@dcyfr/ai 1.0.3 → 2.1.0

package/dist/ai/delegation/middleware/permissions-middleware.d.ts

@@ -0,0 +1,48 @@
+/**
+ * DCYFR Permissions Middleware
+ * TLP:CLEAR
+ *
+ * SecurityMiddleware that validates permission token attenuation — child tokens
+ * must be strict subsets of their parent tokens.  Wraps PermissionAttenuationEngine.
+ *
+ * @module delegation/middleware/permissions-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+import type { SecurityMiddleware, SecurityContext, SecurityVerdict, SecurityOperationType } from '../../types/security-middleware.js';
+/** Simplified token shape used in DelegationContract.permission_tokens */
+export interface SimplifiedPermissionToken {
+    token_id: string;
+    scopes: string[];
+    delegatable?: boolean;
+    max_delegation_depth?: number;
+}
+/**
+ * PermissionsMiddleware — validates permission attenuation in delegation chains.
+ *
+ * For each permission token in the child contract that matches a parent token by
+ * `token_id`, the middleware calls `PermissionAttenuationEngine.validateAttenuation()`
+ * to ensure scopes have not been escalated.
+ *
+ * Construction requires a callback that resolves the parent contract's tokens
+ * given the parent contract ID.  If no parent exists (root delegation), or the
+ * callback returns null/empty, validation is skipped and the verdict is `allow`.
+ */
+export declare class PermissionsMiddleware implements SecurityMiddleware {
+    readonly name = "permissions";
+    /** Feature flag that must be `true` for this middleware to run */
+    readonly featureFlag = "security_monitoring";
+    readonly appliesTo: SecurityOperationType[];
+    private readonly engine;
+    private readonly fetchParentTokens;
+    constructor(fetchParentTokens: (parentContractId: string) => SimplifiedPermissionToken[] | null);
+    evaluate(context: SecurityContext): Promise<SecurityVerdict>;
+    /**
+     * Build a minimal PermissionToken from a SimplifiedPermissionToken so that
+     * PermissionAttenuationEngine.validateAttenuation() can be called.
+     *
+     * Fields not present in the simplified form are given safe defaults.
+     */
+    private buildMinimalPermissionToken;
+}
+//# sourceMappingURL=permissions-middleware.d.ts.map

package/dist/ai/delegation/middleware/permissions-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions-middleware.d.ts","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/permissions-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EACV,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,qBAAqB,EACtB,MAAM,oCAAoC,CAAC;AAE5C,0EAA0E;AAC1E,MAAM,WAAW,yBAAyB;IACxC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;GAUG;AACH,qBAAa,qBAAsB,YAAW,kBAAkB;IAC9D,QAAQ,CAAC,IAAI,iBAAiB;IAC9B,kEAAkE;IAClE,QAAQ,CAAC,WAAW,yBAAyB;IAC7C,QAAQ,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAc;IAEzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA8B;IACrD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAEM;gBAGtC,iBAAiB,EAAE,CACjB,gBAAgB,EAAE,MAAM,KACrB,yBAAyB,EAAE,GAAG,IAAI;IAMnC,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IA6DlE;;;;;OAKG;IACH,OAAO,CAAC,2BAA2B;CAuBpC"}

package/dist/ai/delegation/middleware/permissions-middleware.js

@@ -0,0 +1,107 @@
+/**
+ * DCYFR Permissions Middleware
+ * TLP:CLEAR
+ *
+ * SecurityMiddleware that validates permission token attenuation — child tokens
+ * must be strict subsets of their parent tokens.  Wraps PermissionAttenuationEngine.
+ *
+ * @module delegation/middleware/permissions-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+import { PermissionAttenuationEngine } from '../../permissions/attenuation-engine.js';
+/**
+ * PermissionsMiddleware — validates permission attenuation in delegation chains.
+ *
+ * For each permission token in the child contract that matches a parent token by
+ * `token_id`, the middleware calls `PermissionAttenuationEngine.validateAttenuation()`
+ * to ensure scopes have not been escalated.
+ *
+ * Construction requires a callback that resolves the parent contract's tokens
+ * given the parent contract ID.  If no parent exists (root delegation), or the
+ * callback returns null/empty, validation is skipped and the verdict is `allow`.
+ */
+export class PermissionsMiddleware {
+    name = 'permissions';
+    /** Feature flag that must be `true` for this middleware to run */
+    featureFlag = 'security_monitoring';
+    appliesTo = ['create'];
+    engine;
+    fetchParentTokens;
+    constructor(fetchParentTokens) {
+        this.engine = new PermissionAttenuationEngine();
+        this.fetchParentTokens = fetchParentTokens;
+    }
+    async evaluate(context) {
+        const childTokens = context.contract.permission_tokens;
+        const parentContractId = context.contract.parent_contract_id;
+        // Skip validation when there are no child tokens or this is a root delegation
+        if (!childTokens?.length || !parentContractId) {
+            return { action: 'allow' };
+        }
+        const parentTokens = this.fetchParentTokens(parentContractId);
+        if (!parentTokens?.length) {
+            return { action: 'allow' };
+        }
+        const errors = [];
+        for (const childToken of childTokens) {
+            // Find the corresponding parent token by ID
+            const parentSimplified = parentTokens.find((p) => p.token_id === childToken.token_id);
+            if (!parentSimplified) {
+                // No matching parent token — child token has no basis; treat as escalation
+                errors.push(`No parent token found for token_id '${childToken.token_id}' in parent contract '${parentContractId}'`);
+                continue;
+            }
+            // Build a minimal PermissionToken from the simplified parent token
+            const parentToken = this.buildMinimalPermissionToken(parentSimplified);
+            // Build the AttenuatePermissionRequest from the child token
+            const result = this.engine.validateAttenuation(parentToken, {
+                parent_token_id: parentSimplified.token_id,
+                new_holder: context.contract.delegatee?.agent_id ?? 'unknown',
+                scopes: childToken.scopes,
+                // actions, resources omitted — only scope attenuation is enforced here
+            });
+            if (!result.valid) {
+                errors.push(`Permission escalation on token '${childToken.token_id}': ${result.errors.join('; ')}`);
+            }
+        }
+        if (errors.length > 0) {
+            return {
+                action: 'block',
+                reason: errors.join(' | '),
+                threat_type: 'permission_escalation',
+                severity: 'critical',
+                evidence: { errors },
+            };
+        }
+        return { action: 'allow' };
+    }
+    /**
+     * Build a minimal PermissionToken from a SimplifiedPermissionToken so that
+     * PermissionAttenuationEngine.validateAttenuation() can be called.
+     *
+     * Fields not present in the simplified form are given safe defaults.
+     */
+    buildMinimalPermissionToken(simplified) {
+        return {
+            token_id: simplified.token_id,
+            version: '1.0.0',
+            status: 'active',
+            holder: 'parent-holder',
+            issuer: 'parent-issuer',
+            scopes: simplified.scopes,
+            actions: ['read', 'write', 'execute', 'delete', 'create', 'manage', 'delegate'],
+            resource_types: ['workspace'],
+            delegatable: simplified.delegatable ?? true,
+            max_delegation_depth: simplified.max_delegation_depth ?? 5,
+            delegation_depth: 0,
+            grant: {
+                granted_by: 'parent-issuer',
+                granted_at: new Date().toISOString(),
+                reason: 'inherited',
+            },
+            created_at: new Date().toISOString(),
+        };
+    }
+}
+//# sourceMappingURL=permissions-middleware.js.map

package/dist/ai/delegation/middleware/permissions-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions-middleware.js","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/permissions-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,yCAAyC,CAAC;AAiBtF;;;;;;;;;;GAUG;AACH,MAAM,OAAO,qBAAqB;IACvB,IAAI,GAAG,aAAa,CAAC;IAC9B,kEAAkE;IACzD,WAAW,GAAG,qBAAqB,CAAC;IACpC,SAAS,GAA4B,CAAC,QAAQ,CAAC,CAAC;IAExC,MAAM,CAA8B;IACpC,iBAAiB,CAEM;IAExC,YACE,iBAEuC;QAEvC,IAAI,CAAC,MAAM,GAAG,IAAI,2BAA2B,EAAE,CAAC;QAChD,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAwB;QACrC,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QACvD,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;QAE7D,8EAA8E;QAC9E,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC9C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;QAC9D,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YAC1B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,4CAA4C;YAC5C,MAAM,gBAAgB,GAAG,YAAY,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAC1C,CAAC;YAEF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,2EAA2E;gBAC3E,MAAM,CAAC,IAAI,CACT,uCAAuC,UAAU,CAAC,QAAQ,yBAAyB,gBAAgB,GAAG,CACvG,CAAC;gBACF,SAAS;YACX,CAAC;YAED,mEAAmE;YACnE,MAAM,WAAW,GAAG,IAAI,CAAC,2BAA2B,CAAC,gBAAgB,CAAC,CAAC;YAEvE,4DAA4D;YAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,WAAW,EAAE;gBAC1D,eAAe,EAAE,gBAAgB,CAAC,QAAQ;gBAC1C,UAAU,EAAE,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,IAAI,SAAS;gBAC7D,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,uEAAuE;aACxE,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,CACT,mCAAmC,UAAU,CAAC,QAAQ,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC1B,WAAW,EAAE,uBAAuB;gBACpC,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,EAAE,MAAM,EAAE;aACrB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;OAKG;IACK,2BAA2B,CACjC,UAAqC;QAErC,OAAO;YACL,QAAQ,EAAE,UAAU,CAAC,QAAQ;YAC7B,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE,eAAe;YACvB,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC;YAC/E,cAAc,EAAE,CAAC,WAAW,CAAC;YAC7B,WAAW,EAAE,UAAU,CAAC,WAAW,IAAI,IAAI;YAC3C,oBAAoB,EAAE,UAAU,CAAC,oBAAoB,IAAI,CAAC;YAC1D,gBAAgB,EAAE,CAAC;YACnB,KAAK,EAAE;gBACL,UAAU,EAAE,eAAe;gBAC3B,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACpC,MAAM,EAAE,WAAW;aACpB;YACD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;IACJ,CAAC;CACF"}

package/dist/ai/delegation/middleware/rate-limiter-middleware.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Rate Limiter Middleware — per-agent sliding window
+ * TLP:AMBER - Internal Use Only
+ *
+ * Limits how many delegation operations an agent can initiate per hour.
+ * Uses a simple in-memory sliding-window algorithm.
+ *
+ * Default limit: 50 contract-creates per agent per hour.
+ *
+ * @module delegation/middleware/rate-limiter-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+import type { SecurityMiddleware, SecurityContext, SecurityVerdict, SecurityOperationType } from '../../types/security-middleware.js';
+export interface RateLimiterOptions {
+    /** Max operations per window. Default: 50 */
+    maxOps?: number;
+    /** Window size in ms. Default: 3_600_000 (1 hour) */
+    windowMs?: number;
+    /** Operations to rate-limit. Default: ['create'] */
+    appliesTo?: SecurityOperationType[];
+}
+export declare class RateLimiterMiddleware implements SecurityMiddleware {
+    readonly name = "rate-limiter";
+    readonly featureFlag = "security_monitoring";
+    readonly appliesTo: SecurityOperationType[];
+    private readonly maxOps;
+    private readonly windowMs;
+    /** agent_id → sorted array of operation timestamps */
+    private readonly windows;
+    constructor(options?: RateLimiterOptions);
+    evaluate(context: SecurityContext): Promise<SecurityVerdict>;
+    /** Exposed for testing and instrumentation */
+    getWindowCount(agentId: string, nowMs?: number): number;
+    /** Reset counter for an agent (e.g. after ban lifted) */
+    reset(agentId: string): void;
+}
+//# sourceMappingURL=rate-limiter-middleware.d.ts.map

package/dist/ai/delegation/middleware/rate-limiter-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter-middleware.d.ts","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/rate-limiter-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,eAAe,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAEtI,MAAM,WAAW,kBAAkB;IACjC,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oDAAoD;IACpD,SAAS,CAAC,EAAE,qBAAqB,EAAE,CAAC;CACrC;AAED,qBAAa,qBAAsB,YAAW,kBAAkB;IAC9D,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,WAAW,yBAAyB;IAC7C,QAAQ,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAC;IAE5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAElC,sDAAsD;IACtD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA+B;gBAE3C,OAAO,GAAE,kBAAuB;IAMtC,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IAiClE,8CAA8C;IAC9C,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,SAAa,GAAG,MAAM;IAK3D,yDAAyD;IACzD,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAG7B"}

package/dist/ai/delegation/middleware/rate-limiter-middleware.js

@@ -0,0 +1,65 @@
+/**
+ * Rate Limiter Middleware — per-agent sliding window
+ * TLP:AMBER - Internal Use Only
+ *
+ * Limits how many delegation operations an agent can initiate per hour.
+ * Uses a simple in-memory sliding-window algorithm.
+ *
+ * Default limit: 50 contract-creates per agent per hour.
+ *
+ * @module delegation/middleware/rate-limiter-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+export class RateLimiterMiddleware {
+    name = 'rate-limiter';
+    featureFlag = 'security_monitoring';
+    appliesTo;
+    maxOps;
+    windowMs;
+    /** agent_id → sorted array of operation timestamps */
+    windows = new Map();
+    constructor(options = {}) {
+        this.maxOps = options.maxOps ?? 50;
+        this.windowMs = options.windowMs ?? 3_600_000;
+        this.appliesTo = options.appliesTo ?? ['create'];
+    }
+    async evaluate(context) {
+        const agentId = context.delegator_auth?.agent_id ?? context.contract.delegator?.agent_id;
+        if (!agentId)
+            return { action: 'allow' };
+        const now = context.timestamp_ms ?? Date.now();
+        const cutoff = now - this.windowMs;
+        // Prune old timestamps
+        const ts = this.windows.get(agentId) ?? [];
+        const fresh = ts.filter(t => t > cutoff);
+        if (fresh.length >= this.maxOps) {
+            return {
+                action: 'block',
+                reason: `Agent '${agentId}' has exceeded the rate limit of ${this.maxOps} operations per ${this.windowMs / 1000}s.`,
+                threat_type: 'rate_limit_exceeded',
+                severity: 'high',
+                evidence: {
+                    agent_id: agentId,
+                    operations_in_window: fresh.length,
+                    limit: this.maxOps,
+                    window_ms: this.windowMs,
+                },
+            };
+        }
+        // Record this operation
+        fresh.push(now);
+        this.windows.set(agentId, fresh);
+        return { action: 'allow' };
+    }
+    /** Exposed for testing and instrumentation */
+    getWindowCount(agentId, nowMs = Date.now()) {
+        const cutoff = nowMs - this.windowMs;
+        return (this.windows.get(agentId) ?? []).filter(t => t > cutoff).length;
+    }
+    /** Reset counter for an agent (e.g. after ban lifted) */
+    reset(agentId) {
+        this.windows.delete(agentId);
+    }
+}
+//# sourceMappingURL=rate-limiter-middleware.js.map

package/dist/ai/delegation/middleware/rate-limiter-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter-middleware.js","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/rate-limiter-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAaH,MAAM,OAAO,qBAAqB;IACvB,IAAI,GAAG,cAAc,CAAC;IACtB,WAAW,GAAG,qBAAqB,CAAC;IACpC,SAAS,CAA0B;IAE3B,MAAM,CAAS;IACf,QAAQ,CAAS;IAElC,sDAAsD;IACrC,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IAEvD,YAAY,UAA8B,EAAE;QAC1C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,CAAC;QAC9C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAwB;QACrC,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,EAAE,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC;QACzF,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAEzC,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEnC,uBAAuB;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC;QAEzC,IAAI,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,UAAU,OAAO,oCAAoC,IAAI,CAAC,MAAM,mBAAmB,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI;gBACnH,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE;oBACR,QAAQ,EAAE,OAAO;oBACjB,oBAAoB,EAAE,KAAK,CAAC,MAAM;oBAClC,KAAK,EAAE,IAAI,CAAC,MAAM;oBAClB,SAAS,EAAE,IAAI,CAAC,QAAQ;iBACzB;aACF,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAEjC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;IAED,8CAA8C;IAC9C,cAAc,CAAC,OAAe,EAAE,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE;QAChD,MAAM,MAAM,GAAG,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,MAAM,CAAC;IAC1E,CAAC;IAED,yDAAyD;IACzD,KAAK,CAAC,OAAe;QACnB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;CACF"}

package/dist/ai/delegation/middleware/reputation-middleware.d.ts

@@ -0,0 +1,39 @@
+/**
+ * DCYFR Reputation Middleware
+ * TLP:CLEAR
+ *
+ * SecurityMiddleware that consults the ReputationEngine to block low-reputation
+ * agents from handling TLP:AMBER+ tasks.  Agents with a reliability_score below
+ * the configured threshold (default 0.5) are rejected for sensitive tasks.
+ *
+ * @module delegation/middleware/reputation-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+import type { ReputationEngine } from '../../reputation/reputation-engine.js';
+import type { SecurityMiddleware, SecurityContext, SecurityVerdict, SecurityOperationType } from '../../types/security-middleware.js';
+export interface ReputationMiddlewareConfig {
+    /** Minimum reliability_score required for TLP:AMBER+ tasks. Default: 0.5 */
+    minScoreForSensitiveTasks?: number;
+    /** Whether to block or warn on reputation check failure. Default: 'block' */
+    failureAction?: 'block' | 'warn';
+}
+/**
+ * ReputationMiddleware — guards TLP:AMBER+ tasks against low-reputation agents.
+ *
+ * Skips enforcement when:
+ * - `reputation_tracking` feature flag is `false`
+ * - TLP classification is CLEAR
+ * - No reputation data exists for the agent (benefit of the doubt on first tasks)
+ */
+export declare class ReputationMiddleware implements SecurityMiddleware {
+    readonly name = "reputation";
+    readonly featureFlag = "reputation_tracking";
+    readonly appliesTo: SecurityOperationType[];
+    private readonly engine;
+    private readonly minScore;
+    private readonly failureAction;
+    constructor(engine: ReputationEngine, config?: ReputationMiddlewareConfig);
+    evaluate(context: SecurityContext): Promise<SecurityVerdict>;
+}
+//# sourceMappingURL=reputation-middleware.d.ts.map

package/dist/ai/delegation/middleware/reputation-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reputation-middleware.d.ts","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/reputation-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AAC9E,OAAO,KAAK,EACV,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,qBAAqB,EACtB,MAAM,oCAAoC,CAAC;AAK5C,MAAM,WAAW,0BAA0B;IACzC,4EAA4E;IAC5E,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,6EAA6E;IAC7E,aAAa,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAClC;AAED;;;;;;;GAOG;AACH,qBAAa,oBAAqB,YAAW,kBAAkB;IAC7D,QAAQ,CAAC,IAAI,gBAAgB;IAC7B,QAAQ,CAAC,WAAW,yBAAyB;IAC7C,QAAQ,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAc;IAEzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAmB;IAC1C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAmB;gBAErC,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAE,0BAA+B;IAMvE,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;CAmDnE"}

package/dist/ai/delegation/middleware/reputation-middleware.js

@@ -0,0 +1,75 @@
+/**
+ * DCYFR Reputation Middleware
+ * TLP:CLEAR
+ *
+ * SecurityMiddleware that consults the ReputationEngine to block low-reputation
+ * agents from handling TLP:AMBER+ tasks.  Agents with a reliability_score below
+ * the configured threshold (default 0.5) are rejected for sensitive tasks.
+ *
+ * @module delegation/middleware/reputation-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+/** TLP levels that trigger reputation enforcement (AMBER and above) */
+const SENSITIVE_TLP_LEVELS = new Set(['AMBER', 'RED', 'TLP:AMBER', 'TLP:RED']);
+/**
+ * ReputationMiddleware — guards TLP:AMBER+ tasks against low-reputation agents.
+ *
+ * Skips enforcement when:
+ * - `reputation_tracking` feature flag is `false`
+ * - TLP classification is CLEAR
+ * - No reputation data exists for the agent (benefit of the doubt on first tasks)
+ */
+export class ReputationMiddleware {
+    name = 'reputation';
+    featureFlag = 'reputation_tracking';
+    appliesTo = ['create'];
+    engine;
+    minScore;
+    failureAction;
+    constructor(engine, config = {}) {
+        this.engine = engine;
+        this.minScore = config.minScoreForSensitiveTasks ?? 0.5;
+        this.failureAction = config.failureAction ?? 'block';
+    }
+    async evaluate(context) {
+        const tlp = context.contract.tlp_classification;
+        // Only enforce for AMBER+ tasks
+        if (!tlp || !SENSITIVE_TLP_LEVELS.has(tlp)) {
+            return { action: 'allow' };
+        }
+        const delegateeId = context.contract.delegatee?.agent_id;
+        const delegateeName = context.contract.delegatee?.agent_name ?? delegateeId ?? 'unknown';
+        if (!delegateeId) {
+            return { action: 'allow' };
+        }
+        const reputation = await this.engine.getReputation(delegateeId);
+        // No reputation yet — allow (first-task benefit of the doubt)
+        if (!reputation) {
+            return { action: 'allow' };
+        }
+        const score = reputation.reliability_score;
+        if (score < this.minScore) {
+            const reason = (`Agent '${delegateeName}' has insufficient reliability score ` +
+                `(${score.toFixed(2)} < ${this.minScore}) for ${tlp} task`);
+            if (this.failureAction === 'warn') {
+                return {
+                    action: 'warn',
+                    threat_type: 'reputation_gaming',
+                    severity: 'high',
+                    reason,
+                    evidence: { agent_id: delegateeId, score, threshold: this.minScore, tlp },
+                };
+            }
+            return {
+                action: 'block',
+                threat_type: 'reputation_gaming',
+                severity: 'high',
+                reason,
+                evidence: { agent_id: delegateeId, score, threshold: this.minScore, tlp },
+            };
+        }
+        return { action: 'allow' };
+    }
+}
+//# sourceMappingURL=reputation-middleware.js.map

package/dist/ai/delegation/middleware/reputation-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reputation-middleware.js","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/reputation-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,uEAAuE;AACvE,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;AAS/E;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IACtB,IAAI,GAAG,YAAY,CAAC;IACpB,WAAW,GAAG,qBAAqB,CAAC;IACpC,SAAS,GAA4B,CAAC,QAAQ,CAAC,CAAC;IAExC,MAAM,CAAmB;IACzB,QAAQ,CAAS;IACjB,aAAa,CAAmB;IAEjD,YAAY,MAAwB,EAAE,SAAqC,EAAE;QAC3E,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,yBAAyB,IAAI,GAAG,CAAC;QACxD,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAwB;QACrC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,kBAAwC,CAAC;QAEtE,gCAAgC;QAChC,IAAI,CAAC,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,UAAU,IAAI,WAAW,IAAI,SAAS,CAAC;QAEzF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QAEhE,8DAA8D;QAC9D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,iBAAiB,CAAC;QAE3C,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,CACb,UAAU,aAAa,uCAAuC;gBAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,SAAS,GAAG,OAAO,CAC3D,CAAC;YAEF,IAAI,IAAI,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;gBAClC,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,WAAW,EAAE,mBAAmB;oBAChC,QAAQ,EAAE,MAAM;oBAChB,MAAM;oBACN,QAAQ,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE;iBAC1E,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,mBAAmB;gBAChC,QAAQ,EAAE,MAAM;gBAChB,MAAM;gBACN,QAAQ,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE;aAC1E,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF"}

package/dist/ai/delegation/middleware/resource-limiter-middleware.d.ts

@@ -0,0 +1,52 @@
+/**
+ * DCYFR Resource Limiter Middleware
+ * TLP:CLEAR
+ *
+ * SecurityMiddleware that tracks aggregate resource usage across all active
+ * contracts and blocks new contracts that would exceed system-level capacity
+ * thresholds.
+ *
+ * @module delegation/middleware/resource-limiter-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+import type { DelegationContract } from '../../types/delegation-contracts.js';
+import type { SecurityMiddleware, SecurityContext, SecurityVerdict, SecurityOperationType } from '../../types/security-middleware.js';
+/** Resource usage snapshot for a single contract */
+export interface ContractResources {
+    cpu_cores: number;
+    memory_mb: number;
+}
+/** System-level capacity thresholds */
+export interface ResourceThresholds {
+    /** Maximum aggregate CPU cores across all active contracts */
+    maxCpuCores?: number;
+    /** Maximum aggregate memory in MB across all active contracts */
+    maxMemoryMb?: number;
+}
+/**
+ * ResourceLimiterMiddleware — system-level resource cap enforcer.
+ *
+ * On every contract creation (`appliesTo: ['create']`) it:
+ *
+ * 1. Fetches the current active contracts via the supplied callback.
+ * 2. Sums their aggregate CPU cores and memory usage.
+ * 3. Adds the proposed new contract's resource request (from `context.metadata`).
+ * 4. Blocks if the resulting aggregate would exceed either threshold.
+ *
+ * Contracts without declared resource requirements contribute zero to aggregates,
+ * so they always pass through (task validation: "contracts without resources pass
+ * through").
+ *
+ * Gate: `security_monitoring` feature flag.
+ */
+export declare class ResourceLimiterMiddleware implements SecurityMiddleware {
+    readonly name = "resource-limiter";
+    readonly featureFlag = "security_monitoring";
+    readonly appliesTo: SecurityOperationType[];
+    private readonly getActiveContracts;
+    private readonly thresholds;
+    constructor(getActiveContracts: () => DelegationContract[], thresholds?: ResourceThresholds);
+    evaluate(context: SecurityContext): Promise<SecurityVerdict>;
+}
+//# sourceMappingURL=resource-limiter-middleware.d.ts.map

package/dist/ai/delegation/middleware/resource-limiter-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-limiter-middleware.d.ts","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/resource-limiter-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,KAAK,EACV,kBAAkB,EAClB,eAAe,EACf,eAAe,EACf,qBAAqB,EACtB,MAAM,oCAAoC,CAAC;AAE5C,oDAAoD;AACpD,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,uCAAuC;AACvC,MAAM,WAAW,kBAAkB;IACjC,8DAA8D;IAC9D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iEAAiE;IACjE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AA+BD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,yBAA0B,YAAW,kBAAkB;IAClE,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,WAAW,yBAAyB;IAC7C,QAAQ,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAc;IAEzD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAA6B;IAChE,OAAO,CAAC,QAAQ,CAAC,UAAU,CAA+B;gBAGxD,kBAAkB,EAAE,MAAM,kBAAkB,EAAE,EAC9C,UAAU,GAAE,kBAAuB;IAM/B,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;CAoDnE"}

package/dist/ai/delegation/middleware/resource-limiter-middleware.js

@@ -0,0 +1,112 @@
+/**
+ * DCYFR Resource Limiter Middleware
+ * TLP:CLEAR
+ *
+ * SecurityMiddleware that tracks aggregate resource usage across all active
+ * contracts and blocks new contracts that would exceed system-level capacity
+ * thresholds.
+ *
+ * @module delegation/middleware/resource-limiter-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+const DEFAULT_THRESHOLDS = {
+    maxCpuCores: 128,
+    maxMemoryMb: 32_768,
+};
+/**
+ * Extract resource requirements from a contract's metadata.
+ * Falls back to zeros when the field is absent or malformed.
+ */
+function extractResources(contract) {
+    const rr = contract.metadata?.resource_requirements;
+    return {
+        cpu_cores: Number(rr?.cpu_cores ?? 0) || 0,
+        memory_mb: Number(rr?.memory_mb ?? 0) || 0,
+    };
+}
+/**
+ * Extract resource requirements from the SecurityContext's metadata field
+ * (propagated from `legacyRequest.resource_requirements` by the contract manager).
+ */
+function extractContextResources(context) {
+    const rr = context.metadata?.resource_requirements;
+    return {
+        cpu_cores: Number(rr?.cpu_cores ?? 0) || 0,
+        memory_mb: Number(rr?.memory_mb ?? 0) || 0,
+    };
+}
+/**
+ * ResourceLimiterMiddleware — system-level resource cap enforcer.
+ *
+ * On every contract creation (`appliesTo: ['create']`) it:
+ *
+ * 1. Fetches the current active contracts via the supplied callback.
+ * 2. Sums their aggregate CPU cores and memory usage.
+ * 3. Adds the proposed new contract's resource request (from `context.metadata`).
+ * 4. Blocks if the resulting aggregate would exceed either threshold.
+ *
+ * Contracts without declared resource requirements contribute zero to aggregates,
+ * so they always pass through (task validation: "contracts without resources pass
+ * through").
+ *
+ * Gate: `security_monitoring` feature flag.
+ */
+export class ResourceLimiterMiddleware {
+    name = 'resource-limiter';
+    featureFlag = 'security_monitoring';
+    appliesTo = ['create'];
+    getActiveContracts;
+    thresholds;
+    constructor(getActiveContracts, thresholds = {}) {
+        this.getActiveContracts = getActiveContracts;
+        this.thresholds = { ...DEFAULT_THRESHOLDS, ...thresholds };
+    }
+    async evaluate(context) {
+        const proposed = extractContextResources(context);
+        // If proposed contract declares no resources, fast-path allow
+        if (proposed.cpu_cores === 0 && proposed.memory_mb === 0) {
+            return { action: 'allow' };
+        }
+        // Aggregate active contract resource consumption
+        let aggregateCpu = 0;
+        let aggregateMemory = 0;
+        for (const contract of this.getActiveContracts()) {
+            const r = extractResources(contract);
+            aggregateCpu += r.cpu_cores;
+            aggregateMemory += r.memory_mb;
+        }
+        const totalCpu = aggregateCpu + proposed.cpu_cores;
+        const totalMemory = aggregateMemory + proposed.memory_mb;
+        if (totalCpu > this.thresholds.maxCpuCores) {
+            return {
+                action: 'block',
+                reason: `Aggregate CPU would reach ${totalCpu} cores, exceeding the system limit of ${this.thresholds.maxCpuCores}`,
+                threat_type: 'resource_exhaustion',
+                severity: 'critical',
+                evidence: {
+                    aggregate_cpu_cores: aggregateCpu,
+                    proposed_cpu_cores: proposed.cpu_cores,
+                    total_cpu_cores: totalCpu,
+                    max_cpu_cores: this.thresholds.maxCpuCores,
+                },
+            };
+        }
+        if (totalMemory > this.thresholds.maxMemoryMb) {
+            return {
+                action: 'block',
+                reason: `Aggregate memory would reach ${totalMemory} MB, exceeding the system limit of ${this.thresholds.maxMemoryMb} MB`,
+                threat_type: 'resource_exhaustion',
+                severity: 'critical',
+                evidence: {
+                    aggregate_memory_mb: aggregateMemory,
+                    proposed_memory_mb: proposed.memory_mb,
+                    total_memory_mb: totalMemory,
+                    max_memory_mb: this.thresholds.maxMemoryMb,
+                },
+            };
+        }
+        return { action: 'allow' };
+    }
+}
+//# sourceMappingURL=resource-limiter-middleware.js.map

package/dist/ai/delegation/middleware/resource-limiter-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resource-limiter-middleware.js","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/resource-limiter-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAwBH,MAAM,kBAAkB,GAAiC;IACvD,WAAW,EAAE,GAAG;IAChB,WAAW,EAAE,MAAM;CACpB,CAAC;AAEF;;;GAGG;AACH,SAAS,gBAAgB,CAAC,QAA4B;IACpD,MAAM,EAAE,GAAI,QAAQ,CAAC,QAAgD,EAAE,qBAA4D,CAAC;IACpI,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,IAAI,CAAC,CAAC,IAAI,CAAC;QAC1C,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,IAAI,CAAC,CAAC,IAAI,CAAC;KAC3C,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,uBAAuB,CAAC,OAAwB;IACvD,MAAM,EAAE,GAAI,OAAO,CAAC,QAAgD,EAAE,qBAA4D,CAAC;IACnI,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,IAAI,CAAC,CAAC,IAAI,CAAC;QAC1C,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,IAAI,CAAC,CAAC,IAAI,CAAC;KAC3C,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,yBAAyB;IAC3B,IAAI,GAAG,kBAAkB,CAAC;IAC1B,WAAW,GAAG,qBAAqB,CAAC;IACpC,SAAS,GAA4B,CAAC,QAAQ,CAAC,CAAC;IAExC,kBAAkB,CAA6B;IAC/C,UAAU,CAA+B;IAE1D,YACE,kBAA8C,EAC9C,aAAiC,EAAE;QAEnC,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,kBAAkB,EAAE,GAAG,UAAU,EAAE,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAwB;QACrC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAElD,8DAA8D;QAC9D,IAAI,QAAQ,CAAC,SAAS,KAAK,CAAC,IAAI,QAAQ,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7B,CAAC;QAED,iDAAiD;QACjD,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YACjD,MAAM,CAAC,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YACrC,YAAY,IAAI,CAAC,CAAC,SAAS,CAAC;YAC5B,eAAe,IAAI,CAAC,CAAC,SAAS,CAAC;QACjC,CAAC;QAED,MAAM,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC,SAAS,CAAC;QACnD,MAAM,WAAW,GAAG,eAAe,GAAG,QAAQ,CAAC,SAAS,CAAC;QAEzD,IAAI,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,6BAA6B,QAAQ,yCAAyC,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;gBACnH,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE;oBACR,mBAAmB,EAAE,YAAY;oBACjC,kBAAkB,EAAE,QAAQ,CAAC,SAAS;oBACtC,eAAe,EAAE,QAAQ;oBACzB,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;iBAC3C;aACF,CAAC;QACJ,CAAC;QAED,IAAI,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC9C,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,gCAAgC,WAAW,sCAAsC,IAAI,CAAC,UAAU,CAAC,WAAW,KAAK;gBACzH,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE;oBACR,mBAAmB,EAAE,eAAe;oBACpC,kBAAkB,EAAE,QAAQ,CAAC,SAAS;oBACtC,eAAe,EAAE,WAAW;oBAC5B,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;iBAC3C;aACF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC7B,CAAC;CACF"}

package/dist/ai/delegation/middleware/threat-validator-middleware.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Threat Validator Middleware — wraps SecurityThreatValidator
+ * TLP:AMBER - Internal Use Only
+ *
+ * Runs the full 7-vector threat detection pipeline from
+ * src/delegation/security-threat-model.ts against the contract being created or
+ * updated.  Replaces the 4-rule inline detectSecurityThreat() in contract-manager.
+ *
+ * @module delegation/middleware/threat-validator-middleware
+ * @version 1.0.0
+ * @date 2026-02-24
+ */
+import type { SecurityMiddleware, SecurityContext, SecurityVerdict, SecurityOperationType } from '../../types/security-middleware.js';
+import { SecurityThreatValidator } from '../../src/delegation/security-threat-model.js';
+export declare class ThreatValidatorMiddleware implements SecurityMiddleware {
+    readonly name = "threat-validator";
+    readonly featureFlag = "security_monitoring";
+    readonly appliesTo: SecurityOperationType[];
+    private readonly validator;
+    constructor(validator?: SecurityThreatValidator);
+    evaluate(context: SecurityContext): Promise<SecurityVerdict>;
+}
+//# sourceMappingURL=threat-validator-middleware.d.ts.map

package/dist/ai/delegation/middleware/threat-validator-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-validator-middleware.d.ts","sourceRoot":"","sources":["../../../../packages/ai/delegation/middleware/threat-validator-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,eAAe,EAAE,eAAe,EAAoB,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AACxJ,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAC;AAIxF,qBAAa,yBAA0B,YAAW,kBAAkB;IAClE,QAAQ,CAAC,IAAI,sBAAsB;IACnC,QAAQ,CAAC,WAAW,yBAAyB;IAC7C,QAAQ,CAAC,SAAS,EAAE,qBAAqB,EAAE,CAAc;IAEzD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA0B;gBAExC,SAAS,CAAC,EAAE,uBAAuB;IAIzC,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;CAgEnE"}