@haaaiawd/second-nature 0.1.16 → 0.1.18

package/runtime/observability/services/governance-audit.js

@@ -1,163 +1,163 @@
-import { eq } from "drizzle-orm";
-import { governanceAudit } from "../db/schema/index.js";
-import { createEmptyManifest, redactEvent } from "../redaction/manifest.js";
-import { persistRedactionManifest } from "./redaction-store.js";
-export class GovernanceAudit {
-    db;
-    constructor(db) {
-        this.db = db;
-    }
-    async recordAnchorChangeAudit(event) {
-        const { redacted, manifest } = redactEvent(event);
-        await this.db.db.insert(governanceAudit).values({
-            id: redacted.id,
-            eventType: "anchor_change",
-            proposalId: redacted.proposalId,
-            targetAssetId: redacted.targetAssetId,
-            assetPath: redacted.assetPath,
-            statusFrom: null,
-            statusTo: redacted.status,
-            beforeHash: redacted.beforeHash ?? null,
-            afterHash: redacted.afterHash ?? null,
-            supportingSources: JSON.stringify(redacted.supportingSources),
-            reason: redacted.reason,
-            verificationDeadline: null,
-            attemptsRemaining: null,
-            createdAt: redacted.createdAt,
-        });
-        await persistRedactionManifest(this.db, redacted.id, "anchor.change", manifest);
-    }
-    /**
-     * Generic governance-plane events (T5.1.2): fallback_written, effect_commit_advanced, connector_failure, etc.
-     * traceId is stored on target_asset_id for explain/trace correlation until a dedicated column exists.
-     */
-    async recordOperationalGovernanceEvent(input) {
-        const createdAt = input.createdAt ?? new Date().toISOString();
-        await this.db.db.insert(governanceAudit).values({
-            id: input.id,
-            eventType: input.eventType,
-            proposalId: null,
-            targetAssetId: input.traceId,
-            assetPath: input.assetPath ?? null,
-            statusFrom: null,
-            statusTo: input.statusTo,
-            beforeHash: null,
-            afterHash: null,
-            supportingSources: JSON.stringify(input.supportingSources ?? []),
-            reason: input.reason,
-            verificationDeadline: null,
-            attemptsRemaining: null,
-            createdAt,
-        });
-        await persistRedactionManifest(this.db, input.id, input.eventType, createEmptyManifest());
-    }
-    async recordCredentialLifecycle(event) {
-        const { redacted, manifest } = redactEvent(event);
-        await this.db.db.insert(governanceAudit).values({
-            id: redacted.id,
-            eventType: "credential_lifecycle",
-            proposalId: null,
-            targetAssetId: redacted.platformId,
-            assetPath: redacted.credentialId,
-            statusFrom: redacted.statusFrom ?? null,
-            statusTo: redacted.statusTo,
-            beforeHash: null,
-            afterHash: null,
-            supportingSources: "[]",
-            reason: redacted.explanationCapsule,
-            verificationDeadline: redacted.verificationDeadline ?? null,
-            attemptsRemaining: redacted.attemptsRemaining ?? null,
-            createdAt: redacted.createdAt,
-        });
-        await persistRedactionManifest(this.db, redacted.id, "credential.lifecycle", manifest);
-    }
-    async recordProposalApply(proposalId, targetAssetId, assetPath, beforeHash, afterHash, supportingSources, reason) {
-        const id = `anchor-${proposalId}-${Date.now()}`;
-        const event = {
-            id,
-            proposalId,
-            targetAssetId,
-            assetPath,
-            status: "applied",
-            beforeHash,
-            afterHash,
-            supportingSources,
-            reason,
-            appliedAt: new Date().toISOString(),
-            createdAt: new Date().toISOString(),
-        };
-        await this.recordAnchorChangeAudit(event);
-    }
-    async recordProposalReject(proposalId, targetAssetId, assetPath, reason) {
-        const id = `anchor-reject-${proposalId}-${Date.now()}`;
-        const event = {
-            id,
-            proposalId,
-            targetAssetId,
-            assetPath,
-            status: "rejected",
-            supportingSources: [],
-            reason,
-            createdAt: new Date().toISOString(),
-        };
-        await this.recordAnchorChangeAudit(event);
-    }
-    async queryByProposalId(proposalId) {
-        const results = await this.db.db
-            .select()
-            .from(governanceAudit)
-            .where(eq(governanceAudit.proposalId, proposalId));
-        return results.map(this.mapToAnchorAudit);
-    }
-    async queryByAssetId(assetId) {
-        const results = await this.db.db
-            .select()
-            .from(governanceAudit)
-            .where(eq(governanceAudit.targetAssetId, assetId));
-        return results.map(this.mapToAnchorAudit);
-    }
-    async queryByEventType(eventType) {
-        const results = await this.db.db
-            .select()
-            .from(governanceAudit)
-            .where(eq(governanceAudit.eventType, eventType));
-        return results.map(this.mapToAnchorAudit);
-    }
-    async queryCredentialByPlatform(platformId) {
-        const results = await this.db.db
-            .select()
-            .from(governanceAudit)
-            .where(eq(governanceAudit.targetAssetId, platformId));
-        return results
-            .filter(r => r.eventType === "credential_lifecycle")
-            .map(this.mapToCredentialAudit);
-    }
-    mapToAnchorAudit(row) {
-        return {
-            id: row.id,
-            proposalId: row.proposalId ?? "",
-            targetAssetId: row.targetAssetId ?? "",
-            assetPath: row.assetPath ?? "",
-            status: row.statusTo,
-            beforeHash: row.beforeHash ?? undefined,
-            afterHash: row.afterHash ?? undefined,
-            supportingSources: JSON.parse(row.supportingSources ?? "[]"),
-            reason: row.reason ?? "",
-            appliedAt: row.statusTo === "applied" ? row.createdAt : undefined,
-            createdAt: row.createdAt,
-        };
-    }
-    mapToCredentialAudit(row) {
-        return {
-            id: row.id,
-            platformId: row.targetAssetId ?? "",
-            credentialId: row.assetPath ?? "",
-            statusFrom: row.statusFrom ?? undefined,
-            statusTo: row.statusTo,
-            verificationDeadline: row.verificationDeadline ?? undefined,
-            attemptsRemaining: row.attemptsRemaining ?? undefined,
-            explanationCapsule: row.reason ?? "",
-            createdAt: row.createdAt,
-        };
-    }
-}
+import { eq } from "drizzle-orm";
+import { governanceAudit } from "../db/schema/index.js";
+import { createEmptyManifest, redactEvent } from "../redaction/manifest.js";
+import { persistRedactionManifest } from "./redaction-store.js";
+export class GovernanceAudit {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async recordAnchorChangeAudit(event) {
+        const { redacted, manifest } = redactEvent(event);
+        await this.db.db.insert(governanceAudit).values({
+            id: redacted.id,
+            eventType: "anchor_change",
+            proposalId: redacted.proposalId,
+            targetAssetId: redacted.targetAssetId,
+            assetPath: redacted.assetPath,
+            statusFrom: null,
+            statusTo: redacted.status,
+            beforeHash: redacted.beforeHash ?? null,
+            afterHash: redacted.afterHash ?? null,
+            supportingSources: JSON.stringify(redacted.supportingSources),
+            reason: redacted.reason,
+            verificationDeadline: null,
+            attemptsRemaining: null,
+            createdAt: redacted.createdAt,
+        });
+        await persistRedactionManifest(this.db, redacted.id, "anchor.change", manifest);
+    }
+    /**
+     * Generic governance-plane events (T5.1.2): fallback_written, effect_commit_advanced, connector_failure, etc.
+     * traceId is stored on target_asset_id for explain/trace correlation until a dedicated column exists.
+     */
+    async recordOperationalGovernanceEvent(input) {
+        const createdAt = input.createdAt ?? new Date().toISOString();
+        await this.db.db.insert(governanceAudit).values({
+            id: input.id,
+            eventType: input.eventType,
+            proposalId: null,
+            targetAssetId: input.traceId,
+            assetPath: input.assetPath ?? null,
+            statusFrom: null,
+            statusTo: input.statusTo,
+            beforeHash: null,
+            afterHash: null,
+            supportingSources: JSON.stringify(input.supportingSources ?? []),
+            reason: input.reason,
+            verificationDeadline: null,
+            attemptsRemaining: null,
+            createdAt,
+        });
+        await persistRedactionManifest(this.db, input.id, input.eventType, createEmptyManifest());
+    }
+    async recordCredentialLifecycle(event) {
+        const { redacted, manifest } = redactEvent(event);
+        await this.db.db.insert(governanceAudit).values({
+            id: redacted.id,
+            eventType: "credential_lifecycle",
+            proposalId: null,
+            targetAssetId: redacted.platformId,
+            assetPath: redacted.credentialId,
+            statusFrom: redacted.statusFrom ?? null,
+            statusTo: redacted.statusTo,
+            beforeHash: null,
+            afterHash: null,
+            supportingSources: "[]",
+            reason: redacted.explanationCapsule,
+            verificationDeadline: redacted.verificationDeadline ?? null,
+            attemptsRemaining: redacted.attemptsRemaining ?? null,
+            createdAt: redacted.createdAt,
+        });
+        await persistRedactionManifest(this.db, redacted.id, "credential.lifecycle", manifest);
+    }
+    async recordProposalApply(proposalId, targetAssetId, assetPath, beforeHash, afterHash, supportingSources, reason) {
+        const id = `anchor-${proposalId}-${Date.now()}`;
+        const event = {
+            id,
+            proposalId,
+            targetAssetId,
+            assetPath,
+            status: "applied",
+            beforeHash,
+            afterHash,
+            supportingSources,
+            reason,
+            appliedAt: new Date().toISOString(),
+            createdAt: new Date().toISOString(),
+        };
+        await this.recordAnchorChangeAudit(event);
+    }
+    async recordProposalReject(proposalId, targetAssetId, assetPath, reason) {
+        const id = `anchor-reject-${proposalId}-${Date.now()}`;
+        const event = {
+            id,
+            proposalId,
+            targetAssetId,
+            assetPath,
+            status: "rejected",
+            supportingSources: [],
+            reason,
+            createdAt: new Date().toISOString(),
+        };
+        await this.recordAnchorChangeAudit(event);
+    }
+    async queryByProposalId(proposalId) {
+        const results = await this.db.db
+            .select()
+            .from(governanceAudit)
+            .where(eq(governanceAudit.proposalId, proposalId));
+        return results.map(this.mapToAnchorAudit);
+    }
+    async queryByAssetId(assetId) {
+        const results = await this.db.db
+            .select()
+            .from(governanceAudit)
+            .where(eq(governanceAudit.targetAssetId, assetId));
+        return results.map(this.mapToAnchorAudit);
+    }
+    async queryByEventType(eventType) {
+        const results = await this.db.db
+            .select()
+            .from(governanceAudit)
+            .where(eq(governanceAudit.eventType, eventType));
+        return results.map(this.mapToAnchorAudit);
+    }
+    async queryCredentialByPlatform(platformId) {
+        const results = await this.db.db
+            .select()
+            .from(governanceAudit)
+            .where(eq(governanceAudit.targetAssetId, platformId));
+        return results
+            .filter(r => r.eventType === "credential_lifecycle")
+            .map(this.mapToCredentialAudit);
+    }
+    mapToAnchorAudit(row) {
+        return {
+            id: row.id,
+            proposalId: row.proposalId ?? "",
+            targetAssetId: row.targetAssetId ?? "",
+            assetPath: row.assetPath ?? "",
+            status: row.statusTo,
+            beforeHash: row.beforeHash ?? undefined,
+            afterHash: row.afterHash ?? undefined,
+            supportingSources: JSON.parse(row.supportingSources ?? "[]"),
+            reason: row.reason ?? "",
+            appliedAt: row.statusTo === "applied" ? row.createdAt : undefined,
+            createdAt: row.createdAt,
+        };
+    }
+    mapToCredentialAudit(row) {
+        return {
+            id: row.id,
+            platformId: row.targetAssetId ?? "",
+            credentialId: row.assetPath ?? "",
+            statusFrom: row.statusFrom ?? undefined,
+            statusTo: row.statusTo,
+            verificationDeadline: row.verificationDeadline ?? undefined,
+            attemptsRemaining: row.attemptsRemaining ?? undefined,
+            explanationCapsule: row.reason ?? "",
+            createdAt: row.createdAt,
+        };
+    }
+}

package/runtime/observability/services/governance-plane-recorder.d.ts

@@ -1,47 +1,47 @@
-/**
- * T5.1.2 governance plane: connector attempts + state governance audit append ports.
- *
- * Core logic: connector attempts map to executionAttempts telemetry; governance kinds map to
- * governance_audit rows with traceId on target_asset_id for explain correlation.
- *
- * Test coverage: tests/unit/observability/governance-plane-recorder.test.ts
- */
-import type { ObservabilityDatabase } from "../db/index.js";
-import { ExecutionTelemetry } from "./execution-telemetry.js";
-import { GovernanceAudit } from "./governance-audit.js";
-export interface AuditAppendAck {
-    recordId: string;
-    appendedAt: string;
-}
-export type ConnectorAttemptOutcome = "started" | "succeeded" | "failed" | "sampled_telemetry";
-export interface ConnectorAttemptAudit {
-    traceId: string;
-    decisionId: string;
-    intentId: string;
-    platformId: string;
-    capability: string;
-    channel: string;
-    outcome: ConnectorAttemptOutcome;
-    failureClass?: string;
-    idempotencyKey?: string;
-    metadata?: Record<string, unknown>;
-}
-export type StateGovernanceKind = "fallback_written" | "effect_commit_advanced" | "connector_failure" | "anchor_proposal_received";
-export interface StateGovernanceAudit {
-    id: string;
-    traceId: string;
-    kind: StateGovernanceKind;
-    reason: string;
-    decisionId?: string;
-    artifactPath?: string;
-    supportingSources?: string[];
-    createdAt?: string;
-}
-export declare class GovernancePlaneRecorder {
-    private readonly telemetry;
-    private readonly governance;
-    constructor(telemetry: ExecutionTelemetry, governance: GovernanceAudit);
-    recordConnectorAttempt(audit: ConnectorAttemptAudit): Promise<AuditAppendAck>;
-    recordStateGovernance(event: StateGovernanceAudit): Promise<AuditAppendAck>;
-}
-export declare function createGovernancePlaneRecorder(db: ObservabilityDatabase): GovernancePlaneRecorder;
+/**
+ * T5.1.2 governance plane: connector attempts + state governance audit append ports.
+ *
+ * Core logic: connector attempts map to executionAttempts telemetry; governance kinds map to
+ * governance_audit rows with traceId on target_asset_id for explain correlation.
+ *
+ * Test coverage: tests/unit/observability/governance-plane-recorder.test.ts
+ */
+import type { ObservabilityDatabase } from "../db/index.js";
+import { ExecutionTelemetry } from "./execution-telemetry.js";
+import { GovernanceAudit } from "./governance-audit.js";
+export interface AuditAppendAck {
+    recordId: string;
+    appendedAt: string;
+}
+export type ConnectorAttemptOutcome = "started" | "succeeded" | "failed" | "sampled_telemetry";
+export interface ConnectorAttemptAudit {
+    traceId: string;
+    decisionId: string;
+    intentId: string;
+    platformId: string;
+    capability: string;
+    channel: string;
+    outcome: ConnectorAttemptOutcome;
+    failureClass?: string;
+    idempotencyKey?: string;
+    metadata?: Record<string, unknown>;
+}
+export type StateGovernanceKind = "fallback_written" | "effect_commit_advanced" | "connector_failure" | "anchor_proposal_received";
+export interface StateGovernanceAudit {
+    id: string;
+    traceId: string;
+    kind: StateGovernanceKind;
+    reason: string;
+    decisionId?: string;
+    artifactPath?: string;
+    supportingSources?: string[];
+    createdAt?: string;
+}
+export declare class GovernancePlaneRecorder {
+    private readonly telemetry;
+    private readonly governance;
+    constructor(telemetry: ExecutionTelemetry, governance: GovernanceAudit);
+    recordConnectorAttempt(audit: ConnectorAttemptAudit): Promise<AuditAppendAck>;
+    recordStateGovernance(event: StateGovernanceAudit): Promise<AuditAppendAck>;
+}
+export declare function createGovernancePlaneRecorder(db: ObservabilityDatabase): GovernancePlaneRecorder;

package/runtime/observability/services/governance-plane-recorder.js

@@ -1,55 +1,55 @@
-import { ExecutionTelemetry } from "./execution-telemetry.js";
-import { GovernanceAudit } from "./governance-audit.js";
-export class GovernancePlaneRecorder {
-    telemetry;
-    governance;
-    constructor(telemetry, governance) {
-        this.telemetry = telemetry;
-        this.governance = governance;
-    }
-    async recordConnectorAttempt(audit) {
-        const id = `ca-${audit.traceId}-${Date.now()}`;
-        const status = audit.outcome === "failed" ? "failed" : audit.outcome === "started" ? "started" : "succeeded";
-        const now = new Date().toISOString();
-        const attempt = {
-            id,
-            traceId: audit.traceId,
-            decisionId: audit.decisionId,
-            intentId: audit.intentId,
-            platformId: audit.platformId,
-            capability: audit.capability,
-            channel: audit.channel,
-            status,
-            failureClass: audit.failureClass,
-            idempotencyKey: audit.idempotencyKey,
-            metadata: {
-                ...(audit.metadata ?? {}),
-                ...(audit.outcome === "sampled_telemetry" ? { sampledTelemetry: true } : {}),
-            },
-            startedAt: now,
-            finishedAt: status === "started" ? undefined : now,
-        };
-        await this.telemetry.recordExecutionAttempt(attempt);
-        return { recordId: id, appendedAt: attempt.finishedAt ?? attempt.startedAt ?? now };
-    }
-    async recordStateGovernance(event) {
-        const createdAt = event.createdAt ?? new Date().toISOString();
-        const reason = event.decisionId !== undefined && event.decisionId.length > 0
-            ? `${event.reason} decisionId=${event.decisionId}`
-            : event.reason;
-        await this.governance.recordOperationalGovernanceEvent({
-            id: event.id,
-            eventType: event.kind,
-            traceId: event.traceId,
-            statusTo: "recorded",
-            reason,
-            assetPath: event.artifactPath,
-            supportingSources: event.supportingSources,
-            createdAt,
-        });
-        return { recordId: event.id, appendedAt: createdAt };
-    }
-}
-export function createGovernancePlaneRecorder(db) {
-    return new GovernancePlaneRecorder(new ExecutionTelemetry(db), new GovernanceAudit(db));
-}
+import { ExecutionTelemetry } from "./execution-telemetry.js";
+import { GovernanceAudit } from "./governance-audit.js";
+export class GovernancePlaneRecorder {
+    telemetry;
+    governance;
+    constructor(telemetry, governance) {
+        this.telemetry = telemetry;
+        this.governance = governance;
+    }
+    async recordConnectorAttempt(audit) {
+        const id = `ca-${audit.traceId}-${Date.now()}`;
+        const status = audit.outcome === "failed" ? "failed" : audit.outcome === "started" ? "started" : "succeeded";
+        const now = new Date().toISOString();
+        const attempt = {
+            id,
+            traceId: audit.traceId,
+            decisionId: audit.decisionId,
+            intentId: audit.intentId,
+            platformId: audit.platformId,
+            capability: audit.capability,
+            channel: audit.channel,
+            status,
+            failureClass: audit.failureClass,
+            idempotencyKey: audit.idempotencyKey,
+            metadata: {
+                ...(audit.metadata ?? {}),
+                ...(audit.outcome === "sampled_telemetry" ? { sampledTelemetry: true } : {}),
+            },
+            startedAt: now,
+            finishedAt: status === "started" ? undefined : now,
+        };
+        await this.telemetry.recordExecutionAttempt(attempt);
+        return { recordId: id, appendedAt: attempt.finishedAt ?? attempt.startedAt ?? now };
+    }
+    async recordStateGovernance(event) {
+        const createdAt = event.createdAt ?? new Date().toISOString();
+        const reason = event.decisionId !== undefined && event.decisionId.length > 0
+            ? `${event.reason} decisionId=${event.decisionId}`
+            : event.reason;
+        await this.governance.recordOperationalGovernanceEvent({
+            id: event.id,
+            eventType: event.kind,
+            traceId: event.traceId,
+            statusTo: "recorded",
+            reason,
+            assetPath: event.artifactPath,
+            supportingSources: event.supportingSources,
+            createdAt,
+        });
+        return { recordId: event.id, appendedAt: createdAt };
+    }
+}
+export function createGovernancePlaneRecorder(db) {
+    return new GovernancePlaneRecorder(new ExecutionTelemetry(db), new GovernanceAudit(db));
+}