Add profile credit consent visibility guard

profile-credit-consent-visibility-guard/README.md

@@ -0,0 +1,38 @@
+# Profile Credit Consent Visibility Guard
+
+This module adds a focused Community & User Reputation System guard for issue #15.
+It evaluates whether CRediT contribution records, peer-review receipts, and
+reputation deltas can safely appear on researcher profiles, citation pages,
+leaderboards, or institutional exports.
+
+The guard is intentionally narrow. It does not implement another broad
+reputation ledger, endorsement-ring detector, badge gate, leaderboard gate,
+review civility tool, recusal module, calibration bench, identity-leak-only
+checker, or correction-impact ledger.
+
+## What It Checks
+
+- contributor profile-credit consent is active and not expired or revoked
+- ORCID/profile identity is verified before public reputation deltas publish
+- CRediT/review roles are accepted and evidence receipts are immutable
+- anonymous or double-blind review credits remain redacted until release
+- embargoed artifacts stay citation-only until the embargo date passes
+- private or sensitive evidence is restricted to institutional export packets
+- missing evidence blocks public profile and leaderboard updates
+
+## Commands
+
+```bash
+npm run check
+npm test
+npm run demo
+```
+
+The demo writes deterministic reviewer artifacts to `reports/`:
+
+- `summary.json`
+- `reviewer-packet.md`
+- `summary.svg`
+
+The sample data is synthetic only. No private user, account, payout, profile, or
+payment information is included.

profile-credit-consent-visibility-guard/acceptance-notes.md

@@ -0,0 +1,23 @@
+# Acceptance Notes
+
+- Dependency-free CommonJS module.
+- Synthetic sample records only.
+- No live service calls, credentials, secrets, payment data, payout data, or
+  private profile data.
+- Deterministic `sha256` audit digest for reviewer-visible output.
+- Tests cover:
+  - publishable public profile/citation credits
+  - double-blind review redaction
+  - embargoed citation-only credits
+  - revoked consent holds
+  - institutional-only private evidence
+  - missing or mutable evidence holds
+  - deterministic digest generation
+
+Expected validation:
+
+```bash
+npm run check
+npm test
+npm run demo
+```

profile-credit-consent-visibility-guard/demo.js

@@ -0,0 +1,31 @@
+const fs = require("node:fs");
+const path = require("node:path");
+const {
+  analyzeProfileCredits,
+  renderMarkdownReport,
+  renderSvgSummary,
+} = require("./index");
+const { sampleProfileCreditPackets } = require("./sample-data");
+
+const reportsDir = path.join(__dirname, "reports");
+fs.mkdirSync(reportsDir, { recursive: true });
+
+const result = analyzeProfileCredits(sampleProfileCreditPackets, {
+  asOf: "2026-05-22T12:00:00.000Z",
+});
+
+fs.writeFileSync(
+  path.join(reportsDir, "summary.json"),
+  `${JSON.stringify(result, null, 2)}\n`
+);
+fs.writeFileSync(
+  path.join(reportsDir, "reviewer-packet.md"),
+  renderMarkdownReport(result)
+);
+fs.writeFileSync(
+  path.join(reportsDir, "summary.svg"),
+  renderSvgSummary(result)
+);
+
+console.log("profile credit consent visibility guard demo artifacts written");
+console.log(`audit digest: ${result.auditDigest}`);