@ebowwa/coder 0.7.63 → 0.7.64

package/dist/core/cognitive-security/index.js

@@ -0,0 +1,1123 @@
+/**
+ * Cognitive Security - Intent Module
+ *
+ * TypeScript bindings for the Rust cognitive security module.
+ * Provides intent preservation, alignment scoring, and corruption detection.
+ */
+// ===== Native Bindings =====
+import { native } from "../../native/index.js";
+let nativeModule = null;
+async function getNative() {
+    if (!nativeModule) {
+        // Use the already-loaded native module from src/native/index.ts
+        // which properly maps all functions including cognitive security
+        nativeModule = native;
+    }
+    return nativeModule;
+}
+// ===== Key Management =====
+/**
+ * Generate a new Ed25519 keypair for signing intents
+ */
+export async function generateKeypair() {
+    const native = await getNative();
+    return native.cs_generate_keypair();
+}
+// ===== Signing & Verification =====
+/**
+ * Sign an agent intent with a private key
+ */
+export async function signIntent(intent, privateKey) {
+    const native = await getNative();
+    return native.cs_sign_intent(intent, privateKey);
+}
+/**
+ * Verify an intent's signature
+ */
+export async function verifyIntent(intent) {
+    const native = await getNative();
+    return native.cs_verify_intent(intent);
+}
+/**
+ * Hash an intent for comparison
+ */
+export async function hashIntent(intent) {
+    const native = await getNative();
+    return native.cs_hash_intent(intent);
+}
+/**
+ * Check if two intents are equivalent (ignoring signatures)
+ */
+export async function intentsEquivalent(intent1, intent2) {
+    const native = await getNative();
+    return native.cs_intents_equivalent(intent1, intent2);
+}
+// ===== Alignment Scoring =====
+/**
+ * Score how well an action aligns with an intent
+ */
+export async function scoreAlignment(action, intent) {
+    const native = await getNative();
+    return native.cs_score_alignment(action, intent);
+}
+/**
+ * Batch score multiple actions against an intent
+ */
+export async function batchScoreAlignment(actions, intent) {
+    const native = await getNative();
+    return native.cs_batch_score_alignment(actions, intent);
+}
+/**
+ * Check if any action in a sequence would violate intent
+ */
+export async function checkSequenceViolations(actions, intent) {
+    const native = await getNative();
+    return native.cs_check_sequence_violations(actions, intent);
+}
+// ===== Intent Management =====
+/**
+ * Load intent from a JSON file
+ */
+export async function loadIntent(path) {
+    const native = await getNative();
+    return native.cs_load_intent(path);
+}
+/**
+ * Save intent to a JSON file
+ */
+export async function saveIntent(intent, path) {
+    const native = await getNative();
+    return native.cs_save_intent(intent, path);
+}
+/**
+ * Parse intent from JSON string
+ */
+export async function parseIntent(json) {
+    const native = await getNative();
+    return native.cs_parse_intent(json);
+}
+/**
+ * Serialize intent to JSON string
+ */
+export async function serializeIntent(intent) {
+    const native = await getNative();
+    return native.cs_serialize_intent(intent);
+}
+/**
+ * Validate intent structure
+ */
+export async function validateIntent(intent) {
+    const native = await getNative();
+    return native.cs_validate_intent(intent);
+}
+/**
+ * Create a default data collector intent
+ */
+export async function createDataCollectorIntent(name, description) {
+    const native = await getNative();
+    return native.cs_create_data_collector_intent(name, description);
+}
+/**
+ * Merge two intents (child overrides parent)
+ */
+export async function mergeIntents(base, override) {
+    const native = await getNative();
+    return native.cs_merge_intents(base, override);
+}
+// ===== Corruption Detection =====
+/**
+ * Analyze behavior for signs of intent corruption
+ */
+export async function analyzeCorruption(snapshot, intent) {
+    const native = await getNative();
+    return native.cs_analyze_corruption(snapshot, intent);
+}
+/**
+ * Detect behavioral drift between two snapshots
+ */
+export async function detectDrift(baseline, current) {
+    const native = await getNative();
+    return native.cs_detect_drift(baseline, current);
+}
+/**
+ * Create an empty behavior snapshot
+ */
+export async function createEmptySnapshot() {
+    const native = await getNative();
+    return native.cs_create_empty_snapshot();
+}
+/**
+ * Update a snapshot with a new action result
+ */
+export async function updateSnapshot(snapshot, action, alignment) {
+    const native = await getNative();
+    return native.cs_update_snapshot(snapshot, action, alignment);
+}
+// ===== Action Classification =====
+/**
+ * Classify an operation into an action type
+ */
+export async function classifyOperation(operation, domain, target, reasoning) {
+    const native = await getNative();
+    return native.classify_operation(operation, domain, target, reasoning);
+}
+/**
+ * Get all supported action types
+ */
+export async function getActionTypes() {
+    const native = await getNative();
+    return native.get_action_types();
+}
+/**
+ * Get risk levels for all action types
+ */
+export async function getActionRiskLevels() {
+    const native = await getNative();
+    return native.get_action_risk_levels();
+}
+// ===== Action Validation =====
+/**
+ * Create a deny-all policy
+ */
+export async function createDenyAllPolicy() {
+    const native = await getNative();
+    return native.create_deny_all_policy();
+}
+/**
+ * Create an observe-only policy
+ */
+export async function createObserveOnlyPolicy() {
+    const native = await getNative();
+    return native.create_observe_only_policy();
+}
+/**
+ * Create a transfer approval policy
+ */
+export async function createTransferApprovalPolicy() {
+    const native = await getNative();
+    return native.create_transfer_approval_policy();
+}
+// ===== Domain Configs =====
+/**
+ * Create file domain configuration
+ */
+export async function createFileDomainConfig() {
+    const native = await getNative();
+    return native.create_file_domain_config();
+}
+/**
+ * Create network domain configuration
+ */
+export async function createNetworkDomainConfig() {
+    const native = await getNative();
+    return native.create_network_domain_config();
+}
+/**
+ * Create shell domain configuration
+ */
+export async function createShellDomainConfig() {
+    const native = await getNative();
+    return native.create_shell_domain_config();
+}
+// ===== Flow Classification =====
+/**
+ * Classify data based on content and source
+ */
+export async function classifyData(content, source, tags) {
+    const native = await getNative();
+    return native.classify_data(content, source, tags);
+}
+/**
+ * Check if content contains sensitive data
+ */
+export async function containsSensitiveData(content) {
+    const native = await getNative();
+    return native.contains_sensitive_data(content);
+}
+/**
+ * Redact sensitive content
+ */
+export async function redactSensitive(content, replacement) {
+    const native = await getNative();
+    return native.redact_sensitive(content, replacement ?? null);
+}
+/**
+ * Get sensitivity levels
+ */
+export async function getSensitivityLevels() {
+    const native = await getNative();
+    return native.get_sensitivity_levels();
+}
+/**
+ * Get data categories
+ */
+export async function getDataCategories() {
+    const native = await getNative();
+    return native.get_data_categories();
+}
+// ===== Flow Policy Engine =====
+/**
+ * Create a flow policy engine
+ */
+export async function createFlowPolicyEngine() {
+    const native = await getNative();
+    if (typeof native.create_flow_policy_engine === 'function') {
+        return native.create_flow_policy_engine();
+    }
+    // Return JS fallback handle
+    return createFallbackFlowPolicyEngine();
+}
+function createFallbackFlowPolicyEngine() {
+    const policies = new Map();
+    let defaultAction = "allow";
+    let blpMode = "disabled";
+    return {
+        addPolicy(policy) {
+            policies.set(policy.id, policy);
+        },
+        removePolicy(policyId) {
+            return policies.delete(policyId);
+        },
+        evaluate(data, sourceDomain, targetDomain) {
+            // Simple fallback: allow if sensitivity allows
+            const sensitivityOrder = {
+                public: 1, internal: 2, confidential: 3, secret: 4, top_secret: 5,
+            };
+            const sourceLevel = sensitivityOrder[data.sensitivity] || 2;
+            const targetLevel = sensitivityOrder[targetDomain] || 1;
+            // Bell-LaPadula: can't write up (no read up, no write down)
+            if (blpMode === "enabled") {
+                if (sourceLevel > targetLevel) {
+                    return {
+                        allowed: false,
+                        reason: `BLP violation: cannot flow from ${data.sensitivity} to ${targetDomain}`,
+                        applied_policy: "blp_default",
+                        can_log: true,
+                        can_transmit: false,
+                        can_store: true,
+                        transformations: [],
+                        confidence: 1.0,
+                        warnings: [],
+                    };
+                }
+            }
+            return {
+                allowed: defaultAction === "allow",
+                reason: `Allowed by default (${defaultAction})`,
+                applied_policy: null,
+                can_log: true,
+                can_transmit: true,
+                can_store: true,
+                transformations: [],
+                confidence: 0.5,
+                warnings: [],
+            };
+        },
+        listPolicies() {
+            return Array.from(policies.values());
+        },
+        setDefaultAction(action) {
+            defaultAction = action;
+        },
+        setBlpMode(mode) {
+            blpMode = mode;
+        },
+    };
+}
+/**
+ * Create an allow-all flow policy
+ */
+export async function createAllowAllFlowPolicy() {
+    const native = await getNative();
+    if (typeof native.create_allow_all_flow_policy === 'function') {
+        return native.create_allow_all_flow_policy();
+    }
+    return {
+        id: "allow_all",
+        description: "Allow all flows",
+        source_pattern: "*",
+        target_pattern: "*",
+        min_source_sensitivity: null,
+        max_target_sensitivity: null,
+        categories: [],
+        effect: "allow",
+        priority: 0,
+        required_transforms: [],
+        log_flow: false,
+        require_approval: false,
+        conditions: null,
+        enabled: true,
+    };
+}
+/**
+ * Create a deny-all flow policy
+ */
+export async function createDenyAllFlowPolicy() {
+    const native = await getNative();
+    if (typeof native.create_deny_all_flow_policy === 'function') {
+        return native.create_deny_all_flow_policy();
+    }
+    return {
+        id: "deny_all",
+        description: "Deny all flows",
+        source_pattern: "*",
+        target_pattern: "*",
+        min_source_sensitivity: null,
+        max_target_sensitivity: null,
+        categories: [],
+        effect: "deny",
+        priority: 1000,
+        required_transforms: [],
+        log_flow: false,
+        require_approval: false,
+        conditions: null,
+        enabled: true,
+    };
+}
+/**
+ * Create a strict flow policy
+ */
+export async function createStrictFlowPolicy() {
+    const native = await getNative();
+    if (typeof native.create_strict_flow_policy === 'function') {
+        return native.create_strict_flow_policy();
+    }
+    return {
+        id: "strict",
+        description: "Strict flow policy",
+        source_pattern: "*",
+        target_pattern: "*",
+        min_source_sensitivity: "internal",
+        max_target_sensitivity: null,
+        categories: [],
+        effect: "transform",
+        priority: 500,
+        required_transforms: ["redact_sensitive"],
+        log_flow: true,
+        require_approval: true,
+        conditions: null,
+        enabled: true,
+    };
+}
+// ===== Flow Tracker =====
+/**
+ * Create a flow tracker
+ */
+export async function createFlowTracker() {
+    const native = await getNative();
+    if (typeof native.create_flow_tracker === 'function') {
+        return native.create_flow_tracker();
+    }
+    // Return JS fallback handle
+    return createFallbackFlowTracker();
+}
+function createFallbackFlowTracker() {
+    const flows = [];
+    let maxFlows = 10000;
+    return {
+        record(data, sourceDomain, targetDomain, direction, validation, sessionId, actionId) {
+            const record = {
+                id: `flow_${Date.now()}_${Math.random().toString(36).slice(2, 9)}`,
+                data_id: data.id,
+                source_domain: sourceDomain,
+                target_domain: targetDomain,
+                direction,
+                allowed: validation.allowed,
+                reason: validation.reason,
+                policy_id: validation.applied_policy,
+                session_id: sessionId,
+                action_id: actionId,
+                timestamp: Date.now(),
+                data_hash: "",
+            };
+            if (flows.length >= maxFlows) {
+                flows.shift();
+            }
+            flows.push(record);
+            return record;
+        },
+        getFlow(flowId) {
+            return flows.find(f => f.id === flowId) || null;
+        },
+        getLineage(dataId) {
+            return flows.filter(f => f.data_id === dataId);
+        },
+        bySource(domain) {
+            return flows.filter(f => f.source_domain === domain);
+        },
+        byTarget(domain) {
+            return flows.filter(f => f.target_domain === domain);
+        },
+        bySession(sessionId) {
+            return flows.filter(f => f.session_id === sessionId);
+        },
+        blocked() {
+            return flows.filter(f => !f.allowed);
+        },
+        allowed() {
+            return flows.filter(f => f.allowed);
+        },
+        recent(limit) {
+            return flows.slice(-limit);
+        },
+        stats() {
+            return {
+                total_flows: flows.length,
+                allowed_count: flows.filter(f => f.allowed).length,
+                blocked_count: flows.filter(f => !f.allowed).length,
+                by_direction: [],
+                by_source_domain: [],
+                by_target_domain: [],
+                first_timestamp: flows[0]?.timestamp || Date.now(),
+                last_timestamp: flows[flows.length - 1]?.timestamp || Date.now(),
+            };
+        },
+        domainStats(domain) {
+            const domainFlows = flows.filter(f => f.source_domain === domain || f.target_domain === domain);
+            if (domainFlows.length === 0)
+                return null;
+            return {
+                domain,
+                inbound_count: domainFlows.filter(f => f.target_domain === domain).length,
+                outbound_count: domainFlows.filter(f => f.source_domain === domain).length,
+                blocked_count: domainFlows.filter(f => !f.allowed).length,
+                by_sensitivity: {},
+            };
+        },
+        count() {
+            return flows.length;
+        },
+        clear() {
+            flows.length = 0;
+        },
+        setMaxFlows(max) {
+            maxFlows = max;
+        },
+        exportJsonl() {
+            return flows.map(f => JSON.stringify(f)).join("\n");
+        },
+    };
+}
+// ===== Leak Prevention =====
+/**
+ * Create a leak prevention engine
+ */
+export async function createLeakPrevention() {
+    const native = await getNative();
+    if (typeof native.create_leak_prevention === 'function') {
+        return native.create_leak_prevention();
+    }
+    // Return JS fallback handle
+    return createFallbackLeakPrevention();
+}
+function createFallbackLeakPrevention() {
+    const sensitivePatterns = [];
+    const channels = new Set(["stdout", "stderr", "network", "file"]);
+    let mode = "alert";
+    let checkCount = 0;
+    let blockedCount = 0;
+    let alertCount = 0;
+    const leakPatterns = [
+        { pattern: /password[=:]\s*\S+/gi, type: "credential_exposure" },
+        { pattern: /api[_-]?key[=:]\s*\S+/gi, type: "credential_exposure" },
+        { pattern: /token[=:]\s*\S+/gi, type: "credential_exposure" },
+        { pattern: /secret[=:]\s*\S+/gi, type: "credential_exposure" },
+        { pattern: /\b[A-Za-z0-9._%+-]{20,}@\b/g, type: "pii_exposure" },
+        { pattern: /\b\d{4}[- ]?\d{4}[- ]?\d{4}\b/g, type: "pii_exposure" },
+        { pattern: /-----BEGIN.*KEY-----/g, type: "secret_key_exposure" },
+        { pattern: /-----BEGIN.*PRIVATE KEY-----/g, type: "secret_key_exposure" },
+        { pattern: /mongodb:\/\/.+/gi, type: "internal_url_exposure" },
+        { pattern: /redis:\/\/.+/gi, type: "internal_url_exposure" },
+    ];
+    return {
+        check(content, channel) {
+            checkCount++;
+            const detections = [];
+            for (const { pattern, type } of leakPatterns) {
+                if (pattern.test(content)) {
+                    detections.push({
+                        pattern_name: pattern.source,
+                        leak_type: type,
+                        severity: type === "credential_exposure" ? 5 : type === "secret_key_exposure" ? 5 : 3,
+                        match_found: true,
+                    });
+                }
+            }
+            for (const sensitive of sensitivePatterns) {
+                if (content.includes(sensitive)) {
+                    detections.push({
+                        pattern_name: "registered_sensitive",
+                        leak_type: "credential_exposure",
+                        severity: 4,
+                        match_found: true,
+                    });
+                }
+            }
+            const channelAllowed = channels.has(channel);
+            const shouldBlock = detections.length > 0 && mode === "block";
+            const action = shouldBlock ? "block" : detections.length > 0 ? "alert" : "allow";
+            if (action === "block")
+                blockedCount++;
+            else if (action === "alert")
+                alertCount++;
+            return {
+                action,
+                detections,
+                channel_allowed: channelAllowed,
+                checked_at: Date.now(),
+            };
+        },
+        sanitize(content) {
+            let sanitized = content;
+            for (const { pattern } of leakPatterns) {
+                sanitized = sanitized.replace(pattern, "[REDACTED]");
+            }
+            for (const sensitive of sensitivePatterns) {
+                sanitized = sanitized.replace(sensitive, "[REDACTED]");
+            }
+            return sanitized;
+        },
+        registerSensitive(data) {
+            sensitivePatterns.push(data);
+        },
+        addChannel(channel) {
+            channels.add(channel);
+        },
+        removeChannel(channel) {
+            channels.delete(channel);
+        },
+        setMode(newMode) {
+            if (newMode === "alert" || newMode === "block") {
+                mode = newMode;
+            }
+        },
+        stats() {
+            return {
+                total_checks: checkCount,
+                blocked_count: blockedCount,
+                alert_count: alertCount,
+                by_leak_type: {},
+            };
+        },
+        clearSensitive() {
+            sensitivePatterns.length = 0;
+        },
+    };
+}
+/**
+ * Quick check content for leaks
+ */
+export async function checkForLeaks(content, channel) {
+    const native = await getNative();
+    if (typeof native.check_for_leaks === 'function') {
+        return native.check_for_leaks(content, channel);
+    }
+    // Use fallback implementation
+    const engine = createFallbackLeakPrevention();
+    return engine.check(content, channel);
+}
+/**
+ * Quick sanitize content
+ */
+export async function sanitizeContent(content) {
+    const native = await getNative();
+    if (typeof native.sanitizeContent === 'function') {
+        return native.sanitizeContent(content);
+    }
+    // Use fallback implementation
+    const engine = createFallbackLeakPrevention();
+    return engine.sanitize(content);
+}
+// ===== Taint Tracking =====
+/**
+ * Create a taint tracker
+ */
+export async function createTaintTracker() {
+    const native = await getNative();
+    if (typeof native.createTaintTracker === 'function') {
+        return native.createTaintTracker();
+    }
+    // Return JS fallback handle
+    return createFallbackTaintTracker();
+}
+function createFallbackTaintTracker() {
+    const sources = new Map();
+    const taintedData = new Map();
+    const propagations = [];
+    return {
+        registerSource(sourceType, sensitivity, tags) {
+            const id = `source_${Date.now()}_${Math.random().toString(36).slice(2, 9)}`;
+            sources.set(id, {
+                id,
+                source_type: sourceType,
+                sensitivity,
+                registered_at: Date.now(),
+                tags,
+            });
+            return id;
+        },
+        taint(sourceId, data, locationType, identifier) {
+            const source = sources.get(sourceId);
+            if (!source)
+                return null;
+            const taintId = `taint_${Date.now()}_${Math.random().toString(36).slice(2, 9)}`;
+            const tainted = {
+                id: taintId,
+                source_id: sourceId,
+                data_hash: data.substring(0, 32),
+                sensitivity: source.sensitivity,
+                location: {
+                    location_type: locationType,
+                    identifier,
+                    context: null,
+                },
+                propagated_from: [],
+                tainted_at: Date.now(),
+                can_sanitize: true,
+                last_accessed: Date.now(),
+                access_count: 0,
+            };
+            taintedData.set(taintId, tainted);
+            return taintId;
+        },
+        propagate(sourceTaintId, newData, locationType, identifier, propagationType, operation) {
+            const sourceTaint = taintedData.get(sourceTaintId);
+            if (!sourceTaint)
+                return null;
+            const newTaintId = `taint_${Date.now()}_${Math.random().toString(36).slice(2, 9)}`;
+            const newTaint = {
+                id: newTaintId,
+                source_id: sourceTaint.source_id,
+                data_hash: newData.substring(0, 32),
+                sensitivity: sourceTaint.sensitivity,
+                location: {
+                    location_type: locationType,
+                    identifier,
+                    context: null,
+                },
+                propagated_from: [sourceTaintId],
+                tainted_at: Date.now(),
+                can_sanitize: true,
+                last_accessed: Date.now(),
+                access_count: 0,
+            };
+            taintedData.set(newTaintId, newTaint);
+            propagations.push({
+                id: `prop_${Date.now()}`,
+                source_id: sourceTaintId,
+                target_id: newTaintId,
+                propagation_type: propagationType,
+                operation,
+                timestamp: Date.now(),
+            });
+            return newTaintId;
+        },
+        canFlow(taintId, sink) {
+            const taint = taintedData.get(taintId);
+            if (!taint) {
+                return { allowed: true, reason: "No taint found", requires_sanitization: false };
+            }
+            // Check sensitivity-based flow
+            const sensitivityOrder = ["public", "internal", "confidential", "secret", "top_secret"];
+            const taintLevel = sensitivityOrder.indexOf(taint.sensitivity);
+            if (taintLevel >= 3) {
+                // High sensitivity data
+                if (sink === "external" || sink === "network") {
+                    return {
+                        allowed: false,
+                        reason: `Cannot flow ${taint.sensitivity} data to ${sink}`,
+                        requires_sanitization: true,
+                    };
+                }
+            }
+            return { allowed: true, reason: "Flow allowed", requires_sanitization: false };
+        },
+        isTainted(data) {
+            for (const taint of taintedData.values()) {
+                if (data.includes(taint.data_hash)) {
+                    return true;
+                }
+            }
+            return false;
+        },
+        getTaint(taintId) {
+            return taintedData.get(taintId) || null;
+        },
+        stats() {
+            return {
+                total_sources: sources.size,
+                total_tainted: taintedData.size,
+                total_propagations: propagations.length,
+                by_source_type: {},
+                by_sensitivity: {},
+            };
+        },
+        clear(taintId) {
+            return taintedData.delete(taintId);
+        },
+        clearAll() {
+            sources.clear();
+            taintedData.clear();
+            propagations.length = 0;
+        },
+    };
+}
+let directiveStoreHandle = null;
+let actionSignerHandle = null;
+let driftDetectorHandle = null;
+/**
+ * Create a directive store for immutable directives
+ */
+export async function createDirectiveStore() {
+    const native = await getNative();
+    if (native.create_directive_store) {
+        return native.create_directive_store();
+    }
+    // Fallback to JS implementation
+    return new DirectiveStoreHandle();
+}
+/**
+ * Create an action signer for cryptographic action signing
+ */
+export async function createActionSigner(privateKeyHex, sessionId) {
+    const native = await getNative();
+    if (native.create_action_signer) {
+        return native.create_action_signer(privateKeyHex, sessionId);
+    }
+    // Fallback to JS implementation
+    return new ActionSignerHandle(privateKeyHex, sessionId);
+}
+/**
+ * Create a drift detector for behavioral analytics
+ */
+export async function createDriftDetector(agentId, intentId) {
+    const native = await getNative();
+    if (native.create_drift_detector) {
+        return native.create_drift_detector(agentId, intentId);
+    }
+    // Fallback to JS implementation
+    return new DriftDetectorHandle(agentId, intentId);
+}
+/**
+ * Create default financial protection directives
+ */
+export async function createDefaultFinancialDirectives(store) {
+    const native = await getNative();
+    if (native.create_default_financial_directives) {
+        return native.create_default_financial_directives(store);
+    }
+    // JS fallback - create basic directives
+    return [
+        await store.createDirective("forbidden_action", JSON.stringify({
+            actions: ["*"],
+            paramPatterns: ["send.*eth", "send.*btc", "transfer.*crypto", "wallet.*address"]
+        }), "financial", 1, false, "system"),
+        await store.createDirective("forbidden_action", JSON.stringify({
+            actions: ["mcp__telegram__telegram_send_message"],
+            paramPatterns: ["password", "secret", "api_key", "private_key"]
+        }), "credentials", 1, false, "system"),
+    ];
+}
+// ===== JS Fallback Implementations =====
+class DirectiveStoreHandle {
+    directives = new Map();
+    async setSigningKey(privateKeyHex) {
+        // JS fallback - no actual signing
+    }
+    async createDirective(directiveType, rule, domain, priority = 5, overridable = false, createdBy = "user") {
+        const id = `directive-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
+        const directive = {
+            id,
+            directiveType,
+            rule,
+            domain,
+            priority,
+            overridable,
+            createdAt: Date.now(),
+            createdBy,
+            ruleHash: await this.hashRule(rule),
+        };
+        this.directives.set(id, directive);
+        return directive;
+    }
+    async addDirective(directive) {
+        this.directives.set(directive.id, directive);
+    }
+    async evaluate(actionType, domain, target, params) {
+        const violations = [];
+        const approvalDirectives = [];
+        for (const directive of this.directives.values()) {
+            if (directive.domain !== "*" && directive.domain !== domain)
+                continue;
+            const matches = this.evaluateRule(directive.rule, actionType, domain, target, params);
+            if (matches) {
+                if (directive.directiveType === "forbidden_action") {
+                    violations.push({
+                        directiveId: directive.id,
+                        directiveType: directive.directiveType,
+                        reason: `Matched forbidden pattern in ${directive.domain}`,
+                        severity: directive.priority === 1 ? "critical" : "high",
+                    });
+                }
+                else if (directive.directiveType === "required_approval") {
+                    approvalDirectives.push(directive.id);
+                }
+            }
+        }
+        const hasCritical = violations.some(v => v.severity === "critical");
+        return {
+            allowed: !hasCritical,
+            requiresApproval: approvalDirectives.length > 0,
+            violations,
+            approvalDirectives,
+            denialReason: hasCritical ? "Critical directive violation" : undefined,
+        };
+    }
+    evaluateRule(rule, actionType, domain, target, params) {
+        try {
+            const ruleJson = JSON.parse(rule);
+            // Check action patterns
+            if (ruleJson.actions) {
+                for (const action of ruleJson.actions) {
+                    if (action === "*" || action === actionType)
+                        return true;
+                }
+            }
+            // Check param patterns
+            if (ruleJson.paramPatterns || ruleJson.param_patterns) {
+                const patterns = ruleJson.paramPatterns || ruleJson.param_patterns;
+                for (const pattern of patterns) {
+                    if (params.toLowerCase().includes(pattern.toLowerCase()))
+                        return true;
+                }
+            }
+            return false;
+        }
+        catch {
+            // Simple string match
+            return rule.includes(actionType) || rule.includes(domain);
+        }
+    }
+    async hashRule(rule) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(rule);
+        const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+        const hashArray = Array.from(new Uint8Array(hashBuffer));
+        return hashArray.map(b => b.toString(16).padStart(2, "0")).join("");
+    }
+}
+class ActionSignerHandle {
+    privateKey;
+    _sessionId;
+    _sequence = 0;
+    _lastHash = null;
+    _intentId = null;
+    constructor(privateKey, sessionId) {
+        this.privateKey = privateKey;
+        this._sessionId = sessionId;
+    }
+    setIntent(intentId) {
+        this._intentId = intentId;
+    }
+    async sign(tool, domain, actionType, target, params) {
+        this._sequence++;
+        const timestamp = Date.now();
+        const id = `action-${this._sessionId}-${this._sequence}`;
+        // Hash params
+        const encoder = new TextEncoder();
+        const paramsData = encoder.encode(params);
+        const paramsHashBuffer = await crypto.subtle.digest("SHA-256", paramsData);
+        const paramsHash = Array.from(new Uint8Array(paramsHashBuffer))
+            .map(b => b.toString(16).padStart(2, "0"))
+            .join("");
+        // Create action (without signature for hash computation)
+        const action = {
+            id,
+            sequence: this._sequence,
+            sessionId: this._sessionId,
+            tool,
+            domain,
+            actionType,
+            target: target || undefined,
+            paramsHash,
+            timestamp,
+            intentId: this._intentId ?? undefined,
+            signature: "",
+            signedBy: this.privateKey.substring(0, 16), // Placeholder
+            prevHash: this._lastHash ?? undefined,
+            hash: "",
+        };
+        // Compute hash
+        const hashInput = `${action.id}:${action.sequence}:${action.tool}:${action.domain}:${action.paramsHash}:${action.timestamp}`;
+        const hashData = encoder.encode(hashInput);
+        const hashBuffer = await crypto.subtle.digest("SHA-256", hashData);
+        action.hash = Array.from(new Uint8Array(hashBuffer))
+            .map(b => b.toString(16).padStart(2, "0"))
+            .join("");
+        // Sign (simplified - in production use Ed25519)
+        action.signature = `sig-${action.hash.substring(0, 32)}`;
+        this._lastHash = action.hash;
+        return action;
+    }
+    async verify(action) {
+        // Simplified verification
+        const valid = action.signature === `sig-${action.hash.substring(0, 32)}`;
+        return {
+            signatureValid: valid,
+            chainIntact: action.prevHash === this._lastHash || action.sequence === 1,
+            hashValid: true,
+            intentVerified: !this._intentId || action.intentId === this._intentId,
+            valid,
+            error: valid ? undefined : "Signature verification failed",
+        };
+    }
+    getSequence() {
+        return this._sequence;
+    }
+    getSessionId() {
+        return this._sessionId;
+    }
+    get publicKey() {
+        return this.privateKey.substring(0, 16) + "...";
+    }
+}
+/**
+ * Verify a signed action without needing a signer handle
+ */
+export async function verifySignedAction(action, publicKeyHex) {
+    const native = await getNative();
+    if (native.verify_signed_action) {
+        return native.verify_signed_action(action, publicKeyHex);
+    }
+    // JS fallback - simplified verification
+    const expectedSig = `sig-${action.hash.substring(0, 32)}`;
+    const valid = action.signature === expectedSig;
+    return {
+        signatureValid: valid,
+        chainIntact: action.prevHash !== null || action.sequence === 1,
+        hashValid: true,
+        intentVerified: true, // Can't verify intent without context
+        valid,
+        error: valid ? undefined : "Signature verification failed",
+    };
+}
+class DriftDetectorHandle {
+    agentId;
+    intentId;
+    profile;
+    recentActions = [];
+    actionTimes = [];
+    threshold = 0.3;
+    constructor(agentId, intentId) {
+        this.agentId = agentId;
+        this.intentId = intentId || null;
+        this.profile = {
+            agentId,
+            intentId: intentId || undefined,
+            createdAt: Date.now(),
+            updatedAt: Date.now(),
+            totalActions: 0,
+            actionTypes: {},
+            domains: {},
+            tools: {},
+            actionsPerMinute: 0,
+            rateWindow: 60,
+            commonSequences: [],
+            forbiddenAttempts: 0,
+            approvalRequests: 0,
+        };
+    }
+    record(action) {
+        this.profile.totalActions++;
+        this.profile.updatedAt = Date.now();
+        // Update distributions
+        this.profile.actionTypes[action.actionType] = (this.profile.actionTypes[action.actionType] || 0) + 1;
+        this.profile.domains[action.domain] = (this.profile.domains[action.domain] || 0) + 1;
+        this.profile.tools[action.tool] = (this.profile.tools[action.tool] || 0) + 1;
+        // Track recent actions
+        this.recentActions.push(action);
+        if (this.recentActions.length > 100) {
+            this.recentActions.shift();
+        }
+        // Track times for rate calculation
+        this.actionTimes.push(action.timestamp);
+        const cutoff = Date.now() - this.profile.rateWindow * 1000;
+        this.actionTimes = this.actionTimes.filter(t => t > cutoff);
+        // Calculate rate
+        if (this.actionTimes.length > 1) {
+            const lastTime = this.actionTimes[this.actionTimes.length - 1];
+            const firstTime = this.actionTimes[0];
+            if (lastTime !== undefined && firstTime !== undefined) {
+                const timeSpan = (lastTime - firstTime) / 1000;
+                if (timeSpan > 0) {
+                    this.profile.actionsPerMinute = (this.actionTimes.length / timeSpan) * 60;
+                }
+            }
+        }
+    }
+    recordForbidden() {
+        this.profile.forbiddenAttempts++;
+    }
+    recordApproval() {
+        this.profile.approvalRequests++;
+    }
+    detect() {
+        const indicators = [];
+        // Check for too many forbidden attempts
+        if (this.profile.forbiddenAttempts > 0) {
+            const forbiddenRatio = this.profile.forbiddenAttempts / this.profile.totalActions;
+            if (forbiddenRatio > 0.1) {
+                indicators.push({
+                    indicatorType: "forbidden-pattern",
+                    severity: Math.min(forbiddenRatio, 1),
+                    description: `${this.profile.forbiddenAttempts} forbidden attempts (${(forbiddenRatio * 100).toFixed(1)}%)`,
+                    factor: "security_violations",
+                    evidence: [`${this.profile.forbiddenAttempts} forbidden attempts`],
+                });
+            }
+        }
+        // Check rate anomaly
+        if (this.profile.actionsPerMinute > 30) {
+            indicators.push({
+                indicatorType: "rate-anomaly",
+                severity: Math.min(this.profile.actionsPerMinute / 60, 1),
+                description: `High action rate: ${this.profile.actionsPerMinute.toFixed(1)}/min`,
+                factor: "action_rate",
+                evidence: [`${this.profile.actionsPerMinute.toFixed(1)} actions/min`],
+            });
+        }
+        // Calculate drift score
+        const overallDrift = indicators.length > 0
+            ? indicators.reduce((sum, i) => sum + i.severity, 0) / indicators.length
+            : 0;
+        const concernLevel = overallDrift > 0.7
+            ? "critical"
+            : overallDrift > 0.5
+                ? "high"
+                : overallDrift > this.threshold
+                    ? "medium"
+                    : overallDrift > 0.1
+                        ? "low"
+                        : "none";
+        return {
+            overallDrift,
+            driftFactors: indicators.map(i => ({
+                factorType: i.factor,
+                drift: i.severity,
+                description: i.description,
+            })),
+            concernLevel,
+        };
+    }
+    getProfile() {
+        return { ...this.profile };
+    }
+    setThreshold(threshold) {
+        this.threshold = threshold;
+    }
+    getRecentActions() {
+        return [...this.recentActions];
+    }
+}
+// ===== Automatic Security Hooks =====
+export * from "./hooks.js";