npm - @haaaiawd/second-nature - Versions diffs - 0.1.16 → 0.1.18 - Mend

@haaaiawd/second-nature 0.1.16 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/index.js +855 -851
package/openclaw.plugin.json +29 -29
package/package.json +52 -52
package/runtime/cli/commands/index.d.ts +14 -14
package/runtime/cli/commands/index.js +193 -193
package/runtime/cli/explain/explain-surface-subject.d.ts +8 -8
package/runtime/cli/explain/explain-surface-subject.js +9 -9
package/runtime/cli/explain/format-explanation.d.ts +12 -12
package/runtime/cli/explain/format-explanation.js +12 -12
package/runtime/cli/explain/resolve-subject.js +41 -41
package/runtime/cli/host-capability/classify-delivery.d.ts +14 -14
package/runtime/cli/host-capability/classify-delivery.js +20 -20
package/runtime/cli/host-capability/probe-host-capability.d.ts +2 -2
package/runtime/cli/host-capability/probe-host-capability.js +58 -58
package/runtime/cli/host-capability/record-host-capability.d.ts +6 -6
package/runtime/cli/host-capability/record-host-capability.js +14 -14
package/runtime/cli/host-capability/types.d.ts +71 -71
package/runtime/cli/host-capability/types.js +6 -6
package/runtime/cli/host-smoke/run-host-smoke.d.ts +2 -2
package/runtime/cli/host-smoke/run-host-smoke.js +40 -40
package/runtime/cli/host-smoke/types.d.ts +35 -35
package/runtime/cli/host-smoke/types.js +6 -6
package/runtime/cli/index.js +58 -54
package/runtime/cli/ops/heartbeat-surface.d.ts +38 -35
package/runtime/cli/ops/heartbeat-surface.js +73 -71
package/runtime/cli/ops/ops-router.d.ts +19 -16
package/runtime/cli/ops/ops-router.js +89 -87
package/runtime/cli/ops/show-operator-fallback.d.ts +13 -13
package/runtime/cli/ops/show-operator-fallback.js +22 -22
package/runtime/cli/ops/workspace-heartbeat-runner.d.ts +19 -10
package/runtime/cli/ops/workspace-heartbeat-runner.js +39 -26
package/runtime/cli/read-models/index.d.ts +29 -29
package/runtime/cli/read-models/index.js +256 -256
package/runtime/cli/read-models/operator-explain-map.d.ts +6 -6
package/runtime/cli/read-models/operator-explain-map.js +10 -10
package/runtime/cli/read-models/types.d.ts +79 -79
package/runtime/cli/runtime/runtime-artifact-boundary.d.ts +28 -28
package/runtime/cli/runtime/runtime-artifact-boundary.js +94 -94
package/runtime/connectors/base/contract.d.ts +87 -87
package/runtime/connectors/base/execution-policy.d.ts +47 -47
package/runtime/connectors/base/execution-policy.js +82 -82
package/runtime/connectors/base/index.d.ts +8 -8
package/runtime/connectors/base/index.js +8 -8
package/runtime/connectors/base/manifest.d.ts +64 -64
package/runtime/connectors/base/manifest.js +86 -86
package/runtime/connectors/base/map-life-evidence.d.ts +16 -16
package/runtime/connectors/base/map-life-evidence.js +79 -79
package/runtime/connectors/base/policy-layer.d.ts +29 -29
package/runtime/connectors/base/policy-layer.js +198 -198
package/runtime/connectors/base/route-planner.js +99 -99
package/runtime/connectors/index.d.ts +5 -5
package/runtime/connectors/index.js +5 -5
package/runtime/connectors/near-real/near-real-connector-smoke.d.ts +19 -19
package/runtime/connectors/near-real/near-real-connector-smoke.js +152 -152
package/runtime/core/second-nature/heartbeat/heartbeat-executor.js +114 -114
package/runtime/core/second-nature/heartbeat/heartbeat-loop.d.ts +63 -63
package/runtime/core/second-nature/heartbeat/heartbeat-loop.js +139 -139
package/runtime/core/second-nature/heartbeat/index.d.ts +8 -8
package/runtime/core/second-nature/heartbeat/index.js +7 -7
package/runtime/core/second-nature/heartbeat/run-heartbeat-cycle.d.ts +21 -21
package/runtime/core/second-nature/heartbeat/run-heartbeat-cycle.js +35 -35
package/runtime/core/second-nature/heartbeat/runtime-snapshot.d.ts +28 -28
package/runtime/core/second-nature/heartbeat/runtime-snapshot.js +35 -35
package/runtime/core/second-nature/heartbeat/signal.d.ts +42 -42
package/runtime/core/second-nature/heartbeat/snapshot-builder.d.ts +51 -51
package/runtime/core/second-nature/index.d.ts +22 -22
package/runtime/core/second-nature/index.js +22 -22
package/runtime/core/second-nature/orchestrator/effect-dispatcher.d.ts +100 -100
package/runtime/core/second-nature/orchestrator/effect-dispatcher.js +144 -144
package/runtime/core/second-nature/orchestrator/guard-layer.d.ts +8 -8
package/runtime/core/second-nature/orchestrator/guard-layer.js +110 -110
package/runtime/core/second-nature/orchestrator/intent-planner.d.ts +13 -13
package/runtime/core/second-nature/orchestrator/intent-planner.js +199 -199
package/runtime/core/second-nature/orchestrator/lease-manager.d.ts +14 -14
package/runtime/core/second-nature/orchestrator/lease-manager.js +58 -58
package/runtime/core/second-nature/outreach/build-outreach-draft-request.d.ts +6 -6
package/runtime/core/second-nature/outreach/build-outreach-draft-request.js +63 -63
package/runtime/core/second-nature/outreach/delivery-target.d.ts +26 -26
package/runtime/core/second-nature/outreach/delivery-target.js +70 -70
package/runtime/core/second-nature/outreach/dispatch-user-outreach.d.ts +38 -38
package/runtime/core/second-nature/outreach/dispatch-user-outreach.js +119 -119
package/runtime/core/second-nature/outreach/judge-input-from-snapshot.d.ts +7 -7
package/runtime/core/second-nature/outreach/judge-input-from-snapshot.js +45 -45
package/runtime/core/second-nature/outreach/judge-outreach.d.ts +40 -40
package/runtime/core/second-nature/outreach/judge-outreach.js +121 -121
package/runtime/core/second-nature/quiet/run-source-backed-quiet.d.ts +21 -21
package/runtime/core/second-nature/quiet/run-source-backed-quiet.js +123 -123
package/runtime/core/second-nature/rhythm/planner-rhythm-window.d.ts +15 -15
package/runtime/core/second-nature/rhythm/planner-rhythm-window.js +52 -52
package/runtime/core/second-nature/rhythm/policy-bridge.d.ts +19 -19
package/runtime/core/second-nature/rhythm/policy-bridge.js +34 -34
package/runtime/core/second-nature/runtime/service-entry.js +45 -45
package/runtime/core/second-nature/types.d.ts +51 -51
package/runtime/guidance/draft-outreach-message.d.ts +7 -7
package/runtime/guidance/draft-outreach-message.js +42 -42
package/runtime/guidance/evidence-guidance.d.ts +40 -40
package/runtime/guidance/evidence-guidance.js +52 -52
package/runtime/guidance/index.d.ts +11 -11
package/runtime/guidance/index.js +11 -11
package/runtime/guidance/outreach-draft-schema.d.ts +228 -228
package/runtime/guidance/outreach-draft-schema.js +80 -80
package/runtime/observability/audit/append-only-audit-store.d.ts +14 -14
package/runtime/observability/audit/append-only-audit-store.js +21 -21
package/runtime/observability/audit/audit-envelope.d.ts +51 -51
package/runtime/observability/audit/audit-envelope.js +130 -130
package/runtime/observability/audit/verify-audit-hash-chain.d.ts +23 -23
package/runtime/observability/audit/verify-audit-hash-chain.js +83 -83
package/runtime/observability/db/index.js +124 -124
package/runtime/observability/db/schema/host-capability-reports.d.ts +180 -180
package/runtime/observability/db/schema/host-capability-reports.js +12 -12
package/runtime/observability/db/schema/index.d.ts +947 -947
package/runtime/observability/db/schema/index.js +71 -71
package/runtime/observability/index.d.ts +20 -19
package/runtime/observability/index.js +19 -18
package/runtime/observability/query/explain-query.d.ts +48 -48
package/runtime/observability/query/explain-query.js +114 -114
package/runtime/observability/query/export-audit-bundle.d.ts +22 -22
package/runtime/observability/query/export-audit-bundle.js +27 -27
package/runtime/observability/services/decision-ledger.d.ts +46 -46
package/runtime/observability/services/decision-ledger.js +161 -161
package/runtime/observability/services/governance-audit.d.ts +41 -41
package/runtime/observability/services/governance-audit.js +163 -163
package/runtime/observability/services/governance-plane-recorder.d.ts +47 -47
package/runtime/observability/services/governance-plane-recorder.js +55 -55
package/runtime/observability/services/lived-experience-audit.d.ts +97 -97
package/runtime/observability/services/lived-experience-audit.js +162 -162
package/runtime/observability/services/runtime-decision-recorder.d.ts +29 -0
package/runtime/observability/services/runtime-decision-recorder.js +94 -0
package/runtime/storage/bootstrap/native-sqlite-probe.d.ts +7 -7
package/runtime/storage/bootstrap/native-sqlite-probe.js +28 -28
package/runtime/storage/bootstrap/repair-gate.d.ts +17 -17
package/runtime/storage/bootstrap/repair-gate.js +71 -71
package/runtime/storage/bootstrap/storage-mode-smoke.d.ts +38 -38
package/runtime/storage/bootstrap/storage-mode-smoke.js +85 -85
package/runtime/storage/db/index.js +154 -154
package/runtime/storage/db/schema/delivery-attempts.d.ts +199 -199
package/runtime/storage/db/schema/delivery-attempts.js +13 -13
package/runtime/storage/db/schema/index.d.ts +9 -9
package/runtime/storage/db/schema/index.js +9 -9
package/runtime/storage/db/schema/life-evidence-index.d.ts +161 -161
package/runtime/storage/db/schema/life-evidence-index.js +11 -11
package/runtime/storage/db/schema/operator-fallback-artifacts.d.ts +161 -161
package/runtime/storage/db/schema/operator-fallback-artifacts.js +11 -11
package/runtime/storage/db/schema/policies.d.ts +98 -98
package/runtime/storage/db/schema/policies.js +8 -8
package/runtime/storage/delivery/query-delivery-attempts.d.ts +3 -3
package/runtime/storage/delivery/query-delivery-attempts.js +32 -32
package/runtime/storage/delivery/types.d.ts +27 -27
package/runtime/storage/delivery/types.js +1 -1
package/runtime/storage/delivery/write-delivery-attempt.d.ts +6 -6
package/runtime/storage/delivery/write-delivery-attempt.js +36 -36
package/runtime/storage/fallback/load-operator-fallback.d.ts +14 -14
package/runtime/storage/fallback/load-operator-fallback.js +47 -47
package/runtime/storage/fallback/operator-fallback-types.d.ts +9 -9
package/runtime/storage/fallback/operator-fallback-types.js +1 -1
package/runtime/storage/fallback/operator-fallback-view.d.ts +11 -11
package/runtime/storage/fallback/operator-fallback-view.js +1 -1
package/runtime/storage/fallback/write-operator-fallback.d.ts +6 -6
package/runtime/storage/fallback/write-operator-fallback.js +21 -21
package/runtime/storage/index.d.ts +37 -37
package/runtime/storage/index.js +30 -30
package/runtime/storage/life-evidence/append-life-evidence.d.ts +7 -7
package/runtime/storage/life-evidence/append-life-evidence.js +64 -64
package/runtime/storage/life-evidence/types.d.ts +45 -45
package/runtime/storage/life-evidence/types.js +6 -6
package/runtime/storage/quiet/persist-quiet-artifact.d.ts +7 -7
package/runtime/storage/quiet/persist-quiet-artifact.js +22 -22
package/runtime/storage/quiet/quiet-artifact-types.d.ts +18 -18
package/runtime/storage/quiet/quiet-artifact-types.js +1 -1
package/runtime/storage/quiet/quiet-artifact-writer.d.ts +15 -15
package/runtime/storage/quiet/quiet-artifact-writer.js +56 -56
package/runtime/storage/repositories/credential-repository.js +30 -30
package/runtime/storage/rhythm/rhythm-policy-snapshot.d.ts +10 -10
package/runtime/storage/rhythm/rhythm-policy-snapshot.js +34 -34
package/runtime/storage/services/credential-vault.d.ts +13 -13
package/runtime/storage/services/credential-vault.js +116 -116
package/runtime/storage/snapshots/continuity-snapshot.d.ts +9 -9
package/runtime/storage/snapshots/continuity-snapshot.js +41 -41
package/runtime/storage/snapshots/life-evidence-snapshot.d.ts +6 -6
package/runtime/storage/snapshots/life-evidence-snapshot.js +114 -114
package/runtime/storage/snapshots/types.d.ts +58 -58
package/runtime/storage/snapshots/types.js +1 -1
package/runtime/storage/state-api.js +104 -104
package/runtime/storage/user-interest/load-user-interest-snapshot.d.ts +2 -2
package/runtime/storage/user-interest/load-user-interest-snapshot.js +150 -150
package/runtime/storage/user-interest/types.d.ts +25 -25
package/runtime/storage/user-interest/types.js +1 -1
package/workspace-ops-bridge.js +81 -80

package/runtime/observability/audit/verify-audit-hash-chain.js CHANGED Viewed

@@ -1,83 +1,83 @@
-/**
- * Range-based hash-chain verification for append-only audit rows (T5.2.2 / INT-S3).
- *
- * Core logic: load events in [from, to], order by sequence, recompute recordHash and
- * verify previousHash links between consecutive **loaded** rows only (partial ranges
- * may start mid-chain; parent outside the slice is not validated). Empty or invalid
- * ranges yield incomplete (T5.2.2 / task verification plan).
- *
- * Dependencies: computeAuditRecordHash from audit-envelope; callers supply loadRange via deps.
- *
- * Test coverage: tests/unit/observability/verify-audit-hash-chain.test.ts
- */
-import * as crypto from "node:crypto";
-import { computeAuditRecordHash } from "./audit-envelope.js";
-function unique(ids) {
-    return [...new Set(ids)];
-}
-export async function verifyAuditHashChain(range, deps) {
-    const generatedAt = new Date().toISOString();
-    const reportId = crypto.randomUUID();
-    if (range.from > range.to) {
-        return {
-            reportId,
-            generatedAt,
-            range,
-            checkedEventCount: 0,
-            status: "incomplete",
-            brokenAtEventIds: [],
-            reasons: ["invalid_range_from_after_to"],
-        };
-    }
-    const raw = await deps.loadRange(range.from, range.to, range.families);
-    const events = [...raw].sort((a, b) => a.sequence - b.sequence);
-    if (events.length === 0) {
-        return {
-            reportId,
-            generatedAt,
-            range,
-            checkedEventCount: 0,
-            status: "incomplete",
-            brokenAtEventIds: [],
-            reasons: ["range_empty"],
-        };
-    }
-    const brokenAtEventIds = [];
-    for (let i = 0; i < events.length; i += 1) {
-        const event = events[i];
-        const expected = computeAuditRecordHash(event);
-        if (event.integrity.recordHash !== expected) {
-            brokenAtEventIds.push(event.eventId);
-        }
-        const prev = events[i - 1];
-        if (prev && event.integrity.previousHash !== prev.integrity.recordHash) {
-            brokenAtEventIds.push(event.eventId);
-        }
-    }
-    const uniq = unique(brokenAtEventIds);
-    const broken = uniq.length > 0;
-    return {
-        reportId,
-        generatedAt,
-        range,
-        checkedEventCount: events.length,
-        status: broken ? "broken" : "pass",
-        brokenAtEventIds: uniq,
-        reasons: broken ? ["hash_chain_broken"] : ["hash_chain_valid"],
-    };
-}
-/** In-memory adapter: filter `AppendOnlyAuditStore.list()` by createdAt + optional families. */
-export function createAppendOnlyAuditStoreRangeLoader(store) {
-    return {
-        async loadRange(from, to, families) {
-            const fams = families?.length ? new Set(families) : undefined;
-            return store.list().filter((e) => {
-                if (e.createdAt < from || e.createdAt > to)
-                    return false;
-                if (fams && !fams.has(e.family))
-                    return false;
-                return true;
-            });
-        },
-    };
-}
+/**
+ * Range-based hash-chain verification for append-only audit rows (T5.2.2 / INT-S3).
+ *
+ * Core logic: load events in [from, to], order by sequence, recompute recordHash and
+ * verify previousHash links between consecutive **loaded** rows only (partial ranges
+ * may start mid-chain; parent outside the slice is not validated). Empty or invalid
+ * ranges yield incomplete (T5.2.2 / task verification plan).
+ *
+ * Dependencies: computeAuditRecordHash from audit-envelope; callers supply loadRange via deps.
+ *
+ * Test coverage: tests/unit/observability/verify-audit-hash-chain.test.ts
+ */
+import * as crypto from "node:crypto";
+import { computeAuditRecordHash } from "./audit-envelope.js";
+function unique(ids) {
+    return [...new Set(ids)];
+}
+export async function verifyAuditHashChain(range, deps) {
+    const generatedAt = new Date().toISOString();
+    const reportId = crypto.randomUUID();
+    if (range.from > range.to) {
+        return {
+            reportId,
+            generatedAt,
+            range,
+            checkedEventCount: 0,
+            status: "incomplete",
+            brokenAtEventIds: [],
+            reasons: ["invalid_range_from_after_to"],
+        };
+    }
+    const raw = await deps.loadRange(range.from, range.to, range.families);
+    const events = [...raw].sort((a, b) => a.sequence - b.sequence);
+    if (events.length === 0) {
+        return {
+            reportId,
+            generatedAt,
+            range,
+            checkedEventCount: 0,
+            status: "incomplete",
+            brokenAtEventIds: [],
+            reasons: ["range_empty"],
+        };
+    }
+    const brokenAtEventIds = [];
+    for (let i = 0; i < events.length; i += 1) {
+        const event = events[i];
+        const expected = computeAuditRecordHash(event);
+        if (event.integrity.recordHash !== expected) {
+            brokenAtEventIds.push(event.eventId);
+        }
+        const prev = events[i - 1];
+        if (prev && event.integrity.previousHash !== prev.integrity.recordHash) {
+            brokenAtEventIds.push(event.eventId);
+        }
+    }
+    const uniq = unique(brokenAtEventIds);
+    const broken = uniq.length > 0;
+    return {
+        reportId,
+        generatedAt,
+        range,
+        checkedEventCount: events.length,
+        status: broken ? "broken" : "pass",
+        brokenAtEventIds: uniq,
+        reasons: broken ? ["hash_chain_broken"] : ["hash_chain_valid"],
+    };
+}
+/** In-memory adapter: filter `AppendOnlyAuditStore.list()` by createdAt + optional families. */
+export function createAppendOnlyAuditStoreRangeLoader(store) {
+    return {
+        async loadRange(from, to, families) {
+            const fams = families?.length ? new Set(families) : undefined;
+            return store.list().filter((e) => {
+                if (e.createdAt < from || e.createdAt > to)
+                    return false;
+                if (fams && !fams.has(e.family))
+                    return false;
+                return true;
+            });
+        },
+    };
+}

package/runtime/observability/db/index.js CHANGED Viewed

@@ -1,124 +1,124 @@
-import initSqlJs from "sql.js";
-import { drizzle } from "drizzle-orm/sql-js";
-import path from "node:path";
-import fs from "node:fs";
-import { fileURLToPath } from "node:url";
-import * as schema from "./schema/index.js";
-// Pre-initialize sql.js WASM at module load time
-const SQL = await initSqlJs();
-const OBSERVABILITY_SCHEMA_SQL = `
-  CREATE TABLE IF NOT EXISTS decision_ledger (
-    id TEXT PRIMARY KEY,
-    tick_id TEXT NOT NULL,
-    trace_id TEXT NOT NULL,
-    intent_id TEXT,
-    platform_id TEXT,
-    verdict TEXT NOT NULL,
-    mode TEXT NOT NULL,
-    reasons TEXT NOT NULL,
-    reason_codes TEXT NOT NULL,
-    decision_basis TEXT NOT NULL,
-    evidence_refs TEXT NOT NULL,
-    model_eval_ref TEXT,
-    created_at TEXT NOT NULL
-  );
-  CREATE UNIQUE INDEX IF NOT EXISTS decision_trace_idx ON decision_ledger(trace_id);
-  CREATE INDEX IF NOT EXISTS decision_tick_idx ON decision_ledger(tick_id);
-  CREATE TABLE IF NOT EXISTS execution_attempts (
-    id TEXT PRIMARY KEY,
-    trace_id TEXT NOT NULL,
-    decision_id TEXT NOT NULL,
-    intent_id TEXT NOT NULL,
-    platform_id TEXT NOT NULL,
-    capability TEXT NOT NULL,
-    channel TEXT NOT NULL,
-    status TEXT NOT NULL,
-    commit_state TEXT,
-    failure_class TEXT,
-    retry_policy TEXT,
-    idempotency_key TEXT,
-    started_at TEXT,
-    finished_at TEXT
-  );
-  CREATE UNIQUE INDEX IF NOT EXISTS attempt_trace_idx ON execution_attempts(trace_id);
-  CREATE INDEX IF NOT EXISTS attempt_decision_idx ON execution_attempts(decision_id);
-  CREATE INDEX IF NOT EXISTS attempt_platform_idx ON execution_attempts(platform_id);
-  CREATE TABLE IF NOT EXISTS governance_audit (
-    id TEXT PRIMARY KEY,
-    event_type TEXT NOT NULL,
-    proposal_id TEXT,
-    target_asset_id TEXT,
-    asset_path TEXT,
-    status_from TEXT,
-    status_to TEXT NOT NULL,
-    before_hash TEXT,
-    after_hash TEXT,
-    supporting_sources TEXT,
-    reason TEXT,
-    verification_deadline TEXT,
-    attempts_remaining INTEGER,
-    created_at TEXT NOT NULL
-  );
-  CREATE INDEX IF NOT EXISTS audit_proposal_idx ON governance_audit(proposal_id);
-  CREATE INDEX IF NOT EXISTS audit_asset_idx ON governance_audit(target_asset_id);
-  CREATE INDEX IF NOT EXISTS audit_event_idx ON governance_audit(event_type);
-  CREATE TABLE IF NOT EXISTS redaction_manifest (
-    id TEXT PRIMARY KEY,
-    event_id TEXT NOT NULL,
-    event_type TEXT NOT NULL,
-    field_name TEXT NOT NULL,
-    action TEXT NOT NULL,
-    original_value_hash TEXT,
-    created_at TEXT NOT NULL
-  );
-  CREATE INDEX IF NOT EXISTS redact_event_idx ON redaction_manifest(event_id);
-  CREATE TABLE IF NOT EXISTS host_capability_reports (
-    report_id TEXT PRIMARY KEY,
-    generated_at TEXT NOT NULL,
-    host_version TEXT,
-    observed_version TEXT,
-    doc_checked_at TEXT NOT NULL,
-    doc_links_json TEXT NOT NULL,
-    delivery_target TEXT NOT NULL,
-    conflict_records_json TEXT NOT NULL,
-    full_report_json TEXT NOT NULL
-  );
-`;
-function resolveDbPath(filename) {
-    if (path.isAbsolute(filename) || filename === ":memory:") {
-        return filename;
-    }
-    const __dirname = path.dirname(fileURLToPath(import.meta.url));
-    const pluginRoot = path.resolve(__dirname, "..", "..", "..");
-    const dataDir = path.join(pluginRoot, "data");
-    if (!fs.existsSync(dataDir)) {
-        fs.mkdirSync(dataDir, { recursive: true });
-    }
-    return path.join(dataDir, filename);
-}
-function bootstrapObservabilitySchema(sqlite) {
-    sqlite.exec(OBSERVABILITY_SCHEMA_SQL);
-}
-export function createObservabilityDatabase(filename = "observability.db") {
-    const dbPath = resolveDbPath(filename);
-    const isMemory = filename === ":memory:";
-    let dbBuffer;
-    if (!isMemory && fs.existsSync(dbPath)) {
-        dbBuffer = fs.readFileSync(dbPath);
-    }
-    const sqlite = new SQL.Database(dbBuffer);
-    bootstrapObservabilitySchema(sqlite);
-    const db = drizzle(sqlite, { schema });
-    return {
-        sqlite,
-        db,
-        schema,
-        close() {
-            if (!isMemory) {
-                const data = sqlite.export();
-                fs.writeFileSync(dbPath, Buffer.from(data));
-            }
-            sqlite.close();
-        },
-    };
-}
+import initSqlJs from "sql.js";
+import { drizzle } from "drizzle-orm/sql-js";
+import path from "node:path";
+import fs from "node:fs";
+import { fileURLToPath } from "node:url";
+import * as schema from "./schema/index.js";
+// Pre-initialize sql.js WASM at module load time
+const SQL = await initSqlJs();
+const OBSERVABILITY_SCHEMA_SQL = `
+  CREATE TABLE IF NOT EXISTS decision_ledger (
+    id TEXT PRIMARY KEY,
+    tick_id TEXT NOT NULL,
+    trace_id TEXT NOT NULL,
+    intent_id TEXT,
+    platform_id TEXT,
+    verdict TEXT NOT NULL,
+    mode TEXT NOT NULL,
+    reasons TEXT NOT NULL,
+    reason_codes TEXT NOT NULL,
+    decision_basis TEXT NOT NULL,
+    evidence_refs TEXT NOT NULL,
+    model_eval_ref TEXT,
+    created_at TEXT NOT NULL
+  );
+  CREATE UNIQUE INDEX IF NOT EXISTS decision_trace_idx ON decision_ledger(trace_id);
+  CREATE INDEX IF NOT EXISTS decision_tick_idx ON decision_ledger(tick_id);
+  CREATE TABLE IF NOT EXISTS execution_attempts (
+    id TEXT PRIMARY KEY,
+    trace_id TEXT NOT NULL,
+    decision_id TEXT NOT NULL,
+    intent_id TEXT NOT NULL,
+    platform_id TEXT NOT NULL,
+    capability TEXT NOT NULL,
+    channel TEXT NOT NULL,
+    status TEXT NOT NULL,
+    commit_state TEXT,
+    failure_class TEXT,
+    retry_policy TEXT,
+    idempotency_key TEXT,
+    started_at TEXT,
+    finished_at TEXT
+  );
+  CREATE UNIQUE INDEX IF NOT EXISTS attempt_trace_idx ON execution_attempts(trace_id);
+  CREATE INDEX IF NOT EXISTS attempt_decision_idx ON execution_attempts(decision_id);
+  CREATE INDEX IF NOT EXISTS attempt_platform_idx ON execution_attempts(platform_id);
+  CREATE TABLE IF NOT EXISTS governance_audit (
+    id TEXT PRIMARY KEY,
+    event_type TEXT NOT NULL,
+    proposal_id TEXT,
+    target_asset_id TEXT,
+    asset_path TEXT,
+    status_from TEXT,
+    status_to TEXT NOT NULL,
+    before_hash TEXT,
+    after_hash TEXT,
+    supporting_sources TEXT,
+    reason TEXT,
+    verification_deadline TEXT,
+    attempts_remaining INTEGER,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS audit_proposal_idx ON governance_audit(proposal_id);
+  CREATE INDEX IF NOT EXISTS audit_asset_idx ON governance_audit(target_asset_id);
+  CREATE INDEX IF NOT EXISTS audit_event_idx ON governance_audit(event_type);
+  CREATE TABLE IF NOT EXISTS redaction_manifest (
+    id TEXT PRIMARY KEY,
+    event_id TEXT NOT NULL,
+    event_type TEXT NOT NULL,
+    field_name TEXT NOT NULL,
+    action TEXT NOT NULL,
+    original_value_hash TEXT,
+    created_at TEXT NOT NULL
+  );
+  CREATE INDEX IF NOT EXISTS redact_event_idx ON redaction_manifest(event_id);
+  CREATE TABLE IF NOT EXISTS host_capability_reports (
+    report_id TEXT PRIMARY KEY,
+    generated_at TEXT NOT NULL,
+    host_version TEXT,
+    observed_version TEXT,
+    doc_checked_at TEXT NOT NULL,
+    doc_links_json TEXT NOT NULL,
+    delivery_target TEXT NOT NULL,
+    conflict_records_json TEXT NOT NULL,
+    full_report_json TEXT NOT NULL
+  );
+`;
+function resolveDbPath(filename) {
+    if (path.isAbsolute(filename) || filename === ":memory:") {
+        return filename;
+    }
+    const __dirname = path.dirname(fileURLToPath(import.meta.url));
+    const pluginRoot = path.resolve(__dirname, "..", "..", "..");
+    const dataDir = path.join(pluginRoot, "data");
+    if (!fs.existsSync(dataDir)) {
+        fs.mkdirSync(dataDir, { recursive: true });
+    }
+    return path.join(dataDir, filename);
+}
+function bootstrapObservabilitySchema(sqlite) {
+    sqlite.exec(OBSERVABILITY_SCHEMA_SQL);
+}
+export function createObservabilityDatabase(filename = "observability.db") {
+    const dbPath = resolveDbPath(filename);
+    const isMemory = filename === ":memory:";
+    let dbBuffer;
+    if (!isMemory && fs.existsSync(dbPath)) {
+        dbBuffer = fs.readFileSync(dbPath);
+    }
+    const sqlite = new SQL.Database(dbBuffer);
+    bootstrapObservabilitySchema(sqlite);
+    const db = drizzle(sqlite, { schema });
+    return {
+        sqlite,
+        db,
+        schema,
+        close() {
+            if (!isMemory) {
+                const data = sqlite.export();
+                fs.writeFileSync(dbPath, Buffer.from(data));
+            }
+            sqlite.close();
+        },
+    };
+}