@aikdna/kdna-studio-core 1.4.2 → 1.5.1

package/README.md

@@ -1,10 +1,10 @@
 # KDNA Studio Core
 
-**KDNA Studio turns raw human experience into AI-loadable cognitive kernels.**
+**KDNA Studio Core is the judgment asset refinery.** It turns scattered notes, documents, works, and feedback into loadable .kdna judgment assets — not by compressing content, but by distilling the stable judgment patterns embedded within it.
 
-AI may propose judgment candidates. Humans must confirm judgment. Only human-locked judgment can compile into KDNA.
+AI may propose judgment candidates from content analysis. Humans must confirm judgment. Only human-locked judgment can compile into KDNA.
 
-Open-source Studio-compatible authoring kernel for creating trusted `.kdna` assets — JS/npm package. AI can propose. Humans confirm. Only locked judgment compiles.
+Open-source Studio-compatible authoring kernel for creating trusted `.kdna` assets — JS/npm package. Supports two authoring paths: interview-first (expert self-expression) and distillation-first (pattern extraction from existing content). Both end with Human Judgment Lock.
 
 **KDNA Studio Core is the JS authoring kernel.** It is not a UI tool and not a CLI package. It is a pure-logic engine for creating KDNA judgment cards, Human Locks, compiler output, and authoring provenance from JavaScript applications and Studio-compatible tools.
 
@@ -13,6 +13,11 @@ Studio-compatible authoring pipeline that performs human confirmation,
 validation, canonicalization, identity generation, digest computation, signing,
 optional encryption, and provenance recording.
 
+**Hard boundary:** Optional encryption, when supported, MUST be represented as
+protected entries inside the `.kdna` container (RFC-0008). App-private encrypted
+envelopes or transfer wrappers that cannot be opened by KDNA Core are NOT
+conforming KDNA runtime assets.
+
 | Library | Language | Role |
 |---------|----------|------|
 | `@aikdna/kdna-cli` | JS/npm | **Operate** KDNA — install, verify, load, compare, publish |
@@ -24,6 +29,9 @@ optional encryption, and provenance recording.
 
 - **Project Model** — `studio.project.json` with full metadata, provenance tracking
 - **Evidence Room** — import raw material (text, markdown, interviews, cases)
+- **Distillation Target** — declare domain category, owner scope, granularity, task scope, include/exclude areas, and load condition before extraction
+- **Evidence Relevance** — classify source material as relevant, weakly relevant, out-of-scope, or split-domain before distillation
+- **Scope Gate** — mark candidates with `scope_fit`, relevance score, and suggested split domain before they can become cards
 - **Judgment Cards** — 8 card types: axiom, ontology, stance, framework, misunderstanding, self_check, banned_term, terminology
 - **Human Lock** — AI proposes, human confirms. Only locked cards compile.
 - **Authoring Provenance** — every compiled manifest records Studio-compatible
@@ -49,6 +57,15 @@ optional encryption, and provenance recording.
 Evidence Room → Judgment Cards → Human Lock → Quality Gate → Compile → Validate → Export
 ```
 
+For distillation-first authoring, the flow starts with an explicit target:
+
+```
+Declare Domain + Scope → Import Evidence → Classify Relevance → Distill Candidates
+  → Scope Gate → Human Review → Promote to Cards → Human Lock → Compile → Export
+```
+
+A single `.kdna` asset should stay scoped to one domain and loading condition. If a task needs several judgment domains, create multiple domain assets and compose them through a KDNA Cluster rather than making one broad file.
+
 ## Install
 
 ```bash
@@ -63,6 +80,17 @@ The command-line authoring entry is a separate package:
 npm install -g @aikdna/kdna-studio-cli
 kdna-studio create my_domain --name @yourscope/my_domain
 kdna-studio import my_domain ./notes.md
+kdna-studio target declare my_domain \
+  --category expression_writing \
+  --scope personal \
+  --granularity core_principles \
+  --task "longform article review" \
+  --include "argument structure,tone,revision" \
+  --exclude "life habits,food preference"
+kdna-studio source classify my_domain
+kdna-studio distill my_domain --candidates candidates.json
+kdna-studio candidate accept my_domain <candidate-id>
+kdna-studio candidate promote my_domain
 kdna-studio card add my_domain axiom \
   --field one_sentence="Judgment principle" \
   --field full_statement="What the agent should do differently" \
@@ -79,15 +107,31 @@ kdna publish dist/my_domain.kdna
 ## Quick Start
 
 ```js
-const { createProject, createCard, lockCard, compileDomain } = require('@aikdna/kdna-studio-core');
+const {
+  project: projectApi,
+  cards: cardApi,
+  distillation
+} = require('@aikdna/kdna-studio-core');
 
 // 1. Create a project
-const project = createProject('writing_judgment', 'domain', {
+const project = projectApi.createProject('writing_judgment', 'domain', {
   author: { name: 'Writing Expert', id: 'writer_001' }
 });
 
+// Optional: declare a distillation target before extracting from evidence.
+const target = distillation.createDistillationTarget({
+  domainName: 'writing_judgment',
+  domainCategory: 'expression_writing',
+  ownerScope: 'personal',
+  granularity: 'core_principles',
+  taskScope: 'longform article diagnosis and revision',
+  includeAreas: ['argument structure', 'reader framing', 'evidence density'],
+  excludeAreas: ['life habits', 'food preference']
+});
+project.distillation_target = target;
+
 // 2. Create judgment cards
-const card = createCard('axiom', {
+const card = cardApi.createCard('axiom', {
   one_sentence: 'Most writing problems are structural, not language-level.',
   full_statement: 'When reviewing content, diagnose structure before language.',
   why: 'Surface polishing on structurally weak content wastes effort.',
@@ -98,18 +142,17 @@ const card = createCard('axiom', {
 project.cards.push(card);
 
 // 3. Human Lock
-const locked = lockCard(card, {
+const locked = cardApi.lockCard(card, {
   by: 'writer_001',
   statement: 'This represents my professional writing judgment.',
   checked: { applies_when: true, does_not_apply_when: true, failure_risk: true }
 });
 
 // 4. Check readiness
-const { checkHumanLockGate, exportProject } = require('@aikdna/kdna-studio-core');
-const gate = checkHumanLockGate(project);
+const gate = projectApi.checkHumanLockGate(project);
 if (!gate.blocked) {
   // 5. Export
-  const json = exportProject(project);
+  const json = projectApi.exportProject(project);
   console.log('Ready to publish');
 }
 ```
@@ -162,7 +205,7 @@ KDNA Studio Core is open source. Official KDNA Studio App, hosted collaboration,
 
 ## Related
 
-- [KDNA Protocol](https://github.com/aikdna/kdna) — Specification
+- [KDNA Core](https://github.com/aikdna/kdna) — Official format
 - [kdna-cli](https://github.com/aikdna/kdna-cli) — CLI tools
 - [kdna-core-swift](https://github.com/aikdna/kdna-core-swift) — Swift runtime for macOS/iOS
 - [aikdna.com](https://aikdna.com) — Website

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikdna/kdna-studio-core",
-  "version": "1.4.2",
+  "version": "1.5.1",
   "description": "Studio-compatible authoring kernel for Human Lock, compile, and export of trusted .kdna assets.",
   "type": "commonjs",
   "main": "src/index.js",
@@ -24,7 +24,8 @@
     "validate"
   ],
   "dependencies": {
-    "@aikdna/kdna-core": "^0.6.0"
+    "@aikdna/kdna-core": "^0.9.1",
+    "cbor-x": "^1.6.4"
   },
   "engines": {
     "node": ">=18"

package/src/cards/index.js

@@ -12,7 +12,7 @@
 const { cardJudgmentFingerprint } = require('../judgment-fields');
 
 const VALID_STATES = ['draft', 'revised', 'locked', 'tested', 'published', 'deprecated'];
-const CARD_TYPES = ['axiom', 'ontology', 'misunderstanding', 'boundary', 'self_check', 'risk', 'aesthetic', 'scenario', 'case'];
+const CARD_TYPES = ['axiom', 'ontology', 'misunderstanding', 'boundary', 'self_check', 'risk', 'aesthetic', 'scenario', 'case', 'stance', 'framework', 'term', 'banned_term', 'reasoning', 'evolution_stage'];
 
 const TRANSITIONS = {
   draft: ['revised', 'deprecated'],
@@ -66,7 +66,7 @@ function lockCard(card, lockPayload) {
   if (!lockPayload.checked?.does_not_apply_when) throw new Error('Must confirm does_not_apply_when reviewed');
   if (!lockPayload.checked?.failure_risk) throw new Error('Must confirm failure_risk reviewed');
 
-  // Schema gate: axiom cards MUST have full_statement and why per KDNA SPEC
+  // Schema gate per KDNA SPEC
   if (card.type === 'axiom') {
     if (!card.fields?.full_statement || card.fields.full_statement.length < 20) {
       throw new Error(`Axiom ${card.id} cannot be locked: missing or too-short full_statement. SPEC requires a complete, testable explanation.`);
@@ -75,6 +75,11 @@ function lockCard(card, lockPayload) {
       throw new Error(`Axiom ${card.id} cannot be locked: missing or too-short why. SPEC requires an explanation of failure mode.`);
     }
   }
+  if (card.type === 'misunderstanding') {
+    if (!card.fields?.key_distinction || card.fields.key_distinction.length < 20) {
+      throw new Error(`Misunderstanding ${card.id} cannot be locked: missing or too-short key_distinction. SPEC requires a clear conceptual boundary.`);
+    }
+  }
 
   const lockedCard = { ...card, fields: { ...card.fields } };
   lockedCard.human_lock = {

package/src/compile/index.js

@@ -1,16 +1,15 @@
 /**
  * Compile locked cards into KDNA domain JSON files — SPEC-compatible output.
  *
- * KDNA SPEC v1.0-rc requirements:
- *   - Every file MUST have meta: { version, domain, created, purpose, load_condition }
- *   - Minimum output: KDNA_Core.json + KDNA_Patterns.json
- *   - Maximum 6 KDNA JSON files per domain
- *   - KDNA_Scenarios.json: { meta, scenes[] }
- *   - KDNA_Reasoning.json: { meta, reasoning_chains[] }
- *   - KDNA_Evolution.json: { meta, stages[], capability_layers[], measurements[] }
+ * KDNA Container:
+ *   - Judgment content is encoded as CBOR payload (payload.kdnab)
+ *   - Individual KDNA_Core.json etc. are NOT exposed as ZIP entries
+ *   - kdna.json manifest contains metadata only, no judgment content
  *
  * Only locked cards enter compilation. Draft/Revised excluded silently.
  */
+
+const cbor = require('cbor-x');
 const crypto = require('crypto');
 
 function uuidv7() {
@@ -240,8 +239,8 @@ function compileManifest(project, files, identity = null) {
     .digest('hex');
   const manifest = {
     format: 'kdna',
-    format_version: '1.0',
-    spec_version: '1.0-rc',
+    format_version: '2.0',
+    spec_version: '2.0',
     name: project.name,
     domain_id: assetIdentity.domain_id,
     asset_uid: assetIdentity.asset_uid,
@@ -259,6 +258,17 @@ function compileManifest(project, files, identity = null) {
     license: project.license || { type: 'CC-BY-4.0' },
     description: project.release?.description || project.name,
     file_count: kdnaFileCount,
+    container: {
+      type: 'kdna-container-v2',
+      payload: 'payload.kdnab',
+      payload_encoding: 'cbor',
+      payload_schema: 'kdna-payload-v2',
+      payload_digest: `sha256:${crypto.createHash('sha256').update(files['payload.kdnab']).digest('hex')}`,
+    },
+    runtime: {
+      min_runtime_version: '0.3.0',
+      load_contract: 'context-capsule-v1',
+    },
     creator: project.creator_identity ? {
       creator_id: project.creator_identity.creator_id,
       display_name: project.creator_identity.display_name,
@@ -405,8 +415,28 @@ function buildReports(project, files, identity, provenance, stats) {
   };
 }
 
-function compileDomain(project) {
+function compileDomain(project, options = {}) {
   const cards = project.cards || [];
+
+  // ── Empty-domain gate (PR-2) ────────────────────────────────────
+  // A KDNA domain with no locked judgment content of any kind is not a
+  // domain — it is a content-shaped empty file. Refuse to compile so the
+  // downstream Registry / Lab / Studio export never advertises an empty
+  // judgment asset as "successfully compiled".
+  const lockedCards = cards.filter(c => c.locked);
+  const hasJudgmentContent = lockedCards.some(c =>
+    ['axiom', 'misunderstanding', 'scenario', 'case', 'self_check', 'boundary', 'risk', 'ontology', 'aesthetic'].includes(c.type)
+  );
+  if (!hasJudgmentContent) {
+    const err = new Error(
+      'refusing to compile empty KDNA domain: no locked judgment content ' +
+      `(axiom / misunderstanding / scenario / case / self_check / boundary / risk / ontology / aesthetic). ` +
+      `Found ${lockedCards.length} locked card(s) and ${cards.length} total card(s).`
+    );
+    err.code = 'EMPTY_DOMAIN';
+    throw err;
+  }
+
   const core = compileCore(cards, project);
   const patterns = compilePatterns(cards, project);
   const scenarios = compileScenarios(cards, project);
@@ -414,13 +444,50 @@ function compileDomain(project) {
   const reasoning = compileReasoning(cards, project);
   const evolution = compileEvolution(cards, project);
 
+  // ── RFC-0013 §3.1/§3.2 Compile Gates (PR-3) ───────────────────
+  // Run the Source Authority Graph gate and the Truth Charter gate
+  // BEFORE packaging. PR-2: strictAuthority now defaults to true so
+  // missing/unstable SAG/TC are surfaced as gate errors that block
+  // compilation. Pass options.strictAuthority = false to opt out
+  // (legacy workspaces only).
+  const strictAuthority = options.strictAuthority !== false;
+  const { runSagGate } = require('./source-authority-gate');
+  const { runTcGate } = require('./truth-charter-gate');
+  const sag = runSagGate(options.sourceAuthority, { strict: strictAuthority });
+  const tc = runTcGate(options.truthCharter, {
+    strict: strictAuthority,
+    sourceAuthority: options.sourceAuthority || null,
+    patterns: patterns || null,
+  });
+  const gates = { sag, tc, strict_authority: strictAuthority };
+  // Gate policy: strictAuthority=true + any gate.status === 'fail' => throw.
+  if (strictAuthority && (sag.status === 'fail' || tc.status === 'fail')) {
+    const allErrors = [...sag.errors, ...tc.errors];
+    const err = new Error(
+      `Strict-authority compile failed. ${allErrors.length} gate error(s):\n` +
+        allErrors.map((e) => `  - ${e}`).join('\n'),
+    );
+    err.code = 'GATE_FAIL';
+    err.gates = gates;
+    throw err;
+  }
+
   const files = {};
-  files['KDNA_Core.json'] = JSON.stringify(core, null, 2);
-  files['KDNA_Patterns.json'] = JSON.stringify(patterns, null, 2);
-  if (scenarios) files['KDNA_Scenarios.json'] = JSON.stringify(scenarios, null, 2);
-  if (cases) files['KDNA_Cases.json'] = JSON.stringify(cases, null, 2);
-  if (reasoning) files['KDNA_Reasoning.json'] = JSON.stringify(reasoning, null, 2);
-  if (evolution) files['KDNA_Evolution.json'] = JSON.stringify(evolution, null, 2);
+
+  // Encode judgment as CBOR payload
+  const payload = {
+    kind: 'kdna.payload',
+    payload_version: '2.0',
+    domain: { name: project.name, version: (project.release && project.release.version) || '0.1.0' },
+    judgment: { core, patterns },
+    profiles: {},
+    integrity: {},
+  };
+  if (scenarios) payload.judgment.scenarios = scenarios;
+  if (cases) payload.judgment.cases = cases;
+  if (reasoning) payload.judgment.reasoning = reasoning;
+  if (evolution) payload.judgment.evolution = evolution;
+  files['payload.kdnab'] = cbor.encode(payload);
 
   // ── KDNA Card (governance metadata) ─────────────────────────────
   // Must be added BEFORE digest computation so it is included in content_digest.
@@ -455,6 +522,7 @@ function compileDomain(project) {
     files,
     stats,
     identity,
+    gates,
   };
 }
 
@@ -520,7 +588,7 @@ function generateReadme(project, options = {}) {
 
   if (lockedSelfChecks.length > 0) {
     lines.push('## Eval Score'); lines.push('');
-    lines.push(`- quality_badge: ${tests.filter(t => t.result === 'with_kdna_better').length >= 5 ? 'tested' : 'untested'}`);
+    lines.push(`- quality_badge: ${tests.filter(t => t.result === 'with_kdna_better').length >= 3 ? 'tested' : 'untested'}`);
     lines.push(`- eval cases: ${tests.length}`);
     lines.push('');
   }
@@ -537,4 +605,4 @@ function generateReadme(project, options = {}) {
   return lines.join('\n');
 }
 
-module.exports = { compileDomain, compileCore, compilePatterns, compileScenarios, compileCases, compileReasoning, compileEvolution, compileManifest, generateReadme, buildAssetIdentity, computeContentDigest };
+module.exports = { compileDomain, compileCore, compilePatterns, compileScenarios, compileCases, compileReasoning, compileEvolution, compileManifest, generateReadme, buildAssetIdentity, computeContentDigest, runSagGate: require('./source-authority-gate').runSagGate, runTcGate: require('./truth-charter-gate').runTcGate };

package/src/compile/source-authority-gate.js

@@ -0,0 +1,156 @@
+/**
+ * Source Authority Graph (SAG) compile gate for kdna-studio-core.
+ *
+ * Implements the SAG gate from RFC-0013 §3.1 / §9 #3.
+ *
+ * Behavior:
+ *   - Default mode: all rules are reported as WARNINGS (soft).
+ *   - Strict-authority mode: hard-rule violations become ERRORS.
+ *   - If no sourceAuthority provided, gate skips silently
+ *     (backwards-compatible: legacy workspaces without SAG pass through).
+ *
+ * Rules checked:
+ *   R1. precedence_order entries must all reference an existing source id.
+ *   R2. At least one source must have authority: "current_highest"
+ *       (when SAG is present; soft warning in default mode).
+ *   R3. authority/status consistency:
+ *         - authority: "deprecated" requires status: "deprecated"
+ *         - authority: "current_highest" requires status: "active"
+ *         - deprecated sources must not appear in precedence_order.
+ *   R4. In precedence_order (highest precedence first), the first
+ *       current_highest must not be preceded by any lower-authority
+ *       source.
+ *   R5. sources_contain_pii=true without author_consent_on_file is
+ *       a soft warning (we are not the consent authority).
+ *
+ * Output contract:
+ *   {
+ *     gate: 'source_authority',
+ *     status: 'skipped' | 'pass' | 'warn' | 'fail',
+ *     errors: [string, ...],   // strict-only; empty in default mode
+ *     warnings: [string, ...], // always populated for any rule
+ *     source_authority: object | null,
+ *     strict_authority: boolean
+ *   }
+ */
+
+const AUTHORITY_RANK = {
+  current_highest: 4,
+  thought_mine: 3,
+  historical_baseline: 2,
+  exemplar_case: 1,
+  deprecated: 0,
+};
+
+function isPlainObject(v) {
+  return v !== null && typeof v === 'object' && !Array.isArray(v);
+}
+
+function runSagGate(sourceAuthority, opts = {}) {
+  const strict = !!opts.strict;
+  const result = {
+    gate: 'source_authority',
+    status: 'skipped',
+    errors: [],
+    warnings: [],
+    source_authority: sourceAuthority || null,
+    strict_authority: strict,
+  };
+
+  if (!isPlainObject(sourceAuthority)) {
+    result.status = 'skipped';
+    result.warnings.push('No source_authority.json provided; SAG gate skipped.');
+    return result;
+  }
+
+  // R1. precedence_order references must be valid source ids.
+  const sources = Array.isArray(sourceAuthority.sources) ? sourceAuthority.sources : [];
+  const sourceIds = new Set();
+  for (const s of sources) {
+    if (isPlainObject(s) && typeof s.id === 'string') {
+      sourceIds.add(s.id);
+    }
+  }
+  const order = Array.isArray(sourceAuthority.precedence_order) ? sourceAuthority.precedence_order : [];
+  const missing = order.filter((id) => !sourceIds.has(id));
+  if (missing.length > 0) {
+    const msg = `source_authority.json: precedence_order references unknown source id(s): ${missing.join(', ')}.`;
+    if (strict) result.errors.push(msg);
+    else result.warnings.push(msg);
+  }
+
+  // R2. At least one current_highest source.
+  const highest = sources.filter(
+    (s) => isPlainObject(s) && s.authority === 'current_highest',
+  );
+  if (highest.length === 0) {
+    const msg = 'source_authority.json: no source has authority "current_highest"; at least one current_highest source is required to establish current authority.';
+    if (strict) result.errors.push(msg);
+    else result.warnings.push(msg);
+  }
+
+  // R3. authority/status consistency.
+  for (const s of sources) {
+    if (!isPlainObject(s)) continue;
+    if (s.authority === 'deprecated' && s.status !== 'deprecated') {
+      const msg = `source_authority.json: source "${s.id}" has authority "deprecated" but status is "${s.status}"; status MUST be "deprecated" when authority is "deprecated".`;
+      if (strict) result.errors.push(msg);
+      else result.warnings.push(msg);
+    }
+    if (s.authority === 'current_highest' && s.status !== 'active') {
+      const msg = `source_authority.json: source "${s.id}" has authority "current_highest" but status is "${s.status}"; status MUST be "active" for current_highest sources.`;
+      if (strict) result.errors.push(msg);
+      else result.warnings.push(msg);
+    }
+    if (s.authority === 'deprecated' && order.includes(s.id)) {
+      const msg = `source_authority.json: deprecated source "${s.id}" appears in precedence_order; deprecated sources cannot be authoritative precursors.`;
+      if (strict) result.errors.push(msg);
+      else result.warnings.push(msg);
+    }
+  }
+
+  // R4. In precedence_order, the first current_highest must not be
+  // preceded by any lower-authority source.
+  if (order.length > 0 && highest.length > 0) {
+    const firstHighestIdx = Math.min(
+      ...order
+        .map((id, i) => ({ id, i, isHighest: highest.some((h) => h.id === id) }))
+        .filter((e) => e.isHighest)
+        .map((e) => e.i),
+    );
+    if (Number.isFinite(firstHighestIdx)) {
+      for (let i = 0; i < firstHighestIdx; i++) {
+        const id = order[i];
+        const src = sources.find((s) => isPlainObject(s) && s.id === id);
+        if (!src) continue;
+        if (
+          AUTHORITY_RANK[src.authority] !== undefined &&
+          AUTHORITY_RANK[src.authority] < AUTHORITY_RANK.current_highest
+        ) {
+          const msg = `source_authority.json: lower-authority source "${src.id}" (${src.authority}) appears before current_highest in precedence_order; current_highest must override.`;
+          if (strict) result.errors.push(msg);
+          else result.warnings.push(msg);
+        }
+      }
+    }
+  }
+
+  // R5. PII without consent is a soft warning only.
+  const sensitivity = sourceAuthority.sensitivity || {};
+  if (sensitivity.sources_contain_pii === true && sensitivity.author_consent_on_file !== true) {
+    result.warnings.push(
+      'source_authority.json: sensitivity.sources_contain_pii is true but author_consent_on_file is not true; recording author consent is recommended before publishing.',
+    );
+  }
+
+  if (result.errors.length > 0) {
+    result.status = 'fail';
+  } else if (result.warnings.length > 0) {
+    result.status = 'warn';
+  } else {
+    result.status = 'pass';
+  }
+  return result;
+}
+
+module.exports = { runSagGate, AUTHORITY_RANK };

package/src/compile/truth-charter-gate.js

@@ -0,0 +1,157 @@
+/**
+ * Truth Charter (TC) compile gate for kdna-studio-core.
+ *
+ * Implements the TC gate from RFC-0013 §3.2 / §9 #3.
+ *
+ * Behavior:
+ *   - Default mode: WARNING only. Errors are downgraded to warnings.
+ *   - Strict-authority mode: ERROR for synthesized/draft/deprecated
+ *     tc_status; PASS only for tc_status: "locked".
+ *   - If no truthCharter provided, gate skips silently
+ *     (backwards-compatible: legacy workspaces without TC pass through).
+ *
+ * Rules checked:
+ *   R1. tc_status must be one of: draft / synthesized / locked / deprecated.
+ *   R2. tc_status: "synthesized" + strict-authority -> ERROR
+ *       (synthesized means no real author-locked truth; cannot be
+ *       officially published without explicit lock).
+ *   R3. tc_status: "deprecated" + strict-authority -> ERROR
+ *       (deprecated charters cannot govern new compilations).
+ *   R4. tc_status: "locked" requires locked_at and locked_by fields.
+ *   R5. renamed_terms: if renamed_terms are present and a
+ *       patterns.terminology is supplied, check that each old term is
+ *       either in banned_terms or its replacement is in standard_terms.
+ *       (Soft check; mismatches are warnings, not errors.)
+ *   R6. forbidden_simplifications: presence is recorded; we do NOT
+ *       perform LLM-based semantic verification (would require a
+ *       judgment call outside the gate's scope). Always PASS.
+ *
+ * Cross-file consistency (when both SAG and TC are supplied):
+ *   If sourceAuthority has any current_highest source of type
+ *   "human_locked_charter" and TC exists, TC.judgment_authority_holder
+ *   must be present and non-empty.
+ */
+
+const VALID_TC_STATUS = ['draft', 'synthesized', 'locked', 'deprecated'];
+
+function isPlainObject(v) {
+  return v !== null && typeof v === 'object' && !Array.isArray(v);
+}
+
+function runTcGate(truthCharter, opts = {}) {
+  const strict = !!opts.strict;
+  const sourceAuthority = opts.sourceAuthority || null;
+  const patterns = opts.patterns || null; // KDNA_Patterns.json content
+  const result = {
+    gate: 'truth_charter',
+    status: 'skipped',
+    errors: [],
+    warnings: [],
+    truth_charter: truthCharter || null,
+    strict_authority: strict,
+  };
+
+  if (!isPlainObject(truthCharter)) {
+    result.status = 'skipped';
+    result.warnings.push('No truth_charter.json provided; TC gate skipped.');
+    return result;
+  }
+
+  // R1. tc_status must be valid.
+  const tcStatus = truthCharter.tc_status;
+  if (!VALID_TC_STATUS.includes(tcStatus)) {
+    result.errors.push(
+      `truth_charter.json: tc_status "${tcStatus}" is not one of [${VALID_TC_STATUS.join(', ')}].`,
+    );
+    result.status = 'fail';
+    return result;
+  }
+
+  // R2. synthesized + strict -> ERROR.
+  if (tcStatus === 'synthesized') {
+    const msg = 'truth_charter.json: tc_status is "synthesized" (no author-locked truth); strict-authority requires "locked".';
+    if (strict) result.errors.push(msg);
+    else result.warnings.push(msg);
+  }
+
+  // R3. deprecated + strict -> ERROR.
+  if (tcStatus === 'deprecated') {
+    const msg = 'truth_charter.json: tc_status is "deprecated"; deprecated charters cannot govern new compilations under strict-authority.';
+    if (strict) result.errors.push(msg);
+    else result.warnings.push(msg);
+  }
+
+  // R4. locked requires locked_at and locked_by.
+  if (tcStatus === 'locked') {
+    if (!truthCharter.locked_at || !truthCharter.locked_by) {
+      result.errors.push(
+        'truth_charter.json: tc_status is "locked" but locked_at or locked_by is missing.',
+      );
+    }
+  }
+
+  // R5. renamed_terms soft check against patterns.terminology.
+  // Only fires when the project's terminology actually has content; an
+  // empty terminology (from a card-only project) is treated as
+  // "not yet declared" and the soft check is skipped.
+  if (
+    Array.isArray(truthCharter.renamed_terms) &&
+    isPlainObject(patterns) &&
+    isPlainObject(patterns.terminology) &&
+    (Array.isArray(patterns.terminology.standard_terms) && patterns.terminology.standard_terms.length > 0 ||
+      Array.isArray(patterns.terminology.banned_terms) && patterns.terminology.banned_terms.length > 0)
+  ) {
+    const term = patterns.terminology;
+    const banned = new Set(
+      Array.isArray(term.banned_terms) ? term.banned_terms.map((t) => t && t.term).filter(Boolean) : [],
+    );
+    const standard = new Set(
+      Array.isArray(term.standard_terms) ? term.standard_terms.map((t) => t && t.term).filter(Boolean) : [],
+    );
+    for (const r of truthCharter.renamed_terms) {
+      if (!isPlainObject(r)) continue;
+      const oldName = r.old;
+      const newName = r.new;
+      const oldBanned = oldName && banned.has(oldName);
+      const newStandard = newName && standard.has(newName);
+      if (oldName && !oldBanned) {
+        result.warnings.push(
+          `truth_charter.json renamed_terms: old term "${oldName}" is not in KDNA_Patterns.json.terminology.banned_terms; consider adding it to make the rename enforceable.`,
+        );
+      }
+      if (newName && !newStandard) {
+        result.warnings.push(
+          `truth_charter.json renamed_terms: new term "${newName}" is not in KDNA_Patterns.json.terminology.standard_terms; consider adding it.`,
+        );
+      }
+    }
+  }
+
+  // Cross-file consistency: SAG has human_locked_charter current_highest
+  // => TC.judgment_authority_holder must be present and non-empty.
+  if (sourceAuthority && isPlainObject(sourceAuthority)) {
+    const sources = Array.isArray(sourceAuthority.sources) ? sourceAuthority.sources : [];
+    const hasHumanLockedCharter = sources.some(
+      (s) => isPlainObject(s) && s.authority === 'current_highest' && s.type === 'human_locked_charter',
+    );
+    if (hasHumanLockedCharter) {
+      const holder = truthCharter.judgment_authority_holder;
+      if (!holder || (typeof holder === 'string' && holder.trim() === '')) {
+        const msg = 'truth_charter.json: SAG has a current_highest source of type human_locked_charter, but TC.judgment_authority_holder is missing or empty; cross-file consistency requires both.';
+        if (strict) result.errors.push(msg);
+        else result.warnings.push(msg);
+      }
+    }
+  }
+
+  if (result.errors.length > 0) {
+    result.status = 'fail';
+  } else if (result.warnings.length > 0) {
+    result.status = 'warn';
+  } else {
+    result.status = 'pass';
+  }
+  return result;
+}
+
+module.exports = { runTcGate, VALID_TC_STATUS };

package/src/creator-identity.js

@@ -34,9 +34,10 @@ function creatorFingerprint(publicKeyPem) {
 
 /**
  * Generate a new Ed25519 keypair and persist to identityDir.
- * Returns the creator identity object. Does NOT overwrite existing keys.
+ * If passphrase is provided, the private key is encrypted with AES-256-GCM
+ * (key derived via PBKDF2-SHA256). Without passphrase, plaintext with 0o600.
  */
-function initIdentity(displayName, identityDir = null) {
+function initIdentity(displayName, identityDir = null, passphrase = null) {
   const dir = identityDir || defaultIdentityDir();
   fs.mkdirSync(dir, { recursive: true });
 
@@ -55,7 +56,11 @@ function initIdentity(displayName, identityDir = null) {
     privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
   });
 
-  fs.writeFileSync(privateKeyPath, privateKey, { mode: 0o600 });
+  const privateKeyData = passphrase
+    ? encryptPrivateKey(privateKey, passphrase)
+    : privateKey;
+
+  fs.writeFileSync(privateKeyPath, privateKeyData, { mode: 0o600 });
   fs.writeFileSync(publicKeyPath, publicKey, { mode: 0o644 });
 
   const creatorId = creatorFingerprint(publicKey);
@@ -67,6 +72,7 @@ function initIdentity(displayName, identityDir = null) {
     identity_dir: dir,
     created_at: new Date().toISOString(),
     verified: false,
+    encrypted: !!passphrase,
   };
 
   fs.writeFileSync(identityJsonPath, JSON.stringify(identity, null, 2), { mode: 0o644 });
@@ -106,8 +112,9 @@ function loadIdentity(identityDir = null) {
 /**
  * Sign a payload with the creator's Ed25519 private key.
  * Returns the signature in "ed25519:<hex>" format.
+ * If the key is encrypted, passphrase is required.
  */
-function signPayload(payload, identityDir = null) {
+function signPayload(payload, identityDir = null, passphrase = null) {
   const dir = identityDir || defaultIdentityDir();
   const privateKeyPath = path.join(dir, PRIVATE_KEY_FILE);
 
@@ -117,21 +124,134 @@ function signPayload(payload, identityDir = null) {
     );
   }
 
-  const privateKeyPem = fs.readFileSync(privateKeyPath, 'utf8');
+  let privateKeyPem = fs.readFileSync(privateKeyPath, 'utf8');
+  if (isEncryptedKey(privateKeyPem)) {
+    if (!passphrase) throw new Error('Private key is encrypted. Provide --passphrase to sign.');
+    privateKeyPem = decryptPrivateKey(privateKeyPem, passphrase);
+  }
+
   const data = Buffer.isBuffer(payload) ? payload : Buffer.from(String(payload));
   const sig = crypto.sign(null, data, privateKeyPem);
   return `ed25519:${sig.toString('hex')}`;
 }
 
 /**
- * Sign a Human Lock payload — creates a deterministic signable string from
- * the lock context and returns the signature.
- *
- * Payload: `${cardId}\n${statement}\n${judgmentFingerprint}`
+ * Sign a Human Lock payload.
+ * If the key is encrypted, passphrase is required.
  */
-function signHumanLock(cardId, statement, judgmentFingerprint, identityDir = null) {
+function signHumanLock(cardId, statement, judgmentFingerprint, identityDir = null, passphrase = null) {
   const lockPayload = [cardId, statement, judgmentFingerprint].join('\n');
-  return signPayload(lockPayload, identityDir);
+  return signPayload(lockPayload, identityDir, passphrase);
+}
+
+// ── Private Key Encryption ────────────────────────────────────────
+
+function encryptPrivateKey(pem, passphrase) {
+  const salt = crypto.randomBytes(16);
+  const key = crypto.pbkdf2Sync(passphrase, salt, 100000, 32, 'sha256');
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  const ciphertext = Buffer.concat([cipher.update(Buffer.from(pem)), cipher.final()]);
+  return JSON.stringify({
+    encrypted: true,
+    kdf: 'pbkdf2-sha256',
+    iterations: 100000,
+    salt: salt.toString('base64'),
+    iv: iv.toString('base64'),
+    tag: cipher.getAuthTag().toString('base64'),
+    ciphertext: ciphertext.toString('base64'),
+  });
+}
+
+function decryptPrivateKey(envelope, passphrase) {
+  const env = typeof envelope === 'string' ? JSON.parse(envelope) : envelope;
+  if (!env.encrypted) throw new Error('Private key is not encrypted');
+  const key = crypto.pbkdf2Sync(passphrase, Buffer.from(env.salt, 'base64'), env.iterations, 32, 'sha256');
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(env.iv, 'base64'));
+  decipher.setAuthTag(Buffer.from(env.tag, 'base64'));
+  try {
+    return Buffer.concat([decipher.update(Buffer.from(env.ciphertext, 'base64')), decipher.final()]).toString('utf8');
+  } catch (e) {
+    if (e.code === 'ERR_OSSL_EVP_BAD_DECRYPT' || e.message.includes('bad decrypt')) {
+      throw new Error('Wrong passphrase — cannot decrypt private key.');
+    }
+    throw e;
+  }
+}
+
+function isEncryptedKey(content) {
+  try { const o = JSON.parse(content); return o.encrypted === true; }
+  catch { return false; }
+}
+
+// ── Key Rotation ────────────────────────────────────────────────
+
+/**
+ * Rotate the creator's private key. Generates a new Ed25519 keypair,
+ * signs the rotation event with the old key, and saves both.
+ * The old public key is recorded in creator.json under previous_keys.
+ */
+function rotateIdentity(passphrase = null, identityDir = null) {
+  const identity = loadIdentity(identityDir);
+  if (!identity) throw new Error('No identity found. Run identity init first.');
+
+  const dir = identityDir || defaultIdentityDir();
+  const oldPrivPath = path.join(dir, PRIVATE_KEY_FILE);
+  const oldPubPath = path.join(dir, PUBLIC_KEY_FILE);
+
+  if (!fs.existsSync(oldPrivPath) || !fs.existsSync(oldPubPath)) {
+    throw new Error('Key files not found for rotation.');
+  }
+
+  // Decrypt old key if needed
+  let oldPrivatePem = fs.readFileSync(oldPrivPath, 'utf8');
+  if (isEncryptedKey(oldPrivatePem)) {
+    if (!passphrase) throw new Error('Private key is encrypted. Provide passphrase to rotate.');
+    oldPrivatePem = decryptPrivateKey(oldPrivatePem, passphrase);
+  }
+
+  // Generate new keypair
+  const { publicKey: newPub, privateKey: newPriv } = crypto.generateKeyPairSync('ed25519', {
+    publicKeyEncoding: { type: 'spki', format: 'pem' },
+    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+  });
+
+  // Sign rotation event with old key
+  const rotationPayload = [
+    identity.creator_id,
+    creatorFingerprint(newPub),
+    new Date().toISOString(),
+  ].join('\n');
+  const rotationSig = `ed25519:${crypto.sign(null, Buffer.from(rotationPayload), oldPrivatePem).toString('hex')}`;
+
+  // Save new keypair
+  const newPrivData = passphrase ? encryptPrivateKey(newPriv, passphrase) : newPriv;
+  fs.writeFileSync(oldPrivPath, newPrivData, { mode: 0o600 });
+  fs.writeFileSync(oldPubPath, newPub, { mode: 0o644 });
+
+  // Update identity record
+  const newCreatorId = creatorFingerprint(newPub);
+  const identityJson = path.join(dir, IDENTITY_JSON_FILE);
+  let idData = {};
+  try { idData = JSON.parse(fs.readFileSync(identityJson, 'utf8')); } catch {}
+
+  const previousKeys = idData.previous_keys || [];
+  previousKeys.push({
+    creator_id: identity.creator_id,
+    public_key: identity.public_key,
+    rotated_at: new Date().toISOString(),
+    rotation_signature: rotationSig,
+  });
+
+  idData.creator_id = newCreatorId;
+  idData.public_key = newPub;
+  idData.rotated_at = new Date().toISOString();
+  idData.encrypted = !!passphrase;
+  idData.previous_keys = previousKeys;
+
+  fs.writeFileSync(identityJson, JSON.stringify(idData, null, 2), { mode: 0o644 });
+
+  return { ...idData, creator_id: newCreatorId };
 }
 
 /**
@@ -160,5 +280,8 @@ module.exports = {
   loadPublicKey,
   privateKeyPath,
   defaultIdentityDir,
+  encryptPrivateKey,
+  decryptPrivateKey,
+  isEncryptedKey,
   CREATOR_ID_PREFIX,
 };

package/src/distillation/index.js

@@ -0,0 +1,268 @@
+// Domain-First Distillation — Core API
+// Aligned with SOURCE_DISTILLATION_CONTRACT.md v0.2
+
+// ─── Domain Taxonomy ───────────────────────────────────────────────
+
+const DOMAIN_CATEGORIES = Object.freeze({
+  expression_writing: {
+    id: 'expression_writing',
+    displayName: 'Expression & Writing',
+    examples: ['writing_style', 'blog_voice', 'social_media_tone', 'article_structure'],
+  },
+  aesthetic_creation: {
+    id: 'aesthetic_creation',
+    displayName: 'Aesthetic & Creation',
+    examples: ['visual_design', 'video_rhythm', 'cover_art', 'brand_aesthetics'],
+  },
+  professional_field: {
+    id: 'professional_field',
+    displayName: 'Professional Field',
+    examples: ['legal_judgment', 'medical_diagnosis', 'education_standards'],
+  },
+  decision_preference: {
+    id: 'decision_preference',
+    displayName: 'Decision Preference',
+    examples: ['product_decisions', 'investment_criteria', 'prioritization_methods'],
+  },
+  communication_style: {
+    id: 'communication_style',
+    displayName: 'Communication Style',
+    examples: ['client_communication', 'team_management', 'conflict_handling'],
+  },
+  workflow_process: {
+    id: 'workflow_process',
+    displayName: 'Workflow & Process',
+    examples: ['project_reviews', 'meeting_standards', 'sales_followups'],
+  },
+  life_preference: {
+    id: 'life_preference',
+    displayName: 'Life Preference',
+    examples: ['schedule_preferences', 'learning_habits', 'consumption_choices'],
+  },
+  team_organization: {
+    id: 'team_organization',
+    displayName: 'Team & Organization',
+    examples: ['team_brand', 'hiring_criteria', 'service_standards'],
+  },
+});
+
+const OWNER_SCOPES = Object.freeze({
+  personal: {
+    id: 'personal',
+    displayName: 'Personal',
+    description: 'One person\'s individual standards. Extracts personal preferences, boundaries, taste.',
+  },
+  team: {
+    id: 'team',
+    displayName: 'Team',
+    description: 'Shared team conventions. Extracts team-wide standards, agreed practices.',
+  },
+  organization: {
+    id: 'organization',
+    displayName: 'Organization',
+    description: 'Company/organization policies. Extracts organizational values, compliance boundaries.',
+  },
+  field: {
+    id: 'field',
+    displayName: 'Industry / Field',
+    description: 'Industry/profession-wide. Extracts domain expertise beyond any single practitioner.',
+  },
+});
+
+const GRANULARITY_LEVELS = Object.freeze({
+  core_principles: {
+    id: 'core_principles',
+    displayName: 'Core Principles',
+    description: 'High-level axioms and boundaries. Foundational beliefs, what the person consistently prioritizes and rejects.',
+  },
+  concrete_patterns: {
+    id: 'concrete_patterns',
+    displayName: 'Concrete Patterns',
+    description: 'Recurring decision patterns. Specific rules and detectable habits.',
+  },
+  specific_scenarios: {
+    id: 'specific_scenarios',
+    displayName: 'Specific Scenarios',
+    description: 'Scenario-level triggers. Context-specific judgment triggers and responses.',
+  },
+});
+
+const EVIDENCE_RELEVANCE = Object.freeze({
+  relevant: { id: 'relevant', label: 'Relevant' },
+  weakly_relevant: { id: 'weakly_relevant', label: 'Weakly Relevant' },
+  out_of_scope: { id: 'out_of_scope', label: 'Out of Scope' },
+  split_domain: { id: 'split_domain', label: 'Split Domain' },
+});
+
+// ─── Distillation Target ───────────────────────────────────────────
+
+function createDistillationTarget({
+  domainName,
+  domainCategory = 'expression_writing',
+  ownerScope = 'personal',
+  granularity = 'core_principles',
+  taskScope = '',
+  includeAreas = [],
+  excludeAreas = [],
+  loadCondition = '',
+}) {
+  if (!domainName || typeof domainName !== 'string') {
+    throw new Error('domainName is required');
+  }
+  if (!DOMAIN_CATEGORIES[domainCategory]) {
+    throw new Error(`Invalid domainCategory: ${domainCategory}. Must be one of: ${Object.keys(DOMAIN_CATEGORIES).join(', ')}`);
+  }
+  if (!OWNER_SCOPES[ownerScope]) {
+    throw new Error(`Invalid ownerScope: ${ownerScope}`);
+  }
+  if (!GRANULARITY_LEVELS[granularity]) {
+    throw new Error(`Invalid granularity: ${granularity}`);
+  }
+
+  return {
+    id: `tgt_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
+    domain_name: domainName,
+    domain_category: domainCategory,
+    owner_scope: ownerScope,
+    granularity,
+    task_scope: taskScope,
+    include_areas: includeAreas,
+    exclude_areas: excludeAreas,
+    load_condition: loadCondition || `Load when the task involves ${DOMAIN_CATEGORIES[domainCategory].displayName.toLowerCase()} judgment.`,
+    declared_at: new Date().toISOString(),
+  };
+}
+
+function validateDistillationTarget(target) {
+  const errors = [];
+  if (!target || !target.domain_name) errors.push('domain_name is required');
+  if (!DOMAIN_CATEGORIES[target.domain_category]) errors.push(`invalid domain_category: ${target.domain_category}`);
+  if (!OWNER_SCOPES[target.owner_scope]) errors.push(`invalid owner_scope: ${target.owner_scope}`);
+  if (!GRANULARITY_LEVELS[target.granularity]) errors.push(`invalid granularity: ${target.granularity}`);
+  if (!target.task_scope || target.task_scope.trim().length === 0) errors.push('task_scope is required');
+  return { valid: errors.length === 0, errors };
+}
+
+function targetScopeDescription(target) {
+  const cat = DOMAIN_CATEGORIES[target.domain_category];
+  const scope = OWNER_SCOPES[target.owner_scope];
+  const gran = GRANULARITY_LEVELS[target.granularity];
+  return `Domain: ${cat.displayName}. Scope: ${scope.displayName}. Granularity: ${gran.displayName}. Task: ${target.task_scope}. ${target.load_condition}`;
+}
+
+// ─── Scope Gate ────────────────────────────────────────────────────
+
+function applyScopeGate(candidate, target) {
+  const text = `${candidate.one_sentence || ''} ${candidate.full_statement || ''}`.toLowerCase();
+  const domainWords = [target.domain_category, ...(target.include_areas || [])];
+
+  let scopeFit = true;
+  let relevanceScore = 50;
+  let relevanceEvidence = null;
+  let suggestedSplitDomain = null;
+
+  const domainMatch = domainWords.some(w => text.includes(w.toLowerCase()));
+  const excludeMatch = (target.exclude_areas || []).some(w => text.includes(w.toLowerCase()));
+
+  if (domainMatch && !excludeMatch) {
+    scopeFit = true;
+    relevanceScore = 80;
+  } else if (!domainMatch && (target.include_areas || []).length > 0) {
+    scopeFit = false;
+    relevanceScore = 20;
+    relevanceEvidence = 'No match with declared include areas';
+  } else if (excludeMatch) {
+    scopeFit = false;
+    relevanceScore = 10;
+    relevanceEvidence = 'Matched exclude area';
+  }
+
+  if (!scopeFit) {
+    for (const [catId, cat] of Object.entries(DOMAIN_CATEGORIES)) {
+      if (catId !== target.domain_category) {
+        if (text.includes(catId) || text.includes(cat.displayName.toLowerCase())) {
+          suggestedSplitDomain = cat.displayName;
+          break;
+        }
+      }
+    }
+  }
+
+  return {
+    ...candidate,
+    scope_fit: scopeFit,
+    domain_relevance_score: relevanceScore,
+    relevance_evidence: relevanceEvidence,
+    suggested_split_domain: suggestedSplitDomain,
+  };
+}
+
+function candidateStatusSummary(candidates) {
+  let proposed = 0, accepted = 0, rejected = 0, modified = 0, blocked = 0, outOfScope = 0;
+  for (const c of candidates) {
+    if (c.sensitive_content_flag) { blocked++; continue; }
+    if (!c.scope_fit) { outOfScope++; }
+    switch (c.status || c.candidate_status) {
+      case 'proposed': proposed++; break;
+      case 'accepted': accepted++; break;
+      case 'rejected': rejected++; break;
+      case 'modified': modified++; break;
+    }
+  }
+  return { proposed, accepted, rejected, modified, blocked, outOfScope };
+}
+
+// ─── Sensitive Inference Filter ────────────────────────────────────
+
+const SENSITIVE_KEYWORDS = {
+  identity: [
+    'gender identity', 'sexual orientation', 'ethnicity', 'race', 'racial',
+    '性别认同', '性取向', '种族', '民族',
+  ],
+  health: [
+    'medical condition', 'mental health', 'disability', 'diagnosis', 'medication', 'therapy', 'treatment',
+    '疾病', '病史', '诊断', '药物', '治疗', '心理疾病', '精神健康', '残疾', '残障',
+  ],
+  political: [
+    'political affiliation', 'voting', 'activist', 'party member',
+    '政治立场', '党派', '党员', '政治倾向',
+  ],
+  religious: [
+    'religious belief', 'faith', 'church', 'prayer', 'worship', 'spiritual practice',
+    '宗教信仰', '教会', '祈祷', '礼拜', '信教',
+  ],
+  financial: [
+    'income', 'net worth', 'salary', 'debt', 'bank account', 'savings amount',
+    '收入', '工资', '存款', '负债', '资产净值', '银行卡号', '账户余额',
+  ],
+  intimate: [
+    'relationship status', 'marriage', 'divorce', 'family structure',
+    '婚姻状况', '离婚', '家庭结构', '感情状况', '亲密关系',
+  ],
+};
+
+function checkSensitiveContent(text) {
+  const lower = text.toLowerCase();
+  for (const [domain, keywords] of Object.entries(SENSITIVE_KEYWORDS)) {
+    for (const keyword of keywords) {
+      if (lower.includes(keyword.toLowerCase())) {
+        return { flagged: true, reason: `May involve sensitive domain: ${domain}` };
+      }
+    }
+  }
+  return { flagged: false, reason: null };
+}
+
+module.exports = {
+  DOMAIN_CATEGORIES,
+  OWNER_SCOPES,
+  GRANULARITY_LEVELS,
+  EVIDENCE_RELEVANCE,
+  SENSITIVE_KEYWORDS,
+  createDistillationTarget,
+  validateDistillationTarget,
+  targetScopeDescription,
+  applyScopeGate,
+  candidateStatusSummary,
+  checkSensitiveContent,
+};

package/src/index.js

@@ -30,6 +30,7 @@ const provenance = require('./provenance');
 const quality = require('./quality');
 const testlab = require('./testlab');
 const versioning = require('./versioning');
+const distillation = require('./distillation');
 const feynman = require('./cards/feynman');
 const contradiction = require('./quality/contradiction');
 const validateCards = require('./quality/validate-cards');
@@ -46,6 +47,7 @@ module.exports = {
   governance,
   i18n,
   creator: creatorIdentity,
+  distillation,
 
   // Experimental
   evidence,