@graphrefly/graphrefly 0.26.0 → 0.27.0

package/dist/audit-ClmqGOCx.d.cts

@@ -0,0 +1,245 @@
+import { A as Actor, N as Node, P as PolicyRuleData, k as GuardAction } from './node-BmerH3kS.cjs';
+import { a as Graph, G as GraphOptions, s as GraphPersistSnapshot, C as CausalChain } from './graph-DNCrvZSn.cjs';
+import { T as TopicGraph } from './messaging-Gt4LPbyA.cjs';
+
+/**
+ * Audit, policy enforcement, and compliance export (roadmap §9.2).
+ *
+ * Three composed factories that wrap any {@link Graph} with the harness
+ * accountability layer:
+ *
+ * - {@link auditTrail} — reactive mutation log with by-node/by-actor/by-time
+ *   queries.
+ * - {@link policyEnforcer} — reactive ABAC enforcement; in `"audit"` mode
+ *   records would-be denials, in `"enforce"` mode pushes guards onto target
+ *   nodes so subsequent writes throw {@link GuardDenied}.
+ * - {@link complianceSnapshot} — point-in-time export of graph state +
+ *   audit trail + policies for regulatory archival.
+ *
+ * @module
+ */
+
+/** A single recorded mutation/event in an {@link AuditTrailGraph}. */
+interface AuditEntry {
+    seq: number;
+    timestamp_ns: number;
+    wall_clock_ns: number;
+    path: string;
+    type: "data" | "dirty" | "resolved" | "invalidate" | "pause" | "resume" | "complete" | "error" | "teardown";
+    actor?: Actor;
+    value?: unknown;
+    error?: unknown;
+    reason?: string;
+}
+/** Options for {@link auditTrail}. */
+interface AuditTrailOptions {
+    name?: string;
+    graph?: GraphOptions;
+    /** Ring-buffer cap for the underlying `reactiveLog`. Default: unbounded. */
+    maxSize?: number;
+    /**
+     * Which event types to record. Default: `["data", "error", "complete",
+     * "teardown"]` — the user-meaningful set. Opt in to mid-wave protocol
+     * events (`"dirty"`, `"resolved"`, `"invalidate"`, `"pause"`, `"resume"`)
+     * by listing them explicitly. Note: those tier-1/tier-2 events do not
+     * carry an `actor` (no `lastMutation` populated) — record them only for
+     * protocol-level diagnostics.
+     */
+    includeTypes?: readonly AuditEntry["type"][];
+    /** Per-event filter; return false to skip. */
+    filter?: (entry: AuditEntry) => boolean;
+}
+/**
+ * Mounted audit log — `entries` exposes the reactive `AuditEntry[]`; query
+ * helpers are sync convenience wrappers over the cached snapshot.
+ */
+declare class AuditTrailGraph extends Graph {
+    readonly entries: Node<readonly AuditEntry[]>;
+    readonly count: Node<number>;
+    private readonly _log;
+    private readonly _target;
+    constructor(target: Graph, opts: AuditTrailOptions);
+    /** All entries currently in the ring (snapshot). */
+    all(): readonly AuditEntry[];
+    /** Entries matching `path`. Order preserved. */
+    byNode(path: string): readonly AuditEntry[];
+    /** Entries whose `actor.id` matches. Use `byActorType` for type filtering. */
+    byActor(actorId: string): readonly AuditEntry[];
+    /** Entries whose `actor.type` matches (e.g. `"llm"`, `"human"`). */
+    byActorType(type: string): readonly AuditEntry[];
+    /**
+     * Entries with `timestamp_ns` in `[start_ns, end_ns)` (end exclusive).
+     * Omit `end_ns` to query open-ended.
+     */
+    byTimeRange(start_ns: number, end_ns?: number): readonly AuditEntry[];
+    /** Reference to the audited graph (escape hatch for tooling). */
+    get target(): Graph;
+}
+/**
+ * Wraps any {@link Graph} with a reactive audit trail recording every event
+ * matching `includeTypes` (default: data + error + complete + teardown).
+ *
+ * Each entry carries `seq`, `timestamp_ns` (monotonic), `wall_clock_ns`,
+ * `path`, `type`, and — when available — `actor`, `value`, `error`, and the
+ * `graph.trace()` reasoning annotation for the path.
+ *
+ * The returned graph mounts an `entries` node + `count` derived. Query
+ * helpers (`byNode`, `byActor`, `byTimeRange`) operate on the cached
+ * snapshot synchronously.
+ */
+declare function auditTrail(target: Graph, opts?: AuditTrailOptions): AuditTrailGraph;
+/** A single policy denial recorded by {@link PolicyEnforcerGraph}. */
+interface PolicyViolation {
+    timestamp_ns: number;
+    wall_clock_ns: number;
+    path: string;
+    actor: Actor;
+    action: GuardAction;
+    mode: "audit" | "enforce";
+    /** `"observed"` (audit mode after-the-fact) or `"blocked"` (enforce mode pre-write). */
+    result: "observed" | "blocked";
+}
+/** Options for {@link policyEnforcer}. */
+interface PolicyEnforcerOptions {
+    name?: string;
+    graph?: GraphOptions;
+    /**
+     * `"audit"` (default) — observe events and record would-be denials;
+     * does not block writes. Audit mode requires `lastMutation` attribution
+     * on the audited node — anonymous/internal writes (no `actor` passed,
+     * unguarded node) are skipped silently because the policy cannot be
+     * evaluated without an actor.
+     *
+     * `"enforce"` — push guards onto target nodes so disallowed writes
+     * throw {@link GuardDenied}. Reverted on dispose.
+     */
+    mode?: "audit" | "enforce";
+    /**
+     * Restrict enforcement to specific node paths (qualified). When omitted,
+     * applies to every node visible in `target.describe()` at construction
+     * time (subgraphs are walked transitively) AND subscribes to the full
+     * topology tree via {@link watchTopologyTree}, so nodes added to
+     * `target` OR any transitively-mounted subgraph after construction are
+     * guarded automatically (enforce mode only).
+     *
+     * **Cost:** unrestricted mode runs `describe({detail:"minimal"})` once
+     * at construction (O(N) over the graph tree) plus one topology
+     * subscription per graph instance in the mount tree. Restricted mode
+     * skips both and disables dynamic coverage — callers providing
+     * `paths` must re-create on subgraph changes.
+     */
+    paths?: readonly string[];
+    /** Ring-buffer cap for the violations topic. Default: 1000. */
+    violationsLimit?: number;
+}
+/**
+ * Reactive ABAC enforcement layer. Policies are reactive — pass a
+ * `Node<readonly PolicyRuleData[]>` to allow LLMs (or any reactive source)
+ * to update them at runtime; the enforcer rebinds its internal
+ * {@link NodeGuard} on every push.
+ */
+declare class PolicyEnforcerGraph extends Graph {
+    readonly policies: Node<readonly PolicyRuleData[]>;
+    readonly violations: TopicGraph<PolicyViolation>;
+    readonly violationCount: Node<number>;
+    private readonly _target;
+    private readonly _mode;
+    private _currentGuard;
+    constructor(target: Graph, policies: readonly PolicyRuleData[] | Node<readonly PolicyRuleData[]>, opts: PolicyEnforcerOptions);
+    private _publishViolation;
+    /** Snapshot of recorded violations. */
+    all(): readonly PolicyViolation[];
+    get mode(): "audit" | "enforce";
+    get target(): Graph;
+}
+/**
+ * Wraps a {@link Graph} with reactive policy enforcement. Pass either a
+ * static rule list or a {@link Node} of rules (LLM-updatable). Records
+ * `PolicyViolation` entries to `violations` topic; in `"enforce"` mode also
+ * pushes guards onto target nodes so disallowed writes throw.
+ */
+declare function policyEnforcer(target: Graph, policies: readonly PolicyRuleData[] | Node<readonly PolicyRuleData[]>, opts?: PolicyEnforcerOptions): PolicyEnforcerGraph;
+/**
+ * Reactive {@link CausalChain} that recomputes whenever the audited graph
+ * changes. Returns a `Node<CausalChain>` suitable for subscription, mounting,
+ * or composition (e.g. inside `graphLens.why(node)`).
+ *
+ * **How it stays live:** an internal `version` state is bumped by an observer
+ * attached to `target.observe()`; the derived chain depends on `version`, so
+ * each mutation triggers a recompute. To avoid stalling on no-op events, only
+ * `data`, `error`, `complete`, and `teardown` bump the version (matching the
+ * audit defaults).
+ */
+declare function reactiveExplainPath(target: Graph, from: string, to: string, opts?: {
+    maxDepth?: number;
+    name?: string;
+    findCycle?: boolean;
+}): {
+    node: Node<CausalChain>;
+    dispose: () => void;
+};
+/** Options for {@link complianceSnapshot}. */
+interface ComplianceSnapshotOptions {
+    audit?: AuditTrailGraph;
+    policies?: PolicyEnforcerGraph;
+    /** Actor recorded as the snapshot taker. */
+    actor?: Actor;
+}
+/** Output of {@link complianceSnapshot}. JSON-serializable. */
+interface ComplianceSnapshotResult {
+    format_version: 1;
+    timestamp_ns: number;
+    wall_clock_ns: number;
+    actor?: Actor;
+    graph: GraphPersistSnapshot;
+    audit?: {
+        count: number;
+        entries: AuditEntry[];
+    };
+    policies?: {
+        mode: "audit" | "enforce";
+        rules: readonly PolicyRuleData[];
+        violations: readonly PolicyViolation[];
+    };
+    /**
+     * Truncated SHA-256 hex (16 chars / ~64 bits) over a canonical encoding
+     * of every field above (excluding `fingerprint` itself). Deterministic
+     * across runs given identical inputs. Suitable for casual tamper-evidence
+     * and content-addressed dedup; for full cryptographic strength, hash the
+     * canonical JSON externally with Web Crypto / Node `crypto`.
+     */
+    fingerprint: string;
+}
+/**
+ * One-shot point-in-time export of a {@link Graph}'s state plus optional
+ * audit + policy bundles. Returns a JSON-serializable object with a
+ * deterministic truncated-SHA-256 {@link ComplianceSnapshotResult.fingerprint}
+ * over the canonical payload for tamper-evidence in regulatory archival.
+ *
+ * **Cryptographic strength:** the fingerprint is truncated to 64 bits for
+ * compact archival. Collision-resistant for casual integrity checks but NOT
+ * sufficient for adversarial tamper-evidence — pair with a full SHA-256
+ * (or stronger) over the canonical JSON when regulatory requirements demand
+ * collision resistance.
+ */
+declare function complianceSnapshot(target: Graph, opts?: ComplianceSnapshotOptions): ComplianceSnapshotResult;
+
+type audit_AuditEntry = AuditEntry;
+type audit_AuditTrailGraph = AuditTrailGraph;
+declare const audit_AuditTrailGraph: typeof AuditTrailGraph;
+type audit_AuditTrailOptions = AuditTrailOptions;
+type audit_ComplianceSnapshotOptions = ComplianceSnapshotOptions;
+type audit_ComplianceSnapshotResult = ComplianceSnapshotResult;
+type audit_PolicyEnforcerGraph = PolicyEnforcerGraph;
+declare const audit_PolicyEnforcerGraph: typeof PolicyEnforcerGraph;
+type audit_PolicyEnforcerOptions = PolicyEnforcerOptions;
+type audit_PolicyViolation = PolicyViolation;
+declare const audit_auditTrail: typeof auditTrail;
+declare const audit_complianceSnapshot: typeof complianceSnapshot;
+declare const audit_policyEnforcer: typeof policyEnforcer;
+declare const audit_reactiveExplainPath: typeof reactiveExplainPath;
+declare namespace audit {
+  export { type audit_AuditEntry as AuditEntry, audit_AuditTrailGraph as AuditTrailGraph, type audit_AuditTrailOptions as AuditTrailOptions, type audit_ComplianceSnapshotOptions as ComplianceSnapshotOptions, type audit_ComplianceSnapshotResult as ComplianceSnapshotResult, audit_PolicyEnforcerGraph as PolicyEnforcerGraph, type audit_PolicyEnforcerOptions as PolicyEnforcerOptions, type audit_PolicyViolation as PolicyViolation, audit_auditTrail as auditTrail, audit_complianceSnapshot as complianceSnapshot, audit_policyEnforcer as policyEnforcer, audit_reactiveExplainPath as reactiveExplainPath };
+}
+
+export { type AuditEntry as A, type ComplianceSnapshotOptions as C, PolicyEnforcerGraph as P, type PolicyViolation as a, audit as b, AuditTrailGraph as c, type AuditTrailOptions as d, type ComplianceSnapshotResult as e, type PolicyEnforcerOptions as f, auditTrail as g, complianceSnapshot as h, policyEnforcer as p, reactiveExplainPath as r };

package/dist/audit-DRlSzBu9.d.ts

@@ -0,0 +1,245 @@
+import { A as Actor, N as Node, P as PolicyRuleData, k as GuardAction } from './node-BmerH3kS.js';
+import { a as Graph, G as GraphOptions, s as GraphPersistSnapshot, C as CausalChain } from './graph-CCwGKLCm.js';
+import { T as TopicGraph } from './messaging-XDoYablx.js';
+
+/**
+ * Audit, policy enforcement, and compliance export (roadmap §9.2).
+ *
+ * Three composed factories that wrap any {@link Graph} with the harness
+ * accountability layer:
+ *
+ * - {@link auditTrail} — reactive mutation log with by-node/by-actor/by-time
+ *   queries.
+ * - {@link policyEnforcer} — reactive ABAC enforcement; in `"audit"` mode
+ *   records would-be denials, in `"enforce"` mode pushes guards onto target
+ *   nodes so subsequent writes throw {@link GuardDenied}.
+ * - {@link complianceSnapshot} — point-in-time export of graph state +
+ *   audit trail + policies for regulatory archival.
+ *
+ * @module
+ */
+
+/** A single recorded mutation/event in an {@link AuditTrailGraph}. */
+interface AuditEntry {
+    seq: number;
+    timestamp_ns: number;
+    wall_clock_ns: number;
+    path: string;
+    type: "data" | "dirty" | "resolved" | "invalidate" | "pause" | "resume" | "complete" | "error" | "teardown";
+    actor?: Actor;
+    value?: unknown;
+    error?: unknown;
+    reason?: string;
+}
+/** Options for {@link auditTrail}. */
+interface AuditTrailOptions {
+    name?: string;
+    graph?: GraphOptions;
+    /** Ring-buffer cap for the underlying `reactiveLog`. Default: unbounded. */
+    maxSize?: number;
+    /**
+     * Which event types to record. Default: `["data", "error", "complete",
+     * "teardown"]` — the user-meaningful set. Opt in to mid-wave protocol
+     * events (`"dirty"`, `"resolved"`, `"invalidate"`, `"pause"`, `"resume"`)
+     * by listing them explicitly. Note: those tier-1/tier-2 events do not
+     * carry an `actor` (no `lastMutation` populated) — record them only for
+     * protocol-level diagnostics.
+     */
+    includeTypes?: readonly AuditEntry["type"][];
+    /** Per-event filter; return false to skip. */
+    filter?: (entry: AuditEntry) => boolean;
+}
+/**
+ * Mounted audit log — `entries` exposes the reactive `AuditEntry[]`; query
+ * helpers are sync convenience wrappers over the cached snapshot.
+ */
+declare class AuditTrailGraph extends Graph {
+    readonly entries: Node<readonly AuditEntry[]>;
+    readonly count: Node<number>;
+    private readonly _log;
+    private readonly _target;
+    constructor(target: Graph, opts: AuditTrailOptions);
+    /** All entries currently in the ring (snapshot). */
+    all(): readonly AuditEntry[];
+    /** Entries matching `path`. Order preserved. */
+    byNode(path: string): readonly AuditEntry[];
+    /** Entries whose `actor.id` matches. Use `byActorType` for type filtering. */
+    byActor(actorId: string): readonly AuditEntry[];
+    /** Entries whose `actor.type` matches (e.g. `"llm"`, `"human"`). */
+    byActorType(type: string): readonly AuditEntry[];
+    /**
+     * Entries with `timestamp_ns` in `[start_ns, end_ns)` (end exclusive).
+     * Omit `end_ns` to query open-ended.
+     */
+    byTimeRange(start_ns: number, end_ns?: number): readonly AuditEntry[];
+    /** Reference to the audited graph (escape hatch for tooling). */
+    get target(): Graph;
+}
+/**
+ * Wraps any {@link Graph} with a reactive audit trail recording every event
+ * matching `includeTypes` (default: data + error + complete + teardown).
+ *
+ * Each entry carries `seq`, `timestamp_ns` (monotonic), `wall_clock_ns`,
+ * `path`, `type`, and — when available — `actor`, `value`, `error`, and the
+ * `graph.trace()` reasoning annotation for the path.
+ *
+ * The returned graph mounts an `entries` node + `count` derived. Query
+ * helpers (`byNode`, `byActor`, `byTimeRange`) operate on the cached
+ * snapshot synchronously.
+ */
+declare function auditTrail(target: Graph, opts?: AuditTrailOptions): AuditTrailGraph;
+/** A single policy denial recorded by {@link PolicyEnforcerGraph}. */
+interface PolicyViolation {
+    timestamp_ns: number;
+    wall_clock_ns: number;
+    path: string;
+    actor: Actor;
+    action: GuardAction;
+    mode: "audit" | "enforce";
+    /** `"observed"` (audit mode after-the-fact) or `"blocked"` (enforce mode pre-write). */
+    result: "observed" | "blocked";
+}
+/** Options for {@link policyEnforcer}. */
+interface PolicyEnforcerOptions {
+    name?: string;
+    graph?: GraphOptions;
+    /**
+     * `"audit"` (default) — observe events and record would-be denials;
+     * does not block writes. Audit mode requires `lastMutation` attribution
+     * on the audited node — anonymous/internal writes (no `actor` passed,
+     * unguarded node) are skipped silently because the policy cannot be
+     * evaluated without an actor.
+     *
+     * `"enforce"` — push guards onto target nodes so disallowed writes
+     * throw {@link GuardDenied}. Reverted on dispose.
+     */
+    mode?: "audit" | "enforce";
+    /**
+     * Restrict enforcement to specific node paths (qualified). When omitted,
+     * applies to every node visible in `target.describe()` at construction
+     * time (subgraphs are walked transitively) AND subscribes to the full
+     * topology tree via {@link watchTopologyTree}, so nodes added to
+     * `target` OR any transitively-mounted subgraph after construction are
+     * guarded automatically (enforce mode only).
+     *
+     * **Cost:** unrestricted mode runs `describe({detail:"minimal"})` once
+     * at construction (O(N) over the graph tree) plus one topology
+     * subscription per graph instance in the mount tree. Restricted mode
+     * skips both and disables dynamic coverage — callers providing
+     * `paths` must re-create on subgraph changes.
+     */
+    paths?: readonly string[];
+    /** Ring-buffer cap for the violations topic. Default: 1000. */
+    violationsLimit?: number;
+}
+/**
+ * Reactive ABAC enforcement layer. Policies are reactive — pass a
+ * `Node<readonly PolicyRuleData[]>` to allow LLMs (or any reactive source)
+ * to update them at runtime; the enforcer rebinds its internal
+ * {@link NodeGuard} on every push.
+ */
+declare class PolicyEnforcerGraph extends Graph {
+    readonly policies: Node<readonly PolicyRuleData[]>;
+    readonly violations: TopicGraph<PolicyViolation>;
+    readonly violationCount: Node<number>;
+    private readonly _target;
+    private readonly _mode;
+    private _currentGuard;
+    constructor(target: Graph, policies: readonly PolicyRuleData[] | Node<readonly PolicyRuleData[]>, opts: PolicyEnforcerOptions);
+    private _publishViolation;
+    /** Snapshot of recorded violations. */
+    all(): readonly PolicyViolation[];
+    get mode(): "audit" | "enforce";
+    get target(): Graph;
+}
+/**
+ * Wraps a {@link Graph} with reactive policy enforcement. Pass either a
+ * static rule list or a {@link Node} of rules (LLM-updatable). Records
+ * `PolicyViolation` entries to `violations` topic; in `"enforce"` mode also
+ * pushes guards onto target nodes so disallowed writes throw.
+ */
+declare function policyEnforcer(target: Graph, policies: readonly PolicyRuleData[] | Node<readonly PolicyRuleData[]>, opts?: PolicyEnforcerOptions): PolicyEnforcerGraph;
+/**
+ * Reactive {@link CausalChain} that recomputes whenever the audited graph
+ * changes. Returns a `Node<CausalChain>` suitable for subscription, mounting,
+ * or composition (e.g. inside `graphLens.why(node)`).
+ *
+ * **How it stays live:** an internal `version` state is bumped by an observer
+ * attached to `target.observe()`; the derived chain depends on `version`, so
+ * each mutation triggers a recompute. To avoid stalling on no-op events, only
+ * `data`, `error`, `complete`, and `teardown` bump the version (matching the
+ * audit defaults).
+ */
+declare function reactiveExplainPath(target: Graph, from: string, to: string, opts?: {
+    maxDepth?: number;
+    name?: string;
+    findCycle?: boolean;
+}): {
+    node: Node<CausalChain>;
+    dispose: () => void;
+};
+/** Options for {@link complianceSnapshot}. */
+interface ComplianceSnapshotOptions {
+    audit?: AuditTrailGraph;
+    policies?: PolicyEnforcerGraph;
+    /** Actor recorded as the snapshot taker. */
+    actor?: Actor;
+}
+/** Output of {@link complianceSnapshot}. JSON-serializable. */
+interface ComplianceSnapshotResult {
+    format_version: 1;
+    timestamp_ns: number;
+    wall_clock_ns: number;
+    actor?: Actor;
+    graph: GraphPersistSnapshot;
+    audit?: {
+        count: number;
+        entries: AuditEntry[];
+    };
+    policies?: {
+        mode: "audit" | "enforce";
+        rules: readonly PolicyRuleData[];
+        violations: readonly PolicyViolation[];
+    };
+    /**
+     * Truncated SHA-256 hex (16 chars / ~64 bits) over a canonical encoding
+     * of every field above (excluding `fingerprint` itself). Deterministic
+     * across runs given identical inputs. Suitable for casual tamper-evidence
+     * and content-addressed dedup; for full cryptographic strength, hash the
+     * canonical JSON externally with Web Crypto / Node `crypto`.
+     */
+    fingerprint: string;
+}
+/**
+ * One-shot point-in-time export of a {@link Graph}'s state plus optional
+ * audit + policy bundles. Returns a JSON-serializable object with a
+ * deterministic truncated-SHA-256 {@link ComplianceSnapshotResult.fingerprint}
+ * over the canonical payload for tamper-evidence in regulatory archival.
+ *
+ * **Cryptographic strength:** the fingerprint is truncated to 64 bits for
+ * compact archival. Collision-resistant for casual integrity checks but NOT
+ * sufficient for adversarial tamper-evidence — pair with a full SHA-256
+ * (or stronger) over the canonical JSON when regulatory requirements demand
+ * collision resistance.
+ */
+declare function complianceSnapshot(target: Graph, opts?: ComplianceSnapshotOptions): ComplianceSnapshotResult;
+
+type audit_AuditEntry = AuditEntry;
+type audit_AuditTrailGraph = AuditTrailGraph;
+declare const audit_AuditTrailGraph: typeof AuditTrailGraph;
+type audit_AuditTrailOptions = AuditTrailOptions;
+type audit_ComplianceSnapshotOptions = ComplianceSnapshotOptions;
+type audit_ComplianceSnapshotResult = ComplianceSnapshotResult;
+type audit_PolicyEnforcerGraph = PolicyEnforcerGraph;
+declare const audit_PolicyEnforcerGraph: typeof PolicyEnforcerGraph;
+type audit_PolicyEnforcerOptions = PolicyEnforcerOptions;
+type audit_PolicyViolation = PolicyViolation;
+declare const audit_auditTrail: typeof auditTrail;
+declare const audit_complianceSnapshot: typeof complianceSnapshot;
+declare const audit_policyEnforcer: typeof policyEnforcer;
+declare const audit_reactiveExplainPath: typeof reactiveExplainPath;
+declare namespace audit {
+  export { type audit_AuditEntry as AuditEntry, audit_AuditTrailGraph as AuditTrailGraph, type audit_AuditTrailOptions as AuditTrailOptions, type audit_ComplianceSnapshotOptions as ComplianceSnapshotOptions, type audit_ComplianceSnapshotResult as ComplianceSnapshotResult, audit_PolicyEnforcerGraph as PolicyEnforcerGraph, type audit_PolicyEnforcerOptions as PolicyEnforcerOptions, type audit_PolicyViolation as PolicyViolation, audit_auditTrail as auditTrail, audit_complianceSnapshot as complianceSnapshot, audit_policyEnforcer as policyEnforcer, audit_reactiveExplainPath as reactiveExplainPath };
+}
+
+export { type AuditEntry as A, type ComplianceSnapshotOptions as C, PolicyEnforcerGraph as P, type PolicyViolation as a, audit as b, AuditTrailGraph as c, type AuditTrailOptions as d, type ComplianceSnapshotResult as e, type PolicyEnforcerOptions as f, auditTrail as g, complianceSnapshot as h, policyEnforcer as p, reactiveExplainPath as r };

package/dist/{chunk-JYXEWPH4.js → chunk-APFNLIRG.js}

@@ -1,6 +1,6 @@
 import {
   Graph
-} from "./chunk-THTWHNU4.js";
+} from "./chunk-PF7GRZMW.js";
 import {
   state
 } from "./chunk-PHOUUNK7.js";
@@ -59,4 +59,4 @@ export {
   create,
   zustand_exports
 };
-//# sourceMappingURL=chunk-JYXEWPH4.js.map
+//# sourceMappingURL=chunk-APFNLIRG.js.map