Add repository review-decision provenance guard

repository-review-decision-provenance-guard/.gitignore

@@ -0,0 +1 @@
+reports/frames/

repository-review-decision-provenance-guard/README.md

@@ -0,0 +1,41 @@
+# Repository Review-Decision Provenance Guard
+
+Self-contained synthetic module for SCIBASE issue #10, Project Repository & Version Control.
+
+The guard focuses on a narrow release/export decision point: resolved merge-request review discussions should not disappear after merge. Before a tagged scientific repository version is exported, the module checks that reviewer decisions are durable, anchored to files and commits, role-appropriate, public-safe, and linked from the export manifest.
+
+## What It Checks
+
+- Stable release tag, export bundle hash, and DOI or persistent identifier evidence.
+- A review-decision packet entry in the export manifest.
+- Resolved review threads mapped to scientific repository components.
+- File and commit anchors for reviewed manuscript, data, code, notebook, and metadata changes.
+- Reviewer role eligibility by component.
+- Resolution rationales that can survive future audit.
+- Export inclusion for resolved decisions.
+- Private reviewer notes redacted before public release.
+- Evidence references such as rendered manuscripts, data dictionaries, notebook hashes, or DataCite previews.
+
+This is distinct from an unresolved-discussion merge gate. It preserves already-resolved scientific review decisions into release and export evidence.
+
+## Run
+
+```sh
+npm run check
+npm test
+npm run demo
+npm run verify-video
+```
+
+## Outputs
+
+`npm run demo` writes:
+
+- `reports/clean-audit.json`
+- `reports/risky-audit.json`
+- `reports/risky-review.md`
+- `reports/summary.svg`
+- `reports/manifest.json`
+- `reports/demo.mp4`
+
+The sample data is synthetic only. The module does not call GitHub, DOI providers, identity systems, payment processors, credentials, private repositories, or external APIs.

repository-review-decision-provenance-guard/demo.js

@@ -0,0 +1,46 @@
+"use strict";
+
+const fs = require("node:fs");
+const path = require("node:path");
+const {
+  evaluateReviewDecisionProvenance,
+  renderMarkdownReport,
+  renderSvgSummary
+} = require("./index");
+const { cleanPacket, riskyPacket } = require("./sample-data");
+
+const reportsDir = path.join(__dirname, "reports");
+fs.mkdirSync(reportsDir, { recursive: true });
+
+const clean = evaluateReviewDecisionProvenance(cleanPacket);
+const risky = evaluateReviewDecisionProvenance(riskyPacket);
+
+fs.writeFileSync(path.join(reportsDir, "clean-audit.json"), `${JSON.stringify(clean, null, 2)}\n`);
+fs.writeFileSync(path.join(reportsDir, "risky-audit.json"), `${JSON.stringify(risky, null, 2)}\n`);
+fs.writeFileSync(path.join(reportsDir, "risky-review.md"), renderMarkdownReport(risky, riskyPacket));
+fs.writeFileSync(path.join(reportsDir, "summary.svg"), renderSvgSummary(risky));
+fs.writeFileSync(
+  path.join(reportsDir, "manifest.json"),
+  `${JSON.stringify(
+    {
+      generatedAt: new Date().toISOString(),
+      module: "repository-review-decision-provenance-guard",
+      cleanStatus: clean.status,
+      riskyStatus: risky.status,
+      riskyFindings: risky.findings.length,
+      artifacts: [
+        "clean-audit.json",
+        "risky-audit.json",
+        "risky-review.md",
+        "summary.svg",
+        "demo.mp4"
+      ]
+    },
+    null,
+    2
+  )}\n`
+);
+
+console.log(`Clean packet: ${clean.status} (${clean.findings.length} findings)`);
+console.log(`Risky packet: ${risky.status} (${risky.findings.length} findings)`);
+console.log(`Wrote reports to ${reportsDir}`);