npm - @haaaiawd/second-nature - Versions diffs - 0.1.16 → 0.1.18 - Mend

@haaaiawd/second-nature 0.1.16 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/index.js +855 -851
package/openclaw.plugin.json +29 -29
package/package.json +52 -52
package/runtime/cli/commands/index.d.ts +14 -14
package/runtime/cli/commands/index.js +193 -193
package/runtime/cli/explain/explain-surface-subject.d.ts +8 -8
package/runtime/cli/explain/explain-surface-subject.js +9 -9
package/runtime/cli/explain/format-explanation.d.ts +12 -12
package/runtime/cli/explain/format-explanation.js +12 -12
package/runtime/cli/explain/resolve-subject.js +41 -41
package/runtime/cli/host-capability/classify-delivery.d.ts +14 -14
package/runtime/cli/host-capability/classify-delivery.js +20 -20
package/runtime/cli/host-capability/probe-host-capability.d.ts +2 -2
package/runtime/cli/host-capability/probe-host-capability.js +58 -58
package/runtime/cli/host-capability/record-host-capability.d.ts +6 -6
package/runtime/cli/host-capability/record-host-capability.js +14 -14
package/runtime/cli/host-capability/types.d.ts +71 -71
package/runtime/cli/host-capability/types.js +6 -6
package/runtime/cli/host-smoke/run-host-smoke.d.ts +2 -2
package/runtime/cli/host-smoke/run-host-smoke.js +40 -40
package/runtime/cli/host-smoke/types.d.ts +35 -35
package/runtime/cli/host-smoke/types.js +6 -6
package/runtime/cli/index.js +58 -54
package/runtime/cli/ops/heartbeat-surface.d.ts +38 -35
package/runtime/cli/ops/heartbeat-surface.js +73 -71
package/runtime/cli/ops/ops-router.d.ts +19 -16
package/runtime/cli/ops/ops-router.js +89 -87
package/runtime/cli/ops/show-operator-fallback.d.ts +13 -13
package/runtime/cli/ops/show-operator-fallback.js +22 -22
package/runtime/cli/ops/workspace-heartbeat-runner.d.ts +19 -10
package/runtime/cli/ops/workspace-heartbeat-runner.js +39 -26
package/runtime/cli/read-models/index.d.ts +29 -29
package/runtime/cli/read-models/index.js +256 -256
package/runtime/cli/read-models/operator-explain-map.d.ts +6 -6
package/runtime/cli/read-models/operator-explain-map.js +10 -10
package/runtime/cli/read-models/types.d.ts +79 -79
package/runtime/cli/runtime/runtime-artifact-boundary.d.ts +28 -28
package/runtime/cli/runtime/runtime-artifact-boundary.js +94 -94
package/runtime/connectors/base/contract.d.ts +87 -87
package/runtime/connectors/base/execution-policy.d.ts +47 -47
package/runtime/connectors/base/execution-policy.js +82 -82
package/runtime/connectors/base/index.d.ts +8 -8
package/runtime/connectors/base/index.js +8 -8
package/runtime/connectors/base/manifest.d.ts +64 -64
package/runtime/connectors/base/manifest.js +86 -86
package/runtime/connectors/base/map-life-evidence.d.ts +16 -16
package/runtime/connectors/base/map-life-evidence.js +79 -79
package/runtime/connectors/base/policy-layer.d.ts +29 -29
package/runtime/connectors/base/policy-layer.js +198 -198
package/runtime/connectors/base/route-planner.js +99 -99
package/runtime/connectors/index.d.ts +5 -5
package/runtime/connectors/index.js +5 -5
package/runtime/connectors/near-real/near-real-connector-smoke.d.ts +19 -19
package/runtime/connectors/near-real/near-real-connector-smoke.js +152 -152
package/runtime/core/second-nature/heartbeat/heartbeat-executor.js +114 -114
package/runtime/core/second-nature/heartbeat/heartbeat-loop.d.ts +63 -63
package/runtime/core/second-nature/heartbeat/heartbeat-loop.js +139 -139
package/runtime/core/second-nature/heartbeat/index.d.ts +8 -8
package/runtime/core/second-nature/heartbeat/index.js +7 -7
package/runtime/core/second-nature/heartbeat/run-heartbeat-cycle.d.ts +21 -21
package/runtime/core/second-nature/heartbeat/run-heartbeat-cycle.js +35 -35
package/runtime/core/second-nature/heartbeat/runtime-snapshot.d.ts +28 -28
package/runtime/core/second-nature/heartbeat/runtime-snapshot.js +35 -35
package/runtime/core/second-nature/heartbeat/signal.d.ts +42 -42
package/runtime/core/second-nature/heartbeat/snapshot-builder.d.ts +51 -51
package/runtime/core/second-nature/index.d.ts +22 -22
package/runtime/core/second-nature/index.js +22 -22
package/runtime/core/second-nature/orchestrator/effect-dispatcher.d.ts +100 -100
package/runtime/core/second-nature/orchestrator/effect-dispatcher.js +144 -144
package/runtime/core/second-nature/orchestrator/guard-layer.d.ts +8 -8
package/runtime/core/second-nature/orchestrator/guard-layer.js +110 -110
package/runtime/core/second-nature/orchestrator/intent-planner.d.ts +13 -13
package/runtime/core/second-nature/orchestrator/intent-planner.js +199 -199
package/runtime/core/second-nature/orchestrator/lease-manager.d.ts +14 -14
package/runtime/core/second-nature/orchestrator/lease-manager.js +58 -58
package/runtime/core/second-nature/outreach/build-outreach-draft-request.d.ts +6 -6
package/runtime/core/second-nature/outreach/build-outreach-draft-request.js +63 -63
package/runtime/core/second-nature/outreach/delivery-target.d.ts +26 -26
package/runtime/core/second-nature/outreach/delivery-target.js +70 -70
package/runtime/core/second-nature/outreach/dispatch-user-outreach.d.ts +38 -38
package/runtime/core/second-nature/outreach/dispatch-user-outreach.js +119 -119
package/runtime/core/second-nature/outreach/judge-input-from-snapshot.d.ts +7 -7
package/runtime/core/second-nature/outreach/judge-input-from-snapshot.js +45 -45
package/runtime/core/second-nature/outreach/judge-outreach.d.ts +40 -40
package/runtime/core/second-nature/outreach/judge-outreach.js +121 -121
package/runtime/core/second-nature/quiet/run-source-backed-quiet.d.ts +21 -21
package/runtime/core/second-nature/quiet/run-source-backed-quiet.js +123 -123
package/runtime/core/second-nature/rhythm/planner-rhythm-window.d.ts +15 -15
package/runtime/core/second-nature/rhythm/planner-rhythm-window.js +52 -52
package/runtime/core/second-nature/rhythm/policy-bridge.d.ts +19 -19
package/runtime/core/second-nature/rhythm/policy-bridge.js +34 -34
package/runtime/core/second-nature/runtime/service-entry.js +45 -45
package/runtime/core/second-nature/types.d.ts +51 -51
package/runtime/guidance/draft-outreach-message.d.ts +7 -7
package/runtime/guidance/draft-outreach-message.js +42 -42
package/runtime/guidance/evidence-guidance.d.ts +40 -40
package/runtime/guidance/evidence-guidance.js +52 -52
package/runtime/guidance/index.d.ts +11 -11
package/runtime/guidance/index.js +11 -11
package/runtime/guidance/outreach-draft-schema.d.ts +228 -228
package/runtime/guidance/outreach-draft-schema.js +80 -80
package/runtime/observability/audit/append-only-audit-store.d.ts +14 -14
package/runtime/observability/audit/append-only-audit-store.js +21 -21
package/runtime/observability/audit/audit-envelope.d.ts +51 -51
package/runtime/observability/audit/audit-envelope.js +130 -130
package/runtime/observability/audit/verify-audit-hash-chain.d.ts +23 -23
package/runtime/observability/audit/verify-audit-hash-chain.js +83 -83
package/runtime/observability/db/index.js +124 -124
package/runtime/observability/db/schema/host-capability-reports.d.ts +180 -180
package/runtime/observability/db/schema/host-capability-reports.js +12 -12
package/runtime/observability/db/schema/index.d.ts +947 -947
package/runtime/observability/db/schema/index.js +71 -71
package/runtime/observability/index.d.ts +20 -19
package/runtime/observability/index.js +19 -18
package/runtime/observability/query/explain-query.d.ts +48 -48
package/runtime/observability/query/explain-query.js +114 -114
package/runtime/observability/query/export-audit-bundle.d.ts +22 -22
package/runtime/observability/query/export-audit-bundle.js +27 -27
package/runtime/observability/services/decision-ledger.d.ts +46 -46
package/runtime/observability/services/decision-ledger.js +161 -161
package/runtime/observability/services/governance-audit.d.ts +41 -41
package/runtime/observability/services/governance-audit.js +163 -163
package/runtime/observability/services/governance-plane-recorder.d.ts +47 -47
package/runtime/observability/services/governance-plane-recorder.js +55 -55
package/runtime/observability/services/lived-experience-audit.d.ts +97 -97
package/runtime/observability/services/lived-experience-audit.js +162 -162
package/runtime/observability/services/runtime-decision-recorder.d.ts +29 -0
package/runtime/observability/services/runtime-decision-recorder.js +94 -0
package/runtime/storage/bootstrap/native-sqlite-probe.d.ts +7 -7
package/runtime/storage/bootstrap/native-sqlite-probe.js +28 -28
package/runtime/storage/bootstrap/repair-gate.d.ts +17 -17
package/runtime/storage/bootstrap/repair-gate.js +71 -71
package/runtime/storage/bootstrap/storage-mode-smoke.d.ts +38 -38
package/runtime/storage/bootstrap/storage-mode-smoke.js +85 -85
package/runtime/storage/db/index.js +154 -154
package/runtime/storage/db/schema/delivery-attempts.d.ts +199 -199
package/runtime/storage/db/schema/delivery-attempts.js +13 -13
package/runtime/storage/db/schema/index.d.ts +9 -9
package/runtime/storage/db/schema/index.js +9 -9
package/runtime/storage/db/schema/life-evidence-index.d.ts +161 -161
package/runtime/storage/db/schema/life-evidence-index.js +11 -11
package/runtime/storage/db/schema/operator-fallback-artifacts.d.ts +161 -161
package/runtime/storage/db/schema/operator-fallback-artifacts.js +11 -11
package/runtime/storage/db/schema/policies.d.ts +98 -98
package/runtime/storage/db/schema/policies.js +8 -8
package/runtime/storage/delivery/query-delivery-attempts.d.ts +3 -3
package/runtime/storage/delivery/query-delivery-attempts.js +32 -32
package/runtime/storage/delivery/types.d.ts +27 -27
package/runtime/storage/delivery/types.js +1 -1
package/runtime/storage/delivery/write-delivery-attempt.d.ts +6 -6
package/runtime/storage/delivery/write-delivery-attempt.js +36 -36
package/runtime/storage/fallback/load-operator-fallback.d.ts +14 -14
package/runtime/storage/fallback/load-operator-fallback.js +47 -47
package/runtime/storage/fallback/operator-fallback-types.d.ts +9 -9
package/runtime/storage/fallback/operator-fallback-types.js +1 -1
package/runtime/storage/fallback/operator-fallback-view.d.ts +11 -11
package/runtime/storage/fallback/operator-fallback-view.js +1 -1
package/runtime/storage/fallback/write-operator-fallback.d.ts +6 -6
package/runtime/storage/fallback/write-operator-fallback.js +21 -21
package/runtime/storage/index.d.ts +37 -37
package/runtime/storage/index.js +30 -30
package/runtime/storage/life-evidence/append-life-evidence.d.ts +7 -7
package/runtime/storage/life-evidence/append-life-evidence.js +64 -64
package/runtime/storage/life-evidence/types.d.ts +45 -45
package/runtime/storage/life-evidence/types.js +6 -6
package/runtime/storage/quiet/persist-quiet-artifact.d.ts +7 -7
package/runtime/storage/quiet/persist-quiet-artifact.js +22 -22
package/runtime/storage/quiet/quiet-artifact-types.d.ts +18 -18
package/runtime/storage/quiet/quiet-artifact-types.js +1 -1
package/runtime/storage/quiet/quiet-artifact-writer.d.ts +15 -15
package/runtime/storage/quiet/quiet-artifact-writer.js +56 -56
package/runtime/storage/repositories/credential-repository.js +30 -30
package/runtime/storage/rhythm/rhythm-policy-snapshot.d.ts +10 -10
package/runtime/storage/rhythm/rhythm-policy-snapshot.js +34 -34
package/runtime/storage/services/credential-vault.d.ts +13 -13
package/runtime/storage/services/credential-vault.js +116 -116
package/runtime/storage/snapshots/continuity-snapshot.d.ts +9 -9
package/runtime/storage/snapshots/continuity-snapshot.js +41 -41
package/runtime/storage/snapshots/life-evidence-snapshot.d.ts +6 -6
package/runtime/storage/snapshots/life-evidence-snapshot.js +114 -114
package/runtime/storage/snapshots/types.d.ts +58 -58
package/runtime/storage/snapshots/types.js +1 -1
package/runtime/storage/state-api.js +104 -104
package/runtime/storage/user-interest/load-user-interest-snapshot.d.ts +2 -2
package/runtime/storage/user-interest/load-user-interest-snapshot.js +150 -150
package/runtime/storage/user-interest/types.d.ts +25 -25
package/runtime/storage/user-interest/types.js +1 -1
package/workspace-ops-bridge.js +81 -80

package/runtime/observability/query/export-audit-bundle.js CHANGED Viewed

@@ -1,27 +1,27 @@
-/**
- * Redacted audit export bundle for operator / retention tooling (T5.3.1).
- *
- * Core logic: load range, attach export metadata; payloads are already redacted at envelope build time.
- *
- * Dependencies: same range loader pattern as verifyAuditHashChain.
- *
- * Test coverage: tests/integration/observability/explain-query-export.test.ts
- */
-import * as crypto from "node:crypto";
-function summarize(events) {
-    const ids = new Set();
-    for (const e of events) {
-        ids.add(e.redaction.manifestId);
-    }
-    return { eventCount: events.length, manifestIds: [...ids] };
-}
-export async function exportAuditBundle(range, deps) {
-    const events = [...(await deps.loadRange(range.from, range.to, range.families))].sort((a, b) => a.sequence - b.sequence);
-    return {
-        bundleId: crypto.randomUUID(),
-        generatedAt: new Date().toISOString(),
-        range,
-        events,
-        redactionSummary: summarize(events),
-    };
-}
+/**
+ * Redacted audit export bundle for operator / retention tooling (T5.3.1).
+ *
+ * Core logic: load range, attach export metadata; payloads are already redacted at envelope build time.
+ *
+ * Dependencies: same range loader pattern as verifyAuditHashChain.
+ *
+ * Test coverage: tests/integration/observability/explain-query-export.test.ts
+ */
+import * as crypto from "node:crypto";
+function summarize(events) {
+    const ids = new Set();
+    for (const e of events) {
+        ids.add(e.redaction.manifestId);
+    }
+    return { eventCount: events.length, manifestIds: [...ids] };
+}
+export async function exportAuditBundle(range, deps) {
+    const events = [...(await deps.loadRange(range.from, range.to, range.families))].sort((a, b) => a.sequence - b.sequence);
+    return {
+        bundleId: crypto.randomUUID(),
+        generatedAt: new Date().toISOString(),
+        range,
+        events,
+        redactionSummary: summarize(events),
+    };
+}

package/runtime/observability/services/decision-ledger.d.ts CHANGED Viewed

@@ -1,46 +1,46 @@
-import type { ObservabilityDatabase } from "../db/index.js";
-import type { DecisionRecord } from "../../shared/types/continuity.js";
-export interface QuietLifecycleEvent {
-    id: string;
-    tickId: string;
-    eventType: "quiet.entered" | "quiet.skipped" | "quiet.interrupted" | "quiet.resumed" | "quiet.suppressed";
-    reason?: string;
-    suppressedBy?: string;
-    reflectionCandidates?: string[];
-    createdAt: string;
-}
-export interface OutreachDecision {
-    id: string;
-    tickId: string;
-    eventType: "outreach.considered" | "outreach.denied" | "outreach.deferred" | "outreach.sent";
-    platformId?: string;
-    targetUserId?: string;
-    valueScore?: number;
-    suppressionReason?: string;
-    messagePreview?: string;
-    createdAt: string;
-}
-export interface HeartbeatDecisionEvent {
-    id: string;
-    tickId: string;
-    traceId: string;
-    runtimeScope: "rhythm" | "user_task" | "user_reply";
-    triggerSource: "heartbeat_bridge" | "user_task" | "user_reply" | "interrupt" | "resume";
-    decisionStatus: "heartbeat_ok" | "intent_selected" | "denied" | "deferred" | "runtime_carrier_only" | "delivery_unavailable";
-    reasons: string[];
-    intentId?: string;
-    mode: "active" | "quiet" | "maintenance_only" | "paused_for_interrupt";
-    createdAt: string;
-}
-export declare class DecisionLedger {
-    private db;
-    constructor(db: ObservabilityDatabase);
-    recordDecision(record: DecisionRecord): Promise<void>;
-    recordHeartbeatDecision(event: HeartbeatDecisionEvent): Promise<void>;
-    recordQuietLifecycle(event: QuietLifecycleEvent): Promise<void>;
-    recordOutreachDecision(event: OutreachDecision): Promise<void>;
-    queryByTickId(tickId: string): Promise<DecisionRecord[]>;
-    queryByTraceId(traceId: string): Promise<DecisionRecord | null>;
-    queryByIntentId(intentId: string): Promise<DecisionRecord[]>;
-    private mapToDecisionRecord;
-}
+import type { ObservabilityDatabase } from "../db/index.js";
+import type { DecisionRecord } from "../../shared/types/continuity.js";
+export interface QuietLifecycleEvent {
+    id: string;
+    tickId: string;
+    eventType: "quiet.entered" | "quiet.skipped" | "quiet.interrupted" | "quiet.resumed" | "quiet.suppressed";
+    reason?: string;
+    suppressedBy?: string;
+    reflectionCandidates?: string[];
+    createdAt: string;
+}
+export interface OutreachDecision {
+    id: string;
+    tickId: string;
+    eventType: "outreach.considered" | "outreach.denied" | "outreach.deferred" | "outreach.sent";
+    platformId?: string;
+    targetUserId?: string;
+    valueScore?: number;
+    suppressionReason?: string;
+    messagePreview?: string;
+    createdAt: string;
+}
+export interface HeartbeatDecisionEvent {
+    id: string;
+    tickId: string;
+    traceId: string;
+    runtimeScope: "rhythm" | "user_task" | "user_reply";
+    triggerSource: "heartbeat_bridge" | "user_task" | "user_reply" | "interrupt" | "resume";
+    decisionStatus: "heartbeat_ok" | "intent_selected" | "denied" | "deferred" | "runtime_carrier_only" | "delivery_unavailable";
+    reasons: string[];
+    intentId?: string;
+    mode: "active" | "quiet" | "maintenance_only" | "paused_for_interrupt";
+    createdAt: string;
+}
+export declare class DecisionLedger {
+    private db;
+    constructor(db: ObservabilityDatabase);
+    recordDecision(record: DecisionRecord): Promise<void>;
+    recordHeartbeatDecision(event: HeartbeatDecisionEvent): Promise<void>;
+    recordQuietLifecycle(event: QuietLifecycleEvent): Promise<void>;
+    recordOutreachDecision(event: OutreachDecision): Promise<void>;
+    queryByTickId(tickId: string): Promise<DecisionRecord[]>;
+    queryByTraceId(traceId: string): Promise<DecisionRecord | null>;
+    queryByIntentId(intentId: string): Promise<DecisionRecord[]>;
+    private mapToDecisionRecord;
+}

package/runtime/observability/services/decision-ledger.js CHANGED Viewed

@@ -1,161 +1,161 @@
-import { eq } from "drizzle-orm";
-import { decisionLedger } from "../db/schema/index.js";
-import { redactEvent } from "../redaction/manifest.js";
-import { persistRedactionManifest } from "./redaction-store.js";
-export class DecisionLedger {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    async recordDecision(record) {
-        const { redacted, manifest } = redactEvent(record);
-        await this.db.db.insert(decisionLedger).values({
-            id: redacted.id,
-            tickId: redacted.tickId,
-            traceId: redacted.traceId,
-            intentId: redacted.intentId ?? null,
-            platformId: redacted.platformId ?? null,
-            verdict: redacted.verdict,
-            mode: redacted.mode,
-            reasons: JSON.stringify(redacted.reasons),
-            reasonCodes: JSON.stringify(redacted.reasonCodes),
-            decisionBasis: redacted.decisionBasis,
-            evidenceRefs: JSON.stringify(redacted.evidenceRefs),
-            modelEvalRef: redacted.modelEvalRef ?? null,
-            createdAt: redacted.createdAt,
-        });
-        await persistRedactionManifest(this.db, redacted.id, "decision.recorded", manifest);
-    }
-    async recordHeartbeatDecision(event) {
-        const { redacted, manifest } = redactEvent(event);
-        // Map decisionStatus to existing verdict field without changing business semantics
-        const verdict = mapHeartbeatStatusToVerdict(redacted.decisionStatus);
-        await this.db.db.insert(decisionLedger).values({
-            id: redacted.id,
-            tickId: redacted.tickId,
-            traceId: redacted.traceId,
-            intentId: redacted.intentId ?? null,
-            platformId: null,
-            verdict,
-            mode: redacted.mode,
-            reasons: JSON.stringify(redacted.reasons),
-            reasonCodes: JSON.stringify(["heartbeat_decision"]),
-            decisionBasis: "rule_only",
-            evidenceRefs: JSON.stringify([
-                `scope:${redacted.runtimeScope}`,
-                `trigger:${redacted.triggerSource}`,
-                `status:${redacted.decisionStatus}`,
-            ].filter(Boolean)),
-            modelEvalRef: null,
-            createdAt: redacted.createdAt,
-        });
-        await persistRedactionManifest(this.db, redacted.id, "heartbeat.decision", manifest);
-    }
-    async recordQuietLifecycle(event) {
-        const { redacted, manifest } = redactEvent(event);
-        await this.db.db.insert(decisionLedger).values({
-            id: redacted.id,
-            tickId: redacted.tickId,
-            traceId: `quiet-${redacted.eventType}-${redacted.id}`,
-            intentId: null,
-            platformId: null,
-            verdict: "allow",
-            mode: "quiet",
-            reasons: JSON.stringify([redacted.eventType, redacted.reason ?? ""].filter(Boolean)),
-            reasonCodes: JSON.stringify(["quiet_lifecycle"]),
-            decisionBasis: "rule_only",
-            evidenceRefs: JSON.stringify(redacted.reflectionCandidates ?? []),
-            modelEvalRef: null,
-            createdAt: redacted.createdAt,
-        });
-        await persistRedactionManifest(this.db, redacted.id, redacted.eventType, manifest);
-    }
-    async recordOutreachDecision(event) {
-        const { redacted, manifest } = redactEvent(event);
-        const verdict = redacted.eventType === "outreach.sent"
-            ? "allow"
-            : redacted.eventType === "outreach.deferred" || redacted.eventType === "outreach.considered"
-                ? "defer"
-                : "deny";
-        await this.db.db.insert(decisionLedger).values({
-            id: redacted.id,
-            tickId: redacted.tickId,
-            traceId: `outreach-${redacted.eventType}-${redacted.id}`,
-            intentId: null,
-            platformId: redacted.platformId ?? null,
-            verdict,
-            mode: "active",
-            reasons: JSON.stringify([
-                redacted.eventType,
-                redacted.valueScore?.toString() ?? "",
-                redacted.suppressionReason ?? "",
-            ].filter(Boolean)),
-            reasonCodes: JSON.stringify(["outreach_decision"]),
-            decisionBasis: "score_based",
-            evidenceRefs: JSON.stringify([redacted.targetUserId ?? ""].filter(Boolean)),
-            modelEvalRef: null,
-            createdAt: redacted.createdAt,
-        });
-        await persistRedactionManifest(this.db, redacted.id, redacted.eventType, manifest);
-    }
-    async queryByTickId(tickId) {
-        const results = await this.db.db
-            .select()
-            .from(decisionLedger)
-            .where(eq(decisionLedger.tickId, tickId));
-        return results.map(this.mapToDecisionRecord);
-    }
-    async queryByTraceId(traceId) {
-        const results = await this.db.db
-            .select()
-            .from(decisionLedger)
-            .where(eq(decisionLedger.traceId, traceId))
-            .limit(1);
-        return results[0] ? this.mapToDecisionRecord(results[0]) : null;
-    }
-    async queryByIntentId(intentId) {
-        const results = await this.db.db
-            .select()
-            .from(decisionLedger)
-            .where(eq(decisionLedger.intentId, intentId));
-        return results.map(this.mapToDecisionRecord);
-    }
-    mapToDecisionRecord(row) {
-        return {
-            id: row.id,
-            tickId: row.tickId,
-            traceId: row.traceId,
-            intentId: row.intentId ?? undefined,
-            platformId: row.platformId ?? undefined,
-            verdict: row.verdict,
-            mode: row.mode,
-            reasons: JSON.parse(row.reasons),
-            reasonCodes: JSON.parse(row.reasonCodes),
-            decisionBasis: row.decisionBasis,
-            evidenceRefs: JSON.parse(row.evidenceRefs),
-            modelEvalRef: row.modelEvalRef ?? undefined,
-            createdAt: row.createdAt,
-        };
-    }
-}
-/**
- * Map heartbeat decision status to existing verdict field.
- * This preserves the existing DecisionRecord semantics while allowing
- * heartbeat-specific status to be recoverable from evidenceRefs.
- */
-function mapHeartbeatStatusToVerdict(status) {
-    switch (status) {
-        case "intent_selected":
-            return "allow";
-        case "denied":
-            return "deny";
-        case "deferred":
-            return "defer";
-        case "heartbeat_ok":
-            return "defer";
-        case "runtime_carrier_only":
-            return "defer";
-        case "delivery_unavailable":
-            return "deny";
-    }
-}
+import { eq } from "drizzle-orm";
+import { decisionLedger } from "../db/schema/index.js";
+import { redactEvent } from "../redaction/manifest.js";
+import { persistRedactionManifest } from "./redaction-store.js";
+export class DecisionLedger {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async recordDecision(record) {
+        const { redacted, manifest } = redactEvent(record);
+        await this.db.db.insert(decisionLedger).values({
+            id: redacted.id,
+            tickId: redacted.tickId,
+            traceId: redacted.traceId,
+            intentId: redacted.intentId ?? null,
+            platformId: redacted.platformId ?? null,
+            verdict: redacted.verdict,
+            mode: redacted.mode,
+            reasons: JSON.stringify(redacted.reasons),
+            reasonCodes: JSON.stringify(redacted.reasonCodes),
+            decisionBasis: redacted.decisionBasis,
+            evidenceRefs: JSON.stringify(redacted.evidenceRefs),
+            modelEvalRef: redacted.modelEvalRef ?? null,
+            createdAt: redacted.createdAt,
+        });
+        await persistRedactionManifest(this.db, redacted.id, "decision.recorded", manifest);
+    }
+    async recordHeartbeatDecision(event) {
+        const { redacted, manifest } = redactEvent(event);
+        // Map decisionStatus to existing verdict field without changing business semantics
+        const verdict = mapHeartbeatStatusToVerdict(redacted.decisionStatus);
+        await this.db.db.insert(decisionLedger).values({
+            id: redacted.id,
+            tickId: redacted.tickId,
+            traceId: redacted.traceId,
+            intentId: redacted.intentId ?? null,
+            platformId: null,
+            verdict,
+            mode: redacted.mode,
+            reasons: JSON.stringify(redacted.reasons),
+            reasonCodes: JSON.stringify(["heartbeat_decision"]),
+            decisionBasis: "rule_only",
+            evidenceRefs: JSON.stringify([
+                `scope:${redacted.runtimeScope}`,
+                `trigger:${redacted.triggerSource}`,
+                `status:${redacted.decisionStatus}`,
+            ].filter(Boolean)),
+            modelEvalRef: null,
+            createdAt: redacted.createdAt,
+        });
+        await persistRedactionManifest(this.db, redacted.id, "heartbeat.decision", manifest);
+    }
+    async recordQuietLifecycle(event) {
+        const { redacted, manifest } = redactEvent(event);
+        await this.db.db.insert(decisionLedger).values({
+            id: redacted.id,
+            tickId: redacted.tickId,
+            traceId: `quiet-${redacted.eventType}-${redacted.id}`,
+            intentId: null,
+            platformId: null,
+            verdict: "allow",
+            mode: "quiet",
+            reasons: JSON.stringify([redacted.eventType, redacted.reason ?? ""].filter(Boolean)),
+            reasonCodes: JSON.stringify(["quiet_lifecycle"]),
+            decisionBasis: "rule_only",
+            evidenceRefs: JSON.stringify(redacted.reflectionCandidates ?? []),
+            modelEvalRef: null,
+            createdAt: redacted.createdAt,
+        });
+        await persistRedactionManifest(this.db, redacted.id, redacted.eventType, manifest);
+    }
+    async recordOutreachDecision(event) {
+        const { redacted, manifest } = redactEvent(event);
+        const verdict = redacted.eventType === "outreach.sent"
+            ? "allow"
+            : redacted.eventType === "outreach.deferred" || redacted.eventType === "outreach.considered"
+                ? "defer"
+                : "deny";
+        await this.db.db.insert(decisionLedger).values({
+            id: redacted.id,
+            tickId: redacted.tickId,
+            traceId: `outreach-${redacted.eventType}-${redacted.id}`,
+            intentId: null,
+            platformId: redacted.platformId ?? null,
+            verdict,
+            mode: "active",
+            reasons: JSON.stringify([
+                redacted.eventType,
+                redacted.valueScore?.toString() ?? "",
+                redacted.suppressionReason ?? "",
+            ].filter(Boolean)),
+            reasonCodes: JSON.stringify(["outreach_decision"]),
+            decisionBasis: "score_based",
+            evidenceRefs: JSON.stringify([redacted.targetUserId ?? ""].filter(Boolean)),
+            modelEvalRef: null,
+            createdAt: redacted.createdAt,
+        });
+        await persistRedactionManifest(this.db, redacted.id, redacted.eventType, manifest);
+    }
+    async queryByTickId(tickId) {
+        const results = await this.db.db
+            .select()
+            .from(decisionLedger)
+            .where(eq(decisionLedger.tickId, tickId));
+        return results.map(this.mapToDecisionRecord);
+    }
+    async queryByTraceId(traceId) {
+        const results = await this.db.db
+            .select()
+            .from(decisionLedger)
+            .where(eq(decisionLedger.traceId, traceId))
+            .limit(1);
+        return results[0] ? this.mapToDecisionRecord(results[0]) : null;
+    }
+    async queryByIntentId(intentId) {
+        const results = await this.db.db
+            .select()
+            .from(decisionLedger)
+            .where(eq(decisionLedger.intentId, intentId));
+        return results.map(this.mapToDecisionRecord);
+    }
+    mapToDecisionRecord(row) {
+        return {
+            id: row.id,
+            tickId: row.tickId,
+            traceId: row.traceId,
+            intentId: row.intentId ?? undefined,
+            platformId: row.platformId ?? undefined,
+            verdict: row.verdict,
+            mode: row.mode,
+            reasons: JSON.parse(row.reasons),
+            reasonCodes: JSON.parse(row.reasonCodes),
+            decisionBasis: row.decisionBasis,
+            evidenceRefs: JSON.parse(row.evidenceRefs),
+            modelEvalRef: row.modelEvalRef ?? undefined,
+            createdAt: row.createdAt,
+        };
+    }
+}
+/**
+ * Map heartbeat decision status to existing verdict field.
+ * This preserves the existing DecisionRecord semantics while allowing
+ * heartbeat-specific status to be recoverable from evidenceRefs.
+ */
+function mapHeartbeatStatusToVerdict(status) {
+    switch (status) {
+        case "intent_selected":
+            return "allow";
+        case "denied":
+            return "deny";
+        case "deferred":
+            return "defer";
+        case "heartbeat_ok":
+            return "defer";
+        case "runtime_carrier_only":
+            return "defer";
+        case "delivery_unavailable":
+            return "deny";
+    }
+}

package/runtime/observability/services/governance-audit.d.ts CHANGED Viewed

@@ -1,41 +1,41 @@
-import type { ObservabilityDatabase } from "../db/index.js";
-import type { AnchorChangeAudit } from "../../shared/types/continuity.js";
-export interface CredentialLifecycleAudit {
-    id: string;
-    platformId: string;
-    credentialId: string;
-    statusFrom?: string;
-    statusTo: string;
-    verificationDeadline?: string;
-    attemptsRemaining?: number;
-    explanationCapsule: string;
-    createdAt: string;
-}
-export declare class GovernanceAudit {
-    private db;
-    constructor(db: ObservabilityDatabase);
-    recordAnchorChangeAudit(event: AnchorChangeAudit): Promise<void>;
-    /**
-     * Generic governance-plane events (T5.1.2): fallback_written, effect_commit_advanced, connector_failure, etc.
-     * traceId is stored on target_asset_id for explain/trace correlation until a dedicated column exists.
-     */
-    recordOperationalGovernanceEvent(input: {
-        id: string;
-        eventType: string;
-        traceId: string;
-        statusTo: string;
-        reason: string;
-        assetPath?: string;
-        supportingSources?: string[];
-        createdAt?: string;
-    }): Promise<void>;
-    recordCredentialLifecycle(event: CredentialLifecycleAudit): Promise<void>;
-    recordProposalApply(proposalId: string, targetAssetId: string, assetPath: string, beforeHash: string | undefined, afterHash: string | undefined, supportingSources: string[], reason: string): Promise<void>;
-    recordProposalReject(proposalId: string, targetAssetId: string, assetPath: string, reason: string): Promise<void>;
-    queryByProposalId(proposalId: string): Promise<AnchorChangeAudit[]>;
-    queryByAssetId(assetId: string): Promise<AnchorChangeAudit[]>;
-    queryByEventType(eventType: string): Promise<AnchorChangeAudit[]>;
-    queryCredentialByPlatform(platformId: string): Promise<CredentialLifecycleAudit[]>;
-    private mapToAnchorAudit;
-    private mapToCredentialAudit;
-}
+import type { ObservabilityDatabase } from "../db/index.js";
+import type { AnchorChangeAudit } from "../../shared/types/continuity.js";
+export interface CredentialLifecycleAudit {
+    id: string;
+    platformId: string;
+    credentialId: string;
+    statusFrom?: string;
+    statusTo: string;
+    verificationDeadline?: string;
+    attemptsRemaining?: number;
+    explanationCapsule: string;
+    createdAt: string;
+}
+export declare class GovernanceAudit {
+    private db;
+    constructor(db: ObservabilityDatabase);
+    recordAnchorChangeAudit(event: AnchorChangeAudit): Promise<void>;
+    /**
+     * Generic governance-plane events (T5.1.2): fallback_written, effect_commit_advanced, connector_failure, etc.
+     * traceId is stored on target_asset_id for explain/trace correlation until a dedicated column exists.
+     */
+    recordOperationalGovernanceEvent(input: {
+        id: string;
+        eventType: string;
+        traceId: string;
+        statusTo: string;
+        reason: string;
+        assetPath?: string;
+        supportingSources?: string[];
+        createdAt?: string;
+    }): Promise<void>;
+    recordCredentialLifecycle(event: CredentialLifecycleAudit): Promise<void>;
+    recordProposalApply(proposalId: string, targetAssetId: string, assetPath: string, beforeHash: string | undefined, afterHash: string | undefined, supportingSources: string[], reason: string): Promise<void>;
+    recordProposalReject(proposalId: string, targetAssetId: string, assetPath: string, reason: string): Promise<void>;
+    queryByProposalId(proposalId: string): Promise<AnchorChangeAudit[]>;
+    queryByAssetId(assetId: string): Promise<AnchorChangeAudit[]>;
+    queryByEventType(eventType: string): Promise<AnchorChangeAudit[]>;
+    queryCredentialByPlatform(platformId: string): Promise<CredentialLifecycleAudit[]>;
+    private mapToAnchorAudit;
+    private mapToCredentialAudit;
+}