@bluefly/openstandardagents 0.5.0 → 0.5.1

package/dist/mesh/discovery-gkg.d.ts

@@ -0,0 +1,26 @@
+import { AgentCard } from './types.js';
+/**
+ * GKG Matchmaker Discovery Provider
+ *
+ * Replaces static registry discovery with semantic Contract Matchmaking via the Global Knowledge Graph.
+ * Resolves agents by their IO contracts (emits/consumes) and Execution Economics.
+ */
+export declare class GkgMatchmaker {
+    private gkgEndpoint;
+    /**
+     * @param gkgEndpoint - GKG API base URL.
+     *   Defaults to `OSSA_GKG_ENDPOINT` env var.
+     *   Set this to your own GKG-compatible knowledge graph endpoint.
+     */
+    constructor(gkgEndpoint?: string);
+    /**
+     * Discover agents that satisfy a specific IO contract and economics profile.
+     */
+    discoverByContract(emitsSchema?: string, consumesSchema?: string, maxCostUsd?: number): Promise<AgentCard[]>;
+    /**
+     * Initiate a Lead Selection Market bid request for a task
+     */
+    requestMarketBids(taskContext: any, requiredContextPacks: string[]): Promise<any[]>;
+    private mapToAgentCard;
+}
+//# sourceMappingURL=discovery-gkg.d.ts.map

package/dist/mesh/discovery-gkg.js

@@ -0,0 +1,92 @@
+/**
+ * GKG Matchmaker Discovery Provider
+ *
+ * Replaces static registry discovery with semantic Contract Matchmaking via the Global Knowledge Graph.
+ * Resolves agents by their IO contracts (emits/consumes) and Execution Economics.
+ */
+export class GkgMatchmaker {
+    gkgEndpoint;
+    /**
+     * @param gkgEndpoint - GKG API base URL.
+     *   Defaults to `OSSA_GKG_ENDPOINT` env var.
+     *   Set this to your own GKG-compatible knowledge graph endpoint.
+     */
+    constructor(gkgEndpoint) {
+        this.gkgEndpoint =
+            gkgEndpoint ??
+                process.env.OSSA_GKG_ENDPOINT ??
+                '';
+        if (!this.gkgEndpoint) {
+            throw new Error('GkgMatchmaker requires a GKG endpoint. ' +
+                'Pass it to the constructor or set the OSSA_GKG_ENDPOINT environment variable.');
+        }
+    }
+    /**
+     * Discover agents that satisfy a specific IO contract and economics profile.
+     */
+    async discoverByContract(emitsSchema, consumesSchema, maxCostUsd) {
+        const query = {
+            type: 'agent',
+            has_capability: true,
+            filters: {
+                ...(emitsSchema && { 'extensions.statemesh.emits.schema': emitsSchema }),
+                ...(consumesSchema && { 'extensions.statemesh.consumes.schema': consumesSchema }),
+                ...(maxCostUsd && { 'economics.max_cost_usd': { $lte: maxCostUsd } })
+            }
+        };
+        try {
+            const response = await fetch(`${this.gkgEndpoint}/search/semantic`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify(query)
+            });
+            if (!response.ok) {
+                throw new Error(`GKG Semantic Search failed: ${response.statusText}`);
+            }
+            const results = await response.json();
+            return results.map((r) => this.mapToAgentCard(r));
+        }
+        catch (e) {
+            console.error('GKG Matchmaker discovery failed', e);
+            return [];
+        }
+    }
+    /**
+     * Initiate a Lead Selection Market bid request for a task
+     */
+    async requestMarketBids(taskContext, requiredContextPacks) {
+        try {
+            const response = await fetch(`${this.gkgEndpoint}/market/bids/request`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ taskContext, requiredContextPacks })
+            });
+            return await response.json();
+        }
+        catch (e) {
+            console.error('Failed to request market bids', e);
+            return [];
+        }
+    }
+    mapToAgentCard(raw) {
+        return {
+            uri: raw.uri || (raw.metadata?.name ? `did:web:${raw.metadata.name}` : undefined),
+            name: raw.metadata?.name || 'anonymous',
+            version: raw.metadata?.version || '1.0.0',
+            ossaVersion: raw.apiVersion || 'ossa/v0.5.1',
+            gaid: raw.gaid,
+            endpoints: raw.endpoints || {},
+            transport: raw.transport || ['http'],
+            authentication: raw.authentication || ['none'],
+            encryption: raw.encryption || { tlsRequired: true, minTlsVersion: '1.3' },
+            capabilities: raw.spec?.tools?.map((t) => t.name) || [],
+            status: raw.metadata?.status || 'healthy',
+            metadata: {
+                description: raw.metadata?.description,
+                author: raw.metadata?.author,
+                ...(raw.metadata || {})
+            }
+        };
+    }
+}
+//# sourceMappingURL=discovery-gkg.js.map

package/dist/messenger/Handler/AgentBatchHandler.js

@@ -7,6 +7,7 @@
  * @package @bluefly/openstandardagents
  * @since 0.5.0
  */
+import { trace } from '@opentelemetry/api';
 export class AgentBatchHandler {
     deps;
     constructor(deps) {
@@ -50,8 +51,8 @@ export class AgentBatchHandler {
                     duration,
                 },
             };
-            // Store batch result
-            const batchId = context.requestId ?? `batch-${Date.now()}`;
+            // Store batch result — prefer OTel traceId so the storage key correlates with distributed traces
+            const batchId = trace.getActiveSpan()?.spanContext().traceId ?? context.requestId ?? `batch-${Date.now()}`;
             await this.deps.resultStorage.store(batchId, batchResult);
             // Dispatch completion event
             await this.deps.eventDispatcher.dispatch('agent.batch.complete', {

package/dist/messenger/Handler/AgentExecutionHandler.js

@@ -8,6 +8,7 @@
  * @package @bluefly/openstandardagents
  * @since 0.5.0
  */
+import { trace } from '@opentelemetry/api';
 export class AgentExecutionHandler {
     deps;
     constructor(deps) {
@@ -21,11 +22,15 @@ export class AgentExecutionHandler {
         const agentId = message.getAgentId();
         const input = message.getInput();
         const context = message.getContext();
+        const span = trace.getActiveSpan();
+        if (context.requestId) {
+            span?.setAttribute('request.id', context.requestId);
+        }
         this.deps.logger.info('Starting agent execution', {
             agentId,
             userId: context.userId,
             sessionId: context.sessionId,
-            requestId: context.requestId,
+            requestId: span?.spanContext().traceId ?? context.requestId,
         });
         try {
             // Load agent manifest

package/dist/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bluefly/openstandardagents",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "exports": {
     "./schema": "./spec/v0.5/agent.schema.json",
     "./schema/v0.4": "./spec/v0.4/agent.schema.json",
@@ -74,6 +74,11 @@
       "types": "./dist/services/trust/trust.service.d.ts",
       "import": "./dist/services/trust/trust.service.js",
       "require": "./dist/services/trust/trust.service.js"
+    },
+    "./workspace-validate": {
+      "types": "./dist/cli/workspace-validate.d.ts",
+      "import": "./dist/cli/workspace-validate.js",
+      "require": "./dist/cli/workspace-validate.js"
     }
   },
   "description": "OSSA - Open Standard for Software Agents. Infrastructure bridge between agent protocols (MCP, A2A) and deployment platforms. Define once in YAML, export to 9+ platforms (Docker, Kubernetes, LangChain, CrewAI, Claude Skills, etc.).",
@@ -230,7 +235,7 @@
     "postinstall": "node bin/postinstall || true",
     "// RELEASE & PUBLISH": "",
     "prepublishOnly": "publint && npm run test:unit && npm run build",
-    "validate:deps": "depcheck --ignore-dirs=examples --ignores='@anthropic-ai/claude-agent-sdk,@langchain/openai,@openai/agents,@temporalio/activity,@temporalio/workflow,pino-pretty,readline,@types/*,ts-jest,eslint*,prettier*,lefthook,jest*,vitest,semantic-release*,@semantic-release/*,keep-a-changelog,jest-junit,publint,conventional-changelog-conventionalcommits,ajv-cli,json-schema-to-typescript,json-schema-to-zod,ts-node,@playwright/test,@langchain/anthropic,@langchain/core,langchain'",
+    "validate:deps": "depcheck --ignore-dirs=examples --ignores='@anthropic-ai/claude-agent-sdk,@langchain/openai,@openai/agents,@temporalio/activity,@temporalio/workflow,pino-pretty,readline,@types/*,ts-jest,eslint*,prettier*,lefthook,jest*,vitest,semantic-release*,@semantic-release/*,keep-a-changelog,jest-junit,publint,conventional-changelog-conventionalcommits,ajv-cli,json-schema-to-typescript,json-schema-to-zod,ts-node,@playwright/test,@langchain/anthropic,@langchain/core,langchain,agent-browser,@ai-sdk/anthropic,@ai-sdk/google'",
     "validate:package": "publint",
     "publish:dry-run": "npm publish --dry-run",
     "release:check": "npm run typecheck && npm run test:unit && npm run validate:schema && publint",
@@ -238,9 +243,13 @@
     "release:semantic:dry": "npx semantic-release --dry-run"
   },
   "dependencies": {
+    "@ai-sdk/anthropic": "^3.0.58",
+    "@ai-sdk/google": "^3.0.43",
+    "@ai-sdk/openai": "^3.0.41",
     "@anthropic-ai/claude-agent-sdk": "^0.2.50",
     "@anthropic-ai/sdk": "^0.71.0",
     "@aws-sdk/client-bedrock-runtime": "^3.955.0",
+    "@better-openclaw/core": "^1.0.30",
     "@cedar-policy/cedar-wasm": "^4.9.1",
     "@gitbeaker/node": "^35.8.1",
     "@gitbeaker/rest": "^43.8.0",
@@ -269,6 +278,8 @@
     "@temporalio/workflow": "^1.11.3",
     "@types/tar": "^6.1.13",
     "@types/ws": "^8.18.1",
+    "agent-browser": "^0.20.11",
+    "ai": "^6.0.116",
     "ajv": "^8.12.0",
     "ajv-formats": "^3.0.1",
     "axios": "^1.12.2",
@@ -294,15 +305,19 @@
     "pino": "^10.3.0",
     "pino-pretty": "^13.1.3",
     "prom-client": "^15.1.3",
+    "proxy-agent": "^7.0.0",
     "readline": "^1.3.0",
     "reflect-metadata": "^0.2.2",
     "semver": "^7.7.3",
     "tar": "^7.5.11",
-    "uuid": "^11.0.5",
+    "twig": "^2.0.0",
+    "twig-drupal-filters": "^3.2.0",
+    "universal-user-agent": "^7.0.3",
+    "uuid": "^11.1.0",
     "web-did-resolver": "^2.0.32",
     "ws": "^8.19.0",
     "yaml": "^2.3.0",
-    "zod": "^4.1.11"
+    "zod": "^4.3.6"
   },
   "devDependencies": {
     "@bluefly/duadp": "^0.1.4",
@@ -323,6 +338,7 @@
     "@types/pg": "^8.15.5",
     "@types/redis": "^4.0.10",
     "@types/semver": "^7.7.1",
+    "@types/twig": "^1.12.17",
     "@typescript-eslint/eslint-plugin": "^8.48.0",
     "@typescript-eslint/parser": "^8.48.0",
     "ajv-cli": "^5.0.0",

package/dist/sdks/shared/types.d.ts

@@ -29,8 +29,8 @@ export declare const StateConfigSchema: z.ZodObject<{
         enabled: z.ZodBoolean;
         type: z.ZodOptional<z.ZodEnum<{
             database: "database";
-            memory: "memory";
             file: "file";
+            memory: "memory";
         }>>;
         provider: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>;

package/dist/services/agent-card-generator.js

@@ -88,8 +88,12 @@ export class AgentCardGenerator {
             name,
             version,
             ossaVersion: manifest.apiVersion || 'ossa/v0.4',
-            ...(manifest.metadata?.identity?.uuid ? { uuid: manifest.metadata.identity.uuid } : {}),
-            ...(manifest.metadata?.identity?.gaid ? { gaid: manifest.metadata.identity.gaid } : {}),
+            ...(manifest.metadata?.identity?.uuid
+                ? { uuid: manifest.metadata.identity.uuid }
+                : {}),
+            ...(manifest.metadata?.identity?.gaid
+                ? { gaid: manifest.metadata.identity.gaid }
+                : {}),
             // Taxonomy — what kind of agent
             ...(taxonomy ? { taxonomy } : {}),
             // Capabilities & tools

package/dist/services/daemon/audit-log.service.js

@@ -64,7 +64,9 @@ let AuditLogService = class AuditLogService {
         }
         catch (err) {
             // File doesn't exist yet or read error — return empty
-            if (err instanceof Error && 'code' in err && err.code === 'ENOENT') {
+            if (err instanceof Error &&
+                'code' in err &&
+                err.code === 'ENOENT') {
                 return [];
             }
             process.stderr.write(`[audit-log] read failed: ${err instanceof Error ? err.message : String(err)}\n`);

package/dist/services/daemon/execution.service.js

@@ -38,14 +38,19 @@ try {
             const eqIdx = trimmed.indexOf('=');
             if (eqIdx > 0) {
                 const key = trimmed.slice(0, eqIdx).trim();
-                const val = trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, '');
+                const val = trimmed
+                    .slice(eqIdx + 1)
+                    .trim()
+                    .replace(/^["']|["']$/g, '');
                 if (!process.env[key])
                     process.env[key] = val;
             }
         }
     }
 }
-catch { /* .env loading is best-effort */ }
+catch {
+    /* .env loading is best-effort */
+}
 const MAX_CONCURRENT = 3;
 const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
 const SUPPORTED_RUNTIMES = [
@@ -117,8 +122,7 @@ let ExecutionService = class ExecutionService extends EventEmitter {
         }, timeout);
         this.timeoutTimers.set(executionId, timer);
         // Run asynchronously — don't block the caller
-        this.runExecution(executionId, manifestPath, input, selectedRuntime, abortController.signal)
-            .catch((err) => {
+        this.runExecution(executionId, manifestPath, input, selectedRuntime, abortController.signal).catch((err) => {
             // Safety net for unhandled errors
             logger.error({ err, executionId }, 'Unhandled execution error');
         });

package/dist/services/daemon/fs-watcher.service.js

@@ -22,11 +22,7 @@ const WATCH_PATTERNS = [
     '**/*.skill.yml',
     '**/SKILL.md',
 ];
-const IGNORED = [
-    '**/node_modules/**',
-    '**/dist/**',
-    '**/.git/**',
-];
+const IGNORED = ['**/node_modules/**', '**/dist/**', '**/.git/**'];
 const DEBOUNCE_MS = 300;
 let FileWatcherService = class FileWatcherService {
     watcher = null;
@@ -101,7 +97,8 @@ let FileWatcherService = class FileWatcherService {
     isPathSafe(filePath) {
         const resolved = path.resolve(filePath);
         // Must be inside workspace root
-        if (!resolved.startsWith(this.workspaceRoot + path.sep) && resolved !== this.workspaceRoot) {
+        if (!resolved.startsWith(this.workspaceRoot + path.sep) &&
+            resolved !== this.workspaceRoot) {
             return false;
         }
         // Get relative path and check each segment for dotfiles (except .ossa.yaml)
@@ -138,7 +135,9 @@ let FileWatcherService = class FileWatcherService {
         else {
             const fileStats = stats ?? this.safeStatSync(absolutePath);
             this.trackedFiles.set(relativePath, {
-                modified: fileStats ? new Date(fileStats.mtime).toISOString() : new Date().toISOString(),
+                modified: fileStats
+                    ? new Date(fileStats.mtime).toISOString()
+                    : new Date().toISOString(),
                 size: fileStats?.size ?? 0,
             });
         }

package/dist/services/daemon/pairing.service.js

@@ -33,7 +33,8 @@ let PairingService = class PairingService {
      */
     getCurrentCode() {
         const now = Date.now();
-        if (!this.currentCode || now - this.codeGeneratedAt >= CODE_ROTATION_INTERVAL_MS) {
+        if (!this.currentCode ||
+            now - this.codeGeneratedAt >= CODE_ROTATION_INTERVAL_MS) {
             this.currentCode = this.generateCode();
             this.codeGeneratedAt = now;
         }

package/dist/services/daemon/skill-aggregator.service.js

@@ -22,18 +22,78 @@ import * as path from 'node:path';
 import { safeParseYAML } from '../../utils/yaml-parser.js';
 const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
 const BUILTIN_SKILLS = [
-    { name: 'web-search', source: 'builtin', description: 'Search the web for information', tags: ['search', 'web'] },
-    { name: 'code-review', source: 'builtin', description: 'Review code for quality, security, and best practices', tags: ['code', 'review', 'quality'] },
-    { name: 'text-summary', source: 'builtin', description: 'Summarize text content into concise form', tags: ['text', 'summary', 'nlp'] },
-    { name: 'data-analysis', source: 'builtin', description: 'Analyze structured and unstructured data', tags: ['data', 'analysis', 'statistics'] },
-    { name: 'image-generation', source: 'builtin', description: 'Generate images from text descriptions', tags: ['image', 'generation', 'creative'] },
-    { name: 'translation', source: 'builtin', description: 'Translate text between languages', tags: ['translation', 'language', 'nlp'] },
-    { name: 'file-management', source: 'builtin', description: 'Read, write, and manage files in the workspace', tags: ['file', 'io', 'workspace'] },
-    { name: 'api-integration', source: 'builtin', description: 'Integrate with external REST and GraphQL APIs', tags: ['api', 'integration', 'http'] },
-    { name: 'database-query', source: 'builtin', description: 'Query and manage database connections', tags: ['database', 'sql', 'query'] },
-    { name: 'monitoring', source: 'builtin', description: 'Monitor system health, metrics, and alerts', tags: ['monitoring', 'observability', 'health'] },
-    { name: 'testing', source: 'builtin', description: 'Run and manage test suites', tags: ['testing', 'quality', 'ci'] },
-    { name: 'documentation', source: 'builtin', description: 'Generate and maintain documentation', tags: ['docs', 'documentation', 'writing'] },
+    {
+        name: 'web-search',
+        source: 'builtin',
+        description: 'Search the web for information',
+        tags: ['search', 'web'],
+    },
+    {
+        name: 'code-review',
+        source: 'builtin',
+        description: 'Review code for quality, security, and best practices',
+        tags: ['code', 'review', 'quality'],
+    },
+    {
+        name: 'text-summary',
+        source: 'builtin',
+        description: 'Summarize text content into concise form',
+        tags: ['text', 'summary', 'nlp'],
+    },
+    {
+        name: 'data-analysis',
+        source: 'builtin',
+        description: 'Analyze structured and unstructured data',
+        tags: ['data', 'analysis', 'statistics'],
+    },
+    {
+        name: 'image-generation',
+        source: 'builtin',
+        description: 'Generate images from text descriptions',
+        tags: ['image', 'generation', 'creative'],
+    },
+    {
+        name: 'translation',
+        source: 'builtin',
+        description: 'Translate text between languages',
+        tags: ['translation', 'language', 'nlp'],
+    },
+    {
+        name: 'file-management',
+        source: 'builtin',
+        description: 'Read, write, and manage files in the workspace',
+        tags: ['file', 'io', 'workspace'],
+    },
+    {
+        name: 'api-integration',
+        source: 'builtin',
+        description: 'Integrate with external REST and GraphQL APIs',
+        tags: ['api', 'integration', 'http'],
+    },
+    {
+        name: 'database-query',
+        source: 'builtin',
+        description: 'Query and manage database connections',
+        tags: ['database', 'sql', 'query'],
+    },
+    {
+        name: 'monitoring',
+        source: 'builtin',
+        description: 'Monitor system health, metrics, and alerts',
+        tags: ['monitoring', 'observability', 'health'],
+    },
+    {
+        name: 'testing',
+        source: 'builtin',
+        description: 'Run and manage test suites',
+        tags: ['testing', 'quality', 'ci'],
+    },
+    {
+        name: 'documentation',
+        source: 'builtin',
+        description: 'Generate and maintain documentation',
+        tags: ['docs', 'documentation', 'writing'],
+    },
 ];
 let SkillAggregatorService = class SkillAggregatorService {
     cache = new Map();
@@ -152,7 +212,12 @@ let SkillAggregatorService = class SkillAggregatorService {
     // --- Private loaders ---
     async loadLocal() {
         const patterns = ['**/*.skill.yaml', '**/*.skill.yml', '**/SKILL.md'];
-        const ignorePatterns = ['**/node_modules/**', '**/dist/**', '**/.git/**', '**/coverage/**'];
+        const ignorePatterns = [
+            '**/node_modules/**',
+            '**/dist/**',
+            '**/.git/**',
+            '**/coverage/**',
+        ];
         const files = await fg(patterns, {
             cwd: this.workspacePath,
             ignore: ignorePatterns,
@@ -166,25 +231,39 @@ let SkillAggregatorService = class SkillAggregatorService {
                     // SKILL.md — extract name from first heading, rest is description
                     const lines = content.split('\n');
                     const heading = lines.find((l) => l.startsWith('#'));
-                    const name = heading ? heading.replace(/^#+\s*/, '').trim() : path.basename(path.dirname(file));
+                    const name = heading
+                        ? heading.replace(/^#+\s*/, '').trim()
+                        : path.basename(path.dirname(file));
                     const description = lines
                         .filter((l) => !l.startsWith('#') && l.trim())
                         .slice(0, 3)
                         .join(' ')
                         .trim();
-                    skills.push({ name, source: 'local', description: description || 'Local skill', manifest: content });
+                    skills.push({
+                        name,
+                        source: 'local',
+                        description: description || 'Local skill',
+                        manifest: content,
+                    });
                 }
                 else {
                     // YAML skill file
                     const parsed = safeParseYAML(content);
                     const meta = parsed?.metadata;
                     skills.push({
-                        name: meta?.name || path.basename(file, path.extname(file)).replace('.skill', ''),
+                        name: meta?.name ||
+                            path.basename(file, path.extname(file)).replace('.skill', ''),
                         source: 'local',
-                        description: meta?.description || parsed?.description || 'Local skill',
+                        description: meta?.description ||
+                            parsed?.description ||
+                            'Local skill',
                         version: meta?.version || undefined,
-                        capabilities: Array.isArray(parsed?.capabilities) ? parsed.capabilities : undefined,
-                        tags: Array.isArray(parsed?.tags) ? parsed.tags : undefined,
+                        capabilities: Array.isArray(parsed?.capabilities)
+                            ? parsed.capabilities
+                            : undefined,
+                        tags: Array.isArray(parsed?.tags)
+                            ? parsed.tags
+                            : undefined,
                         manifest: parsed,
                     });
                 }
@@ -201,7 +280,10 @@ let SkillAggregatorService = class SkillAggregatorService {
     async loadGitHub() {
         const url = 'https://api.github.com/repos/anthropics/skills/contents/';
         const response = await fetch(url, {
-            headers: { Accept: 'application/vnd.github.v3+json', 'User-Agent': 'ossa-daemon' },
+            headers: {
+                Accept: 'application/vnd.github.v3+json',
+                'User-Agent': 'ossa-daemon',
+            },
             signal: AbortSignal.timeout(10_000),
         });
         if (!response.ok) {
@@ -239,7 +321,9 @@ let SkillAggregatorService = class SkillAggregatorService {
             source: 'registry',
             description: item.description || 'Registry skill',
             version: item.version || undefined,
-            capabilities: Array.isArray(item.capabilities) ? item.capabilities : undefined,
+            capabilities: Array.isArray(item.capabilities)
+                ? item.capabilities
+                : undefined,
             tags: Array.isArray(item.tags) ? item.tags : undefined,
         }));
     }

package/dist/services/daemon/sse-endpoints.js

@@ -23,7 +23,7 @@ import { PairingService } from './pairing.service.js';
 const SSE_HEADERS = {
     'Content-Type': 'text/event-stream',
     'Cache-Control': 'no-cache',
-    'Connection': 'keep-alive',
+    Connection: 'keep-alive',
 };
 const STATUS_INTERVAL_MS = 5_000;
 let SSEEndpoints = class SSEEndpoints {

package/dist/services/daemon/ws-server.js

@@ -34,7 +34,9 @@ let DaemonWebSocketServer = class DaemonWebSocketServer {
         server.on('upgrade', (request, socket, head) => {
             // Enforce localhost-only binding at the connection level
             const remoteAddr = request.socket.remoteAddress;
-            if (remoteAddr !== '127.0.0.1' && remoteAddr !== '::1' && remoteAddr !== '::ffff:127.0.0.1') {
+            if (remoteAddr !== '127.0.0.1' &&
+                remoteAddr !== '::1' &&
+                remoteAddr !== '::ffff:127.0.0.1') {
                 socket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
                 socket.destroy();
                 return;
@@ -42,7 +44,10 @@ let DaemonWebSocketServer = class DaemonWebSocketServer {
             // Extract pairing token from Sec-WebSocket-Protocol header
             const protocols = request.headers['sec-websocket-protocol'];
             const token = typeof protocols === 'string'
-                ? protocols.split(',').map(p => p.trim()).find(p => p.startsWith('pairing.'))
+                ? protocols
+                    .split(',')
+                    .map((p) => p.trim())
+                    .find((p) => p.startsWith('pairing.'))
                 : undefined;
             if (!token) {
                 socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
@@ -71,7 +76,9 @@ let DaemonWebSocketServer = class DaemonWebSocketServer {
      */
     sendToSession(sessionId, event) {
         const session = this.sessions.get(sessionId);
-        if (session && session.authenticated && session.ws.readyState === WebSocket.OPEN) {
+        if (session &&
+            session.authenticated &&
+            session.ws.readyState === WebSocket.OPEN) {
             session.ws.send(JSON.stringify(event));
         }
     }

package/dist/services/governance/cedar-provider.js

@@ -36,7 +36,7 @@ export class CedarGovernanceProvider {
         return {
             compliant: issues.length === 0,
             issues,
-            warnings
+            warnings,
         };
     }
     /**
@@ -51,7 +51,8 @@ export class CedarGovernanceProvider {
         const policies_evaluated = [];
         // Simulate Policy Evaluation Context
         const principalTier = context?.tier || 'tier_1_read';
-        const isDestructive = action.toLowerCase().includes('delete') || action.toLowerCase().includes('write');
+        const isDestructive = action.toLowerCase().includes('delete') ||
+            action.toLowerCase().includes('write');
         policies_evaluated.push('policy_tier_bounds');
         // Sample Cedar constraint translation
         if (principalTier === 'tier_1_read' && isDestructive) {
@@ -62,14 +63,15 @@ export class CedarGovernanceProvider {
             // In a real integration, this would call the Cedar C++ binding or WASM module:
             // const cedarEval = await cedar.isAuthorized({ principal, action, resource, context });
             decision = 'ALLOW';
-            reason = 'Allowed by default test policy matching principal and action scope.';
+            reason =
+                'Allowed by default test policy matching principal and action scope.';
         }
         return {
             decision,
             reason,
             diagnostics: {
                 policies_evaluated,
-            }
+            },
         };
     }
     /**
@@ -78,7 +80,7 @@ export class CedarGovernanceProvider {
     async evaluateQualityGate(request) {
         const blocked_by = [];
         if (request.environment === 'production') {
-            if (request.metrics.confidence_score < 0.90) {
+            if (request.metrics.confidence_score < 0.9) {
                 blocked_by.push('Confidence score below production threshold (90%)');
             }
             if (request.metrics.vulnerability_count > 0) {
@@ -87,7 +89,7 @@ export class CedarGovernanceProvider {
         }
         else {
             // lower environments
-            if (request.metrics.confidence_score < 0.70) {
+            if (request.metrics.confidence_score < 0.7) {
                 blocked_by.push('Confidence score below development threshold (70%)');
             }
         }
@@ -97,8 +99,10 @@ export class CedarGovernanceProvider {
             blocked_by,
             policy_decision: {
                 decision: decision === 'PASS' ? 'ALLOW' : 'DENY',
-                reason: decision === 'PASS' ? 'Quality gate matched constraints.' : 'Metrics failed quality requirements.',
-            }
+                reason: decision === 'PASS'
+                    ? 'Quality gate matched constraints.'
+                    : 'Metrics failed quality requirements.',
+            },
         };
     }
 }

package/dist/services/governance/cedar-validator.service.js

@@ -5,7 +5,7 @@
  * This is OSSA's responsibility: schema definition + offline validation.
  * Runtime enforcement belongs to DUADP.
  */
-import { checkParsePolicySet, checkParseSchema, } from '@cedar-policy/cedar-wasm';
+import { checkParsePolicySet, checkParseSchema, } from '@cedar-policy/cedar-wasm/nodejs';
 function extractErrors(answer) {
     if (answer.type === 'failure') {
         return answer.errors.map((e) => e.message ?? JSON.stringify(e));