@haaaiawd/second-nature 0.1.27 → 0.1.29

package/runtime/guidance/outreach-strategy-selector.js

@@ -0,0 +1,211 @@
+/**
+ * OutreachStrategySelector — T-GVS.C.3
+ *
+ * Core logic: select expression frequency, phrasing style and fallback copy
+ * based on RelationshipMemory; apply DR-031 language quality lint (3 rules).
+ * style_lint_failed is a degraded marker — it never blocks delivery.
+ * fallback copy always has information value (not empty string).
+ *
+ * DR-031 lint rules:
+ *   1. no_dry_filler   — no hollow phrases ("reach out", "touch base", "just checking in", etc.)
+ *   2. anchored        — must contain a concrete source anchor (specific fact/observation reference)
+ *   3. no_over_explain — no excessive qualifications (≥3 hedge phrases in one draft)
+ *
+ * Boundary:
+ * - Reads RelationshipMemory (channelPreferences, responsePatterns, trustDelta).
+ * - Does NOT write state; returns OutreachStrategy recommendation only.
+ * - style_lint checks run on draft text passed in; strategy selection itself is rule-based.
+ *
+ * Test coverage:
+ *   tests/unit/guidance/outreach-strategy-selector.test.ts
+ *   tests/unit/guidance/outreach-style-fixtures.test.ts
+ */
+// ─── Constants ───────────────────────────────────────────────────────────────
+/** DR-031: hollow filler phrases that indicate "dry/plain" copy */
+const DRY_FILLER_PATTERNS = [
+    /\bjust checking in\b/i,
+    /\breach(?:ing)? out\b/i,
+    /\btouch(?:ing)? base\b/i,
+    /\bcircle(?:ing)? back\b/i,
+    /\bfollowing up\b/i,
+    /\bhoping (?:this|to)\b/i,
+    /\b没什么特别的\b/,
+    /\b只是想聊聊\b/,
+    /\b随便问问\b/,
+];
+/** DR-031: patterns that signal a concrete anchor is present */
+const ANCHOR_PATTERNS = [
+    /\b(?:because|since|given that|based on|after|when|you (?:said|mentioned|shared|noted))\b/i,
+    /\b(?:上次|你说|你提到|你分享|你提过|基于|根据|因为|之后|在.*之后)\b/,
+    /\[.*?\]/, // inline reference bracket
+    /\[ref:/i, // explicit source ref notation
+];
+/** DR-031: hedge phrases that over-explain */
+const HEDGE_PHRASES = [
+    /\bnot sure if\b/i,
+    /\bperhaps\b/i,
+    /\bmaybe\b/i,
+    /\bpossibly\b/i,
+    /\bif that makes sense\b/i,
+    /\bi (?:don't|do not) know if\b/i,
+    /\bi could be wrong\b/i,
+    /\b也许\b/,
+    /\b可能\b/,
+    /\b说不定\b/,
+    /\b不确定\b/,
+    /\b不知道是否\b/,
+];
+const HEDGE_THRESHOLD = 3; // ≥3 in one draft → over_explain
+/** Trust thresholds for frequency selection */
+const TRUST_MINIMAL = -0.4;
+const TRUST_REDUCED = -0.1;
+/** No-reply signal: if ≥ this ratio of recent patterns are "ignore", reduce frequency */
+const NO_REPLY_RATIO_THRESHOLD = 0.5;
+const RECENT_PATTERNS_WINDOW = 5;
+// ─── Language Quality Lint (DR-031) ─────────────────────────────────────────
+/**
+ * Run DR-031 language quality checklist on a draft text.
+ * Returns StyleLintResult. style_lint_failed is a degraded marker — never blocks delivery.
+ */
+export function runStyleLint(draftText) {
+    const violations = [];
+    const hitRules = [];
+    // Rule 1: no_dry_filler
+    const hasDryFiller = DRY_FILLER_PATTERNS.some((p) => p.test(draftText));
+    if (hasDryFiller) {
+        violations.push({
+            rule: "no_dry_filler",
+            description: "Draft contains hollow filler phrases (e.g. 'just checking in', 'reach out'). Replace with source-backed opener.",
+        });
+        hitRules.push("no_dry_filler");
+    }
+    // Rule 2: anchored — must have at least one concrete anchor
+    const hasAnchor = ANCHOR_PATTERNS.some((p) => p.test(draftText));
+    if (!hasAnchor) {
+        violations.push({
+            rule: "anchored",
+            description: "Draft lacks a concrete source anchor. Every claim should trace to observed evidence.",
+        });
+        hitRules.push("anchored");
+    }
+    // Rule 3: no_over_explain — count hedge phrase matches
+    const hedgeCount = HEDGE_PHRASES.reduce((acc, p) => {
+        const matches = draftText.match(new RegExp(p.source, p.flags + "g"));
+        return acc + (matches ? matches.length : 0);
+    }, 0);
+    if (hedgeCount >= HEDGE_THRESHOLD) {
+        violations.push({
+            rule: "no_over_explain",
+            description: `Draft contains ${hedgeCount} hedge phrases (threshold: ${HEDGE_THRESHOLD}). Remove qualifications unsupported by evidence.`,
+        });
+        hitRules.push("no_over_explain");
+    }
+    const passed = violations.length === 0;
+    return {
+        passed,
+        violations,
+        lintStatus: passed ? "passed" : "style_lint_failed",
+        hitRules,
+    };
+}
+// ─── Fallback Copy Builder ───────────────────────────────────────────────────
+/**
+ * Build channel-safe fallback copy that always has information value (DR-031 G4).
+ * Never returns empty string. Includes sourceRefs anchor and human-readable channel reason.
+ */
+export function buildFallbackCopy(ctx) {
+    const anchor = ctx.sourceRefs.length > 0 ? ctx.sourceRefs[0] : undefined;
+    // Construct informative text — not just a status message
+    let text;
+    if (anchor) {
+        text = `[channel-safe] Based on ${anchor}: ${ctx.reason}`;
+    }
+    else {
+        text = `[channel-safe] ${ctx.reason}`;
+    }
+    // Ensure the text contains an unsupported-claim-free, factual statement
+    const channelSafeReason = `Delivery currently unavailable via ${ctx.channelId ?? "this channel"}. ${ctx.reason}`;
+    return {
+        text,
+        hasInformationValue: true,
+        sourceAnchor: anchor,
+        channelSafeReason,
+    };
+}
+// ─── Strategy Selection ──────────────────────────────────────────────────────
+/**
+ * Compute outreach frequency from RelationshipMemory.
+ * - noReply signals: if ≥50% of last 5 patterns are "ignore" → reduce frequency
+ * - trustDelta: negative trust pushes toward minimal/paused
+ */
+function computeFrequency(memory) {
+    const recent = memory.responsePatterns.slice(-RECENT_PATTERNS_WINDOW);
+    const noReplyCount = recent.filter((p) => p.reaction === "ignore" || p.reaction === "block").length;
+    const noReplyRatio = recent.length > 0 ? noReplyCount / recent.length : 0;
+    // Block reaction → always paused regardless of trust
+    const hasBlock = memory.responsePatterns.some((p) => p.reaction === "block");
+    if (hasBlock)
+        return "paused";
+    // Trust-based floor
+    if (memory.trustDelta <= TRUST_MINIMAL)
+        return "minimal";
+    if (memory.trustDelta <= TRUST_REDUCED)
+        return "reduced";
+    // No-reply signal override
+    if (noReplyRatio >= NO_REPLY_RATIO_THRESHOLD && recent.length >= 2)
+        return "reduced";
+    return "standard";
+}
+/**
+ * Compute phrasing style from RelationshipMemory.
+ * - positive tone patterns → warm_anchored
+ * - neutral or mixed → concise_factual
+ * - degraded trust / mostly negative → light_check
+ */
+function computeStyle(memory, frequency) {
+    if (frequency === "paused" || frequency === "minimal")
+        return "light_check";
+    const recent = memory.responsePatterns.slice(-RECENT_PATTERNS_WINDOW);
+    const positiveCount = recent.filter((p) => p.tone === "positive").length;
+    const negativeCount = recent.filter((p) => p.tone === "negative").length;
+    if (positiveCount > negativeCount && positiveCount >= 2)
+        return "warm_anchored";
+    if (negativeCount > positiveCount)
+        return "light_check";
+    return "concise_factual";
+}
+/**
+ * Compute rationale string summarising why this strategy was chosen.
+ * Used for transparency / explain bundle — not for delivery copy.
+ */
+function buildRationale(memory, frequency, style) {
+    const parts = [];
+    parts.push(`trust_delta=${memory.trustDelta.toFixed(2)}`);
+    parts.push(`patterns=${memory.responsePatterns.length}`);
+    const hasBlock = memory.responsePatterns.some((p) => p.reaction === "block");
+    if (hasBlock)
+        parts.push("block_detected");
+    const recent = memory.responsePatterns.slice(-RECENT_PATTERNS_WINDOW);
+    const noReplyCount = recent.filter((p) => p.reaction === "ignore").length;
+    if (noReplyCount > 0)
+        parts.push(`no_reply_signals=${noReplyCount}`);
+    parts.push(`→ frequency=${frequency} style=${style}`);
+    return parts.join("; ");
+}
+/**
+ * Select outreach strategy based on RelationshipMemory.
+ * Returns OutreachStrategy (frequency + style + fallbackCopy + rationale).
+ * Does NOT write state.
+ */
+export function selectOutreachStrategy(memory, options) {
+    const frequency = computeFrequency(memory);
+    const style = computeStyle(memory, frequency);
+    const rationale = buildRationale(memory, frequency, style);
+    const fallbackCtx = options?.fallbackContext ?? {
+        sourceRefs: [],
+        reason: "Outreach conditions not met at this time.",
+        channelId: undefined,
+    };
+    const fallbackCopy = buildFallbackCopy(fallbackCtx);
+    return { frequency, style, fallbackCopy, rationale };
+}

package/runtime/observability/audit/append-only-audit-store.d.ts

@@ -1,14 +1,32 @@
 /**
  * In-memory append-only audit store with hash-chain verification hooks.
+ * v7 (DR-033): per-family lastHashCache for O(1) previousHash lookup.
  *
- * Core logic: reject broken previousHash links; expose ordered envelopes for tests / local tooling.
+ * Core logic:
+ * - reject broken previousHash links per audit family
+ * - maintain in-memory lastHashCache so append() is O(1) regardless of store size
+ * - seedFamilyHash() for post-restart backfill from DB latest record
  *
  * Test coverage: tests/unit/observability/audit-envelope.test.ts
  */
 import type { AuditEnvelope } from "./audit-envelope.js";
 export declare class AppendOnlyAuditStore {
     private readonly events;
+    private readonly lastHashCache;
     append<T>(envelope: AuditEnvelope<T>): void;
     list(): readonly AuditEnvelope<unknown>[];
-    lastRecordHash(): string | undefined;
+    /** O(1) per-family previousHash; falls back to global last when family omitted (backward compat). */
+    lastRecordHash(family?: string): string | undefined;
+    /**
+     * Seed cache after process restart from DB latest record (DR-033 backfill).
+     *
+     * TODO(T-OBS.C.1): wire a startup bootstrap routine that queries the DB audit_log
+     * table for the latest recordHash per family and calls seedFamilyHash().
+     * Blocked: the observability DB schema does not yet have an audit_log table
+     * with previousHash/recordHash columns; once added, backfill should be
+     * invoked in the store constructor or at app bootstrap time.
+     */
+    seedFamilyHash(family: string, hash: string): void;
+    /** Expose cached families for diagnostics / testing. */
+    cachedFamilies(): readonly string[];
 }

package/runtime/observability/audit/append-only-audit-store.js

@@ -1,21 +1,47 @@
 export class AppendOnlyAuditStore {
     events = [];
+    lastHashCache = new Map();
     append(envelope) {
-        const last = this.events[this.events.length - 1];
-        if (last) {
-            if (envelope.integrity.previousHash !== last.integrity.recordHash) {
+        const family = envelope.family;
+        const cachedHash = this.lastHashCache.get(family);
+        if (cachedHash !== undefined) {
+            if (envelope.integrity.previousHash !== cachedHash) {
                 throw new Error("audit_previous_hash_mismatch");
             }
         }
-        else if (envelope.integrity.previousHash !== undefined) {
-            throw new Error("audit_genesis_previous_hash");
+        else {
+            // No family cache — first event for this family
+            if (envelope.integrity.previousHash !== undefined) {
+                throw new Error("audit_genesis_previous_hash");
+            }
         }
         this.events.push(envelope);
+        this.lastHashCache.set(family, envelope.integrity.recordHash);
     }
     list() {
         return this.events;
     }
-    lastRecordHash() {
+    /** O(1) per-family previousHash; falls back to global last when family omitted (backward compat). */
+    lastRecordHash(family) {
+        if (family) {
+            return this.lastHashCache.get(family);
+        }
         return this.events[this.events.length - 1]?.integrity.recordHash;
     }
+    /**
+     * Seed cache after process restart from DB latest record (DR-033 backfill).
+     *
+     * TODO(T-OBS.C.1): wire a startup bootstrap routine that queries the DB audit_log
+     * table for the latest recordHash per family and calls seedFamilyHash().
+     * Blocked: the observability DB schema does not yet have an audit_log table
+     * with previousHash/recordHash columns; once added, backfill should be
+     * invoked in the store constructor or at app bootstrap time.
+     */
+    seedFamilyHash(family, hash) {
+        this.lastHashCache.set(family, hash);
+    }
+    /** Expose cached families for diagnostics / testing. */
+    cachedFamilies() {
+        return Array.from(this.lastHashCache.keys());
+    }
 }

package/runtime/observability/audit/audit-envelope.d.ts

@@ -1,6 +1,6 @@
 import { type RedactionManifest as FieldRedactionManifest } from "../redaction/manifest.js";
 export type AuditPlane = "decision" | "delivery" | "source_coverage" | "governance" | "telemetry";
-export type AuditEventFamily = "heartbeat.decision" | "delivery" | "source_coverage" | "guidance.grounding" | "host_capability" | "connector.attempt" | "state.governance" | "narrative.trace" | "dream.trace";
+export type AuditEventFamily = "heartbeat.decision" | "delivery" | "source_coverage" | "guidance.grounding" | "host_capability" | "connector.attempt" | "state.governance" | "narrative.trace" | "dream.trace" | "restore.audit" | "health.probe" | "narrative.snapshot" | "secret.anchor";
 export type AuditEnvelopeSensitivity = "public" | "internal" | "private" | "credential" | "sensitive";
 export interface AuditRedactionManifest {
     manifestId: string;
@@ -32,6 +32,7 @@ export interface RedactAuditEventResult<TPayload> {
 }
 /**
  * Apply field redaction rules and lift manifests to audit path vocabulary (observability-system.detail §2).
+ * T-OBS.C.1: now delegates to the unified redactPayload gate (DR-033).
  */
 export declare function redactAuditEvent<TPayload extends object>(payload: TPayload): RedactAuditEventResult<TPayload>;
 export interface BuildAuditEnvelopeInput<TPayload extends object> {

package/runtime/observability/audit/audit-envelope.js

@@ -11,7 +11,7 @@
  * Test coverage: tests/unit/observability/audit-envelope.test.ts
  */
 import * as crypto from "node:crypto";
-import { redactEvent } from "../redaction/manifest.js";
+import { redactPayload } from "../redaction/policy.js";
 function fieldPathToAuditPath(field) {
     if (field.startsWith("/")) {
         return field;
@@ -34,16 +34,17 @@ function mapSensitivity(level) {
 }
 /**
  * Apply field redaction rules and lift manifests to audit path vocabulary (observability-system.detail §2).
+ * T-OBS.C.1: now delegates to the unified redactPayload gate (DR-033).
  */
 export function redactAuditEvent(payload) {
-    const { redacted, manifest } = redactEvent(payload);
+    const { payload: redacted, manifest } = redactPayload(payload);
     const redaction = {
-        manifestId: manifest.id,
-        maskedPaths: manifest.maskedFields.map(fieldPathToAuditPath),
-        erasedPaths: manifest.erasedFields.map(fieldPathToAuditPath),
-        hashedPaths: manifest.hashedFields.map(fieldPathToAuditPath),
+        manifestId: `rm:${Date.now()}:${crypto.randomBytes(4).toString("hex")}`,
+        maskedPaths: manifest.maskedPaths.map(fieldPathToAuditPath),
+        erasedPaths: manifest.erasedPaths.map(fieldPathToAuditPath),
+        hashedPaths: manifest.hashedPaths.map(fieldPathToAuditPath),
         contentRefPaths: [],
-        sensitivity: mapSensitivity(manifest.sensitivityLevel),
+        sensitivity: mapSensitivity(manifest.sensitivity),
     };
     return { payload: redacted, redaction };
 }

package/runtime/observability/audit/audit-family-registry.json

@@ -0,0 +1,66 @@
+{
+    "$schema": "audit-family-registry/v1",
+    "description": "Registered audit families for all 8 v7 systems. Unknown families are rejected at write time.",
+    "families": [
+        {
+            "family": "heartbeat.decision",
+            "plane": "decision",
+            "systemId": "control-plane-system",
+            "description": "Heartbeat decision cycle trace"
+        },
+        {
+            "family": "delivery",
+            "plane": "delivery",
+            "systemId": "guidance-voice-system",
+            "description": "Guidance delivery attempt and outcome"
+        },
+        {
+            "family": "source_coverage",
+            "plane": "source_coverage",
+            "systemId": "observability-health-system",
+            "description": "Source grounding and coverage assertions"
+        },
+        {
+            "family": "guidance.grounding",
+            "plane": "governance",
+            "systemId": "guidance-voice-system",
+            "description": "Guidance draft grounding and voice audit"
+        },
+        {
+            "family": "host_capability",
+            "plane": "telemetry",
+            "systemId": "runtime-ops-system",
+            "description": "Host capability probe and environment telemetry"
+        },
+        {
+            "family": "connector.attempt",
+            "plane": "telemetry",
+            "systemId": "connector-system",
+            "description": "Connector execution attempt and circuit breaker events"
+        },
+        {
+            "family": "state.governance",
+            "plane": "governance",
+            "systemId": "state-memory-system",
+            "description": "State mutation governance and write validation"
+        },
+        {
+            "family": "narrative.trace",
+            "plane": "telemetry",
+            "systemId": "observability-health-system",
+            "description": "Narrative timeline change trace"
+        },
+        {
+            "family": "dream.trace",
+            "plane": "telemetry",
+            "systemId": "dream-quiet-system",
+            "description": "Dream and quiet pipeline execution trace"
+        },
+        {
+            "family": "body.tool_experience",
+            "plane": "telemetry",
+            "systemId": "body-tool-system",
+            "description": "Tool experience logging and affordance map events"
+        }
+    ]
+}

package/runtime/observability/audit/family-registry.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Audit family registry runtime (DR-040).
+ *
+ * Core logic:
+ * - Loads registered families from `audit-family-registry.json`.
+ * - Provides lookup and validation for audit write operations.
+ * - Rejects writes from unknown (unregistered) families with
+ *   `unknown_audit_family` error.
+ * - Covers all 8 v7 system boundaries.
+ *
+ * Dependencies: audit-family-registry.json (co-located).
+ * Boundary: Called before any audit write to validate family membership.
+ * Test coverage: tests/unit/observability/family-registry.test.ts
+ */
+export interface AuditFamilyEntry {
+    family: string;
+    plane: string;
+    systemId: string;
+    description: string;
+}
+export interface AuditFamilyRegistryData {
+    $schema: string;
+    description: string;
+    families: AuditFamilyEntry[];
+}
+export declare class AuditFamilyRegistry {
+    private readonly entries;
+    constructor(families: readonly AuditFamilyEntry[]);
+    isRegistered(family: string): boolean;
+    getEntry(family: string): AuditFamilyEntry | undefined;
+    validateFamily(family: string): {
+        ok: true;
+    } | {
+        ok: false;
+        error: string;
+    };
+    listFamilies(): readonly AuditFamilyEntry[];
+    listSystemIds(): string[];
+    familiesForSystem(systemId: string): AuditFamilyEntry[];
+    get size(): number;
+}
+export declare function loadAuditFamilyRegistry(): AuditFamilyRegistry;
+export declare function createAuditFamilyRegistry(families: readonly AuditFamilyEntry[]): AuditFamilyRegistry;

package/runtime/observability/audit/family-registry.js

@@ -0,0 +1,70 @@
+/**
+ * Audit family registry runtime (DR-040).
+ *
+ * Core logic:
+ * - Loads registered families from `audit-family-registry.json`.
+ * - Provides lookup and validation for audit write operations.
+ * - Rejects writes from unknown (unregistered) families with
+ *   `unknown_audit_family` error.
+ * - Covers all 8 v7 system boundaries.
+ *
+ * Dependencies: audit-family-registry.json (co-located).
+ * Boundary: Called before any audit write to validate family membership.
+ * Test coverage: tests/unit/observability/family-registry.test.ts
+ */
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import path from "node:path";
+export class AuditFamilyRegistry {
+    entries;
+    constructor(families) {
+        const map = new Map();
+        for (const entry of families) {
+            map.set(entry.family, entry);
+        }
+        this.entries = map;
+    }
+    isRegistered(family) {
+        return this.entries.has(family);
+    }
+    getEntry(family) {
+        return this.entries.get(family);
+    }
+    validateFamily(family) {
+        if (this.entries.has(family)) {
+            return { ok: true };
+        }
+        return { ok: false, error: `unknown_audit_family: ${family}` };
+    }
+    listFamilies() {
+        return [...this.entries.values()];
+    }
+    listSystemIds() {
+        const ids = new Set();
+        for (const entry of this.entries.values()) {
+            ids.add(entry.systemId);
+        }
+        return [...ids].sort();
+    }
+    familiesForSystem(systemId) {
+        return [...this.entries.values()].filter((e) => e.systemId === systemId);
+    }
+    get size() {
+        return this.entries.size;
+    }
+}
+let defaultRegistry;
+export function loadAuditFamilyRegistry() {
+    if (defaultRegistry) {
+        return defaultRegistry;
+    }
+    const __dirname = path.dirname(fileURLToPath(import.meta.url));
+    const jsonPath = path.join(__dirname, "audit-family-registry.json");
+    const raw = readFileSync(jsonPath, "utf-8");
+    const data = JSON.parse(raw);
+    defaultRegistry = new AuditFamilyRegistry(data.families);
+    return defaultRegistry;
+}
+export function createAuditFamilyRegistry(families) {
+    return new AuditFamilyRegistry(families);
+}

package/runtime/observability/index.d.ts

@@ -3,7 +3,7 @@ export * as obsSchema from "./db/schema/index.js";
 export { buildAuditEnvelope, computeAuditRecordHash, redactAuditEvent, auditManifestFromFieldManifest, type AuditEnvelope, type AuditEnvelopeSensitivity, type AuditEventFamily, type AuditPlane, type AuditRedactionManifest, type AuditIntegrity, type BuildAuditEnvelopeInput, type RedactAuditEventResult, } from "./audit/audit-envelope.js";
 export { AppendOnlyAuditStore } from "./audit/append-only-audit-store.js";
 export { verifyAuditHashChain, createAppendOnlyAuditStoreRangeLoader, type AuditExportRange, type AuditHashChainVerificationReport, type AuditHashChainVerificationStatus, type VerifyAuditHashChainDeps, } from "./audit/verify-audit-hash-chain.js";
-export { REDACTION_CONFIG, DEFAULT_REDACTION_POLICY, getFieldRedactionRule, type RedactionPolicy, type RedactionRule, type SensitivityLevel, } from "./redaction/policy.js";
+export { REDACTION_CONFIG, DEFAULT_REDACTION_POLICY, getFieldRedactionRule, redactPayload, type RedactionPolicy, type RedactionRule, type SensitivityLevel, type RedactPayloadManifest, type RedactPayloadResult, } from "./redaction/policy.js";
 export { redactEvent, createEmptyManifest, mergeManifests, type RedactionManifest, type RedactionResult, } from "./redaction/manifest.js";
 export { DecisionLedger, type QuietLifecycleEvent, type OutreachDecision, type HeartbeatDecisionEvent } from "./services/decision-ledger.js";
 export { GovernanceAudit, type CredentialLifecycleAudit } from "./services/governance-audit.js";
@@ -18,3 +18,8 @@ export type { EvidenceQuery, EvidenceBundle, EvidenceResolutionPlan, GovernanceE
 export { projectReflectionAudit, type ReflectionAudit, type ReflectionAuditProjection, } from "./projections/reflection-audit.js";
 export { projectOutreachQualityAudit, type OutreachQualityAudit, type OutreachQualityProjection, } from "./projections/outreach-quality-audit.js";
 export { projectGuidanceParticipationAudit, type GuidanceParticipationAudit, type GuidanceParticipationProjection, } from "./projections/guidance-audit.js";
+export { getSelfHealthSnapshot, registerHealthProbe, unregisterHealthProbe, clearHealthProbeRegistry, ensureMinimumProbes, getRegisteredProbes, MINIMUM_REQUIRED_DIMENSIONS, type HealthStatus, type DimensionHealth, type SelfHealthSnapshot, type HealthProbeFunction, type RegisteredProbe, type HealthProbeScope, } from "./services/self-health-snapshot.js";
+export { generateHeartbeatDigest, type HeartbeatDigest, type HeartbeatDigestAssemblerDeps, type StateMemoryDigestPort, type ConnectorDaySummary, type GoalDaySummary, type QuietDreamDaySummary, type HealthDaySummary, type DeliveryProofRef, type DigestDeliveryAdapter, type DigestDeliveryResult, } from "./services/heartbeat-digest-assembler.js";
+export { queryNarrativeTimeline, queryNarrativeDiff, encodeCursor, decodeCursor, NarrativeQueryRangeError, NarrativeVersionNotFoundError, type NarrativeTimelineEntry, type NarrativeTimelinePage, type NarrativeFieldChange, type NarrativeDiff, type NarrativeTimelineRow, type NarrativeSnapshotRow, type NarrativeTimelinePort, type NarrativeTimelineDeps, } from "./services/narrative-timeline-query-service.js";
+export { viewSecretAnchor, type RuntimeSecretAnchorView, type SecretAnchorStatus, type HealthProbeReasonCode, type RecoveryStep, type SampleDecryptResult, type SecretAnchorRuntimeOpsPort, type SecretAnchorCredentialPort, type SecretAnchorDeps, } from "./services/runtime-secret-anchor-view.js";
+export { writeRestoreAudit, type RestoreAuditEvent, type RestoreTarget, type RestoreTrigger, type WriteRestoreAuditResult, } from "./services/restore-audit-service.js";

package/runtime/observability/index.js

@@ -3,7 +3,7 @@ export * as obsSchema from "./db/schema/index.js";
 export { buildAuditEnvelope, computeAuditRecordHash, redactAuditEvent, auditManifestFromFieldManifest, } from "./audit/audit-envelope.js";
 export { AppendOnlyAuditStore } from "./audit/append-only-audit-store.js";
 export { verifyAuditHashChain, createAppendOnlyAuditStoreRangeLoader, } from "./audit/verify-audit-hash-chain.js";
-export { REDACTION_CONFIG, DEFAULT_REDACTION_POLICY, getFieldRedactionRule, } from "./redaction/policy.js";
+export { REDACTION_CONFIG, DEFAULT_REDACTION_POLICY, getFieldRedactionRule, redactPayload, } from "./redaction/policy.js";
 export { redactEvent, createEmptyManifest, mergeManifests, } from "./redaction/manifest.js";
 export { DecisionLedger } from "./services/decision-ledger.js";
 export { GovernanceAudit } from "./services/governance-audit.js";
@@ -17,3 +17,8 @@ export { EvidenceQueryEngine, } from "./query/evidence-query-engine.js";
 export { projectReflectionAudit, } from "./projections/reflection-audit.js";
 export { projectOutreachQualityAudit, } from "./projections/outreach-quality-audit.js";
 export { projectGuidanceParticipationAudit, } from "./projections/guidance-audit.js";
+export { getSelfHealthSnapshot, registerHealthProbe, unregisterHealthProbe, clearHealthProbeRegistry, ensureMinimumProbes, getRegisteredProbes, MINIMUM_REQUIRED_DIMENSIONS, } from "./services/self-health-snapshot.js";
+export { generateHeartbeatDigest, } from "./services/heartbeat-digest-assembler.js";
+export { queryNarrativeTimeline, queryNarrativeDiff, encodeCursor, decodeCursor, NarrativeQueryRangeError, NarrativeVersionNotFoundError, } from "./services/narrative-timeline-query-service.js";
+export { viewSecretAnchor, } from "./services/runtime-secret-anchor-view.js";
+export { writeRestoreAudit, } from "./services/restore-audit-service.js";

package/runtime/observability/redaction/policy.d.ts

@@ -1,7 +1,7 @@
 export declare const REDACTION_CONFIG: {
-    readonly maskedFieldNames: readonly ["token", "access_token", "refresh_token", "api_key", "apiSecret", "secret", "password", "bearer_token", "authorization", "node_secret"];
-    readonly eraseFieldNames: readonly ["full_message", "full_post", "private_message", "prompt", "system_prompt", "completion", "response_content"];
-    readonly hashFieldNames: readonly ["user_id", "session_id", "trace_id", "content_hash"];
+    readonly maskedFieldNames: readonly ["token", "access_token", "refresh_token", "api_key", "apiSecret", "secret", "password", "bearer_token", "authorization", "node_secret", "encryption_key", "key_material"];
+    readonly eraseFieldNames: readonly ["full_message", "full_post", "private_message", "prompt", "system_prompt", "completion", "response_content", "raw_payload", "credential_value", "raw_prompt"];
+    readonly hashFieldNames: readonly ["user_id", "session_id", "trace_id", "content_hash", "message_hash"];
     readonly sensitivityLevels: readonly ["public", "internal", "confidential", "restricted"];
 };
 export type SensitivityLevel = (typeof REDACTION_CONFIG)["sensitivityLevels"][number];
@@ -17,3 +17,24 @@ export interface RedactionPolicy {
 }
 export declare const DEFAULT_REDACTION_POLICY: RedactionPolicy;
 export declare function getFieldRedactionRule(fieldName: string, policy?: RedactionPolicy): RedactionRule;
+export interface RedactPayloadManifest {
+    maskedPaths: string[];
+    erasedPaths: string[];
+    hashedPaths: string[];
+    sensitivity: SensitivityLevel;
+}
+export interface RedactPayloadResult<T> {
+    payload: T;
+    manifest: RedactPayloadManifest;
+}
+/**
+ * Unified redaction gate — all audit-bound payloads must pass through this
+ * before persistence. Recursively applies mask/erase/hash rules from the
+ * active RedactionPolicy, preserving object shape (erase → null, not delete).
+ *
+ * Boundary:
+ * - Arrays are not recursed (avoid unbounded complexity).
+ * - erase fields become null so downstream JSON schema stays stable.
+ * - hash uses SHA-256 of the stringified original value.
+ */
+export declare function redactPayload<T extends object>(payload: T, policy?: RedactionPolicy): RedactPayloadResult<T>;