npm - @forg3t/sdk - Versions diffs - 0.1.3 → 0.1.4 - Mend

@forg3t/sdk 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,17 +17,42 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  AccessLevel: () => AccessLevel,
+  DEFAULT_WHITEBOX_QUALITY_GATE_POLICY: () => DEFAULT_WHITEBOX_QUALITY_GATE_POLICY,
+  ENTERPRISE_STRICT_QUALITY_GATE_POLICY: () => ENTERPRISE_STRICT_QUALITY_GATE_POLICY,
   Forg3tApiConnectionError: () => Forg3tApiConnectionError,
   Forg3tAuthenticationError: () => Forg3tAuthenticationError,
   Forg3tClient: () => Forg3tClient,
   Forg3tError: () => Forg3tError,
   Forg3tNotFoundError: () => Forg3tNotFoundError,
-  Forg3tRateLimitError: () => Forg3tRateLimitError
+  Forg3tNotImplementedError: () => Forg3tNotImplementedError,
+  Forg3tRateLimitError: () => Forg3tRateLimitError,
+  HttpTrainingAdapter: () => HttpTrainingAdapter,
+  IntegrationMode: () => IntegrationMode,
+  IntegrationType: () => IntegrationType,
+  LocalCommandTrainingAdapter: () => LocalCommandTrainingAdapter,
+  WHITEBOX_QUALITY_GATE_PRESETS: () => WHITEBOX_QUALITY_GATE_PRESETS,
+  WHITEBOX_QUALITY_GATE_PRESET_EXPLANATIONS: () => WHITEBOX_QUALITY_GATE_PRESET_EXPLANATIONS,
+  WhiteboxWorker: () => WhiteboxWorker,
+  assertDeploymentCompatibility: () => assertDeploymentCompatibility,
+  buildModelUnlearningPayload: () => buildModelUnlearningPayload,
+  buildWhiteboxWorkerOptions: () => buildWhiteboxWorkerOptions,
+  createNativeTrainingAdapter: () => createNativeTrainingAdapter,
+  evaluateWhiteboxQualityGate: () => evaluateWhiteboxQualityGate,
+  resolveWhiteboxQualityGatePolicy: () => resolveWhiteboxQualityGatePolicy
 });
 module.exports = __toCommonJS(index_exports);
@@ -64,18 +91,39 @@ var Forg3tApiConnectionError = class extends Forg3tError {
     this.name = "Forg3tApiConnectionError";
   }
 };
+var Forg3tNotImplementedError = class extends Forg3tError {
+  constructor(message, endpoint, requestId) {
+    super(
+      `Endpoint not implemented: ${endpoint || "unknown"}`,
+      501,
+      "NOT_IMPLEMENTED",
+      requestId,
+      { endpoint }
+    );
+    this.name = "Forg3tNotImplementedError";
+  }
+};
 // src/transport.ts
 var Transport = class {
   constructor(config) {
-    this.baseUrl = config.baseUrl || typeof process !== "undefined" && process.env.FORG3T_API_URL || "";
+    const rawBaseUrl = config.baseUrl || typeof process !== "undefined" && process.env.FORG3T_API_URL || "";
+    this.baseUrl = String(rawBaseUrl).trim();
     if (!this.baseUrl) {
       throw new Error("Forg3tClient: apiUrl option or FORG3T_API_URL environment variable is required");
     }
+    if (!/^https?:\/\//i.test(this.baseUrl)) {
+      throw new Error("Forg3tClient: apiUrl must be an absolute http(s) URL");
+    }
     if (this.baseUrl.endsWith("/")) {
       this.baseUrl = this.baseUrl.slice(0, -1);
     }
-    this.apiKey = config.apiKey || (typeof process !== "undefined" ? process.env.FORG3T_API_KEY : void 0);
+    const rawApiKey = config.apiKey || (typeof process !== "undefined" ? process.env.FORG3T_API_KEY : void 0);
+    const apiKey = typeof rawApiKey === "string" ? rawApiKey.trim() : rawApiKey;
+    this.apiKey = apiKey || void 0;
+    const rawBearerToken = config.bearerToken || (typeof process !== "undefined" ? process.env.FORG3T_BEARER_TOKEN : void 0);
+    const bearerToken = typeof rawBearerToken === "string" ? rawBearerToken.trim() : rawBearerToken;
+    this.bearerToken = bearerToken || void 0;
     this.timeoutMs = config.timeoutMs || 3e4;
   }
   getBaseUrl() {
@@ -91,8 +139,11 @@ var Transport = class {
     if (this.apiKey) {
       headers["x-api-key"] = this.apiKey;
     }
+    if (this.bearerToken && !headers.Authorization) {
+      headers.Authorization = `Bearer ${this.bearerToken}`;
+    }
     if (requestId) {
-      headers["x-request-id"] = requestId;
+      headers["x-correlation-id"] = requestId;
     }
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
@@ -105,7 +156,7 @@ var Transport = class {
         // Add the abort signal
       });
       clearTimeout(timeoutId);
-      const responseRequestId = response.headers.get("x-request-id") || requestId;
+      const responseRequestId = response.headers.get("x-correlation-id") || response.headers.get("x-request-id") || requestId;
       if (!response.ok) {
         let errorData = {};
         try {
@@ -143,7 +194,8 @@ var Transport = class {
       if (error instanceof Error && error.name === "AbortError") {
         throw new Forg3tApiConnectionError(`Request timeout after ${this.timeoutMs}ms`);
       }
-      throw new Forg3tApiConnectionError(error instanceof Error ? error.message : "Network error");
+      const detail = error instanceof Error ? error.message : "Network error";
+      throw new Forg3tApiConnectionError(`Request failed for ${url}: ${detail}`);
     }
   }
   async download(url, requestId) {
@@ -154,6 +206,9 @@ var Transport = class {
     if (this.apiKey) {
       headers["x-api-key"] = this.apiKey;
     }
+    if (this.bearerToken && !headers.Authorization) {
+      headers.Authorization = `Bearer ${this.bearerToken}`;
+    }
     if (requestId) {
       headers["x-request-id"] = requestId;
     }
@@ -202,7 +257,8 @@ var Transport = class {
       if (error instanceof Error && error.name === "AbortError") {
         throw new Forg3tApiConnectionError(`Download timeout after ${this.timeoutMs}ms`);
       }
-      throw new Forg3tApiConnectionError(error instanceof Error ? error.message : "Network error");
+      const detail = error instanceof Error ? error.message : "Network error";
+      throw new Forg3tApiConnectionError(`Download failed for ${url}: ${detail}`);
     }
   }
   async requestRaw(path, options = {}, requestId) {
@@ -215,6 +271,9 @@ var Transport = class {
     if (this.apiKey) {
       headers["x-api-key"] = this.apiKey;
     }
+    if (this.bearerToken && !headers.Authorization) {
+      headers.Authorization = `Bearer ${this.bearerToken}`;
+    }
     if (requestId) {
       headers["x-request-id"] = requestId;
     }
@@ -238,7 +297,8 @@ var Transport = class {
       if (error instanceof Error && error.name === "AbortError") {
         throw new Forg3tApiConnectionError(`Request timeout after ${this.timeoutMs}ms`);
       }
-      throw new Forg3tApiConnectionError(error instanceof Error ? error.message : "Network error");
+      const detail = error instanceof Error ? error.message : "Network error";
+      throw new Forg3tApiConnectionError(`Raw request failed for ${url}: ${detail}`);
     }
   }
 };
@@ -249,9 +309,31 @@ var Forg3tClient = class {
     this.transport = new Transport({
       baseUrl: options.apiUrl,
       apiKey: options.apiKey,
+      bearerToken: options.bearerToken,
       timeoutMs: options.timeoutMs
     });
   }
+  // --- Authentication ---
+  /**
+   * Get the current user context and their default project.
+   * Used by the Admin Dashboard for bootstrap and session verification.
+   */
+  async getCurrentUser(requestId) {
+    return this.transport.request("/v1/me", { method: "GET" }, requestId);
+  }
+  /**
+   * Bootstraps a tenant for an authenticated dashboard user.
+   * Requires a bearer token from the user's session instead of an API key.
+   */
+  async bootstrapTenant(data, requestId) {
+    if (!data?.tenantName || typeof data.tenantName !== "string" || !data.tenantName.trim()) {
+      throw new Error("bootstrapTenant requires a non-empty tenantName.");
+    }
+    return this.transport.request("/v1/bootstrap/tenant", {
+      method: "POST",
+      body: JSON.stringify(data)
+    }, requestId);
+  }
   // --- Projects ---
   async getProjectOverview(projectId, requestId) {
     return this.transport.request(`/v1/projects/${projectId}/overview`, { method: "GET" }, requestId);
@@ -267,6 +349,42 @@ var Forg3tClient = class {
     if (filters.cursor) params.append("cursor", filters.cursor);
     return this.transport.request(`/v1/projects/${projectId}/audit?${params.toString()}`, { method: "GET" }, requestId);
   }
+  // --- Integrations ---
+  async listIntegrations(projectId, requestId) {
+    return this.transport.request(`/v1/projects/${projectId}/integrations`, { method: "GET" }, requestId);
+  }
+  async createIntegration(projectId, data, requestId) {
+    return this.transport.request(`/v1/projects/${projectId}/integrations`, {
+      method: "POST",
+      body: JSON.stringify(data)
+    }, requestId);
+  }
+  async testIntegration(projectId, integrationId, requestId) {
+    void projectId;
+    return this.transport.request(
+      `/v1/integrations/${integrationId}/test`,
+      { method: "POST" },
+      requestId
+    );
+  }
+  // --- Unlearning Requests ---
+  async createUnlearningRequest(projectId, data, requestId) {
+    this.assertCreateUnlearningRequest(data);
+    return this.transport.request(`/v1/projects/${projectId}/unlearning-requests`, {
+      method: "POST",
+      body: JSON.stringify(data)
+    }, requestId);
+  }
+  async listUnlearningRequests(projectId, requestId) {
+    return this.transport.request(`/v1/projects/${projectId}/unlearning-requests`, { method: "GET" }, requestId);
+  }
+  async getUnlearningRequest(projectId, unlearningRequestId, requestId) {
+    return this.transport.request(
+      `/v1/projects/${projectId}/unlearning-requests/${unlearningRequestId}`,
+      { method: "GET" },
+      requestId
+    );
+  }
   // --- API Keys ---
   async listApiKeys(projectId, requestId) {
     return this.transport.request(`/v1/projects/${projectId}/api-keys`, { method: "GET" }, requestId);
@@ -285,15 +403,48 @@ var Forg3tClient = class {
   }
   // --- Jobs ---
   async submitJob(projectId, data, requestId) {
+    const normalizedPayload = "payload" in data ? data.payload : {
+      claim: data.claim,
+      config: data.config
+    };
+    if (data.type === "MODEL_UNLEARN") {
+      this.assertModelUnlearnPreflight(normalizedPayload);
+    }
     const res = await this.transport.request(`/v1/projects/${projectId}/jobs`, {
       method: "POST",
-      body: JSON.stringify(data)
+      body: JSON.stringify({
+        type: data.type,
+        payload: normalizedPayload,
+        idempotencyKey: data.idempotencyKey
+      })
     }, requestId);
     return res;
   }
+  /**
+   * Creates a new job with deduplication support via an optional idempotency key.
+   * This wrapper cleanly exposes the core parameters for the production job queue.
+   */
+  async createJob(projectId, type, claim, config, idempotencyKey, requestId) {
+    return this.submitJob(projectId, { type, claim, config, idempotencyKey }, requestId);
+  }
   async getJob(projectId, jobId, requestId) {
     return this.transport.request(`/v1/projects/${projectId}/jobs/${jobId}`, { method: "GET" }, requestId);
   }
+  /**
+   * Polls the job status continuously until a terminal state (succeeded, failed, canceled) is reached,
+   * or the specified timeout limits are exceeded.
+   */
+  async pollJobStatus(projectId, jobId, timeoutMs = 3e5, pollIntervalMs = 2e3, requestId) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeoutMs) {
+      const job = await this.getJob(projectId, jobId, requestId);
+      if (job.status === "succeeded" || job.status === "failed" || job.status === "canceled") {
+        return job;
+      }
+      await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
+    }
+    throw new Error(`pollJobStatus timed out after ${timeoutMs}ms waiting for job ${jobId} to reach a terminal state.`);
+  }
   async listJobs(projectId, query, requestId) {
     const params = new URLSearchParams();
     if (query?.status) params.append("status", query.status);
@@ -307,20 +458,37 @@ var Forg3tClient = class {
       body: JSON.stringify(data)
     }, requestId);
   }
-  async heartbeatJob(projectId, jobId, requestId) {
-    return this.transport.request(`/v1/projects/${projectId}/jobs/${jobId}/heartbeat`, { method: "POST" }, requestId);
+  async heartbeatJob(projectId, jobId, optionsOrRequestId, requestId) {
+    const options = typeof optionsOrRequestId === "string" ? {} : optionsOrRequestId || {};
+    const resolvedRequestId = typeof optionsOrRequestId === "string" ? optionsOrRequestId : requestId;
+    return this.transport.request(`/v1/projects/${projectId}/jobs/${jobId}/heartbeat`, {
+      method: "POST",
+      body: JSON.stringify({
+        claimId: options.claimId
+      })
+    }, resolvedRequestId);
   }
-  async completeJob(projectId, jobId, result, requestId) {
+  async completeJob(projectId, jobId, result, optionsOrRequestId, requestId) {
+    const options = typeof optionsOrRequestId === "string" ? {} : optionsOrRequestId || {};
+    const resolvedRequestId = typeof optionsOrRequestId === "string" ? optionsOrRequestId : requestId;
     return this.transport.request(`/v1/projects/${projectId}/jobs/${jobId}/complete`, {
       method: "POST",
-      body: JSON.stringify(result)
-    }, requestId);
+      body: JSON.stringify({
+        ...result,
+        claimId: options.claimId || result.claimId
+      })
+    }, resolvedRequestId);
   }
-  async failJob(projectId, jobId, error, requestId) {
+  async failJob(projectId, jobId, error, optionsOrRequestId, requestId) {
+    const options = typeof optionsOrRequestId === "string" ? {} : optionsOrRequestId || {};
+    const resolvedRequestId = typeof optionsOrRequestId === "string" ? optionsOrRequestId : requestId;
     return this.transport.request(`/v1/projects/${projectId}/jobs/${jobId}/fail`, {
       method: "POST",
-      body: JSON.stringify(error)
-    }, requestId);
+      body: JSON.stringify({
+        ...error,
+        claimId: options.claimId || error.claimId
+      })
+    }, resolvedRequestId);
   }
   async listDeadJobs(projectId, requestId) {
     return this.transport.request(`/v1/projects/${projectId}/jobs/dead`, { method: "GET" }, requestId);
@@ -330,7 +498,20 @@ var Forg3tClient = class {
   }
   // --- Evidence ---
   async getEvidence(jobId, requestId) {
-    return this.transport.request(`/v1/jobs/evidence/${jobId}`, { method: "GET" }, requestId);
+    try {
+      return await this.transport.request(`/v1/jobs/${jobId}/evidence`, { method: "GET" }, requestId);
+    } catch (error) {
+      if (error instanceof Forg3tNotFoundError) {
+        return this.transport.request(`/v1/jobs/evidence/${jobId}`, { method: "GET" }, requestId);
+      }
+      throw error;
+    }
+  }
+  async getEvidenceJson(jobId, requestId) {
+    return this.transport.request(`/v1/jobs/${jobId}/evidence.json`, { method: "GET" }, requestId);
+  }
+  async getArtifactDownloadUrl(projectId, jobId, filename, requestId) {
+    return this.transport.request(`/v1/projects/${projectId}/jobs/${jobId}/artifacts/${filename}/download`, { method: "GET" }, requestId);
   }
   async getEvidencePdf(jobId, options) {
     const response = await this.transport.requestRaw(`/v1/jobs/${jobId}/evidence.pdf`, { method: "GET" });
@@ -354,26 +535,24 @@ var Forg3tClient = class {
     return result;
   }
   async savePdfToFile(data, filePath) {
-    if (typeof global !== "undefined" && typeof require !== "undefined") {
-      try {
-        const fs = require("fs");
-        const path = require("path");
-        const dir = path.dirname(filePath);
-        if (!fs.existsSync(dir)) {
-          fs.mkdirSync(dir, { recursive: true });
-        }
-        fs.writeFileSync(filePath, Buffer.from(data));
-      } catch (error) {
-        console.error("Failed to save PDF to file:", error);
-        throw error;
-      }
-    } else {
+    const isNode = typeof process !== "undefined" && typeof process.versions?.node === "string";
+    if (!isNode) {
       throw new Error("File saving is only supported in Node.js environment");
     }
+    try {
+      const fs = await import("fs/promises");
+      const path = await import("path");
+      const dir = path.dirname(filePath);
+      await fs.mkdir(dir, { recursive: true });
+      await fs.writeFile(filePath, data);
+    } catch (error) {
+      console.error("Failed to save PDF to file:", error);
+      throw error;
+    }
   }
   /**
    * @deprecated The current Control Plane version does not support direct artifact downloads.
-   * Please use getEvidence() to retrieve the artifact metadata and content.
+   * Please use getArtifactDownloadUrl(), getEvidencePdf(), or getEvidenceJson().
    */
   async downloadEvidenceArtifact(_jobId, _requestId) {
     throw new Error("Artifact download not supported by current API version. Use getEvidence() to retrieve content.");
@@ -444,13 +623,905 @@ var Forg3tClient = class {
       body: JSON.stringify(result)
     }, requestId);
   }
+  assertCreateUnlearningRequest(data) {
+    if (!data.target?.value?.trim()) {
+      throw new Error("createUnlearningRequest: target.value is required.");
+    }
+    if (typeof data.target.aliases !== "undefined") {
+      if (!Array.isArray(data.target.aliases) || data.target.aliases.some((alias) => typeof alias !== "string" || !alias.trim())) {
+        throw new Error("createUnlearningRequest: target.aliases must be an array of non-empty strings when provided.");
+      }
+    }
+    if (data.accessLevel === "layer_a_only") {
+      const target = data.execution?.target;
+      if (!target) {
+        throw new Error("createUnlearningRequest: execution.target is required for layer_a_only.");
+      }
+      if ((target.provider === "openai" || target.provider === "groq") && !target.model?.trim()) {
+        throw new Error(`createUnlearningRequest: execution.target.model is required when provider=${target.provider}.`);
+      }
+      if ((target.provider === "http_generic" || target.provider === "custom") && !target.endpoint?.trim()) {
+        throw new Error(`createUnlearningRequest: execution.target.endpoint is required when provider=${target.provider}.`);
+      }
+    }
+    if (data.accessLevel === "layer_a_and_b") {
+      if (!data.execution?.model?.uri?.trim()) {
+        throw new Error("createUnlearningRequest: execution.model.uri is required for layer_a_and_b.");
+      }
+      const targetTokenIds = data.execution?.plan?.hyperparameters?.target_token_ids;
+      const tokenizerUri = data.execution?.model?.metadata?.tokenizer_uri;
+      const localizationMode = String(
+        data.execution?.plan?.hyperparameters?.localization_mode || data.execution?.plan?.hyperparameters?.localizationMode || ""
+      ).trim().toLowerCase();
+      const allowMissingLocalization = String(process.env.FORG3T_ALLOW_MODEL_UNLEARN_WITHOUT_LOCALIZATION_INPUT || "").toLowerCase() === "true";
+      const hasTokenIds = Array.isArray(targetTokenIds) && targetTokenIds.some((value) => Number.isInteger(value) && Number(value) >= 0);
+      const hasTokenizer = typeof tokenizerUri === "string" && tokenizerUri.trim().length > 0;
+      if (localizationMode === "explicit_token_ids" && !hasTokenIds) {
+        throw new Error("createUnlearningRequest: localization_mode=explicit_token_ids requires target token IDs.");
+      }
+      if (localizationMode === "tokenizer_auto" && !hasTokenizer) {
+        throw new Error("createUnlearningRequest: localization_mode=tokenizer_auto requires execution.model.metadata.tokenizer_uri.");
+      }
+      if (localizationMode === "hybrid") {
+        if (!hasTokenIds) {
+          throw new Error("createUnlearningRequest: localization_mode=hybrid requires target token IDs.");
+        }
+        if (!hasTokenizer) {
+          throw new Error("createUnlearningRequest: localization_mode=hybrid requires execution.model.metadata.tokenizer_uri.");
+        }
+      }
+      if (!allowMissingLocalization && !hasTokenIds && !hasTokenizer) {
+        throw new Error(
+          "createUnlearningRequest: layer_a_and_b requires localization input. Provide target token IDs (execution.plan.hyperparameters.target_token_ids) or tokenizer URI (execution.model.metadata.tokenizer_uri)."
+        );
+      }
+    }
+  }
+  assertModelUnlearnPreflight(payload) {
+    if (!payload || typeof payload !== "object") {
+      throw new Error("MODEL_UNLEARN preflight failed: payload must be an object.");
+    }
+    const asRecord = payload;
+    const config = asRecord.config && typeof asRecord.config === "object" && !Array.isArray(asRecord.config) ? asRecord.config : null;
+    if (!config) {
+      throw new Error("MODEL_UNLEARN preflight failed: payload.config is required.");
+    }
+    const targetConfig = config.target_config && typeof config.target_config === "object" && !Array.isArray(config.target_config) ? config.target_config : null;
+    const parameters = config.parameters && typeof config.parameters === "object" && !Array.isArray(config.parameters) ? config.parameters : null;
+    const modelFromTargetConfig = targetConfig?.model && typeof targetConfig.model === "object" && !Array.isArray(targetConfig.model) ? targetConfig.model : null;
+    const modelFromParameters = parameters?.model && typeof parameters.model === "object" && !Array.isArray(parameters.model) ? parameters.model : null;
+    const model = modelFromParameters || modelFromTargetConfig;
+    const modelUri = typeof model?.uri === "string" ? model.uri.trim() : "";
+    if (!modelUri) {
+      throw new Error("MODEL_UNLEARN preflight failed: config.target_config.model.uri (or config.parameters.model.uri) is required.");
+    }
+    const target = parameters?.target && typeof parameters.target === "object" && !Array.isArray(parameters.target) ? parameters.target : null;
+    const tokenIds = target?.tokenIds;
+    const hasTokenIds = Array.isArray(tokenIds) && tokenIds.some((value) => Number.isInteger(value) && Number(value) >= 0);
+    const tokenizerFromTargetConfig = targetConfig?.tokenizer && typeof targetConfig.tokenizer === "object" && !Array.isArray(targetConfig.tokenizer) ? targetConfig.tokenizer : null;
+    const tokenizerFromParameters = parameters?.tokenizer && typeof parameters.tokenizer === "object" && !Array.isArray(parameters.tokenizer) ? parameters.tokenizer : null;
+    const tokenizerFromModel = model?.tokenizer && typeof model.tokenizer === "object" && !Array.isArray(model.tokenizer) ? model.tokenizer : null;
+    const tokenizerCandidates = [
+      tokenizerFromTargetConfig?.uri,
+      tokenizerFromParameters?.uri,
+      parameters?.tokenizer_uri,
+      model?.tokenizer_uri,
+      tokenizerFromModel?.uri
+    ];
+    const hasTokenizerUri = tokenizerCandidates.some((candidate) => typeof candidate === "string" && candidate.trim().length > 0);
+    const allowMissingLocalization = String(process.env.FORG3T_ALLOW_MODEL_UNLEARN_WITHOUT_LOCALIZATION_INPUT || "").toLowerCase() === "true";
+    if (!allowMissingLocalization && !hasTokenIds && !hasTokenizerUri) {
+      throw new Error(
+        "MODEL_UNLEARN preflight failed: missing localization input. Provide config.parameters.target.tokenIds or a tokenizer URI in config.target_config.tokenizer.uri / config.parameters.tokenizer.uri / config.parameters.tokenizer_uri / model.tokenizer_uri."
+      );
+    }
+  }
+};
+// src/types.ts
+var IntegrationType = /* @__PURE__ */ ((IntegrationType2) => {
+  IntegrationType2["SLACK"] = "slack";
+  IntegrationType2["CONFLUENCE"] = "confluence";
+  IntegrationType2["GOOGLE_DRIVE"] = "google_drive";
+  IntegrationType2["ZENDESK"] = "zendesk";
+  IntegrationType2["NOTION"] = "notion";
+  IntegrationType2["LANGCHAIN"] = "langchain";
+  IntegrationType2["OPENROUTER"] = "openrouter";
+  IntegrationType2["OPENAI"] = "openai";
+  IntegrationType2["CUSTOM"] = "custom";
+  return IntegrationType2;
+})(IntegrationType || {});
+var IntegrationMode = /* @__PURE__ */ ((IntegrationMode2) => {
+  IntegrationMode2["MODE_A_BLACKBOX"] = "mode_a_blackbox";
+  IntegrationMode2["MODE_B_WHITEBOX"] = "mode_b_whitebox";
+  return IntegrationMode2;
+})(IntegrationMode || {});
+var AccessLevel = /* @__PURE__ */ ((AccessLevel2) => {
+  AccessLevel2["LAYER_A_ONLY"] = "layer_a_only";
+  AccessLevel2["LAYER_A_AND_B"] = "layer_a_and_b";
+  return AccessLevel2;
+})(AccessLevel || {});
+// src/whitebox.ts
+var crypto = __toESM(require("crypto"));
+// src/quality-gate.ts
+var WHITEBOX_QUALITY_GATE_PRESETS = {
+  balanced: {
+    requireEvaluation: false,
+    maxLeakScore: 0.05,
+    allowedVerdicts: ["PASS", "REVIEW"],
+    minChangedTensorCount: 1,
+    minChangedParamCount: 1,
+    requireModelHashTransition: true,
+    requireLocalization: false,
+    minLocalizationTokenCoverage: 0.5,
+    minLocalizedParamCount: 1,
+    minLocalizationConfidence: 0.6
+  },
+  strict: {
+    requireEvaluation: true,
+    maxLeakScore: 0.03,
+    allowedVerdicts: ["PASS"],
+    minChangedTensorCount: 1,
+    minChangedParamCount: 1,
+    requireModelHashTransition: true,
+    requireLocalization: true,
+    minLocalizationTokenCoverage: 0.5,
+    minLocalizedParamCount: 1,
+    minLocalizationConfidence: 0.6
+  }
+};
+var WHITEBOX_QUALITY_GATE_PRESET_EXPLANATIONS = {
+  balanced: "Balanced gate for faster rollout. Allows PASS/REVIEW and can run without evaluator output.",
+  strict: "Strict gate for production. Requires evaluator output, localization evidence, and PASS verdict only."
+};
+var DEFAULT_WHITEBOX_QUALITY_GATE_POLICY = {
+  requireEvaluation: false,
+  maxLeakScore: 0.05,
+  allowedVerdicts: ["PASS", "REVIEW"],
+  minChangedTensorCount: 1,
+  minChangedParamCount: 1,
+  requireModelHashTransition: true,
+  requireLocalization: false,
+  minLocalizationTokenCoverage: 0.5,
+  minLocalizedParamCount: 1,
+  minLocalizationConfidence: 0.6
+};
+var resolveWhiteboxQualityGatePolicy = (preset = "balanced", overrides) => {
+  return {
+    ...WHITEBOX_QUALITY_GATE_PRESETS[preset],
+    ...overrides || {}
+  };
+};
+var evaluateWhiteboxQualityGate = (unlearning, evaluation, policyOverrides) => {
+  const policy = {
+    ...resolveWhiteboxQualityGatePolicy("balanced"),
+    ...policyOverrides || {}
+  };
+  const reasons = [];
+  const changedTensors = Number(unlearning.changedTensorCount || 0);
+  const changedParams = Number(unlearning.changedParamCount || 0);
+  const minChangedTensors = Number(policy.minChangedTensorCount || 0);
+  const minChangedParams = Number(policy.minChangedParamCount || 0);
+  if (changedTensors < minChangedTensors) {
+    reasons.push(`Changed tensor count ${changedTensors} is below minimum ${minChangedTensors}.`);
+  }
+  if (minChangedParams > 0 && changedParams < minChangedParams) {
+    reasons.push(`Changed parameter count ${changedParams} is below minimum ${minChangedParams}.`);
+  }
+  if (policy.requireModelHashTransition) {
+    const before = (unlearning.modelBeforeSha256 || "").trim();
+    const after = (unlearning.modelAfterSha256 || "").trim();
+    if (!before || !after) {
+      reasons.push("Model hash transition is required but before/after hash is missing.");
+    } else if (before === after) {
+      reasons.push("Model hash did not change after unlearning.");
+    }
+  }
+  if (policy.requireEvaluation && !evaluation) {
+    reasons.push("Evaluation output is required but missing.");
+  }
+  if (policy.requireLocalization) {
+    const localization = unlearning.localization;
+    if (!localization) {
+      reasons.push("Localization output is required but missing.");
+    } else {
+      const tokenCoverage = Number(localization.tokenCoverage);
+      if (!Number.isFinite(tokenCoverage) || tokenCoverage < 0 || tokenCoverage > 1) {
+        reasons.push("Localization tokenCoverage must be a finite number in [0, 1].");
+      } else if (tokenCoverage < Number(policy.minLocalizationTokenCoverage)) {
+        reasons.push(
+          `Localization tokenCoverage ${tokenCoverage} is below minimum ${policy.minLocalizationTokenCoverage}.`
+        );
+      }
+      const localizedParamCount = Number(localization.localizedParamCount || 0);
+      if (localizedParamCount < Number(policy.minLocalizedParamCount)) {
+        reasons.push(
+          `Localization localizedParamCount ${localizedParamCount} is below minimum ${policy.minLocalizedParamCount}.`
+        );
+      }
+      const confidence = Number(localization.confidence);
+      if (!Number.isFinite(confidence) || confidence < 0 || confidence > 1) {
+        reasons.push("Localization confidence must be a finite number in [0, 1].");
+      } else if (confidence < Number(policy.minLocalizationConfidence)) {
+        reasons.push(
+          `Localization confidence ${confidence} is below minimum ${policy.minLocalizationConfidence}.`
+        );
+      }
+    }
+  }
+  if (evaluation) {
+    const maxLeak = Number(policy.maxLeakScore);
+    if (!Number.isNaN(maxLeak) && evaluation.leakScore > maxLeak) {
+      reasons.push(`Leak score ${evaluation.leakScore} is above max ${maxLeak}.`);
+    }
+    const allowedVerdicts = policy.allowedVerdicts || [];
+    if (allowedVerdicts.length > 0 && !allowedVerdicts.includes(evaluation.finalVerdict)) {
+      reasons.push(`Final verdict ${evaluation.finalVerdict} is not allowed by policy.`);
+    }
+  }
+  return {
+    pass: reasons.length === 0,
+    reasons,
+    policy
+  };
+};
+// src/whitebox.ts
+var buildModelUnlearningPayload = (input) => {
+  return {
+    claim: input.claim,
+    config: {
+      target_adapter: input.targetAdapter || "CUSTOM_WHITEBOX_BACKEND",
+      target_config: {
+        model: input.model
+      },
+      sensitivity: input.sensitivity || "high",
+      parameters: {
+        target: input.target,
+        plan: input.plan,
+        ...input.extraParameters
+      }
+    }
+  };
+};
+var defaultLogger = {
+  info(message, meta) {
+    console.log(`[whitebox-worker] ${message}`, meta || {});
+  },
+  warn(message, meta) {
+    console.warn(`[whitebox-worker] ${message}`, meta || {});
+  },
+  error(message, meta) {
+    console.error(`[whitebox-worker] ${message}`, meta || {});
+  }
+};
+var safeErrorMessage = (error) => {
+  if (error instanceof Error) {
+    return error.message.slice(0, 500);
+  }
+  return String(error).slice(0, 500);
+};
+var toJobError = (error) => {
+  const message = safeErrorMessage(error);
+  const isValidationFailure = message.startsWith("VALIDATION_ERROR:") || message.startsWith("QUALITY_GATE_FAILED:") || message.startsWith("ADAPTER_OUTPUT_INVALID:");
+  return {
+    error: {
+      code: isValidationFailure ? "VALIDATION_ERROR" : "WORKER_ERROR",
+      message
+    }
+  };
+};
+var toClaim = (job) => {
+  const claim = job.payload?.claim;
+  if (!claim) {
+    throw new Error("VALIDATION_ERROR: job payload.claim is required.");
+  }
+  if (typeof claim.claim_payload !== "string" || !claim.claim_payload.trim()) {
+    throw new Error("VALIDATION_ERROR: job payload.claim.claim_payload must be a non-empty string.");
+  }
+  return {
+    claim_type: claim.claim_type || "CONCEPT",
+    claim_payload: claim.claim_payload,
+    scope: claim.scope || "global",
+    assertion: claim.assertion || "must_not_be_recalled"
+  };
+};
+var toConfig = (job) => {
+  const config = job.payload?.config;
+  if (!config) {
+    throw new Error("VALIDATION_ERROR: job payload.config is required.");
+  }
+  return {
+    target_adapter: config.target_adapter || "CUSTOM_WHITEBOX_BACKEND",
+    target_config: config.target_config || {},
+    sensitivity: config.sensitivity || "high",
+    parameters: config.parameters || {}
+  };
+};
+var resolveModel = (config) => {
+  const modelFromTargetConfig = config.target_config?.model;
+  const modelFromParameters = config.parameters?.model;
+  const model = modelFromParameters || modelFromTargetConfig;
+  if (!model || !model.uri) {
+    throw new Error("MODEL_UNLEARN job missing model URI in config.target_config.model or config.parameters.model");
+  }
+  return model;
+};
+var resolveTarget = (claim, config) => {
+  const targetFromParameters = config.parameters?.target;
+  if (targetFromParameters) {
+    return targetFromParameters;
+  }
+  return {
+    text: claim.claim_payload,
+    selector: {
+      claim_type: claim.claim_type,
+      scope: claim.scope
+    }
+  };
+};
+var resolvePlan = (config) => {
+  const planFromParameters = config.parameters?.plan;
+  if (planFromParameters?.method) {
+    return planFromParameters;
+  }
+  const fallbackMethod = typeof config.parameters?.method === "string" ? config.parameters.method : "gradient_surgery";
+  const fallbackHyperparams = config.parameters?.hyperparameters || {};
+  return {
+    method: fallbackMethod,
+    hyperparameters: fallbackHyperparams
+  };
+};
+var isNonArrayRecord = (value) => typeof value === "object" && value !== null && !Array.isArray(value);
+var resolveQualityGatePresetCandidate = (value) => {
+  if (typeof value !== "string") {
+    return void 0;
+  }
+  const normalized = value.trim().toLowerCase();
+  if (normalized === "strict" || normalized === "balanced") {
+    return normalized;
+  }
+  return void 0;
+};
+var resolvePerJobQualityGatePolicy = (workerPolicy, config, plan) => {
+  const configParams = isNonArrayRecord(config.parameters) ? config.parameters : {};
+  const planHyperparameters = isNonArrayRecord(plan.hyperparameters) ? plan.hyperparameters : {};
+  const preset = resolveQualityGatePresetCandidate(
+    planHyperparameters.quality_gate_preset || planHyperparameters.qualityGatePreset || configParams.quality_gate_preset || configParams.qualityGatePreset
+  );
+  const overrideFromPlan = isNonArrayRecord(planHyperparameters.quality_gate_policy) ? planHyperparameters.quality_gate_policy : isNonArrayRecord(planHyperparameters.qualityGatePolicy) ? planHyperparameters.qualityGatePolicy : {};
+  const overrideFromConfig = isNonArrayRecord(configParams.quality_gate_policy) ? configParams.quality_gate_policy : isNonArrayRecord(configParams.qualityGatePolicy) ? configParams.qualityGatePolicy : {};
+  const hasOverrides = Object.keys(overrideFromPlan).length > 0 || Object.keys(overrideFromConfig).length > 0;
+  if (!preset && !hasOverrides) {
+    return {
+      policy: workerPolicy,
+      preset: null
+    };
+  }
+  const presetPolicy = preset ? resolveWhiteboxQualityGatePolicy(preset) : workerPolicy;
+  return {
+    policy: {
+      ...presetPolicy,
+      ...overrideFromConfig,
+      ...overrideFromPlan
+    },
+    preset: preset || null
+  };
+};
+var assertUnlearningOutput = (value) => {
+  const updatedModel = value?.updatedModel;
+  if (!updatedModel || typeof updatedModel.uri !== "string" || !updatedModel.uri.trim()) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: updatedModel.uri must be a non-empty string.");
+  }
+  if (!Number.isFinite(value.changedTensorCount) || value.changedTensorCount < 0) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: changedTensorCount must be a finite number >= 0.");
+  }
+  if (typeof value.changedParamCount !== "undefined" && (!Number.isFinite(value.changedParamCount) || value.changedParamCount < 0)) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: changedParamCount must be a finite number >= 0 when provided.");
+  }
+  if (typeof value.metrics !== "undefined" && !isNonArrayRecord(value.metrics)) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: metrics must be an object when provided.");
+  }
+  if (typeof value.artifacts !== "undefined") {
+    if (!Array.isArray(value.artifacts)) {
+      throw new Error("ADAPTER_OUTPUT_INVALID: artifacts must be an array when provided.");
+    }
+    for (const artifact of value.artifacts) {
+      if (!artifact || typeof artifact.name !== "string" || typeof artifact.uri !== "string") {
+        throw new Error("ADAPTER_OUTPUT_INVALID: each artifact requires string name and uri.");
+      }
+    }
+  }
+};
+var assertEvaluationOutput = (value) => {
+  if (!value || !["PASS", "FAIL", "REVIEW"].includes(value.finalVerdict)) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: evaluation.finalVerdict must be PASS | FAIL | REVIEW.");
+  }
+  if (!Number.isFinite(value.leakScore) || value.leakScore < 0) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: evaluation.leakScore must be a finite number >= 0.");
+  }
+  if (typeof value.details !== "undefined" && !isNonArrayRecord(value.details)) {
+    throw new Error("ADAPTER_OUTPUT_INVALID: evaluation.details must be an object when provided.");
+  }
+};
+var sha256Hex = (value) => {
+  return crypto.createHash("sha256").update(value, "utf8").digest("hex");
+};
+var buildResultClaim = (claim, mode) => {
+  if (mode === "raw") {
+    return claim;
+  }
+  const base = {
+    claim_type: claim.claim_type,
+    scope: claim.scope,
+    assertion: claim.assertion
+  };
+  if (mode === "omit") {
+    return base;
+  }
+  const payload = typeof claim.claim_payload === "string" ? claim.claim_payload : "";
+  return {
+    ...base,
+    payload_hash: sha256Hex(payload),
+    claim_payload_sha256: sha256Hex(payload),
+    claim_payload_length: payload.length
+  };
+};
+var WhiteboxWorker = class {
+  constructor(client, adapter, options) {
+    this.client = client;
+    this.adapter = adapter;
+    this.options = options;
+    this.running = false;
+    this.loopPromise = null;
+    this.pollIntervalMs = options.pollIntervalMs ?? 2e3;
+    this.claimBatchSize = options.claimBatchSize ?? 1;
+    this.heartbeatIntervalMs = options.heartbeatIntervalMs ?? 2e4;
+    this.supportedJobTypes = options.supportedJobTypes ?? ["MODEL_UNLEARN"];
+    this.qualityGatePolicy = {
+      ...DEFAULT_WHITEBOX_QUALITY_GATE_POLICY,
+      ...options.qualityGatePolicy || {}
+    };
+    this.qualityGateOnFailure = options.qualityGateOnFailure || "fail_job";
+    this.resultClaimMode = options.resultClaimMode || "hash";
+    this.logger = options.logger ?? defaultLogger;
+  }
+  async start() {
+    if (this.running) {
+      return;
+    }
+    this.running = true;
+    this.logger.info("worker started", {
+      projectId: this.options.projectId,
+      adapter: this.adapter.name,
+      claimBatchSize: this.claimBatchSize
+    });
+    this.loopPromise = this.runLoop();
+  }
+  async stop() {
+    this.running = false;
+    if (this.loopPromise) {
+      await this.loopPromise;
+      this.loopPromise = null;
+    }
+    this.logger.info("worker stopped", { projectId: this.options.projectId });
+  }
+  async runOnce() {
+    const jobs = await this.client.claimJobs(this.options.projectId, {
+      limit: this.claimBatchSize,
+      types: this.supportedJobTypes
+    });
+    if (!jobs.length) {
+      return;
+    }
+    for (const job of jobs) {
+      await this.processClaimedJob(job);
+    }
+  }
+  async runLoop() {
+    while (this.running) {
+      try {
+        await this.runOnce();
+      } catch (error) {
+        this.logger.error("worker loop error", {
+          projectId: this.options.projectId,
+          error: safeErrorMessage(error)
+        });
+      }
+      await new Promise((resolve) => setTimeout(resolve, this.pollIntervalMs));
+    }
+  }
+  async processClaimedJob(job) {
+    const claimId = typeof job.lastClaimId === "string" ? job.lastClaimId : void 0;
+    if (!this.supportedJobTypes.includes(job.type)) {
+      this.logger.warn("unsupported job type claimed", {
+        jobId: job.id,
+        type: job.type
+      });
+      await this.client.failJob(this.options.projectId, job.id, {
+        error: {
+          code: "VALIDATION_ERROR",
+          message: `Unsupported job type: ${job.type}`
+        }
+      }, { claimId });
+      return;
+    }
+    const context = {
+      projectId: this.options.projectId,
+      jobId: job.id,
+      correlationId: claimId
+    };
+    let heartbeatTimer = null;
+    const heartbeat = async () => {
+      try {
+        await this.client.heartbeatJob(this.options.projectId, job.id, { claimId });
+      } catch (error) {
+        this.logger.warn("heartbeat failed", {
+          jobId: job.id,
+          error: safeErrorMessage(error)
+        });
+      }
+    };
+    try {
+      const claim = toClaim(job);
+      const config = toConfig(job);
+      const model = resolveModel(config);
+      const target = resolveTarget(claim, config);
+      const plan = resolvePlan(config);
+      const perJobQualityGate = resolvePerJobQualityGatePolicy(this.qualityGatePolicy, config, plan);
+      heartbeatTimer = setInterval(heartbeat, this.heartbeatIntervalMs);
+      await heartbeat();
+      const unlearningOutput = await this.adapter.runUnlearning(
+        { model, target, plan, claim, config },
+        context
+      );
+      assertUnlearningOutput(unlearningOutput);
+      let evaluationOutput;
+      if (this.adapter.runEvaluation) {
+        evaluationOutput = await this.adapter.runEvaluation(
+          {
+            model: unlearningOutput.updatedModel,
+            baselineModel: model,
+            claim,
+            config,
+            probes: config.parameters?.probes || []
+          },
+          context
+        );
+        assertEvaluationOutput(evaluationOutput);
+      }
+      const qualityGate = evaluateWhiteboxQualityGate(
+        unlearningOutput,
+        evaluationOutput,
+        perJobQualityGate.policy
+      );
+      if (!qualityGate.pass && this.qualityGateOnFailure === "fail_job") {
+        throw new Error(`QUALITY_GATE_FAILED: ${qualityGate.reasons.join(" | ")}`);
+      }
+      const finalVerdict = qualityGate.pass ? evaluationOutput?.finalVerdict || "REVIEW" : "REVIEW";
+      const result = {
+        result: {
+          worker: {
+            adapter: this.adapter.name,
+            mode: "whitebox"
+          },
+          claim: buildResultClaim(claim, this.resultClaimMode),
+          plan,
+          unlearning: unlearningOutput,
+          evaluation: evaluationOutput || null,
+          quality_gate: qualityGate,
+          quality_gate_preset: perJobQualityGate.preset,
+          final_verdict: finalVerdict,
+          report_hash: unlearningOutput.modelAfterSha256 || null,
+          privacy: {
+            claim_mode: this.resultClaimMode
+          }
+        }
+      };
+      await this.client.completeJob(this.options.projectId, job.id, result, { claimId });
+      this.logger.info("job completed", {
+        jobId: job.id,
+        type: job.type,
+        adapter: this.adapter.name
+      });
+    } catch (error) {
+      this.logger.error("job failed", {
+        jobId: job.id,
+        type: job.type,
+        error: safeErrorMessage(error)
+      });
+      await this.client.failJob(this.options.projectId, job.id, toJobError(error), { claimId });
+    } finally {
+      if (heartbeatTimer) {
+        clearInterval(heartbeatTimer);
+      }
+    }
+  }
+};
+// src/native-adapters.ts
+var import_node_child_process = require("child_process");
+var DEFAULT_ADAPTER_TIMEOUT_MS = 30 * 60 * 1e3;
+var LocalCommandTrainingAdapter = class {
+  constructor(options) {
+    this.options = options;
+    this.name = options.name || "local-command-adapter";
+  }
+  async runUnlearning(input, context) {
+    const spec = resolveCommandSpec(this.options.unlearning, input, context);
+    const output = await runJsonCommand(
+      spec,
+      {
+        mode: "unlearning",
+        input,
+        context
+      },
+      this.options.timeoutMs ?? DEFAULT_ADAPTER_TIMEOUT_MS
+    );
+    return output;
+  }
+  async runEvaluation(input, context) {
+    if (!this.options.evaluation) {
+      throw new Error("LocalCommandTrainingAdapter evaluation command is not configured.");
+    }
+    const spec = resolveCommandSpec(this.options.evaluation, input, context);
+    const output = await runJsonCommand(
+      spec,
+      {
+        mode: "evaluation",
+        input,
+        context
+      },
+      this.options.timeoutMs ?? DEFAULT_ADAPTER_TIMEOUT_MS
+    );
+    return output;
+  }
+};
+var HttpTrainingAdapter = class {
+  constructor(options) {
+    this.options = options;
+    this.name = options.name || "http-training-adapter";
+  }
+  async runUnlearning(input, context) {
+    const output = await postJson(
+      this.options.unlearningUrl,
+      {
+        mode: "unlearning",
+        input,
+        context
+      },
+      this.options.headers,
+      this.options.timeoutMs ?? DEFAULT_ADAPTER_TIMEOUT_MS
+    );
+    return output;
+  }
+  async runEvaluation(input, context) {
+    if (!this.options.evaluationUrl) {
+      throw new Error("HttpTrainingAdapter evaluationUrl is not configured.");
+    }
+    const output = await postJson(
+      this.options.evaluationUrl,
+      {
+        mode: "evaluation",
+        input,
+        context
+      },
+      this.options.headers,
+      this.options.timeoutMs ?? DEFAULT_ADAPTER_TIMEOUT_MS
+    );
+    return output;
+  }
 };
+var createNativeTrainingAdapter = (config) => {
+  if (config.provider === "local_command") {
+    const { provider: _provider2, ...rest2 } = config;
+    return new LocalCommandTrainingAdapter(rest2);
+  }
+  const { provider: _provider, ...rest } = config;
+  return new HttpTrainingAdapter(rest);
+};
+function resolveCommandSpec(resolver, input, context) {
+  const resolved = typeof resolver === "function" ? resolver(input, context) : resolver;
+  if (!resolved?.command) {
+    throw new Error("Adapter command is missing.");
+  }
+  return resolved;
+}
+async function runJsonCommand(spec, payload, defaultTimeoutMs) {
+  const timeoutMs = spec.timeoutMs ?? defaultTimeoutMs;
+  return new Promise((resolve, reject) => {
+    const child = (0, import_node_child_process.spawn)(spec.command, spec.args || [], {
+      cwd: spec.cwd,
+      env: { ...process.env, ...spec.env || {} },
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    let stdout = "";
+    let stderr = "";
+    let timedOut = false;
+    let hardKillTimer = null;
+    const timer = setTimeout(() => {
+      timedOut = true;
+      child.kill("SIGTERM");
+      hardKillTimer = setTimeout(() => child.kill("SIGKILL"), 1e3);
+    }, timeoutMs);
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", (error) => {
+      clearTimeout(timer);
+      if (hardKillTimer) clearTimeout(hardKillTimer);
+      reject(error);
+    });
+    child.on("close", (code) => {
+      clearTimeout(timer);
+      if (hardKillTimer) clearTimeout(hardKillTimer);
+      if (timedOut) {
+        reject(new Error(`Adapter command timed out after ${timeoutMs}ms: ${spec.command}`));
+        return;
+      }
+      if (code !== 0) {
+        reject(
+          new Error(
+            `Adapter command failed (${code}): ${spec.command} ${(spec.args || []).join(" ")}; stderr=${stderr.trim()}`
+          )
+        );
+        return;
+      }
+      const trimmed = stdout.trim();
+      if (!trimmed) {
+        reject(new Error(`Adapter command returned empty stdout: ${spec.command}`));
+        return;
+      }
+      try {
+        resolve(JSON.parse(trimmed));
+      } catch {
+        reject(new Error(`Adapter command output is not valid JSON: ${trimmed.slice(0, 800)}`));
+      }
+    });
+    if (spec.stdinMode !== "none") {
+      try {
+        child.stdin.write(JSON.stringify(payload));
+      } catch (error) {
+        clearTimeout(timer);
+        if (hardKillTimer) clearTimeout(hardKillTimer);
+        reject(error);
+        return;
+      }
+    }
+    child.stdin.end();
+  });
+}
+async function postJson(url, body, headers, timeoutMs) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        "content-type": "application/json",
+        ...headers || {}
+      },
+      body: JSON.stringify(body),
+      signal: controller.signal
+    });
+    const text = await response.text();
+    if (!response.ok) {
+      throw new Error(`HTTP adapter request failed (${response.status}): ${text.slice(0, 800)}`);
+    }
+    if (!text.trim()) {
+      throw new Error(`HTTP adapter returned empty response: ${url}`);
+    }
+    try {
+      return JSON.parse(text);
+    } catch {
+      throw new Error(`HTTP adapter returned non-JSON response: ${text.slice(0, 800)}`);
+    }
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+// src/deployment-profiles.ts
+var ENTERPRISE_STRICT_QUALITY_GATE_POLICY = {
+  ...WHITEBOX_QUALITY_GATE_PRESETS.strict
+};
+function assertDeploymentCompatibility(options) {
+  const normalizedHost = parseHost(options.apiUrl);
+  if (!normalizedHost) {
+    throw new Error(`Invalid FORG3T_API_URL: ${options.apiUrl}`);
+  }
+  if (options.profile !== "customer_airgapped") {
+    return;
+  }
+  if (options.adapterMode === "http" && !options.allowHttpInAirgapped) {
+    throw new Error(
+      "Air-gapped profile rejects adapterMode=http by default. Use local_command or explicitly set allowHttpInAirgapped=true for trusted internal gateways."
+    );
+  }
+  if (!isHostAllowedForAirgapped(normalizedHost, options.allowedApiHosts || [])) {
+    throw new Error(
+      `Air-gapped profile requires a private/control-plane host. Received ${normalizedHost}. Set allowedApiHosts for private DNS hosts if needed.`
+    );
+  }
+}
+function buildWhiteboxWorkerOptions(profile, baseOptions) {
+  const strictMode = profile === "customer_airgapped" || profile === "customer_online";
+  const defaultPolicy = strictMode ? ENTERPRISE_STRICT_QUALITY_GATE_POLICY : DEFAULT_WHITEBOX_QUALITY_GATE_POLICY;
+  const defaultSupportedTypes = ["MODEL_UNLEARN"];
+  return {
+    projectId: baseOptions.projectId,
+    pollIntervalMs: baseOptions.pollIntervalMs ?? 2e3,
+    claimBatchSize: baseOptions.claimBatchSize ?? 1,
+    heartbeatIntervalMs: baseOptions.heartbeatIntervalMs ?? 2e4,
+    supportedJobTypes: baseOptions.supportedJobTypes ?? defaultSupportedTypes,
+    qualityGatePolicy: baseOptions.qualityGatePolicy ?? defaultPolicy,
+    qualityGateOnFailure: baseOptions.qualityGateOnFailure ?? "fail_job",
+    resultClaimMode: baseOptions.resultClaimMode ?? "hash",
+    logger: baseOptions.logger
+  };
+}
+function parseHost(apiUrl) {
+  try {
+    const parsed = new URL(apiUrl);
+    return parsed.hostname.toLowerCase();
+  } catch {
+    return null;
+  }
+}
+function isHostAllowedForAirgapped(host, allowedApiHosts) {
+  if (isPrivateHost(host)) {
+    return true;
+  }
+  const allowSet = new Set(allowedApiHosts.map((item) => item.trim().toLowerCase()).filter(Boolean));
+  return allowSet.has(host);
+}
+function isPrivateHost(host) {
+  if (host === "localhost" || host === "127.0.0.1" || host === "::1") {
+    return true;
+  }
+  if (host.endsWith(".local") || host.endsWith(".internal") || host.endsWith(".lan")) {
+    return true;
+  }
+  const parts = host.split(".");
+  if (parts.length !== 4 || parts.some((part) => Number.isNaN(Number(part)))) {
+    return false;
+  }
+  const octets = parts.map((part) => Number(part));
+  const [a, b] = octets;
+  if (a === 10) return true;
+  if (a === 127) return true;
+  if (a === 192 && b === 168) return true;
+  if (a === 172 && b >= 16 && b <= 31) return true;
+  return false;
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AccessLevel,
+  DEFAULT_WHITEBOX_QUALITY_GATE_POLICY,
+  ENTERPRISE_STRICT_QUALITY_GATE_POLICY,
   Forg3tApiConnectionError,
   Forg3tAuthenticationError,
   Forg3tClient,
   Forg3tError,
   Forg3tNotFoundError,
-  Forg3tRateLimitError
+  Forg3tNotImplementedError,
+  Forg3tRateLimitError,
+  HttpTrainingAdapter,
+  IntegrationMode,
+  IntegrationType,
+  LocalCommandTrainingAdapter,
+  WHITEBOX_QUALITY_GATE_PRESETS,
+  WHITEBOX_QUALITY_GATE_PRESET_EXPLANATIONS,
+  WhiteboxWorker,
+  assertDeploymentCompatibility,
+  buildModelUnlearningPayload,
+  buildWhiteboxWorkerOptions,
+  createNativeTrainingAdapter,
+  evaluateWhiteboxQualityGate,
+  resolveWhiteboxQualityGatePolicy
 });