@full-self-browsing/lattice 1.4.0 → 1.5.0

package/dist/otel-BgM4e55_.d.ts

@@ -0,0 +1,421 @@
+import { Bt as ContextSummarizer, Qt as ExecutionPlan, T as Usage, Tt as TripwireEvidence, W as TrainingClass, bn as RunEventSink, ct as ToolDefinition, d as ProviderRunRequest, ln as UsageRecord, mn as OutputContractMap, qt as SessionRef, sn as RouteRejectReason, vn as RunEvent } from "./provider-C2IfKsvz.js";
+import { F as LatticeConfig, f as AgentIntent, h as DefaultAgentOutputs, n as CrewResult, p as AgentResult, r as RunAgentCrewOptions } from "./run-crew-Bnve5dyI.js";
+import { r as ArtifactInput, s as ArtifactRef, x as PolicySpec } from "./artifact-Bg6mJGnm.js";
+import { a as KeyEntry, c as ReceiptEnvelope, d as ReceiptRoute, i as ContractVerdict, l as ReceiptModel, n as InferOutputMap, o as KeySet, p as ReceiptSigner, y as VerifyResult } from "./infer-DLqp5QIM.js";
+import { n as CapabilityContract } from "./contract-S3oJGlc9.js";
+import { n as RunResult } from "./result-DLEx2WvU.js";
+
+//#region src/receipts/receipt.d.ts
+/**
+ * Public input to createReceipt. Mirrors CapabilityReceiptBody minus:
+ *   - `version` (forced to "lattice-receipt/v1.3" per Phase 46)
+ *   - `kid` (forced from signer.kid — caller cannot mismatch)
+ *   - `redactions[]` (populated by redactReceiptBody)
+ *   - `usage.costUsd` (converted to canonical string by usageToCanonical)
+ *
+ * receiptId and issuedAt default to runtime-generated values when omitted.
+ * redactionPolicyId defaults to DEFAULT_REDACTION_POLICY_ID.
+ */
+interface CreateReceiptInput {
+  readonly runId: string;
+  readonly issuedAt?: string;
+  readonly receiptId?: string;
+  readonly model: ReceiptModel;
+  readonly route: ReceiptRoute;
+  readonly modelClass?: TrainingClass;
+  readonly parentReceiptCid?: string;
+  readonly lineageMerkleRoot?: string;
+  readonly usage: Usage;
+  readonly contractVerdict: ContractVerdict;
+  readonly contractHash: string | null;
+  readonly inputHashes: readonly string[];
+  readonly outputHash: string | null;
+  readonly redactionPolicyId?: string;
+  readonly noRouteReasons?: readonly RouteRejectReason[];
+  readonly tripwireEvidence?: TripwireEvidence;
+  readonly stepName?: string;
+  readonly stepIndex?: number;
+  readonly parentStepName?: string;
+  readonly previousStepName?: string;
+  readonly sessionId?: string;
+  readonly timestamp?: string;
+}
+/**
+ * Build, redact, canonicalize, sign, and envelope a CapabilityReceipt.
+ *
+ * Ordering INVARIANT (09-CONTEXT.md, PITFALLS.md Pitfall #1):
+ *   redact -> canonicalize -> PAE -> sign -> encode
+ *
+ * The signed digest commits to canonicalize(redact(body)). The function
+ * structure makes any other ordering impossible to write by accident —
+ * canonicalizeReceiptBody is ONLY called on the output of redactReceiptBody.
+ *
+ * Defense in depth:
+ *   - body.kid is assigned from signer.kid, never from input (input has no
+ *     kid field). The signed body and the envelope keyid CANNOT disagree by
+ *     construction.
+ *   - signer.kid is also written to envelope.signatures[0].keyid, so the
+ *     verifier can cross-check (Step 7 of verifyReceipt).
+ *
+ * I-JSON guarantees: usage.costUsd is converted to string (or null) via
+ * usageToCanonical. Receipts NEVER carry raw floats in the canonical form.
+ */
+declare function createReceipt(input: CreateReceiptInput, signer: ReceiptSigner): Promise<ReceiptEnvelope>;
+//#endregion
+//#region src/runtime/create-ai.d.ts
+interface RuntimeOverrides {
+  readonly provider?: string;
+  readonly model?: string;
+  readonly routingPolicy?: PolicySpec;
+  readonly tokenBudget?: number;
+  readonly summarizer?: ContextSummarizer;
+  readonly transforms?: readonly RuntimeArtifactTransform[];
+  readonly hooks?: RuntimeHooks;
+}
+interface RuntimeArtifactTransform {
+  readonly name: string;
+  transform(input: {
+    readonly task: string;
+    readonly artifacts: readonly ArtifactInput[];
+  }): Promise<ArtifactInput | readonly ArtifactInput[]> | ArtifactInput | readonly ArtifactInput[];
+}
+interface RuntimeHooks {
+  readonly beforeProviderCall?: (input: {
+    readonly plan: ExecutionPlan;
+    readonly request: ProviderRunRequest;
+  }) => void | Promise<void>;
+  readonly afterProviderCall?: (input: {
+    readonly plan: ExecutionPlan;
+    readonly response: unknown;
+  }) => void | Promise<void>;
+}
+interface RunIntent<TOutputs extends OutputContractMap> {
+  readonly task: string;
+  readonly artifacts?: readonly ArtifactInput[];
+  readonly outputs: TOutputs;
+  readonly policy?: PolicySpec;
+  readonly session?: SessionRef;
+  readonly signal?: AbortSignal;
+  readonly overrides?: RuntimeOverrides;
+  readonly tools?: readonly ToolDefinition<any>[];
+  readonly toolInputs?: Record<string, unknown>;
+  readonly contract?: CapabilityContract;
+}
+interface AI {
+  session(id: string): SessionRef;
+  plan<const TOutputs extends OutputContractMap>(intent: RunIntent<TOutputs>): Promise<ExecutionPlan>;
+  run<const TOutputs extends OutputContractMap>(intent: RunIntent<TOutputs>): Promise<RunResult<TOutputs>>;
+  /**
+   * Phase 19 (v1.2): single-agent execution loop. Drives multiple provider
+   * iterations under one call, dispatching tool requests between iterations.
+   * Composes with the v1.2 hook pipeline (SAFETY-band veto, OBSERVABILITY-band
+   * checkpoint receipts) and the v1.2 capability receipts (when
+   * `intent.signer` is provided + `intent.autoRegisterCheckpoint !== false`).
+   *
+   * See `packages/lattice/src/agent/runtime.ts` for orchestration details.
+   */
+  runAgent<const TOutputs extends OutputContractMap = DefaultAgentOutputs>(intent: AgentIntent<TOutputs>): Promise<AgentResult<TOutputs>>;
+  /**
+   * Phase 39 (v1.3): opt-in multi-agent crew execution. Runs a literal
+   * `AgentSpec` tree through the existing single-agent loop plus the crew
+   * dispatcher, with shared budget/rate-limit coordination and chained
+   * completion receipts.
+   *
+   * See `packages/lattice/src/agent/crew/run-crew.ts` for orchestration details.
+   */
+  runAgentCrew(options: RunAgentCrewOptions): Promise<CrewResult>;
+}
+declare function createAI(config?: LatticeConfig): AI;
+//#endregion
+//#region src/replay/replay.d.ts
+interface ReplayEnvelope<TOutputs extends OutputContractMap = OutputContractMap> {
+  readonly kind: "replay-envelope";
+  readonly version: 1;
+  readonly runtimeVersion: string;
+  readonly catalogVersion: string;
+  readonly createdAt: string;
+  readonly plan: ExecutionPlan;
+  readonly artifacts: readonly ArtifactRef[];
+  readonly outputs?: InferOutputMap<TOutputs>;
+  readonly warnings: readonly string[];
+  readonly errors: readonly string[];
+  readonly usage?: UsageRecord;
+  readonly events: readonly RunEvent[];
+  /**
+   * Phase 10 — optional signed receipt recorded alongside the envelope so a
+   * single artifact is sufficient to materialize an offline replay session
+   * deterministically. Type-only import — replay.ts stays runtime-import-free
+   * of the receipts builder.
+   */
+  readonly receipt?: ReceiptEnvelope;
+  /**
+   * Phase 10 — optional contract recorded so replays can re-run pre-flight
+   * checks deterministically.
+   */
+  readonly contract?: CapabilityContract;
+}
+declare function createReplayEnvelope<TOutputs extends OutputContractMap>(result: RunResult<TOutputs>): ReplayEnvelope<TOutputs>;
+declare function replayOffline<TOutputs extends OutputContractMap>(envelope: ReplayEnvelope<TOutputs>): Promise<RunResult<TOutputs>>;
+declare function rerunLive<TOutputs extends OutputContractMap>(ai: AI, envelope: ReplayEnvelope<TOutputs>, intent: RunIntent<TOutputs>): Promise<RunResult<TOutputs>>;
+declare function redactReplayEnvelope<TOutputs extends OutputContractMap>(envelope: ReplayEnvelope<TOutputs>): ReplayEnvelope<TOutputs>;
+declare function redactPlan(plan: ExecutionPlan): ExecutionPlan;
+declare function redactArtifactRef(ref: ArtifactRef): ArtifactRef;
+//#endregion
+//#region src/audit/external-execution.d.ts
+type ExternalExecutionSidecarOutputSpec = "text" | {
+  readonly kind: "citations";
+} | {
+  readonly kind: "artifacts";
+};
+interface ExternalExecutionUsage {
+  readonly promptTokens: number;
+  readonly completionTokens: number;
+  readonly costUsd: number | null;
+}
+interface ExternalExecutionAuditInput<TOutputs extends Record<string, unknown> = Record<string, unknown>> {
+  readonly task: string;
+  readonly artifacts?: readonly ArtifactInput[];
+  readonly outputSpecs?: Record<string, ExternalExecutionSidecarOutputSpec>;
+  readonly outputs?: TOutputs;
+  readonly policy: PolicySpec;
+  readonly contract: CapabilityContract;
+  readonly model: ReceiptModel;
+  readonly route: ReceiptRoute;
+  readonly usage: ExternalExecutionUsage;
+  readonly rawRequest?: unknown;
+  readonly rawResponse?: unknown;
+  readonly contractVerdict?: ContractVerdict;
+  readonly runId?: string;
+  readonly receiptId?: string;
+  readonly issuedAt?: string;
+  readonly catalogVersion?: string;
+  readonly metadata?: Record<string, unknown>;
+}
+interface ExternalExecutionMetadata {
+  readonly kind: "external-execution";
+  readonly model: ReceiptModel;
+  readonly route: ReceiptRoute;
+  readonly usage: ExternalExecutionUsage;
+  readonly rawRequest?: unknown;
+  readonly rawResponse?: unknown;
+  readonly rawRequestHash?: string;
+  readonly rawResponseHash?: string;
+  readonly inputHashes: readonly string[];
+  readonly outputHash: string | null;
+  readonly metadata?: Record<string, unknown>;
+}
+interface ExternalExecutionSidecar<TOutputs extends Record<string, unknown> = Record<string, unknown>> {
+  readonly version: "lattice-sidecar/v1";
+  readonly task: string;
+  readonly outputs: Record<string, ExternalExecutionSidecarOutputSpec>;
+  readonly policy: PolicySpec;
+  readonly contract: CapabilityContract;
+  readonly rawOutputs?: TOutputs;
+  readonly externalExecution: ExternalExecutionMetadata;
+}
+interface ExternalExecutionAuditResult<TOutputs extends Record<string, unknown> = Record<string, unknown>> {
+  readonly receipt: ReceiptEnvelope;
+  readonly sidecar: ExternalExecutionSidecar<TOutputs>;
+  readonly replayEnvelope: ReplayEnvelope<OutputContractMap>;
+  readonly inputHashes: readonly string[];
+  readonly outputHash: string | null;
+}
+declare function createExternalExecutionAudit<TOutputs extends Record<string, unknown> = Record<string, unknown>>(input: ExternalExecutionAuditInput<TOutputs>, signer: ReceiptSigner): Promise<ExternalExecutionAuditResult<TOutputs>>;
+//#endregion
+//#region src/receipts/keyset.d.ts
+/**
+ * In-memory KeySet factory.
+ *
+ * Verification flow (plan 09-03):
+ *   - keySet.lookup(kid) returns undefined  → VerifyError {kind: "key-not-found"}
+ *   - entry.state === "revoked"             → VerifyError {kind: "key-revoked"}
+ *   - entry.state === "retired"             → VerifyOk + keyState: "retired" (caller may warn)
+ *   - entry.state === "active"              → VerifyOk + keyState: "active"
+ *
+ * Duplicate kids: last write wins (deterministic — callers control entry order).
+ * Empty entries array is legal — every lookup returns undefined.
+ * Returned KeySet exposes only `lookup` — no enumeration.
+ *
+ * See 09-CONTEXT.md "Key Management (UNRETROFITTABLE)".
+ */
+declare function createMemoryKeySet(entries: readonly KeyEntry[]): KeySet;
+//#endregion
+//#region src/receipts/remote-signer.d.ts
+type RemoteReceiptSignerProvider = "aws-kms" | "gcp-kms" | "external-kms" | (string & {});
+type RemoteReceiptPayloadFormat = "dsse-pae";
+interface RemoteReceiptSignRequest {
+  readonly kid: string;
+  readonly publicKeyJwk: JsonWebKey;
+  readonly bytes: Uint8Array;
+  readonly payloadFormat: RemoteReceiptPayloadFormat;
+  readonly algorithm: "Ed25519";
+  readonly provider?: RemoteReceiptSignerProvider;
+  readonly keyRef?: string;
+  readonly metadata?: Record<string, unknown>;
+}
+interface RemoteReceiptSignResult {
+  readonly signature: Uint8Array;
+}
+interface RemoteReceiptSignerOptions {
+  readonly kid: string;
+  readonly publicKeyJwk: JsonWebKey;
+  readonly provider?: RemoteReceiptSignerProvider;
+  readonly keyRef?: string;
+  readonly metadata?: Record<string, unknown>;
+  sign(request: RemoteReceiptSignRequest): Promise<Uint8Array | RemoteReceiptSignResult>;
+}
+/**
+ * Adapt a remote signing service to Lattice's existing ReceiptSigner contract.
+ *
+ * The callback receives the exact DSSE PAE bytes that createReceipt signs.
+ * Cloud-specific request construction, hashing choices, credentials, retries,
+ * and audit logging stay outside core.
+ */
+declare function createRemoteReceiptSigner(options: RemoteReceiptSignerOptions): ReceiptSigner;
+//#endregion
+//#region src/receipts/sign.d.ts
+interface GeneratedEd25519KeyPair {
+  readonly privateKeyJwk: JsonWebKey;
+  readonly publicKeyJwk: JsonWebKey;
+}
+declare function generateEd25519KeyPairJwk(): Promise<GeneratedEd25519KeyPair>;
+declare function createInMemorySigner(privateKeyJwk: JsonWebKey, options: {
+  readonly kid: string;
+  readonly publicKeyJwk: JsonWebKey;
+}): ReceiptSigner;
+//#endregion
+//#region src/receipts/verify.d.ts
+/**
+ * Pure receipt verifier.
+ *
+ * Returns a typed VerifyResult — never throws across the verification
+ * boundary (PITFALLS.md security: "Verifier panics on malformed receipts
+ * -> DoS via crafted input"). All parsing failures become typed errors.
+ *
+ * Decision tree (first match wins):
+ *   1. decodeEnvelope throws OR signatures[] empty       -> envelope-malformed
+ *   2. payload bytes are not valid JSON                  -> envelope-malformed
+ *   3. body shape check fails OR version unknown literal -> version-mismatch
+ *   4. body.version === undefined OR "lattice-receipt/v1"-> schema-version-too-low (CRYPTO-01)
+ *   5. keySet.lookup(keyid) === undefined                -> key-not-found
+ *   6. entry.state === "revoked"                         -> key-revoked
+ *   7. re-canonicalized body != signed payloadBytes      -> canonicalization-mismatch
+ *   8. Ed25519 verification of PAE fails                 -> signature-invalid
+ *   9. body.kid !== entry.kid (defense in depth)         -> signature-invalid
+ *  10. otherwise                                         -> ok + keyState
+ */
+declare function verifyReceipt(envelope: ReceiptEnvelope, keySet: KeySet): Promise<VerifyResult>;
+//#endregion
+//#region src/receipts/cid.d.ts
+/**
+ * Derive the content-addressed CID of a receipt envelope.
+ *
+ * Returns `sha256:<hex>` where `<hex>` is the 64-char lowercase SHA-256
+ * digest of the decoded DSSE payload bytes. No KeySet, signer, or other
+ * key material is required — callers chaining receipts (parentReceiptCid)
+ * compute this from the parent envelope alone.
+ */
+declare function receiptCid(envelope: ReceiptEnvelope): Promise<string>;
+//#endregion
+//#region src/replay/materialize.d.ts
+/**
+ * Discriminated union of materialization failure modes.
+ *
+ *   - "verify-failed"        — receipt failed verifyReceipt (signature, key
+ *                              missing/revoked, canonicalization mismatch).
+ *   - "artifact-load-failed" — the artifactLoader callback rejected for at
+ *                              least one input hash.
+ *   - "envelope-malformed"   — receipt verified but the verified body is
+ *                              structurally unusable (should never happen
+ *                              under verifyReceipt invariants, but kept as a
+ *                              defensive third branch).
+ */
+interface MaterializationError {
+  readonly kind: "verify-failed" | "artifact-load-failed" | "envelope-malformed";
+  readonly message: string;
+}
+/**
+ * Async callback that resolves an artifact body from its sha256 hex digest.
+ * Phase 10 ships only the in-memory variant for tests. Phase 11's CLI plugs
+ * in a filesystem-backed loader reading from `.lattice/fixtures/<sha256>.bin`.
+ */
+type ArtifactLoader = (hash: string) => Promise<ArtifactInput>;
+interface MaterializeReplayEnvelopeOptions<TOutputs extends OutputContractMap = OutputContractMap> {
+  readonly artifactLoader: ArtifactLoader;
+  readonly keySet: KeySet;
+  /** Optional original task string. Defaults to "" when omitted. */
+  readonly task?: string;
+  /**
+   * Optional caller-supplied outputs map. When provided, the resulting
+   * `ReplayEnvelope.outputs` is populated and `replayOffline` will return
+   * an `ok: true` result. When omitted, `replayOffline` reports an
+   * `execution_unavailable` failure (current Phase 5 semantics).
+   */
+  readonly outputs?: InferOutputMap<TOutputs>;
+  readonly policy?: PolicySpec;
+  readonly contract?: CapabilityContract;
+}
+/**
+ * Pure async function that reconstructs a `ReplayEnvelope` from a receipt.
+ *
+ * Verify-FIRST ordering: `verifyReceipt` runs before `artifactLoader` is
+ * touched. Tampered receipts MUST NOT cause loader side effects.
+ */
+declare function materializeReplayEnvelope<TOutputs extends OutputContractMap = OutputContractMap>(receipt: ReceiptEnvelope, options: MaterializeReplayEnvelopeOptions<TOutputs>): Promise<ReplayEnvelope<TOutputs>>;
+//#endregion
+//#region src/observability/otel.d.ts
+type OtelAttributeValue = string | number | boolean | readonly string[] | readonly number[] | readonly boolean[];
+type OtelAttributes = Record<string, OtelAttributeValue>;
+interface OtelSpanStatus {
+  readonly code: number;
+  readonly message?: string;
+}
+interface OtelSpanLike {
+  setAttribute?(key: string, value: OtelAttributeValue): unknown;
+  setAttributes?(attributes: OtelAttributes): unknown;
+  addEvent?(name: string, attributes?: OtelAttributes): unknown;
+  setStatus?(status: OtelSpanStatus): unknown;
+  recordException?(error: Error | string | Record<string, unknown>): unknown;
+  end?(endTime?: Date | number): unknown;
+}
+interface OtelTracerLike {
+  startSpan(name: string, options?: {
+    readonly attributes?: OtelAttributes;
+    readonly startTime?: Date | number;
+  }): OtelSpanLike;
+}
+type OtelContentCaptureMode = "none" | "metadata";
+interface OtelSanitizerOptions {
+  readonly contentCapture?: OtelContentCaptureMode;
+}
+interface OtelRunEventSinkOptions extends OtelSanitizerOptions {
+  readonly tracer: OtelTracerLike;
+  readonly spanName?: string;
+}
+interface OtelHttpTraceConfig {
+  readonly endpoint: string;
+  readonly headers: Record<string, string>;
+}
+interface LangfuseOtlpConfigOptions {
+  readonly baseUrl?: string;
+  readonly publicKey?: string;
+  readonly secretKey?: string;
+  readonly authString?: string;
+  readonly ingestionVersion?: string;
+  readonly headers?: Record<string, string>;
+}
+interface PhoenixOtlpConfigOptions {
+  readonly baseUrl?: string;
+  readonly endpoint?: string;
+  readonly apiKey?: string;
+  readonly projectName?: string;
+  readonly headers?: Record<string, string>;
+}
+declare function createOtelRunEventSink(options: OtelRunEventSinkOptions): RunEventSink;
+declare function sanitizeRunEventAttributes(event: RunEvent, options?: OtelSanitizerOptions): OtelAttributes;
+declare function createOtelReceiptAttributes(envelope: ReceiptEnvelope): Promise<OtelAttributes>;
+declare function createLangfuseOtlpConfig(options?: LangfuseOtlpConfigOptions): OtelHttpTraceConfig;
+declare function createPhoenixOtlpConfig(options?: PhoenixOtlpConfigOptions): OtelHttpTraceConfig;
+//#endregion
+export { RemoteReceiptSignerProvider as A, ReplayEnvelope as B, GeneratedEd25519KeyPair as C, RemoteReceiptSignRequest as D, RemoteReceiptPayloadFormat as E, ExternalExecutionMetadata as F, replayOffline as G, redactArtifactRef as H, ExternalExecutionSidecar as I, RunIntent as J, rerunLive as K, ExternalExecutionSidecarOutputSpec as L, createMemoryKeySet as M, ExternalExecutionAuditInput as N, RemoteReceiptSignResult as O, ExternalExecutionAuditResult as P, ExternalExecutionUsage as R, verifyReceipt as S, generateEd25519KeyPairJwk as T, redactPlan as U, createReplayEnvelope as V, redactReplayEnvelope as W, CreateReceiptInput as X, createAI as Y, createReceipt as Z, ArtifactLoader as _, OtelHttpTraceConfig as a, materializeReplayEnvelope as b, OtelSpanLike as c, PhoenixOtlpConfigOptions as d, createLangfuseOtlpConfig as f, sanitizeRunEventAttributes as g, createPhoenixOtlpConfig as h, OtelContentCaptureMode as i, createRemoteReceiptSigner as j, RemoteReceiptSignerOptions as k, OtelSpanStatus as l, createOtelRunEventSink as m, OtelAttributeValue as n, OtelRunEventSinkOptions as o, createOtelReceiptAttributes as p, AI as q, OtelAttributes as r, OtelSanitizerOptions as s, LangfuseOtlpConfigOptions as t, OtelTracerLike as u, MaterializationError as v, createInMemorySigner as w, receiptCid as x, MaterializeReplayEnvelopeOptions as y, createExternalExecutionAudit as z };
+//# sourceMappingURL=otel-BgM4e55_.d.ts.map

package/dist/otel-BgM4e55_.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"otel-BgM4e55_.d.ts","names":[],"sources":["../src/receipts/receipt.ts","../src/runtime/create-ai.ts","../src/replay/replay.ts","../src/audit/external-execution.ts","../src/receipts/keyset.ts","../src/receipts/remote-signer.ts","../src/receipts/sign.ts","../src/receipts/verify.ts","../src/receipts/cid.ts","../src/replay/materialize.ts","../src/observability/otel.ts"],"mappings":";;;;;;;;;;;AAgCA;;;;;;;UAAiB,kBAAA;EAAA,SACN,KAAA;EAAA,SACA,QAAA;EAAA,SACA,SAAA;EAAA,SACA,KAAA,EAAO,YAAA;EAAA,SACP,KAAA,EAAO,YAAA;EAAA,SACP,UAAA,GAAa,aAAA;EAAA,SAIb,gBAAA;EAAA,SACA,iBAAA;EAAA,SACA,KAAA,EAAO,KAAA;EAAA,SACP,eAAA,EAAiB,eAAA;EAAA,SACjB,YAAA;EAAA,SACA,WAAA;EAAA,SACA,UAAA;EAAA,SACA,iBAAA;EAAA,SACA,cAAA,YAA0B,iBAAA;EAAA,SAC1B,gBAAA,GAAmB,gBAAA;EAAA,SAKnB,QAAA;EAAA,SACA,SAAA;EAAA,SACA,cAAA;EAAA,SACA,gBAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;AAAA;;;;;;;;;;;;;AAuBX;;;;;;;;iBAAsB,aAAA,CACpB,KAAA,EAAO,kBAAA,EACP,MAAA,EAAQ,aAAA,GACP,OAAA,CAAQ,eAAA;;;UChCM,gBAAA;EAAA,SACN,QAAA;EAAA,SACA,KAAA;EAAA,SACA,aAAA,GAAgB,UAAA;EAAA,SAChB,WAAA;EAAA,SACA,UAAA,GAAa,iBAAA;EAAA,SACb,UAAA,YAAsB,wBAAA;EAAA,SACtB,KAAA,GAAQ,YAAA;AAAA;AAAA,UAGF,wBAAA;EAAA,SACN,IAAA;EACT,SAAA,CAAU,KAAA;IAAA,SACC,IAAA;IAAA,SACA,SAAA,WAAoB,aAAA;EAAA,IAC3B,OAAA,CAAQ,aAAA,YAAyB,aAAA,MAAmB,aAAA,YAAyB,aAAA;AAAA;AAAA,UAGlE,YAAA;EAAA,SACN,kBAAA,IAAsB,KAAA;IAAA,SACpB,IAAA,EAAM,aAAA;IAAA,SACN,OAAA,EAAS,kBAAA;EAAA,aACP,OAAA;EAAA,SACJ,iBAAA,IAAqB,KAAA;IAAA,SACnB,IAAA,EAAM,aAAA;IAAA,SACN,QAAA;EAAA,aACE,OAAA;AAAA;AAAA,UAGE,SAAA,kBAA2B,iBAAA;EAAA,SACjC,IAAA;EAAA,SACA,SAAA,YAAqB,aAAA;EAAA,SACrB,OAAA,EAAS,QAAA;EAAA,SACT,MAAA,GAAS,UAAA;EAAA,SACT,OAAA,GAAU,UAAA;EAAA,SACV,MAAA,GAAS,WAAA;EAAA,SACT,SAAA,GAAY,gBAAA;EAAA,SACZ,KAAA,YAAiB,cAAA;EAAA,SACjB,UAAA,GAAa,MAAA;EAAA,SACb,QAAA,GAAW,kBAAA;AAAA;AAAA,UAML,EAAA;EACf,OAAA,CAAQ,EAAA,WAAa,UAAA;EACrB,IAAA,wBAA4B,iBAAA,EAC1B,MAAA,EAAQ,SAAA,CAAU,QAAA,IACjB,OAAA,CAAQ,aAAA;EACX,GAAA,wBAA2B,iBAAA,EACzB,MAAA,EAAQ,SAAA,CAAU,QAAA,IACjB,OAAA,CAAQ,SAAA,CAAU,QAAA;;;;;;;;;;EAUrB,QAAA,wBAAgC,iBAAA,GAAiB,mBAAA,EAC/C,MAAA,EAAwD,WAAA,CAAR,QAAA,IAC/C,OAAA,CAAwD,WAAA,CAAR,QAAA;EDjCnD;;;;;;;;EC0CA,YAAA,CACE,OAAA,EAVQ,mBAAA,GAWP,OAAA,CAD+D,UAAA;AAAA;AAAA,iBA8FpD,QAAA,CAAS,MAAA,GAAQ,aAAA,GAAqB,EAAA;;;UCnNrC,cAAA,kBAAgC,iBAAA,GAAoB,iBAAA;EAAA,SAC1D,IAAA;EAAA,SACA,OAAA;EAAA,SACA,cAAA;EAAA,SACA,cAAA;EAAA,SACA,SAAA;EAAA,SACA,IAAA,EAAM,aAAA;EAAA,SACN,SAAA,WAAoB,WAAA;EAAA,SACpB,OAAA,GAAU,cAAA,CAAe,QAAA;EAAA,SACzB,QAAA;EAAA,SACA,MAAA;EAAA,SACA,KAAA,GAAQ,WAAA;EAAA,SACR,MAAA,WAAiB,QAAA;EFWjB;;;;;;EAAA,SEJA,OAAA,GAAU,eAAA;EFWV;;;;EAAA,SENA,QAAA,GAAW,kBAAA;AAAA;AAAA,iBAGN,oBAAA,kBAAsC,iBAAA,CAAA,CACpD,MAAA,EAAQ,SAAA,CAAU,QAAA,IACjB,cAAA,CAAe,QAAA;AAAA,iBAuBI,aAAA,kBAA+B,iBAAA,CAAA,CACnD,QAAA,EAAU,cAAA,CAAe,QAAA,IACxB,OAAA,CAAQ,SAAA,CAAU,QAAA;AAAA,iBAoCC,SAAA,kBAA2B,iBAAA,CAAA,CAC/C,EAAA,EAAI,EAAA,EACJ,QAAA,EAAU,cAAA,CAAe,QAAA,GACzB,MAAA,EAAQ,SAAA,CAAU,QAAA,IACjB,OAAA,CAAQ,SAAA,CAAU,QAAA;AAAA,iBAmBL,oBAAA,kBAAsC,iBAAA,CAAA,CACpD,QAAA,EAAU,cAAA,CAAe,QAAA,IACxB,cAAA,CAAe,QAAA;AAAA,iBAgBF,UAAA,CAAW,IAAA,EAAM,aAAA,GAAgB,aAAA;AAAA,iBAqBjC,iBAAA,CAAkB,GAAA,EAAK,WAAA,GAAc,WAAA;;;KC9IzC,kCAAA;EAAA,SAEG,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;AAAA,UAEE,sBAAA;EAAA,SACN,YAAA;EAAA,SACA,gBAAA;EAAA,SACA,OAAA;AAAA;AAAA,UAGM,2BAAA,kBACE,MAAA,oBAA0B,MAAA;EAAA,SAElC,IAAA;EAAA,SACA,SAAA,YAAqB,aAAA;EAAA,SACrB,WAAA,GAAc,MAAA,SAAe,kCAAA;EAAA,SAC7B,OAAA,GAAU,QAAA;EAAA,SACV,MAAA,EAAQ,UAAA;EAAA,SACR,QAAA,EAAU,kBAAA;EAAA,SACV,KAAA,EAAO,YAAA;EAAA,SACP,KAAA,EAAO,YAAA;EAAA,SACP,KAAA,EAAO,sBAAA;EAAA,SACP,UAAA;EAAA,SACA,WAAA;EAAA,SACA,eAAA,GAAkB,eAAA;EAAA,SAClB,KAAA;EAAA,SACA,SAAA;EAAA,SACA,QAAA;EAAA,SACA,cAAA;EAAA,SACA,QAAA,GAAW,MAAA;AAAA;AAAA,UAGL,yBAAA;EAAA,SACN,IAAA;EAAA,SACA,KAAA,EAAO,YAAA;EAAA,SACP,KAAA,EAAO,YAAA;EAAA,SACP,KAAA,EAAO,sBAAA;EAAA,SACP,UAAA;EAAA,SACA,WAAA;EAAA,SACA,cAAA;EAAA,SACA,eAAA;EAAA,SACA,WAAA;EAAA,SACA,UAAA;EAAA,SACA,QAAA,GAAW,MAAA;AAAA;AAAA,UAGL,wBAAA,kBACE,MAAA,oBAA0B,MAAA;EAAA,SAElC,OAAA;EAAA,SACA,IAAA;EAAA,SACA,OAAA,EAAS,MAAA,SAAe,kCAAA;EAAA,SACxB,MAAA,EAAQ,UAAA;EAAA,SACR,QAAA,EAAU,kBAAA;EAAA,SACV,UAAA,GAAa,QAAA;EAAA,SACb,iBAAA,EAAmB,yBAAA;AAAA;AAAA,UAGb,4BAAA,kBACE,MAAA,oBAA0B,MAAA;EAAA,SAElC,OAAA,EAAS,eAAA;EAAA,SACT,OAAA,EAAS,wBAAA,CAAyB,QAAA;EAAA,SAClC,cAAA,EAAgB,cAAA,CAAe,iBAAA;EAAA,SAC/B,WAAA;EAAA,SACA,UAAA;AAAA;AAAA,iBAGW,4BAAA,kBACH,MAAA,oBAA0B,MAAA,kBAAA,CAE3C,KAAA,EAAO,2BAAA,CAA4B,QAAA,GACnC,MAAA,EAAQ,aAAA,GACP,OAAA,CAAQ,4BAAA,CAA6B,QAAA;;;;;;;;;;AHhExC;;;;;;;;iBIfgB,kBAAA,CAAmB,OAAA,WAAkB,QAAA,KAAa,MAAA;;;KCftD,2BAAA;AAAA,KAMA,0BAAA;AAAA,UAEK,wBAAA;EAAA,SACN,GAAA;EAAA,SACA,YAAA,EAAc,UAAA;EAAA,SACd,KAAA,EAAO,UAAA;EAAA,SACP,aAAA,EAAe,0BAAA;EAAA,SACf,SAAA;EAAA,SACA,QAAA,GAAW,2BAAA;EAAA,SACX,MAAA;EAAA,SACA,QAAA,GAAW,MAAA;AAAA;AAAA,UAGL,uBAAA;EAAA,SACN,SAAA,EAAW,UAAA;AAAA;AAAA,UAGL,0BAAA;EAAA,SACN,GAAA;EAAA,SACA,YAAA,EAAc,UAAA;EAAA,SACd,QAAA,GAAW,2BAAA;EAAA,SACX,MAAA;EAAA,SACA,QAAA,GAAW,MAAA;EACpB,IAAA,CACE,OAAA,EAAS,wBAAA,GACR,OAAA,CAAQ,UAAA,GAAa,uBAAA;AAAA;;;;;;;;iBAUV,yBAAA,CACd,OAAA,EAAS,0BAAA,GACR,aAAA;;;UCKc,uBAAA;EAAA,SACN,aAAA,EAAe,UAAA;EAAA,SACf,YAAA,EAAc,UAAA;AAAA;AAAA,iBAGH,yBAAA,CAAA,GAA6B,OAAA,CAAQ,uBAAA;AAAA,iBAoC3C,oBAAA,CACd,aAAA,EAAe,UAAA,EACf,OAAA;EAAA,SAAoB,GAAA;EAAA,SAAsB,YAAA,EAAc,UAAA;AAAA,IACvD,aAAA;;;;;;;;;;AN9DH;;;;;;;;;;;;iBOoDsB,aAAA,CACpB,QAAA,EAAU,eAAA,EACV,MAAA,EAAQ,MAAA,GACP,OAAA,CAAQ,YAAA;;;;;;;;;;;iBC/DW,UAAA,CAAW,QAAA,EAAU,eAAA,GAAkB,OAAA;;;;;;;;;;;;;;;UCiC5C,oBAAA;EAAA,SACN,IAAA;EAAA,SACA,OAAA;AAAA;;;ATyBX;;;KSEY,cAAA,IAAkB,IAAA,aAAiB,OAAA,CAAQ,aAAA;AAAA,UAEtC,gCAAA,kBACE,iBAAA,GAAoB,iBAAA;EAAA,SAE5B,cAAA,EAAgB,cAAA;EAAA,SAChB,MAAA,EAAQ,MAAA;ETLT;EAAA,SSOC,IAAA;ETTF;;;;;;EAAA,SSgBE,OAAA,GAAU,cAAA,CAAe,QAAA;EAAA,SACzB,MAAA,GAAS,UAAA;EAAA,SACT,QAAA,GAAW,kBAAA;AAAA;;ARhDtB;;;;;iBQyDsB,yBAAA,kBACH,iBAAA,GAAoB,iBAAA,CAAA,CAErC,OAAA,EAAS,eAAA,EACT,OAAA,EAAS,gCAAA,CAAiC,QAAA,IACzC,OAAA,CAAQ,cAAA,CAAe,QAAA;;;KCjHd,kBAAA;AAAA,KAQA,cAAA,GAAiB,MAAA,SAAe,kBAAA;AAAA,UAE3B,cAAA;EAAA,SACN,IAAA;EAAA,SACA,OAAA;AAAA;AAAA,UAGM,YAAA;EACf,YAAA,EAAc,GAAA,UAAa,KAAA,EAAO,kBAAA;EAClC,aAAA,EAAe,UAAA,EAAY,cAAA;EAC3B,QAAA,EAAU,IAAA,UAAc,UAAA,GAAa,cAAA;EACrC,SAAA,EAAW,MAAA,EAAQ,cAAA;EACnB,eAAA,EAAiB,KAAA,EAAO,KAAA,YAAiB,MAAA;EACzC,GAAA,EAAK,OAAA,GAAU,IAAA;AAAA;AAAA,UAGA,cAAA;EACf,SAAA,CACE,IAAA,UACA,OAAA;IAAA,SACW,UAAA,GAAa,cAAA;IAAA,SACb,SAAA,GAAY,IAAA;EAAA,IAEtB,YAAA;AAAA;AAAA,KAGO,sBAAA;AAAA,UAEK,oBAAA;EAAA,SACN,cAAA,GAAiB,sBAAA;AAAA;AAAA,UAGX,uBAAA,SAAgC,oBAAA;EAAA,SACtC,MAAA,EAAQ,cAAA;EAAA,SACR,QAAA;AAAA;AAAA,UAGM,mBAAA;EAAA,SACN,QAAA;EAAA,SACA,OAAA,EAAS,MAAA;AAAA;AAAA,UAGH,yBAAA;EAAA,SACN,OAAA;EAAA,SACA,SAAA;EAAA,SACA,SAAA;EAAA,SACA,UAAA;EAAA,SACA,gBAAA;EAAA,SACA,OAAA,GAAU,MAAA;AAAA;AAAA,UAGJ,wBAAA;EAAA,SACN,OAAA;EAAA,SACA,QAAA;EAAA,SACA,MAAA;EAAA,SACA,WAAA;EAAA,SACA,OAAA,GAAU,MAAA;AAAA;AAAA,iBAWL,sBAAA,CACd,OAAA,EAAS,uBAAA,GACR,YAAA;AAAA,iBAsCa,0BAAA,CACd,KAAA,EAAO,QAAA,EACP,OAAA,GAAS,oBAAA,GACR,cAAA;AAAA,iBA4CmB,2BAAA,CACpB,QAAA,EAAU,eAAA,GACT,OAAA,CAAQ,cAAA;AAAA,iBAaK,wBAAA,CACd,OAAA,GAAS,yBAAA,GACR,mBAAA;AAAA,iBAYa,uBAAA,CACd,OAAA,GAAS,wBAAA,GACR,mBAAA"}

package/dist/permission-context-CUKMo79F.js

@@ -0,0 +1,134 @@
+import { f as BAND } from "./runtime-Dxiet5YS.js";
+//#region src/agent/crew/agent-spec.ts
+/**
+* Factory for `AgentSpec` values. Mirrors `defineTool` exactly: spread
+* preserves input identity (no cloning, no mutation) and absent optional
+* members stay absent (`exactOptionalPropertyTypes`-safe).
+*/
+function defineAgent(definition) {
+	return {
+		kind: "agent",
+		...definition
+	};
+}
+//#endregion
+//#region src/agent/infra/transcript-store.ts
+const DEFAULT_TOKEN_ESTIMATOR = (text) => Math.ceil(text.length / 4);
+function createTranscriptStore() {
+	const turns = [];
+	function firstUserTurn() {
+		for (const turn of turns) if (turn.role === "user") return turn;
+		return null;
+	}
+	return {
+		kind: "transcript-store",
+		append(turn) {
+			turns.push(turn);
+		},
+		all() {
+			return Object.freeze([...turns]);
+		},
+		tail(limit) {
+			if (limit <= 0) return Object.freeze([]);
+			if (turns.length <= limit) return Object.freeze([...turns]);
+			const start = turns.length - limit;
+			const tail = turns.slice(start);
+			const first = firstUserTurn();
+			if (first === null || tail.includes(first)) return Object.freeze(tail);
+			return Object.freeze([first, ...tail]);
+		},
+		tailByTokens(maxTokens, estimator = DEFAULT_TOKEN_ESTIMATOR) {
+			if (maxTokens <= 0) return Object.freeze([]);
+			const reversed = [...turns].reverse();
+			const selected = [];
+			let used = 0;
+			for (const turn of reversed) {
+				const cost = estimator(turn.content);
+				if (used + cost > maxTokens) break;
+				selected.unshift(turn);
+				used += cost;
+			}
+			const first = firstUserTurn();
+			if (first !== null && !selected.includes(first)) selected.unshift(first);
+			return Object.freeze(selected);
+		}
+	};
+}
+//#endregion
+//#region src/agent/infra/goal-progress.ts
+function createGoalProgressTracker(options = {}) {
+	const windowSize = options.windowSize ?? 3;
+	const stallThreshold = options.stallThreshold ?? .02;
+	const regressionThreshold = options.regressionThreshold ?? .1;
+	const steps = [];
+	return {
+		kind: "goal-progress-tracker",
+		recordStep(step) {
+			steps.push(step);
+		},
+		status() {
+			if (steps.length < windowSize) return "progressing";
+			const window = steps.slice(-windowSize);
+			const latest = window[window.length - 1];
+			const earlierMax = steps.slice(0, -1).reduce((m, s) => s.goalSatisfaction > m ? s.goalSatisfaction : m, -Infinity);
+			if (latest.goalSatisfaction < earlierMax - regressionThreshold) return "regressed";
+			const min = window.reduce((m, s) => s.goalSatisfaction < m ? s.goalSatisfaction : m, Infinity);
+			if (window.reduce((m, s) => s.goalSatisfaction > m ? s.goalSatisfaction : m, -Infinity) - min <= stallThreshold) return "stalled";
+			return "progressing";
+		}
+	};
+}
+//#endregion
+//#region src/agent/infra/permission-context.ts
+/**
+* PermissionContext — Phase 21 (v1.2).
+*
+* Gates tool execution per-tool / per-iteration / per-resource. Includes
+* a SAFETY-band hook helper that wires the context into the agent loop's
+* BEFORE_TOOL pipeline via the Phase 19 `controls.deny(reason)` veto.
+*/
+function matches(matcher, value) {
+	if (matcher === void 0) return true;
+	if (value === void 0) return false;
+	if (typeof matcher === "string") return matcher === value;
+	return matcher.test(value);
+}
+function createPermissionContext(rules) {
+	return {
+		kind: "permission-context",
+		decide(input) {
+			for (const rule of rules) {
+				if (!matches(rule.toolName, input.toolName)) continue;
+				if (rule.resource !== void 0 && !matches(rule.resource, input.resource)) continue;
+				if (rule.verdict === "allow") return { allow: true };
+				return {
+					allow: false,
+					reason: rule.reason ?? `denied by permission rule for ${input.toolName}`
+				};
+			}
+			return { allow: true };
+		}
+	};
+}
+function createPermissionGuardHook(context) {
+	return (ctx, controls) => {
+		const verdict = context.decide({
+			iterationIndex: ctx.iterationIndex,
+			toolName: ctx.toolName,
+			...ctx.resource !== void 0 ? { resource: ctx.resource } : {},
+			...ctx.args !== void 0 ? { args: ctx.args } : {}
+		});
+		if (!verdict.allow) controls?.deny(verdict.reason);
+	};
+}
+/**
+* Convenience: returns RegisterOptions for the SAFETY-band registration.
+* Callers do `pipeline.register("BEFORE_TOOL", hook, permissionGuardRegisterOptions())`.
+*/
+function permissionGuardRegisterOptions() {
+	return { band: BAND.SAFETY };
+}
+//#endregion
+export { createTranscriptStore as a, createGoalProgressTracker as i, createPermissionGuardHook as n, defineAgent as o, permissionGuardRegisterOptions as r, createPermissionContext as t };
+
+//# sourceMappingURL=permission-context-CUKMo79F.js.map

package/dist/permission-context-CUKMo79F.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-context-CUKMo79F.js","names":[],"sources":["../src/agent/crew/agent-spec.ts","../src/agent/infra/transcript-store.ts","../src/agent/infra/goal-progress.ts","../src/agent/infra/permission-context.ts"],"sourcesContent":["/**\n * AgentSpec — Phase 39 (v1.3). Sibling of defineTool; crew member\n * specification composing by value as a tree (D-03).\n *\n * `defineAgent(spec)` mirrors `defineTool` (tools/tools.ts) literally:\n * an `Omit<…, \"kind\">` factory that spreads the definition under the\n * `kind: \"agent\"` discriminant. The runtime (CrewDispatcher, 39-05)\n * branches on `kind` to route dispatch through the crew chokepoint\n * instead of `runTool` (D-01).\n *\n * `childAgents` composes by value — a crew is a literal tree of specs,\n * not a registry of ids. `summaryReturnSchema` validates the child's\n * `{ summary, artifacts, receipts }` return envelope (Standard Schema,\n * Zod-compatible). `contract` carries an optional per-agent sub-budget\n * (D-07): the effective child budget is `min(spec.contract.budget,\n * remaining crew pool)`.\n */\n\nimport type { StandardSchemaV1 } from \"@standard-schema/spec\";\n\nimport type { CapabilityContract } from \"../../contract/contract.js\";\nimport type { ToolDefinition } from \"../../tools/tools.js\";\n\n/**\n * Crew member specification. A literal sibling of `ToolDefinition`\n * discriminated by `kind: \"agent\"` (D-03).\n */\nexport interface AgentSpec {\n  readonly kind: \"agent\";\n  readonly id: string;\n  readonly intent: string;\n  readonly tools: ReadonlyArray<ToolDefinition<StandardSchemaV1>>;\n  readonly childAgents?: ReadonlyArray<AgentSpec>;\n  readonly summaryReturnSchema: StandardSchemaV1;\n  /** Optional per-agent sub-budget (D-07). */\n  readonly contract?: CapabilityContract;\n}\n\n/**\n * Factory for `AgentSpec` values. Mirrors `defineTool` exactly: spread\n * preserves input identity (no cloning, no mutation) and absent optional\n * members stay absent (`exactOptionalPropertyTypes`-safe).\n */\nexport function defineAgent(definition: Omit<AgentSpec, \"kind\">): AgentSpec {\n  return {\n    kind: \"agent\",\n    ...definition,\n  };\n}\n","/**\n * TranscriptStore — Phase 21 (v1.2).\n *\n * Records the running conversation log with filtered tail reads sized for\n * context-window management. Always preserves the FIRST user turn (the\n * original task) in tail reads so the model retains its mission.\n */\n\nimport type { ConversationTurn } from \"../format-tools.js\";\n\n/**\n * Token estimator used by `tailByTokens`. The default ~4 chars / token is\n * the OpenAI rule of thumb for English text. Callers with provider-specific\n * tokenizers can supply their own.\n */\nexport type TokenEstimator = (text: string) => number;\n\nconst DEFAULT_TOKEN_ESTIMATOR: TokenEstimator = (text) => Math.ceil(text.length / 4);\n\nexport interface TranscriptStore {\n  readonly kind: \"transcript-store\";\n  append(turn: ConversationTurn): void;\n  all(): readonly ConversationTurn[];\n  /** Returns the first user turn (if any) + the most-recent `limit` turns. */\n  tail(limit: number): readonly ConversationTurn[];\n  /**\n   * Returns the first user turn (if any) + the most-recent turns whose\n   * combined token estimate fits within `maxTokens`. The default estimator\n   * is the ~4 chars / token rule; callers can override for provider-\n   * specific tokenizers.\n   */\n  tailByTokens(maxTokens: number, estimator?: TokenEstimator): readonly ConversationTurn[];\n}\n\nexport function createTranscriptStore(): TranscriptStore {\n  const turns: ConversationTurn[] = [];\n\n  function firstUserTurn(): ConversationTurn | null {\n    for (const turn of turns) {\n      if (turn.role === \"user\") return turn;\n    }\n    return null;\n  }\n\n  return {\n    kind: \"transcript-store\" as const,\n    append(turn: ConversationTurn): void {\n      turns.push(turn);\n    },\n    all(): readonly ConversationTurn[] {\n      return Object.freeze([...turns]);\n    },\n    tail(limit: number): readonly ConversationTurn[] {\n      if (limit <= 0) return Object.freeze([]);\n      if (turns.length <= limit) return Object.freeze([...turns]);\n      const start = turns.length - limit;\n      const tail = turns.slice(start);\n      const first = firstUserTurn();\n      if (first === null || tail.includes(first)) {\n        return Object.freeze(tail);\n      }\n      return Object.freeze([first, ...tail]);\n    },\n    tailByTokens(\n      maxTokens: number,\n      estimator: TokenEstimator = DEFAULT_TOKEN_ESTIMATOR,\n    ): readonly ConversationTurn[] {\n      if (maxTokens <= 0) return Object.freeze([]);\n      const reversed = [...turns].reverse();\n      const selected: ConversationTurn[] = [];\n      let used = 0;\n      for (const turn of reversed) {\n        const cost = estimator(turn.content);\n        if (used + cost > maxTokens) break;\n        selected.unshift(turn);\n        used += cost;\n      }\n      const first = firstUserTurn();\n      if (first !== null && !selected.includes(first)) {\n        selected.unshift(first);\n      }\n      return Object.freeze(selected);\n    },\n  };\n}\n","/**\n * GoalProgressTracker — Phase 21 (v1.2).\n *\n * Stuck-detection primitive. The caller declares a goal-satisfaction\n * score per iteration (0..1); the tracker reports a coarse status the\n * agent loop can use to back off or surface to the human.\n */\n\nexport type ProgressStatus = \"progressing\" | \"stalled\" | \"regressed\";\n\nexport interface GoalProgressOptions {\n  /**\n   * Window of recent steps used for stall + regression detection.\n   * Default 3. The tracker waits until it has at least this many steps\n   * before reporting anything other than \"progressing\".\n   */\n  readonly windowSize?: number;\n  /** Max satisfaction delta across the window to count as \"stalled\". Default 0.02. */\n  readonly stallThreshold?: number;\n  /** Min drop from prior max to count as \"regressed\". Default 0.1. */\n  readonly regressionThreshold?: number;\n}\n\nexport interface GoalProgressStep {\n  readonly iterationIndex: number;\n  readonly goalSatisfaction: number;\n}\n\nexport interface GoalProgressTracker {\n  readonly kind: \"goal-progress-tracker\";\n  recordStep(step: GoalProgressStep): void;\n  status(): ProgressStatus;\n}\n\nexport function createGoalProgressTracker(\n  options: GoalProgressOptions = {},\n): GoalProgressTracker {\n  const windowSize = options.windowSize ?? 3;\n  const stallThreshold = options.stallThreshold ?? 0.02;\n  const regressionThreshold = options.regressionThreshold ?? 0.1;\n  const steps: GoalProgressStep[] = [];\n\n  return {\n    kind: \"goal-progress-tracker\" as const,\n    recordStep(step: GoalProgressStep): void {\n      steps.push(step);\n    },\n    status(): ProgressStatus {\n      if (steps.length < windowSize) return \"progressing\";\n      const window = steps.slice(-windowSize);\n      const latest = window[window.length - 1]!;\n      const earlierMax = steps\n        .slice(0, -1)\n        .reduce((m, s) => (s.goalSatisfaction > m ? s.goalSatisfaction : m), -Infinity);\n      if (latest.goalSatisfaction < earlierMax - regressionThreshold) {\n        return \"regressed\";\n      }\n      const min = window.reduce((m, s) => (s.goalSatisfaction < m ? s.goalSatisfaction : m), Infinity);\n      const max = window.reduce((m, s) => (s.goalSatisfaction > m ? s.goalSatisfaction : m), -Infinity);\n      if (max - min <= stallThreshold) {\n        return \"stalled\";\n      }\n      return \"progressing\";\n    },\n  };\n}\n","/**\n * PermissionContext — Phase 21 (v1.2).\n *\n * Gates tool execution per-tool / per-iteration / per-resource. Includes\n * a SAFETY-band hook helper that wires the context into the agent loop's\n * BEFORE_TOOL pipeline via the Phase 19 `controls.deny(reason)` veto.\n */\n\nimport { BAND, type HookHandler, type RegisterOptions } from \"../../contract/bands.js\";\n\nexport interface PermissionRule {\n  /** Match on tool name. String = exact match; RegExp = test. Both undefined = match-any. */\n  readonly toolName?: string | RegExp;\n  /**\n   * Optional resource matcher. The caller passes `resource` on each\n   * decide() invocation; this rule fires only when the rule's resource\n   * matches.\n   */\n  readonly resource?: string | RegExp;\n  readonly verdict: \"allow\" | \"deny\";\n  readonly reason?: string;\n}\n\nexport interface PermissionDecisionInput {\n  readonly toolName: string;\n  readonly iterationIndex: number;\n  readonly resource?: string;\n  readonly args?: unknown;\n}\n\nexport type PermissionVerdict =\n  | { readonly allow: true }\n  | { readonly allow: false; readonly reason: string };\n\nexport interface PermissionContext {\n  readonly kind: \"permission-context\";\n  decide(input: PermissionDecisionInput): PermissionVerdict;\n}\n\nfunction matches(matcher: string | RegExp | undefined, value: string | undefined): boolean {\n  if (matcher === undefined) return true;\n  if (value === undefined) return false;\n  if (typeof matcher === \"string\") return matcher === value;\n  return matcher.test(value);\n}\n\nexport function createPermissionContext(\n  rules: readonly PermissionRule[],\n): PermissionContext {\n  return {\n    kind: \"permission-context\" as const,\n    decide(input: PermissionDecisionInput): PermissionVerdict {\n      for (const rule of rules) {\n        if (!matches(rule.toolName, input.toolName)) continue;\n        if (rule.resource !== undefined && !matches(rule.resource, input.resource)) continue;\n        if (rule.verdict === \"allow\") return { allow: true };\n        return { allow: false, reason: rule.reason ?? `denied by permission rule for ${input.toolName}` };\n      }\n      // Default: allow when no rule matches.\n      return { allow: true };\n    },\n  };\n}\n\n/**\n * Hook handler shape suitable for registering on `BEFORE_TOOL` at\n * BAND.SAFETY. Reads `toolName` and `iterationIndex` from the agent\n * runtime's BEFORE_TOOL context shape (`{ iterationIndex, toolName,\n * args }`) and translates a deny verdict into `controls.deny(reason)`.\n */\nexport interface PermissionHookContext {\n  readonly iterationIndex: number;\n  readonly toolName: string;\n  readonly resource?: string;\n  readonly args?: unknown;\n}\n\nexport function createPermissionGuardHook(\n  context: PermissionContext,\n): HookHandler<PermissionHookContext> {\n  return (ctx, controls) => {\n    const verdict = context.decide({\n      iterationIndex: ctx.iterationIndex,\n      toolName: ctx.toolName,\n      ...(ctx.resource !== undefined ? { resource: ctx.resource } : {}),\n      ...(ctx.args !== undefined ? { args: ctx.args } : {}),\n    });\n    if (!verdict.allow) {\n      controls?.deny(verdict.reason);\n    }\n  };\n}\n\n/**\n * Convenience: returns RegisterOptions for the SAFETY-band registration.\n * Callers do `pipeline.register(\"BEFORE_TOOL\", hook, permissionGuardRegisterOptions())`.\n */\nexport function permissionGuardRegisterOptions(): RegisterOptions {\n  return { band: BAND.SAFETY };\n}\n"],"mappings":";;;;;;;AA2CA,SAAgB,YAAY,YAAgD;AAC1E,QAAO;EACL,MAAM;EACN,GAAG;EACJ;;;;AC9BH,MAAM,2BAA2C,SAAS,KAAK,KAAK,KAAK,SAAS,EAAE;AAiBpF,SAAgB,wBAAyC;CACvD,MAAM,QAA4B,EAAE;CAEpC,SAAS,gBAAyC;AAChD,OAAK,MAAM,QAAQ,MACjB,KAAI,KAAK,SAAS,OAAQ,QAAO;AAEnC,SAAO;;AAGT,QAAO;EACL,MAAM;EACN,OAAO,MAA8B;AACnC,SAAM,KAAK,KAAK;;EAElB,MAAmC;AACjC,UAAO,OAAO,OAAO,CAAC,GAAG,MAAM,CAAC;;EAElC,KAAK,OAA4C;AAC/C,OAAI,SAAS,EAAG,QAAO,OAAO,OAAO,EAAE,CAAC;AACxC,OAAI,MAAM,UAAU,MAAO,QAAO,OAAO,OAAO,CAAC,GAAG,MAAM,CAAC;GAC3D,MAAM,QAAQ,MAAM,SAAS;GAC7B,MAAM,OAAO,MAAM,MAAM,MAAM;GAC/B,MAAM,QAAQ,eAAe;AAC7B,OAAI,UAAU,QAAQ,KAAK,SAAS,MAAM,CACxC,QAAO,OAAO,OAAO,KAAK;AAE5B,UAAO,OAAO,OAAO,CAAC,OAAO,GAAG,KAAK,CAAC;;EAExC,aACE,WACA,YAA4B,yBACC;AAC7B,OAAI,aAAa,EAAG,QAAO,OAAO,OAAO,EAAE,CAAC;GAC5C,MAAM,WAAW,CAAC,GAAG,MAAM,CAAC,SAAS;GACrC,MAAM,WAA+B,EAAE;GACvC,IAAI,OAAO;AACX,QAAK,MAAM,QAAQ,UAAU;IAC3B,MAAM,OAAO,UAAU,KAAK,QAAQ;AACpC,QAAI,OAAO,OAAO,UAAW;AAC7B,aAAS,QAAQ,KAAK;AACtB,YAAQ;;GAEV,MAAM,QAAQ,eAAe;AAC7B,OAAI,UAAU,QAAQ,CAAC,SAAS,SAAS,MAAM,CAC7C,UAAS,QAAQ,MAAM;AAEzB,UAAO,OAAO,OAAO,SAAS;;EAEjC;;;;ACjDH,SAAgB,0BACd,UAA+B,EAAE,EACZ;CACrB,MAAM,aAAa,QAAQ,cAAc;CACzC,MAAM,iBAAiB,QAAQ,kBAAkB;CACjD,MAAM,sBAAsB,QAAQ,uBAAuB;CAC3D,MAAM,QAA4B,EAAE;AAEpC,QAAO;EACL,MAAM;EACN,WAAW,MAA8B;AACvC,SAAM,KAAK,KAAK;;EAElB,SAAyB;AACvB,OAAI,MAAM,SAAS,WAAY,QAAO;GACtC,MAAM,SAAS,MAAM,MAAM,CAAC,WAAW;GACvC,MAAM,SAAS,OAAO,OAAO,SAAS;GACtC,MAAM,aAAa,MAChB,MAAM,GAAG,GAAG,CACZ,QAAQ,GAAG,MAAO,EAAE,mBAAmB,IAAI,EAAE,mBAAmB,GAAI,UAAU;AACjF,OAAI,OAAO,mBAAmB,aAAa,oBACzC,QAAO;GAET,MAAM,MAAM,OAAO,QAAQ,GAAG,MAAO,EAAE,mBAAmB,IAAI,EAAE,mBAAmB,GAAI,SAAS;AAEhG,OADY,OAAO,QAAQ,GAAG,MAAO,EAAE,mBAAmB,IAAI,EAAE,mBAAmB,GAAI,UAAU,GACvF,OAAO,eACf,QAAO;AAET,UAAO;;EAEV;;;;;;;;;;;ACzBH,SAAS,QAAQ,SAAsC,OAAoC;AACzF,KAAI,YAAY,KAAA,EAAW,QAAO;AAClC,KAAI,UAAU,KAAA,EAAW,QAAO;AAChC,KAAI,OAAO,YAAY,SAAU,QAAO,YAAY;AACpD,QAAO,QAAQ,KAAK,MAAM;;AAG5B,SAAgB,wBACd,OACmB;AACnB,QAAO;EACL,MAAM;EACN,OAAO,OAAmD;AACxD,QAAK,MAAM,QAAQ,OAAO;AACxB,QAAI,CAAC,QAAQ,KAAK,UAAU,MAAM,SAAS,CAAE;AAC7C,QAAI,KAAK,aAAa,KAAA,KAAa,CAAC,QAAQ,KAAK,UAAU,MAAM,SAAS,CAAE;AAC5E,QAAI,KAAK,YAAY,QAAS,QAAO,EAAE,OAAO,MAAM;AACpD,WAAO;KAAE,OAAO;KAAO,QAAQ,KAAK,UAAU,iCAAiC,MAAM;KAAY;;AAGnG,UAAO,EAAE,OAAO,MAAM;;EAEzB;;AAgBH,SAAgB,0BACd,SACoC;AACpC,SAAQ,KAAK,aAAa;EACxB,MAAM,UAAU,QAAQ,OAAO;GAC7B,gBAAgB,IAAI;GACpB,UAAU,IAAI;GACd,GAAI,IAAI,aAAa,KAAA,IAAY,EAAE,UAAU,IAAI,UAAU,GAAG,EAAE;GAChE,GAAI,IAAI,SAAS,KAAA,IAAY,EAAE,MAAM,IAAI,MAAM,GAAG,EAAE;GACrD,CAAC;AACF,MAAI,CAAC,QAAQ,MACX,WAAU,KAAK,QAAQ,OAAO;;;;;;;AASpC,SAAgB,iCAAkD;AAChE,QAAO,EAAE,MAAM,KAAK,QAAQ"}