npm - @haaaiawd/second-nature - Versions diffs - 0.2.1 → 0.2.4 - Mend

@haaaiawd/second-nature 0.2.1 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/openclaw.plugin.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "id": "second-nature",
   "name": "Second Nature",
-  "version": "0.1.51",
+  "version": "0.2.4",
   "description": "OpenClaw native plugin with synchronous surface registration and bundled runtime spine. Set SECOND_NATURE_WORKSPACE_ROOT or tool workspaceRoot to the same path as the agent workspace. Agent inner guide is packaged as agent-inner-guide.md. v7 ops surface: self_health, tool_affordance, heartbeat_digest, snapshot:capture, narrative:diff, timeline, restore, runtime_secret_bootstrap, connector:run, guidance_payload.",
   "activation": {
     "onStartup": true,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@haaaiawd/second-nature",
-  "version": "0.2.1",
+  "version": "0.2.4",
   "description": "OpenClaw native plugin with synchronous registration, a packaged runtime artifact, and operator-facing status/explain flows.",
   "keywords": [
     "openclaw",

package/runtime/cli/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ import { createActionBridge } from "./action-bridge.js";
 import { createCliCommands, } from "./commands/index.js";
 import { createOpsRouter } from "./ops/ops-router.js";
 import { createCliReadModels, } from "./read-models/index.js";
+import { AppendOnlyAuditStore } from "../observability/audit/append-only-audit-store.js";
 import { resolvePackagedRuntime } from "./runtime/runtime-artifact-boundary.js";
 import { createRestoreSnapshotStore, } from "../storage/services/restore-snapshot-store.js";
 import { createRuntimeDecisionRecorder, } from "../observability/services/runtime-decision-recorder.js";
@@ -221,12 +222,13 @@ export function createCliRuntimeDeps(overrides = {}) {
     const stateDb = overrides.stateDb ?? createStateDatabase();
     const observabilityDb = overrides.observabilityDb ?? createObservabilityDatabase();
     const stateApi = overrides.stateApi ?? createStateAPI(stateDb);
+    const auditStore = overrides.auditStore ?? overrides.livedExperienceAuditStore ?? new AppendOnlyAuditStore();
     const readModels = overrides.readModels ??
         createCliReadModels({
             stateDb,
             observabilityDb,
             workspaceRoot,
-            livedExperienceAuditStore: overrides.livedExperienceAuditStore,
+            livedExperienceAuditStore: auditStore,
         });
     const actionBridge = overrides.actionBridge ?? createActionBridge(stateApi);
     const runtimeRecorder = overrides.runtimeRecorder ?? createRuntimeDecisionRecorder(observabilityDb);
@@ -261,6 +263,7 @@ export function createCliRuntimeDeps(overrides = {}) {
         narrativeTimelineDeps,
         secretAnchorDeps,
         restoreSnapshotStore,
+        auditStore,
     };
 }
 export function createCommandRouter(options = {}) {
@@ -281,6 +284,7 @@ export function createCommandRouter(options = {}) {
         narrativeTimelineDeps: runtime.narrativeTimelineDeps,
         secretAnchorDeps: runtime.secretAnchorDeps,
         restoreSnapshotStore: runtime.restoreSnapshotStore,
+        auditStore: runtime.auditStore,
     });
     const commands = createCliCommands({
         readModels: runtime.readModels,

package/runtime/cli/ops/heartbeat-surface.d.ts CHANGED Viewed

@@ -18,6 +18,8 @@ import type { HeartbeatDigestAssemblerDeps } from "../../observability/services/
 import type { GoalLifecyclePolicy } from "../../core/second-nature/heartbeat/goal-lifecycle-policy.js";
 import type { IdleCuriosityPolicy } from "../../core/second-nature/heartbeat/idle-curiosity-policy.js";
 import type { CircuitBreakerManager } from "../../core/second-nature/body/circuit-breaker/circuit-breaker-manager.js";
+import type { AppendOnlyAuditStore } from "../../observability/audit/append-only-audit-store.js";
+import { type RealRuntimeSpineResult } from "../../core/second-nature/control-plane/real-runtime-spine.js";
 export type HeartbeatSurfaceStatus = "heartbeat_ok" | "intent_selected" | "denied" | "deferred" | "runtime_carrier_only" | "delivery_unavailable";
 export interface HeartbeatSurfaceResult {
     ok: boolean;
@@ -32,6 +34,20 @@ export interface HeartbeatSurfaceResult {
     livedExperienceLoopClaimed: boolean;
     /** True when structured fields mirror a fake adapter for schema parity only */
     schemaParityOnly?: boolean;
+    /** T-CP.R.2: v8 real runtime spine result when state-backed action-closure spine ran */
+    v8Spine?: RealRuntimeSpineResult & {
+        degradedReason?: string;
+    };
+    /** T-GVS.R.1: agent-facing impulse context artifact read pointer */
+    impulseContext?: {
+        available: boolean;
+        sceneType?: string;
+        capabilityClass?: string | null;
+        impulseText?: string | null;
+        atmosphereText?: string | null;
+        freshnessMs?: number;
+        missingReason?: string;
+    };
 }
 export interface HeartbeatCheckInput {
     probeOnly?: boolean;
@@ -80,5 +96,12 @@ export interface HeartbeatCheckInput {
     idleCuriosityPolicy?: IdleCuriosityPolicy;
     /** v7 T-BTS.C.5: circuit breaker manager for connector execution health. */
     circuitBreakerManager?: CircuitBreakerManager;
+    /** T-OBS.R.1: shared audit sink for connector/Quiet events consumed by heartbeat_digest. */
+    auditStore?: AppendOnlyAuditStore;
+    /**
+     * T-CP.R.2: when true and state DB is wired, runs the v8 real runtime action-closure spine
+     * in addition to the v7 heartbeat loop. Produces state-backed closure/no-action records.
+     */
+    v8SpineEnabled?: boolean;
 }
 export declare function heartbeatCheck(input: HeartbeatCheckInput): Promise<HeartbeatSurfaceResult>;

package/runtime/cli/ops/heartbeat-surface.js CHANGED Viewed

@@ -1,4 +1,6 @@
 import { createWorkspaceHeartbeatRunner } from "./workspace-heartbeat-runner.js";
+// T-CP.R.2: v8 real runtime spine bridge
+import { runRealRuntimeHeartbeatCycle, } from "../../core/second-nature/control-plane/real-runtime-spine.js";
 function mapCycleToSurface(cycle, surfaceMode) {
     const status = cycle.status === "runtime_carrier_only"
         ? "runtime_carrier_only"
@@ -82,10 +84,80 @@ export async function heartbeatCheck(input) {
         goalLifecyclePolicy: input.goalLifecyclePolicy,
         idleCuriosityPolicy: input.idleCuriosityPolicy,
         circuitBreakerManager: input.circuitBreakerManager,
+        auditStore: input.auditStore,
     });
     try {
         const cycle = await run(signal);
-        return mapCycleToSurface(cycle, "workspace_full_runtime");
+        const surfaceResult = mapCycleToSurface(cycle, "workspace_full_runtime");
+        // T-CP.R.2: run v8 real runtime spine when enabled and state is available
+        if (input.v8SpineEnabled && input.state && input.workspaceRoot) {
+            try {
+                const v8Result = await runRealRuntimeHeartbeatCycle({
+                    workspaceRoot: input.workspaceRoot,
+                    state: input.state,
+                    requestedAt: timestamp,
+                    trigger: "host",
+                });
+                if ("status" in v8Result && v8Result.status === "degraded") {
+                    surfaceResult.v8Spine = {
+                        cycleId: "",
+                        cycleSequence: 0,
+                        degradedReason: v8Result.reason,
+                    };
+                    surfaceResult.reasons = [
+                        ...surfaceResult.reasons,
+                        `v8_spine_degraded:${v8Result.reason}`,
+                    ];
+                }
+                else {
+                    const spine = v8Result;
+                    surfaceResult.v8Spine = spine;
+                    surfaceResult.reasons = [
+                        ...surfaceResult.reasons,
+                        `v8_spine_cycle:${spine.cycleId}`,
+                        spine.closureRef
+                            ? "v8_closure_recorded"
+                            : `v8_no_action:${spine.noActionReason ?? "unknown"}`,
+                    ];
+                }
+            }
+            catch (v8Err) {
+                const v8Msg = v8Err instanceof Error ? v8Err.message : String(v8Err);
+                surfaceResult.reasons = [
+                    ...surfaceResult.reasons,
+                    `v8_spine_exception:${v8Msg.slice(0, 120)}`,
+                ];
+            }
+        }
+        // T-GVS.R.1: expose impulse context artifact when state is available
+        if (input.state) {
+            try {
+                const { readImpulseContext } = await import("../../core/second-nature/guidance/impulse-context-reader.js");
+                const ctx = await readImpulseContext(input.state, "social");
+                if (ctx.available) {
+                    surfaceResult.impulseContext = {
+                        available: true,
+                        sceneType: ctx.artifact.sceneType,
+                        capabilityClass: ctx.artifact.capabilityClass,
+                        impulseText: ctx.artifact.impulseText,
+                        atmosphereText: ctx.artifact.atmosphereText,
+                        freshnessMs: ctx.freshnessMs,
+                    };
+                    surfaceResult.reasons.push(`impulse_context:${ctx.artifact.id}`);
+                }
+                else {
+                    surfaceResult.impulseContext = {
+                        available: false,
+                        missingReason: ctx.reason,
+                    };
+                    surfaceResult.reasons.push(`impulse_context_missing:${ctx.reason}`);
+                }
+            }
+            catch {
+                // Non-fatal: impulse context is advisory
+            }
+        }
+        return surfaceResult;
     }
     catch (err) {
         const msg = err instanceof Error ? err.message : String(err);

package/runtime/cli/ops/manual-run-dispatcher.d.ts CHANGED Viewed

@@ -26,6 +26,7 @@ import type { ConnectorExecutor, ConnectorResult } from "../../connectors/base/c
 import type { ExperienceWriter } from "../../core/second-nature/body/tool-experience/experience-writer.js";
 import type { WetProbeRunner } from "../../connectors/base/wet-probe-runner.js";
 import type { CapabilityContractRegistryV7 } from "../../connectors/base/manifest-v7.js";
+import type { AppendOnlyAuditStore } from "../../observability/audit/append-only-audit-store.js";
 import { type HeartbeatCheckInput, type HeartbeatSurfaceResult } from "./heartbeat-surface.js";
 import type { RuntimeOpsEnvelope } from "./ops-router.js";
 export interface ManualTriggerContext {
@@ -75,5 +76,6 @@ export interface ManualRunDispatcherDeps {
     experienceWriter: ExperienceWriter;
     wetProbeRunner: WetProbeRunner;
     registryV7: CapabilityContractRegistryV7;
+    auditStore?: AppendOnlyAuditStore;
 }
 export declare function createManualRunDispatcher(deps: ManualRunDispatcherDeps): ManualRunDispatcher;

package/runtime/cli/ops/manual-run-dispatcher.js CHANGED Viewed

@@ -23,6 +23,7 @@
  * Test coverage: tests/unit/ops/manual-run-dispatcher.test.ts
  */
 import * as crypto from "node:crypto";
+import { recordConnectorAttemptAudit } from "../../observability/services/audit-closure-recorders.js";
 import { heartbeatCheck, } from "./heartbeat-surface.js";
 function buildManualContext(input) {
     return {
@@ -54,6 +55,15 @@ export function createManualRunDispatcher(deps) {
                 result: connectorResult,
                 triggerSource: ctx.triggerSource,
             });
+            recordConnectorAttemptAudit({
+                auditStore: deps.auditStore,
+                platformId: input.platformId,
+                capability: input.capabilityId,
+                result: connectorResult,
+                triggerSource: ctx.triggerSource,
+                decisionId,
+                intentId,
+            });
             const runResult = {
                 connectorResult,
                 experienceId,

package/runtime/cli/ops/ops-router.js CHANGED Viewed

@@ -28,6 +28,7 @@ import { writeRestoreAudit, } from "../../observability/services/restore-audit-s
 import { createHistoryDigestStore } from "../../storage/services/history-digest-store.js";
 // v8 T-ROS.C.1: loop_status read model
 import { readLoopStatus } from "../../observability/loop-status.js";
+import { checkRealRunHealth } from "../../observability/living-loop-health-gate.js";
 // T-ROS.C.3: ManualRunDispatcher and its deps
 import { createManualRunDispatcher, } from "./manual-run-dispatcher.js";
 import { createExperienceWriter } from "../../core/second-nature/body/tool-experience/experience-writer.js";
@@ -441,9 +442,12 @@ export function createOpsRouter(deps) {
                         experienceWriter,
                         digestOpts,
                         dreamSchedulePort,
+                        auditStore: deps.auditStore,
                         goalLifecyclePolicy,
                         idleCuriosityPolicy,
                         circuitBreakerManager,
+                        v8SpineEnabled: input
+                            ?.v8SpineEnabled ?? (deps.state !== undefined),
                     });
                     if (result.ok &&
                         result.surfaceMode === "workspace_full_runtime" &&
@@ -780,6 +784,7 @@ export function createOpsRouter(deps) {
                     experienceWriter,
                     wetProbeRunner,
                     registryV7,
+                    auditStore: deps.auditStore,
                 });
                 return dispatcher.runConnector({
                     platformId,
@@ -1051,6 +1056,33 @@ export function createOpsRouter(deps) {
                         ...deps.heartbeatDigestDeps,
                     };
                     const digest = await generateHeartbeatDigest(date, digestDeps);
+                    // T-OBS.R.3: Embed real-run health into digest when state DB is available
+                    if (deps.state) {
+                        const realRunResult = await checkRealRunHealth(deps.state, date);
+                        if (realRunResult.ok) {
+                            digest.realRunHealth = {
+                                gatePassed: realRunResult.gate.gatePassed,
+                                contractSmokeOnly: realRunResult.gate.contractSmokeOnly,
+                                seededStateDetected: realRunResult.gate.seededStateDetected,
+                                hasRealClosure: realRunResult.gate.hasRealClosure,
+                                hasQuietArtifact: realRunResult.gate.hasQuietArtifact,
+                                hasDreamArtifact: realRunResult.gate.hasDreamArtifact,
+                                missingStage: realRunResult.gate.missingStage,
+                                missingReason: realRunResult.gate.missingReason,
+                            };
+                        }
+                        else {
+                            digest.realRunHealth = {
+                                gatePassed: false,
+                                contractSmokeOnly: false,
+                                seededStateDetected: false,
+                                hasRealClosure: false,
+                                hasQuietArtifact: false,
+                                hasDreamArtifact: false,
+                                missingReason: "Real-run health check degraded: " + realRunResult.degraded.reason,
+                            };
+                        }
+                    }
                     const envelope = {
                         ok: true,
                         command: "heartbeat_digest",
@@ -1470,14 +1502,12 @@ export function createOpsRouter(deps) {
                     return envelope;
                 }
             }
-            // ─── T-V7C.C.4R: guidance_payload ──────────────────────────────────────
+            // ─── T-V7C.C.4R + T-GVS.R.1: guidance_payload ─────────────────────────
             // Returns the assembled impulse + atmosphere for a given scene context.
-            // Useful for Claw to inspect what guidance content would be injected before
-            // a real heartbeat cycle, and to verify platform-specific impulse overrides.
+            // When state DB is wired, reads persisted artifact first; falls back to
+            // real-time assembly and persists for subsequent reads.
             if (command === "guidance_payload") {
                 const generatedAt = new Date().toISOString();
-                const { assembleImpulseSync } = await import("../../guidance/impulse-assembler.js");
-                const { getBaselineAtmosphereTemplate } = await import("../../guidance/template-registry.js");
                 const sceneType = input?.sceneType ?? "social";
                 const capabilityIntent = typeof input?.capabilityIntent === "string"
                     ? input.capabilityIntent
@@ -1503,22 +1533,53 @@ export function createOpsRouter(deps) {
                     };
                     return envelope;
                 }
-                const impulseResult = assembleImpulseSync({
-                    sceneType: sceneType,
-                    capabilityIntent,
-                    platformId,
-                });
-                const { buildExpressionBoundary } = await import("../../guidance/output-guard.js");
-                const { getShortAtmosphereTemplate } = await import("../../guidance/template-registry.js");
-                const atmosphere = getShortAtmosphereTemplate("active", "low");
-                const expressionBoundary = buildExpressionBoundary(sceneType);
-                const envelope = {
-                    ok: true,
-                    command: "guidance_payload",
-                    runtimeMode: deps.runtimeAvailable ? "workspace_full_runtime" : "host_safe_carrier",
-                    surfaceMode: "cli",
-                    generatedAt,
-                    data: {
+                // T-GVS.R.1: Try reading persisted artifact first
+                let artifactData;
+                let warnings = [];
+                let sourceRefs = [
+                    "guidance/capability-class.ts",
+                    "guidance/impulse-assembler.ts",
+                    "guidance/template-registry.ts",
+                    "guidance/output-guard.ts",
+                ];
+                if (deps.state) {
+                    try {
+                        const { readImpulseContext } = await import("../../core/second-nature/guidance/impulse-context-reader.js");
+                        const existing = await readImpulseContext(deps.state, sceneType, capabilityIntent, platformId);
+                        if (existing.available) {
+                            artifactData = {
+                                sceneType: existing.artifact.sceneType,
+                                capabilityIntent: existing.artifact.capabilityIntent,
+                                platformId: existing.artifact.platformId,
+                                capabilityClass: existing.artifact.capabilityClass,
+                                impulseSource: existing.artifact.impulseSource,
+                                impulseText: existing.artifact.impulseText,
+                                atmosphereText: existing.artifact.atmosphereText,
+                                expressionBoundaryConstraints: existing.artifact.expressionBoundaryConstraints,
+                                expressionBoundaryStyle: existing.artifact.expressionBoundaryStyle,
+                                freshnessMs: existing.freshnessMs,
+                                persisted: true,
+                            };
+                            sourceRefs.push("core/second-nature/guidance/impulse-context-reader.ts");
+                        }
+                    }
+                    catch {
+                        // Reader failure → fall through to assembly
+                    }
+                }
+                // Real-time assembly if no persisted artifact
+                if (!artifactData) {
+                    const { assembleImpulseSync } = await import("../../guidance/impulse-assembler.js");
+                    const { buildExpressionBoundary } = await import("../../guidance/output-guard.js");
+                    const { getShortAtmosphereTemplate } = await import("../../guidance/template-registry.js");
+                    const impulseResult = assembleImpulseSync({
+                        sceneType: sceneType,
+                        capabilityIntent,
+                        platformId,
+                    });
+                    const atmosphere = getShortAtmosphereTemplate("active", "low");
+                    const expressionBoundary = buildExpressionBoundary(sceneType);
+                    artifactData = {
                         sceneType,
                         capabilityIntent: capabilityIntent ?? null,
                         platformId: platformId ?? null,
@@ -1530,16 +1591,41 @@ export function createOpsRouter(deps) {
                         atmosphereReviewStatus: atmosphere.reviewStatus,
                         expressionBoundaryConstraints: expressionBoundary.constraints,
                         expressionBoundaryStyle: expressionBoundary.style,
-                    },
-                    warnings: impulseResult.source === "none"
-                        ? ["no_impulse_available_for_this_scene_and_capability"]
-                        : [],
-                    sourceRefs: [
-                        "guidance/capability-class.ts",
-                        "guidance/impulse-assembler.ts",
-                        "guidance/template-registry.ts",
-                        "guidance/output-guard.ts",
-                    ],
+                        persisted: false,
+                    };
+                    if (impulseResult.source === "none") {
+                        warnings.push("no_impulse_available_for_this_scene_and_capability");
+                    }
+                    // T-GVS.R.1: Persist assembled artifact for future reads
+                    if (deps.state) {
+                        try {
+                            const { writeImpulseContext } = await import("../../core/second-nature/guidance/impulse-context-writer.js");
+                            await writeImpulseContext(deps.state, {
+                                sceneType,
+                                capabilityIntent,
+                                platformId,
+                                impulseResult,
+                                atmosphereText: atmosphere.text,
+                                expressionBoundaryConstraints: expressionBoundary.constraints,
+                                expressionBoundaryStyle: expressionBoundary.style,
+                            }, { now: generatedAt });
+                            sourceRefs.push("core/second-nature/guidance/impulse-context-writer.ts");
+                        }
+                        catch {
+                            // Persistence failure is non-fatal; surface still returns assembled payload
+                            warnings.push("impulse_context_persistence_failed");
+                        }
+                    }
+                }
+                const envelope = {
+                    ok: true,
+                    command: "guidance_payload",
+                    runtimeMode: deps.runtimeAvailable ? "workspace_full_runtime" : "host_safe_carrier",
+                    surfaceMode: "cli",
+                    generatedAt,
+                    data: artifactData,
+                    warnings,
+                    sourceRefs,
                 };
                 return envelope;
             }

package/runtime/cli/ops/workspace-heartbeat-runner.d.ts CHANGED Viewed

@@ -26,6 +26,7 @@ import { type HeartbeatDigestAssemblerDeps } from "../../observability/services/
 import type { GoalLifecyclePolicy } from "../../core/second-nature/heartbeat/goal-lifecycle-policy.js";
 import type { IdleCuriosityPolicy } from "../../core/second-nature/heartbeat/idle-curiosity-policy.js";
 import type { CircuitBreakerManager } from "../../core/second-nature/body/circuit-breaker/circuit-breaker-manager.js";
+import type { AppendOnlyAuditStore } from "../../observability/audit/append-only-audit-store.js";
 export interface WorkspaceHeartbeatRunnerOptions {
     /** When supplied, the runner persists the cycle so `loadStatus` can read it (T1.2.3). */
     runtimeRecorder?: RuntimeDecisionRecorder;
@@ -76,6 +77,8 @@ export interface WorkspaceHeartbeatRunnerOptions {
          */
         digestWindowHour?: number;
     };
+    /** T-OBS.R.1: shared audit sink for heartbeat connector and Quiet outcomes. */
+    auditStore?: AppendOnlyAuditStore;
 }
 export declare function loadSnapshotInputsForWorkspaceHeartbeat(readModels: CliReadModels, options?: {
     state?: StateDatabase;

package/runtime/cli/ops/workspace-heartbeat-runner.js CHANGED Viewed

@@ -145,6 +145,7 @@ export function createWorkspaceHeartbeatRunner(readModels, options = {}) {
                         workspaceRoot: options.workspaceRoot,
                         // v7 T-V7C.C.3: pass Dream schedule port so Quiet completion triggers Dream.
                         dreamSchedulePort: options.dreamSchedulePort,
+                        auditStore: options.auditStore,
                     }
                     : undefined,
                 connectorExecutor: options.connectorExecutor,
@@ -162,6 +163,7 @@ export function createWorkspaceHeartbeatRunner(readModels, options = {}) {
                 idleCuriosityPolicy: options.idleCuriosityPolicy,
                 // v7 T-BTS.C.5: pass circuit breaker manager for execution health tracking.
                 circuitBreakerManager: options.circuitBreakerManager,
+                auditStore: options.auditStore,
             },
         });
         if (options.runtimeRecorder) {

package/runtime/connectors/base/contract.d.ts CHANGED Viewed

@@ -12,6 +12,14 @@ export interface ConnectorRequestIdentity {
     /** Canonical name across all platforms. */
     canonicalName?: string;
 }
+export interface PolicyProof {
+    decisionId: string;
+    decision: "allow" | "defer" | "downgrade" | "deny";
+    ownerConfirmMode?: boolean;
+    ownerConfirmed?: boolean;
+    dryRun?: boolean;
+    reason?: string;
+}
 export interface ConnectorRequest {
     platformId: string;
     intent: CapabilityIntent;
@@ -23,6 +31,8 @@ export interface ConnectorRequest {
     intentId?: string;
     /** T-V7C.C.4: identity for connector request (readable, no credential). */
     identity?: ConnectorRequestIdentity;
+    /** T-CS.R.1: policy proof for write-side actions */
+    policyProof?: PolicyProof;
 }
 export interface ExecutionPlan {
     platformId: string;

package/runtime/connectors/base/policy-bound-write-dispatch.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * PolicyBoundWriteDispatch — Write-side connector dispatch with policy proof gate.
+ *
+ * Core logic: Verify policy proof before external write; reject without platform
+ * call when proof is missing, deny, or lacks owner confirmation for high-risk
+ * actions. Support dry-run mode for safe testing.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/connector-system.md §2`
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.detail.md §3.3`
+ * - `docs/validation/openclaw-plugin-classification.md §5`
+ *
+ * Dependencies:
+ * - `src/connectors/base/contract.js` (ConnectorRequest, ConnectorResult, PolicyProof)
+ * - `src/connectors/base/policy-layer.js` (createConnectorPolicyLayer)
+ *
+ * Boundary:
+ * - Does NOT bypass ActionPolicyDecision.
+ * - Does NOT execute write without valid policy proof.
+ * - Does NOT leak credentials in returned results.
+ */
+import type { ConnectorRequest, ConnectorResult } from "./contract.js";
+export interface WriteDispatchResult {
+    status: "allowed" | "denied" | "deferred" | "dry_run" | "downgraded";
+    reason: string;
+    connectorResult?: ConnectorResult<unknown>;
+    simulatedPayload?: Record<string, unknown>;
+}
+export declare function dispatchPolicyBoundWrite(request: ConnectorRequest, executeConnector: (req: ConnectorRequest) => Promise<ConnectorResult<unknown>>): Promise<WriteDispatchResult>;

package/runtime/connectors/base/policy-bound-write-dispatch.js ADDED Viewed

@@ -0,0 +1,127 @@
+/**
+ * PolicyBoundWriteDispatch — Write-side connector dispatch with policy proof gate.
+ *
+ * Core logic: Verify policy proof before external write; reject without platform
+ * call when proof is missing, deny, or lacks owner confirmation for high-risk
+ * actions. Support dry-run mode for safe testing.
+ *
+ * Design authority:
+ * - `.anws/v8/04_SYSTEM_DESIGN/connector-system.md §2`
+ * - `.anws/v8/04_SYSTEM_DESIGN/action-closure-policy-system.detail.md §3.3`
+ * - `docs/validation/openclaw-plugin-classification.md §5`
+ *
+ * Dependencies:
+ * - `src/connectors/base/contract.js` (ConnectorRequest, ConnectorResult, PolicyProof)
+ * - `src/connectors/base/policy-layer.js` (createConnectorPolicyLayer)
+ *
+ * Boundary:
+ * - Does NOT bypass ActionPolicyDecision.
+ * - Does NOT execute write without valid policy proof.
+ * - Does NOT leak credentials in returned results.
+ */
+// ───────────────────────────────────────────────────────────────
+// Helpers
+// ───────────────────────────────────────────────────────────────
+function isWriteCapability(intent) {
+    const writeIntents = ["post.publish", "comment.reply", "message.send"];
+    return writeIntents.includes(intent);
+}
+function validatePolicyProof(proof, intent) {
+    if (!proof) {
+        return {
+            valid: false,
+            reason: "policy_denied_missing_permission",
+        };
+    }
+    if (proof.decision === "deny") {
+        return {
+            valid: false,
+            reason: proof.reason || "policy_denied_high_risk",
+        };
+    }
+    if (proof.decision === "defer") {
+        return {
+            valid: false,
+            reason: "policy_deferred_owner_confirmation",
+        };
+    }
+    if (proof.decision === "downgrade") {
+        return {
+            valid: false,
+            reason: proof.reason || "policy_downgraded_to_draft",
+        };
+    }
+    // Allow decision
+    if (proof.decision !== "allow") {
+        return {
+            valid: false,
+            reason: "policy_denied_missing_permission",
+        };
+    }
+    // For write capabilities, require owner-confirm, dry-run, or explicit owner-confirmed flag
+    if (isWriteCapability(intent) &&
+        !proof.ownerConfirmMode &&
+        !proof.dryRun &&
+        !proof.ownerConfirmed) {
+        return {
+            valid: false,
+            reason: "policy_denied_owner_confirm_required",
+        };
+    }
+    return { valid: true, reason: "policy_allowed" };
+}
+// ───────────────────────────────────────────────────────────────
+// Public API
+// ───────────────────────────────────────────────────────────────
+export async function dispatchPolicyBoundWrite(request, executeConnector) {
+    const { intent, policyProof, payload } = request;
+    // Only gate write capabilities
+    if (!isWriteCapability(intent)) {
+        // Read capabilities pass through to normal execution
+        const result = await executeConnector(request);
+        return {
+            status: "allowed",
+            reason: "read_capability_no_policy_gate",
+            connectorResult: result,
+        };
+    }
+    // Validate policy proof
+    const validation = validatePolicyProof(policyProof, intent);
+    if (!validation.valid) {
+        return {
+            status: validation.reason === "policy_deferred_owner_confirmation"
+                ? "deferred"
+                : "denied",
+            reason: validation.reason,
+        };
+    }
+    // Dry-run mode: simulate execution without platform call
+    if (policyProof?.dryRun) {
+        return {
+            status: "dry_run",
+            reason: "dry_run_simulated_success",
+            simulatedPayload: {
+                ...payload,
+                _simulated: true,
+                _idempotencyKey: request.idempotencyKey,
+                _decisionId: policyProof.decisionId,
+            },
+        };
+    }
+    // Owner-confirm mode without explicit approval: defer to owner approval
+    if (policyProof?.ownerConfirmMode && !policyProof?.ownerConfirmed) {
+        return {
+            status: "deferred",
+            reason: "owner_confirm_pending",
+        };
+    }
+    // Full allow → execute connector
+    const result = await executeConnector(request);
+    return {
+        status: result.status === "success" ? "allowed" : "denied",
+        reason: result.status === "success"
+            ? "execution_completed"
+            : (result.failureClass || "execution_failed"),
+        connectorResult: result,
+    };
+}