@auxiora/autonomy 1.0.0

package/tests/audit-trail.test.ts

@@ -0,0 +1,167 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { ActionAuditTrail } from '../src/audit-trail.js';
+
+describe('ActionAuditTrail', () => {
+  let tmpDir: string;
+  let filePath: string;
+  let trail: ActionAuditTrail;
+
+  beforeEach(async () => {
+    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'audit-trail-'));
+    filePath = path.join(tmpDir, 'audit.json');
+    trail = new ActionAuditTrail(filePath);
+    await trail.load();
+  });
+
+  afterEach(async () => {
+    await fs.rm(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should record an audit entry', async () => {
+    const entry = await trail.record({
+      trustLevel: 2,
+      domain: 'messaging',
+      intent: 'Send message',
+      plan: 'Send via Slack',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'User requested message send',
+      rollbackAvailable: false,
+    });
+
+    expect(entry.id).toBeTruthy();
+    expect(entry.timestamp).toBeGreaterThan(0);
+    expect(entry.domain).toBe('messaging');
+  });
+
+  it('should retrieve by id', async () => {
+    const entry = await trail.record({
+      trustLevel: 1,
+      domain: 'web',
+      intent: 'Browse',
+      plan: 'Open URL',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: false,
+    });
+
+    const found = trail.getById(entry.id);
+    expect(found).toEqual(entry);
+  });
+
+  it('should return undefined for unknown id', () => {
+    expect(trail.getById('nonexistent')).toBeUndefined();
+  });
+
+  it('should query by domain', async () => {
+    await trail.record({
+      trustLevel: 1,
+      domain: 'web',
+      intent: 'Browse',
+      plan: 'Open URL',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: false,
+    });
+    await trail.record({
+      trustLevel: 2,
+      domain: 'files',
+      intent: 'Write file',
+      plan: 'Create file',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: false,
+    });
+
+    const webEntries = trail.query({ domain: 'web' });
+    expect(webEntries).toHaveLength(1);
+    expect(webEntries[0].domain).toBe('web');
+  });
+
+  it('should query by outcome', async () => {
+    await trail.record({
+      trustLevel: 1,
+      domain: 'web',
+      intent: 'Browse',
+      plan: 'Open URL',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: false,
+    });
+    await trail.record({
+      trustLevel: 1,
+      domain: 'web',
+      intent: 'Browse',
+      plan: 'Open URL',
+      executed: false,
+      outcome: 'failure',
+      reasoning: 'Blocked',
+      rollbackAvailable: false,
+    });
+
+    const failures = trail.query({ outcome: 'failure' });
+    expect(failures).toHaveLength(1);
+  });
+
+  it('should query with limit', async () => {
+    for (let i = 0; i < 5; i++) {
+      await trail.record({
+        trustLevel: 1,
+        domain: 'web',
+        intent: `Action ${i}`,
+        plan: 'Plan',
+        executed: true,
+        outcome: 'success',
+        reasoning: 'Test',
+        rollbackAvailable: false,
+      });
+    }
+
+    const limited = trail.query({ limit: 3 });
+    expect(limited).toHaveLength(3);
+  });
+
+  it('should mark as rolled back', async () => {
+    const entry = await trail.record({
+      trustLevel: 2,
+      domain: 'files',
+      intent: 'Delete file',
+      plan: 'Remove /tmp/test',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Cleanup',
+      rollbackAvailable: true,
+    });
+
+    const result = await trail.markRolledBack(entry.id);
+    expect(result).toBe(true);
+
+    const updated = trail.getById(entry.id);
+    expect(updated?.outcome).toBe('rolled_back');
+    expect(updated?.rollbackAvailable).toBe(false);
+  });
+
+  it('should persist and reload entries', async () => {
+    await trail.record({
+      trustLevel: 1,
+      domain: 'web',
+      intent: 'Browse',
+      plan: 'Open URL',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: false,
+    });
+
+    const trail2 = new ActionAuditTrail(filePath);
+    await trail2.load();
+    expect(trail2.getAll()).toHaveLength(1);
+  });
+});

package/tests/rollback.test.ts

@@ -0,0 +1,135 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { ActionAuditTrail } from '../src/audit-trail.js';
+import { RollbackManager } from '../src/rollback.js';
+
+describe('RollbackManager', () => {
+  let tmpDir: string;
+  let trail: ActionAuditTrail;
+  let rollback: RollbackManager;
+
+  beforeEach(async () => {
+    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'rollback-'));
+    trail = new ActionAuditTrail(path.join(tmpDir, 'audit.json'));
+    await trail.load();
+    rollback = new RollbackManager(trail);
+  });
+
+  afterEach(async () => {
+    await fs.rm(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should report rollback availability', async () => {
+    const entry = await trail.record({
+      trustLevel: 2,
+      domain: 'files',
+      intent: 'Delete file',
+      plan: 'rm /tmp/test',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'User requested',
+      rollbackAvailable: true,
+    });
+
+    expect(rollback.canRollback(entry.id)).toBe(true);
+  });
+
+  it('should return false for non-rollbackable actions', async () => {
+    const entry = await trail.record({
+      trustLevel: 1,
+      domain: 'messaging',
+      intent: 'Send message',
+      plan: 'Send via Slack',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Sent',
+      rollbackAvailable: false,
+    });
+
+    expect(rollback.canRollback(entry.id)).toBe(false);
+  });
+
+  it('should return false for unknown audit id', () => {
+    expect(rollback.canRollback('nonexistent')).toBe(false);
+  });
+
+  it('should perform rollback', async () => {
+    const entry = await trail.record({
+      trustLevel: 2,
+      domain: 'files',
+      intent: 'Create file',
+      plan: 'Write to /tmp/test',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'User requested',
+      rollbackAvailable: true,
+    });
+
+    const result = await rollback.rollback(entry.id);
+    expect(result.success).toBe(true);
+
+    // Should not be rollbackable anymore
+    expect(rollback.canRollback(entry.id)).toBe(false);
+  });
+
+  it('should fail rollback for non-existent entry', async () => {
+    const result = await rollback.rollback('nonexistent');
+    expect(result.success).toBe(false);
+    expect(result.error).toBe('Audit entry not found');
+  });
+
+  it('should fail rollback for non-rollbackable entry', async () => {
+    const entry = await trail.record({
+      trustLevel: 1,
+      domain: 'messaging',
+      intent: 'Send message',
+      plan: 'Send',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Sent',
+      rollbackAvailable: false,
+    });
+
+    const result = await rollback.rollback(entry.id);
+    expect(result.success).toBe(false);
+    expect(result.error).toBe('Rollback not available for this action');
+  });
+
+  it('should fail double rollback', async () => {
+    const entry = await trail.record({
+      trustLevel: 2,
+      domain: 'files',
+      intent: 'Create file',
+      plan: 'Write',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: true,
+    });
+
+    await rollback.rollback(entry.id);
+    const result = await rollback.rollback(entry.id);
+    expect(result.success).toBe(false);
+    expect(result.error).toBe('Action already rolled back');
+  });
+
+  it('should return rollback history', async () => {
+    const entry = await trail.record({
+      trustLevel: 2,
+      domain: 'files',
+      intent: 'Create file',
+      plan: 'Write',
+      executed: true,
+      outcome: 'success',
+      reasoning: 'Test',
+      rollbackAvailable: true,
+    });
+
+    await rollback.rollback(entry.id);
+    const history = rollback.getHistory();
+    expect(history).toHaveLength(1);
+    expect(history[0].outcome).toBe('rolled_back');
+  });
+});

package/tests/trust-engine.test.ts

@@ -0,0 +1,182 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { TrustEngine } from '../src/trust-engine.js';
+import type { TrustLevel } from '../src/types.js';
+
+describe('TrustEngine', () => {
+  let tmpDir: string;
+  let statePath: string;
+  let engine: TrustEngine;
+
+  beforeEach(async () => {
+    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'trust-engine-'));
+    statePath = path.join(tmpDir, 'trust-state.json');
+    engine = new TrustEngine({ defaultLevel: 0 }, statePath);
+    await engine.load();
+  });
+
+  afterEach(async () => {
+    await fs.rm(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should start with default trust level', () => {
+    expect(engine.getTrustLevel('messaging')).toBe(0);
+    expect(engine.getTrustLevel('files')).toBe(0);
+    expect(engine.getTrustLevel('shell')).toBe(0);
+  });
+
+  it('should return all levels', () => {
+    const levels = engine.getAllLevels();
+    expect(levels.messaging).toBe(0);
+    expect(levels.files).toBe(0);
+    expect(Object.keys(levels).length).toBeGreaterThanOrEqual(9);
+  });
+
+  it('should set trust level manually', async () => {
+    await engine.setTrustLevel('messaging', 3, 'User approved');
+    expect(engine.getTrustLevel('messaging')).toBe(3);
+  });
+
+  it('should record a promotion when level increases', async () => {
+    await engine.setTrustLevel('web', 2, 'Good behavior');
+    const promotions = engine.getPromotions();
+    expect(promotions).toHaveLength(1);
+    expect(promotions[0].domain).toBe('web');
+    expect(promotions[0].fromLevel).toBe(0);
+    expect(promotions[0].toLevel).toBe(2);
+    expect(promotions[0].automatic).toBe(false);
+  });
+
+  it('should record a demotion when level decreases', async () => {
+    await engine.setTrustLevel('shell', 3, 'Initial');
+    await engine.setTrustLevel('shell', 1, 'Bad behavior');
+    const demotions = engine.getDemotions();
+    expect(demotions).toHaveLength(1);
+    expect(demotions[0].fromLevel).toBe(3);
+    expect(demotions[0].toLevel).toBe(1);
+  });
+
+  it('should not change when setting same level', async () => {
+    await engine.setTrustLevel('messaging', 0, 'No change');
+    expect(engine.getPromotions()).toHaveLength(0);
+    expect(engine.getDemotions()).toHaveLength(0);
+  });
+
+  it('should check permission correctly', async () => {
+    await engine.setTrustLevel('files', 2, 'Set level');
+    expect(engine.checkPermission('files', 2)).toBe(true);
+    expect(engine.checkPermission('files', 1)).toBe(true);
+    expect(engine.checkPermission('files', 3)).toBe(false);
+  });
+
+  it('should auto-demote after consecutive failures', async () => {
+    await engine.setTrustLevel('web', 2, 'Initial');
+
+    // Record failures up to demotion threshold (default 3)
+    await engine.recordOutcome('web', false);
+    await engine.recordOutcome('web', false);
+    const result = await engine.recordOutcome('web', false);
+
+    expect(result).not.toBeNull();
+    expect(engine.getTrustLevel('web')).toBe(1);
+  });
+
+  it('should reset failure count on success', async () => {
+    await engine.setTrustLevel('web', 2, 'Initial');
+
+    await engine.recordOutcome('web', false);
+    await engine.recordOutcome('web', false);
+    await engine.recordOutcome('web', true); // Resets failures
+
+    await engine.recordOutcome('web', false);
+    await engine.recordOutcome('web', false);
+
+    // Should still be at level 2 since failures were reset
+    expect(engine.getTrustLevel('web')).toBe(2);
+  });
+
+  it('should auto-promote after enough successes', async () => {
+    engine = new TrustEngine(
+      { defaultLevel: 0, autoPromote: true, promotionThreshold: 3, autoPromoteCeiling: 3 },
+      statePath,
+    );
+    await engine.load();
+
+    await engine.recordOutcome('messaging', true);
+    await engine.recordOutcome('messaging', true);
+    const result = await engine.recordOutcome('messaging', true);
+
+    expect(result).not.toBeNull();
+    expect(engine.getTrustLevel('messaging')).toBe(1);
+  });
+
+  it('should not auto-promote above ceiling', async () => {
+    engine = new TrustEngine(
+      { defaultLevel: 0, autoPromote: true, promotionThreshold: 1, autoPromoteCeiling: 2 },
+      statePath,
+    );
+    await engine.load();
+
+    // Promote 0 -> 1
+    await engine.recordOutcome('messaging', true);
+    expect(engine.getTrustLevel('messaging')).toBe(1);
+
+    // Promote 1 -> 2
+    await engine.recordOutcome('messaging', true);
+    expect(engine.getTrustLevel('messaging')).toBe(2);
+
+    // Should NOT promote above ceiling
+    await engine.recordOutcome('messaging', true);
+    expect(engine.getTrustLevel('messaging')).toBe(2);
+  });
+
+  it('should not auto-promote when disabled', async () => {
+    engine = new TrustEngine(
+      { defaultLevel: 0, autoPromote: false, promotionThreshold: 1 },
+      statePath,
+    );
+    await engine.load();
+
+    await engine.recordOutcome('messaging', true);
+    await engine.recordOutcome('messaging', true);
+    expect(engine.getTrustLevel('messaging')).toBe(0);
+  });
+
+  it('should persist and reload state', async () => {
+    await engine.setTrustLevel('shell', 3, 'Set level');
+    await engine.save();
+
+    const engine2 = new TrustEngine({}, statePath);
+    await engine2.load();
+
+    expect(engine2.getTrustLevel('shell')).toBe(3);
+  });
+
+  it('should demote explicitly', async () => {
+    await engine.setTrustLevel('finance', 3, 'Initial');
+    const result = await engine.demote('finance', 'User requested');
+
+    expect(result).not.toBeNull();
+    expect(result!.fromLevel).toBe(3);
+    expect(result!.toLevel).toBe(2);
+    expect(engine.getTrustLevel('finance')).toBe(2);
+  });
+
+  it('should return null when demoting from level 0', async () => {
+    const result = await engine.demote('messaging', 'Already at zero');
+    expect(result).toBeNull();
+  });
+
+  it('should return evidence', async () => {
+    await engine.recordOutcome('web', true);
+    await engine.recordOutcome('web', true);
+    await engine.recordOutcome('web', false);
+
+    const ev = engine.getEvidence('web');
+    expect(ev.successes).toBe(2); // Not reset on failure
+    expect(ev.failures).toBe(1);
+    expect(ev.lastActionAt).toBeGreaterThan(0);
+  });
+});

package/tests/trust-gate.test.ts

@@ -0,0 +1,54 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { TrustEngine } from '../src/trust-engine.js';
+import { TrustGate } from '../src/trust-gate.js';
+
+describe('TrustGate', () => {
+  let tmpDir: string;
+  let engine: TrustEngine;
+  let gate: TrustGate;
+
+  beforeEach(async () => {
+    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'trust-gate-'));
+    engine = new TrustEngine({ defaultLevel: 0 }, path.join(tmpDir, 'state.json'));
+    await engine.load();
+    gate = new TrustGate(engine);
+  });
+
+  afterEach(async () => {
+    await fs.rm(tmpDir, { recursive: true, force: true });
+  });
+
+  it('should deny action when trust level is insufficient', () => {
+    const result = gate.gate('shell', 'run command', 2);
+    expect(result.allowed).toBe(false);
+    expect(result.currentLevel).toBe(0);
+    expect(result.requiredLevel).toBe(2);
+    expect(result.message).toContain('denied');
+  });
+
+  it('should allow action when trust level is sufficient', async () => {
+    await engine.setTrustLevel('shell', 3, 'Approved');
+    const result = gate.gate('shell', 'run command', 2);
+    expect(result.allowed).toBe(true);
+    expect(result.message).toContain('allowed');
+  });
+
+  it('should allow action when trust level exactly matches', async () => {
+    await engine.setTrustLevel('files', 2, 'Set');
+    const result = gate.gate('files', 'write file', 2);
+    expect(result.allowed).toBe(true);
+  });
+
+  it('should allow level 0 actions for all', () => {
+    const result = gate.gate('messaging', 'view messages', 0);
+    expect(result.allowed).toBe(true);
+  });
+
+  it('should return correct domain in result', () => {
+    const result = gate.gate('finance', 'transfer', 4);
+    expect(result.domain).toBe('finance');
+  });
+});

package/tsconfig.json

@@ -0,0 +1,11 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src/**/*"],
+  "references": [
+    { "path": "../core" }
+  ]
+}