@flowdot.ai/guardian-agent 0.1.0

package/dist/gate/index.d.ts

@@ -0,0 +1,13 @@
+export type { ApprovalGate, GateRequest, GateResponse, GateGranularity, GateDecision, } from './types.js';
+export { cliApprovalGate, parseCliAnswer } from './cli.js';
+export type { CliGateOptions } from './cli.js';
+export { asyncCallbackGate } from './async-callback.js';
+export type { AsyncCallbackGateOptions } from './async-callback.js';
+export { programmaticGate } from './programmatic.js';
+export { dataChannelGate, encodeRequest, decodeResponse } from './data-channel.js';
+export type { DataChannelGateOptions, DataChannelSend, DataChannelOnResponse, } from './data-channel.js';
+export { CLASSIC_FOUR, FLOWDOT_FIVE, defineGateOptionSet, findOption, resolveOption, } from './options.js';
+export type { GateOption, GateOptionSet } from './options.js';
+export { callbackOperatorGate, denyAllOperatorGate, newGateId, awaitWithTimeout, } from './two-key.js';
+export type { OperatorConfirmationGate, OperatorConfirmationRequest, OperatorConfirmationResponse, } from './two-key.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/gate/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/gate/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,eAAe,EACf,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC3D,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,YAAY,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnF,YAAY,EACV,sBAAsB,EACtB,eAAe,EACf,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,UAAU,EACV,aAAa,GACd,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,gBAAgB,GACjB,MAAM,cAAc,CAAC;AACtB,YAAY,EACV,wBAAwB,EACxB,2BAA2B,EAC3B,4BAA4B,GAC7B,MAAM,cAAc,CAAC"}

package/dist/gate/index.js

@@ -0,0 +1,7 @@
+export { cliApprovalGate, parseCliAnswer } from './cli.js';
+export { asyncCallbackGate } from './async-callback.js';
+export { programmaticGate } from './programmatic.js';
+export { dataChannelGate, encodeRequest, decodeResponse } from './data-channel.js';
+export { CLASSIC_FOUR, FLOWDOT_FIVE, defineGateOptionSet, findOption, resolveOption, } from './options.js';
+export { callbackOperatorGate, denyAllOperatorGate, newGateId, awaitWithTimeout, } from './two-key.js';
+//# sourceMappingURL=index.js.map

package/dist/gate/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/gate/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAMnF,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,UAAU,EACV,aAAa,GACd,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,gBAAgB,GACjB,MAAM,cAAc,CAAC"}

package/dist/gate/options.d.ts

@@ -0,0 +1,90 @@
+/**
+ * Gate option sets. SPEC §4 (extension).
+ *
+ * The fixed 5-button `GateDecision` enum (`allow`/`allow_session`/
+ * `allow_forever`/`deny`/`ban_forever`) is preserved for back-compat. This
+ * module adds a parallel configurable-option-set system: consumers declare
+ * which buttons to show, with their own ids/labels, and the library carries
+ * the chosen-option id through gate responses + audit records.
+ *
+ * FlowDot uses {@link FLOWDOT_FIVE} on its voice/live surface and
+ * {@link CLASSIC_FOUR} on its file-permission surface. Anyone else can ship
+ * their own `GateOptionSet`.
+ */
+import type { PolicyScope } from '../policy/types.js';
+import type { GateGranularity } from './types.js';
+/**
+ * One button in an approval prompt.
+ *
+ * - `id` is the stable wire string surfaced in `GateResponse.chosen_option_id`
+ *   and recorded in audit records. Keep it short and ASCII (`once`,
+ *   `session`, `toolkit`, etc.).
+ * - `scope` is what gets persisted if the consumer's policy store records the
+ *   answer. `'once'` means do-not-persist.
+ * - `decision` is the immediate yes/no for THIS call.
+ * - `granularity` controls what the persisted rule covers when `scope` is
+ *   anything other than `'once'`. `'tool'` is the default and means "this
+ *   specific tool name"; `'toolkit'` means "every tool in this toolkit";
+ *   `'category'` means "every tool in this category".
+ */
+export interface GateOption {
+    id: string;
+    label?: string;
+    scope: PolicyScope;
+    decision: 'allow' | 'deny';
+    granularity?: GateGranularity;
+}
+/**
+ * A named collection of {@link GateOption}s, ordered for display.
+ *
+ * Consumers SHOULD render options in declaration order. The library does not
+ * enforce uniqueness of `id` within a set — but lookups by id return the
+ * first match, so duplicates only confuse readers.
+ */
+export interface GateOptionSet {
+    /** Stable identifier for the set itself (recorded in audit on gate_request). */
+    id: string;
+    /** Optional human note describing what this set is for. */
+    description?: string;
+    /** The options, in display order. */
+    options: GateOption[];
+}
+/**
+ * FlowDot's live-call gate. Five buttons.
+ *
+ * - `once` — allow this call only, persist nothing
+ * - `session` — allow for this session
+ * - `tool` — allow this specific tool forever
+ * - `toolkit` — allow every tool in this toolkit forever
+ * - `deny` — refuse this call
+ */
+export declare const FLOWDOT_FIVE: GateOptionSet;
+/**
+ * FlowDot's classic file-permission gate. Four scopes (`banned` is implied by
+ * a deny-forever option).
+ *
+ * - `once` — allow this call only
+ * - `session` — allow for this session
+ * - `forever` — allow this tool forever
+ * - `banned` — deny this tool forever
+ */
+export declare const CLASSIC_FOUR: GateOptionSet;
+/**
+ * Build a custom option set. Useful for consumers who want a non-standard
+ * combination — e.g. a "stop the world" pseudo-option that triggers an estop.
+ *
+ * Throws if `options` is empty or contains duplicate ids.
+ */
+export declare function defineGateOptionSet(id: string, options: GateOption[], description?: string): GateOptionSet;
+/**
+ * Find an option by id. Returns `undefined` when no match.
+ */
+export declare function findOption(set: GateOptionSet, optionId: string): GateOption | undefined;
+/**
+ * Resolve a chosen option id against a set. Returns the option, or throws
+ * with a clear message listing the valid ids. Use this when an external
+ * caller (UI, IPC frame, data-channel response) provides a string and you
+ * want to fail loudly on typos.
+ */
+export declare function resolveOption(set: GateOptionSet, optionId: string): GateOption;
+//# sourceMappingURL=options.d.ts.map

package/dist/gate/options.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"options.d.ts","sourceRoot":"","sources":["../../src/gate/options.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,WAAW,CAAC;IACnB,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,eAAe,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,gFAAgF;IAChF,EAAE,EAAE,MAAM,CAAC;IACX,2DAA2D;IAC3D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,OAAO,EAAE,UAAU,EAAE,CAAC;CACvB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,EAAE,aA4B1B,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,EAAE,aA2B1B,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,aAAa,CAc1G;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAEvF;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,CAS9E"}

package/dist/gate/options.js

@@ -0,0 +1,131 @@
+/**
+ * Gate option sets. SPEC §4 (extension).
+ *
+ * The fixed 5-button `GateDecision` enum (`allow`/`allow_session`/
+ * `allow_forever`/`deny`/`ban_forever`) is preserved for back-compat. This
+ * module adds a parallel configurable-option-set system: consumers declare
+ * which buttons to show, with their own ids/labels, and the library carries
+ * the chosen-option id through gate responses + audit records.
+ *
+ * FlowDot uses {@link FLOWDOT_FIVE} on its voice/live surface and
+ * {@link CLASSIC_FOUR} on its file-permission surface. Anyone else can ship
+ * their own `GateOptionSet`.
+ */
+/**
+ * FlowDot's live-call gate. Five buttons.
+ *
+ * - `once` — allow this call only, persist nothing
+ * - `session` — allow for this session
+ * - `tool` — allow this specific tool forever
+ * - `toolkit` — allow every tool in this toolkit forever
+ * - `deny` — refuse this call
+ */
+export const FLOWDOT_FIVE = {
+    id: 'flowdot-five',
+    description: 'FlowDot voice/live tool-call approval (5 buttons).',
+    options: [
+        { id: 'once', label: 'Allow once', scope: 'once', decision: 'allow', granularity: 'tool' },
+        {
+            id: 'session',
+            label: 'Allow for this session',
+            scope: 'session',
+            decision: 'allow',
+            granularity: 'tool',
+        },
+        {
+            id: 'tool',
+            label: 'Always allow this tool',
+            scope: 'forever',
+            decision: 'allow',
+            granularity: 'tool',
+        },
+        {
+            id: 'toolkit',
+            label: 'Always allow this toolkit',
+            scope: 'forever',
+            decision: 'allow',
+            granularity: 'toolkit',
+        },
+        { id: 'deny', label: 'Deny', scope: 'once', decision: 'deny', granularity: 'tool' },
+    ],
+};
+/**
+ * FlowDot's classic file-permission gate. Four scopes (`banned` is implied by
+ * a deny-forever option).
+ *
+ * - `once` — allow this call only
+ * - `session` — allow for this session
+ * - `forever` — allow this tool forever
+ * - `banned` — deny this tool forever
+ */
+export const CLASSIC_FOUR = {
+    id: 'classic-four',
+    description: 'FlowDot file-permission scopes (once/session/forever/banned).',
+    options: [
+        { id: 'once', label: 'Allow once', scope: 'once', decision: 'allow', granularity: 'tool' },
+        {
+            id: 'session',
+            label: 'Allow for this session',
+            scope: 'session',
+            decision: 'allow',
+            granularity: 'tool',
+        },
+        {
+            id: 'forever',
+            label: 'Always allow',
+            scope: 'forever',
+            decision: 'allow',
+            granularity: 'tool',
+        },
+        {
+            id: 'banned',
+            label: 'Never allow',
+            scope: 'banned',
+            decision: 'deny',
+            granularity: 'tool',
+        },
+    ],
+};
+/**
+ * Build a custom option set. Useful for consumers who want a non-standard
+ * combination — e.g. a "stop the world" pseudo-option that triggers an estop.
+ *
+ * Throws if `options` is empty or contains duplicate ids.
+ */
+export function defineGateOptionSet(id, options, description) {
+    if (options.length === 0) {
+        throw new Error('defineGateOptionSet: options must be non-empty');
+    }
+    const seen = new Set();
+    for (const o of options) {
+        if (seen.has(o.id)) {
+            throw new Error(`defineGateOptionSet: duplicate option id ${JSON.stringify(o.id)}`);
+        }
+        seen.add(o.id);
+    }
+    const out = { id, options };
+    if (description !== undefined)
+        out.description = description;
+    return out;
+}
+/**
+ * Find an option by id. Returns `undefined` when no match.
+ */
+export function findOption(set, optionId) {
+    return set.options.find((o) => o.id === optionId);
+}
+/**
+ * Resolve a chosen option id against a set. Returns the option, or throws
+ * with a clear message listing the valid ids. Use this when an external
+ * caller (UI, IPC frame, data-channel response) provides a string and you
+ * want to fail loudly on typos.
+ */
+export function resolveOption(set, optionId) {
+    const found = findOption(set, optionId);
+    if (!found) {
+        const valid = set.options.map((o) => o.id).join(', ');
+        throw new Error(`Unknown gate option ${JSON.stringify(optionId)} for set ${JSON.stringify(set.id)}. Valid: ${valid}.`);
+    }
+    return found;
+}
+//# sourceMappingURL=options.js.map

package/dist/gate/options.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"options.js","sourceRoot":"","sources":["../../src/gate/options.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA2CH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,EAAE,EAAE,cAAc;IAClB,WAAW,EAAE,oDAAoD;IACjE,OAAO,EAAE;QACP,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE;QAC1F;YACE,EAAE,EAAE,SAAS;YACb,KAAK,EAAE,wBAAwB;YAC/B,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,OAAO;YACjB,WAAW,EAAE,MAAM;SACpB;QACD;YACE,EAAE,EAAE,MAAM;YACV,KAAK,EAAE,wBAAwB;YAC/B,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,OAAO;YACjB,WAAW,EAAE,MAAM;SACpB;QACD;YACE,EAAE,EAAE,SAAS;YACb,KAAK,EAAE,2BAA2B;YAClC,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,OAAO;YACjB,WAAW,EAAE,SAAS;SACvB;QACD,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE;KACpF;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,EAAE,EAAE,cAAc;IAClB,WAAW,EAAE,+DAA+D;IAC5E,OAAO,EAAE;QACP,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE;QAC1F;YACE,EAAE,EAAE,SAAS;YACb,KAAK,EAAE,wBAAwB;YAC/B,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,OAAO;YACjB,WAAW,EAAE,MAAM;SACpB;QACD;YACE,EAAE,EAAE,SAAS;YACb,KAAK,EAAE,cAAc;YACrB,KAAK,EAAE,SAAS;YAChB,QAAQ,EAAE,OAAO;YACjB,WAAW,EAAE,MAAM;SACpB;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,aAAa;YACpB,KAAK,EAAE,QAAQ;YACf,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,MAAM;SACpB;KACF;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,EAAU,EAAE,OAAqB,EAAE,WAAoB;IACzF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,MAAM,GAAG,GAAkB,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IAC3C,IAAI,WAAW,KAAK,SAAS;QAAE,GAAG,CAAC,WAAW,GAAG,WAAW,CAAC;IAC7D,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,GAAkB,EAAE,QAAgB;IAC7D,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAkB,EAAE,QAAgB;IAChE,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,YAAY,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,KAAK,GAAG,CACtG,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/gate/programmatic.d.ts

@@ -0,0 +1,9 @@
+/**
+ * programmaticGate — wraps an arbitrary handler. SPEC §4.3.
+ *
+ * Use when the host application has its own UI (Electron renderer, mobile RN
+ * modal, etc.) and the gate is "just call this function and wait."
+ */
+import type { ApprovalGate, GateRequest, GateResponse } from './types.js';
+export declare function programmaticGate(handler: (request: GateRequest) => Promise<GateResponse> | GateResponse): ApprovalGate;
+//# sourceMappingURL=programmatic.d.ts.map

package/dist/gate/programmatic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"programmatic.d.ts","sourceRoot":"","sources":["../../src/gate/programmatic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1E,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,GACtE,YAAY,CAYd"}

package/dist/gate/programmatic.js

@@ -0,0 +1,20 @@
+/**
+ * programmaticGate — wraps an arbitrary handler. SPEC §4.3.
+ *
+ * Use when the host application has its own UI (Electron renderer, mobile RN
+ * modal, etc.) and the gate is "just call this function and wait."
+ */
+export function programmaticGate(handler) {
+    return async (request) => {
+        const response = await handler(request);
+        if (response.granularity !== request.granularity) {
+            // SPEC §4.3: gate may not escalate granularity. The library defends by
+            // downgrading any wider response to the requested granularity rather
+            // than throwing — this preserves liveness while preventing escalation.
+            // (A more conservative deployment can wrap the handler to throw.)
+            return { ...response, granularity: request.granularity };
+        }
+        return response;
+    };
+}
+//# sourceMappingURL=programmatic.js.map

package/dist/gate/programmatic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"programmatic.js","sourceRoot":"","sources":["../../src/gate/programmatic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,UAAU,gBAAgB,CAC9B,OAAuE;IAEvE,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;QAC3D,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,QAAQ,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACjD,uEAAuE;YACvE,qEAAqE;YACrE,uEAAuE;YACvE,kEAAkE;YAClE,OAAO,EAAE,GAAG,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC"}

package/dist/gate/two-key.d.ts

@@ -0,0 +1,90 @@
+/**
+ * Two-key operator authorization. SPEC §4.5 (v0.4.0+).
+ *
+ * For tool dispatches that require fresh operator confirmation before
+ * proceeding (analogous to `sudo` for AI agents, or the Hub's
+ * `password.confirm` gate for `panic_clear`), the runtime suspends the
+ * call, writes a `policy_check { status: pending_operator }` audit row
+ * with a unique `gate_id`, and calls the configured
+ * `OperatorConfirmationGate.request()`. The gate's response — approved or
+ * denied — resolves the suspended call. A timeout is treated as denied
+ * (fail-closed).
+ *
+ * The library defines the suspend/resume + timeout mechanism. The actual
+ * transport (HTTP webhook, IPC frame to a UI process, LiveKit data
+ * channel, Hub-side password.confirm endpoint) is consumer-supplied. The
+ * library ships:
+ *
+ *   - `OperatorConfirmationGate` interface (one method, `request`)
+ *   - `callbackOperatorGate(fn)` reference adapter (wraps a plain JS callback)
+ *   - `denyAllOperatorGate()` reference adapter (defensive fallback)
+ *
+ * Pure mechanism: blocking wait on an external signal, hard timeout, audit
+ * lifecycle. No reasoning about whether the call is safe — only that this
+ * class of call requires a human.
+ */
+/**
+ * Payload supplied to the gate when a suspended call asks for confirmation.
+ */
+export interface OperatorConfirmationRequest {
+    /** Stable correlation id. Matches `detail.gate_id` on the pending audit row. */
+    gate_id: string;
+    /** Tool that would be dispatched if approved. */
+    tool_name: string;
+    /** Tool's args (CALLER REDACTED — same shape that lands in audit). */
+    tool_args: Record<string, unknown>;
+    /** Human-readable reason this gate fired (rule id, capability name, etc.). */
+    reason: string;
+    /** Hard timeout in ms. Library enforces this; gate MAY return sooner. */
+    timeout_ms: number;
+    /** Agent id stamped on the audit row. */
+    agent_id: string;
+    /** Session id stamped on the audit row. */
+    session_id: string;
+}
+/**
+ * Response from the gate. Library accepts the decision verbatim; on timeout
+ * the library synthesizes `{ decision: 'denied', reason: 'timeout' }`.
+ */
+export interface OperatorConfirmationResponse {
+    decision: 'approved' | 'denied';
+    /** Free-text id of the operator (auth subject, hostname, etc.). */
+    operator_id?: string;
+    /** Free-text reason; primarily for denied + timeout cases. */
+    reason?: string;
+}
+/**
+ * The contract a consumer implements. One method.
+ *
+ * Implementations MUST NOT mutate `request`. Implementations MAY block as
+ * long as they like; the library enforces `timeout_ms` independently via
+ * Promise.race.
+ */
+export interface OperatorConfirmationGate {
+    request(req: OperatorConfirmationRequest): Promise<OperatorConfirmationResponse> | OperatorConfirmationResponse;
+}
+/**
+ * Wrap a callback as a gate. Useful for in-process testing, simple consumer
+ * setups, and the "operator types y/n in the terminal" pattern.
+ *
+ * The callback receives the request; whatever it resolves/returns becomes
+ * the response.
+ */
+export declare function callbackOperatorGate(fn: (req: OperatorConfirmationRequest) => Promise<OperatorConfirmationResponse> | OperatorConfirmationResponse): OperatorConfirmationGate;
+/**
+ * Reference gate that denies every request. Defensive fallback used when
+ * the consumer wants `requiresOperatorConfirmation: true` to fail-closed
+ * (e.g., CI environments with no operator transport wired).
+ */
+export declare function denyAllOperatorGate(reason?: string): OperatorConfirmationGate;
+/**
+ * Generate a fresh gate_id. Exposed for tests; runtime calls this internally.
+ */
+export declare function newGateId(): string;
+/**
+ * Race a gate response against a timeout. Returns the gate's response, or
+ * a synthesized `denied/timeout` response after `timeout_ms`. Internal —
+ * the runtime uses this; exposed for tests.
+ */
+export declare function awaitWithTimeout(gate: OperatorConfirmationGate, request: OperatorConfirmationRequest): Promise<OperatorConfirmationResponse>;
+//# sourceMappingURL=two-key.d.ts.map

package/dist/gate/two-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-key.d.ts","sourceRoot":"","sources":["../../src/gate/two-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,gFAAgF;IAChF,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,SAAS,EAAE,MAAM,CAAC;IAClB,sEAAsE;IACtE,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,8EAA8E;IAC9E,MAAM,EAAE,MAAM,CAAC;IACf,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,UAAU,GAAG,QAAQ,CAAC;IAChC,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,wBAAwB;IACvC,OAAO,CACL,GAAG,EAAE,2BAA2B,GAC/B,OAAO,CAAC,4BAA4B,CAAC,GAAG,4BAA4B,CAAC;CACzE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,EAAE,EAAE,CACF,GAAG,EAAE,2BAA2B,KAC7B,OAAO,CAAC,4BAA4B,CAAC,GAAG,4BAA4B,GACxE,wBAAwB,CAE1B;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,SAAgC,GAAG,wBAAwB,CAIpG;AAED;;GAEG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAElC;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,wBAAwB,EAC9B,OAAO,EAAE,2BAA2B,GACnC,OAAO,CAAC,4BAA4B,CAAC,CAiBvC"}

package/dist/gate/two-key.js

@@ -0,0 +1,78 @@
+/**
+ * Two-key operator authorization. SPEC §4.5 (v0.4.0+).
+ *
+ * For tool dispatches that require fresh operator confirmation before
+ * proceeding (analogous to `sudo` for AI agents, or the Hub's
+ * `password.confirm` gate for `panic_clear`), the runtime suspends the
+ * call, writes a `policy_check { status: pending_operator }` audit row
+ * with a unique `gate_id`, and calls the configured
+ * `OperatorConfirmationGate.request()`. The gate's response — approved or
+ * denied — resolves the suspended call. A timeout is treated as denied
+ * (fail-closed).
+ *
+ * The library defines the suspend/resume + timeout mechanism. The actual
+ * transport (HTTP webhook, IPC frame to a UI process, LiveKit data
+ * channel, Hub-side password.confirm endpoint) is consumer-supplied. The
+ * library ships:
+ *
+ *   - `OperatorConfirmationGate` interface (one method, `request`)
+ *   - `callbackOperatorGate(fn)` reference adapter (wraps a plain JS callback)
+ *   - `denyAllOperatorGate()` reference adapter (defensive fallback)
+ *
+ * Pure mechanism: blocking wait on an external signal, hard timeout, audit
+ * lifecycle. No reasoning about whether the call is safe — only that this
+ * class of call requires a human.
+ */
+import { ulid } from 'ulidx';
+/**
+ * Wrap a callback as a gate. Useful for in-process testing, simple consumer
+ * setups, and the "operator types y/n in the terminal" pattern.
+ *
+ * The callback receives the request; whatever it resolves/returns becomes
+ * the response.
+ */
+export function callbackOperatorGate(fn) {
+    return { request: fn };
+}
+/**
+ * Reference gate that denies every request. Defensive fallback used when
+ * the consumer wants `requiresOperatorConfirmation: true` to fail-closed
+ * (e.g., CI environments with no operator transport wired).
+ */
+export function denyAllOperatorGate(reason = 'no operator gate configured') {
+    return {
+        request: () => ({ decision: 'denied', reason }),
+    };
+}
+/**
+ * Generate a fresh gate_id. Exposed for tests; runtime calls this internally.
+ */
+export function newGateId() {
+    return 'gt_' + ulid();
+}
+/**
+ * Race a gate response against a timeout. Returns the gate's response, or
+ * a synthesized `denied/timeout` response after `timeout_ms`. Internal —
+ * the runtime uses this; exposed for tests.
+ */
+export async function awaitWithTimeout(gate, request) {
+    const timeoutMs = request.timeout_ms;
+    let timer;
+    const timeout = new Promise((resolve) => {
+        timer = setTimeout(() => {
+            resolve({ decision: 'denied', reason: 'timeout' });
+        }, timeoutMs);
+    });
+    try {
+        const result = await Promise.race([
+            Promise.resolve(gate.request(request)),
+            timeout,
+        ]);
+        return result;
+    }
+    finally {
+        if (timer !== undefined)
+            clearTimeout(timer);
+    }
+}
+//# sourceMappingURL=two-key.js.map

package/dist/gate/two-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-key.js","sourceRoot":"","sources":["../../src/gate/two-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;AA+C7B;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,EAEyE;IAEzE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AACzB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAM,GAAG,6BAA6B;IACxE,OAAO;QACL,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;KAChD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS;IACvB,OAAO,KAAK,GAAG,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAA8B,EAC9B,OAAoC;IAEpC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC;IACrC,IAAI,KAAgD,CAAC;IACrD,MAAM,OAAO,GAAG,IAAI,OAAO,CAA+B,CAAC,OAAO,EAAE,EAAE;QACpE,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YACtB,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACrD,CAAC,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YAChC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtC,OAAO;SACR,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,IAAI,KAAK,KAAK,SAAS;YAAE,YAAY,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;AACH,CAAC"}

package/dist/gate/types.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Gate types. SPEC §4.
+ */
+import type { ModelAttribution } from '../types.js';
+export type GateGranularity = 'tool' | 'toolkit' | 'category';
+export type GateDecision = 'allow' | 'allow_session' | 'allow_forever' | 'deny' | 'ban_forever';
+export interface GateRequest {
+    event_id: string;
+    tool_name: string;
+    tool_args: Record<string, unknown>;
+    agent_id: string;
+    session_id: string;
+    model?: ModelAttribution;
+    context?: string;
+    granularity: GateGranularity;
+    timeout_ms?: number;
+}
+export interface GateResponse {
+    decision: GateDecision;
+    reason?: string;
+    operator_id?: string;
+    granularity: GateGranularity;
+}
+export type ApprovalGate = (request: GateRequest) => Promise<GateResponse> | GateResponse;
+//# sourceMappingURL=types.d.ts.map

package/dist/gate/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/gate/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpD,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAE9D,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,eAAe,GAAG,eAAe,GAAG,MAAM,GAAG,aAAa,CAAC;AAEhG,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,eAAe,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,eAAe,CAAC;CAC9B;AAED,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC"}

package/dist/gate/types.js

@@ -0,0 +1,5 @@
+/**
+ * Gate types. SPEC §4.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/gate/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/gate/types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/index.d.ts

@@ -0,0 +1,33 @@
+/**
+ * @flowdot.ai/guardian-agent — public API surface.
+ * SPEC: see flowdot-llc/guardian-agent/SPEC.md (v0.2.0).
+ */
+export declare const VERSION: "0.1.0";
+export { SPEC_VERSION } from './types.js';
+export { GuardianRuntime } from './runtime/runtime.js';
+export type { GuardianRuntimeOptions, ToolOptions } from './runtime/runtime.js';
+export { defineHoneytokenSet, matchPhantomTool, matchHoneytokenInArgs, checkHoneytoken, } from './runtime/honeytokens.js';
+export type { Honeytoken, HoneytokenSet, HoneytokenHit } from './runtime/honeytokens.js';
+export { CapabilityWindow } from './runtime/capability.js';
+export type { CapabilityClass, CapabilityRule, CapabilityEvent, CapabilityMatch, CapabilityWindowOptions, } from './runtime/capability.js';
+export { MultiRateLimiter, DEFAULT_BUCKETS } from './runtime/multi-rate-limiter.js';
+export type { BucketConfig, MultiRateLimiterOptions, ConsumeAllowed, ConsumeDenied, ConsumeResult, } from './runtime/multi-rate-limiter.js';
+export { AuditLogWriter, AuditLogReader, GENESIS_HASH, computeRecordHash, canonicalJsonStringify, canonicalizeForHash, generateEd25519KeyPair, loadPrivateKey, loadPublicKey, signRecord, verifyRecord, SIGNATURE_PREFIX, httpAttestor, nullAttestor, payloadFromRecord, analyzeAgent, analyzeMultiAgent, compareToBaseline, mean, stddev, correlate, summarizeSessions, findOverlappingSessions, findArgsHashCollisions, findSequenceSimilarity, } from './audit/index.js';
+export type { AuditLogWriterOptions, Ed25519KeyPair, Attestor, AttestationPayload, AttestationReceipt, HttpAttestorOptions, AgentProfile, Deviation, DeviationReport, CompareOptions, AuditSource, SessionSummary, CorrelationMatch, CorrelationOptions, } from './audit/index.js';
+export { EStopLocal } from './estop/local.js';
+export type { EStopLocalOptions } from './estop/local.js';
+export { HeartbeatMonitor } from './estop/heartbeat.js';
+export type { HeartbeatMonitorOptions } from './estop/heartbeat.js';
+export type { EStopState, EStopPressOptions, EStopClearOptions, EStopPressResult, EStopClearResult, } from './estop/types.js';
+export { CLASSIC_FOUR, FLOWDOT_FIVE, defineGateOptionSet, findOption, resolveOption, } from './gate/options.js';
+export type { GateOption, GateOptionSet } from './gate/options.js';
+export { callbackOperatorGate, denyAllOperatorGate, newGateId, awaitWithTimeout, } from './gate/two-key.js';
+export type { OperatorConfirmationGate, OperatorConfirmationRequest, OperatorConfirmationResponse, } from './gate/two-key.js';
+export { flatGlobMatch, matchAttributionPath, renderAttributionPath, ATTRIBUTION_MISSING_SEGMENT, } from './policy/attribution.js';
+export type { PolicyWhen } from './policy/types.js';
+export type { Notifier, NotificationEvent, NotificationKind } from './notify/types.js';
+export { consoleNotifier, webhookNotifier, multiNotifier } from './notify/index.js';
+export type { ConsoleNotifierOptions, WebhookNotifierOptions, MultiNotifierOptions, } from './notify/index.js';
+export type { ModelAttribution, AuditRecord, AuditRecordKind, AuditRecordStatus, AuditRecordInitiator, } from './types.js';
+export { GuardianHaltedError, GuardianConfigError, GuardianIntegrityError, } from './errors.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,eAAO,MAAM,OAAO,EAAG,OAAgB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG1C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,YAAY,EAAE,sBAAsB,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAChF,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzF,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,YAAY,EACV,eAAe,EACf,cAAc,EACd,eAAe,EACf,eAAe,EACf,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AACpF,YAAY,EACV,YAAY,EACZ,uBAAuB,EACvB,cAAc,EACd,aAAa,EACb,aAAa,GACd,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EACL,cAAc,EACd,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,aAAa,EACb,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,IAAI,EACJ,MAAM,EACN,SAAS,EACT,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,qBAAqB,EACrB,cAAc,EACd,QAAQ,EACR,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,YAAY,EACZ,SAAS,EACT,eAAe,EACf,cAAc,EACd,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,YAAY,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EACV,UAAU,EACV,iBAAiB,EACjB,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,wBAAwB,EACxB,2BAA2B,EAC3B,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAGpD,YAAY,EAAE,QAAQ,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACpF,YAAY,EACV,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAG3B,YAAY,EACV,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,26 @@
+/**
+ * @flowdot.ai/guardian-agent — public API surface.
+ * SPEC: see flowdot-llc/guardian-agent/SPEC.md (v0.2.0).
+ */
+export const VERSION = '0.1.0';
+export { SPEC_VERSION } from './types.js';
+// runtime
+export { GuardianRuntime } from './runtime/runtime.js';
+export { defineHoneytokenSet, matchPhantomTool, matchHoneytokenInArgs, checkHoneytoken, } from './runtime/honeytokens.js';
+export { CapabilityWindow } from './runtime/capability.js';
+export { MultiRateLimiter, DEFAULT_BUCKETS } from './runtime/multi-rate-limiter.js';
+// audit
+export { AuditLogWriter, AuditLogReader, GENESIS_HASH, computeRecordHash, canonicalJsonStringify, canonicalizeForHash, generateEd25519KeyPair, loadPrivateKey, loadPublicKey, signRecord, verifyRecord, SIGNATURE_PREFIX, httpAttestor, nullAttestor, payloadFromRecord, analyzeAgent, analyzeMultiAgent, compareToBaseline, mean, stddev, correlate, summarizeSessions, findOverlappingSessions, findArgsHashCollisions, findSequenceSimilarity, } from './audit/index.js';
+// estop
+export { EStopLocal } from './estop/local.js';
+export { HeartbeatMonitor } from './estop/heartbeat.js';
+// gate option sets (custom + the FlowDot defaults)
+export { CLASSIC_FOUR, FLOWDOT_FIVE, defineGateOptionSet, findOption, resolveOption, } from './gate/options.js';
+// two-key operator authorization (v0.9 / SPEC §4.5)
+export { callbackOperatorGate, denyAllOperatorGate, newGateId, awaitWithTimeout, } from './gate/two-key.js';
+// policy attribution path matching (model/provider/aggregator/surface globs)
+export { flatGlobMatch, matchAttributionPath, renderAttributionPath, ATTRIBUTION_MISSING_SEGMENT, } from './policy/attribution.js';
+export { consoleNotifier, webhookNotifier, multiNotifier } from './notify/index.js';
+// errors
+export { GuardianHaltedError, GuardianConfigError, GuardianIntegrityError, } from './errors.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG,OAAgB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,UAAU;AACV,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAQ3D,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AASpF,QAAQ;AACR,OAAO,EACL,cAAc,EACd,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,aAAa,EACb,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,IAAI,EACJ,MAAM,EACN,SAAS,EACT,iBAAiB,EACjB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAkB1B,QAAQ;AACR,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAUxD,mDAAmD;AACnD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,UAAU,EACV,aAAa,GACd,MAAM,mBAAmB,CAAC;AAG3B,oDAAoD;AACpD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAO3B,6EAA6E;AAC7E,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAC;AAKjC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAgBpF,SAAS;AACT,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,aAAa,CAAC"}

package/dist/notify/console.d.ts

@@ -0,0 +1,13 @@
+/**
+ * consoleNotifier — writes notification events to stderr (or a configured stream).
+ * SPEC §6.3.
+ */
+import type { Notifier } from './types.js';
+export interface ConsoleNotifierOptions {
+    /** Where to write. Defaults to process.stderr. */
+    stream?: NodeJS.WritableStream;
+    /** Prefix prepended to every line. Defaults to "[guardian]". */
+    prefix?: string;
+}
+export declare function consoleNotifier(options?: ConsoleNotifierOptions): Notifier;
+//# sourceMappingURL=console.d.ts.map

package/dist/notify/console.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"console.d.ts","sourceRoot":"","sources":["../../src/notify/console.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAqB,MAAM,YAAY,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC,cAAc,CAAC;IAC/B,gEAAgE;IAChE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,eAAe,CAAC,OAAO,GAAE,sBAA2B,GAAG,QAAQ,CAQ9E"}