npm - @framers/agentos - Versions diffs - 0.1.6 → 0.1.7 - Mend

@framers/agentos 0.1.6 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (260) hide show

package/dist/core/provenance/enforcement/AutonomyGuard.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * @file AutonomyGuard.ts
+ * @description Enforces autonomy rules in sealed mode.
+ * Blocks human input/prompting after genesis, logs all human interventions.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import type { AutonomyConfig } from '../types.js';
+import type { SignedEventLedger } from '../ledger/SignedEventLedger.js';
+export declare class AutonomyGuard {
+    private readonly config;
+    private readonly ledger;
+    private genesisRecorded;
+    constructor(config: AutonomyConfig, ledger?: SignedEventLedger | null);
+    /**
+     * Check if a human action is allowed under the current autonomy config.
+     * Throws ProvenanceViolationError if the action is blocked.
+     *
+     * @param actionType - Type of human action (e.g., 'prompt', 'edit_config', 'add_tool', 'pause', 'stop')
+     * @param details - Optional details about the action
+     */
+    checkHumanAction(actionType: string, details?: Record<string, unknown>): Promise<void>;
+    /**
+     * Record the genesis event, marking the start of sealed autonomous operation.
+     */
+    recordGenesis(genesisEventId: string): Promise<void>;
+    /**
+     * Check if genesis has been recorded.
+     */
+    isSealed(): boolean;
+    /**
+     * Check whether a specific action type would be blocked.
+     * Returns true if the action is allowed, false if it would be blocked.
+     */
+    wouldAllow(actionType: string): boolean;
+}
+//# sourceMappingURL=AutonomyGuard.d.ts.map

package/dist/core/provenance/enforcement/AutonomyGuard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AutonomyGuard.d.ts","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/AutonomyGuard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAA0B,MAAM,aAAa,CAAC;AAE1E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAMxE,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAClD,OAAO,CAAC,eAAe,CAAkB;gBAE7B,MAAM,EAAE,cAAc,EAAE,MAAM,GAAE,iBAAiB,GAAG,IAAW;IAM3E;;;;;;OAMG;IACG,gBAAgB,CACpB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,OAAO,CAAC,IAAI,CAAC;IA0EhB;;OAEG;IACG,aAAa,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK1D;;OAEG;IACH,QAAQ,IAAI,OAAO;IAInB;;;OAGG;IACH,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;CAoBxC"}

package/dist/core/provenance/enforcement/AutonomyGuard.js ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * @file AutonomyGuard.ts
+ * @description Enforces autonomy rules in sealed mode.
+ * Blocks human input/prompting after genesis, logs all human interventions.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import { ProvenanceViolationError } from '../types.js';
+// =============================================================================
+// AutonomyGuard
+// =============================================================================
+export class AutonomyGuard {
+    constructor(config, ledger = null) {
+        this.genesisRecorded = false;
+        this.config = config;
+        this.ledger = ledger;
+        this.genesisRecorded = !!config.genesisEventId;
+    }
+    /**
+     * Check if a human action is allowed under the current autonomy config.
+     * Throws ProvenanceViolationError if the action is blocked.
+     *
+     * @param actionType - Type of human action (e.g., 'prompt', 'edit_config', 'add_tool', 'pause', 'stop')
+     * @param details - Optional details about the action
+     */
+    async checkHumanAction(actionType, details) {
+        if (!this.genesisRecorded) {
+            // Before genesis, all human actions are allowed
+            return;
+        }
+        // Check whitelist first
+        if (this.config.allowedHumanActions?.includes(actionType)) {
+            // Allowed but log it
+            if (this.ledger) {
+                await this.ledger.appendEvent('human.intervention', {
+                    interventionType: actionType,
+                    allowed: true,
+                    details,
+                });
+            }
+            return;
+        }
+        // Check specific permissions
+        switch (actionType) {
+            case 'prompt':
+            case 'user_message':
+            case 'human_input':
+                if (!this.config.allowHumanPrompting) {
+                    throw new ProvenanceViolationError(`Human prompting is blocked in sealed autonomous mode. Action: ${actionType}`, { code: 'AUTONOMY_HUMAN_PROMPT_BLOCKED', operation: actionType });
+                }
+                break;
+            case 'edit_config':
+            case 'config_change':
+                if (!this.config.allowConfigEdits) {
+                    throw new ProvenanceViolationError(`Configuration changes are blocked in sealed autonomous mode.`, { code: 'AUTONOMY_CONFIG_EDIT_BLOCKED', operation: actionType });
+                }
+                break;
+            case 'add_tool':
+            case 'remove_tool':
+            case 'tool_change':
+                if (!this.config.allowToolChanges) {
+                    throw new ProvenanceViolationError(`Tool changes are blocked in sealed autonomous mode.`, { code: 'AUTONOMY_TOOL_CHANGE_BLOCKED', operation: actionType });
+                }
+                break;
+            default:
+                // Unknown action types are blocked by default in sealed mode
+                // unless explicitly in the allowedHumanActions list
+                if (!this.config.allowHumanPrompting) {
+                    throw new ProvenanceViolationError(`Human action '${actionType}' is blocked in sealed autonomous mode.`, { code: 'AUTONOMY_ACTION_BLOCKED', operation: actionType });
+                }
+        }
+        // Log the allowed action
+        if (this.ledger) {
+            await this.ledger.appendEvent('human.intervention', {
+                interventionType: actionType,
+                allowed: true,
+                details,
+            });
+        }
+    }
+    /**
+     * Record the genesis event, marking the start of sealed autonomous operation.
+     */
+    async recordGenesis(genesisEventId) {
+        this.config.genesisEventId = genesisEventId;
+        this.genesisRecorded = true;
+    }
+    /**
+     * Check if genesis has been recorded.
+     */
+    isSealed() {
+        return this.genesisRecorded;
+    }
+    /**
+     * Check whether a specific action type would be blocked.
+     * Returns true if the action is allowed, false if it would be blocked.
+     */
+    wouldAllow(actionType) {
+        if (!this.genesisRecorded)
+            return true;
+        if (this.config.allowedHumanActions?.includes(actionType))
+            return true;
+        switch (actionType) {
+            case 'prompt':
+            case 'user_message':
+            case 'human_input':
+                return this.config.allowHumanPrompting;
+            case 'edit_config':
+            case 'config_change':
+                return this.config.allowConfigEdits;
+            case 'add_tool':
+            case 'remove_tool':
+            case 'tool_change':
+                return this.config.allowToolChanges;
+            default:
+                return this.config.allowHumanPrompting;
+        }
+    }
+}
+//# sourceMappingURL=AutonomyGuard.js.map

package/dist/core/provenance/enforcement/AutonomyGuard.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AutonomyGuard.js","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/AutonomyGuard.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAGvD,gFAAgF;AAChF,gBAAgB;AAChB,gFAAgF;AAEhF,MAAM,OAAO,aAAa;IAKxB,YAAY,MAAsB,EAAE,SAAmC,IAAI;QAFnE,oBAAe,GAAY,KAAK,CAAC;QAGvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,gBAAgB,CACpB,UAAkB,EAClB,OAAiC;QAEjC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC1B,gDAAgD;YAChD,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1D,qBAAqB;YACrB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,oBAAoB,EAAE;oBAClD,gBAAgB,EAAE,UAAU;oBAC5B,OAAO,EAAE,IAAI;oBACb,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;YACD,OAAO;QACT,CAAC;QAED,6BAA6B;QAC7B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,QAAQ,CAAC;YACd,KAAK,cAAc,CAAC;YACpB,KAAK,aAAa;gBAChB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;oBACrC,MAAM,IAAI,wBAAwB,CAChC,iEAAiE,UAAU,EAAE,EAC7E,EAAE,IAAI,EAAE,+BAA+B,EAAE,SAAS,EAAE,UAAU,EAAE,CACjE,CAAC;gBACJ,CAAC;gBACD,MAAM;YAER,KAAK,aAAa,CAAC;YACnB,KAAK,eAAe;gBAClB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;oBAClC,MAAM,IAAI,wBAAwB,CAChC,8DAA8D,EAC9D,EAAE,IAAI,EAAE,8BAA8B,EAAE,SAAS,EAAE,UAAU,EAAE,CAChE,CAAC;gBACJ,CAAC;gBACD,MAAM;YAER,KAAK,UAAU,CAAC;YAChB,KAAK,aAAa,CAAC;YACnB,KAAK,aAAa;gBAChB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;oBAClC,MAAM,IAAI,wBAAwB,CAChC,qDAAqD,EACrD,EAAE,IAAI,EAAE,8BAA8B,EAAE,SAAS,EAAE,UAAU,EAAE,CAChE,CAAC;gBACJ,CAAC;gBACD,MAAM;YAER;gBACE,6DAA6D;gBAC7D,oDAAoD;gBACpD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;oBACrC,MAAM,IAAI,wBAAwB,CAChC,iBAAiB,UAAU,yCAAyC,EACpE,EAAE,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,UAAU,EAAE,CAC3D,CAAC;gBACJ,CAAC;QACL,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,oBAAoB,EAAE;gBAClD,gBAAgB,EAAE,UAAU;gBAC5B,OAAO,EAAE,IAAI;gBACb,OAAO;aACR,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,cAAsB;QACxC,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;QAC5C,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,UAAkB;QAC3B,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAO,IAAI,CAAC;QACvC,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAEvE,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,QAAQ,CAAC;YACd,KAAK,cAAc,CAAC;YACpB,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;YACzC,KAAK,aAAa,CAAC;YACnB,KAAK,eAAe;gBAClB,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YACtC,KAAK,UAAU,CAAC;YAChB,KAAK,aAAa,CAAC;YACnB,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YACtC;gBACE,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;QAC3C,CAAC;IACH,CAAC;CACF"}

package/dist/core/provenance/enforcement/ProvenanceStorageHooks.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * @file ProvenanceStorageHooks.ts
+ * @description StorageHooks implementation that enforces provenance policies.
+ * Integrates with sql-storage-adapter's onBeforeWrite/onAfterWrite hooks.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import type { ProvenanceSystemConfig } from '../types.js';
+import type { SignedEventLedger } from '../ledger/SignedEventLedger.js';
+import type { RevisionManager } from './RevisionManager.js';
+import type { TombstoneManager } from './TombstoneManager.js';
+interface WriteContext {
+    readonly operation: 'run' | 'batch';
+    statement: string;
+    parameters?: unknown[];
+    affectedTables?: string[];
+    readonly inTransaction?: boolean;
+    operationId: string;
+    startTime: number;
+    adapterKind?: string;
+    metadata?: Record<string, unknown>;
+}
+interface StorageRunResult {
+    changes: number;
+    lastInsertRowid?: string | number | null;
+}
+type WriteHookResult = WriteContext | undefined | void;
+interface StorageHooks {
+    onBeforeWrite?(context: WriteContext): Promise<WriteHookResult>;
+    onAfterWrite?(context: WriteContext, result: StorageRunResult): Promise<void>;
+}
+/**
+ * Create StorageHooks that enforce provenance policies.
+ *
+ * @param config - The provenance system configuration.
+ * @param ledger - The signed event ledger (optional, for logging events).
+ * @param revisionManager - For capturing revisions in revisioned mode.
+ * @param tombstoneManager - For creating tombstones in revisioned mode.
+ * @returns StorageHooks compatible with sql-storage-adapter's combineHooks().
+ */
+export declare function createProvenanceHooks(config: ProvenanceSystemConfig, ledger?: SignedEventLedger, revisionManager?: RevisionManager, tombstoneManager?: TombstoneManager): StorageHooks;
+export {};
+//# sourceMappingURL=ProvenanceStorageHooks.d.ts.map

package/dist/core/provenance/enforcement/ProvenanceStorageHooks.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ProvenanceStorageHooks.d.ts","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/ProvenanceStorageHooks.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAuB,MAAM,aAAa,CAAC;AAE/E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAM9D,UAAU,YAAY;IACpB,QAAQ,CAAC,SAAS,EAAE,KAAK,GAAG,OAAO,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,UAAU,gBAAgB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CAC1C;AAED,KAAK,eAAe,GAAG,YAAY,GAAG,SAAS,GAAG,IAAI,CAAC;AAEvD,UAAU,YAAY;IACpB,aAAa,CAAC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAChE,YAAY,CAAC,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/E;AA+FD;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,sBAAsB,EAC9B,MAAM,CAAC,EAAE,iBAAiB,EAC1B,eAAe,CAAC,EAAE,eAAe,EACjC,gBAAgB,CAAC,EAAE,gBAAgB,GAClC,YAAY,CAkGd"}

package/dist/core/provenance/enforcement/ProvenanceStorageHooks.js ADDED Viewed

@@ -0,0 +1,193 @@
+/**
+ * @file ProvenanceStorageHooks.ts
+ * @description StorageHooks implementation that enforces provenance policies.
+ * Integrates with sql-storage-adapter's onBeforeWrite/onAfterWrite hooks.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import { ProvenanceViolationError } from '../types.js';
+function detectSqlOperation(statement) {
+    const trimmed = statement.trim().toUpperCase();
+    if (trimmed.startsWith('INSERT'))
+        return 'INSERT';
+    if (trimmed.startsWith('UPDATE'))
+        return 'UPDATE';
+    if (trimmed.startsWith('DELETE'))
+        return 'DELETE';
+    if (trimmed.startsWith('CREATE'))
+        return 'CREATE';
+    if (trimmed.startsWith('ALTER'))
+        return 'ALTER';
+    if (trimmed.startsWith('DROP'))
+        return 'DROP';
+    return 'UNKNOWN';
+}
+function extractTableFromStatement(statement) {
+    const trimmed = statement.trim();
+    // INSERT INTO <table>
+    const insertMatch = trimmed.match(/INSERT\s+(?:OR\s+\w+\s+)?INTO\s+(\S+)/i);
+    if (insertMatch)
+        return insertMatch[1];
+    // UPDATE <table>
+    const updateMatch = trimmed.match(/UPDATE\s+(\S+)/i);
+    if (updateMatch)
+        return updateMatch[1];
+    // DELETE FROM <table>
+    const deleteMatch = trimmed.match(/DELETE\s+FROM\s+(\S+)/i);
+    if (deleteMatch)
+        return deleteMatch[1];
+    return undefined;
+}
+function extractWhereClause(statement) {
+    const whereMatch = statement.match(/WHERE\s+(.+?)(?:;|\s*$)/i);
+    if (!whereMatch)
+        return null;
+    return { clause: whereMatch[1], params: [] };
+}
+function inferWhereParameters(whereClause, parameters) {
+    const positional = Array.isArray(parameters) ? parameters : [];
+    const placeholderCount = (whereClause.match(/\?/g) || []).length;
+    if (placeholderCount <= 0) {
+        return positional;
+    }
+    if (positional.length <= placeholderCount) {
+        return positional;
+    }
+    return positional.slice(positional.length - placeholderCount);
+}
+// =============================================================================
+// isTableProtected
+// =============================================================================
+function isTableProtected(tableName, config) {
+    // Skip provenance's own tables
+    if (tableName.includes('signed_events') ||
+        tableName.includes('revisions') ||
+        tableName.includes('tombstones') ||
+        tableName.includes('anchors') ||
+        tableName.includes('agent_keys')) {
+        return false;
+    }
+    // Check exempt tables
+    if (config.exemptTables?.includes(tableName)) {
+        return false;
+    }
+    // If protectedTables is specified, only those are protected
+    if (config.protectedTables && config.protectedTables.length > 0) {
+        return config.protectedTables.includes(tableName);
+    }
+    // Default: all tables are protected
+    return true;
+}
+// =============================================================================
+// Factory: createProvenanceHooks
+// =============================================================================
+/**
+ * Create StorageHooks that enforce provenance policies.
+ *
+ * @param config - The provenance system configuration.
+ * @param ledger - The signed event ledger (optional, for logging events).
+ * @param revisionManager - For capturing revisions in revisioned mode.
+ * @param tombstoneManager - For creating tombstones in revisioned mode.
+ * @returns StorageHooks compatible with sql-storage-adapter's combineHooks().
+ */
+export function createProvenanceHooks(config, ledger, revisionManager, tombstoneManager) {
+    return {
+        onBeforeWrite: async (context) => {
+            const operation = detectSqlOperation(context.statement);
+            const table = context.affectedTables?.[0] ?? extractTableFromStatement(context.statement);
+            // Schema operations always allowed
+            if (operation === 'CREATE' || operation === 'ALTER' || operation === 'DROP') {
+                return context;
+            }
+            // Check if the table is protected
+            if (!table || !isTableProtected(table, config.storagePolicy)) {
+                return context;
+            }
+            const mode = config.storagePolicy.mode;
+            switch (mode) {
+                case 'sealed':
+                    if (operation === 'UPDATE' || operation === 'DELETE') {
+                        throw new ProvenanceViolationError(`${operation} operations are forbidden in sealed mode on table '${table}'`, { code: 'SEALED_MUTATION_BLOCKED', table, operation });
+                    }
+                    break;
+                case 'revisioned':
+                    if (operation === 'UPDATE' && revisionManager) {
+                        // Capture snapshot before the update
+                        const where = extractWhereClause(context.statement);
+                        if (where) {
+                            await revisionManager.captureRevision(table, where.clause, inferWhereParameters(where.clause, context.parameters));
+                        }
+                    }
+                    if (operation === 'DELETE' && tombstoneManager) {
+                        // Create tombstone and abort the actual DELETE
+                        const where = extractWhereClause(context.statement);
+                        if (where) {
+                            await tombstoneManager.createTombstone(table, where.clause, inferWhereParameters(where.clause, context.parameters));
+                        }
+                        // Return undefined to abort the DELETE
+                        return undefined;
+                    }
+                    break;
+                case 'mutable':
+                    // No enforcement
+                    break;
+            }
+            return context;
+        },
+        onAfterWrite: async (context, result) => {
+            // Log events to the signed ledger (for all modes when provenance is enabled)
+            if (!config.provenance.enabled || !ledger || result.changes === 0) {
+                return;
+            }
+            const operation = detectSqlOperation(context.statement);
+            const table = context.affectedTables?.[0] ?? extractTableFromStatement(context.statement);
+            if (!table)
+                return;
+            // Skip logging for provenance's own tables (prevent infinite recursion)
+            if (table.includes('signed_events') ||
+                table.includes('revisions') ||
+                table.includes('tombstones') ||
+                table.includes('anchors') ||
+                table.includes('agent_keys')) {
+                return;
+            }
+            // Map SQL operation to event type
+            const eventType = mapOperationToEventType(operation, table);
+            if (!eventType)
+                return;
+            await ledger.appendEvent(eventType, {
+                table,
+                operation,
+                changes: result.changes,
+                operationId: context.operationId,
+            });
+        },
+    };
+}
+// =============================================================================
+// Helpers
+// =============================================================================
+function mapOperationToEventType(operation, table) {
+    if (table.includes('message')) {
+        switch (operation) {
+            case 'INSERT': return 'message.created';
+            case 'UPDATE': return 'message.revised';
+            case 'DELETE': return 'message.tombstoned';
+        }
+    }
+    if (table.includes('conversation')) {
+        switch (operation) {
+            case 'INSERT': return 'conversation.created';
+            case 'UPDATE': return 'conversation.archived';
+            case 'DELETE': return 'conversation.tombstoned';
+        }
+    }
+    // Generic storage events
+    switch (operation) {
+        case 'INSERT': return 'memory.stored';
+        case 'UPDATE': return 'memory.revised';
+        case 'DELETE': return 'memory.tombstoned';
+    }
+    return null;
+}
+//# sourceMappingURL=ProvenanceStorageHooks.js.map

package/dist/core/provenance/enforcement/ProvenanceStorageHooks.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ProvenanceStorageHooks.js","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/ProvenanceStorageHooks.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAuCvD,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC/C,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAClD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAChD,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9C,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,yBAAyB,CAAC,SAAiB;IAClD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAEjC,sBAAsB;IACtB,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5E,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC;IAEvC,iBAAiB;IACjB,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC;IAEvC,sBAAsB;IACtB,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5D,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC;IAEvC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,oBAAoB,CAAC,WAAmB,EAAE,UAAoB;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,MAAM,gBAAgB,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IAEjE,IAAI,gBAAgB,IAAI,CAAC,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,IAAI,gBAAgB,EAAE,CAAC;QAC1C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,gBAAgB,CAAC,CAAC;AAChE,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF,SAAS,gBAAgB,CACvB,SAAiB,EACjB,MAA+C;IAE/C,+BAA+B;IAC/B,IACE,SAAS,CAAC,QAAQ,CAAC,eAAe,CAAC;QACnC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC/B,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;QAChC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC7B,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,EAChC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4DAA4D;IAC5D,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,OAAO,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;IAED,oCAAoC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gFAAgF;AAChF,iCAAiC;AACjC,gFAAgF;AAEhF;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAA8B,EAC9B,MAA0B,EAC1B,eAAiC,EACjC,gBAAmC;IAEnC,OAAO;QACL,aAAa,EAAE,KAAK,EAAE,OAAqB,EAA4B,EAAE;YACvE,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACxD,MAAM,KAAK,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,yBAAyB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAE1F,mCAAmC;YACnC,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;gBAC5E,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,kCAAkC;YAClC,IAAI,CAAC,KAAK,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC7D,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC;YAEvC,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,QAAQ;oBACX,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;wBACrD,MAAM,IAAI,wBAAwB,CAChC,GAAG,SAAS,sDAAsD,KAAK,GAAG,EAC1E,EAAE,IAAI,EAAE,yBAAyB,EAAE,KAAK,EAAE,SAAS,EAAE,CACtD,CAAC;oBACJ,CAAC;oBACD,MAAM;gBAER,KAAK,YAAY;oBACf,IAAI,SAAS,KAAK,QAAQ,IAAI,eAAe,EAAE,CAAC;wBAC9C,qCAAqC;wBACrC,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;wBACpD,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,eAAe,CAAC,eAAe,CACnC,KAAK,EACL,KAAK,CAAC,MAAM,EACZ,oBAAoB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CACvD,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,IAAI,SAAS,KAAK,QAAQ,IAAI,gBAAgB,EAAE,CAAC;wBAC/C,+CAA+C;wBAC/C,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;wBACpD,IAAI,KAAK,EAAE,CAAC;4BACV,MAAM,gBAAgB,CAAC,eAAe,CACpC,KAAK,EACL,KAAK,CAAC,MAAM,EACZ,oBAAoB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CACvD,CAAC;wBACJ,CAAC;wBACD,uCAAuC;wBACvC,OAAO,SAAS,CAAC;oBACnB,CAAC;oBACD,MAAM;gBAER,KAAK,SAAS;oBACZ,iBAAiB;oBACjB,MAAM;YACV,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,YAAY,EAAE,KAAK,EAAE,OAAqB,EAAE,MAAwB,EAAiB,EAAE;YACrF,6EAA6E;YAC7E,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACxD,MAAM,KAAK,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,yBAAyB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAE1F,IAAI,CAAC,KAAK;gBAAE,OAAO;YAEnB,wEAAwE;YACxE,IACE,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC;gBAC/B,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAC3B,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC;gBAC5B,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACzB,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC5B,CAAC;gBACD,OAAO;YACT,CAAC;YAED,kCAAkC;YAClC,MAAM,SAAS,GAAG,uBAAuB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAC5D,IAAI,CAAC,SAAS;gBAAE,OAAO;YAEvB,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE;gBAClC,KAAK;gBACL,SAAS;gBACT,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,SAAS,uBAAuB,CAC9B,SAAuB,EACvB,KAAa;IAEb,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,QAAQ,CAAC,CAAC,OAAO,iBAAiB,CAAC;YACxC,KAAK,QAAQ,CAAC,CAAC,OAAO,iBAAiB,CAAC;YACxC,KAAK,QAAQ,CAAC,CAAC,OAAO,oBAAoB,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACnC,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,QAAQ,CAAC,CAAC,OAAO,sBAAsB,CAAC;YAC7C,KAAK,QAAQ,CAAC,CAAC,OAAO,uBAAuB,CAAC;YAC9C,KAAK,QAAQ,CAAC,CAAC,OAAO,yBAAyB,CAAC;QAClD,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,QAAQ,CAAC,CAAC,OAAO,eAAe,CAAC;QACtC,KAAK,QAAQ,CAAC,CAAC,OAAO,gBAAgB,CAAC;QACvC,KAAK,QAAQ,CAAC,CAAC,OAAO,mBAAmB,CAAC;IAC5C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/core/provenance/enforcement/RevisionManager.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * @file RevisionManager.ts
+ * @description Captures row snapshots before UPDATE operations in revisioned mode.
+ * Creates revision records so the full history of every row is preserved.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import type { RevisionRecord } from '../types.js';
+import type { SignedEventLedger } from '../ledger/SignedEventLedger.js';
+interface RevisionStorageAdapter {
+    run(statement: string, parameters?: unknown[]): Promise<{
+        changes: number;
+    }>;
+    all<T = unknown>(statement: string, parameters?: unknown[]): Promise<T[]>;
+    get<T = unknown>(statement: string, parameters?: unknown[]): Promise<T | null>;
+}
+export declare class RevisionManager {
+    private readonly storageAdapter;
+    private readonly ledger;
+    private readonly tablePrefix;
+    constructor(storageAdapter: RevisionStorageAdapter, ledger?: SignedEventLedger | null, tablePrefix?: string);
+    /**
+     * Capture the current state of records that are about to be updated.
+     * Call this BEFORE the UPDATE executes.
+     *
+     * @param tableName - The table being updated.
+     * @param whereClause - The WHERE clause from the UPDATE statement (without "WHERE").
+     * @param parameters - Parameters for the WHERE clause.
+     */
+    captureRevision(tableName: string, whereClause: string, parameters?: unknown[]): Promise<RevisionRecord[]>;
+    /**
+     * Get all revisions for a specific record.
+     */
+    getRevisions(tableName: string, recordId: string): Promise<RevisionRecord[]>;
+    /**
+     * Get the latest revision for a specific record.
+     */
+    getLatestRevision(tableName: string, recordId: string): Promise<RevisionRecord | null>;
+}
+export {};
+//# sourceMappingURL=RevisionManager.d.ts.map

package/dist/core/provenance/enforcement/RevisionManager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"RevisionManager.d.ts","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/RevisionManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAOxE,UAAU,sBAAsB;IAC9B,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7E,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1E,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAChF;AAMD,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAyB;IACxD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAGnC,cAAc,EAAE,sBAAsB,EACtC,MAAM,GAAE,iBAAiB,GAAG,IAAW,EACvC,WAAW,GAAE,MAAW;IAO1B;;;;;;;OAOG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,GAAE,OAAO,EAAO,GACzB,OAAO,CAAC,cAAc,EAAE,CAAC;IA2D5B;;OAEG;IACG,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAmBlF;;OAEG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;CAoB7F"}

package/dist/core/provenance/enforcement/RevisionManager.js ADDED Viewed

@@ -0,0 +1,105 @@
+/**
+ * @file RevisionManager.ts
+ * @description Captures row snapshots before UPDATE operations in revisioned mode.
+ * Creates revision records so the full history of every row is preserved.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import { v4 as uuidv4 } from 'uuid';
+import { HashChain } from '../crypto/HashChain.js';
+// =============================================================================
+// RevisionManager
+// =============================================================================
+export class RevisionManager {
+    constructor(storageAdapter, ledger = null, tablePrefix = '') {
+        this.storageAdapter = storageAdapter;
+        this.ledger = ledger;
+        this.tablePrefix = tablePrefix;
+    }
+    /**
+     * Capture the current state of records that are about to be updated.
+     * Call this BEFORE the UPDATE executes.
+     *
+     * @param tableName - The table being updated.
+     * @param whereClause - The WHERE clause from the UPDATE statement (without "WHERE").
+     * @param parameters - Parameters for the WHERE clause.
+     */
+    async captureRevision(tableName, whereClause, parameters = []) {
+        // Fetch current rows that match the WHERE clause
+        const rows = await this.storageAdapter.all(`SELECT * FROM ${tableName} WHERE ${whereClause}`, parameters);
+        const revisions = [];
+        for (const row of rows) {
+            // Determine the record ID (use 'id' column by convention)
+            const recordId = row.id ?? row.Id ?? row.ID ?? JSON.stringify(row);
+            // Get the current revision number for this record
+            const lastRevision = await this.storageAdapter.get(`SELECT MAX(revision_number) as revision_number FROM ${this.tablePrefix}revisions
+         WHERE table_name = ? AND record_id = ?`, [tableName, String(recordId)]);
+            const revisionNumber = (lastRevision?.revision_number ?? 0) + 1;
+            const snapshot = JSON.stringify(row);
+            const timestamp = new Date().toISOString();
+            const id = uuidv4();
+            // Log to signed event ledger
+            let eventId = id; // fallback
+            if (this.ledger) {
+                const event = await this.ledger.appendEvent('message.revised', {
+                    tableName,
+                    recordId: String(recordId),
+                    revisionNumber,
+                    previousContentHash: HashChain.computePayloadHash(row),
+                });
+                eventId = event.id;
+            }
+            // Insert revision record
+            await this.storageAdapter.run(`INSERT INTO ${this.tablePrefix}revisions
+         (id, table_name, record_id, revision_number, snapshot, event_id, timestamp)
+         VALUES (?, ?, ?, ?, ?, ?, ?)`, [id, tableName, String(recordId), revisionNumber, snapshot, eventId, timestamp]);
+            revisions.push({
+                id,
+                tableName,
+                recordId: String(recordId),
+                revisionNumber,
+                snapshot,
+                eventId,
+                timestamp,
+            });
+        }
+        return revisions;
+    }
+    /**
+     * Get all revisions for a specific record.
+     */
+    async getRevisions(tableName, recordId) {
+        const rows = await this.storageAdapter.all(`SELECT * FROM ${this.tablePrefix}revisions
+       WHERE table_name = ? AND record_id = ?
+       ORDER BY revision_number ASC`, [tableName, recordId]);
+        return rows.map(row => ({
+            id: row.id,
+            tableName: row.table_name,
+            recordId: row.record_id,
+            revisionNumber: row.revision_number,
+            snapshot: row.snapshot,
+            eventId: row.event_id,
+            timestamp: row.timestamp,
+        }));
+    }
+    /**
+     * Get the latest revision for a specific record.
+     */
+    async getLatestRevision(tableName, recordId) {
+        const row = await this.storageAdapter.get(`SELECT * FROM ${this.tablePrefix}revisions
+       WHERE table_name = ? AND record_id = ?
+       ORDER BY revision_number DESC LIMIT 1`, [tableName, recordId]);
+        if (!row)
+            return null;
+        return {
+            id: row.id,
+            tableName: row.table_name,
+            recordId: row.record_id,
+            revisionNumber: row.revision_number,
+            snapshot: row.snapshot,
+            eventId: row.event_id,
+            timestamp: row.timestamp,
+        };
+    }
+}
+//# sourceMappingURL=RevisionManager.js.map

package/dist/core/provenance/enforcement/RevisionManager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"RevisionManager.js","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/RevisionManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAGpC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAYnD,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF,MAAM,OAAO,eAAe;IAK1B,YACE,cAAsC,EACtC,SAAmC,IAAI,EACvC,cAAsB,EAAE;QAExB,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,WAAmB,EACnB,aAAwB,EAAE;QAE1B,iDAAiD;QACjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CACxC,iBAAiB,SAAS,UAAU,WAAW,EAAE,EACjD,UAAU,CACX,CAAC;QAEF,MAAM,SAAS,GAAqB,EAAE,CAAC;QAEvC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,0DAA0D;YAC1D,MAAM,QAAQ,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAEnE,kDAAkD;YAClD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAChD,uDAAuD,IAAI,CAAC,WAAW;gDAC/B,EACxC,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAC9B,CAAC;YAEF,MAAM,cAAc,GAAG,CAAC,YAAY,EAAE,eAAe,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACrC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YAEpB,6BAA6B;YAC7B,IAAI,OAAO,GAAG,EAAE,CAAC,CAAC,WAAW;YAC7B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,iBAAiB,EAAE;oBAC7D,SAAS;oBACT,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;oBAC1B,cAAc;oBACd,mBAAmB,EAAE,SAAS,CAAC,kBAAkB,CAAC,GAAG,CAAC;iBACvD,CAAC,CAAC;gBACH,OAAO,GAAG,KAAK,CAAC,EAAE,CAAC;YACrB,CAAC;YAED,yBAAyB;YACzB,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAC3B,eAAe,IAAI,CAAC,WAAW;;sCAED,EAC9B,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAChF,CAAC;YAEF,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE;gBACF,SAAS;gBACT,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;gBAC1B,cAAc;gBACd,QAAQ;gBACR,OAAO;gBACP,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,QAAgB;QACpD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CACxC,iBAAiB,IAAI,CAAC,WAAW;;oCAEH,EAC9B,CAAC,SAAS,EAAE,QAAQ,CAAC,CACtB,CAAC;QAEF,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtB,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,QAAQ,EAAE,GAAG,CAAC,SAAS;YACvB,cAAc,EAAE,GAAG,CAAC,eAAe;YACnC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,OAAO,EAAE,GAAG,CAAC,QAAQ;YACrB,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,SAAiB,EAAE,QAAgB;QACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CACvC,iBAAiB,IAAI,CAAC,WAAW;;6CAEM,EACvC,CAAC,SAAS,EAAE,QAAQ,CAAC,CACtB,CAAC;QAEF,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,SAAS,EAAE,GAAG,CAAC,UAAU;YACzB,QAAQ,EAAE,GAAG,CAAC,SAAS;YACvB,cAAc,EAAE,GAAG,CAAC,eAAe;YACnC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,OAAO,EAAE,GAAG,CAAC,QAAQ;YACrB,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC;IACJ,CAAC;CACF"}

package/dist/core/provenance/enforcement/TombstoneManager.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * @file TombstoneManager.ts
+ * @description Manages soft-deletion via tombstone records.
+ * In revisioned/sealed modes, DELETE operations are converted to tombstones.
+ *
+ * @module AgentOS/Provenance/Enforcement
+ */
+import type { TombstoneRecord } from '../types.js';
+import type { SignedEventLedger } from '../ledger/SignedEventLedger.js';
+interface TombstoneStorageAdapter {
+    run(statement: string, parameters?: unknown[]): Promise<{
+        changes: number;
+    }>;
+    all<T = unknown>(statement: string, parameters?: unknown[]): Promise<T[]>;
+    get<T = unknown>(statement: string, parameters?: unknown[]): Promise<T | null>;
+}
+export declare class TombstoneManager {
+    private readonly storageAdapter;
+    private readonly ledger;
+    private readonly tablePrefix;
+    constructor(storageAdapter: TombstoneStorageAdapter, ledger?: SignedEventLedger | null, tablePrefix?: string);
+    /**
+     * Create a tombstone for records about to be deleted.
+     * Call this INSTEAD of executing the DELETE.
+     *
+     * @param tableName - The table the records belong to.
+     * @param whereClause - The WHERE clause from the DELETE statement.
+     * @param parameters - Parameters for the WHERE clause.
+     * @param reason - Reason for deletion.
+     * @param initiator - Who initiated the deletion (agent ID or 'human').
+     */
+    createTombstone(tableName: string, whereClause: string, parameters?: unknown[], reason?: string, initiator?: string): Promise<TombstoneRecord[]>;
+    /**
+     * Check if a record has been tombstoned.
+     */
+    isTombstoned(tableName: string, recordId: string): Promise<boolean>;
+    /**
+     * Get the tombstone record for a specific record.
+     */
+    getTombstone(tableName: string, recordId: string): Promise<TombstoneRecord | null>;
+    /**
+     * Get all tombstones for a table.
+     */
+    getTombstones(tableName?: string): Promise<TombstoneRecord[]>;
+}
+export {};
+//# sourceMappingURL=TombstoneManager.d.ts.map

package/dist/core/provenance/enforcement/TombstoneManager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"TombstoneManager.d.ts","sourceRoot":"","sources":["../../../../src/core/provenance/enforcement/TombstoneManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAMxE,UAAU,uBAAuB;IAC/B,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7E,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1E,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAChF;AAMD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA0B;IACzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA2B;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAGnC,cAAc,EAAE,uBAAuB,EACvC,MAAM,GAAE,iBAAiB,GAAG,IAAW,EACvC,WAAW,GAAE,MAAW;IAO1B;;;;;;;;;OASG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,GAAE,OAAO,EAAO,EAC1B,MAAM,GAAE,MAAkB,EAC1B,SAAS,GAAE,MAAiB,GAC3B,OAAO,CAAC,eAAe,EAAE,CAAC;IAiE7B;;OAEG;IACG,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQzE;;OAEG;IACG,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAmBxF;;OAEG;IACG,aAAa,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CAsBpE"}