npm - @flowdot.ai/guardian-agent - Versions diffs - 0.1.0 - Mend

@flowdot.ai/guardian-agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/LICENSE +40 -0
package/README.md +281 -0
package/ROADMAP.md +109 -0
package/dist/audit/attestor.d.ts +102 -0
package/dist/audit/attestor.d.ts.map +1 -0
package/dist/audit/attestor.js +103 -0
package/dist/audit/attestor.js.map +1 -0
package/dist/audit/chain.d.ts +30 -0
package/dist/audit/chain.d.ts.map +1 -0
package/dist/audit/chain.js +65 -0
package/dist/audit/chain.js.map +1 -0
package/dist/audit/correlation.d.ts +114 -0
package/dist/audit/correlation.d.ts.map +1 -0
package/dist/audit/correlation.js +259 -0
package/dist/audit/correlation.js.map +1 -0
package/dist/audit/index.d.ts +13 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +8 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/reader.d.ts +30 -0
package/dist/audit/reader.d.ts.map +1 -0
package/dist/audit/reader.js +85 -0
package/dist/audit/reader.js.map +1 -0
package/dist/audit/signature.d.ts +39 -0
package/dist/audit/signature.d.ts.map +1 -0
package/dist/audit/signature.js +73 -0
package/dist/audit/signature.js.map +1 -0
package/dist/audit/stats.d.ts +106 -0
package/dist/audit/stats.d.ts.map +1 -0
package/dist/audit/stats.js +196 -0
package/dist/audit/stats.js.map +1 -0
package/dist/audit/writer.d.ts +96 -0
package/dist/audit/writer.d.ts.map +1 -0
package/dist/audit/writer.js +263 -0
package/dist/audit/writer.js.map +1 -0
package/dist/cli/guardian-baseline.d.ts +42 -0
package/dist/cli/guardian-baseline.d.ts.map +1 -0
package/dist/cli/guardian-baseline.js +265 -0
package/dist/cli/guardian-baseline.js.map +1 -0
package/dist/cli/guardian-correlator.d.ts +47 -0
package/dist/cli/guardian-correlator.d.ts.map +1 -0
package/dist/cli/guardian-correlator.js +217 -0
package/dist/cli/guardian-correlator.js.map +1 -0
package/dist/cli/guardian-verify.d.ts +30 -0
package/dist/cli/guardian-verify.d.ts.map +1 -0
package/dist/cli/guardian-verify.js +149 -0
package/dist/cli/guardian-verify.js.map +1 -0
package/dist/errors.d.ts +28 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +40 -0
package/dist/errors.js.map +1 -0
package/dist/estop/heartbeat.d.ts +94 -0
package/dist/estop/heartbeat.d.ts.map +1 -0
package/dist/estop/heartbeat.js +135 -0
package/dist/estop/heartbeat.js.map +1 -0
package/dist/estop/hub.d.ts +76 -0
package/dist/estop/hub.d.ts.map +1 -0
package/dist/estop/hub.js +167 -0
package/dist/estop/hub.js.map +1 -0
package/dist/estop/index.d.ts +12 -0
package/dist/estop/index.d.ts.map +1 -0
package/dist/estop/index.js +6 -0
package/dist/estop/index.js.map +1 -0
package/dist/estop/local.d.ts +31 -0
package/dist/estop/local.d.ts.map +1 -0
package/dist/estop/local.js +101 -0
package/dist/estop/local.js.map +1 -0
package/dist/estop/middleware.d.ts +36 -0
package/dist/estop/middleware.d.ts.map +1 -0
package/dist/estop/middleware.js +40 -0
package/dist/estop/middleware.js.map +1 -0
package/dist/estop/poller.d.ts +36 -0
package/dist/estop/poller.d.ts.map +1 -0
package/dist/estop/poller.js +85 -0
package/dist/estop/poller.js.map +1 -0
package/dist/estop/types.d.ts +31 -0
package/dist/estop/types.d.ts.map +1 -0
package/dist/estop/types.js +5 -0
package/dist/estop/types.js.map +1 -0
package/dist/gate/async-callback.d.ts +27 -0
package/dist/gate/async-callback.d.ts.map +1 -0
package/dist/gate/async-callback.js +79 -0
package/dist/gate/async-callback.js.map +1 -0
package/dist/gate/cli.d.ts +29 -0
package/dist/gate/cli.d.ts.map +1 -0
package/dist/gate/cli.js +83 -0
package/dist/gate/cli.js.map +1 -0
package/dist/gate/data-channel.d.ts +41 -0
package/dist/gate/data-channel.d.ts.map +1 -0
package/dist/gate/data-channel.js +132 -0
package/dist/gate/data-channel.js.map +1 -0
package/dist/gate/index.d.ts +13 -0
package/dist/gate/index.d.ts.map +1 -0
package/dist/gate/index.js +7 -0
package/dist/gate/index.js.map +1 -0
package/dist/gate/options.d.ts +90 -0
package/dist/gate/options.d.ts.map +1 -0
package/dist/gate/options.js +131 -0
package/dist/gate/options.js.map +1 -0
package/dist/gate/programmatic.d.ts +9 -0
package/dist/gate/programmatic.d.ts.map +1 -0
package/dist/gate/programmatic.js +20 -0
package/dist/gate/programmatic.js.map +1 -0
package/dist/gate/two-key.d.ts +90 -0
package/dist/gate/two-key.d.ts.map +1 -0
package/dist/gate/two-key.js +78 -0
package/dist/gate/two-key.js.map +1 -0
package/dist/gate/types.d.ts +25 -0
package/dist/gate/types.d.ts.map +1 -0
package/dist/gate/types.js +5 -0
package/dist/gate/types.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +26 -0
package/dist/index.js.map +1 -0
package/dist/notify/console.d.ts +13 -0
package/dist/notify/console.d.ts.map +1 -0
package/dist/notify/console.js +27 -0
package/dist/notify/console.js.map +1 -0
package/dist/notify/index.d.ts +8 -0
package/dist/notify/index.d.ts.map +1 -0
package/dist/notify/index.js +4 -0
package/dist/notify/index.js.map +1 -0
package/dist/notify/multi.d.ts +14 -0
package/dist/notify/multi.d.ts.map +1 -0
package/dist/notify/multi.js +22 -0
package/dist/notify/multi.js.map +1 -0
package/dist/notify/types.d.ts +21 -0
package/dist/notify/types.d.ts.map +1 -0
package/dist/notify/types.js +5 -0
package/dist/notify/types.js.map +1 -0
package/dist/notify/webhook.d.ts +21 -0
package/dist/notify/webhook.d.ts.map +1 -0
package/dist/notify/webhook.js +37 -0
package/dist/notify/webhook.js.map +1 -0
package/dist/policy/attribution.d.ts +61 -0
package/dist/policy/attribution.d.ts.map +1 -0
package/dist/policy/attribution.js +116 -0
package/dist/policy/attribution.js.map +1 -0
package/dist/policy/evaluator.d.ts +36 -0
package/dist/policy/evaluator.d.ts.map +1 -0
package/dist/policy/evaluator.js +211 -0
package/dist/policy/evaluator.js.map +1 -0
package/dist/policy/index.d.ts +11 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +7 -0
package/dist/policy/index.js.map +1 -0
package/dist/policy/integrity.d.ts +17 -0
package/dist/policy/integrity.d.ts.map +1 -0
package/dist/policy/integrity.js +31 -0
package/dist/policy/integrity.js.map +1 -0
package/dist/policy/loader.d.ts +9 -0
package/dist/policy/loader.d.ts.map +1 -0
package/dist/policy/loader.js +124 -0
package/dist/policy/loader.js.map +1 -0
package/dist/policy/site-key.d.ts +22 -0
package/dist/policy/site-key.d.ts.map +1 -0
package/dist/policy/site-key.js +48 -0
package/dist/policy/site-key.js.map +1 -0
package/dist/policy/store.d.ts +45 -0
package/dist/policy/store.d.ts.map +1 -0
package/dist/policy/store.js +223 -0
package/dist/policy/store.js.map +1 -0
package/dist/policy/types.d.ts +72 -0
package/dist/policy/types.d.ts.map +1 -0
package/dist/policy/types.js +5 -0
package/dist/policy/types.js.map +1 -0
package/dist/runtime/capability.d.ts +125 -0
package/dist/runtime/capability.d.ts.map +1 -0
package/dist/runtime/capability.js +121 -0
package/dist/runtime/capability.js.map +1 -0
package/dist/runtime/honeytokens.d.ts +104 -0
package/dist/runtime/honeytokens.d.ts.map +1 -0
package/dist/runtime/honeytokens.js +115 -0
package/dist/runtime/honeytokens.js.map +1 -0
package/dist/runtime/multi-rate-limiter.d.ts +90 -0
package/dist/runtime/multi-rate-limiter.d.ts.map +1 -0
package/dist/runtime/multi-rate-limiter.js +133 -0
package/dist/runtime/multi-rate-limiter.js.map +1 -0
package/dist/runtime/runtime.d.ts +94 -0
package/dist/runtime/runtime.d.ts.map +1 -0
package/dist/runtime/runtime.js +276 -0
package/dist/runtime/runtime.js.map +1 -0
package/dist/types.d.ts +97 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/package.json +83 -0

package/dist/audit/signature.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * ed25519 signatures for audit-log records. SPEC §2.6.
+ *
+ * The signature is computed over the canonical bytes of the record with
+ * `signature: null`. Library uses Node's built-in `crypto.sign` /
+ * `crypto.verify` for ed25519 — no native deps.
+ */
+import { type KeyObject } from 'node:crypto';
+import type { AuditRecord } from '../types.js';
+declare const PREFIX = "ed25519:";
+/** Generated key pair. */
+export interface Ed25519KeyPair {
+    privateKey: KeyObject;
+    publicKey: KeyObject;
+}
+/** Generate a fresh ed25519 key pair. */
+export declare function generateEd25519KeyPair(): Ed25519KeyPair;
+/** Load an ed25519 private key from a PEM string or Buffer. */
+export declare function loadPrivateKey(pem: string | Buffer): KeyObject;
+/** Load an ed25519 public key from a PEM string or Buffer. */
+export declare function loadPublicKey(pem: string | Buffer): KeyObject;
+/**
+ * Sign a record's canonical bytes. Returns `ed25519:<base64url>` per SPEC §2.6.
+ *
+ * The record passed in MUST have `signature: null` (canonicalizeForHash strips
+ * it, but we keep the convention clean).
+ */
+export declare function signRecord(record: AuditRecord, privateKey: KeyObject): string;
+/**
+ * Verify a record's signature. Returns true iff the signature matches the
+ * record's canonical bytes under the given public key.
+ *
+ * Records without a signature field (`null`) return false — caller must
+ * decide whether to allow unsigned records (typically only at compatibility
+ * boundaries).
+ */
+export declare function verifyRecord(record: AuditRecord, publicKey: KeyObject): boolean;
+export { PREFIX as SIGNATURE_PREFIX };
+//# sourceMappingURL=signature.d.ts.map

package/dist/audit/signature.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../src/audit/signature.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAML,KAAK,SAAS,EACf,MAAM,aAAa,CAAC;AAErB,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG/C,QAAA,MAAM,MAAM,aAAa,CAAC;AAE1B,0BAA0B;AAC1B,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;CACtB;AAED,yCAAyC;AACzC,wBAAgB,sBAAsB,IAAI,cAAc,CAGvD;AAED,+DAA+D;AAC/D,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAE9D;AAED,8DAA8D;AAC9D,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAE7D;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,GAAG,MAAM,CAI7E;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAY/E;AAeD,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,CAAC"}

package/dist/audit/signature.js ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * ed25519 signatures for audit-log records. SPEC §2.6.
+ *
+ * The signature is computed over the canonical bytes of the record with
+ * `signature: null`. Library uses Node's built-in `crypto.sign` /
+ * `crypto.verify` for ed25519 — no native deps.
+ */
+import { createPrivateKey, createPublicKey, generateKeyPairSync, sign, verify, } from 'node:crypto';
+import { canonicalizeForHash } from './chain.js';
+const PREFIX = 'ed25519:';
+/** Generate a fresh ed25519 key pair. */
+export function generateEd25519KeyPair() {
+    const { privateKey, publicKey } = generateKeyPairSync('ed25519');
+    return { privateKey, publicKey };
+}
+/** Load an ed25519 private key from a PEM string or Buffer. */
+export function loadPrivateKey(pem) {
+    return createPrivateKey(pem);
+}
+/** Load an ed25519 public key from a PEM string or Buffer. */
+export function loadPublicKey(pem) {
+    return createPublicKey(pem);
+}
+/**
+ * Sign a record's canonical bytes. Returns `ed25519:<base64url>` per SPEC §2.6.
+ *
+ * The record passed in MUST have `signature: null` (canonicalizeForHash strips
+ * it, but we keep the convention clean).
+ */
+export function signRecord(record, privateKey) {
+    const canonical = canonicalizeForHash(record);
+    const sig = sign(null, canonical, privateKey);
+    return PREFIX + base64url(sig);
+}
+/**
+ * Verify a record's signature. Returns true iff the signature matches the
+ * record's canonical bytes under the given public key.
+ *
+ * Records without a signature field (`null`) return false — caller must
+ * decide whether to allow unsigned records (typically only at compatibility
+ * boundaries).
+ */
+export function verifyRecord(record, publicKey) {
+    if (record.signature == null)
+        return false;
+    if (typeof record.signature !== 'string')
+        return false;
+    if (!record.signature.startsWith(PREFIX))
+        return false;
+    const sigBytes = base64urlDecode(record.signature.slice(PREFIX.length));
+    if (sigBytes === null)
+        return false;
+    const canonical = canonicalizeForHash(record);
+    try {
+        return verify(null, canonical, publicKey, sigBytes);
+    }
+    catch {
+        return false;
+    }
+}
+// ---- base64url helpers --------------------------------------------------
+function base64url(buf) {
+    return buf.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+function base64urlDecode(s) {
+    // Validate characters — Node Buffer.from is permissive otherwise.
+    if (!/^[A-Za-z0-9_-]*$/.test(s))
+        return null;
+    const normalized = s.replace(/-/g, '+').replace(/_/g, '/');
+    return Buffer.from(normalized, 'base64');
+}
+export { PREFIX as SIGNATURE_PREFIX };
+//# sourceMappingURL=signature.js.map

package/dist/audit/signature.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"signature.js","sourceRoot":"","sources":["../../src/audit/signature.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,IAAI,EACJ,MAAM,GAEP,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEjD,MAAM,MAAM,GAAG,UAAU,CAAC;AAQ1B,yCAAyC;AACzC,MAAM,UAAU,sBAAsB;IACpC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACjE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,cAAc,CAAC,GAAoB;IACjD,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,aAAa,CAAC,GAAoB;IAChD,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,MAAmB,EAAE,UAAqB;IACnE,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAC9C,OAAO,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,MAAmB,EAAE,SAAoB;IACpE,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IACxE,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACpC,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,4EAA4E;AAE5E,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,eAAe,CAAC,CAAS;IAChC,kEAAkE;IAClE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7C,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3D,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,CAAC"}

package/dist/audit/stats.d.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * Behavioral baselines + descriptive statistics on audit-record streams.
+ * SPEC §13 (v0.5.0+). Used by the offline `guardian-baseline` CLI; NEVER
+ * consulted by the supervisor in the hot path (that would re-introduce
+ * judgment).
+ *
+ * All functions are pure: same input → same output. The "is this
+ * deviation significant?" question is mathematically grounded (mean + σ
+ * thresholds) but operationally judgment-laden, so the library produces
+ * descriptive reports and lets the operator decide what to do.
+ */
+import type { AuditRecord } from '../types.js';
+export interface AgentProfile {
+    /** agent_id this profile describes. */
+    agent_id: string;
+    /** Schema version (bumped on incompatible profile-shape changes). */
+    v: '1';
+    /** Number of distinct session_id values observed. */
+    session_count: number;
+    /** Total records consumed (across kinds). */
+    total_records: number;
+    /** Total `tool_call` records observed. */
+    tool_call_count: number;
+    /** Mean events per session. */
+    avg_session_length_events: number;
+    /** Standard deviation of events-per-session. */
+    stddev_session_length_events: number;
+    /** Mean session wall-clock duration in ms. */
+    avg_session_duration_ms: number;
+    /** Standard deviation of session wall-clock duration in ms. */
+    stddev_session_duration_ms: number;
+    /** Per-tool call counts. Keys are tool names, values are integer counts. */
+    tool_frequency: Record<string, number>;
+    /** Counts per hour-of-day [0..23] from the record's `ts`. */
+    hour_of_day: number[];
+    /**
+     * Counts per audit-record kind. Useful for spotting shifts like
+     * "this agent suddenly emits a lot of denials."
+     */
+    kind_frequency: Record<string, number>;
+    /** Counts per audit status. */
+    status_frequency: Record<string, number>;
+    /** ISO-8601 timestamp of the earliest record seen. */
+    first_ts: string | null;
+    /** ISO-8601 timestamp of the latest record seen. */
+    last_ts: string | null;
+    /** Stamp recording when the profile itself was produced. */
+    generated_at: string;
+}
+/**
+ * Build an {@link AgentProfile} for a single agent_id from a flat list of
+ * audit records. Records belonging to other agent_ids are skipped silently
+ * — callers can either pre-filter or use {@link analyzeMultiAgent} to get
+ * profiles per agent.
+ *
+ * Deterministic given the same input.
+ */
+export declare function analyzeAgent(records: AuditRecord[], agentId: string): AgentProfile;
+/**
+ * Bucket records by agent_id and build a profile for each. Returns a Map
+ * keyed by agent_id (declaration order — Map insertion order matches first
+ * occurrence in the input stream, for stable test output).
+ */
+export declare function analyzeMultiAgent(records: AuditRecord[]): Map<string, AgentProfile>;
+export interface Deviation {
+    /** Which metric deviated. */
+    metric: string;
+    /** Observed value in the candidate session. */
+    observed: number;
+    /** Baseline mean (or count, depending on metric). */
+    baseline: number;
+    /** Number of σ from baseline. `null` when baseline has σ=0 (degenerate). */
+    sigma: number | null;
+    /** Free-form human label. */
+    note: string;
+}
+export interface DeviationReport {
+    agent_id: string;
+    /** ISO-8601 of the candidate session's first record. */
+    candidate_first_ts: string | null;
+    /** ISO-8601 of the candidate session's last record. */
+    candidate_last_ts: string | null;
+    /** All deviations exceeding the configured threshold, in observed order. */
+    deviations: Deviation[];
+}
+export interface CompareOptions {
+    /** σ threshold for flagging. Default 3. */
+    sigmaThreshold?: number;
+    /** Minimum sessions required in baseline before σ checks are meaningful. */
+    minBaselineSessions?: number;
+}
+/**
+ * Compare a candidate profile against a saved baseline. Returns the set of
+ * deviations that exceeded `sigmaThreshold` σ. When σ is undefined (the
+ * baseline only has one session, so σ=0), the metric is reported with
+ * `sigma: null` and is included only if the observed value differs from
+ * baseline at all.
+ *
+ * Deviation list is ordered by metric name for stable output.
+ */
+export declare function compareToBaseline(candidate: AgentProfile, baseline: AgentProfile, options?: CompareOptions): DeviationReport;
+/** Arithmetic mean. Returns 0 for empty input. */
+export declare function mean(values: readonly number[]): number;
+/** Population standard deviation. Returns 0 for inputs of length < 2. */
+export declare function stddev(values: readonly number[]): number;
+//# sourceMappingURL=stats.d.ts.map

package/dist/audit/stats.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stats.d.ts","sourceRoot":"","sources":["../../src/audit/stats.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAM/C,MAAM,WAAW,YAAY;IAC3B,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,qEAAqE;IACrE,CAAC,EAAE,GAAG,CAAC;IACP,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAC;IACtB,6CAA6C;IAC7C,aAAa,EAAE,MAAM,CAAC;IACtB,0CAA0C;IAC1C,eAAe,EAAE,MAAM,CAAC;IACxB,+BAA+B;IAC/B,yBAAyB,EAAE,MAAM,CAAC;IAClC,gDAAgD;IAChD,4BAA4B,EAAE,MAAM,CAAC;IACrC,8CAA8C;IAC9C,uBAAuB,EAAE,MAAM,CAAC;IAChC,+DAA+D;IAC/D,0BAA0B,EAAE,MAAM,CAAC;IACnC,4EAA4E;IAC5E,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,6DAA6D;IAC7D,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB;;;OAGG;IACH,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,+BAA+B;IAC/B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACzC,sDAAsD;IACtD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,oDAAoD;IACpD,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,4DAA4D;IAC5D,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,OAAO,EAAE,MAAM,GAAG,YAAY,CAGlF;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAenF;AAwED,MAAM,WAAW,SAAS;IACxB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,qDAAqD;IACrD,QAAQ,EAAE,MAAM,CAAC;IACjB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,wDAAwD;IACxD,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,uDAAuD;IACvD,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,4EAA4E;IAC5E,UAAU,EAAE,SAAS,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4EAA4E;IAC5E,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,YAAY,EACvB,QAAQ,EAAE,YAAY,EACtB,OAAO,GAAE,cAAmB,GAC3B,eAAe,CAkCjB;AAsCD,kDAAkD;AAClD,wBAAgB,IAAI,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAKtD;AAED,yEAAyE;AACzE,wBAAgB,MAAM,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CASxD"}

package/dist/audit/stats.js ADDED Viewed

@@ -0,0 +1,196 @@
+/**
+ * Behavioral baselines + descriptive statistics on audit-record streams.
+ * SPEC §13 (v0.5.0+). Used by the offline `guardian-baseline` CLI; NEVER
+ * consulted by the supervisor in the hot path (that would re-introduce
+ * judgment).
+ *
+ * All functions are pure: same input → same output. The "is this
+ * deviation significant?" question is mathematically grounded (mean + σ
+ * thresholds) but operationally judgment-laden, so the library produces
+ * descriptive reports and lets the operator decide what to do.
+ */
+/**
+ * Build an {@link AgentProfile} for a single agent_id from a flat list of
+ * audit records. Records belonging to other agent_ids are skipped silently
+ * — callers can either pre-filter or use {@link analyzeMultiAgent} to get
+ * profiles per agent.
+ *
+ * Deterministic given the same input.
+ */
+export function analyzeAgent(records, agentId) {
+    const filtered = records.filter((r) => r.agent_id === agentId);
+    return buildProfile(filtered, agentId);
+}
+/**
+ * Bucket records by agent_id and build a profile for each. Returns a Map
+ * keyed by agent_id (declaration order — Map insertion order matches first
+ * occurrence in the input stream, for stable test output).
+ */
+export function analyzeMultiAgent(records) {
+    const groups = new Map();
+    for (const r of records) {
+        let g = groups.get(r.agent_id);
+        if (!g) {
+            g = [];
+            groups.set(r.agent_id, g);
+        }
+        g.push(r);
+    }
+    const out = new Map();
+    for (const [agentId, group] of groups) {
+        out.set(agentId, buildProfile(group, agentId));
+    }
+    return out;
+}
+function buildProfile(records, agentId) {
+    // Session bookkeeping
+    const sessionEvents = new Map();
+    for (const r of records) {
+        const list = sessionEvents.get(r.session_id) ?? [];
+        list.push(r);
+        sessionEvents.set(r.session_id, list);
+    }
+    const eventsPerSession = [];
+    const durationsMs = [];
+    for (const list of sessionEvents.values()) {
+        eventsPerSession.push(list.length);
+        if (list.length < 2) {
+            durationsMs.push(0);
+            continue;
+        }
+        const sorted = [...list].sort((a, b) => a.ts.localeCompare(b.ts));
+        const first = sorted[0].ts;
+        const last = sorted[sorted.length - 1].ts;
+        durationsMs.push(new Date(last).getTime() - new Date(first).getTime());
+    }
+    const toolFrequency = {};
+    const kindFrequency = {};
+    const statusFrequency = {};
+    const hourOfDay = new Array(24).fill(0);
+    let toolCallCount = 0;
+    let firstTs = null;
+    let lastTs = null;
+    for (const r of records) {
+        kindFrequency[r.kind] = (kindFrequency[r.kind] ?? 0) + 1;
+        statusFrequency[r.status] = (statusFrequency[r.status] ?? 0) + 1;
+        if (r.kind === 'tool_call' && r.tool) {
+            toolCallCount += 1;
+            toolFrequency[r.tool.name] = (toolFrequency[r.tool.name] ?? 0) + 1;
+        }
+        const hour = new Date(r.ts).getUTCHours();
+        if (!Number.isNaN(hour)) {
+            hourOfDay[hour] = hourOfDay[hour] + 1;
+        }
+        if (firstTs === null || r.ts < firstTs)
+            firstTs = r.ts;
+        if (lastTs === null || r.ts > lastTs)
+            lastTs = r.ts;
+    }
+    return {
+        agent_id: agentId,
+        v: '1',
+        session_count: sessionEvents.size,
+        total_records: records.length,
+        tool_call_count: toolCallCount,
+        avg_session_length_events: mean(eventsPerSession),
+        stddev_session_length_events: stddev(eventsPerSession),
+        avg_session_duration_ms: mean(durationsMs),
+        stddev_session_duration_ms: stddev(durationsMs),
+        tool_frequency: toolFrequency,
+        hour_of_day: hourOfDay,
+        kind_frequency: kindFrequency,
+        status_frequency: statusFrequency,
+        first_ts: firstTs,
+        last_ts: lastTs,
+        generated_at: new Date().toISOString(),
+    };
+}
+/**
+ * Compare a candidate profile against a saved baseline. Returns the set of
+ * deviations that exceeded `sigmaThreshold` σ. When σ is undefined (the
+ * baseline only has one session, so σ=0), the metric is reported with
+ * `sigma: null` and is included only if the observed value differs from
+ * baseline at all.
+ *
+ * Deviation list is ordered by metric name for stable output.
+ */
+export function compareToBaseline(candidate, baseline, options = {}) {
+    const threshold = options.sigmaThreshold ?? 3;
+    const minSessions = options.minBaselineSessions ?? 2;
+    const deviations = [];
+    if (baseline.session_count >= minSessions) {
+        pushIfDeviated(deviations, 'avg_session_length_events', candidate.avg_session_length_events, baseline.avg_session_length_events, baseline.stddev_session_length_events, threshold);
+        pushIfDeviated(deviations, 'avg_session_duration_ms', candidate.avg_session_duration_ms, baseline.avg_session_duration_ms, baseline.stddev_session_duration_ms, threshold);
+    }
+    // Tool-frequency: flag any tool that appears in candidate >0 times but
+    // 0 times in baseline (and vice versa, though that's less interesting).
+    const baselineTools = new Set(Object.keys(baseline.tool_frequency));
+    for (const [tool, count] of Object.entries(candidate.tool_frequency)) {
+        if (!baselineTools.has(tool)) {
+            deviations.push({
+                metric: `tool_frequency.${tool}`,
+                observed: count,
+                baseline: 0,
+                sigma: null,
+                note: 'tool not present in baseline',
+            });
+        }
+    }
+    // Stable order.
+    deviations.sort((a, b) => a.metric.localeCompare(b.metric));
+    return {
+        agent_id: candidate.agent_id,
+        candidate_first_ts: candidate.first_ts,
+        candidate_last_ts: candidate.last_ts,
+        deviations,
+    };
+}
+function pushIfDeviated(out, metric, observed, baselineMean, baselineStddev, threshold) {
+    if (baselineStddev === 0) {
+        if (observed !== baselineMean) {
+            out.push({
+                metric,
+                observed,
+                baseline: baselineMean,
+                sigma: null,
+                note: 'baseline σ=0; any difference is flagged',
+            });
+        }
+        return;
+    }
+    const sigma = Math.abs(observed - baselineMean) / baselineStddev;
+    if (sigma >= threshold) {
+        out.push({
+            metric,
+            observed,
+            baseline: baselineMean,
+            sigma,
+            note: `${sigma.toFixed(2)}σ from baseline mean ${baselineMean.toFixed(2)}`,
+        });
+    }
+}
+// ============================================================================
+// Small stats helpers
+// ============================================================================
+/** Arithmetic mean. Returns 0 for empty input. */
+export function mean(values) {
+    if (values.length === 0)
+        return 0;
+    let sum = 0;
+    for (const v of values)
+        sum += v;
+    return sum / values.length;
+}
+/** Population standard deviation. Returns 0 for inputs of length < 2. */
+export function stddev(values) {
+    if (values.length < 2)
+        return 0;
+    const m = mean(values);
+    let sumSq = 0;
+    for (const v of values) {
+        const d = v - m;
+        sumSq += d * d;
+    }
+    return Math.sqrt(sumSq / values.length);
+}
+//# sourceMappingURL=stats.js.map

package/dist/audit/stats.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stats.js","sourceRoot":"","sources":["../../src/audit/stats.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AA8CH;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,OAAsB,EAAE,OAAe;IAClE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAC/D,OAAO,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAsB;IACtD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAyB,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/B,IAAI,CAAC,CAAC,EAAE,CAAC;YACP,CAAC,GAAG,EAAE,CAAC;YACP,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC5C,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QACtC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,OAAsB,EAAE,OAAe;IAC3D,sBAAsB;IACtB,MAAM,aAAa,GAAG,IAAI,GAAG,EAAyB,CAAC;IACvD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;QAC1C,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAI,MAAM,CAAC,CAAC,CAAiB,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAiB,CAAC,EAAE,CAAC;QAC3D,WAAW,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,aAAa,GAA2B,EAAE,CAAC;IACjD,MAAM,aAAa,GAA2B,EAAE,CAAC;IACjD,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,MAAM,SAAS,GAAa,IAAI,KAAK,CAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1D,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,OAAO,GAAkB,IAAI,CAAC;IAClC,IAAI,MAAM,GAAkB,IAAI,CAAC;IAEjC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACzD,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACjE,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,aAAa,IAAI,CAAC,CAAC;YACnB,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,SAAS,CAAC,IAAI,CAAC,GAAI,SAAS,CAAC,IAAI,CAAY,GAAG,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,GAAG,OAAO;YAAE,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC;QACvD,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,GAAG,MAAM;YAAE,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;IACtD,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,CAAC,EAAE,GAAG;QACN,aAAa,EAAE,aAAa,CAAC,IAAI;QACjC,aAAa,EAAE,OAAO,CAAC,MAAM;QAC7B,eAAe,EAAE,aAAa;QAC9B,yBAAyB,EAAE,IAAI,CAAC,gBAAgB,CAAC;QACjD,4BAA4B,EAAE,MAAM,CAAC,gBAAgB,CAAC;QACtD,uBAAuB,EAAE,IAAI,CAAC,WAAW,CAAC;QAC1C,0BAA0B,EAAE,MAAM,CAAC,WAAW,CAAC;QAC/C,cAAc,EAAE,aAAa;QAC7B,WAAW,EAAE,SAAS;QACtB,cAAc,EAAE,aAAa;QAC7B,gBAAgB,EAAE,eAAe;QACjC,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,MAAM;QACf,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACvC,CAAC;AACJ,CAAC;AAoCD;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAuB,EACvB,QAAsB,EACtB,UAA0B,EAAE;IAE5B,MAAM,SAAS,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC;IACrD,MAAM,UAAU,GAAgB,EAAE,CAAC;IAEnC,IAAI,QAAQ,CAAC,aAAa,IAAI,WAAW,EAAE,CAAC;QAC1C,cAAc,CAAC,UAAU,EAAE,2BAA2B,EAAE,SAAS,CAAC,yBAAyB,EAAE,QAAQ,CAAC,yBAAyB,EAAE,QAAQ,CAAC,4BAA4B,EAAE,SAAS,CAAC,CAAC;QACnL,cAAc,CAAC,UAAU,EAAE,yBAAyB,EAAE,SAAS,CAAC,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB,EAAE,QAAQ,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;IAC7K,CAAC;IAED,uEAAuE;IACvE,wEAAwE;IACxE,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IACpE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC;QACrE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC;gBACd,MAAM,EAAE,kBAAkB,IAAI,EAAE;gBAChC,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,CAAC;gBACX,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,8BAA8B;aACrC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAE5D,OAAO;QACL,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,kBAAkB,EAAE,SAAS,CAAC,QAAQ;QACtC,iBAAiB,EAAE,SAAS,CAAC,OAAO;QACpC,UAAU;KACX,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CACrB,GAAgB,EAChB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,cAAsB,EACtB,SAAiB;IAEjB,IAAI,cAAc,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,GAAG,CAAC,IAAI,CAAC;gBACP,MAAM;gBACN,QAAQ;gBACR,QAAQ,EAAE,YAAY;gBACtB,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,yCAAyC;aAChD,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,YAAY,CAAC,GAAG,cAAc,CAAC;IACjE,IAAI,KAAK,IAAI,SAAS,EAAE,CAAC;QACvB,GAAG,CAAC,IAAI,CAAC;YACP,MAAM;YACN,QAAQ;YACR,QAAQ,EAAE,YAAY;YACtB,KAAK;YACL,IAAI,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;SAC3E,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,kDAAkD;AAClD,MAAM,UAAU,IAAI,CAAC,MAAyB;IAC5C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,GAAG,IAAI,CAAC,CAAC;IACjC,OAAO,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;AAC7B,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,MAAM,CAAC,MAAyB;IAC9C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC"}

package/dist/audit/writer.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * Single-writer append-only JSONL audit log with hash chain. SPEC §2.
+ */
+import type { KeyObject } from 'node:crypto';
+import type { AuditRecord, AuditRecordInput } from '../types.js';
+import type { Attestor } from './attestor.js';
+export interface AuditLogWriterOptions {
+    /** Path to the JSONL audit log file. Created if absent. */
+    path: string;
+    /** Agent id stamped onto every record. */
+    agentId: string;
+    /** Session id stamped onto every record. */
+    sessionId: string;
+    /** File permission mode. Defaults to 0o600. */
+    fileMode?: number;
+    /** ed25519 private key. When set, every record is signed. SPEC §2.6 (v0.5+). */
+    signWith?: KeyObject;
+    /**
+     * Called once on open() when an existing log is reopened. Fires with the
+     * last record so the host can detect unclean shutdown (last record was
+     * anything other than session_close).
+     *
+     * Not called on a fresh file (no existing tip). Errors thrown inside the
+     * callback do not prevent the writer from opening — they propagate to the
+     * caller of open().
+     */
+    onTipRecovered?: (lastRecord: AuditRecord) => void | Promise<void>;
+    /**
+     * External attestor. When set, the writer publishes the current chain
+     * head every {@link attestEvery} records and on close(). Each successful
+     * publish emits an `x_chain_attested` audit row; failures emit
+     * `x_chain_attestation_failed`. Attestor errors are NEVER fatal. SPEC §2.7.
+     */
+    attestor?: Attestor;
+    /** Records between attestations. Default 100. Ignored when attestor is unset. */
+    attestEvery?: number;
+    /**
+     * Attest the final chain head when close() is called. Default true.
+     * Ignored when attestor is unset.
+     */
+    attestOnClose?: boolean;
+}
+/**
+ * Append-only writer. Internal queue ensures the hash chain is strictly
+ * ordered even when callers `append` concurrently.
+ */
+export declare class AuditLogWriter {
+    readonly path: string;
+    readonly agentId: string;
+    readonly sessionId: string;
+    private fileMode;
+    private handle;
+    private openPromise;
+    private closed;
+    private _tipHash;
+    private queue;
+    private readonly signWith;
+    private readonly onTipRecovered;
+    private readonly attestor;
+    private readonly attestEvery;
+    private readonly attestOnClose;
+    private appendedCount;
+    private attestationInFlight;
+    constructor(options: AuditLogWriterOptions);
+    /** Tip of the hash chain (the last appended record's hash). */
+    get tipHash(): string;
+    /** Open the underlying file (idempotent + single-flight). Recovers tip hash if file exists. */
+    open(): Promise<void>;
+    /** Append a record. Computes hash chain; serializes via internal queue. */
+    append(input: AuditRecordInput): Promise<AuditRecord>;
+    /** Flush and close the file handle. Idempotent. */
+    close(): Promise<void>;
+    /**
+     * Publish the current chain head to the configured attestor and emit
+     * `x_chain_attested` (success) or `x_chain_attestation_failed` (error).
+     * Idempotent on no-attestor or in-flight: callers can fire-and-forget.
+     *
+     * Exposed publicly so consumers can force a flush (e.g., on a
+     * manually-triggered checkpoint).
+     */
+    runAttestation(): Promise<void>;
+    /**
+     * Internal-only append that bypasses the closed check (used by close() to
+     * write the final attestation row) and skips the attestation hook (to
+     * avoid recursion when writing attestation outcome rows).
+     */
+    private appendInternal;
+    private writeOne;
+    /**
+     * Read the last non-empty record from the existing log. Returns null when
+     * the file is empty or contains only blank lines. Used during open() to
+     * seed the hash chain and expose the recovered record to onTipRecovered.
+     */
+    private recoverTipRecord;
+}
+//# sourceMappingURL=writer.d.ts.map

package/dist/audit/writer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"writer.d.ts","sourceRoot":"","sources":["../../src/audit/writer.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,KAAK,EACV,WAAW,EACX,gBAAgB,EACjB,MAAM,aAAa,CAAC;AAIrB,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAG9C,MAAM,WAAW,qBAAqB;IACpC,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gFAAgF;IAChF,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB;;;;;;;;OAQG;IACH,cAAc,CAAC,EAAE,CAAC,UAAU,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnE;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,iFAAiF;IACjF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;GAGG;AACH,qBAAa,cAAc;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,WAAW,CAA8B;IACjD,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAwB;IACxC,OAAO,CAAC,KAAK,CAAuC;IACpD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAwB;IACjD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAEjB;IACd,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAuB;IAChD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAU;IAIxC,OAAO,CAAC,aAAa,CAAK;IAK1B,OAAO,CAAC,mBAAmB,CAAS;gBAExB,OAAO,EAAE,qBAAqB;IAe1C,+DAA+D;IAC/D,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,+FAA+F;IACzF,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAsB3B,2EAA2E;IACrE,MAAM,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC;IAgB3D,mDAAmD;IAC7C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB5B;;;;;;;OAOG;IACG,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC;IAkDrC;;;;OAIG;YACW,cAAc;YAWd,QAAQ;IAyDtB;;;;OAIG;YACW,gBAAgB;CAW/B"}