@bookedsolid/rea 0.2.0 → 0.3.0

package/dist/gateway/audit/rotator.js

@@ -0,0 +1,289 @@
+/**
+ * Audit rotation (G1). Size- and age-based rotation for `.rea/audit.jsonl`
+ * that preserves hash-chain continuity across the rotation boundary.
+ *
+ * ## Triggers
+ *
+ * Rotation fires when EITHER threshold is crossed:
+ *
+ * - `max_bytes` — the current `audit.jsonl` is at or above this many bytes.
+ *   Default when the policy block is present but `max_bytes` is unset:
+ *   `DEFAULT_MAX_BYTES` (50 MiB).
+ * - `max_age_days` — the first record's `timestamp` is older than this many
+ *   days. Default when unset: `DEFAULT_MAX_AGE_DAYS` (30).
+ *
+ * Back-compat: if the `audit.rotation` policy block is ABSENT entirely,
+ * rotation is DISABLED. Defaults only apply when the operator has opted in
+ * by declaring the block (even empty). This is deliberate — we do not want
+ * a 0.2.x install to observe new file-movement behavior on 0.3.0 upgrade
+ * without being asked.
+ *
+ * ## Rotation marker
+ *
+ * On rotation, the current file is renamed to `audit-YYYYMMDD-HHMMSS.jsonl`
+ * in the same directory. A fresh `audit.jsonl` is created containing EXACTLY
+ * one record: a rotation marker.
+ *
+ *     tool_name:          'audit.rotation'
+ *     server_name:        'rea'
+ *     status:             'allowed'
+ *     tier:               'read'
+ *     autonomy_level:     'system'
+ *     prev_hash:          hash of the LAST record in the rotated file
+ *     metadata.rotated_from: the rotated filename (basename)
+ *     metadata.rotated_at:   ISO-8601 instant of rotation
+ *
+ * The marker's `prev_hash` is the chain bridge — an operator verifying the
+ * chain with `rea audit verify --since <rotated-file>` walks rotated →
+ * marker → current and every transition must line up.
+ *
+ * ## Concurrency
+ *
+ * `maybeRotate` is called BEFORE the per-append lock is acquired. It takes
+ * its own short-lived lock on `.rea/` to perform the rename + marker write
+ * atomically. Callers that beat the rotator to the lock simply append to
+ * the (now fresh) file — correctness is preserved because the rotation
+ * marker is a legitimate chain anchor.
+ */
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { Tier, InvocationStatus } from '../../policy/types.js';
+import { computeHash, readLastRecord, withAuditLock } from '../../audit/fs.js';
+/** 50 MiB. Only applied when the operator has declared `audit.rotation`. */
+export const DEFAULT_MAX_BYTES = 50 * 1024 * 1024;
+/** 30 days. Only applied when the operator has declared `audit.rotation`. */
+export const DEFAULT_MAX_AGE_DAYS = 30;
+export const ROTATION_TOOL_NAME = 'audit.rotation';
+export const ROTATION_SERVER_NAME = 'rea';
+/**
+ * Compute the effective rotation thresholds from policy. If the operator has
+ * NOT declared an `audit.rotation` block, BOTH thresholds are undefined and
+ * rotation is disabled (back-compat with 0.2.x).
+ *
+ * If the block IS declared but individual knobs are missing, apply the
+ * documented defaults.
+ */
+function effectiveThresholds(policy) {
+    const rot = policy?.audit?.rotation;
+    if (rot === undefined) {
+        return { maxBytes: undefined, maxAgeMs: undefined };
+    }
+    // An explicit `audit.rotation: {}` block opts in to both defaults.
+    const maxBytes = rot.max_bytes ?? DEFAULT_MAX_BYTES;
+    const maxAgeDays = rot.max_age_days ?? DEFAULT_MAX_AGE_DAYS;
+    return { maxBytes, maxAgeMs: maxAgeDays * 24 * 60 * 60 * 1000 };
+}
+/**
+ * Build the rotation timestamp filename. UTC for sortability.
+ * Format: `audit-YYYYMMDD-HHMMSS.jsonl`. Collisions (two rotations in the
+ * same second) are resolved by appending `-1`, `-2`, etc.
+ */
+export function rotationFilename(at) {
+    const y = at.getUTCFullYear().toString().padStart(4, '0');
+    const m = (at.getUTCMonth() + 1).toString().padStart(2, '0');
+    const d = at.getUTCDate().toString().padStart(2, '0');
+    const hh = at.getUTCHours().toString().padStart(2, '0');
+    const mm = at.getUTCMinutes().toString().padStart(2, '0');
+    const ss = at.getUTCSeconds().toString().padStart(2, '0');
+    return `audit-${y}${m}${d}-${hh}${mm}${ss}.jsonl`;
+}
+/**
+ * Probe the first record's timestamp WITHOUT loading the whole file into
+ * memory as a JSON blob. We read up to the first newline and parse just
+ * that line. Returns `undefined` if the file is empty / unreadable / the
+ * first line isn't valid JSON with a usable `timestamp` field.
+ */
+async function readFirstTimestamp(auditFile) {
+    let fh;
+    try {
+        fh = await fs.open(auditFile, 'r');
+        // 64 KiB is enough for the first record under any realistic schema.
+        const buf = Buffer.alloc(64 * 1024);
+        const { bytesRead } = await fh.read(buf, 0, buf.length, 0);
+        if (bytesRead === 0)
+            return undefined;
+        const chunk = buf.slice(0, bytesRead).toString('utf8');
+        const newline = chunk.indexOf('\n');
+        const firstLine = newline === -1 ? chunk : chunk.slice(0, newline);
+        if (firstLine.length === 0)
+            return undefined;
+        const parsed = JSON.parse(firstLine);
+        if (typeof parsed.timestamp !== 'string')
+            return undefined;
+        const ts = Date.parse(parsed.timestamp);
+        if (Number.isNaN(ts))
+            return undefined;
+        return new Date(ts);
+    }
+    catch {
+        return undefined;
+    }
+    finally {
+        if (fh)
+            await fh.close();
+    }
+}
+/**
+ * Decide whether the current audit file has crossed any rotation threshold.
+ * Exported for testing.
+ */
+export async function shouldRotate(auditFile, thresholds, now = new Date()) {
+    if (thresholds.maxBytes === undefined && thresholds.maxAgeMs === undefined) {
+        return false;
+    }
+    let size;
+    try {
+        const stat = await fs.stat(auditFile);
+        if (!stat.isFile())
+            return false;
+        size = stat.size;
+    }
+    catch (err) {
+        if (err.code === 'ENOENT')
+            return false;
+        throw err;
+    }
+    // Empty files never rotate — rotating an empty file would create a chain
+    // anchored on genesis with a dangling predecessor.
+    if (size === 0)
+        return false;
+    if (thresholds.maxBytes !== undefined && size >= thresholds.maxBytes) {
+        return true;
+    }
+    if (thresholds.maxAgeMs !== undefined) {
+        const firstTs = await readFirstTimestamp(auditFile);
+        if (firstTs !== undefined) {
+            const ageMs = now.getTime() - firstTs.getTime();
+            if (ageMs >= thresholds.maxAgeMs)
+                return true;
+        }
+    }
+    return false;
+}
+/**
+ * Pick a rotation filename that doesn't collide with an existing file.
+ * Returns the absolute path.
+ */
+async function pickRotationPath(reaDir, at) {
+    const base = rotationFilename(at);
+    const baseNoExt = base.replace(/\.jsonl$/, '');
+    let candidate = path.join(reaDir, base);
+    let suffix = 1;
+    while (true) {
+        try {
+            await fs.access(candidate);
+        }
+        catch (err) {
+            if (err.code === 'ENOENT') {
+                return candidate;
+            }
+            throw err;
+        }
+        candidate = path.join(reaDir, `${baseNoExt}-${suffix}.jsonl`);
+        suffix += 1;
+        if (suffix > 1000) {
+            throw new Error(`Unable to pick rotation filename in ${reaDir} — 1000 collisions`);
+        }
+    }
+}
+/**
+ * Perform the rotation unconditionally. Assumes the caller has already
+ * determined rotation is warranted and holds (or is about to acquire) any
+ * outer locks. `performRotation` takes its own lock on `.rea/` to make the
+ * rename + marker write atomic w.r.t. other append-path lockers.
+ *
+ * Returns `{ rotated: false }` if the audit file is empty or missing — an
+ * empty file is a no-op by design (see `rea audit rotate` empty-case).
+ */
+export async function performRotation(auditFile, now = new Date()) {
+    const reaDir = path.dirname(auditFile);
+    // Ensure the parent exists so withAuditLock can place a lock file. The
+    // caller normally creates this; we mkdir defensively for the force-rotate
+    // path (`rea audit rotate` on a green-field install).
+    await fs.mkdir(reaDir, { recursive: true });
+    return withAuditLock(auditFile, async () => {
+        // Re-check the file under the lock. Another writer may have rotated
+        // between the caller's decision and our lock acquisition.
+        let size;
+        try {
+            const stat = await fs.stat(auditFile);
+            if (!stat.isFile())
+                return { rotated: false };
+            size = stat.size;
+        }
+        catch (err) {
+            if (err.code === 'ENOENT')
+                return { rotated: false };
+            throw err;
+        }
+        if (size === 0)
+            return { rotated: false };
+        // Pull the last record's hash BEFORE renaming — so we can anchor the
+        // marker's prev_hash on the old chain's tail. readLastRecord also
+        // performs partial-write recovery under our lock (idempotent).
+        const { hash: tailHash } = await readLastRecord(auditFile);
+        const rotatedPath = await pickRotationPath(reaDir, now);
+        await fs.rename(auditFile, rotatedPath);
+        // Write the rotation marker into a fresh audit.jsonl. The marker's
+        // prev_hash is the old tail's hash — operators can walk rotated →
+        // marker and the chain holds.
+        const markerBase = {
+            timestamp: now.toISOString(),
+            session_id: 'system',
+            tool_name: ROTATION_TOOL_NAME,
+            server_name: ROTATION_SERVER_NAME,
+            tier: Tier.Read,
+            status: InvocationStatus.Allowed,
+            autonomy_level: 'system',
+            duration_ms: 0,
+            prev_hash: tailHash,
+            metadata: {
+                rotated_from: path.basename(rotatedPath),
+                rotated_at: now.toISOString(),
+            },
+        };
+        const markerHash = computeHash(markerBase);
+        const marker = { ...markerBase, hash: markerHash };
+        const line = JSON.stringify(marker) + '\n';
+        await fs.writeFile(auditFile, line, { flag: 'w' });
+        return { rotated: true, rotatedTo: rotatedPath };
+    });
+}
+/**
+ * Called by the append path BEFORE acquiring its own lock. Cheap when no
+ * rotation is due (one stat, maybe one 64 KiB read for age check); idempotent
+ * when rotation IS due (performRotation re-checks under the lock).
+ *
+ * Never throws. On any error, logs to stderr and returns `rotated: false`
+ * — a broken rotator must NOT break the audit append.
+ */
+export async function maybeRotate(auditFile, policy, now = new Date()) {
+    try {
+        const thresholds = effectiveThresholds(policy);
+        if (thresholds.maxBytes === undefined && thresholds.maxAgeMs === undefined) {
+            return { rotated: false };
+        }
+        const due = await shouldRotate(auditFile, thresholds, now);
+        if (!due)
+            return { rotated: false };
+        return await performRotation(auditFile, now);
+    }
+    catch (err) {
+        console.error('[rea] AUDIT ROTATION FAILED:', err instanceof Error ? err.message : String(err));
+        return { rotated: false };
+    }
+}
+/**
+ * CLI-invoked force rotation (`rea audit rotate`). Unlike `maybeRotate` this
+ * DOES ignore thresholds — the operator asked explicitly — but empty files
+ * are still a no-op because rotating an empty chain produces a marker with
+ * no predecessor.
+ */
+export async function forceRotate(auditFile, now = new Date()) {
+    return performRotation(auditFile, now);
+}
+/**
+ * Exposed for tests/callers that already know the policy shape. Tests that
+ * want to stub thresholds can call `performRotation` directly.
+ */
+export { effectiveThresholds as _effectiveThresholds };

package/dist/gateway/middleware/audit.d.ts

@@ -8,5 +8,19 @@ import type { Middleware } from './chain.js';
  * SECURITY: Wraps next() in try/finally to ensure audit runs even on middleware exceptions.
  * SECURITY: Placed as outermost middleware so audit records ALL invocations, including denials.
  * PERFORMANCE: All fs operations are async to avoid blocking the event loop.
+ *
+ * CONCURRENCY (G1):
+ *   - Per-process: the writeQueue below serializes writes within the Node process.
+ *   - Cross-process: each write acquires a `proper-lockfile` lock on `.rea/`.
+ *     Stale locks are reclaimed after 10s. Lock-acquisition failure falls back
+ *     to the current best-effort behavior — the tool call proceeds and the
+ *     failure is logged. Breaking the invocation because the auditor failed
+ *     would let an audit outage take down the gateway.
+ *
+ * ROTATION (G1):
+ *   - `maybeRotate` runs before each write's lock acquisition. Rotation writes
+ *     a marker record whose `prev_hash` preserves hash-chain continuity across
+ *     the rotation boundary. When no `audit.rotation` block is set in policy,
+ *     rotation is a no-op — 0.2.x behavior is preserved.
  */
 export declare function createAuditMiddleware(baseDir: string, policy?: Policy): Middleware;

package/dist/gateway/middleware/audit.js

@@ -1,11 +1,8 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import crypto from 'node:crypto';
 import { Tier, InvocationStatus } from '../../policy/types.js';
-function computeHash(record) {
-    const payload = JSON.stringify(record);
-    return crypto.createHash('sha256').update(payload).digest('hex');
-}
+import { computeHash, fsyncFile, readLastRecord, withAuditLock, } from '../../audit/fs.js';
+import { maybeRotate } from '../audit/rotator.js';
 /**
  * Post-execution middleware: appends a hash-chained JSONL audit record.
  *
@@ -14,15 +11,34 @@ function computeHash(record) {
  * SECURITY: Wraps next() in try/finally to ensure audit runs even on middleware exceptions.
  * SECURITY: Placed as outermost middleware so audit records ALL invocations, including denials.
  * PERFORMANCE: All fs operations are async to avoid blocking the event loop.
+ *
+ * CONCURRENCY (G1):
+ *   - Per-process: the writeQueue below serializes writes within the Node process.
+ *   - Cross-process: each write acquires a `proper-lockfile` lock on `.rea/`.
+ *     Stale locks are reclaimed after 10s. Lock-acquisition failure falls back
+ *     to the current best-effort behavior — the tool call proceeds and the
+ *     failure is logged. Breaking the invocation because the auditor failed
+ *     would let an audit outage take down the gateway.
+ *
+ * ROTATION (G1):
+ *   - `maybeRotate` runs before each write's lock acquisition. Rotation writes
+ *     a marker record whose `prev_hash` preserves hash-chain continuity across
+ *     the rotation boundary. When no `audit.rotation` block is set in policy,
+ *     rotation is a no-op — 0.2.x behavior is preserved.
  */
 export function createAuditMiddleware(baseDir, policy) {
     // REA writes to a single .rea/audit.jsonl file (not dated per-day files).
     const reaDir = path.join(baseDir, '.rea');
     const auditFile = path.join(reaDir, 'audit.jsonl');
-    let prevHash = '0000000000000000000000000000000000000000000000000000000000000000';
     let dirEnsured = false;
     // SECURITY: Use a write queue to serialize audit writes, ensuring the hash chain is linear.
     let writeQueue = Promise.resolve();
+    async function ensureDir() {
+        if (!dirEnsured) {
+            await fs.mkdir(reaDir, { recursive: true });
+            dirEnsured = true;
+        }
+    }
     return async (ctx, next) => {
         let nextError;
         try {
@@ -41,63 +57,67 @@ export function createAuditMiddleware(baseDir, policy) {
         const duration_ms = Date.now() - ctx.start_time;
         const autonomyLevel = ctx.metadata.autonomy_level ?? policy?.autonomy_level ?? 'unknown';
         // Serialize audit writes via a queue to maintain hash chain linearity under concurrency.
-        // Each write awaits the previous one before computing its hash, ensuring a linear chain.
+        // Each write awaits the previous one before running its lock-scoped append.
         const writePromise = writeQueue.then(async () => {
             try {
-                const now = new Date().toISOString();
-                const recordBase = {
-                    timestamp: now,
-                    session_id: ctx.session_id,
-                    tool_name: ctx.tool_name,
-                    server_name: ctx.server_name,
-                    tier: ctx.tier ?? Tier.Write,
-                    status: ctx.status,
-                    autonomy_level: autonomyLevel,
-                    duration_ms,
-                    prev_hash: prevHash,
-                };
-                if (ctx.error) {
-                    recordBase.error = ctx.error;
-                }
-                if (ctx.redacted_fields?.length) {
-                    recordBase.redacted_fields = ctx.redacted_fields;
-                }
-                // Attach caller-supplied metadata when the middleware context carries any.
-                // The `autonomy_level` key is reserved for internal bookkeeping (see above)
-                // and is excluded from the exported metadata payload.
-                if (ctx.metadata !== undefined) {
-                    const exported = {};
-                    for (const [k, v] of Object.entries(ctx.metadata)) {
-                        if (k === 'autonomy_level')
-                            continue;
-                        exported[k] = v;
+                await ensureDir();
+                // G1: Attempt rotation BEFORE acquiring the append lock. No-op when the
+                // policy's audit.rotation block is absent. Errors are swallowed inside
+                // maybeRotate so rotation can never take down the gateway.
+                await maybeRotate(auditFile, policy);
+                await withAuditLock(auditFile, async () => {
+                    const { hash: prevHash } = await readLastRecord(auditFile);
+                    const now = new Date().toISOString();
+                    const recordBase = {
+                        timestamp: now,
+                        session_id: ctx.session_id,
+                        tool_name: ctx.tool_name,
+                        server_name: ctx.server_name,
+                        tier: ctx.tier ?? Tier.Write,
+                        status: ctx.status,
+                        autonomy_level: autonomyLevel,
+                        duration_ms,
+                        prev_hash: prevHash,
+                    };
+                    if (ctx.error) {
+                        recordBase.error = ctx.error;
+                    }
+                    if (ctx.redacted_fields?.length) {
+                        recordBase.redacted_fields = ctx.redacted_fields;
+                    }
+                    // Attach caller-supplied metadata when the middleware context carries any.
+                    // The `autonomy_level` key is reserved for internal bookkeeping (see above)
+                    // and is excluded from the exported metadata payload.
+                    if (ctx.metadata !== undefined) {
+                        const exported = {};
+                        for (const [k, v] of Object.entries(ctx.metadata)) {
+                            if (k === 'autonomy_level')
+                                continue;
+                            exported[k] = v;
+                        }
+                        if (Object.keys(exported).length > 0) {
+                            recordBase.metadata = exported;
+                        }
+                    }
+                    const hash = computeHash(recordBase);
+                    const record = { ...recordBase, hash };
+                    const line = JSON.stringify(record) + '\n';
+                    try {
+                        await fs.appendFile(auditFile, line);
                     }
-                    if (Object.keys(exported).length > 0) {
-                        recordBase.metadata = exported;
+                    catch {
+                        // Directory may have been deleted externally — retry once with mkdir
+                        dirEnsured = false;
+                        await ensureDir();
+                        await fs.appendFile(auditFile, line);
                     }
-                }
-                const hash = computeHash(recordBase);
-                const record = { ...recordBase, hash };
-                prevHash = hash;
-                const line = JSON.stringify(record) + '\n';
-                // Ensure .rea dir exists (cached, with retry on failure)
-                if (!dirEnsured) {
-                    await fs.mkdir(reaDir, { recursive: true });
-                    dirEnsured = true;
-                }
-                try {
-                    await fs.appendFile(auditFile, line);
-                }
-                catch {
-                    // Directory may have been deleted externally — retry once with mkdir
-                    dirEnsured = false;
-                    await fs.mkdir(reaDir, { recursive: true });
-                    dirEnsured = true;
-                    await fs.appendFile(auditFile, line);
-                }
+                    await fsyncFile(auditFile);
+                });
             }
             catch (auditErr) {
-                // SECURITY: Never crash the gateway on audit failure — log to stderr
+                // SECURITY: Never crash the gateway on audit failure — log to stderr.
+                // This catches lock-acquisition failures, EEXIST-without-stale, and
+                // any other I/O failure. The tool call itself continues.
                 dirEnsured = false;
                 console.error('[rea] AUDIT WRITE FAILED:', auditErr instanceof Error ? auditErr.message : auditErr);
             }

package/dist/policy/loader.d.ts

@@ -60,6 +60,28 @@ declare const PolicySchema: z.ZodObject<{
             flags?: string | undefined;
         }[] | undefined;
     }>>;
+    audit: z.ZodOptional<z.ZodObject<{
+        rotation: z.ZodOptional<z.ZodObject<{
+            max_bytes: z.ZodOptional<z.ZodNumber>;
+            max_age_days: z.ZodOptional<z.ZodNumber>;
+        }, "strict", z.ZodTypeAny, {
+            max_bytes?: number | undefined;
+            max_age_days?: number | undefined;
+        }, {
+            max_bytes?: number | undefined;
+            max_age_days?: number | undefined;
+        }>>;
+    }, "strict", z.ZodTypeAny, {
+        rotation?: {
+            max_bytes?: number | undefined;
+            max_age_days?: number | undefined;
+        } | undefined;
+    }, {
+        rotation?: {
+            max_bytes?: number | undefined;
+            max_age_days?: number | undefined;
+        } | undefined;
+    }>>;
 }, "strict", z.ZodTypeAny, {
     version: string;
     profile: string;
@@ -87,6 +109,12 @@ declare const PolicySchema: z.ZodObject<{
             flags?: string | undefined;
         }[] | undefined;
     } | undefined;
+    audit?: {
+        rotation?: {
+            max_bytes?: number | undefined;
+            max_age_days?: number | undefined;
+        } | undefined;
+    } | undefined;
 }, {
     version: string;
     profile: string;
@@ -114,6 +142,12 @@ declare const PolicySchema: z.ZodObject<{
             flags?: string | undefined;
         }[] | undefined;
     } | undefined;
+    audit?: {
+        rotation?: {
+            max_bytes?: number | undefined;
+            max_age_days?: number | undefined;
+        } | undefined;
+    } | undefined;
 }>;
 /**
  * Async policy loader with TTL cache and mtime-based invalidation.

package/dist/policy/loader.js

@@ -46,6 +46,24 @@ const RedactPolicySchema = z
     patterns: z.array(UserRedactPatternSchema).optional(),
 })
     .strict();
+/**
+ * G1: audit rotation thresholds. Both knobs optional; a policy that omits the
+ * `audit` block (or the `audit.rotation` sub-block) retains 0.2.x behavior
+ * with no rotation. Defaults are NOT baked into the schema — the rotator
+ * resolves them at consumption time so absence remains distinguishable from
+ * an explicit value.
+ */
+const AuditRotationPolicySchema = z
+    .object({
+    max_bytes: z.number().int().positive().optional(),
+    max_age_days: z.number().int().positive().optional(),
+})
+    .strict();
+const AuditPolicySchema = z
+    .object({
+    rotation: AuditRotationPolicySchema.optional(),
+})
+    .strict();
 const PolicySchema = z
     .object({
     version: z.string(),
@@ -62,6 +80,7 @@ const PolicySchema = z
     context_protection: ContextProtectionSchema.optional(),
     review: ReviewPolicySchema.optional(),
     redact: RedactPolicySchema.optional(),
+    audit: AuditPolicySchema.optional(),
 })
     .strict();
 const DEFAULT_CACHE_TTL_MS = 30_000;

package/dist/policy/types.d.ts

@@ -54,6 +54,29 @@ export interface RedactPolicy {
     match_timeout_ms?: number;
     patterns?: UserRedactPattern[];
 }
+/**
+ * Audit rotation knobs (G1). Both thresholds are optional; absence of the
+ * block leaves rotation inactive (back-compat with 0.2.x behavior).
+ *
+ * `max_bytes` — when `.rea/audit.jsonl` crosses this size the next append
+ * triggers a rotation (size-based). Typical operator setting: 50 MiB.
+ *
+ * `max_age_days` — when the current `audit.jsonl`'s oldest record is older
+ * than this many days, the next append triggers a rotation (age-based). Both
+ * triggers are evaluated independently; either crossing threshold rotates.
+ *
+ * Rotation renames the current file to `audit-YYYYMMDD-HHMMSS.jsonl` in the
+ * same directory and seeds a fresh `audit.jsonl` with a single rotation
+ * marker record whose `prev_hash` equals the SHA-256 of the last record in
+ * the rotated file — preserving hash-chain continuity across the boundary.
+ */
+export interface AuditRotationPolicy {
+    max_bytes?: number;
+    max_age_days?: number;
+}
+export interface AuditPolicy {
+    rotation?: AuditRotationPolicy;
+}
 export interface Policy {
     version: string;
     profile: string;
@@ -69,4 +92,5 @@ export interface Policy {
     context_protection?: ContextProtection;
     review?: ReviewPolicy;
     redact?: RedactPolicy;
+    audit?: AuditPolicy;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bookedsolid/rea",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Agentic governance layer for Claude Code — policy enforcement, hook-based safety gates, audit logging, and Codex-integrated adversarial review for AI-assisted projects",
   "license": "MIT",
   "author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",
@@ -70,19 +70,21 @@
     "@clack/prompts": "^1.2.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "commander": "^14.0.3",
+    "proper-lockfile": "^4.1.2",
+    "safe-regex": "^2.1.1",
     "yaml": "^2.7.0",
     "zod": "^3.23.0"
   },
   "devDependencies": {
     "@changesets/cli": "^2.30.0",
     "@types/node": "^25.5.2",
+    "@types/proper-lockfile": "^4.1.4",
     "@types/safe-regex": "^1.1.6",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "@typescript-eslint/parser": "^8.0.0",
     "@vitest/coverage-v8": "^3.2.4",
     "eslint": "^10.2.0",
     "prettier": "^3.8.1",
-    "safe-regex": "^2.1.1",
     "typescript": "^5.8.0",
     "vitest": "^3.1.0"
   },