Package Exports
- @decantr/verifier
- @decantr/verifier/schema/decantr-ci-report.v1.json
- @decantr/verifier/schema/evidence-bundle.v1.json
- @decantr/verifier/schema/file-critique-report.v1.json
- @decantr/verifier/schema/project-audit-report.v1.json
- @decantr/verifier/schema/project-health-report.v1.json
- @decantr/verifier/schema/scan-report.v1.json
- @decantr/verifier/schema/showcase-shortlist-report.v1.json
- @decantr/verifier/schema/verification-report.common.v1.json
- @decantr/verifier/schema/workspace-health-report.v1.json
Readme
@decantr/verifier
Support status: core-supported
Release channel: stable
Shared Decantr verification, critique, and report-schema engine used by the CLI, MCP server, and future CI/hosted verification surfaces.
Install
npm install @decantr/verifierWhat It Exports
auditProject()for project-level Decantr auditsauditBuiltDist()for built-output runtime verification against emitted HTML, assets, and route hintsscanProject()for read-only Brownfield reconnaissance of framework, routes, components, styling, static-hosting hints, Decantr presence, and assistant-rule filesresolveGitHubScanInput()andprobePublishedSite()for hosted scan inputs and HTML-only published-site metadata probescritiqueFile()for file-level review against compiled review-pack contractscreateContractAssertions()for explicit route, shell, accessibility, context, and design-token assertions derived from Essence/contextcreateEvidenceBundle()for privacy-redacted local evidence artifacts used by AI repair loops and CI- schema-backed report types for project audits, Project Health, Decantr CI reports, Evidence Bundles, Workspace Health, file critiques, and showcase verification
ProjectHealthReport,ProjectHealthFinding, andProjectHealthRemediationtypes for the CLI's end-user health surface- interaction findings now include scanned file counts, file line ranges, and expected signal evidence where available, so CLI health/check output can point agents at source-grounded remediation
- contract-only and style-bridge Brownfield critique avoids requiring Decantr treatments/decorators when the project keeps its own styling authority
- Decantr CI report schemas include accepted style bridge status, mapping count, styling approach, and theme modes alongside local-law findings
- project audits check that
pack-manifest.jsonreferences real pack markdown/JSON files on disk - project audits tolerate partial or malformed generated review packs without crashing Project Health, so half-attached Brownfield projects still receive actionable findings
- Next.js static/document outputs are treated as framework-rendered documents instead of requiring a Vite-style
id="root"mount element - project source audits ignore test, spec, story, fixture, and mock files for production drift warnings such as localhost endpoints and unsafe rendering patterns
- published verifier report schemas are exercised by AJV-backed round-trip tests against real audit, critique, and shortlist-report outputs
- project audits include runtime evidence when a built
dist/output is present:- root document
- document title
- document
langandviewportmetadata - emitted assets
- route-document coverage
- built asset byte budgets for JS, CSS, and total payload
- auth-topology warnings when the essence declares authentication without clear gateway or entry routes
Example
import {
auditProject,
createContractAssertions,
createEvidenceBundle,
critiqueFile,
scanProject,
type ProjectHealthReport,
} from '@decantr/verifier';
const scan = await scanProject(process.cwd());
const audit = await auditProject(process.cwd());
const assertions = createContractAssertions(process.cwd(), audit);
const critique = await critiqueFile('./src/pages/overview.tsx', process.cwd());
function isBlocking(report: ProjectHealthReport) {
return report.status === 'error';
}Schema Exports
@decantr/verifier/schema/verification-report.common.v1.json@decantr/verifier/schema/project-audit-report.v1.json@decantr/verifier/schema/project-health-report.v1.json@decantr/verifier/schema/decantr-ci-report.v1.json@decantr/verifier/schema/evidence-bundle.v1.json@decantr/verifier/schema/scan-report.v1.json@decantr/verifier/schema/workspace-health-report.v1.json@decantr/verifier/schema/file-critique-report.v1.json@decantr/verifier/schema/showcase-shortlist-report.v1.json
Security And Permissions
The verifier is a local library. It reads selected project source, Decantr context, read-only scan files, and built dist/.next output when callers request project or runtime audits. scanProject() returns relative evidence and does not write artifacts, install dependencies, build projects, execute scripts, or open pull requests. probePublishedSite() fetches HTML metadata over HTTP(S) only and does not execute JavaScript or capture screenshots. Built-output runtime audit starts a temporary loopback static server and fetches from that local server. The verifier does not write files, spawn processes, emit telemetry, or upload source by itself. See security permissions.
Compatibility
@decantr/verifier is stable in the 2.x line for the documented verifier APIs and published report-schema exports.
- new checks and additive report fields may appear in compatible releases
- breaking report-shape or exported API changes require a major version
- hosted and CLI verifier consumers should treat the published schemas as the supported contract surface
License
MIT