@aigrc/core 0.1.0 → 0.2.0

package/dist/index.mjs

@@ -2,6 +2,12 @@ var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
@@ -1072,6 +1078,311 @@ var ConstraintsSchema = z.object({
     logToolInvocations: z.boolean().default(true)
   }).optional()
 });
+var RiskLevelSchema = z.enum(["minimal", "limited", "high", "unacceptable"]);
+var GoldenThreadSchema = z.object({
+  /** Ticket ID from approval system (e.g., "FIN-1234") */
+  ticket_id: z.string().min(1),
+  /** Email of approver (e.g., "ciso@corp.com") */
+  approved_by: z.string().email(),
+  /** ISO 8601 timestamp of approval (e.g., "2025-01-15T10:30:00Z") */
+  approved_at: z.string().datetime(),
+  /** SHA-256 hash of canonical string: sha256:{64 hex chars} */
+  hash: z.string().regex(/^sha256:[a-f0-9]{64}$/).optional(),
+  /** Optional cryptographic signature: {ALGORITHM}:{BASE64_SIGNATURE} */
+  signature: z.string().regex(/^(RSA-SHA256|ECDSA-P256):[A-Za-z0-9+/=]+$/).optional()
+});
+var LineageSchema = z.object({
+  /** Parent agent's instance_id, null for root agents */
+  parent_instance_id: z.string().uuid().nullable(),
+  /** Depth in spawn tree: 0 for root, 1 for first child, etc. */
+  generation_depth: z.number().int().min(0),
+  /** Chain of ancestor instance_ids from root to parent */
+  ancestor_chain: z.array(z.string().uuid()),
+  /** When this agent was spawned */
+  spawned_at: z.string().datetime(),
+  /** Root agent's instance_id for tracing entire tree */
+  root_instance_id: z.string().uuid()
+});
+var CapabilitiesManifestSchema = z.object({
+  /** List of allowed tool/action identifiers (supports wildcards: *, prefix_*) */
+  allowed_tools: z.array(z.string()).default([]),
+  /** List of explicitly denied tools (takes precedence over allowed) */
+  denied_tools: z.array(z.string()).default([]),
+  /** Allowed domain patterns (regex) for external resources */
+  allowed_domains: z.array(z.string()).default([]),
+  /** Denied domain patterns (takes precedence over allowed) */
+  denied_domains: z.array(z.string()).default([]),
+  /** Maximum cost per session in USD */
+  max_cost_per_session: z.number().positive().nullable().optional(),
+  /** Maximum cost per day in USD */
+  max_cost_per_day: z.number().positive().nullable().optional(),
+  /** Maximum tokens per single API call */
+  max_tokens_per_call: z.number().int().positive().nullable().optional(),
+  /** Whether this agent can spawn child agents */
+  may_spawn_children: z.boolean().default(false),
+  /** Maximum depth of child agent spawning (0 = cannot spawn) */
+  max_child_depth: z.number().int().min(0).default(0),
+  /** Capability decay mode for children: decay, explicit, inherit */
+  capability_mode: z.enum(["decay", "explicit", "inherit"]).default("decay"),
+  /** Custom extension fields */
+  custom: z.record(z.unknown()).optional()
+});
+var OperatingModeSchema = z.enum(["NORMAL", "SANDBOX", "RESTRICTED"]);
+var RuntimeIdentitySchema = z.object({
+  /** Unique UUIDv4 for this runtime instance */
+  instance_id: z.string().uuid(),
+  /** Asset ID from the Asset Card (e.g., "aigrc-2024-a1b2c3d4") */
+  asset_id: z.string().regex(/^aigrc-\d{4}-[a-f0-9]{8}$/),
+  /** Human-readable name from Asset Card */
+  asset_name: z.string().min(1).max(100),
+  /** Semantic version from Asset Card */
+  asset_version: z.string().regex(/^\d+\.\d+\.\d+/),
+  /** SHA-256 hash of Golden Thread data */
+  golden_thread_hash: z.string().regex(/^sha256:[a-f0-9]{64}$/),
+  /** Full Golden Thread authorization data */
+  golden_thread: GoldenThreadSchema,
+  /** Risk level from classification */
+  risk_level: RiskLevelSchema,
+  /** Agent lineage for spawned agents */
+  lineage: LineageSchema,
+  /** Capabilities manifest defining permissions */
+  capabilities_manifest: CapabilitiesManifestSchema,
+  /** When this identity was created */
+  created_at: z.string().datetime(),
+  /** Whether Golden Thread hash has been verified */
+  verified: z.boolean().default(false),
+  /** Current operating mode */
+  mode: OperatingModeSchema.default("NORMAL")
+});
+var KillSwitchCommandTypeSchema = z.enum(["TERMINATE", "PAUSE", "RESUME"]);
+var KillSwitchCommandSchema = z.object({
+  /** Unique command ID for idempotency and replay prevention */
+  command_id: z.string().uuid(),
+  /** Type of command */
+  type: KillSwitchCommandTypeSchema,
+  /** Target instance_id (optional, for specific instance) */
+  instance_id: z.string().uuid().optional(),
+  /** Target asset_id (optional, for all instances of an asset) */
+  asset_id: z.string().regex(/^aigrc-\d{4}-[a-f0-9]{8}$/).optional(),
+  /** Target organization (optional, for org-wide kill) */
+  organization: z.string().optional(),
+  /** Cryptographic signature for verification */
+  signature: z.string(),
+  /** ISO 8601 timestamp for replay prevention */
+  timestamp: z.string().datetime(),
+  /** Human-readable reason for audit trail */
+  reason: z.string().max(500),
+  /** Issuer of the command (email or system ID) */
+  issued_by: z.string()
+});
+var GovernanceTokenIdentityClaimsSchema = z.object({
+  instance_id: z.string().uuid(),
+  asset_id: z.string(),
+  asset_name: z.string(),
+  asset_version: z.string()
+});
+var GovernanceTokenGovernanceClaimsSchema = z.object({
+  risk_level: RiskLevelSchema,
+  golden_thread: z.object({
+    hash: z.string().regex(/^sha256:[a-f0-9]{64}$/),
+    verified: z.boolean(),
+    ticket_id: z.string()
+  }),
+  mode: OperatingModeSchema
+});
+var GovernanceTokenControlClaimsSchema = z.object({
+  kill_switch: z.object({
+    enabled: z.boolean(),
+    channel: z.enum(["sse", "polling", "file"])
+  }),
+  paused: z.boolean(),
+  termination_pending: z.boolean()
+});
+var GovernanceTokenCapabilityClaimsSchema = z.object({
+  hash: z.string(),
+  tools: z.array(z.string()),
+  max_budget_usd: z.number().nullable(),
+  can_spawn: z.boolean(),
+  max_child_depth: z.number().int().min(0)
+});
+var GovernanceTokenLineageClaimsSchema = z.object({
+  generation_depth: z.number().int().min(0),
+  parent_instance_id: z.string().uuid().nullable(),
+  root_instance_id: z.string().uuid()
+});
+var GovernanceTokenPayloadSchema = z.object({
+  // Standard JWT claims
+  /** Issuer: "aigos-runtime" */
+  iss: z.literal("aigos-runtime"),
+  /** Subject: instance_id of the agent */
+  sub: z.string().uuid(),
+  /** Audience: "aigos-agents" or specific agent */
+  aud: z.union([z.string(), z.array(z.string())]),
+  /** Expiration timestamp (Unix epoch) */
+  exp: z.number().int().positive(),
+  /** Issued at timestamp (Unix epoch) */
+  iat: z.number().int().positive(),
+  /** Not before timestamp (Unix epoch) */
+  nbf: z.number().int().positive(),
+  /** Unique JWT ID */
+  jti: z.string().uuid(),
+  // AIGOS-specific claims
+  aigos: z.object({
+    identity: GovernanceTokenIdentityClaimsSchema,
+    governance: GovernanceTokenGovernanceClaimsSchema,
+    control: GovernanceTokenControlClaimsSchema,
+    capabilities: GovernanceTokenCapabilityClaimsSchema,
+    lineage: GovernanceTokenLineageClaimsSchema
+  })
+});
+var AssetCardRuntimeSchema = z.object({
+  /** Path to policy file for this asset */
+  policy_path: z.string().optional(),
+  /** Behavior when Golden Thread verification fails */
+  verification_failure_mode: z.enum(["SANDBOX", "FAIL"]).default("SANDBOX"),
+  /** Whether telemetry is enabled for this asset */
+  telemetry_enabled: z.boolean().default(true),
+  /** Kill switch configuration */
+  kill_switch: z.object({
+    enabled: z.boolean().default(true),
+    channel: z.enum(["sse", "polling", "file"]).default("sse"),
+    endpoint: z.string().url().optional()
+  }).optional()
+});
+var PolicyRuleEffectSchema = z.enum(["allow", "deny", "audit"]);
+var PolicyRuleSchema = z.object({
+  /** Unique identifier for this rule */
+  id: z.string().min(1),
+  /** Human-readable description */
+  description: z.string().optional(),
+  /** Effect when rule matches: allow, deny, or audit */
+  effect: PolicyRuleEffectSchema,
+  /** Actions/tools this rule applies to (supports wildcards) */
+  actions: z.array(z.string()).default(["*"]),
+  /** Resources/domains this rule applies to (supports patterns) */
+  resources: z.array(z.string()).default(["*"]),
+  /** Conditions that must be true for rule to apply */
+  conditions: z.object({
+    /** Required risk levels for this rule to apply */
+    risk_levels: z.array(RiskLevelSchema).optional(),
+    /** Required operating modes */
+    modes: z.array(OperatingModeSchema).optional(),
+    /** Time-based conditions (ISO 8601 time ranges) */
+    time_ranges: z.array(z.object({
+      start: z.string(),
+      end: z.string()
+    })).optional(),
+    /** Custom condition expressions */
+    custom: z.record(z.unknown()).optional()
+  }).optional(),
+  /** Priority for rule ordering (higher = evaluated first) */
+  priority: z.number().int().default(0)
+});
+var PolicyCapabilitiesSchema = z.object({
+  /** Default effect when no rule matches */
+  default_effect: PolicyRuleEffectSchema.default("deny"),
+  /** Allowed tools (supports wildcards: *, prefix_*) */
+  allowed_tools: z.array(z.string()).default([]),
+  /** Denied tools (takes precedence) */
+  denied_tools: z.array(z.string()).default([]),
+  /** Allowed domain patterns */
+  allowed_domains: z.array(z.string()).default([]),
+  /** Denied domain patterns */
+  denied_domains: z.array(z.string()).default([]),
+  /** Maximum budget per session in USD */
+  max_budget_per_session: z.number().positive().nullable().optional(),
+  /** Maximum budget per day in USD */
+  max_budget_per_day: z.number().positive().nullable().optional(),
+  /** Whether agent can spawn children */
+  may_spawn: z.boolean().default(false),
+  /** Maximum spawn depth */
+  max_spawn_depth: z.number().int().min(0).default(0)
+});
+var PolicyFileSchema = z.object({
+  /** Schema version for forward compatibility */
+  version: z.literal("1.0"),
+  /** Unique policy identifier */
+  id: z.string().min(1),
+  /** Human-readable name */
+  name: z.string().min(1).max(100),
+  /** Description of this policy */
+  description: z.string().max(500).optional(),
+  /** Parent policy to inherit from */
+  extends: z.string().optional(),
+  /** Target asset IDs or patterns this policy applies to */
+  applies_to: z.array(z.string()).default(["*"]),
+  /** Default capabilities when no rules match */
+  capabilities: PolicyCapabilitiesSchema.optional(),
+  /** Ordered list of policy rules */
+  rules: z.array(PolicyRuleSchema).default([]),
+  /** Metadata */
+  metadata: z.object({
+    created_at: z.string().datetime().optional(),
+    updated_at: z.string().datetime().optional(),
+    created_by: z.string().optional(),
+    tags: z.array(z.string()).optional()
+  }).optional()
+});
+var AigrcRuntimeConfigSchema = z.object({
+  /** Default policy file path */
+  default_policy: z.string().optional(),
+  /** Policy search paths */
+  policy_paths: z.array(z.string()).default([".aigrc/policies"]),
+  /** Asset card search paths */
+  asset_paths: z.array(z.string()).default([".aigrc/assets"]),
+  /** Default verification failure mode */
+  verification_failure_mode: z.enum(["SANDBOX", "FAIL"]).default("SANDBOX"),
+  /** Telemetry configuration */
+  telemetry: z.object({
+    enabled: z.boolean().default(true),
+    endpoint: z.string().url().optional(),
+    sample_rate: z.number().min(0).max(1).default(1)
+  }).optional(),
+  /** Kill switch configuration */
+  kill_switch: z.object({
+    enabled: z.boolean().default(true),
+    channel: z.enum(["sse", "polling", "file"]).default("sse"),
+    endpoint: z.string().url().optional(),
+    poll_interval_ms: z.number().int().positive().default(5e3)
+  }).optional()
+});
+var AigrcIntegrationsConfigSchema = z.object({
+  /** JIRA integration */
+  jira: z.object({
+    enabled: z.boolean().default(false),
+    url: z.string().url().optional(),
+    project_key: z.string().optional()
+  }).optional(),
+  /** Azure DevOps integration */
+  azure_devops: z.object({
+    enabled: z.boolean().default(false),
+    organization: z.string().optional(),
+    project: z.string().optional()
+  }).optional(),
+  /** GitHub integration */
+  github: z.object({
+    enabled: z.boolean().default(false),
+    owner: z.string().optional(),
+    repo: z.string().optional()
+  }).optional()
+});
+var AigrcConfigSchema = z.object({
+  /** Schema version */
+  version: z.literal("1.0"),
+  /** Project name */
+  name: z.string().min(1).max(100).optional(),
+  /** Project description */
+  description: z.string().max(500).optional(),
+  /** Runtime governance configuration */
+  runtime: AigrcRuntimeConfigSchema.optional(),
+  /** External integrations */
+  integrations: AigrcIntegrationsConfigSchema.optional(),
+  /** Environment-specific overrides */
+  environments: z.record(z.object({
+    runtime: AigrcRuntimeConfigSchema.partial().optional(),
+    integrations: AigrcIntegrationsConfigSchema.partial().optional()
+  })).optional()
+});
 var AssetCardSchema = z.object({
   $schema: z.string().optional(),
   id: z.string().regex(/^aigrc-\d{4}-[a-f0-9]{8}$/),
@@ -1088,7 +1399,11 @@ var AssetCardSchema = z.object({
   classification: ClassificationSchema,
   intent: IntentSchema,
   governance: GovernanceSchema,
-  constraints: ConstraintsSchema.optional()
+  constraints: ConstraintsSchema.optional(),
+  /** Golden Thread authorization data (SPEC-PRT-001) */
+  golden_thread: GoldenThreadSchema.optional(),
+  /** Runtime governance configuration (SPEC-RT) */
+  runtime: AssetCardRuntimeSchema.optional()
 });
 
 // src/classification.ts
@@ -1159,6 +1474,73 @@ function validateRiskFactors(factors) {
   return true;
 }
 
+// src/risk-utils.ts
+var RISK_ORDINALS = {
+  minimal: 0,
+  limited: 1,
+  high: 2,
+  unacceptable: 3
+};
+var EU_AI_ACT_MAP = {
+  minimal: "minimal_risk",
+  limited: "limited_risk",
+  high: "high_risk",
+  unacceptable: "prohibited"
+};
+function compareRiskLevels(a, b) {
+  const ordA = RISK_ORDINALS[a];
+  const ordB = RISK_ORDINALS[b];
+  if (ordA < ordB) return -1;
+  if (ordA > ordB) return 1;
+  return 0;
+}
+function isRiskLevelAtLeast(level, threshold) {
+  return RISK_ORDINALS[level] >= RISK_ORDINALS[threshold];
+}
+function isRiskLevelAtMost(level, threshold) {
+  return RISK_ORDINALS[level] <= RISK_ORDINALS[threshold];
+}
+function getRiskLevelOrdinal(level) {
+  return RISK_ORDINALS[level];
+}
+function getMaxRiskLevel(levels) {
+  if (levels.length === 0) {
+    return "minimal";
+  }
+  return levels.reduce(
+    (max, current) => RISK_ORDINALS[current] > RISK_ORDINALS[max] ? current : max
+  );
+}
+function getMinRiskLevel(levels) {
+  if (levels.length === 0) {
+    return "minimal";
+  }
+  return levels.reduce(
+    (min, current) => RISK_ORDINALS[current] < RISK_ORDINALS[min] ? current : min
+  );
+}
+function mapToEuAiActCategory(level) {
+  return EU_AI_ACT_MAP[level];
+}
+function getRiskLevelsAtLeast(threshold) {
+  const thresholdOrd = RISK_ORDINALS[threshold];
+  return Object.entries(RISK_ORDINALS).filter(([, ord]) => ord >= thresholdOrd).map(([level]) => level);
+}
+function getRiskLevelsAtMost(threshold) {
+  const thresholdOrd = RISK_ORDINALS[threshold];
+  return Object.entries(RISK_ORDINALS).filter(([, ord]) => ord <= thresholdOrd).map(([level]) => level);
+}
+function parseRiskLevel(value) {
+  const normalized = value.toLowerCase();
+  if (normalized in RISK_ORDINALS) {
+    return normalized;
+  }
+  return void 0;
+}
+function isValidRiskLevel(value) {
+  return typeof value === "string" && value in RISK_ORDINALS;
+}
+
 // src/asset-card.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
 import { dirname } from "path";
@@ -1308,6 +1690,115 @@ function validateAssetCard(card) {
 }
 
 // src/golden-thread.ts
+function computeCanonicalString(components) {
+  const normalizedTimestamp = normalizeTimestamp(components.approved_at);
+  const pairs = [
+    `approved_at=${normalizedTimestamp}`,
+    `approved_by=${components.approved_by}`,
+    `ticket_id=${components.ticket_id}`
+  ];
+  return pairs.join("|");
+}
+function normalizeTimestamp(timestamp) {
+  const date = new Date(timestamp);
+  if (isNaN(date.getTime())) {
+    throw new Error(`Invalid timestamp: ${timestamp}`);
+  }
+  return date.toISOString().replace(/\.\d{3}Z$/, "Z");
+}
+async function computeGoldenThreadHash(components) {
+  const canonicalString = computeCanonicalString(components);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(canonicalString);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const hashHex = hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+  return {
+    canonical_string: canonicalString,
+    hash: `sha256:${hashHex}`
+  };
+}
+function computeGoldenThreadHashSync(components) {
+  const canonicalString = computeCanonicalString(components);
+  const crypto2 = __require("crypto");
+  const hash = crypto2.createHash("sha256").update(canonicalString).digest("hex");
+  return {
+    canonical_string: canonicalString,
+    hash: `sha256:${hash}`
+  };
+}
+async function verifyGoldenThreadHash(components, expectedHash) {
+  const { hash: computedHash } = await computeGoldenThreadHash(components);
+  const verified = constantTimeEqual(computedHash, expectedHash);
+  return {
+    verified,
+    computed: computedHash,
+    expected: expectedHash,
+    mismatch_reason: verified ? void 0 : "Hash mismatch"
+  };
+}
+function verifyGoldenThreadHashSync(components, expectedHash) {
+  const { hash: computedHash } = computeGoldenThreadHashSync(components);
+  const verified = constantTimeEqual(computedHash, expectedHash);
+  return {
+    verified,
+    computed: computedHash,
+    expected: expectedHash,
+    mismatch_reason: verified ? void 0 : "Hash mismatch"
+  };
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return result === 0;
+}
+function extractGoldenThreadComponents(asset) {
+  if (asset.golden_thread) {
+    return {
+      ticket_id: asset.golden_thread.ticket_id,
+      approved_by: asset.golden_thread.approved_by,
+      approved_at: asset.golden_thread.approved_at
+    };
+  }
+  if (!asset.intent.ticketId) {
+    return null;
+  }
+  const approvals = asset.governance.approvals;
+  if (approvals.length === 0) {
+    return null;
+  }
+  const latestApproval = approvals.reduce(
+    (latest, current) => new Date(current.date) > new Date(latest.date) ? current : latest
+  );
+  return {
+    ticket_id: asset.intent.ticketId,
+    approved_by: latestApproval.email || latestApproval.name,
+    approved_at: latestApproval.date
+  };
+}
+async function createGoldenThread(components) {
+  const { hash } = await computeGoldenThreadHash(components);
+  return {
+    ticket_id: components.ticket_id,
+    approved_by: components.approved_by,
+    approved_at: components.approved_at,
+    hash
+  };
+}
+function createGoldenThreadSync(components) {
+  const { hash } = computeGoldenThreadHashSync(components);
+  return {
+    ticket_id: components.ticket_id,
+    approved_by: components.approved_by,
+    approved_at: components.approved_at,
+    hash
+  };
+}
 function linkAssetToTicket(asset, ticket) {
   const warnings = [];
   const intent = {
@@ -1356,6 +1847,144 @@ function validateGoldenThread(asset) {
     issues
   };
 }
+function parseSignature(signature) {
+  const match = signature.match(/^(RSA-SHA256|ECDSA-P256):([A-Za-z0-9+/=]+)$/);
+  if (!match) {
+    return null;
+  }
+  const algorithm = match[1];
+  const base64Data = match[2];
+  try {
+    const binaryString = atob(base64Data);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return { algorithm, data: bytes };
+  } catch {
+    return null;
+  }
+}
+async function verifyGoldenThreadSignature(components, signature, publicKey) {
+  const parsed = parseSignature(signature);
+  if (!parsed) {
+    return {
+      verified: false,
+      algorithm: null,
+      error: "Invalid signature format. Expected {ALGORITHM}:{BASE64_SIGNATURE}"
+    };
+  }
+  if (parsed.algorithm !== publicKey.algorithm) {
+    return {
+      verified: false,
+      algorithm: parsed.algorithm,
+      error: `Algorithm mismatch: signature uses ${parsed.algorithm}, key is ${publicKey.algorithm}`
+    };
+  }
+  const canonicalString = computeCanonicalString(components);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(canonicalString);
+  try {
+    const cryptoKey = await importPublicKey(publicKey);
+    const algorithmParams = getVerifyAlgorithm(parsed.algorithm);
+    const verified = await crypto.subtle.verify(
+      algorithmParams,
+      cryptoKey,
+      parsed.data,
+      data
+    );
+    return {
+      verified,
+      algorithm: parsed.algorithm,
+      signedData: canonicalString,
+      error: verified ? void 0 : "Signature verification failed"
+    };
+  } catch (error) {
+    return {
+      verified: false,
+      algorithm: parsed.algorithm,
+      error: `Verification error: ${error instanceof Error ? error.message : String(error)}`
+    };
+  }
+}
+function verifyGoldenThreadSignatureSync(components, signature, publicKeyPem) {
+  const parsed = parseSignature(signature);
+  if (!parsed) {
+    return {
+      verified: false,
+      algorithm: null,
+      error: "Invalid signature format"
+    };
+  }
+  const canonicalString = computeCanonicalString(components);
+  try {
+    const crypto2 = __require("crypto");
+    const verifier = crypto2.createVerify(
+      parsed.algorithm === "RSA-SHA256" ? "RSA-SHA256" : "SHA256"
+    );
+    verifier.update(canonicalString);
+    verifier.end();
+    const verified = verifier.verify(publicKeyPem, Buffer.from(parsed.data));
+    return {
+      verified,
+      algorithm: parsed.algorithm,
+      signedData: canonicalString,
+      error: verified ? void 0 : "Signature verification failed"
+    };
+  } catch (error) {
+    return {
+      verified: false,
+      algorithm: parsed.algorithm,
+      error: `Verification error: ${error instanceof Error ? error.message : String(error)}`
+    };
+  }
+}
+async function signGoldenThread(components, privateKey, algorithm) {
+  const canonicalString = computeCanonicalString(components);
+  const encoder = new TextEncoder();
+  const data = encoder.encode(canonicalString);
+  const signatureBuffer = await crypto.subtle.sign(
+    getSignAlgorithm(algorithm),
+    privateKey,
+    data
+  );
+  const signatureArray = new Uint8Array(signatureBuffer);
+  const base64 = btoa(String.fromCharCode(...signatureArray));
+  return `${algorithm}:${base64}`;
+}
+async function importPublicKey(publicKey) {
+  const pemHeader = "-----BEGIN PUBLIC KEY-----";
+  const pemFooter = "-----END PUBLIC KEY-----";
+  let keyData;
+  if (publicKey.key.includes(pemHeader)) {
+    const pemContents = publicKey.key.replace(pemHeader, "").replace(pemFooter, "").replace(/\s/g, "");
+    const binaryString = atob(pemContents);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    keyData = bytes.buffer;
+  } else {
+    const binaryString = atob(publicKey.key);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    keyData = bytes.buffer;
+  }
+  const algorithm = publicKey.algorithm === "RSA-SHA256" ? { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" } : { name: "ECDSA", namedCurve: "P-256" };
+  return crypto.subtle.importKey("spki", keyData, algorithm, true, ["verify"]);
+}
+function getVerifyAlgorithm(algorithm) {
+  if (algorithm === "RSA-SHA256") {
+    return { name: "RSASSA-PKCS1-v1_5" };
+  } else {
+    return { name: "ECDSA", hash: "SHA-256" };
+  }
+}
+function getSignAlgorithm(algorithm) {
+  return getVerifyAlgorithm(algorithm);
+}
 
 // src/detection/types.ts
 import { z as z2 } from "zod";
@@ -2194,6 +2823,1385 @@ init_javascript();
 init_model_files();
 init_risk_indicators();
 
+// src/config.ts
+import * as fs from "fs";
+import * as path from "path";
+import * as yaml from "yaml";
+var CONFIG_FILE_NAMES = [
+  ".aigrc.yaml",
+  ".aigrc.yml",
+  "aigrc.yaml",
+  "aigrc.yml"
+];
+var CONFIG_ENV_VAR = "AIGRC_CONFIG_PATH";
+function discoverConfig(options = {}) {
+  const { startDir = process.cwd(), maxDepth = 10 } = options;
+  if (options.configPath) {
+    const result = loadConfigFromPath(options.configPath);
+    if (result) {
+      return { ...result, fromEnv: false };
+    }
+  }
+  const envPath = process.env[CONFIG_ENV_VAR];
+  if (envPath) {
+    const result = loadConfigFromPath(envPath);
+    if (result) {
+      return { ...result, fromEnv: true };
+    }
+  }
+  let currentDir = path.resolve(startDir);
+  let depth = 0;
+  while (depth < maxDepth) {
+    for (const fileName of CONFIG_FILE_NAMES) {
+      const filePath = path.join(currentDir, fileName);
+      if (fs.existsSync(filePath)) {
+        const config = loadConfigFile(filePath);
+        if (config) {
+          return {
+            config,
+            configPath: filePath,
+            configDir: currentDir,
+            fromEnv: false
+          };
+        }
+      }
+    }
+    const parentDir = path.dirname(currentDir);
+    if (parentDir === currentDir) {
+      break;
+    }
+    currentDir = parentDir;
+    depth++;
+  }
+  return null;
+}
+function loadConfigFromPath(configPath) {
+  const resolvedPath = path.resolve(configPath);
+  if (!fs.existsSync(resolvedPath)) {
+    return null;
+  }
+  const config = loadConfigFile(resolvedPath);
+  if (!config) {
+    return null;
+  }
+  return {
+    config,
+    configPath: resolvedPath,
+    configDir: path.dirname(resolvedPath)
+  };
+}
+function loadConfigFile(filePath) {
+  try {
+    const content = fs.readFileSync(filePath, "utf-8");
+    const parsed = yaml.parse(content);
+    return AigrcConfigSchema.parse(parsed);
+  } catch {
+    return null;
+  }
+}
+function discoverConfigSync(options = {}) {
+  return discoverConfig(options);
+}
+function discoverPolicies(options = {}) {
+  const {
+    config,
+    baseDir = process.cwd(),
+    additionalPaths = []
+  } = options;
+  const policies = /* @__PURE__ */ new Map();
+  const loadedPaths = [];
+  const errors = [];
+  const searchPaths = [
+    ...config?.runtime?.policy_paths ?? [".aigrc/policies"],
+    ...additionalPaths
+  ];
+  for (const searchPath of searchPaths) {
+    const absolutePath = path.isAbsolute(searchPath) ? searchPath : path.join(baseDir, searchPath);
+    if (!fs.existsSync(absolutePath)) {
+      continue;
+    }
+    const stat = fs.statSync(absolutePath);
+    if (stat.isDirectory()) {
+      const files = fs.readdirSync(absolutePath);
+      for (const file of files) {
+        if (file.endsWith(".yaml") || file.endsWith(".yml")) {
+          const filePath = path.join(absolutePath, file);
+          const result = loadPolicyFile(filePath);
+          if (result.policy) {
+            policies.set(result.policy.id, result.policy);
+            loadedPaths.push(filePath);
+          } else if (result.error) {
+            errors.push({ path: filePath, error: result.error });
+          }
+        }
+      }
+    } else if (stat.isFile()) {
+      const result = loadPolicyFile(absolutePath);
+      if (result.policy) {
+        policies.set(result.policy.id, result.policy);
+        loadedPaths.push(absolutePath);
+      } else if (result.error) {
+        errors.push({ path: absolutePath, error: result.error });
+      }
+    }
+  }
+  return { policies, loadedPaths, errors };
+}
+function loadPolicyFile(filePath) {
+  try {
+    const content = fs.readFileSync(filePath, "utf-8");
+    const parsed = yaml.parse(content);
+    const policy = PolicyFileSchema.parse(parsed);
+    return { policy, error: null };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { policy: null, error: message };
+  }
+}
+function loadPolicy(policyId, options = {}) {
+  const { policies } = discoverPolicies(options);
+  return policies.get(policyId) ?? null;
+}
+function discoverAssets(options = {}) {
+  const {
+    config,
+    baseDir = process.cwd(),
+    additionalPaths = []
+  } = options;
+  const assets = /* @__PURE__ */ new Map();
+  const loadedPaths = [];
+  const errors = [];
+  const searchPaths = [
+    ...config?.runtime?.asset_paths ?? [".aigrc/assets"],
+    ...additionalPaths
+  ];
+  for (const searchPath of searchPaths) {
+    const absolutePath = path.isAbsolute(searchPath) ? searchPath : path.join(baseDir, searchPath);
+    if (!fs.existsSync(absolutePath)) {
+      continue;
+    }
+    const stat = fs.statSync(absolutePath);
+    if (stat.isDirectory()) {
+      const files = fs.readdirSync(absolutePath);
+      for (const file of files) {
+        if (file.endsWith(".yaml") || file.endsWith(".yml")) {
+          const filePath = path.join(absolutePath, file);
+          const result = loadAssetFile(filePath);
+          if (result.asset) {
+            assets.set(result.asset.id, result.asset);
+            loadedPaths.push(filePath);
+          } else if (result.error) {
+            errors.push({ path: filePath, error: result.error });
+          }
+        }
+      }
+    } else if (stat.isFile()) {
+      const result = loadAssetFile(absolutePath);
+      if (result.asset) {
+        assets.set(result.asset.id, result.asset);
+        loadedPaths.push(absolutePath);
+      } else if (result.error) {
+        errors.push({ path: absolutePath, error: result.error });
+      }
+    }
+  }
+  return { assets, loadedPaths, errors };
+}
+function loadAssetFile(filePath) {
+  try {
+    const content = fs.readFileSync(filePath, "utf-8");
+    const parsed = yaml.parse(content);
+    const asset = AssetCardSchema.parse(parsed);
+    return { asset, error: null };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { asset: null, error: message };
+  }
+}
+function loadAsset(assetId, options = {}) {
+  const { assets } = discoverAssets(options);
+  return assets.get(assetId) ?? null;
+}
+function loadAssetFromPath(filePath) {
+  const result = loadAssetFile(filePath);
+  return result.asset;
+}
+function getEnvironmentConfig(config, environment) {
+  const envOverrides = config.environments?.[environment];
+  if (!envOverrides) {
+    return config;
+  }
+  const result = { ...config };
+  if (config.runtime || envOverrides.runtime) {
+    result.runtime = {
+      ...config.runtime,
+      ...filterUndefined(envOverrides.runtime ?? {})
+    };
+  }
+  if (config.integrations || envOverrides.integrations) {
+    result.integrations = {
+      ...config.integrations,
+      ...filterUndefined(envOverrides.integrations ?? {})
+    };
+  }
+  return result;
+}
+function filterUndefined(obj) {
+  const result = {};
+  for (const key of Object.keys(obj)) {
+    if (obj[key] !== void 0) {
+      result[key] = obj[key];
+    }
+  }
+  return result;
+}
+function getCurrentEnvironment() {
+  return process.env.AIGRC_ENV ?? process.env.NODE_ENV ?? "development";
+}
+function createDefaultConfig() {
+  return AigrcConfigSchema.parse({
+    version: "1.0",
+    runtime: {},
+    integrations: {}
+  });
+}
+
+// src/policy.ts
+var MAX_INHERITANCE_DEPTH = 10;
+var PolicyResolutionError = class extends Error {
+  constructor(message, policyId, cause) {
+    super(message);
+    this.policyId = policyId;
+    this.cause = cause;
+    this.name = "PolicyResolutionError";
+  }
+};
+function createPolicyRepository(policies) {
+  return {
+    get: (id) => policies.get(id),
+    has: (id) => policies.has(id)
+  };
+}
+function resolvePolicy(policyId, repository) {
+  const chain = [];
+  const seenIds = /* @__PURE__ */ new Set();
+  let currentId = policyId;
+  while (currentId) {
+    if (seenIds.has(currentId)) {
+      throw new PolicyResolutionError(
+        `Circular inheritance detected: ${currentId}`,
+        policyId
+      );
+    }
+    if (chain.length >= MAX_INHERITANCE_DEPTH) {
+      throw new PolicyResolutionError(
+        `Maximum inheritance depth (${MAX_INHERITANCE_DEPTH}) exceeded`,
+        policyId
+      );
+    }
+    const policy = repository.get(currentId);
+    if (!policy) {
+      throw new PolicyResolutionError(
+        `Policy not found: ${currentId}`,
+        policyId
+      );
+    }
+    seenIds.add(currentId);
+    chain.push(policy);
+    currentId = policy.extends;
+  }
+  chain.reverse();
+  const mergedPolicy = chain.reduce(
+    (accumulated, current) => mergePolicies(accumulated, current),
+    createEmptyPolicy(chain[0]?.id ?? policyId)
+  );
+  mergedPolicy.id = policyId;
+  return {
+    policy: mergedPolicy,
+    inheritanceChain: chain.map((p) => p.id),
+    depth: chain.length
+  };
+}
+function createEmptyPolicy(id) {
+  return {
+    version: "1.0",
+    id,
+    name: "",
+    applies_to: [],
+    rules: []
+  };
+}
+function mergePolicies(parent, child) {
+  return {
+    version: child.version,
+    id: child.id,
+    name: child.name || parent.name,
+    description: child.description ?? parent.description,
+    extends: child.extends,
+    // Keep child's extends for reference
+    applies_to: child.applies_to.length > 0 && child.applies_to[0] !== "*" ? child.applies_to : parent.applies_to,
+    capabilities: mergeCapabilities(parent.capabilities, child.capabilities),
+    rules: mergeRules(parent.rules, child.rules),
+    metadata: {
+      ...parent.metadata,
+      ...child.metadata,
+      // Merge tags
+      tags: mergeArrays(parent.metadata?.tags, child.metadata?.tags)
+    }
+  };
+}
+function mergeCapabilities(parent, child) {
+  if (!parent && !child) {
+    return void 0;
+  }
+  if (!parent) {
+    return child;
+  }
+  if (!child) {
+    return parent;
+  }
+  return {
+    default_effect: child.default_effect ?? parent.default_effect,
+    allowed_tools: mergeArrays(parent.allowed_tools, child.allowed_tools),
+    denied_tools: mergeArrays(parent.denied_tools, child.denied_tools),
+    allowed_domains: mergeArrays(parent.allowed_domains, child.allowed_domains),
+    denied_domains: mergeArrays(parent.denied_domains, child.denied_domains),
+    max_budget_per_session: child.max_budget_per_session ?? parent.max_budget_per_session,
+    max_budget_per_day: child.max_budget_per_day ?? parent.max_budget_per_day,
+    may_spawn: child.may_spawn ?? parent.may_spawn,
+    max_spawn_depth: child.max_spawn_depth ?? parent.max_spawn_depth
+  };
+}
+function mergeRules(parentRules, childRules) {
+  const allRules = [...parentRules, ...childRules];
+  return allRules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+}
+function mergeArrays(parent, child) {
+  const combined = [...parent ?? [], ...child ?? []];
+  return [...new Set(combined)];
+}
+function evaluatePolicy(policy, action, resource, context) {
+  for (const rule of policy.rules) {
+    if (ruleMatches(rule, action, resource, context)) {
+      return {
+        allowed: rule.effect === "allow",
+        effect: rule.effect,
+        matchedRule: rule,
+        matched: true,
+        reason: `Rule "${rule.id}" matched: ${rule.description ?? rule.effect}`
+      };
+    }
+  }
+  const defaultEffect = policy.capabilities?.default_effect ?? "deny";
+  return {
+    allowed: defaultEffect === "allow",
+    effect: defaultEffect,
+    matchedRule: void 0,
+    matched: false,
+    reason: `No rule matched, using default effect: ${defaultEffect}`
+  };
+}
+function ruleMatches(rule, action, resource, context) {
+  if (!matchesPattern(action, rule.actions)) {
+    return false;
+  }
+  if (!matchesPattern(resource, rule.resources)) {
+    return false;
+  }
+  if (rule.conditions) {
+    if (!evaluateConditions(rule.conditions, context)) {
+      return false;
+    }
+  }
+  return true;
+}
+function matchesPattern(value, patterns) {
+  for (const pattern of patterns) {
+    if (pattern === "*") {
+      return true;
+    }
+    if (pattern.endsWith("*")) {
+      const prefix = pattern.slice(0, -1);
+      if (value.startsWith(prefix)) {
+        return true;
+      }
+    } else if (pattern.startsWith("*")) {
+      const suffix = pattern.slice(1);
+      if (value.endsWith(suffix)) {
+        return true;
+      }
+    } else if (pattern === value) {
+      return true;
+    }
+  }
+  return false;
+}
+function evaluateConditions(conditions, context) {
+  if (conditions.risk_levels && conditions.risk_levels.length > 0) {
+    if (!conditions.risk_levels.includes(context.riskLevel)) {
+      return false;
+    }
+  }
+  if (conditions.modes && conditions.modes.length > 0) {
+    if (!conditions.modes.includes(context.mode)) {
+      return false;
+    }
+  }
+  if (conditions.time_ranges && conditions.time_ranges.length > 0 && context.timestamp) {
+    const currentTime = new Date(context.timestamp);
+    const timeStr = currentTime.toTimeString().slice(0, 5);
+    const inRange = conditions.time_ranges.some((range) => {
+      return timeStr >= range.start && timeStr <= range.end;
+    });
+    if (!inRange) {
+      return false;
+    }
+  }
+  return true;
+}
+function isToolAllowed(tool, capabilities) {
+  if (!capabilities) {
+    return false;
+  }
+  if (capabilities.denied_tools.length > 0 && matchesPattern(tool, capabilities.denied_tools)) {
+    return false;
+  }
+  if (capabilities.allowed_tools.length > 0 && matchesPattern(tool, capabilities.allowed_tools)) {
+    return true;
+  }
+  return capabilities.default_effect === "allow";
+}
+function isDomainAllowed(domain, capabilities) {
+  if (!capabilities) {
+    return false;
+  }
+  if (capabilities.denied_domains.length > 0 && matchesDomainPattern(domain, capabilities.denied_domains)) {
+    return false;
+  }
+  if (capabilities.allowed_domains.length > 0 && matchesDomainPattern(domain, capabilities.allowed_domains)) {
+    return true;
+  }
+  return capabilities.default_effect === "allow";
+}
+function matchesDomainPattern(domain, patterns) {
+  for (const pattern of patterns) {
+    if (pattern === "*") {
+      return true;
+    }
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(1);
+      if (domain === pattern.slice(2) || domain.endsWith(suffix)) {
+        return true;
+      }
+    } else if (pattern === domain) {
+      return true;
+    }
+  }
+  return false;
+}
+function selectPolicy(criteria, repository, defaultPolicyId) {
+  const candidatePolicies = [];
+  const scoredPolicies = [];
+  const policies = getAllPoliciesFromRepository(repository);
+  for (const [policyId, policy] of policies) {
+    candidatePolicies.push(policyId);
+    const appliesToResult = checkAppliesTo(policy.applies_to, criteria.assetId);
+    if (!appliesToResult.applies) {
+      continue;
+    }
+    const score = scorePolicy(policy, criteria, appliesToResult.isExplicit);
+    const reason = determineSelectionReason(appliesToResult, score);
+    scoredPolicies.push({ policyId, policy, score, reason });
+  }
+  scoredPolicies.sort((a, b) => b.score.total - a.score.total);
+  if (scoredPolicies.length > 0) {
+    const best = scoredPolicies[0];
+    return {
+      policy: best.policy,
+      policyId: best.policyId,
+      selectionReason: best.reason,
+      candidatePolicies,
+      score: best.score
+    };
+  }
+  if (defaultPolicyId && repository.has(defaultPolicyId)) {
+    const defaultPolicy = repository.get(defaultPolicyId);
+    if (defaultPolicy) {
+      return {
+        policy: defaultPolicy,
+        policyId: defaultPolicyId,
+        selectionReason: "default_policy",
+        candidatePolicies
+      };
+    }
+  }
+  return {
+    policy: null,
+    policyId: null,
+    selectionReason: "no_policy_found",
+    candidatePolicies
+  };
+}
+function getAllPoliciesFromRepository(repository) {
+  if (repository instanceof Map) {
+    return repository;
+  }
+  const result = /* @__PURE__ */ new Map();
+  const anyRepo = repository;
+  if (anyRepo.policies instanceof Map) {
+    return anyRepo.policies;
+  }
+  return result;
+}
+function checkAppliesTo(appliesTo, assetId) {
+  for (const pattern of appliesTo) {
+    if (pattern === "*") {
+      return { applies: true, isExplicit: false };
+    }
+    if (pattern === assetId) {
+      return { applies: true, isExplicit: true };
+    }
+    if (pattern.endsWith("*") && assetId.startsWith(pattern.slice(0, -1))) {
+      return { applies: true, isExplicit: false };
+    }
+  }
+  return { applies: false, isExplicit: false };
+}
+function scorePolicy(policy, criteria, isExplicitMatch) {
+  let total = 0;
+  let explicitMatch = 0;
+  let riskLevelMatch = 0;
+  let tagMatches = 0;
+  if (isExplicitMatch) {
+    explicitMatch = 100;
+    total += 100;
+  }
+  const hasRiskLevelRule = policy.rules.some(
+    (rule) => rule.conditions?.risk_levels?.includes(criteria.riskLevel)
+  );
+  if (hasRiskLevelRule) {
+    riskLevelMatch = 50;
+    total += 50;
+  }
+  const policyTags = policy.metadata?.tags ?? [];
+  const criteriaTags = criteria.tags ?? [];
+  for (const tag of criteriaTags) {
+    if (policyTags.includes(tag)) {
+      tagMatches++;
+      total += 10;
+    }
+  }
+  const maxPriority = Math.max(...policy.rules.map((r) => r.priority ?? 0), 0);
+  total += maxPriority;
+  return {
+    total,
+    explicitMatch,
+    riskLevelMatch,
+    tagMatches,
+    priority: maxPriority
+  };
+}
+function determineSelectionReason(appliesToResult, score) {
+  if (appliesToResult.isExplicit) {
+    return "explicit_match";
+  }
+  if (score.riskLevelMatch > 0) {
+    return "risk_level_match";
+  }
+  if (score.tagMatches > 0) {
+    return "tag_match";
+  }
+  return "wildcard_match";
+}
+function createPolicySelector(repository, defaultPolicyId, cacheSize = 100) {
+  const cache = /* @__PURE__ */ new Map();
+  let hits = 0;
+  let misses = 0;
+  function getCacheKey(criteria) {
+    return `${criteria.assetId}|${criteria.riskLevel}|${criteria.mode}|${(criteria.tags ?? []).sort().join(",")}|${criteria.environment ?? ""}`;
+  }
+  function select(criteria) {
+    const key = getCacheKey(criteria);
+    if (cache.has(key)) {
+      hits++;
+      return cache.get(key);
+    }
+    misses++;
+    const result = selectPolicy(criteria, repository, defaultPolicyId);
+    if (cache.size >= cacheSize) {
+      const firstKey = cache.keys().next().value;
+      if (firstKey) {
+        cache.delete(firstKey);
+      }
+    }
+    cache.set(key, result);
+    return result;
+  }
+  return {
+    select,
+    clearCache: () => cache.clear(),
+    getCacheStats: () => ({ hits, misses, size: cache.size })
+  };
+}
+
+// src/air/index.ts
+import { z as z3 } from "zod";
+var AIRVendorSchema = z3.object({
+  /** Vendor identifier (e.g., "openai", "anthropic", "google") */
+  id: z3.string().min(1),
+  /** Human-readable vendor name */
+  name: z3.string().optional(),
+  /** Status of this vendor */
+  status: z3.enum(["approved", "pending", "blocked"]).default("pending"),
+  /** Optional approval ticket ID (Golden Thread) */
+  approval_ticket: z3.string().optional(),
+  /** When approval was granted */
+  approved_at: z3.string().datetime().optional(),
+  /** Who approved this vendor */
+  approved_by: z3.string().email().optional(),
+  /** Expiration date for approval */
+  expires_at: z3.string().datetime().optional(),
+  /** Vendor-specific notes */
+  notes: z3.string().optional()
+});
+var AIRModelSchema = z3.object({
+  /** Model identifier (e.g., "gpt-4", "claude-3-opus") */
+  id: z3.string().min(1),
+  /** Vendor that provides this model */
+  vendor_id: z3.string().min(1),
+  /** Human-readable model name */
+  name: z3.string().optional(),
+  /** Model version pattern (supports wildcards like "gpt-4*") */
+  version_pattern: z3.string().optional(),
+  /** Status of this model */
+  status: z3.enum(["approved", "pending", "blocked"]).default("pending"),
+  /** Maximum allowed parameters (for on-premise deployment considerations) */
+  max_parameters: z3.number().positive().optional(),
+  /** Risk level assigned to this model */
+  risk_level: z3.enum(["minimal", "limited", "high", "unacceptable"]).optional(),
+  /** Optional approval ticket ID */
+  approval_ticket: z3.string().optional(),
+  /** When approval was granted */
+  approved_at: z3.string().datetime().optional(),
+  /** Expiration date for approval */
+  expires_at: z3.string().datetime().optional(),
+  /** Model-specific notes */
+  notes: z3.string().optional()
+});
+var AIRRegionSchema = z3.object({
+  /** Region code (e.g., "us-east-1", "eu-west-1", "EU", "US") */
+  code: z3.string().min(1),
+  /** Human-readable region name */
+  name: z3.string().optional(),
+  /** Status of this region */
+  status: z3.enum(["allowed", "restricted", "blocked"]).default("allowed"),
+  /** Jurisdictions this region falls under (e.g., ["GDPR", "EU-AI-ACT"]) */
+  jurisdictions: z3.array(z3.string()).default([]),
+  /** Data residency requirements */
+  data_residency: z3.enum(["required", "preferred", "none"]).default("none"),
+  /** Notes about this region */
+  notes: z3.string().optional()
+});
+var AIRRegistryConstraintsSchema = z3.object({
+  /** List of approved vendors */
+  allowed_vendors: z3.array(AIRVendorSchema).default([]),
+  /** List of blocked vendors */
+  blocked_vendors: z3.array(z3.string()).default([]),
+  /** List of approved regions */
+  allowed_regions: z3.array(AIRRegionSchema).default([]),
+  /** List of blocked regions */
+  blocked_regions: z3.array(z3.string()).default([]),
+  /** List of approved models */
+  allowed_models: z3.array(AIRModelSchema).default([]),
+  /** List of blocked models (patterns supported) */
+  blocked_models: z3.array(z3.string()).default([]),
+  /** Maximum model parameters allowed */
+  max_model_parameters: z3.number().positive().optional(),
+  /** Require vendor approval before use */
+  require_vendor_approval: z3.boolean().default(true),
+  /** Require model approval before use */
+  require_model_approval: z3.boolean().default(true),
+  /** Default behavior for unknown vendors: "block" or "request_approval" */
+  unknown_vendor_behavior: z3.enum(["block", "request_approval"]).default("request_approval"),
+  /** Default behavior for unknown models */
+  unknown_model_behavior: z3.enum(["block", "request_approval"]).default("request_approval")
+});
+var AIRPIIFilterConfigSchema = z3.object({
+  /** Whether PII filtering is enabled */
+  enabled: z3.boolean().default(false),
+  /** PII types to filter (e.g., ["email", "phone", "ssn", "credit_card"]) */
+  filter_types: z3.array(z3.string()).default([]),
+  /** Action when PII is detected: "redact", "block", "warn", "audit" */
+  action: z3.enum(["redact", "block", "warn", "audit"]).default("warn"),
+  /** Custom patterns to detect (regex) */
+  custom_patterns: z3.array(z3.object({
+    name: z3.string(),
+    pattern: z3.string(),
+    action: z3.enum(["redact", "block", "warn", "audit"]).optional()
+  })).default([])
+});
+var AIRToxicityFilterConfigSchema = z3.object({
+  /** Whether toxicity filtering is enabled */
+  enabled: z3.boolean().default(false),
+  /** Toxicity threshold (0-1) */
+  threshold: z3.number().min(0).max(1).default(0.7),
+  /** Categories to filter (e.g., ["hate", "violence", "sexual"]) */
+  categories: z3.array(z3.string()).default([]),
+  /** Action when toxicity is detected */
+  action: z3.enum(["block", "warn", "audit"]).default("warn")
+});
+var AIRRuntimeConstraintsSchema = z3.object({
+  /** PII filtering configuration */
+  pii_filter: AIRPIIFilterConfigSchema.optional(),
+  /** Toxicity filtering configuration */
+  toxicity_filter: AIRToxicityFilterConfigSchema.optional(),
+  /** Data retention period in days (0 = no retention) */
+  data_retention_days: z3.number().int().min(0).default(90),
+  /** Whether to enable output watermarking */
+  watermark_enabled: z3.boolean().default(false),
+  /** Logging level: "none", "errors", "all" */
+  logging_level: z3.enum(["none", "errors", "all"]).default("all"),
+  /** Maximum tokens per request */
+  max_tokens_per_request: z3.number().int().positive().optional(),
+  /** Maximum requests per minute */
+  max_requests_per_minute: z3.number().int().positive().optional(),
+  /** Maximum cost per request in USD */
+  max_cost_per_request_usd: z3.number().positive().optional(),
+  /** Maximum cost per day in USD */
+  max_cost_per_day_usd: z3.number().positive().optional(),
+  /** Session timeout in seconds */
+  session_timeout_seconds: z3.number().int().positive().optional(),
+  /** Require human approval for specific actions */
+  human_approval_required: z3.array(z3.string()).default([]),
+  /** Kill switch configuration */
+  kill_switch: z3.object({
+    enabled: z3.boolean().default(true),
+    channel: z3.enum(["sse", "polling", "file"]).default("sse"),
+    poll_interval_ms: z3.number().int().positive().default(5e3)
+  }).optional(),
+  /** Grounding check configuration (prevent hallucination) */
+  grounding_check: z3.object({
+    enabled: z3.boolean().default(false),
+    confidence_threshold: z3.number().min(0).max(1).default(0.8),
+    action: z3.enum(["block", "warn", "audit"]).default("warn")
+  }).optional()
+});
+var AIRBuildConstraintsSchema = z3.object({
+  /** Require Golden Thread linkage (business justification) */
+  require_golden_thread: z3.boolean().default(true),
+  /** Require asset card for all AI assets */
+  require_asset_card: z3.boolean().default(true),
+  /** Require risk classification */
+  require_risk_classification: z3.boolean().default(true),
+  /** Require model card documentation */
+  require_model_card: z3.boolean().default(false),
+  /** Require security review for high-risk assets */
+  require_security_review: z3.boolean().default(false),
+  /** Minimum risk levels that require security review */
+  security_review_risk_levels: z3.array(z3.enum(["high", "unacceptable"])).default(["high", "unacceptable"]),
+  /** Require governance.lock file */
+  require_governance_lock: z3.boolean().default(true),
+  /** governance.lock must be signed */
+  require_lock_signature: z3.boolean().default(false),
+  /** Block merge on validation failure */
+  block_on_failure: z3.boolean().default(true),
+  /** Generate SARIF report for GitHub Security tab */
+  generate_sarif: z3.boolean().default(true),
+  /** Required approvals before deployment */
+  required_approvals: z3.array(z3.object({
+    role: z3.string(),
+    count: z3.number().int().positive().default(1)
+  })).default([]),
+  /** Allowed deployment environments */
+  allowed_environments: z3.array(z3.string()).default(["development", "staging", "production"]),
+  /** Environment-specific constraints */
+  environment_constraints: z3.record(z3.object({
+    require_approval: z3.boolean().default(false),
+    approvers: z3.array(z3.string()).default([]),
+    require_testing: z3.boolean().default(false),
+    test_coverage_threshold: z3.number().min(0).max(100).optional()
+  })).optional()
+});
+var AIRPolicySourceSchema = z3.object({
+  /** Unique identifier for this source */
+  id: z3.string().min(1),
+  /** Type of source: "pdf", "url", "confluence", "jira", "manual" */
+  type: z3.enum(["pdf", "url", "confluence", "jira", "manual"]),
+  /** URI to the source document */
+  uri: z3.string(),
+  /** SHA-256 hash of the source content */
+  content_hash: z3.string().regex(/^sha256:[a-f0-9]{64}$/),
+  /** When the source was last fetched */
+  fetched_at: z3.string().datetime(),
+  /** Title of the policy document */
+  title: z3.string().optional(),
+  /** Version of the policy document */
+  version: z3.string().optional(),
+  /** Confidence score of extraction (0-1) */
+  extraction_confidence: z3.number().min(0).max(1).optional()
+});
+var AIRMetadataSchema = z3.object({
+  /** When this AIR was generated */
+  generated_at: z3.string().datetime(),
+  /** Tool/system that generated this AIR */
+  generated_by: z3.string().default("aigrc-policy-compiler"),
+  /** Version of the policy compiler */
+  compiler_version: z3.string(),
+  /** Organization this AIR belongs to */
+  organization: z3.string().optional(),
+  /** Environment this AIR is for (e.g., "production", "staging") */
+  environment: z3.string().optional(),
+  /** Human-readable description */
+  description: z3.string().optional(),
+  /** Tags for categorization */
+  tags: z3.array(z3.string()).default([]),
+  /** Custom metadata fields */
+  custom: z3.record(z3.unknown()).optional()
+});
+var AIRSchema = z3.object({
+  /** Schema version for forward compatibility */
+  version: z3.literal("1.0"),
+  /** Unique identifier for this AIR */
+  id: z3.string().uuid(),
+  /** Human-readable name */
+  name: z3.string().min(1).max(200),
+  /** SHA-256 hash of this AIR (computed after serialization) */
+  hash: z3.string().regex(/^sha256:[a-f0-9]{64}$/).optional(),
+  /** Policy sources that contributed to this AIR */
+  policy_sources: z3.array(AIRPolicySourceSchema).default([]),
+  /** Registry constraints (vendor/model/region governance) */
+  registry: AIRRegistryConstraintsSchema.default({}),
+  /** Runtime constraints (execution-time governance) */
+  runtime: AIRRuntimeConstraintsSchema.default({}),
+  /** Build constraints (CI/CD governance) */
+  build: AIRBuildConstraintsSchema.default({}),
+  /** Metadata about this AIR */
+  metadata: AIRMetadataSchema,
+  /** When this AIR expires (forces re-compilation) */
+  expires_at: z3.string().datetime().optional(),
+  /** Digital signatures for verification */
+  signatures: z3.array(z3.object({
+    /** Signer identity (email or system ID) */
+    signer: z3.string(),
+    /** Algorithm used (RS256, ES256) */
+    algorithm: z3.enum(["RS256", "ES256"]),
+    /** Base64-encoded signature */
+    signature: z3.string(),
+    /** When the signature was created */
+    signed_at: z3.string().datetime(),
+    /** Key ID for verification */
+    key_id: z3.string().optional()
+  })).default([])
+});
+function createEmptyAIR(name, compilerVersion = "1.0.0") {
+  return {
+    version: "1.0",
+    id: crypto.randomUUID(),
+    name,
+    policy_sources: [],
+    registry: {
+      allowed_vendors: [],
+      blocked_vendors: [],
+      allowed_regions: [],
+      blocked_regions: [],
+      allowed_models: [],
+      blocked_models: [],
+      require_vendor_approval: true,
+      require_model_approval: true,
+      unknown_vendor_behavior: "request_approval",
+      unknown_model_behavior: "request_approval"
+    },
+    runtime: {
+      data_retention_days: 90,
+      watermark_enabled: false,
+      logging_level: "all",
+      human_approval_required: []
+    },
+    build: {
+      require_golden_thread: true,
+      require_asset_card: true,
+      require_risk_classification: true,
+      require_model_card: false,
+      require_security_review: false,
+      security_review_risk_levels: ["high", "unacceptable"],
+      require_governance_lock: true,
+      require_lock_signature: false,
+      block_on_failure: true,
+      generate_sarif: true,
+      required_approvals: [],
+      allowed_environments: ["development", "staging", "production"]
+    },
+    metadata: {
+      generated_at: (/* @__PURE__ */ new Date()).toISOString(),
+      generated_by: "aigrc-policy-compiler",
+      compiler_version: compilerVersion,
+      tags: []
+    },
+    signatures: []
+  };
+}
+function validateAIR(air) {
+  const result = AIRSchema.safeParse(air);
+  if (result.success) {
+    return { valid: true, errors: [] };
+  }
+  return {
+    valid: false,
+    errors: result.error.errors.map((e) => `${e.path.join(".")}: ${e.message}`)
+  };
+}
+function isVendorAllowed(vendorId, registry2) {
+  if (registry2.blocked_vendors.includes(vendorId)) {
+    return { allowed: false, reason: "Vendor is blocked", requiresApproval: false };
+  }
+  const allowedVendor = registry2.allowed_vendors.find((v) => v.id === vendorId);
+  if (allowedVendor) {
+    if (allowedVendor.status === "approved") {
+      if (allowedVendor.expires_at && new Date(allowedVendor.expires_at) < /* @__PURE__ */ new Date()) {
+        return { allowed: false, reason: "Vendor approval has expired", requiresApproval: true };
+      }
+      return { allowed: true, reason: "Vendor is approved", requiresApproval: false };
+    }
+    if (allowedVendor.status === "pending") {
+      return { allowed: false, reason: "Vendor approval is pending", requiresApproval: true };
+    }
+    return { allowed: false, reason: "Vendor is blocked", requiresApproval: false };
+  }
+  if (registry2.unknown_vendor_behavior === "block") {
+    return { allowed: false, reason: "Unknown vendor (blocked by policy)", requiresApproval: false };
+  }
+  return { allowed: false, reason: "Unknown vendor (requires approval)", requiresApproval: true };
+}
+function isModelAllowed(modelId, vendorId, registry2) {
+  for (const pattern of registry2.blocked_models) {
+    if (matchesPattern2(modelId, pattern)) {
+      return { allowed: false, reason: `Model matches blocked pattern: ${pattern}`, requiresApproval: false };
+    }
+  }
+  const allowedModel = registry2.allowed_models.find(
+    (m) => m.id === modelId && m.vendor_id === vendorId
+  );
+  if (allowedModel) {
+    if (allowedModel.status === "approved") {
+      if (allowedModel.expires_at && new Date(allowedModel.expires_at) < /* @__PURE__ */ new Date()) {
+        return { allowed: false, reason: "Model approval has expired", requiresApproval: true };
+      }
+      return { allowed: true, reason: "Model is approved", requiresApproval: false };
+    }
+    if (allowedModel.status === "pending") {
+      return { allowed: false, reason: "Model approval is pending", requiresApproval: true };
+    }
+    return { allowed: false, reason: "Model is blocked", requiresApproval: false };
+  }
+  const matchingModel = registry2.allowed_models.find(
+    (m) => m.vendor_id === vendorId && m.version_pattern && matchesPattern2(modelId, m.version_pattern)
+  );
+  if (matchingModel && matchingModel.status === "approved") {
+    return { allowed: true, reason: `Model matches approved pattern: ${matchingModel.version_pattern}`, requiresApproval: false };
+  }
+  if (registry2.unknown_model_behavior === "block") {
+    return { allowed: false, reason: "Unknown model (blocked by policy)", requiresApproval: false };
+  }
+  return { allowed: false, reason: "Unknown model (requires approval)", requiresApproval: true };
+}
+function isRegionAllowed(regionCode, registry2) {
+  if (registry2.blocked_regions.includes(regionCode)) {
+    return { allowed: false, reason: "Region is blocked", dataResidency: "none" };
+  }
+  const allowedRegion = registry2.allowed_regions.find((r) => r.code === regionCode);
+  if (allowedRegion) {
+    if (allowedRegion.status === "blocked") {
+      return { allowed: false, reason: "Region is blocked", dataResidency: "none" };
+    }
+    if (allowedRegion.status === "restricted") {
+      return { allowed: true, reason: "Region is restricted (requires approval)", dataResidency: allowedRegion.data_residency };
+    }
+    return { allowed: true, reason: "Region is allowed", dataResidency: allowedRegion.data_residency };
+  }
+  if (registry2.allowed_regions.length === 0) {
+    return { allowed: true, reason: "No region restrictions", dataResidency: "none" };
+  }
+  return { allowed: false, reason: "Region not in allowed list", dataResidency: "none" };
+}
+function matchesPattern2(value, pattern) {
+  if (pattern === "*") {
+    return true;
+  }
+  if (pattern.endsWith("*")) {
+    return value.startsWith(pattern.slice(0, -1));
+  }
+  if (pattern.startsWith("*")) {
+    return value.endsWith(pattern.slice(1));
+  }
+  return value === pattern;
+}
+
+// src/governance-lock/index.ts
+import { z as z4 } from "zod";
+import * as yaml2 from "yaml";
+var GovernanceLockSignatureSchema = z4.object({
+  /** Signer identity (email or system ID) */
+  signer: z4.string().min(1),
+  /** Role of the signer (e.g., "CISO", "PolicyOwner", "SecurityLead") */
+  role: z4.string().optional(),
+  /** Algorithm used: RS256 (RSA-SHA256) or ES256 (ECDSA-P256) */
+  algorithm: z4.enum(["RS256", "ES256"]),
+  /** Base64-encoded signature */
+  signature: z4.string().min(1),
+  /** When the signature was created */
+  signed_at: z4.string().datetime(),
+  /** Key ID for key rotation support */
+  key_id: z4.string().optional(),
+  /** Expiration of this signature (optional, separate from lock expiration) */
+  expires_at: z4.string().datetime().optional(),
+  /** Certificate chain for verification (optional) */
+  certificate_chain: z4.array(z4.string()).optional()
+});
+var GovernanceLockPolicySourceSchema = z4.object({
+  /** Unique identifier for this source */
+  id: z4.string().min(1),
+  /** Type of source */
+  type: z4.enum(["pdf", "url", "confluence", "jira", "manual"]),
+  /** URI to the source document */
+  uri: z4.string(),
+  /** SHA-256 hash of the source content at time of compilation */
+  content_hash: z4.string().regex(/^sha256:[a-f0-9]{64}$/),
+  /** When the source was fetched */
+  fetched_at: z4.string().datetime(),
+  /** Title of the policy document */
+  title: z4.string().optional(),
+  /** Version of the policy document */
+  version: z4.string().optional()
+});
+var GovernanceLockRegistryConstraintsSchema = z4.object({
+  /** List of approved vendor IDs */
+  allowed_vendor_ids: z4.array(z4.string()).default([]),
+  /** List of blocked vendor IDs */
+  blocked_vendor_ids: z4.array(z4.string()).default([]),
+  /** List of approved region codes */
+  allowed_region_codes: z4.array(z4.string()).default([]),
+  /** List of blocked region codes */
+  blocked_region_codes: z4.array(z4.string()).default([]),
+  /** List of approved model patterns */
+  allowed_model_patterns: z4.array(z4.string()).default([]),
+  /** List of blocked model patterns */
+  blocked_model_patterns: z4.array(z4.string()).default([]),
+  /** Maximum model parameters allowed */
+  max_model_parameters: z4.number().positive().optional()
+});
+var GovernanceLockRuntimeConstraintsSchema = z4.object({
+  /** Whether PII filtering is required */
+  pii_filter_enabled: z4.boolean().default(false),
+  /** PII filter action */
+  pii_filter_action: z4.enum(["redact", "block", "warn", "audit"]).optional(),
+  /** Whether toxicity filtering is required */
+  toxicity_filter_enabled: z4.boolean().default(false),
+  /** Toxicity threshold */
+  toxicity_threshold: z4.number().min(0).max(1).optional(),
+  /** Data retention period in days */
+  data_retention_days: z4.number().int().min(0).default(90),
+  /** Whether watermarking is required */
+  watermark_enabled: z4.boolean().default(false),
+  /** Logging level */
+  logging_level: z4.enum(["none", "errors", "all"]).default("all"),
+  /** Maximum tokens per request */
+  max_tokens_per_request: z4.number().int().positive().optional(),
+  /** Maximum cost per day in USD */
+  max_cost_per_day_usd: z4.number().positive().optional(),
+  /** Kill switch enabled */
+  kill_switch_enabled: z4.boolean().default(true)
+});
+var GovernanceLockBuildConstraintsSchema = z4.object({
+  /** Require Golden Thread linkage */
+  require_golden_thread: z4.boolean().default(true),
+  /** Require asset card */
+  require_asset_card: z4.boolean().default(true),
+  /** Require risk classification */
+  require_risk_classification: z4.boolean().default(true),
+  /** Require model card */
+  require_model_card: z4.boolean().default(false),
+  /** Require security review for high risk */
+  require_security_review: z4.boolean().default(false),
+  /** Block merge on validation failure */
+  block_on_failure: z4.boolean().default(true),
+  /** Generate SARIF report */
+  generate_sarif: z4.boolean().default(true),
+  /** Allowed environments */
+  allowed_environments: z4.array(z4.string()).default(["development", "staging", "production"])
+});
+var GovernanceLockConstraintsSchema = z4.object({
+  /** Registry constraints (vendor/model/region) */
+  registry: GovernanceLockRegistryConstraintsSchema.default({}),
+  /** Runtime constraints */
+  runtime: GovernanceLockRuntimeConstraintsSchema.default({}),
+  /** Build constraints */
+  build: GovernanceLockBuildConstraintsSchema.default({})
+});
+var GovernanceLockSchema = z4.object({
+  /** Schema version for forward compatibility */
+  version: z4.literal("1.0"),
+  /** When this lock file was generated */
+  generated_at: z4.string().datetime(),
+  /** SHA-256 hash of the compiled policy (AIR) */
+  policy_hash: z4.string().regex(/^sha256:[a-f0-9]{64}$/),
+  /** Name of this policy lock */
+  name: z4.string().min(1).max(200).optional(),
+  /** Description of this lock file */
+  description: z4.string().max(500).optional(),
+  /** Policy sources that contributed to this lock */
+  policy_sources: z4.array(GovernanceLockPolicySourceSchema).default([]),
+  /** Compiled constraints (subset of AIR) */
+  constraints: GovernanceLockConstraintsSchema.default({}),
+  /** Digital signatures from policy owners */
+  signatures: z4.array(GovernanceLockSignatureSchema).default([]),
+  /** When this lock file expires (forces re-compilation) */
+  expires_at: z4.string().datetime(),
+  /** Tool/system that generated this lock */
+  generated_by: z4.string().default("aigrc-policy-compiler"),
+  /** Version of the generator */
+  generator_version: z4.string().default("1.0.0"),
+  /** Organization this lock belongs to */
+  organization: z4.string().optional(),
+  /** Environment this lock is for */
+  environment: z4.string().optional(),
+  /** Reference to the full AIR document (optional) */
+  air_reference: z4.object({
+    /** AIR document ID */
+    id: z4.string().uuid(),
+    /** AIR document location (URI) */
+    location: z4.string().optional(),
+    /** AIR document hash */
+    hash: z4.string().regex(/^sha256:[a-f0-9]{64}$/)
+  }).optional(),
+  /** Custom metadata fields */
+  metadata: z4.record(z4.unknown()).optional()
+});
+async function computeHash(data) {
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(data);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", dataBuffer);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const hashHex = hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+  return `sha256:${hashHex}`;
+}
+async function createGovernanceLock(air, options = {}) {
+  const now = /* @__PURE__ */ new Date();
+  const expiresAt = new Date(now);
+  expiresAt.setDate(expiresAt.getDate() + (options.expiresInDays ?? 30));
+  const airForHashing = { ...air, signatures: [] };
+  const policyHash = await computeHash(JSON.stringify(airForHashing));
+  const constraints = {
+    registry: {
+      allowed_vendor_ids: air.registry.allowed_vendors.map((v) => v.id),
+      blocked_vendor_ids: air.registry.blocked_vendors,
+      allowed_region_codes: air.registry.allowed_regions.map((r) => r.code),
+      blocked_region_codes: air.registry.blocked_regions,
+      allowed_model_patterns: air.registry.allowed_models.map((m) => m.version_pattern ?? m.id),
+      blocked_model_patterns: air.registry.blocked_models,
+      max_model_parameters: air.registry.max_model_parameters
+    },
+    runtime: {
+      pii_filter_enabled: air.runtime.pii_filter?.enabled ?? false,
+      pii_filter_action: air.runtime.pii_filter?.action,
+      toxicity_filter_enabled: air.runtime.toxicity_filter?.enabled ?? false,
+      toxicity_threshold: air.runtime.toxicity_filter?.threshold,
+      data_retention_days: air.runtime.data_retention_days,
+      watermark_enabled: air.runtime.watermark_enabled,
+      logging_level: air.runtime.logging_level,
+      max_tokens_per_request: air.runtime.max_tokens_per_request,
+      max_cost_per_day_usd: air.runtime.max_cost_per_day_usd,
+      kill_switch_enabled: air.runtime.kill_switch?.enabled ?? true
+    },
+    build: {
+      require_golden_thread: air.build.require_golden_thread,
+      require_asset_card: air.build.require_asset_card,
+      require_risk_classification: air.build.require_risk_classification,
+      require_model_card: air.build.require_model_card,
+      require_security_review: air.build.require_security_review,
+      block_on_failure: air.build.block_on_failure,
+      generate_sarif: air.build.generate_sarif,
+      allowed_environments: air.build.allowed_environments
+    }
+  };
+  const policySources = air.policy_sources.map((s) => ({
+    id: s.id,
+    type: s.type,
+    uri: s.uri,
+    content_hash: s.content_hash,
+    fetched_at: s.fetched_at,
+    title: s.title,
+    version: s.version
+  }));
+  return {
+    version: "1.0",
+    generated_at: now.toISOString(),
+    policy_hash: policyHash,
+    name: options.name ?? air.name,
+    description: options.description,
+    policy_sources: policySources,
+    constraints,
+    signatures: [],
+    expires_at: expiresAt.toISOString(),
+    generated_by: air.metadata.generated_by,
+    generator_version: air.metadata.compiler_version,
+    organization: options.organization ?? air.metadata.organization,
+    environment: options.environment ?? air.metadata.environment,
+    air_reference: {
+      id: air.id,
+      hash: policyHash
+    }
+  };
+}
+function validateGovernanceLock(lock, options = {}) {
+  const errors = [];
+  const warnings = [];
+  const parseResult = GovernanceLockSchema.safeParse(lock);
+  if (!parseResult.success) {
+    return {
+      valid: false,
+      errors: parseResult.error.errors.map((e) => `${e.path.join(".")}: ${e.message}`),
+      warnings: [],
+      expired: false,
+      daysUntilExpiration: 0,
+      signed: false,
+      validSignatureCount: 0,
+      policyHashValid: false
+    };
+  }
+  const parsed = parseResult.data;
+  const now = /* @__PURE__ */ new Date();
+  const expiresAt = new Date(parsed.expires_at);
+  const daysUntilExpiration = Math.ceil((expiresAt.getTime() - now.getTime()) / (1e3 * 60 * 60 * 24));
+  const expired = expiresAt < now;
+  if (options.checkExpiration !== false && expired) {
+    errors.push(`Lock file expired on ${parsed.expires_at}`);
+  }
+  if (daysUntilExpiration > 0 && daysUntilExpiration <= 7) {
+    warnings.push(`Lock file expires in ${daysUntilExpiration} days`);
+  }
+  const signed = parsed.signatures.length > 0;
+  if (options.requireSignatures && !signed) {
+    errors.push("Lock file requires at least one signature");
+  }
+  let validSignatureCount = 0;
+  for (const sig of parsed.signatures) {
+    if (sig.expires_at) {
+      const sigExpiresAt = new Date(sig.expires_at);
+      if (sigExpiresAt < now) {
+        warnings.push(`Signature from ${sig.signer} has expired`);
+      } else {
+        validSignatureCount++;
+      }
+    } else {
+      validSignatureCount++;
+    }
+  }
+  let policyHashValid = true;
+  if (options.expectedPolicyHash) {
+    if (parsed.policy_hash !== options.expectedPolicyHash) {
+      errors.push(`Policy hash mismatch: expected ${options.expectedPolicyHash}, got ${parsed.policy_hash}`);
+      policyHashValid = false;
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings,
+    expired,
+    daysUntilExpiration,
+    signed,
+    validSignatureCount,
+    policyHashValid
+  };
+}
+function parseGovernanceLockYAML(content) {
+  const parsed = yaml2.parse(content);
+  return GovernanceLockSchema.parse(parsed);
+}
+function parseGovernanceLockJSON(content) {
+  const parsed = JSON.parse(content);
+  return GovernanceLockSchema.parse(parsed);
+}
+function serializeGovernanceLockYAML(lock) {
+  return yaml2.stringify(lock, {
+    indent: 2,
+    lineWidth: 120
+  });
+}
+function serializeGovernanceLockJSON(lock, pretty = true) {
+  return pretty ? JSON.stringify(lock, null, 2) : JSON.stringify(lock);
+}
+function isGovernanceLockExpired(lock) {
+  return new Date(lock.expires_at) < /* @__PURE__ */ new Date();
+}
+function getDaysUntilExpiration(lock) {
+  const now = /* @__PURE__ */ new Date();
+  const expiresAt = new Date(lock.expires_at);
+  return Math.ceil((expiresAt.getTime() - now.getTime()) / (1e3 * 60 * 60 * 24));
+}
+function isVendorAllowedByLock(vendorId, lock) {
+  const { registry: registry2 } = lock.constraints;
+  if (registry2.blocked_vendor_ids.includes(vendorId)) {
+    return false;
+  }
+  if (registry2.allowed_vendor_ids.length > 0) {
+    return registry2.allowed_vendor_ids.includes(vendorId);
+  }
+  return true;
+}
+function isModelAllowedByLock(modelId, lock) {
+  const { registry: registry2 } = lock.constraints;
+  for (const pattern of registry2.blocked_model_patterns) {
+    if (matchesPattern3(modelId, pattern)) {
+      return false;
+    }
+  }
+  if (registry2.allowed_model_patterns.length > 0) {
+    return registry2.allowed_model_patterns.some(
+      (pattern) => matchesPattern3(modelId, pattern)
+    );
+  }
+  return true;
+}
+function isRegionAllowedByLock(regionCode, lock) {
+  const { registry: registry2 } = lock.constraints;
+  if (registry2.blocked_region_codes.includes(regionCode)) {
+    return false;
+  }
+  if (registry2.allowed_region_codes.length > 0) {
+    return registry2.allowed_region_codes.includes(regionCode);
+  }
+  return true;
+}
+function matchesPattern3(value, pattern) {
+  if (pattern === "*") {
+    return true;
+  }
+  if (pattern.endsWith("*")) {
+    return value.startsWith(pattern.slice(0, -1));
+  }
+  if (pattern.startsWith("*")) {
+    return value.endsWith(pattern.slice(1));
+  }
+  return value === pattern;
+}
+function createSigningPayload(lock) {
+  const forSigning = {
+    version: lock.version,
+    generated_at: lock.generated_at,
+    policy_hash: lock.policy_hash,
+    expires_at: lock.expires_at,
+    constraints: lock.constraints
+  };
+  return JSON.stringify(forSigning);
+}
+function addSignature(lock, signature) {
+  return {
+    ...lock,
+    signatures: [...lock.signatures, signature]
+  };
+}
+
 // src/utils.ts
 function formatDate(date) {
   return date.toISOString();
@@ -2205,60 +4213,164 @@ function slugify(text) {
   return text.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/(^-|-$)/g, "");
 }
 export {
+  AIRBuildConstraintsSchema,
+  AIRMetadataSchema,
+  AIRModelSchema,
+  AIRPIIFilterConfigSchema,
+  AIRPolicySourceSchema,
+  AIRRegionSchema,
+  AIRRegistryConstraintsSchema,
+  AIRRuntimeConstraintsSchema,
+  AIRSchema,
+  AIRToxicityFilterConfigSchema,
+  AIRVendorSchema,
+  AigrcConfigSchema,
+  AigrcIntegrationsConfigSchema,
+  AigrcRuntimeConfigSchema,
   ApprovalSchema,
+  AssetCardRuntimeSchema,
   AssetCardSchema,
+  CONFIG_ENV_VAR,
+  CONFIG_FILE_NAMES,
+  CapabilitiesManifestSchema,
   ClassificationSchema,
   ConfidenceLevelSchema,
   ConstraintsSchema,
   ControlStatusSchema,
   DetectionStrategySchema,
   FrameworkCategorySchema,
+  GoldenThreadSchema,
+  GovernanceLockBuildConstraintsSchema,
+  GovernanceLockConstraintsSchema,
+  GovernanceLockPolicySourceSchema,
+  GovernanceLockRegistryConstraintsSchema,
+  GovernanceLockRuntimeConstraintsSchema,
+  GovernanceLockSchema,
+  GovernanceLockSignatureSchema,
   GovernanceSchema,
+  GovernanceTokenCapabilityClaimsSchema,
+  GovernanceTokenControlClaimsSchema,
+  GovernanceTokenGovernanceClaimsSchema,
+  GovernanceTokenIdentityClaimsSchema,
+  GovernanceTokenLineageClaimsSchema,
+  GovernanceTokenPayloadSchema,
   IntentSchema,
   JurisdictionClassificationSchema,
+  KillSwitchCommandSchema,
+  KillSwitchCommandTypeSchema,
+  LineageSchema,
+  MAX_INHERITANCE_DEPTH,
   MODEL_EXTENSIONS,
+  OperatingModeSchema,
   OwnerSchema,
+  PolicyCapabilitiesSchema,
+  PolicyFileSchema,
+  PolicyResolutionError,
+  PolicyRuleEffectSchema,
+  PolicyRuleSchema,
   RiskFactorsSchema,
+  RiskLevelSchema,
+  RuntimeIdentitySchema,
   TechnicalSchema,
   TrustworthinessCharacteristicSchema,
   TrustworthinessSchema,
   addJurisdiction,
+  addSignature,
   analyzeImports,
   applyImplicationChains,
   classifyRisk,
   clearRegistry,
+  compareRiskLevels,
+  computeCanonicalString,
+  computeGoldenThreadHash,
+  computeGoldenThreadHashSync,
+  computeHash,
   createAssetCard,
+  createDefaultConfig,
+  createEmptyAIR,
+  createGoldenThread,
+  createGoldenThreadSync,
+  createGovernanceLock,
   createImplication,
+  createPolicyRepository,
+  createPolicySelector,
+  createSigningPayload,
   detectAnnotations,
+  discoverAssets,
+  discoverConfig,
+  discoverConfigSync,
+  discoverPolicies,
+  evaluatePolicy,
+  extractGoldenThreadComponents,
   formatDate,
   generateAssetId,
   getAllPatterns,
+  getCurrentEnvironment,
+  getDaysUntilExpiration,
+  getEnvironmentConfig,
+  getMaxRiskLevel,
+  getMinRiskLevel,
   getPattern,
   getPatternsByCategory,
   getPatternsByLanguage,
+  getRiskLevelOrdinal,
+  getRiskLevelsAtLeast,
+  getRiskLevelsAtMost,
   inferRiskFactors,
   initializePatterns,
+  isDomainAllowed,
+  isGovernanceLockExpired,
+  isModelAllowed,
+  isModelAllowedByLock,
   isModelFile,
+  isRegionAllowed,
+  isRegionAllowedByLock,
   isRegistryInitialized,
+  isRiskLevelAtLeast,
+  isRiskLevelAtMost,
+  isToolAllowed,
+  isValidRiskLevel,
+  isVendorAllowed,
+  isVendorAllowedByLock,
   javascriptPatterns,
   linkAssetToTicket,
+  loadAsset,
   loadAssetCard,
+  loadAssetFromPath,
+  loadPolicy,
+  mapToEuAiActCategory,
   matchPatterns,
+  mergePolicies,
   modelFilePatterns,
   parseDate,
+  parseGovernanceLockJSON,
+  parseGovernanceLockYAML,
+  parseRiskLevel,
+  parseSignature,
   pythonPatterns,
   registerPattern,
   resetPatterns,
+  resolvePolicy,
   riskIndicatorPatterns,
   saveAssetCard,
   scan,
   scanFileExtension,
   scanSync,
+  selectPolicy,
+  serializeGovernanceLockJSON,
+  serializeGovernanceLockYAML,
+  signGoldenThread,
   slugify,
   suggestAssetCard,
   updateJurisdictionCompliance,
+  validateAIR,
   validateAssetCard,
   validateGoldenThread,
-  validateRiskFactors
+  validateGovernanceLock,
+  validateRiskFactors,
+  verifyGoldenThreadHash,
+  verifyGoldenThreadHashSync,
+  verifyGoldenThreadSignature,
+  verifyGoldenThreadSignatureSync
 };
 //# sourceMappingURL=index.mjs.map