feat(T010): add AI usage inventory export

Author: artemhobotun

docs/AI_USAGE_INVENTORY.md

@@ -0,0 +1,27 @@
+# AI Usage Inventory (AI-BOM)
+
+The AI Usage Inventory provides a deterministic, structured, and backend-ready contract for inventorying AI assets within a repository.
+
+## Purpose
+- Provide a standardized AI-BOM format.
+- Enable automated ingestion by Caesar Governance OS.
+- Support compliance and reporting without exposing sensitive data.
+- Maintain an offline/deterministic source of truth.
+
+## Contract Structure
+The inventory follows the `schemas/ai-usage-inventory.schema.json` schema:
+
+- **Metadata:** Schema version, tool version, and run timestamp.
+- **Components:** Grouped by detection category:
+  - `provider_sdks`
+  - `orchestration_frameworks`
+  - `rag_vector_stack`
+  - `model_artifacts`
+  - `prompt_assets`
+  - `config_signals`
+- **Governance:** Review requirements, export status, and safety flags.
+
+## Integration
+The inventory is exported via the Caesar AI Scan CLI using:
+`--inventory-out <path>`
+`--inventory-report <path>` (optional markdown summary)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "caesar-ai-scan",
-  "version": "0.9.0",
+  "version": "0.10.0",
   "description": "Static-analysis CLI and CI/CD tool to inventory AI dependencies, framework usage, vector DBs, and credentials.",
   "type": "module",
   "main": "src/cli.mjs",
@@ -18,9 +18,11 @@
     "validate:site": "node scripts/validate-site.mjs",
     "history:sample": "node src/cli.mjs fixtures/sample-ai-project --format json --out tmp/sample-scan-result.json --export-evidence-candidates tmp/sample-evidence-candidates.json --review-out tmp/sample-review-workflow.json --export-pack tmp/sample-evidence-export-pack --history-dir tmp/sample-history --record-history --diff-previous --history-report tmp/sample-history/latest-diff.md",
     "validate:history": "node scripts/validate-scan-history.mjs",
+    "inventory:sample": "node src/cli.mjs fixtures/sample-ai-frameworks-project --format json --out tmp/sample-scan-result.json --inventory-out tmp/sample-ai-usage-inventory.json --inventory-report tmp/sample-ai-usage-inventory.md",
+    "validate:inventory": "node scripts/validate-ai-usage-inventory.mjs",
     "validate:rule-pack-v1": "node scripts/validate-rule-pack-v1.mjs",
     "reference:scan:setup": "node scripts/setup-ai-scan-reference-lab.mjs",
-    "check:all-offline": "npm run check:syntax && npm run scan:sample && npm run validate:samples && npm run validate:rule-pack-v1 && npm run review:sample && npm run validate:review && npm run pack:sample && npm run validate:pack && npm run scope:sample && npm run validate:scope && npm run validate:history && npm run build:site && npm run validate:site"
+    "check:all-offline": "npm run check:syntax && npm run scan:sample && npm run validate:samples && npm run validate:rule-pack-v1 && npm run review:sample && npm run validate:review && npm run pack:sample && npm run validate:pack && npm run scope:sample && npm run validate:scope && npm run validate:history && npm run inventory:sample && npm run validate:inventory && npm run build:site && npm run validate:site"
   },
   "keywords": [
     "ai",

scripts/validate-ai-usage-inventory.mjs

@@ -0,0 +1,41 @@
+import { readFileSync, writeFileSync } from 'fs';
+import { resolve } from 'path';
+
+const inventoryPath = resolve('tmp/sample-ai-usage-inventory.json');
+const inventory = JSON.parse(readFileSync(inventoryPath, 'utf8'));
+
+console.log('🚀 Validating AI Usage Inventory...');
+
+// 1. Validate Structure
+const requiredFields = ['schema_version', 'generated_at', 'tool_name', 'tool_version', 'inventory'];
+requiredFields.forEach(field => {
+  if (!inventory[field]) throw new Error(`Missing required field: ${field}`);
+});
+
+// 2. Validate Categories
+const categories = ['provider_sdks', 'orchestration_frameworks', 'rag_vector_stack', 'model_artifacts', 'prompt_assets', 'config_signals'];
+categories.forEach(cat => {
+  if (!Array.isArray(inventory.inventory[cat])) throw new Error(`Category ${cat} is not an array`);
+});
+
+// 3. Verify counts (minimum coverage)
+const minCoverage = {
+  provider_sdks: 3,
+  orchestration_frameworks: 4,
+  rag_vector_stack: 5,
+  prompt_assets: 2,
+  model_artifacts: 3,
+  config_signals: 4
+};
+
+Object.entries(minCoverage).forEach(([cat, min]) => {
+  const count = inventory.inventory[cat].length;
+  if (count < min) throw new Error(`Insufficient findings for ${cat}: expected at least ${min}, found ${count}`);
+  console.log(`✅ ${cat}: ${count} findings (>= ${min})`);
+});
+
+// 4. Verify draft status
+if (inventory.export_status !== 'draft') throw new Error('Inventory must be in draft status');
+if (inventory.review_required !== true) throw new Error('Inventory must require review');
+
+console.log('✅ All inventory validation assertions PASSED successfully.');

scripts/validate-samples.mjs

@@ -21,7 +21,7 @@ function runValidation() {
   assert(result.schema_version === '0.5.0', 'Schema version should be 0.5.0');
   assert(result.scanner && result.scanner.name === 'caesar-ai-scan', 'Scanner name matches');
   // version is now 0.9.0
-  assert(result.scanner.version === '0.9.0', `Scanner version should be 0.9.0, got ${result.scanner.version}`);
+  assert(result.scanner.version === '0.10.0', `Scanner version should be 0.10.0, got ${result.scanner.version}`);
 
   assert(result.scanned_at, 'scanned_at timestamp exists');
   assert(result.target === './fixtures/sample-ai-project' || result.target === targetDir, 'target matches scanned path');