@consensus-tools/universal 0.9.0 → 0.9.1

package/dist/reputation-manager.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reputation-manager.test.js","sourceRoot":"","sources":["../src/reputation-manager.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAI5D,SAAS,YAAY;IACnB,OAAO;QACL,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE;QAClE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE;QACtE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE;KACvE,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,SAAsC;IAC1D,OAAO;QACL,UAAU,EAAE,UAAU;QACtB,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5G,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5G,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;SAC/G;QACD,MAAM,EAAE,eAAe;QACvB,cAAc,EAAE,EAAE;QAClB,cAAc,EAAE,GAAG;QACnB,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE7B,4CAA4C;QAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC;YAClC,UAAU,EAAE,UAAU;YACtB,IAAI,EAAE,gBAAgB;SACvB,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE7B,kEAAkE;QAClE,wFAAwF;QACxF,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC;YAClC,UAAU,EAAE,UAAU;YACtB,IAAI,EAAE,gBAAgB;SACvB,CAAC,CAAC;QAEH,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;QAC5D,MAAM,CAAC,QAAS,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAE3C,8DAA8D;QAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;QAC5D,MAAM,CAAC,QAAS,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QACnD,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE7B,6DAA6D;QAC7D,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC;YAClC,UAAU,EAAE,UAAU;YACtB,IAAI,EAAE,WAAW;SAClB,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;QAC5D,MAAM,CAAC,QAAS,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC;YAClC,UAAU,EAAE,aAAa;YACzB,IAAI,EAAE,gBAAgB;SACvB,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,QAAQ,CAAC,CAAC,CAAE,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,0CAA0C;QAC1E,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAElD,MAAM,cAAc,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,GAAG,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAEtC,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;QAChC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7B,GAAG,CAAC,eAAe,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAExE,iEAAiE;QACjE,qCAAqC;QACrC,IAAI,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7E,gDAAgD;YAChD,MAAM,eAAe,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,4DAA4D;YAC5D,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;QAClD,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7B,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/risk-tiers.d.ts

@@ -0,0 +1,10 @@
+import type { RiskTier, RiskTierMap } from "./types.js";
+/**
+ * Classify a tool name into a risk tier.
+ *
+ * Priority: user overrides > high-risk patterns > low-risk patterns > default high.
+ * High-risk checked FIRST to prevent bypass via naming (e.g., "get_and_delete_user").
+ * Unknown tools default to high-risk (safe by default).
+ */
+export declare function classifyTool(toolName: string, overrides?: RiskTierMap): RiskTier;
+//# sourceMappingURL=risk-tiers.d.ts.map

package/dist/risk-tiers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-tiers.d.ts","sourceRoot":"","sources":["../src/risk-tiers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AA2BxD;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,WAAW,GAAG,QAAQ,CAgBhF"}

package/dist/risk-tiers.js

@@ -0,0 +1,46 @@
+// ── Default Risk Classification ──────────────────────────────────────
+// Tools are classified by name prefix/pattern. Write/send/delete/mutate
+// operations get full LLM deliberation. Read-only operations fast-path
+// through regex only.
+//
+// Users override via config.riskTiers: { "my_tool": "low" }
+const HIGH_RISK_PATTERNS = [
+    /^(send|email|mail)/i,
+    /^(delete|remove|drop|destroy)/i,
+    /^(write|update|patch|put|post|create|insert)/i,
+    /^(deploy|release|publish|push)/i,
+    /^(merge|commit|approve)/i,
+    /^(grant|revoke|escalate|permission)/i,
+    /^(execute|run|eval|exec)/i,
+    /^(transfer|pay|charge|refund)/i,
+];
+const LOW_RISK_PATTERNS = [
+    /^(get|fetch|read|list|search|query|find|lookup)/i,
+    /^(check|verify|validate|inspect|describe)/i,
+    /^(count|sum|aggregate|stats)/i,
+    /^(view|show|display|render|preview)/i,
+];
+/**
+ * Classify a tool name into a risk tier.
+ *
+ * Priority: user overrides > high-risk patterns > low-risk patterns > default high.
+ * High-risk checked FIRST to prevent bypass via naming (e.g., "get_and_delete_user").
+ * Unknown tools default to high-risk (safe by default).
+ */
+export function classifyTool(toolName, overrides) {
+    if (overrides?.[toolName]) {
+        return overrides[toolName];
+    }
+    // Check high-risk FIRST to prevent bypass via compound names
+    for (const pattern of HIGH_RISK_PATTERNS) {
+        if (pattern.test(toolName))
+            return "high";
+    }
+    for (const pattern of LOW_RISK_PATTERNS) {
+        if (pattern.test(toolName))
+            return "low";
+    }
+    // Unknown tools default to high-risk (safe by default)
+    return "high";
+}
+//# sourceMappingURL=risk-tiers.js.map

package/dist/risk-tiers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-tiers.js","sourceRoot":"","sources":["../src/risk-tiers.ts"],"names":[],"mappings":"AAEA,wEAAwE;AACxE,wEAAwE;AACxE,uEAAuE;AACvE,sBAAsB;AACtB,EAAE;AACF,4DAA4D;AAE5D,MAAM,kBAAkB,GAAG;IACzB,qBAAqB;IACrB,gCAAgC;IAChC,+CAA+C;IAC/C,iCAAiC;IACjC,0BAA0B;IAC1B,sCAAsC;IACtC,2BAA2B;IAC3B,gCAAgC;CACjC,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,kDAAkD;IAClD,4CAA4C;IAC5C,+BAA+B;IAC/B,sCAAsC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,SAAuB;IACpE,IAAI,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IAED,6DAA6D;IAC7D,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,MAAM,CAAC;IAC5C,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAC;IAC3C,CAAC;IAED,uDAAuD;IACvD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/risk-tiers.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=risk-tiers.test.d.ts.map

package/dist/risk-tiers.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-tiers.test.d.ts","sourceRoot":"","sources":["../src/risk-tiers.test.ts"],"names":[],"mappings":""}

package/dist/risk-tiers.test.js

@@ -0,0 +1,40 @@
+import { describe, it, expect } from "vitest";
+import { classifyTool } from "./risk-tiers.js";
+describe("classifyTool", () => {
+    it("classifies read-only tools as low risk", () => {
+        expect(classifyTool("get_weather")).toBe("low");
+        expect(classifyTool("list_files")).toBe("low");
+        expect(classifyTool("search_documents")).toBe("low");
+        expect(classifyTool("fetch_user")).toBe("low");
+        expect(classifyTool("read_config")).toBe("low");
+        expect(classifyTool("query_database")).toBe("low");
+        expect(classifyTool("check_status")).toBe("low");
+        expect(classifyTool("view_dashboard")).toBe("low");
+    });
+    it("classifies write/send/delete tools as high risk", () => {
+        expect(classifyTool("send_email")).toBe("high");
+        expect(classifyTool("delete_user")).toBe("high");
+        expect(classifyTool("write_file")).toBe("high");
+        expect(classifyTool("deploy_service")).toBe("high");
+        expect(classifyTool("merge_branch")).toBe("high");
+        expect(classifyTool("grant_permission")).toBe("high");
+        expect(classifyTool("execute_command")).toBe("high");
+        expect(classifyTool("transfer_funds")).toBe("high");
+    });
+    it("defaults unknown tools to high risk", () => {
+        expect(classifyTool("some_unknown_tool")).toBe("high");
+        expect(classifyTool("foobar")).toBe("high");
+    });
+    it("respects user overrides", () => {
+        expect(classifyTool("send_email", { send_email: "low" })).toBe("low");
+        expect(classifyTool("get_weather", { get_weather: "high" })).toBe("high");
+    });
+    it("prevents bypass via compound names (high-risk checked first)", () => {
+        // These start with read-like prefixes but contain destructive operations
+        expect(classifyTool("execute_and_log")).toBe("high");
+        expect(classifyTool("run_cleanup")).toBe("high");
+        expect(classifyTool("delete_then_verify")).toBe("high");
+        expect(classifyTool("send_and_check")).toBe("high");
+    });
+});
+//# sourceMappingURL=risk-tiers.test.js.map

package/dist/risk-tiers.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-tiers.test.js","sourceRoot":"","sources":["../src/risk-tiers.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrD,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,YAAY,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtE,MAAM,CAAC,YAAY,CAAC,aAAa,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,yEAAyE;QACzE,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/types.d.ts

@@ -1,5 +1,6 @@
 import type { IStorage } from "@consensus-tools/storage";
 import type { DecisionResult } from "@consensus-tools/wrapper";
+import type { PersonaConfig } from "@consensus-tools/personas";
 export type ToolExecutor = (toolName: string, args: Record<string, unknown>) => Promise<unknown>;
 export type Wrappable = ToolExecutor | {
     execute: ToolExecutor;
@@ -9,27 +10,79 @@ export type Wrappable = ToolExecutor | {
     call: ToolExecutor;
 };
 export type FailPolicy = "closed" | "open";
+export type ExecutionMode = "enforce" | "shadow";
+export interface ModelMessage {
+    role: "system" | "user";
+    content: string;
+}
+export type ModelAdapter = (messages: ModelMessage[]) => Promise<string>;
+export type RiskTier = "low" | "high";
+export type RiskTierMap = Record<string, RiskTier>;
+export interface FeedbackSignal {
+    /** The decision ID this feedback relates to. */
+    decisionId: string;
+    /** "override_block" = human unblocked a blocked call. "flag_miss" = human flagged a missed risk. */
+    type: "override_block" | "flag_miss";
+}
 export interface LogEvent {
     event: string;
     data: Record<string, unknown>;
     timestamp: number;
 }
+export interface LlmDecisionResult {
+    /** Unique decision ID for feedback reference. */
+    decisionId: string;
+    /** Final action: allow, block, or escalate. */
+    action: "allow" | "block" | "escalate";
+    /** Per-persona vote breakdown. */
+    votes: Array<{
+        personaId: string;
+        personaName: string;
+        vote: "YES" | "NO" | "REWRITE";
+        confidence: number;
+        rationale: string;
+        source: "llm" | "regex_fallback";
+    }>;
+    /** Policy used for resolution. */
+    policy: string;
+    /** Consensus trace from resolveConsensus. */
+    consensusTrace: Record<string, unknown>;
+    /** Aggregate score (0-1). */
+    aggregateScore: number;
+}
 export interface UniversalConfig {
-    /** Consensus policy name (maps to wrapper strategy via policyToStrategy). */
+    /** Consensus policy name. For regex mode: 'majority', 'supermajority', 'unanimous', 'threshold:X'.
+     *  For LLM mode: also supports all 9 core policies (WEIGHTED_REPUTATION, MAJORITY_VOTE, etc.). */
     policy?: string;
-    /** Guard domain names to use as reviewers. */
+    /** Guard domain names to use as reviewers (regex mode). */
     guards?: string[];
-    /** Persona pack name (reserved for future use). */
-    personas?: string;
     /** Behavior on error: 'closed' blocks, 'open' allows. Default: 'closed'. */
     failPolicy?: FailPolicy;
     /** Storage backend: 'memory' for in-memory, or an IStorage instance. Default: 'memory'. */
     storage?: "memory" | IStorage;
     /** Logging: true for console.debug, false to disable, or a custom function. Default: true. */
     logger?: boolean | ((event: LogEvent) => void);
-    /** Called after every consensus decision. */
-    onDecision?: (decision: DecisionResult<unknown>) => void | Promise<void>;
+    /** Called after every consensus decision (both regex and LLM modes). */
+    onDecision?: (decision: DecisionResult<unknown> | LlmDecisionResult) => void | Promise<void>;
     /** Called when an error occurs during deliberation. */
     onError?: (err: Error, action: unknown) => void;
+    /** LLM model adapter. When provided, enables LLM persona mode. */
+    model?: ModelAdapter;
+    /** Persona pack name. Default: 'default' (security, compliance, operations). */
+    pack?: string;
+    /** Custom personas (overrides pack). */
+    personas?: PersonaConfig[];
+    /** Execution mode: 'enforce' blocks on consensus rejection, 'shadow' logs but never blocks. Default: 'enforce'. */
+    mode?: ExecutionMode;
+    /** Tool risk tier overrides. Keys are tool names, values are 'low' or 'high'. */
+    riskTiers?: RiskTierMap;
+    /** Human feedback callback for reputation ground truth. */
+    onFeedback?: (signal: FeedbackSignal) => void;
+    /** Storage for persisting reputation across restarts. Default: in-memory (lost on restart). */
+    reputationStore?: IStorage;
+    /** Reputation threshold below which persona respawn triggers. Default: 0.15. */
+    respawnThreshold?: number;
+    /** Per-persona LLM call timeout in milliseconds. Default: 3000. */
+    personaTimeout?: number;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAM/D,MAAM,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEjG,MAAM,MAAM,SAAS,GACjB,YAAY,GACZ;IAAE,OAAO,EAAE,YAAY,CAAA;CAAE,GACzB;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,GACxB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,CAAC;AAI3B,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,MAAM,CAAC;AAI3C,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,2FAA2F;IAC3F,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC9B,8FAA8F;IAC9F,MAAM,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC,CAAC;IAC/C,6CAA6C;IAC7C,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE,uDAAuD;IACvD,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;CACjD"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAM/D,MAAM,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEjG,MAAM,MAAM,SAAS,GACjB,YAAY,GACZ;IAAE,OAAO,EAAE,YAAY,CAAA;CAAE,GACzB;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,GACxB;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,CAAC;AAI3B,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,MAAM,CAAC;AAI3C,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,QAAQ,CAAC;AASjD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,QAAQ,GAAG,MAAM,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAIzE,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEtC,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAKnD,MAAM,WAAW,cAAc;IAC7B,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,oGAAoG;IACpG,IAAI,EAAE,gBAAgB,GAAG,WAAW,CAAC;CACtC;AAID,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,iBAAiB;IAChC,iDAAiD;IACjD,UAAU,EAAE,MAAM,CAAC;IACnB,+CAA+C;IAC/C,MAAM,EAAE,OAAO,GAAG,OAAO,GAAG,UAAU,CAAC;IACvC,kCAAkC;IAClC,KAAK,EAAE,KAAK,CAAC;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,KAAK,GAAG,IAAI,GAAG,SAAS,CAAC;QAC/B,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,KAAK,GAAG,gBAAgB,CAAC;KAClC,CAAC,CAAC;IACH,kCAAkC;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,6BAA6B;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,eAAe;IAC9B;sGACkG;IAClG,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,2FAA2F;IAC3F,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC9B,8FAA8F;IAC9F,MAAM,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,CAAC,CAAC;IAC/C,wEAAwE;IACxE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,CAAC,GAAG,iBAAiB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7F,uDAAuD;IACvD,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;IAIhD,kEAAkE;IAClE,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,gFAAgF;IAChF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,QAAQ,CAAC,EAAE,aAAa,EAAE,CAAC;IAC3B,mHAAmH;IACnH,IAAI,CAAC,EAAE,aAAa,CAAC;IACrB,iFAAiF;IACjF,SAAS,CAAC,EAAE,WAAW,CAAC;IACxB,2DAA2D;IAC3D,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,IAAI,CAAC;IAC9C,+FAA+F;IAC/F,eAAe,CAAC,EAAE,QAAQ,CAAC;IAC3B,gFAAgF;IAChF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,mEAAmE;IACnE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@consensus-tools/universal",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Universal facade — wrap any tool executor with consensus governance in one line",
   "type": "module",
   "main": "./dist/index.js",
@@ -12,17 +12,17 @@
     }
   },
   "dependencies": {
-    "@consensus-tools/core": "0.9.0",
-    "@consensus-tools/storage": "0.9.0",
-    "@consensus-tools/policies": "0.9.0",
-    "@consensus-tools/guards": "0.9.0",
-    "@consensus-tools/wrapper": "0.9.0",
-    "@consensus-tools/personas": "0.9.0",
-    "@consensus-tools/schemas": "0.9.0"
+    "@consensus-tools/core": "0.9.1",
+    "@consensus-tools/guards": "0.9.1",
+    "@consensus-tools/personas": "0.9.1",
+    "@consensus-tools/policies": "0.9.1",
+    "@consensus-tools/wrapper": "0.9.1",
+    "@consensus-tools/schemas": "0.9.1",
+    "@consensus-tools/storage": "0.9.1"
   },
   "peerDependencies": {
-    "@consensus-tools/mcp": "0.8.0",
     "@consensus-tools/langchain": "0.8.0",
+    "@consensus-tools/mcp": "0.8.0",
     "@consensus-tools/ai-sdk": "0.8.0"
   },
   "peerDependenciesMeta": {

package/src/consensus-llm.test.ts

@@ -154,14 +154,33 @@ describe("consensus.wrap with LLM persona mode", () => {
   });
 
   describe("per-persona timeout", () => {
-    it("falls back to regex for timed-out personas", async () => {
+    it("falls back to regex for timed-out personas and blocks (fail-closed)", async () => {
+      const onDecision = vi.fn();
+      const executor = createMockExecutor();
+      const safe = consensus.wrap(executor, {
+        model: createSlowModel(5000),
+        personaTimeout: 100,
+        onDecision,
+        logger: false,
+      });
+      // LLM times out, regex fallback votes NO (fail-closed), tool is blocked
+      await expect(safe("send_email", { to: "user@test.com" })).rejects.toThrow(ConsensusBlockedError);
+      expect(executor).not.toHaveBeenCalled();
+      // onDecision should still fire with regex_fallback votes
+      expect(onDecision).toHaveBeenCalled();
+      const decision = onDecision.mock.calls[0]![0] as LlmDecisionResult;
+      expect(decision.votes.every((v) => v.source === "regex_fallback")).toBe(true);
+    });
+
+    it("allows with failPolicy open when LLM times out", async () => {
       const executor = createMockExecutor();
       const safe = consensus.wrap(executor, {
-        model: createSlowModel(5000), // 5 second delay, will exceed default 3s timeout
-        personaTimeout: 100, // 100ms timeout for fast test
+        model: createSlowModel(5000),
+        personaTimeout: 100,
+        failPolicy: "open",
         logger: false,
       });
-      // Should not hang, should fall back to regex
+      // failPolicy open: even if regex fallback blocks, tool executes
       const result = await safe("send_email", { to: "user@test.com" });
       expect(result).toBeDefined();
     });

package/src/defaults.ts

@@ -69,7 +69,11 @@ export function resolvePolicyType(policy: string): string {
   // threshold:X -> APPROVAL_VOTE with custom config
   if (policy.startsWith("threshold:")) return "APPROVAL_VOTE";
 
-  // Default to MAJORITY_VOTE
+  // Unknown policy — warn and fall back
+  console.warn( // eslint-disable-line no-console
+    `[consensus] Unknown LLM policy "${policy}", falling back to MAJORITY_VOTE. ` +
+    `Valid: ${[...CORE_POLICY_TYPES].join(", ")} or friendly names: ${Object.keys(FRIENDLY_TO_CORE).join(", ")}`,
+  );
   return "MAJORITY_VOTE";
 }
 
@@ -107,10 +111,12 @@ export function policyToStrategy(policy: string): StrategyConfig {
         return { strategy: "threshold", threshold: value };
       }
 
-      // In LLM mode, core policy names are valid. In regex mode, they're not.
-      // Let the caller decide — we just throw for truly unknown strings.
+      // LLM-mode policy used without a model — warn loudly, this is a config mistake
       if (CORE_POLICY_TYPES.has(policy) || FRIENDLY_TO_CORE[policy]) {
-        // Valid LLM-mode policy used in regex mode — fall back to majority
+        console.warn( // eslint-disable-line no-console
+          `[consensus] Policy "${policy}" requires LLM mode (provide a model). ` +
+          `Falling back to majority in regex mode. This may not match your intended security posture.`,
+        );
         return { strategy: "majority" };
       }
 

package/src/index.ts

@@ -1,3 +1,4 @@
+import crypto from "node:crypto";
 import { consensus as wrapWithConsensus } from "@consensus-tools/wrapper";
 import type { DecisionResult, ReviewerFn, LifecycleHooks } from "@consensus-tools/wrapper";
 import { createGuardTemplate, GUARD_CONFIGS } from "@consensus-tools/guards";
@@ -53,10 +54,12 @@ function resolveStorage(storage: "memory" | IStorage): IStorage {
 
 function createStorageHooks(store: IStorage): LifecycleHooks {
   return {
+    // afterResolve fires for ALL outcomes (allow, block, escalate).
+    // No separate onBlock hook needed (was duplicating audit entries).
     async afterResolve(result: DecisionResult) {
       await store.update((state) => {
         state.audit.push({
-          id: `audit-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+          id: `audit-${crypto.randomUUID()}`,
           at: new Date().toISOString(),
           action: result.action,
           aggregateScore: result.aggregateScore,
@@ -65,18 +68,6 @@ function createStorageHooks(store: IStorage): LifecycleHooks {
         } as any);
       });
     },
-    async onBlock(result: DecisionResult) {
-      await store.update((state) => {
-        state.audit.push({
-          id: `audit-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
-          at: new Date().toISOString(),
-          action: "block",
-          aggregateScore: result.aggregateScore,
-          attempt: result.attempt,
-          scoresCount: result.scores.length,
-        } as any);
-      });
-    },
   };
 }
 
@@ -136,9 +127,11 @@ function createLlmExecutor(
     }
   });
 
-  // Load persisted reputation if store is configured
+  // Load persisted reputation if store is configured.
+  // Track readiness so early calls don't race against the load.
+  let reputationReady: Promise<void> | undefined;
   if (config.reputationStore) {
-    reputationManager.load().catch((err) => {
+    reputationReady = reputationManager.load().catch((err) => {
       if (config.logger !== false) {
         console.warn("[consensus] Failed to load persisted reputation, starting with defaults:", err); // eslint-disable-line no-console
       }
@@ -158,15 +151,26 @@ function createLlmExecutor(
   };
 
   return async (toolName: string, args: Record<string, unknown>): Promise<unknown> => {
+    // Wait for reputation load before first deliberation
+    if (reputationReady) {
+      await reputationReady;
+      reputationReady = undefined;
+    }
+
     try {
       const decision: LlmDecisionResult = await deliberate(deliberateConfig, toolName, args);
 
-      // Fire onDecision callback
+      // Fire onDecision callback (wrapped in try/catch so user callback errors
+      // don't affect governance decisions)
       if (config.onDecision) {
-        await config.onDecision(decision);
+        try {
+          await config.onDecision(decision);
+        } catch (callbackErr) {
+          config.onError?.(callbackErr instanceof Error ? callbackErr : new Error(String(callbackErr)), { toolName, args, phase: "onDecision" });
+        }
       }
 
-      // Shadow mode: always allow, just log
+      // Shadow mode: always allow, just log. Never blocks, even if callback threw.
       if (mode === "shadow") {
         return fn(toolName, args);
       }