaluateExecution as B, type CombinedVerdictResult as C, DEFAULT_THRESHOLDS as D, EXIT_CODES as E, evaluateSpecFidelity as F, evaluateVerifiedIntent as G, evaluateVerifiedIntentFromInputs as H, formatProvenanceReport as I, formatVerifiedIntentReport as J, extractCoverageInput as K, extractExecutionInput as L, type MissingPillarPolicy as M, extractSpecFidelityInput as N, partitionProvenance as O, type PillarDetail as P, type SignalSource as S, type ThresholdConfig as T, type VerdictReason as V, type AuthoritativeVerdict as a, type AuthoritativeGateResult as b, type AggregatedSignals as c, type VerificationSignal as d, type SignalFinding as e, type CoverageInput as f, DEFAULT_VERIFIED_INTENT_CONFIG as g, DEV_THRESHOLDS as h, DEV_VERIFIED_INTENT_CONFIG as i, type EvidenceArtifact as j, type EvidenceBundle as k, type ExecutionInput as l, type ExecutionStatus as m, type PillarName as n, type PillarResult as o, type PillarStatus as p, type ProvenanceOrigin as q, type ProvenanceRecord as r, type ProvenanceReport as s, type SpecFidelityInput as t, type VerdictSource as u, type VerifiedIntentConfig as v, type VerifiedIntentResult as w, applyVerifiedIntentCap as x, buildProvenanceReport as y, evaluateCoverage as z };
+438
dist/orchestrator-ChXymu8C.d.ts
/**
* Trust Score Engine - Type Definitions
*
* Types for the 0-100 trust score system that evaluates ISL contracts
* across six verification categories.
*
* @module @isl-lang/gate/trust-score/types
*/
/**
* The six verification categories that feed into the trust score.
*/
type TrustCategory = 'preconditions' | 'postconditions' | 'invariants' | 'temporal' | 'chaos' | 'coverage';
/** All trust categories in canonical order */
declare const TRUST_CATEGORIES: readonly TrustCategory[];
/**
* Status of a single clause or category.
*
* - pass: fully verified
* - fail: verification failed
* - partial: partially verified (degraded confidence)
* - unknown: not evaluated (subject to partial penalty)
*/
type ClauseStatus = 'pass' | 'fail' | 'partial' | 'unknown';
/**
* Evidence source priority (higher = more trustworthy).
* Used to weight clause results based on verification method.
*/
type EvidenceSource = 'smt' | 'runtime' | 'heuristic';
/**
* Evidence source priority values (higher = more trustworthy).
*/
declare const EVIDENCE_PRIORITY: Record<EvidenceSource, number>;
/**
* A single clause result from verification.
*/
interface TrustClauseResult {
/** Unique identifier for this clause */
id: string;
/** Which category this clause belongs to */
category: TrustCategory;
/** Human-readable description */
description: string;
/** Verification status */
status: ClauseStatus;
/** Optional confidence in this result (0-100) */
confidence?: number;
/** Optional error message if failed */
message?: string;
/** Optional evidence artifact path */
evidence?: string;
/** Evidence source type (defaults to 'heuristic' if not specified) */
evidenceSource?: EvidenceSource;
/** Timestamp when this evidence was collected (ISO string) */
evidenceTimestamp?: string;
}
/**
* Input for the trust score calculator.
* Accepts clause-level results grouped by category.
*/
interface TrustScoreInput {
/** All clause results from verification */
clauses: TrustClauseResult[];
/** Optional metadata about the verification run */
metadata?: {
specFile?: string;
implFile?: string;
timestamp?: string;
durationMs?: number;
/** Project root directory for fingerprinting */
projectRoot?: string;
/** Project fingerprint (auto-computed if not provided) */
projectFingerprint?: string;
};
}
/**
* Configurable weights for each trust category.
* Values are relative -- they are normalized to sum to 1.0 internally.
*/
type TrustWeights = Record<TrustCategory, number>;
/**
* Default weights. Preconditions, postconditions, and invariants are
* the backbone of design-by-contract; temporal and coverage provide
* additional assurance; chaos is supplementary.
*/
declare const DEFAULT_WEIGHTS: Readonly<TrustWeights>;
/**
* Full trust score configuration.
*/
interface TrustScoreConfig {
/** Weights per category (defaults to DEFAULT_WEIGHTS) */
weights?: Partial<TrustWeights>;
/**
* Penalty multiplier applied to categories with status 'unknown'.
* 0.0 = no penalty (unknown treated as pass)
* 1.0 = full penalty (unknown treated as fail)
* Default: 0.5 (50% penalty)
*/
unknownPenalty?: number;
/**
* Minimum score threshold for SHIP verdict.
* Default: 80
*/
shipThreshold?: number;
/**
* Minimum score threshold for WARN verdict (below this = BLOCK).
* Default: 60
*/
warnThreshold?: number;
/**
* If true, a single failing critical clause forces score to 0.
* Default: true
*/
criticalFailsBlock?: boolean;
/**
* Path to history file for delta detection.
* Default: '.isl-gate/trust-history.json'
*/
historyPath?: string;
/**
* Maximum history entries to retain.
* Default: 50
*/
maxHistoryEntries?: number;
/**
* Enable evidence source priority weighting.
* When true, SMT evidence is weighted higher than runtime, which is higher than heuristics.
* Default: true
*/
enableEvidencePriority?: boolean;
/**
* Enable time-based decay for evidence.
* When true, older evidence contributes less to the score.
* Decay half-life in days (default: 90 days).
* Set to 0 to disable decay.
* Default: 90
*/
evidenceDecayHalfLifeDays?: number;
}
/**
* Resolved configuration with all defaults applied.
*/
interface ResolvedTrustConfig {
weights: TrustWeights;
normalizedWeights: TrustWeights;
unknownPenalty: number;
shipThreshold: number;
warnThreshold: number;
criticalFailsBlock: boolean;
historyPath: string;
maxHistoryEntries: number;
enableEvidencePriority: boolean;
evidenceDecayHalfLifeDays: number;
}
/**
* Score breakdown for a single category.
*/
interface CategoryScore {
/** The category */
category: TrustCategory;
/** Composite score for this category (0-100) */
score: number;
/** % of required checks present (0-100) */
coverage_score: number;
/** % of checks that actually executed (0-100) */
execution_score: number;
/** % passed among executed (0-100) */
pass_score: number;
/** Weight applied to this category (normalized, 0-1) */
weight: number;
/** Weighted contribution to overall score */
weightedScore: number;
/** Number of clauses in this category */
clauseCount: number;
/** Status counts within this category */
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
};
/** Detected gaps (missing postconditions, no error cases, etc.) */
gaps: string[];
/** Confidence 0-1 derived from inference + execution coverage */
confidence: number;
}
/**
* Trust score verdict.
*/
type TrustVerdict = 'SHIP' | 'WARN' | 'BLOCK';
/**
* The complete trust score result.
*/
interface TrustScoreResult {
/** Overall trust score 0-100 (integer) */
score: number;
/** Verdict based on thresholds */
verdict: TrustVerdict;
/** Per-category score breakdown */
categories: CategoryScore[];
/** Total clauses evaluated */
totalClauses: number;
/** Aggregate status counts */
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
};
/** Whether a critical blocker forced the verdict */
criticalBlock: boolean;
/** Reasons for the verdict */
reasons: string[];
/** The resolved configuration used */
config: ResolvedTrustConfig;
/** Timestamp of this evaluation */
timestamp: string;
}
/**
* A single entry in the trust score history.
*/
interface TrustHistoryEntry {
/** Overall score */
score: number;
/** Verdict */
verdict: TrustVerdict;
/** Per-category scores */
categoryScores: Record<TrustCategory, number>;
/** ISO timestamp */
timestamp: string;
/** Optional spec file path */
specFile?: string;
/** Optional git commit hash */
commitHash?: string;
/** Project fingerprint for this entry */
projectFingerprint?: string;
/** Clause counts */
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
};
/** Evidence breakdown by source */
evidenceBreakdown?: {
smt: number;
runtime: number;
heuristic: number;
};
}
/**
* Delta between two trust score evaluations.
*/
interface TrustDelta {
/** Change in overall score */
scoreDelta: number;
/** Whether verdict changed */
verdictChanged: boolean;
/** Previous verdict (if changed) */
previousVerdict?: TrustVerdict;
/** Per-category deltas */
categoryDeltas: Record<TrustCategory, number>;
/** Categories that improved */
improved: TrustCategory[];
/** Categories that regressed */
regressed: TrustCategory[];
/** Categories that stayed the same */
unchanged: TrustCategory[];
/** Human-readable summary of changes */
summary: string;
}
/**
* Full trust history with metadata.
*/
interface TrustHistory {
/** Version of the history format */
version: 1;
/** History entries ordered newest-first */
entries: TrustHistoryEntry[];
/** Last updated timestamp */
lastUpdated: string;
/** Project fingerprint (computed from project root) */
projectFingerprint?: string;
}
/**
* Trust score report with formatting metadata.
*/
interface TrustReport {
/** The trust score result */
result: TrustScoreResult;
/** Delta from previous run (if history available) */
delta?: TrustDelta;
/** Formatted text report */
text: string;
/** JSON-serializable report */
json: TrustReportJSON;
}
/**
* JSON-serializable trust report.
*/
interface TrustReportJSON {
score: number;
verdict: TrustVerdict;
threshold: number;
categories: Array<{
name: TrustCategory;
score: number;
weight: number;
pass: number;
fail: number;
partial: number;
unknown: number;
}>;
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
total: number;
};
delta?: {
scoreDelta: number;
verdictChanged: boolean;
improved: TrustCategory[];
regressed: TrustCategory[];
};
timestamp: string;
reasons: string[];
}
/**
* Trust Score Calculator
*
* Computes a defensible 0-100 trust score from verification results
* across six categories with configurable weights and unknown-penalty.
*
* Scoring rules:
* - Each category produces a raw 0-100 score from its clause results
* - pass = 100, fail = 0, partial = 50, unknown = (1 - unknownPenalty) * 100
* - Category scores are combined via weighted average
* - criticalFailsBlock: a single failing clause can force score to 0
* - Final score is always an integer 0-100
*
* @module @isl-lang/gate/trust-score/calculator
*/
/**
* Resolve partial user config into a fully-populated config.
*/
declare function resolveConfig(config?: TrustScoreConfig): ResolvedTrustConfig;
/**
* Compute the trust score from verification clause results.
*/
declare function calculateTrustScore(input: TrustScoreInput, config?: TrustScoreConfig): TrustScoreResult;
/**
* Trust Score Report Generator
*
* Produces human-readable text reports and JSON-serializable reports
* from trust score results.
*
* @module @isl-lang/gate/trust-score/report
*/
/**
* Generate a full trust report (text + JSON).
*/
declare function generateReport(result: TrustScoreResult, delta?: TrustDelta): TrustReport;
/**
* Format a human-readable text report.
*/
declare function formatTextReport(result: TrustScoreResult, delta?: TrustDelta): string;
/**
* Format a JSON-serializable report.
*/
declare function formatJSONReport(result: TrustScoreResult, delta?: TrustDelta): TrustReportJSON;
/**
* Trust Score Orchestrator
*
* High-level API that combines calculation, history, and reporting
* into a single call. Also provides gate enforcement.
*
* @module @isl-lang/gate/trust-score/orchestrator
*/
/**
* Options for the orchestrator.
*/
interface EvaluateTrustOptions extends TrustScoreConfig {
/** If true, persist the result to history. Default: true */
persist?: boolean;
/** Optional git commit hash to tag the entry */
commitHash?: string;
}
/**
* Evaluate trust score with full history and reporting.
*
* This is the primary high-level API. It:
* 1. Calculates the trust score from clause results
* 2. Loads history and computes delta from last run
* 3. Generates human-readable and JSON reports
* 4. Persists the result to history (unless disabled)
*/
declare function evaluateTrust(input: TrustScoreInput, options?: EvaluateTrustOptions): Promise<TrustReport>;
/**
* Result of gate enforcement.
*/
interface GateEnforcementResult {
/** Whether the gate passed */
passed: boolean;
/** The trust score */
score: number;
/** The threshold that was applied */
threshold: number;
/** The verdict */
verdict: string;
/** Exit code: 0 for pass, 1 for fail */
exitCode: 0 | 1;
/** The full trust report */
report: TrustReport;
/** Human-readable enforcement message */
message: string;
}
/**
* Enforce a trust score gate.
*
* Calculates the trust score and checks it against the configured
* SHIP threshold. Returns a pass/fail result suitable for CI pipelines.
*
* @example
* ```typescript
* const gate = await enforceTrustGate(input, { shipThreshold: 90 });
* process.exit(gate.exitCode);
* ```
*/
declare function enforceTrustGate(input: TrustScoreInput, options?: EvaluateTrustOptions): Promise<GateEnforcementResult>;
export { type CategoryScore as C, DEFAULT_WEIGHTS as D, EVIDENCE_PRIORITY as E, type ResolvedTrustConfig as R, type TrustScoreResult as T, type TrustHistory as a, type TrustDelta as b, type TrustHistoryEntry as c, type ClauseStatus as d, type EvidenceSource as e, TRUST_CATEGORIES as f, type TrustCategory as g, type TrustClauseResult as h, type TrustReport as i, type TrustReportJSON as j, type TrustScoreConfig as k, type TrustScoreInput as l, type TrustVerdict as m, type TrustWeights as n, calculateTrustScore as o, enforceTrustGate as p, evaluateTrust as q, formatJSONReport as r, formatTextReport as s, generateReport as t, resolveConfig as u };
+123
dist/verdict-engine-DYuXvnAQ.d.ts
/**
* Verdict Engine — SHIP / WARN / NO_SHIP
*
* Produces scored, explainable verdicts with full evidence trails.
* ISL-verified evidence is weighted 2× relative to specless evidence.
*
* Decision flow:
* 1. Scan evidence for critical failures → NO_SHIP immediately
* 2. Compute weighted score from evidence confidence values
* 3. Apply thresholds: score ≥ 0.85 → SHIP, ≥ 0.50 → WARN, else → NO_SHIP
*
* @module @isl-lang/gate/authoritative/verdict-engine
*/
/**
* Scoring thresholds that map a 0–1 confidence score to a verdict.
*/
declare const SCORING_THRESHOLDS: {
/** High confidence — all critical checks pass */
readonly SHIP: 0.85;
/** Mixed signals — non-critical issues present */
readonly WARN: 0.5;
/** Below WARN threshold or any critical failure */
readonly NO_SHIP: 0;
};
type ScoringThresholds = typeof SCORING_THRESHOLDS;
/**
* Critical failure categories that force NO_SHIP regardless of score.
*/
declare const CRITICAL_FAILURES: readonly ["postcondition_violation", "security_violation", "critical_vulnerability", "fake_feature_detected", "verification_blocked"];
type CriticalFailureKind = typeof CRITICAL_FAILURES[number];
/**
* Source of a piece of gate evidence.
*
* 'isl-spec' evidence is weighted 2× in score aggregation.
*/
type GateEvidenceSource = 'isl-spec' | 'static-analysis' | 'runtime-eval' | 'test-execution' | 'specless-scanner';
/**
* A single piece of evidence collected during gate evaluation.
*/
interface GateEvidence {
/** Where this evidence came from */
source: GateEvidenceSource;
/** What was checked, e.g. "postcondition: User.exists(result.id)" */
check: string;
/** Outcome of the check */
result: 'pass' | 'fail' | 'warn' | 'skip';
/** Confidence in this result, 0–1 */
confidence: number;
/** Human-readable details */
details: string;
}
/** Tri-state verdict: SHIP, WARN, or NO_SHIP */
type VerdictDecision = 'SHIP' | 'WARN' | 'NO_SHIP';
/**
* Complete gate verdict with evidence trail and actionable feedback.
*/
interface GateVerdict {
/** Final decision */
decision: VerdictDecision;
/** Aggregated score 0–1 */
score: number;
/** All evidence used to reach this verdict */
evidence: GateEvidence[];
/** One-line human-readable summary */
summary: string;
/** What specifically blocked (non-empty only for NO_SHIP) */
blockers: string[];
/** Actionable fixes / next steps */
recommendations: string[];
}
/**
* Create a gate evidence entry with validated confidence.
*/
declare function createGateEvidence(source: GateEvidenceSource, check: string, result: GateEvidence['result'], confidence: number, details: string): GateEvidence;
/**
* Compute the aggregate score from a list of evidence.
*
* Score = Σ(confidence × resultFactor × sourceWeight) / Σ(sourceWeight)
*
* 'skip' evidence is excluded entirely.
* Returns 0 when no scoreable evidence exists.
*/
declare function computeScore(evidence: readonly GateEvidence[]): number;
/**
* Find all evidence entries that represent critical failures.
* A critical failure is a 'fail' result whose check name contains
* one of the CRITICAL_FAILURES identifiers.
*/
declare function findCriticalFailures(evidence: readonly GateEvidence[]): GateEvidence[];
/**
* Check whether any evidence contains a critical failure.
*/
declare function hasCriticalFailure(evidence: readonly GateEvidence[]): boolean;
/**
* Options for verdict production.
*/
interface VerdictOptions {
/** Custom thresholds */
thresholds?: ScoringThresholds;
/**
* If true, verification_blocked downgrades to WARN instead of NO_SHIP,
* but ONLY when specs are fully typed (high-confidence) and at least
* one minimal runtime sanity check ran.
* Default: false (NO_SHIP on execution failure).
*/
warnOnExecFailure?: boolean;
}
/**
* Produce a complete, explainable verdict from collected evidence.
*
* Decision algorithm:
* 1. If any critical failure → NO_SHIP (regardless of score)
* - verification_blocked can be downgraded to WARN if warnOnExecFailure is set
* AND specs are high-confidence AND at least one runtime check passed
* 2. If score ≥ 0.85 → SHIP
* 3. If score ≥ 0.50 → WARN
* 4. Otherwise → NO_SHIP
*
* But **never** SHIP when verification_blocked is present.
*/
declare function produceVerdict(evidence: readonly GateEvidence[], thresholdsOrOptions?: ScoringThresholds | VerdictOptions): GateVerdict;
export { CRITICAL_FAILURES as C, type GateEvidence as G, SCORING_THRESHOLDS as S, type VerdictDecision as V, type CriticalFailureKind as a, type GateEvidenceSource as b, type GateVerdict as c, type ScoringThresholds as d, computeScore as e, createGateEvidence as f, findCriticalFailures as g, hasCriticalFailure as h, produceVerdict as p };
+2
dist/verified-intent/index.d.ts
export { f as CoverageInput, g as DEFAULT_VERIFIED_INTENT_CONFIG, i as DEV_VERIFIED_INTENT_CONFIG, l as ExecutionInput, m as ExecutionStatus, M as MissingPillarPolicy, P as PillarDetail, n as PillarName, o as PillarResult, p as PillarStatus, q as ProvenanceOrigin, r as ProvenanceRecord, s as ProvenanceReport, t as SpecFidelityInput, v as VerifiedIntentConfig, w as VerifiedIntentResult, x as applyVerifiedIntentCap, y as buildProvenanceReport, z as evaluateCoverage, B as evaluateExecution, F as evaluateSpecFidelity, G as evaluateVerifiedIntent, H as evaluateVerifiedIntentFromInputs, K as extractCoverageInput, L as extractExecutionInput, N as extractSpecFidelityInput, I as formatProvenanceReport, J as formatVerifiedIntentReport, O as partitionProvenance } from '../index-DH7vlAwI.js';
import '../verdict-engine-DYuXvnAQ.js';
+35
dist/verified-intent/index.js
import {
DEFAULT_VERIFIED_INTENT_CONFIG,
DEV_VERIFIED_INTENT_CONFIG,
applyVerifiedIntentCap,
buildProvenanceReport,
evaluateCoverage,
evaluateExecution,
evaluateSpecFidelity,
evaluateVerifiedIntent,
evaluateVerifiedIntentFromInputs,
extractCoverageInput,
extractExecutionInput,
extractSpecFidelityInput,
formatProvenanceReport,
formatVerifiedIntentReport,
partitionProvenance
} from "../chunk-7YIDYPSN.js";
import "../chunk-3RG5ZIWI.js";
export {
DEFAULT_VERIFIED_INTENT_CONFIG,
DEV_VERIFIED_INTENT_CONFIG,
applyVerifiedIntentCap,
buildProvenanceReport,
evaluateCoverage,
evaluateExecution,
evaluateSpecFidelity,
evaluateVerifiedIntent,
evaluateVerifiedIntentFromInputs,
extractCoverageInput,
extractExecutionInput,
extractSpecFidelityInput,
formatProvenanceReport,
formatVerifiedIntentReport,
partitionProvenance
};
+6
-268
dist/index.d.ts

@@ -1,274 +0,12 @@

import { G as GateEvidence } from './verdict-engine-CCsnJ_Vs.js';
export { C as CRITICAL_FAILURES, a as CriticalFailureKind, b as GateEvidenceSource, c as GateVerdictResult, S as SCORING_THRESHOLDS, d as ScoringThresholds, V as VerdictDecision, e as computeScore, f as createGateEvidence, g as findCriticalFailures, h as hasCriticalFailure, p as produceVerdict } from './verdict-engine-CCsnJ_Vs.js';
import { A as AuthoritativeGateInput, a as AuthoritativeVerdict, b as AuthoritativeGateResult, c as AggregatedSignals, T as ThresholdConfig, V as VerdictReason, d as VerificationSignal, S as SignalSource, e as SignalFinding } from './index-DH7vlAwI.js';
export { C as CombinedVerdictResult, f as CoverageInput, D as DEFAULT_THRESHOLDS, g as DEFAULT_VERIFIED_INTENT_CONFIG, h as DEV_THRESHOLDS, i as DEV_VERIFIED_INTENT_CONFIG, E as EXIT_CODES, j as EvidenceArtifact, k as EvidenceBundle, l as ExecutionInput, m as ExecutionStatus, M as MissingPillarPolicy, P as PillarDetail, n as PillarName, o as PillarResult, p as PillarStatus, q as ProvenanceOrigin, r as ProvenanceRecord, s as ProvenanceReport, t as SpecFidelityInput, u as VerdictSource, v as VerifiedIntentConfig, w as VerifiedIntentResult, x as applyVerifiedIntentCap, y as buildProvenanceReport, z as evaluateCoverage, B as evaluateExecution, F as evaluateSpecFidelity, G as evaluateVerifiedIntent, H as evaluateVerifiedIntentFromInputs, I as formatProvenanceReport, J as formatVerifiedIntentReport } from './index-DH7vlAwI.js';
import { G as GateEvidence } from './verdict-engine-DYuXvnAQ.js';
export { C as CRITICAL_FAILURES, a as CriticalFailureKind, b as GateEvidenceSource, c as GateVerdictResult, S as SCORING_THRESHOLDS, d as ScoringThresholds, V as VerdictDecision, e as computeScore, f as createGateEvidence, g as findCriticalFailures, h as hasCriticalFailure, p as produceVerdict } from './verdict-engine-DYuXvnAQ.js';
import { GateInput, GateVerdict, GateOptions, GateResult, Finding } from './types/index.js';
export { CommandCounts, CommandScores, CommandVerdict, CommandVerdictInfo, CriticalBlockers, GateReason, SeverityCounts, ShipScoreDimensions, VERDICT_THRESHOLDS, assertCountsValid, assertScoresValid, createEmptyCommandCounts, createEmptySeverityCounts } from './types/index.js';
export { buildCommandCounts, buildResult, buildScores, calculateHealthScore, calculatePassRate, calculateScoreFromCounts, determineVerdict, formatScore, formatVerdict, getScoreColor, getScoreStatus } from './scoring/index.js';
export { C as CategoryScore, d as ClauseStatus, R as ResolvedTrustConfig, g as TrustCategory, h as TrustClauseResult, b as TrustDelta, a as TrustHistory, c as TrustHistoryEntry, i as TrustReport, j as TrustReportJSON, k as TrustScoreConfig, l as TrustScoreInput, T as TrustScoreResult, m as TrustVerdict, n as TrustWeights, o as calculateTrustScore, p as enforceTrustGate, q as evaluateTrust, t as generateTrustReport, u as resolveTrustConfig } from './orchestrator-CHlc8H1I.js';
export { C as CategoryScore, d as ClauseStatus, R as ResolvedTrustConfig, g as TrustCategory, h as TrustClauseResult, b as TrustDelta, a as TrustHistory, c as TrustHistoryEntry, i as TrustReport, j as TrustReportJSON, k as TrustScoreConfig, l as TrustScoreInput, T as TrustScoreResult, m as TrustVerdict, n as TrustWeights, o as calculateTrustScore, p as enforceTrustGate, q as evaluateTrust, t as generateTrustReport, u as resolveTrustConfig } from './orchestrator-ChXymu8C.js';
export { AnalyzePROptions, ChangeType, DiffHunk, FileChange, PRAnalysis, PRAnalysisConfig, ResolvedPRAnalysisConfig, RiskLabel, SkipReason, SkippedFile, SpecVerification, VerificationPlan, analyzePR, buildVerificationPlan, calculatePRRisk, discoverSpecs, findAffectedSpecs, findMatchingSpec, formatVerificationPlan, getChangedFiles, isConfigFile, isCriticalPath, isISLSpec, isSourceFile, isTestFile, isTypeOnly, parseNameStatus, resolveConfig as resolvePRConfig, riskLabel, riskSummary, selectFilesForVerification } from './pr-analysis/index.js';
/**
* ISL Authoritative Gate - Type Definitions
*
* SHIP/NO_SHIP is BINARY. No intermediate states.
* All decisions are final and machine-readable.
*
* @module @isl-lang/gate/authoritative
*/
/**
* Authoritative verdict - SHIP or NO_SHIP, nothing else.
* This is the final, definitive decision.
*/
type AuthoritativeVerdict = 'SHIP' | 'NO_SHIP';
/**
* Exit codes for CI integration
*/
declare const EXIT_CODES: {
readonly SHIP: 0;
readonly NO_SHIP: 1;
};
/**
* Signal source identifier
*/
type SignalSource = 'parser' | 'typechecker' | 'verifier' | 'test_runner' | 'coverage' | 'static_analysis' | 'security_scan' | 'hallucination_scan' | 'contract_check' | 'env_validation' | 'gate_firewall' | 'dependency_audit';
/**
* Individual verification signal
*/
interface VerificationSignal {
/** Source of this signal */
source: SignalSource;
/** Signal passed? */
passed: boolean;
/** Score 0-100 (optional, for weighted signals) */
score?: number;
/** Weight for aggregation (default: 1) */
weight?: number;
/** Human-readable summary */
summary: string;
/** Detailed findings */
findings?: SignalFinding[];
/** Whether this signal blocks SHIP if failed */
blocking: boolean;
/** Duration in ms */
durationMs?: number;
}
/**
* Individual finding within a signal
*/
interface SignalFinding {
/** Unique ID */
id: string;
/** Severity */
severity: 'critical' | 'high' | 'medium' | 'low';
/** Message */
message: string;
/** File location */
file?: string;
/** Line number */
line?: number;
/** Whether this finding alone blocks SHIP */
blocking: boolean;
}
/**
* Threshold configuration for authoritative decisions
*/
interface ThresholdConfig {
/** Minimum overall score for SHIP (default: 80) */
minScore: number;
/** Minimum test pass rate for SHIP (default: 100%) */
minTestPassRate: number;
/** Minimum coverage for SHIP (default: 70%) */
minCoverage: number;
/** Maximum critical findings allowed (default: 0) */
maxCriticalFindings: number;
/** Maximum high findings allowed (default: 0) */
maxHighFindings: number;
/** Allow skipped tests (default: false) */
allowSkipped: boolean;
}
/**
* Default strict thresholds
*/
declare const DEFAULT_THRESHOLDS: ThresholdConfig;
/**
* Relaxed thresholds for development
*/
declare const DEV_THRESHOLDS: ThresholdConfig;
/**
* Signal aggregation result
*/
interface AggregatedSignals {
/** All signals collected */
signals: VerificationSignal[];
/** Weighted overall score 0-100 */
overallScore: number;
/** Test summary */
tests: {
total: number;
passed: number;
failed: number;
skipped: number;
passRate: number;
};
/** Finding counts by severity */
findings: {
critical: number;
high: number;
medium: number;
low: number;
total: number;
};
/** Coverage percentage (if available) */
coverage?: number;
/** Blocking issues that force NO_SHIP */
blockingIssues: string[];
}
/**
* Evidence artifact
*/
interface EvidenceArtifact {
/** Artifact type */
type: 'spec' | 'implementation' | 'test_results' | 'coverage' | 'report' | 'log';
/** Relative path within bundle */
path: string;
/** SHA-256 hash */
sha256: string;
/** Size in bytes */
sizeBytes: number;
}
/**
* Machine-readable evidence bundle
*/
interface EvidenceBundle {
/** Bundle schema version */
schemaVersion: '2.0.0';
/** Deterministic fingerprint */
fingerprint: string;
/** ISL toolchain version */
islVersion: string;
/** Timestamp (ISO 8601) */
timestamp: string;
/** Git commit SHA (if available) */
gitSha?: string;
/** Git branch (if available) */
gitBranch?: string;
/** CI run ID (if available) */
ciRunId?: string;
/** Input hashes */
inputs: {
specHash: string;
implHash: string;
configHash?: string;
};
/** Bundle artifacts */
artifacts: EvidenceArtifact[];
}
/**
* Authoritative gate result - the definitive output
*/
interface AuthoritativeGateResult {
/** SHIP or NO_SHIP - final decision */
verdict: AuthoritativeVerdict;
/** Exit code for CI (0 = SHIP, 1 = NO_SHIP) */
exitCode: 0 | 1;
/** Overall score 0-100 */
score: number;
/** Confidence in the decision 0-100 */
confidence: number;
/** Human-readable summary */
summary: string;
/** Aggregated signals */
aggregation: AggregatedSignals;
/** Thresholds used for decision */
thresholds: ThresholdConfig;
/** Evidence bundle manifest */
evidence: EvidenceBundle;
/** Reasons for the verdict */
reasons: VerdictReason[];
/** Suggestions for improvement (if NO_SHIP) */
suggestions?: string[];
/** Total duration in ms */
durationMs: number;
}
/**
* Reason for verdict
*/
interface VerdictReason {
/** Machine-readable code */
code: string;
/** Human-readable message */
message: string;
/** Severity of this reason */
severity: 'critical' | 'high' | 'medium' | 'info';
/** Source signal */
source: SignalSource;
/** Whether this reason alone would block SHIP */
blocking: boolean;
}
/**
* Input for the authoritative gate
*/
interface AuthoritativeGateInput {
/** Project root directory */
projectRoot: string;
/** ISL spec source or path */
spec: string;
/** Implementation source or directory path */
implementation: string;
/** Custom thresholds (optional) */
thresholds?: Partial<ThresholdConfig>;
/** Write evidence bundle to disk (default: true) */
writeBundle?: boolean;
/** Evidence output path (default: './evidence') */
evidencePath?: string;
/** Git info for bundle */
git?: {
sha?: string;
branch?: string;
};
/** CI info for bundle */
ci?: {
runId?: string;
provider?: string;
};
/** When true, run dependency audit (e.g. pnpm audit) and add as signal; critical vulns = NO_SHIP */
dependencyAudit?: boolean;
/**
* When true, do not throw if spec is missing or invalid.
* Instead return a SHIP result with reason "no spec provided" (caller should run firewall/unified gate for full check).
*/
specOptional?: boolean;
}
/**
* Source that contributed to the combined verdict
*/
type VerdictSource = 'gate_spec' | 'gate_firewall';
/**
* Combined verdict result from running both spec gate and firewall gate.
* Single SHIP/NO_SHIP for "all AI code" in a branch.
*/
interface CombinedVerdictResult {
/** Final verdict: NO_SHIP if any source is NO_SHIP */
verdict: AuthoritativeVerdict;
/** Exit code for CI (0 = SHIP, 1 = NO_SHIP) */
exitCode: 0 | 1;
/** Which gates contributed (spec: when spec existed, gate_firewall: always when files checked) */
sources: VerdictSource[];
/** Combined score (min of both when both run, else the one that ran) */
score: number;
/** Merged reasons from all sources */
reasons: VerdictReason[];
/** Evidence path when bundle was written */
evidencePath?: string;
/** Spec gate result (when spec was provided and run) */
specResult?: AuthoritativeGateResult;
/** Firewall/build verification result (when files were checked) */
firewallResult?: {
verdict: AuthoritativeVerdict;
score: number;
reasons: VerdictReason[];
filesChecked: number;
};
}
/**
* Authoritative Gate

@@ -582,2 +320,2 @@ *

export { type AggregatedSignals, type AuthoritativeGateInput, type AuthoritativeGateResult, type AuthoritativeVerdict, type CombinedVerdictResult, ConfigError, DEFAULT_THRESHOLDS, DEV_THRESHOLDS, EXIT_CODES, type EvidenceArtifact, type EvidenceBundle, Finding, GateBlockedError, type GateContext, GateEvidence, GateInput, GateOptions, GateResult, GateVerdict, ISLGateError, type SignalFinding, type SignalSource, type SpeclessCheck, type ThresholdConfig, TimeoutError, ValidationError, type VerdictReason, type VerdictSource, type VerificationSignal, aggregateSignals, clearSpeclessChecks, createBlockingSignal, createFinding, createSignal, generateFingerprint, getSpeclessChecks, hashContent, isISLGateError, makeDecision, quickCheck, quickGateCheck, registerSpeclessCheck, runAuthoritativeGate, runGate, runSpeclessChecks, unregisterSpeclessCheck, wouldPass, wouldShip, wrapError };
export { AggregatedSignals, AuthoritativeGateInput, AuthoritativeGateResult, AuthoritativeVerdict, ConfigError, Finding, GateBlockedError, type GateContext, GateEvidence, GateInput, GateOptions, GateResult, GateVerdict, ISLGateError, SignalFinding, SignalSource, type SpeclessCheck, ThresholdConfig, TimeoutError, ValidationError, VerdictReason, VerificationSignal, aggregateSignals, clearSpeclessChecks, createBlockingSignal, createFinding, createSignal, generateFingerprint, getSpeclessChecks, hashContent, isISLGateError, makeDecision, quickCheck, quickGateCheck, registerSpeclessCheck, runAuthoritativeGate, runGate, runSpeclessChecks, unregisterSpeclessCheck, wouldPass, wouldShip, wrapError };
+386
-30
dist/index.js

@@ -22,3 +22,11 @@ import {

} from "./chunk-B475ZQGX.js";
import "./chunk-YWE7AOOG.js";
import {
calculateTrustScore,
enforceTrustGate,
evaluateTrust,
generateReport,
resolveConfig
} from "./chunk-TQSKAO5D.js";
import {
buildCommandCounts,

@@ -37,3 +45,2 @@ buildResult,

} from "./chunk-OMXACQK4.js";
import "./chunk-YWE7AOOG.js";
import {

@@ -47,9 +54,2 @@ VERDICT_THRESHOLDS,

import {
calculateTrustScore,
enforceTrustGate,
evaluateTrust,
generateReport,
resolveConfig
} from "./chunk-BT56AKI4.js";
import {
CRITICAL_FAILURES,

@@ -62,3 +62,16 @@ SCORING_THRESHOLDS,

produceVerdict
} from "./chunk-25A5LLPE.js";
} from "./chunk-WGXJUASQ.js";
import {
DEFAULT_VERIFIED_INTENT_CONFIG,
DEV_VERIFIED_INTENT_CONFIG,
applyVerifiedIntentCap,
buildProvenanceReport,
evaluateCoverage,
evaluateExecution,
evaluateSpecFidelity,
evaluateVerifiedIntent,
evaluateVerifiedIntentFromInputs,
formatProvenanceReport,
formatVerifiedIntentReport
} from "./chunk-7YIDYPSN.js";
import "./chunk-3RG5ZIWI.js";

@@ -72,2 +85,8 @@

// src/authoritative/types.ts
var DEFAULT_GUARDRAIL_POLICY = {
allowAutoSpecShip: false,
allowNoTestExecution: false,
allowEmptyCategories: false,
allowUnvalidatedAiRules: false
};
var EXIT_CODES = {

@@ -543,3 +562,4 @@ SHIP: 0,

},
suggestions: result.suggestions
suggestions: result.suggestions,
riskAcceptances: result.riskAcceptances ?? []
};

@@ -703,2 +723,11 @@ await writeFile(verdictPath, JSON.stringify(verdictJson, null, 2), "utf-8");

const allEvidence = [];
if (!file || typeof file !== "string") {
return [{
source: "specless-scanner",
check: "specless-registry",
result: "skip",
confidence: 0,
details: "Invalid file path: file was undefined or not a string"
}];
}
for (const check of speclessChecks) {

@@ -721,2 +750,183 @@ try {

// src/authoritative/guardrails.ts
var EMPTY_CATEGORY_PENALTY = 10;
var EXPECTED_SIGNAL_SOURCES = [
"parser",
"typechecker",
"verifier",
"test_runner",
"static_analysis"
];
var AUTO_SPEC_MARKERS = [
".shipgate/generated-specs/",
".shipgate\\generated-specs\\",
"@generated",
"@auto-generated",
"auto-generated by",
"# status: incomplete"
];
var INCOMPLETE_SPEC_PENALTY = 20;
var INCOMPLETE_SPEC_MARKERS = [
"# status: incomplete",
"incomplete \u2014 auto-generated typed contract scaffold",
"this spec captures exact signatures but has no business rules"
];
function isAutoGeneratedSpec(specSource, specPath, explicitFlag) {
if (explicitFlag === true) return true;
if (explicitFlag === false) return false;
if (specPath) {
const normalizedPath = specPath.replace(/\\/g, "/");
if (normalizedPath.includes(".shipgate/generated-specs/") || normalizedPath.includes(".shipgate/generated-specs\\")) {
return true;
}
}
const header = specSource.slice(0, 500).toLowerCase();
return AUTO_SPEC_MARKERS.some((marker) => header.includes(marker.toLowerCase()));
}
function hasAiRuleEvidence(aggregation) {
const verificationSources = ["verifier", "test_runner", "contract_check"];
return aggregation.signals.some(
(s) => verificationSources.includes(s.source) && s.passed
);
}
function findEmptyCategories(aggregation) {
const presentSources = new Set(aggregation.signals.map((s) => s.source));
return EXPECTED_SIGNAL_SOURCES.filter((src) => !presentSources.has(src));
}
function applyGuardrails(aggregation, opts = {}) {
const policy = {
...DEFAULT_GUARDRAIL_POLICY,
...opts.policy
};
const configSource = opts.configSource ?? null;
const now = (/* @__PURE__ */ new Date()).toISOString();
const reasons = [];
const riskAcceptances = [];
const warnings = [];
let verdictCap = null;
let scorePenalty = 0;
const isAutoSpec = isAutoGeneratedSpec(
opts.specSource ?? "",
opts.specPath,
opts.autoGeneratedSpec
);
if (isAutoSpec) {
if (!policy.allowAutoSpecShip) {
verdictCap = capVerdict(verdictCap, "WARN");
reasons.push({
code: "AUTO_SPEC_WARN_CAP",
message: "Auto-generated spec detected \u2014 verdict capped at WARN until spec is human-validated",
severity: "high",
source: "verifier",
blocking: false
});
} else {
riskAcceptances.push({
guardrail: "allowAutoSpecShip",
description: "Auto-generated spec allowed to reach SHIP without human validation",
displayLabel: "user allowed auto-spec-ship",
timestamp: now,
configSource
});
warnings.push("\u26A0 user allowed auto-spec-ship");
}
}
const noTestsExecuted = aggregation.tests.total === 0;
if (noTestsExecuted) {
if (!policy.allowNoTestExecution) {
verdictCap = capVerdict(verdictCap, "NO_SHIP");
reasons.push({
code: "NO_TESTS_EXECUTED",
message: "No tests were executed \u2014 NO_SHIP (tests are required for safe AI code)",
severity: "critical",
source: "test_runner",
blocking: true
});
} else {
riskAcceptances.push({
guardrail: "allowNoTestExecution",
description: "Shipping without test execution allowed",
displayLabel: "user allowed warn-on-exec-failure",
timestamp: now,
configSource
});
warnings.push("\u26A0 user allowed warn-on-exec-failure");
}
}
const emptyCategories = findEmptyCategories(aggregation);
if (emptyCategories.length > 0) {
if (!policy.allowEmptyCategories) {
const penalty = emptyCategories.length * EMPTY_CATEGORY_PENALTY;
scorePenalty += penalty;
reasons.push({
code: "EMPTY_CATEGORIES",
message: `${emptyCategories.length} verification category(ies) empty: ${emptyCategories.join(", ")} \u2014 score penalized by ${penalty}`,
severity: "medium",
source: "verifier",
blocking: false
});
} else {
riskAcceptances.push({
guardrail: "allowEmptyCategories",
description: `Empty verification categories allowed: ${emptyCategories.join(", ")}`,
displayLabel: "user allowed empty-categories",
timestamp: now,
configSource
});
warnings.push("\u26A0 user allowed empty-categories");
}
}
const isIncompleteSpec = isIncompleteSpecCheck(opts.specSource ?? "");
if (isIncompleteSpec) {
scorePenalty += INCOMPLETE_SPEC_PENALTY;
verdictCap = capVerdict(verdictCap, "WARN");
reasons.push({
code: "INCOMPLETE_SPEC",
message: `INCOMPLETE spec detected \u2014 typed contract scaffold only, no business rules. Score penalized by ${INCOMPLETE_SPEC_PENALTY}, verdict capped at WARN.`,
severity: "high",
source: "verifier",
blocking: false
});
}
const hasEvidence = hasAiRuleEvidence(aggregation);
if (!hasEvidence) {
if (!policy.allowUnvalidatedAiRules) {
verdictCap = capVerdict(verdictCap, "WARN");
scorePenalty += 15;
reasons.push({
code: "UNVALIDATED_AI_RULES",
message: "AI-generated rules have no supporting evidence (no passing verifier/test signals) \u2014 verdict capped at WARN",
severity: "high",
source: "verifier",
blocking: false
});
} else {
riskAcceptances.push({
guardrail: "allowUnvalidatedAiRules",
description: "AI-generated rules allowed without evidence validation",
displayLabel: "user allowed unvalidated-ai-rules",
timestamp: now,
configSource
});
warnings.push("\u26A0 user allowed unvalidated-ai-rules");
}
}
return {
reasons,
verdictCap,
scorePenalty,
riskAcceptances,
warnings
};
}
function capVerdict(current, newCap) {
const order = { "NO_SHIP": 0, "WARN": 1, "SHIP": 2 };
if (current === null) return newCap;
return order[newCap] <= order[current] ? newCap : current;
}
function isIncompleteSpecCheck(specSource) {
const header = specSource.slice(0, 500).toLowerCase();
return INCOMPLETE_SPEC_MARKERS.some((marker) => header.includes(marker));
}
// src/authoritative/gate.ts

@@ -740,13 +950,13 @@ var ISL_VERSION = "0.2.0";

const noSpecResult = {
verdict: "SHIP",
exitCode: EXIT_CODES.SHIP,
score: 100,
confidence: 100,
summary: "No spec provided; run unified gate or firewall for full check.",
verdict: "NO_SHIP",
exitCode: EXIT_CODES.NO_SHIP,
score: 30,
confidence: 80,
summary: "NO_SHIP: No spec provided and implementation could not be resolved; code is unverified.",
aggregation: {
signals: [],
overallScore: 100,
tests: { total: 0, passed: 0, failed: 0, skipped: 0, passRate: 100 },
overallScore: 30,
tests: { total: 0, passed: 0, failed: 0, skipped: 0, passRate: 0 },
findings: { critical: 0, high: 0, medium: 0, low: 0, total: 0 },
blockingIssues: []
blockingIssues: ["No ISL spec and no specless checks available; code is unverified."]
},

@@ -764,4 +974,4 @@ thresholds,

code: "NO_SPEC",
message: "No valid spec provided; use runUnifiedGate or firewall for security/policy checks.",
severity: "info",
message: "No ISL spec provided; code is unverified. Add an ISL spec or run isl-generate.",
severity: "medium",
source: "verifier",

@@ -781,2 +991,62 @@ blocking: false

const decision = makeDecision(aggregation, thresholds);
const guardrailResult = applyGuardrails(aggregation, {
policy: input.guardrails,
autoGeneratedSpec: input.autoGeneratedSpec,
specSource,
specPath: typeof input.spec === "string" && !input.spec.includes("domain ") ? input.spec : void 0,
configSource: input.guardrailConfigSource ?? null
});
decision.reasons.push(...guardrailResult.reasons);
if (guardrailResult.verdictCap !== null) {
if (guardrailResult.verdictCap === "NO_SHIP") {
decision.verdict = "NO_SHIP";
decision.exitCode = EXIT_CODES.NO_SHIP;
} else if (guardrailResult.verdictCap === "WARN" && decision.verdict === "SHIP") {
decision.verdict = "NO_SHIP";
decision.exitCode = EXIT_CODES.NO_SHIP;
}
}
if (guardrailResult.scorePenalty > 0) {
aggregation.overallScore = Math.max(0, aggregation.overallScore - guardrailResult.scorePenalty);
}
if (decision.verdict === "SHIP" && aggregation.overallScore < thresholds.minScore) {
decision.verdict = "NO_SHIP";
decision.exitCode = EXIT_CODES.NO_SHIP;
decision.reasons.push({
code: "GUARDRAIL_SCORE_DROP",
message: `Score dropped to ${aggregation.overallScore} after guardrail penalties (threshold: ${thresholds.minScore})`,
severity: "high",
source: "verifier",
blocking: true
});
}
if (guardrailResult.warnings.length > 0) {
for (const warning of guardrailResult.warnings) {
console.error(warning);
}
}
let verifiedIntentResult;
if (input.verifiedIntent !== false) {
const viConfig = typeof input.verifiedIntent === "object" ? input.verifiedIntent : DEFAULT_VERIFIED_INTENT_CONFIG;
const gateEvidence = collectGateEvidenceFromSignals(signals);
verifiedIntentResult = evaluateVerifiedIntent(
signals,
aggregation,
gateEvidence,
viConfig
);
const cappedTriState = applyVerifiedIntentCap(decision.verdict, verifiedIntentResult);
const cappedVerdict = cappedTriState === "WARN" ? "NO_SHIP" : cappedTriState;
if (cappedVerdict !== decision.verdict) {
decision.verdict = cappedVerdict;
decision.exitCode = cappedVerdict === "SHIP" ? EXIT_CODES.SHIP : EXIT_CODES.NO_SHIP;
decision.reasons.push({
code: "VERIFIED_INTENT_CAP",
message: `Verdict capped to ${cappedVerdict}: ${verifiedIntentResult.summary}`,
severity: "high",
source: "verifier",
blocking: cappedVerdict === "NO_SHIP"
});
}
}
const suggestions = decision.verdict === "NO_SHIP" ? getSuggestions(aggregation, thresholds) : void 0;

@@ -801,2 +1071,7 @@ const resultsHash = hashContent(JSON.stringify({

});
if (guardrailResult.riskAcceptances.length > 0) {
evidence.riskAcceptances = guardrailResult.riskAcceptances;
}
const guardrailSuffix = guardrailResult.warnings.length > 0 ? ` [${guardrailResult.warnings.join("; ")}]` : "";
const finalSummary = guardrailResult.verdictCap !== null || guardrailResult.scorePenalty > 0 ? `${decision.verdict}: Score ${aggregation.overallScore}/100 \u2014 guardrails applied${guardrailSuffix}` : decision.summary + guardrailSuffix;
const result = {

@@ -807,3 +1082,3 @@ verdict: decision.verdict,

confidence: decision.confidence,
summary: decision.summary,
summary: finalSummary,
aggregation,

@@ -814,5 +1089,7 @@ thresholds,

suggestions,
verifiedIntent: verifiedIntentResult,
riskAcceptances: guardrailResult.riskAcceptances.length > 0 ? guardrailResult.riskAcceptances : void 0,
durationMs: Date.now() - startTime
};
if (input.writeBundle !== false) {
if (input.writeBundle !== false && input.projectRoot) {
const evidencePath = input.evidencePath ?? join2(input.projectRoot, "evidence");

@@ -873,11 +1150,15 @@ await writeBundle(evidencePath, result, specSource, implSource);

}
if (existsSync(input.implementation)) {
const stats = await stat(input.implementation);
const impl = input.implementation;
if (impl == null || typeof impl !== "string") {
throw new Error("Implementation path is required but was undefined or not a string");
}
if (existsSync(impl)) {
const stats = await stat(impl);
if (stats.isDirectory()) {
implSource = await readDirectoryFiles(input.implementation);
implSource = await readDirectoryFiles(impl);
} else {
implSource = await readFile(input.implementation, "utf-8");
implSource = await readFile(impl, "utf-8");
}
} else {
implSource = input.implementation;
implSource = impl;
}

@@ -910,7 +1191,7 @@ return { specSource, implSource };

"Specless verification: no ISL spec; running registered specless checks.",
{ score: 100, blocking: false }
{ blocking: false }
)
);
const gateContext = {
projectRoot: input.projectRoot,
projectRoot: input.projectRoot ?? process.cwd(),
implementation: implSource,

@@ -942,2 +1223,13 @@ specOptional: true

}
const realResults = speclessEvidence.filter((e) => e.result !== "skip");
if (realResults.length === 0) {
signals.push(
createSignal(
"static_analysis",
false,
"No ISL spec and no specless checks available; code is unverified.",
{ score: 30, blocking: false }
)
);
}
if (input.dependencyAudit && input.projectRoot) {

@@ -987,3 +1279,3 @@ try {

}
if (input.dependencyAudit) {
if (input.dependencyAudit && input.projectRoot) {
try {

@@ -1074,2 +1366,5 @@ const auditSignal = await collectDependencyAuditSignal(input.projectRoot);

async function collectDependencyAuditSignal(projectRoot) {
if (!projectRoot || typeof projectRoot !== "string") {
return createBlockingSignal("dependency_audit", true, "No project root; skip audit", { score: 100 });
}
const { spawnSync } = await import("child_process");

@@ -1129,2 +1424,52 @@ const { existsSync: existsSync2 } = await import("fs");

}
function collectGateEvidenceFromSignals(signals) {
const evidence = [];
for (const signal of signals) {
const result = signal.passed ? "pass" : "fail";
const confidence = signal.score != null ? signal.score / 100 : signal.passed ? 0.8 : 0.3;
evidence.push(
createGateEvidence(
mapSignalSourceToEvidence(signal.source),
signal.summary,
result,
confidence,
signal.summary
)
);
if (signal.findings) {
for (const f of signal.findings) {
evidence.push(
createGateEvidence(
mapSignalSourceToEvidence(signal.source),
f.id || f.message,
f.blocking ? "fail" : "warn",
confidence,
f.message
)
);
}
}
}
return evidence;
}
function mapSignalSourceToEvidence(source) {
switch (source) {
case "parser":
return "isl-spec";
case "typechecker":
return "isl-spec";
case "verifier":
return "isl-spec";
case "test_runner":
return "test-execution";
case "static_analysis":
return "static-analysis";
case "security_scan":
return "static-analysis";
case "hallucination_scan":
return "static-analysis";
default:
return "static-analysis";
}
}
async function quickGateCheck(input) {

@@ -1437,3 +1782,5 @@ const result = await runAuthoritativeGate({

DEFAULT_THRESHOLDS,
DEFAULT_VERIFIED_INTENT_CONFIG,
DEV_THRESHOLDS,
DEV_VERIFIED_INTENT_CONFIG,
EXIT_CODES,

@@ -1448,5 +1795,7 @@ GateBlockedError,

analyzePR,
applyVerifiedIntentCap,
assertCountsValid,
assertScoresValid,
buildCommandCounts,
buildProvenanceReport,
buildResult,

@@ -1471,9 +1820,16 @@ buildScores,

enforceTrustGate,
evaluateCoverage,
evaluateExecution,
evaluateSpecFidelity,
evaluateTrust,
evaluateVerifiedIntent,
evaluateVerifiedIntentFromInputs,
findAffectedSpecs,
findCriticalFailures,
findMatchingSpec,
formatProvenanceReport,
formatScore,
formatVerdict,
formatVerificationPlan,
formatVerifiedIntentReport,
generateFingerprint,

@@ -1480,0 +1836,0 @@ generateReport as generateTrustReport,

+2
-2
dist/trust-score/index.d.ts

@@ -1,3 +0,3 @@

import { T as TrustScoreResult, a as TrustHistory, b as TrustDelta, c as TrustHistoryEntry, R as ResolvedTrustConfig } from '../orchestrator-CHlc8H1I.js';
export { C as CategoryScore, d as ClauseStatus, D as DEFAULT_WEIGHTS, E as EVIDENCE_PRIORITY, e as EvidenceSource, f as TRUST_CATEGORIES, g as TrustCategory, h as TrustClauseResult, i as TrustReport, j as TrustReportJSON, k as TrustScoreConfig, l as TrustScoreInput, m as TrustVerdict, n as TrustWeights, o as calculateTrustScore, p as enforceTrustGate, q as evaluateTrust, r as formatJSONReport, s as formatTextReport, t as generateReport, u as resolveConfig } from '../orchestrator-CHlc8H1I.js';
import { T as TrustScoreResult, a as TrustHistory, b as TrustDelta, c as TrustHistoryEntry, R as ResolvedTrustConfig } from '../orchestrator-ChXymu8C.js';
export { C as CategoryScore, d as ClauseStatus, D as DEFAULT_WEIGHTS, E as EVIDENCE_PRIORITY, e as EvidenceSource, f as TRUST_CATEGORIES, g as TrustCategory, h as TrustClauseResult, i as TrustReport, j as TrustReportJSON, k as TrustScoreConfig, l as TrustScoreInput, m as TrustVerdict, n as TrustWeights, o as calculateTrustScore, p as enforceTrustGate, q as evaluateTrust, r as formatJSONReport, s as formatTextReport, t as generateReport, u as resolveConfig } from '../orchestrator-ChXymu8C.js';

@@ -4,0 +4,0 @@ /**

+1
-1
dist/trust-score/index.js

@@ -21,3 +21,3 @@ import {

saveHistory
} from "../chunk-BT56AKI4.js";
} from "../chunk-TQSKAO5D.js";
import "../chunk-3RG5ZIWI.js";

@@ -24,0 +24,0 @@ export {

+1
-1
dist/verdict-scoring/index.d.ts

@@ -1,2 +0,2 @@

import { G as GateEvidence } from '../verdict-engine-CCsnJ_Vs.js';
import { G as GateEvidence } from '../verdict-engine-DYuXvnAQ.js';

@@ -3,0 +3,0 @@ /**

+1
-1
dist/verdict-scoring/index.js
import {
findCriticalFailures
} from "../chunk-25A5LLPE.js";
} from "../chunk-WGXJUASQ.js";
import "../chunk-3RG5ZIWI.js";

@@ -5,0 +5,0 @@ 

+10
-6
package.json
{
"name": "@isl-lang/gate",
"version": "0.1.0",
"version": "0.1.1",
"description": "ISL Gate - SHIP/NO_SHIP decision engine for code quality verification",

@@ -36,2 +36,6 @@ "type": "module",

"types": "./dist/verdict-scoring/index.d.ts"
},
"./verified-intent": {
"import": "./dist/verified-intent/index.js",
"types": "./dist/verified-intent/index.d.ts"
}

@@ -45,9 +49,9 @@ },

"@isl-lang/parser": "0.1.0",
"@isl-lang/isl-verify": "0.1.0",
"@isl-lang/typechecker": "0.1.0"
"@isl-lang/typechecker": "0.1.0",
"@isl-lang/isl-verify": "0.1.1"
},
"peerDependencies": {
"@isl-lang/security-scanner": "1.0.0",
"@isl-lang/firewall": "0.2.0",
"@isl-lang/hallucination-scanner": "0.1.0",
"@isl-lang/firewall": "0.2.0"
"@isl-lang/security-scanner": "1.0.0"
},

@@ -78,3 +82,3 @@ "peerDependenciesMeta": {

"scripts": {
"build": "tsup src/index.ts src/scoring/index.ts src/trust-score/index.ts src/types/index.ts src/specless/index.ts src/pr-analysis/index.ts src/verdict-scoring/index.ts --format esm --dts --clean",
"build": "tsup src/index.ts src/scoring/index.ts src/trust-score/index.ts src/types/index.ts src/specless/index.ts src/pr-analysis/index.ts src/verdict-scoring/index.ts src/verified-intent/index.ts --format esm --dts --clean",
"dev": "tsup src/index.ts --format esm --dts --watch",

@@ -81,0 +85,0 @@ "test": "vitest run --passWithNoTests",

-136
dist/chunk-25A5LLPE.js
// src/authoritative/verdict-engine.ts
var SCORING_THRESHOLDS = {
/** High confidence — all critical checks pass */
SHIP: 0.85,
/** Mixed signals — non-critical issues present */
WARN: 0.5,
/** Below WARN threshold or any critical failure */
NO_SHIP: 0
};
var CRITICAL_FAILURES = [
/** Spec says X, code does Y */
"postcondition_violation",
/** Auth bypass, secret exposure */
"security_violation",
/** CVE with CVSS ≥ 9.0 */
"critical_vulnerability",
/** Code compiles but doesn't work */
"fake_feature_detected"
];
function createGateEvidence(source, check, result, confidence, details) {
const clampedConfidence = Math.max(0, Math.min(1, confidence));
return { source, check, result, confidence: clampedConfidence, details };
}
function sourceWeight(source) {
return source === "isl-spec" ? 2 : 1;
}
function resultFactor(result) {
switch (result) {
case "pass":
return 1;
case "warn":
return 0.5;
case "fail":
return 0;
case "skip":
return 0;
}
}
function computeScore(evidence) {
const scoreable = evidence.filter((e) => e.result !== "skip");
if (scoreable.length === 0) return 0;
let totalWeight = 0;
let weightedSum = 0;
for (const e of scoreable) {
const sw = sourceWeight(e.source);
totalWeight += sw;
weightedSum += e.confidence * resultFactor(e.result) * sw;
}
return totalWeight > 0 ? weightedSum / totalWeight : 0;
}
function findCriticalFailures(evidence) {
return evidence.filter(
(e) => e.result === "fail" && CRITICAL_FAILURES.some((cf) => e.check.includes(cf))
);
}
function hasCriticalFailure(evidence) {
return findCriticalFailures(evidence).length > 0;
}
function produceVerdict(evidence, thresholds = SCORING_THRESHOLDS) {
const evidenceList = [...evidence];
const criticalFailures = findCriticalFailures(evidenceList);
if (criticalFailures.length > 0) {
const score2 = computeScore(evidenceList);
const blockers2 = criticalFailures.map((e) => `${e.check}: ${e.details}`);
const recommendations2 = criticalFailures.map(
(e) => `Fix critical issue in "${e.check}": ${e.details}`
);
return {
decision: "NO_SHIP",
score: score2,
evidence: evidenceList,
summary: `NO_SHIP: Critical failure \u2014 ${criticalFailures[0].check}` + (criticalFailures.length > 1 ? ` (+${criticalFailures.length - 1} more)` : ""),
blockers: blockers2,
recommendations: recommendations2
};
}
const score = computeScore(evidenceList);
const failingEvidence = evidenceList.filter((e) => e.result === "fail");
const warningEvidence = evidenceList.filter((e) => e.result === "warn");
if (score >= thresholds.SHIP) {
const recs = [];
for (const w of warningEvidence) {
recs.push(`Consider: ${w.check} \u2014 ${w.details}`);
}
return {
decision: "SHIP",
score,
evidence: evidenceList,
summary: `SHIP: All checks passed \u2014 score ${formatPct(score)}`,
blockers: [],
recommendations: recs
};
}
if (score >= thresholds.WARN) {
const recs = [];
for (const f of failingEvidence) {
recs.push(`Fix: ${f.check} \u2014 ${f.details}`);
}
for (const w of warningEvidence) {
recs.push(`Address: ${w.check} \u2014 ${w.details}`);
}
return {
decision: "WARN",
score,
evidence: evidenceList,
summary: `WARN: Mixed signals \u2014 score ${formatPct(score)}, ${failingEvidence.length} failure(s), ${warningEvidence.length} warning(s)`,
blockers: [],
recommendations: recs
};
}
const blockers = failingEvidence.map((e) => `${e.check}: ${e.details}`);
const recommendations = failingEvidence.map(
(e) => `Fix: ${e.check} \u2014 ${e.details}`
);
return {
decision: "NO_SHIP",
score,
evidence: evidenceList,
summary: `NO_SHIP: Score ${formatPct(score)} below threshold ${formatPct(thresholds.WARN)}`,
blockers,
recommendations
};
}
function formatPct(score) {
return `${(score * 100).toFixed(1)}%`;
}
export {
SCORING_THRESHOLDS,
CRITICAL_FAILURES,
createGateEvidence,
computeScore,
findCriticalFailures,
hasCriticalFailure,
produceVerdict
};
-597
dist/chunk-BT56AKI4.js
import {
__require
} from "./chunk-3RG5ZIWI.js";
// src/trust-score/types.ts
var TRUST_CATEGORIES = [
"preconditions",
"postconditions",
"invariants",
"temporal",
"chaos",
"coverage"
];
var EVIDENCE_PRIORITY = {
smt: 3,
// Formal verification (highest trust)
runtime: 2,
// Runtime testing/verification
heuristic: 1
// Static analysis, heuristics (lowest trust)
};
var DEFAULT_WEIGHTS = {
preconditions: 20,
postconditions: 20,
invariants: 20,
temporal: 15,
chaos: 10,
coverage: 15
};
// src/trust-score/calculator.ts
function resolveConfig(config) {
const weights = { ...DEFAULT_WEIGHTS, ...config?.weights };
const weightSum = Object.values(weights).reduce((a, b) => a + b, 0);
if (weightSum <= 0) {
throw new Error("Trust score weights must sum to a positive number");
}
const normalizedWeights = {};
for (const cat of TRUST_CATEGORIES) {
normalizedWeights[cat] = weights[cat] / weightSum;
}
return {
weights,
normalizedWeights,
unknownPenalty: clamp(config?.unknownPenalty ?? 0.5, 0, 1),
shipThreshold: config?.shipThreshold ?? 80,
warnThreshold: config?.warnThreshold ?? 60,
criticalFailsBlock: config?.criticalFailsBlock ?? true,
historyPath: config?.historyPath ?? ".isl-gate/trust-history.json",
maxHistoryEntries: config?.maxHistoryEntries ?? 50,
enableEvidencePriority: config?.enableEvidencePriority ?? true,
evidenceDecayHalfLifeDays: config?.evidenceDecayHalfLifeDays ?? 90
};
}
function calculateTrustScore(input, config) {
const resolved = resolveConfig(config);
const clauses = input.clauses;
const grouped = groupByCategory(clauses);
const categoryScores = TRUST_CATEGORIES.map((cat) => {
const catClauses = grouped.get(cat) ?? [];
return scoreSingleCategory(cat, catClauses, resolved);
});
const criticalBlock = resolved.criticalFailsBlock && hasCriticalFailure(clauses);
let overallScore;
if (criticalBlock) {
overallScore = 0;
} else {
overallScore = Math.round(
categoryScores.reduce((sum, cs) => sum + cs.weightedScore, 0)
);
}
overallScore = clamp(overallScore, 0, 100);
const counts = aggregateCounts(categoryScores);
const verdict = determineVerdict(overallScore, resolved);
const reasons = buildReasons(overallScore, verdict, criticalBlock, categoryScores, resolved);
return {
score: overallScore,
verdict,
categories: categoryScores,
totalClauses: clauses.length,
counts,
criticalBlock,
reasons,
config: resolved,
timestamp: input.metadata?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString()
};
}
function scoreSingleCategory(category, clauses, config) {
const weight = config.normalizedWeights[category];
if (clauses.length === 0) {
const unknownScore = Math.round((1 - config.unknownPenalty) * 100);
return {
category,
score: unknownScore,
weight,
weightedScore: unknownScore * weight,
clauseCount: 0,
counts: { pass: 0, fail: 0, partial: 0, unknown: 0 }
};
}
const counts = { pass: 0, fail: 0, partial: 0, unknown: 0 };
let weightedScoreSum = 0;
let totalWeight = 0;
const now = Date.now();
for (const clause of clauses) {
counts[clause.status]++;
const baseScore = clauseStatusToScore(clause.status, config.unknownPenalty);
const evidenceSource = clause.evidenceSource ?? "heuristic";
const priorityMultiplier = config.enableEvidencePriority ? EVIDENCE_PRIORITY[evidenceSource] / EVIDENCE_PRIORITY.heuristic : 1;
let decayMultiplier = 1;
if (config.evidenceDecayHalfLifeDays > 0 && clause.evidenceTimestamp) {
const evidenceTime = new Date(clause.evidenceTimestamp).getTime();
const ageDays = (now - evidenceTime) / (1e3 * 60 * 60 * 24);
if (ageDays > 0) {
decayMultiplier = Math.pow(2, -ageDays / config.evidenceDecayHalfLifeDays);
}
}
const clauseWeight = priorityMultiplier * decayMultiplier;
weightedScoreSum += baseScore * clauseWeight;
totalWeight += clauseWeight;
}
const rawScore = totalWeight > 0 ? Math.round(weightedScoreSum / totalWeight) : 0;
const score = clamp(rawScore, 0, 100);
return {
category,
score,
weight,
weightedScore: score * weight,
clauseCount: clauses.length,
counts
};
}
function clauseStatusToScore(status, unknownPenalty) {
switch (status) {
case "pass":
return 100;
case "fail":
return 0;
case "partial":
return 50;
case "unknown":
return Math.round((1 - unknownPenalty) * 100);
}
}
function determineVerdict(score, config) {
if (score >= config.shipThreshold) return "SHIP";
if (score >= config.warnThreshold) return "WARN";
return "BLOCK";
}
function hasCriticalFailure(clauses) {
const criticalCategories = ["invariants", "preconditions"];
return clauses.some((c) => {
if (c.status !== "fail") return false;
if (c.confidence !== void 0 && c.confidence < 10) return true;
if (criticalCategories.includes(c.category)) return true;
return false;
});
}
function buildReasons(score, verdict, criticalBlock, categories, config) {
const reasons = [];
if (criticalBlock) {
reasons.push("Critical clause failure detected -- score forced to 0");
}
if (verdict === "SHIP") {
reasons.push(`Trust score ${score}/100 meets SHIP threshold (>= ${config.shipThreshold})`);
} else if (verdict === "WARN") {
reasons.push(`Trust score ${score}/100 is below SHIP threshold (${config.shipThreshold}) but above BLOCK (${config.warnThreshold})`);
} else {
reasons.push(`Trust score ${score}/100 is below BLOCK threshold (${config.warnThreshold})`);
}
const weakCategories = categories.filter((c) => c.score < config.warnThreshold && c.clauseCount > 0);
for (const wc of weakCategories) {
reasons.push(`${wc.category}: ${wc.score}/100 (${wc.counts.fail} failed, ${wc.counts.unknown} unknown)`);
}
const emptyCategories = categories.filter((c) => c.clauseCount === 0 && config.unknownPenalty > 0);
if (emptyCategories.length > 0) {
const names = emptyCategories.map((c) => c.category).join(", ");
reasons.push(`Unknown penalty applied to uncovered categories: ${names}`);
}
return reasons;
}
function groupByCategory(clauses) {
const map = /* @__PURE__ */ new Map();
for (const clause of clauses) {
const existing = map.get(clause.category) ?? [];
existing.push(clause);
map.set(clause.category, existing);
}
return map;
}
function aggregateCounts(categories) {
return categories.reduce(
(acc, cs) => ({
pass: acc.pass + cs.counts.pass,
fail: acc.fail + cs.counts.fail,
partial: acc.partial + cs.counts.partial,
unknown: acc.unknown + cs.counts.unknown
}),
{ pass: 0, fail: 0, partial: 0, unknown: 0 }
);
}
function clamp(value, min, max) {
return Math.max(min, Math.min(max, value));
}
// src/trust-score/history.ts
import { readFile, writeFile, mkdir } from "fs/promises";
import { dirname } from "path";
async function loadHistory(historyPath) {
try {
const raw = await readFile(historyPath, "utf-8");
const parsed = JSON.parse(raw);
if (parsed.version !== 1) {
return createEmptyHistory();
}
return parsed;
} catch {
return createEmptyHistory();
}
}
async function saveHistory(historyPath, history) {
await mkdir(dirname(historyPath), { recursive: true });
const json = JSON.stringify(history, null, 2);
await writeFile(historyPath, json, "utf-8");
}
function createEmptyHistory(projectFingerprint) {
return {
version: 1,
entries: [],
lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
projectFingerprint
};
}
function recordEntry(history, result, config, commitHash, projectFingerprint) {
const categoryScores = {};
for (const cs of result.categories) {
categoryScores[cs.category] = cs.score;
}
const evidenceBreakdown = {
smt: 0,
runtime: 0,
heuristic: 0
};
const entry = {
score: result.score,
verdict: result.verdict,
categoryScores,
timestamp: result.timestamp,
specFile: result.config.historyPath,
commitHash,
projectFingerprint,
counts: { ...result.counts },
evidenceBreakdown
};
const existingEntries = projectFingerprint ? history.entries.filter((e) => e.projectFingerprint === projectFingerprint) : history.entries;
const entries = [entry, ...existingEntries].slice(0, config.maxHistoryEntries);
return {
version: 1,
entries,
lastUpdated: (/* @__PURE__ */ new Date()).toISOString(),
projectFingerprint: projectFingerprint ?? history.projectFingerprint
};
}
function computeDelta(current, history) {
if (history.entries.length === 0) {
return void 0;
}
const previous = history.entries[0];
return computeDeltaBetween(current, previous);
}
function computeDeltaBetween(current, previous) {
const scoreDelta = current.score - previous.score;
const verdictChanged = current.verdict !== previous.verdict;
const categoryDeltas = {};
const improved = [];
const regressed = [];
const unchanged = [];
for (const cat of TRUST_CATEGORIES) {
const currentScore = current.categories.find((c) => c.category === cat)?.score ?? 0;
const previousScore = previous.categoryScores[cat] ?? 0;
const delta = currentScore - previousScore;
categoryDeltas[cat] = delta;
if (delta > 0) {
improved.push(cat);
} else if (delta < 0) {
regressed.push(cat);
} else {
unchanged.push(cat);
}
}
const summary = buildDeltaSummary(scoreDelta, verdictChanged, current.verdict, previous.verdict, improved, regressed);
return {
scoreDelta,
verdictChanged,
previousVerdict: verdictChanged ? previous.verdict : void 0,
categoryDeltas,
improved,
regressed,
unchanged,
summary
};
}
function computeTrend(history, windowSize = 5) {
const entries = history.entries.slice(0, windowSize);
if (entries.length < 2) {
return "stable";
}
const scores = entries.map((e) => e.score).reverse();
const n = scores.length;
const xMean = (n - 1) / 2;
const yMean = scores.reduce((a, b) => a + b, 0) / n;
let numerator = 0;
let denominator = 0;
for (let i = 0; i < n; i++) {
numerator += (i - xMean) * (scores[i] - yMean);
denominator += (i - xMean) ** 2;
}
if (denominator === 0) return "stable";
const slope = numerator / denominator;
if (slope > 1) return "improving";
if (slope < -1) return "declining";
return "stable";
}
function buildDeltaSummary(scoreDelta, verdictChanged, currentVerdict, previousVerdict, improved, regressed) {
const parts = [];
if (scoreDelta === 0) {
parts.push("Trust score unchanged");
} else if (scoreDelta > 0) {
parts.push(`Trust score improved by +${scoreDelta} points`);
} else {
parts.push(`Trust score regressed by ${scoreDelta} points`);
}
if (verdictChanged) {
parts.push(`Verdict changed: ${previousVerdict} -> ${currentVerdict}`);
}
if (improved.length > 0) {
parts.push(`Improved: ${improved.join(", ")}`);
}
if (regressed.length > 0) {
parts.push(`Regressed: ${regressed.join(", ")}`);
}
return parts.join(". ");
}
// src/trust-score/report.ts
function generateReport(result, delta) {
return {
result,
delta,
text: formatTextReport(result, delta),
json: formatJSONReport(result, delta)
};
}
function formatTextReport(result, delta) {
const lines = [];
lines.push("");
lines.push(verdictBanner(result.verdict, result.score));
lines.push("");
const deltaStr = delta ? formatDeltaInline(delta.scoreDelta) : "";
lines.push(` Trust Score: ${result.score}/100 ${deltaStr}`);
lines.push(` Verdict: ${result.verdict}`);
lines.push(` Threshold: ${result.config.shipThreshold} (SHIP) / ${result.config.warnThreshold} (WARN)`);
lines.push("");
lines.push(" Category Breakdown:");
lines.push(" " + "-".repeat(68));
lines.push(
" " + padRight("Category", 16) + padRight("Score", 8) + padRight("Weight", 8) + padRight("Pass", 6) + padRight("Fail", 6) + padRight("Part", 6) + padRight("Unk", 6) + "Delta"
);
lines.push(" " + "-".repeat(68));
for (const cs of result.categories) {
const catDelta = delta?.categoryDeltas[cs.category];
const catDeltaStr = catDelta !== void 0 ? formatDeltaInline(catDelta) : "";
lines.push(
" " + padRight(cs.category, 16) + padRight(`${cs.score}`, 8) + padRight(`${Math.round(cs.weight * 100)}%`, 8) + padRight(`${cs.counts.pass}`, 6) + padRight(`${cs.counts.fail}`, 6) + padRight(`${cs.counts.partial}`, 6) + padRight(`${cs.counts.unknown}`, 6) + catDeltaStr
);
}
lines.push(" " + "-".repeat(68));
lines.push(
" " + padRight("TOTAL", 16) + padRight(`${result.score}`, 8) + padRight("100%", 8) + padRight(`${result.counts.pass}`, 6) + padRight(`${result.counts.fail}`, 6) + padRight(`${result.counts.partial}`, 6) + padRight(`${result.counts.unknown}`, 6) + deltaStr
);
lines.push("");
lines.push(" " + renderScoreBar(result.score, 40));
lines.push("");
if (result.criticalBlock) {
lines.push(" !! CRITICAL: A critical clause failure forced the score to 0");
lines.push("");
}
if (result.reasons.length > 0) {
lines.push(" Reasons:");
for (const reason of result.reasons) {
lines.push(` - ${reason}`);
}
lines.push("");
}
if (delta) {
lines.push(" Delta from previous run:");
lines.push(` ${delta.summary}`);
if (delta.improved.length > 0) {
lines.push(` Improved: ${delta.improved.join(", ")}`);
}
if (delta.regressed.length > 0) {
lines.push(` Regressed: ${delta.regressed.join(", ")}`);
}
lines.push("");
}
lines.push(` Evaluated ${result.totalClauses} clauses at ${result.timestamp}`);
lines.push("");
return lines.join("\n");
}
function formatJSONReport(result, delta) {
return {
score: result.score,
verdict: result.verdict,
threshold: result.config.shipThreshold,
categories: result.categories.map((cs) => ({
name: cs.category,
score: cs.score,
weight: Math.round(cs.weight * 100),
pass: cs.counts.pass,
fail: cs.counts.fail,
partial: cs.counts.partial,
unknown: cs.counts.unknown
})),
counts: {
pass: result.counts.pass,
fail: result.counts.fail,
partial: result.counts.partial,
unknown: result.counts.unknown,
total: result.totalClauses
},
delta: delta ? {
scoreDelta: delta.scoreDelta,
verdictChanged: delta.verdictChanged,
improved: delta.improved,
regressed: delta.regressed
} : void 0,
timestamp: result.timestamp,
reasons: result.reasons
};
}
function verdictBanner(verdict, score) {
const width = 42;
const border = verdict === "SHIP" ? "=" : verdict === "WARN" ? "~" : "!";
const bar = border.repeat(width);
const icon = verdict === "SHIP" ? "SHIP" : verdict === "WARN" ? "WARN" : "BLOCK";
const label = `${icon} (${score}/100)`;
const padding = Math.max(0, Math.floor((width - label.length) / 2));
return [
` ${bar}`,
` ${" ".repeat(padding)}${label}`,
` ${bar}`
].join("\n");
}
function renderScoreBar(score, width) {
const filled = Math.round(score / 100 * width);
const empty = width - filled;
const filledChar = "#";
const emptyChar = ".";
return `[${filledChar.repeat(filled)}${emptyChar.repeat(empty)}] ${score}/100`;
}
function formatDeltaInline(delta) {
if (delta === 0) return "(=)";
if (delta > 0) return `(+${delta})`;
return `(${delta})`;
}
function padRight(str, len) {
return str.padEnd(len);
}
// src/trust-score/fingerprint.ts
import { createHash } from "crypto";
import { existsSync, readFileSync, statSync } from "fs";
import { join, resolve } from "path";
function generateProjectFingerprint(projectRoot) {
const root = resolve(projectRoot);
const hash = createHash("sha256");
hash.update(`root:${root}
`);
const packageJsonPath = join(root, "package.json");
if (existsSync(packageJsonPath)) {
try {
const pkg = JSON.parse(readFileSync(packageJsonPath, "utf-8"));
hash.update(`package:${pkg.name ?? "unknown"}:${pkg.version ?? "unknown"}
`);
} catch {
}
}
const islConfigPath = join(root, "isl.config.json");
if (existsSync(islConfigPath)) {
try {
const stats = statSync(islConfigPath);
hash.update(`isl-config:${stats.mtimeMs}
`);
} catch {
}
}
const shipgateConfigPath = join(root, ".shipgate", "project.json");
if (existsSync(shipgateConfigPath)) {
try {
const stats = statSync(shipgateConfigPath);
hash.update(`shipgate-config:${stats.mtimeMs}
`);
} catch {
}
}
try {
const { execSync } = __require("child_process");
const gitRoot = execSync("git rev-parse --show-toplevel", {
cwd: root,
encoding: "utf-8",
stdio: ["ignore", "pipe", "ignore"]
}).trim();
if (gitRoot) {
hash.update(`git-root:${gitRoot}
`);
}
} catch {
}
return hash.digest("hex").slice(0, 16);
}
function computeProjectFingerprint(projectRoot, providedFingerprint) {
if (providedFingerprint) {
return providedFingerprint;
}
if (projectRoot) {
return generateProjectFingerprint(projectRoot);
}
try {
const cwd = process.cwd();
return generateProjectFingerprint(cwd);
} catch {
return void 0;
}
}
// src/trust-score/orchestrator.ts
async function evaluateTrust(input, options) {
const config = resolveConfig(options);
const persist = options?.persist ?? true;
const projectFingerprint = computeProjectFingerprint(
input.metadata?.projectRoot,
input.metadata?.projectFingerprint
);
const result = calculateTrustScore(input, options);
const history = await loadHistory(config.historyPath);
const delta = computeDelta(result, history);
const report = generateReport(result, delta);
if (persist) {
const updatedHistory = recordEntry(
history,
result,
config,
options?.commitHash,
projectFingerprint
);
await saveHistory(config.historyPath, updatedHistory);
}
return report;
}
async function enforceTrustGate(input, options) {
const report = await evaluateTrust(input, options);
const { result } = report;
const threshold = result.config.shipThreshold;
const passed = result.score >= threshold;
const message = passed ? `GATE PASSED: Trust score ${result.score}/100 >= threshold ${threshold}` : `GATE FAILED: Trust score ${result.score}/100 < threshold ${threshold}`;
return {
passed,
score: result.score,
threshold,
verdict: result.verdict,
exitCode: passed ? 0 : 1,
report,
message
};
}
export {
TRUST_CATEGORIES,
EVIDENCE_PRIORITY,
DEFAULT_WEIGHTS,
resolveConfig,
calculateTrustScore,
loadHistory,
saveHistory,
createEmptyHistory,
recordEntry,
computeDelta,
computeDeltaBetween,
computeTrend,
generateReport,
formatTextReport,
formatJSONReport,
generateProjectFingerprint,
computeProjectFingerprint,
evaluateTrust,
enforceTrustGate
};
-428
dist/orchestrator-CHlc8H1I.d.ts
/**
* Trust Score Engine - Type Definitions
*
* Types for the 0-100 trust score system that evaluates ISL contracts
* across six verification categories.
*
* @module @isl-lang/gate/trust-score/types
*/
/**
* The six verification categories that feed into the trust score.
*/
type TrustCategory = 'preconditions' | 'postconditions' | 'invariants' | 'temporal' | 'chaos' | 'coverage';
/** All trust categories in canonical order */
declare const TRUST_CATEGORIES: readonly TrustCategory[];
/**
* Status of a single clause or category.
*
* - pass: fully verified
* - fail: verification failed
* - partial: partially verified (degraded confidence)
* - unknown: not evaluated (subject to partial penalty)
*/
type ClauseStatus = 'pass' | 'fail' | 'partial' | 'unknown';
/**
* Evidence source priority (higher = more trustworthy).
* Used to weight clause results based on verification method.
*/
type EvidenceSource = 'smt' | 'runtime' | 'heuristic';
/**
* Evidence source priority values (higher = more trustworthy).
*/
declare const EVIDENCE_PRIORITY: Record<EvidenceSource, number>;
/**
* A single clause result from verification.
*/
interface TrustClauseResult {
/** Unique identifier for this clause */
id: string;
/** Which category this clause belongs to */
category: TrustCategory;
/** Human-readable description */
description: string;
/** Verification status */
status: ClauseStatus;
/** Optional confidence in this result (0-100) */
confidence?: number;
/** Optional error message if failed */
message?: string;
/** Optional evidence artifact path */
evidence?: string;
/** Evidence source type (defaults to 'heuristic' if not specified) */
evidenceSource?: EvidenceSource;
/** Timestamp when this evidence was collected (ISO string) */
evidenceTimestamp?: string;
}
/**
* Input for the trust score calculator.
* Accepts clause-level results grouped by category.
*/
interface TrustScoreInput {
/** All clause results from verification */
clauses: TrustClauseResult[];
/** Optional metadata about the verification run */
metadata?: {
specFile?: string;
implFile?: string;
timestamp?: string;
durationMs?: number;
/** Project root directory for fingerprinting */
projectRoot?: string;
/** Project fingerprint (auto-computed if not provided) */
projectFingerprint?: string;
};
}
/**
* Configurable weights for each trust category.
* Values are relative -- they are normalized to sum to 1.0 internally.
*/
type TrustWeights = Record<TrustCategory, number>;
/**
* Default weights. Preconditions, postconditions, and invariants are
* the backbone of design-by-contract; temporal and coverage provide
* additional assurance; chaos is supplementary.
*/
declare const DEFAULT_WEIGHTS: Readonly<TrustWeights>;
/**
* Full trust score configuration.
*/
interface TrustScoreConfig {
/** Weights per category (defaults to DEFAULT_WEIGHTS) */
weights?: Partial<TrustWeights>;
/**
* Penalty multiplier applied to categories with status 'unknown'.
* 0.0 = no penalty (unknown treated as pass)
* 1.0 = full penalty (unknown treated as fail)
* Default: 0.5 (50% penalty)
*/
unknownPenalty?: number;
/**
* Minimum score threshold for SHIP verdict.
* Default: 80
*/
shipThreshold?: number;
/**
* Minimum score threshold for WARN verdict (below this = BLOCK).
* Default: 60
*/
warnThreshold?: number;
/**
* If true, a single failing critical clause forces score to 0.
* Default: true
*/
criticalFailsBlock?: boolean;
/**
* Path to history file for delta detection.
* Default: '.isl-gate/trust-history.json'
*/
historyPath?: string;
/**
* Maximum history entries to retain.
* Default: 50
*/
maxHistoryEntries?: number;
/**
* Enable evidence source priority weighting.
* When true, SMT evidence is weighted higher than runtime, which is higher than heuristics.
* Default: true
*/
enableEvidencePriority?: boolean;
/**
* Enable time-based decay for evidence.
* When true, older evidence contributes less to the score.
* Decay half-life in days (default: 90 days).
* Set to 0 to disable decay.
* Default: 90
*/
evidenceDecayHalfLifeDays?: number;
}
/**
* Resolved configuration with all defaults applied.
*/
interface ResolvedTrustConfig {
weights: TrustWeights;
normalizedWeights: TrustWeights;
unknownPenalty: number;
shipThreshold: number;
warnThreshold: number;
criticalFailsBlock: boolean;
historyPath: string;
maxHistoryEntries: number;
enableEvidencePriority: boolean;
evidenceDecayHalfLifeDays: number;
}
/**
* Score breakdown for a single category.
*/
interface CategoryScore {
/** The category */
category: TrustCategory;
/** Raw score for this category (0-100) */
score: number;
/** Weight applied to this category (normalized, 0-1) */
weight: number;
/** Weighted contribution to overall score */
weightedScore: number;
/** Number of clauses in this category */
clauseCount: number;
/** Status counts within this category */
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
};
}
/**
* Trust score verdict.
*/
type TrustVerdict = 'SHIP' | 'WARN' | 'BLOCK';
/**
* The complete trust score result.
*/
interface TrustScoreResult {
/** Overall trust score 0-100 (integer) */
score: number;
/** Verdict based on thresholds */
verdict: TrustVerdict;
/** Per-category score breakdown */
categories: CategoryScore[];
/** Total clauses evaluated */
totalClauses: number;
/** Aggregate status counts */
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
};
/** Whether a critical blocker forced the verdict */
criticalBlock: boolean;
/** Reasons for the verdict */
reasons: string[];
/** The resolved configuration used */
config: ResolvedTrustConfig;
/** Timestamp of this evaluation */
timestamp: string;
}
/**
* A single entry in the trust score history.
*/
interface TrustHistoryEntry {
/** Overall score */
score: number;
/** Verdict */
verdict: TrustVerdict;
/** Per-category scores */
categoryScores: Record<TrustCategory, number>;
/** ISO timestamp */
timestamp: string;
/** Optional spec file path */
specFile?: string;
/** Optional git commit hash */
commitHash?: string;
/** Project fingerprint for this entry */
projectFingerprint?: string;
/** Clause counts */
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
};
/** Evidence breakdown by source */
evidenceBreakdown?: {
smt: number;
runtime: number;
heuristic: number;
};
}
/**
* Delta between two trust score evaluations.
*/
interface TrustDelta {
/** Change in overall score */
scoreDelta: number;
/** Whether verdict changed */
verdictChanged: boolean;
/** Previous verdict (if changed) */
previousVerdict?: TrustVerdict;
/** Per-category deltas */
categoryDeltas: Record<TrustCategory, number>;
/** Categories that improved */
improved: TrustCategory[];
/** Categories that regressed */
regressed: TrustCategory[];
/** Categories that stayed the same */
unchanged: TrustCategory[];
/** Human-readable summary of changes */
summary: string;
}
/**
* Full trust history with metadata.
*/
interface TrustHistory {
/** Version of the history format */
version: 1;
/** History entries ordered newest-first */
entries: TrustHistoryEntry[];
/** Last updated timestamp */
lastUpdated: string;
/** Project fingerprint (computed from project root) */
projectFingerprint?: string;
}
/**
* Trust score report with formatting metadata.
*/
interface TrustReport {
/** The trust score result */
result: TrustScoreResult;
/** Delta from previous run (if history available) */
delta?: TrustDelta;
/** Formatted text report */
text: string;
/** JSON-serializable report */
json: TrustReportJSON;
}
/**
* JSON-serializable trust report.
*/
interface TrustReportJSON {
score: number;
verdict: TrustVerdict;
threshold: number;
categories: Array<{
name: TrustCategory;
score: number;
weight: number;
pass: number;
fail: number;
partial: number;
unknown: number;
}>;
counts: {
pass: number;
fail: number;
partial: number;
unknown: number;
total: number;
};
delta?: {
scoreDelta: number;
verdictChanged: boolean;
improved: TrustCategory[];
regressed: TrustCategory[];
};
timestamp: string;
reasons: string[];
}
/**
* Trust Score Calculator
*
* Computes a defensible 0-100 trust score from verification results
* across six categories with configurable weights and unknown-penalty.
*
* Scoring rules:
* - Each category produces a raw 0-100 score from its clause results
* - pass = 100, fail = 0, partial = 50, unknown = (1 - unknownPenalty) * 100
* - Category scores are combined via weighted average
* - criticalFailsBlock: a single failing clause can force score to 0
* - Final score is always an integer 0-100
*
* @module @isl-lang/gate/trust-score/calculator
*/
/**
* Resolve partial user config into a fully-populated config.
*/
declare function resolveConfig(config?: TrustScoreConfig): ResolvedTrustConfig;
/**
* Compute the trust score from verification clause results.
*/
declare function calculateTrustScore(input: TrustScoreInput, config?: TrustScoreConfig): TrustScoreResult;
/**
* Trust Score Report Generator
*
* Produces human-readable text reports and JSON-serializable reports
* from trust score results.
*
* @module @isl-lang/gate/trust-score/report
*/
/**
* Generate a full trust report (text + JSON).
*/
declare function generateReport(result: TrustScoreResult, delta?: TrustDelta): TrustReport;
/**
* Format a human-readable text report.
*/
declare function formatTextReport(result: TrustScoreResult, delta?: TrustDelta): string;
/**
* Format a JSON-serializable report.
*/
declare function formatJSONReport(result: TrustScoreResult, delta?: TrustDelta): TrustReportJSON;
/**
* Trust Score Orchestrator
*
* High-level API that combines calculation, history, and reporting
* into a single call. Also provides gate enforcement.
*
* @module @isl-lang/gate/trust-score/orchestrator
*/
/**
* Options for the orchestrator.
*/
interface EvaluateTrustOptions extends TrustScoreConfig {
/** If true, persist the result to history. Default: true */
persist?: boolean;
/** Optional git commit hash to tag the entry */
commitHash?: string;
}
/**
* Evaluate trust score with full history and reporting.
*
* This is the primary high-level API. It:
* 1. Calculates the trust score from clause results
* 2. Loads history and computes delta from last run
* 3. Generates human-readable and JSON reports
* 4. Persists the result to history (unless disabled)
*/
declare function evaluateTrust(input: TrustScoreInput, options?: EvaluateTrustOptions): Promise<TrustReport>;
/**
* Result of gate enforcement.
*/
interface GateEnforcementResult {
/** Whether the gate passed */
passed: boolean;
/** The trust score */
score: number;
/** The threshold that was applied */
threshold: number;
/** The verdict */
verdict: string;
/** Exit code: 0 for pass, 1 for fail */
exitCode: 0 | 1;
/** The full trust report */
report: TrustReport;
/** Human-readable enforcement message */
message: string;
}
/**
* Enforce a trust score gate.
*
* Calculates the trust score and checks it against the configured
* SHIP threshold. Returns a pass/fail result suitable for CI pipelines.
*
* @example
* ```typescript
* const gate = await enforceTrustGate(input, { shipThreshold: 90 });
* process.exit(gate.exitCode);
* ```
*/
declare function enforceTrustGate(input: TrustScoreInput, options?: EvaluateTrustOptions): Promise<GateEnforcementResult>;
export { type CategoryScore as C, DEFAULT_WEIGHTS as D, EVIDENCE_PRIORITY as E, type ResolvedTrustConfig as R, type TrustScoreResult as T, type TrustHistory as a, type TrustDelta as b, type TrustHistoryEntry as c, type ClauseStatus as d, type EvidenceSource as e, TRUST_CATEGORIES as f, type TrustCategory as g, type TrustClauseResult as h, type TrustReport as i, type TrustReportJSON as j, type TrustScoreConfig as k, type TrustScoreInput as l, type TrustVerdict as m, type TrustWeights as n, calculateTrustScore as o, enforceTrustGate as p, evaluateTrust as q, formatJSONReport as r, formatTextReport as s, generateReport as t, resolveConfig as u };
-105
dist/verdict-engine-CCsnJ_Vs.d.ts
/**
* Verdict Engine — SHIP / WARN / NO_SHIP
*
* Produces scored, explainable verdicts with full evidence trails.
* ISL-verified evidence is weighted 2× relative to specless evidence.
*
* Decision flow:
* 1. Scan evidence for critical failures → NO_SHIP immediately
* 2. Compute weighted score from evidence confidence values
* 3. Apply thresholds: score ≥ 0.85 → SHIP, ≥ 0.50 → WARN, else → NO_SHIP
*
* @module @isl-lang/gate/authoritative/verdict-engine
*/
/**
* Scoring thresholds that map a 0–1 confidence score to a verdict.
*/
declare const SCORING_THRESHOLDS: {
/** High confidence — all critical checks pass */
readonly SHIP: 0.85;
/** Mixed signals — non-critical issues present */
readonly WARN: 0.5;
/** Below WARN threshold or any critical failure */
readonly NO_SHIP: 0;
};
type ScoringThresholds = typeof SCORING_THRESHOLDS;
/**
* Critical failure categories that force NO_SHIP regardless of score.
*/
declare const CRITICAL_FAILURES: readonly ["postcondition_violation", "security_violation", "critical_vulnerability", "fake_feature_detected"];
type CriticalFailureKind = typeof CRITICAL_FAILURES[number];
/**
* Source of a piece of gate evidence.
*
* 'isl-spec' evidence is weighted 2× in score aggregation.
*/
type GateEvidenceSource = 'isl-spec' | 'static-analysis' | 'runtime-eval' | 'specless-scanner';
/**
* A single piece of evidence collected during gate evaluation.
*/
interface GateEvidence {
/** Where this evidence came from */
source: GateEvidenceSource;
/** What was checked, e.g. "postcondition: User.exists(result.id)" */
check: string;
/** Outcome of the check */
result: 'pass' | 'fail' | 'warn' | 'skip';
/** Confidence in this result, 0–1 */
confidence: number;
/** Human-readable details */
details: string;
}
/** Tri-state verdict: SHIP, WARN, or NO_SHIP */
type VerdictDecision = 'SHIP' | 'WARN' | 'NO_SHIP';
/**
* Complete gate verdict with evidence trail and actionable feedback.
*/
interface GateVerdict {
/** Final decision */
decision: VerdictDecision;
/** Aggregated score 0–1 */
score: number;
/** All evidence used to reach this verdict */
evidence: GateEvidence[];
/** One-line human-readable summary */
summary: string;
/** What specifically blocked (non-empty only for NO_SHIP) */
blockers: string[];
/** Actionable fixes / next steps */
recommendations: string[];
}
/**
* Create a gate evidence entry with validated confidence.
*/
declare function createGateEvidence(source: GateEvidenceSource, check: string, result: GateEvidence['result'], confidence: number, details: string): GateEvidence;
/**
* Compute the aggregate score from a list of evidence.
*
* Score = Σ(confidence × resultFactor × sourceWeight) / Σ(sourceWeight)
*
* 'skip' evidence is excluded entirely.
* Returns 0 when no scoreable evidence exists.
*/
declare function computeScore(evidence: readonly GateEvidence[]): number;
/**
* Find all evidence entries that represent critical failures.
* A critical failure is a 'fail' result whose check name contains
* one of the CRITICAL_FAILURES identifiers.
*/
declare function findCriticalFailures(evidence: readonly GateEvidence[]): GateEvidence[];
/**
* Check whether any evidence contains a critical failure.
*/
declare function hasCriticalFailure(evidence: readonly GateEvidence[]): boolean;
/**
* Produce a complete, explainable verdict from collected evidence.
*
* Decision algorithm:
* 1. If any critical failure → NO_SHIP (regardless of score)
* 2. If score ≥ 0.85 → SHIP
* 3. If score ≥ 0.50 → WARN
* 4. Otherwise → NO_SHIP
*/
declare function produceVerdict(evidence: readonly GateEvidence[], thresholds?: ScoringThresholds): GateVerdict;
export { CRITICAL_FAILURES as C, type GateEvidence as G, SCORING_THRESHOLDS as S, type VerdictDecision as V, type CriticalFailureKind as a, type GateEvidenceSource as b, type GateVerdict as c, type ScoringThresholds as d, computeScore as e, createGateEvidence as f, findCriticalFailures as g, hasCriticalFailure as h, produceVerdict as p };