npm - @ik-firewall/core - Versions diffs - 1.0.2 → 2.3.0 - Mend

@ik-firewall/core 1.0.2 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.cjs +381 -97
package/dist/index.d.cts +18 -3
package/dist/index.d.ts +18 -3
package/dist/index.js +371 -97
package/package.json +6 -4
package/scripts/setup-runtime.js +60 -19

package/dist/index.js CHANGED Viewed

@@ -16,15 +16,18 @@ if (typeof window === "undefined") {
 var Registry = class _Registry {
   static instance;
   registryPath;
+  usagePath;
   hasWarnedNoFs = false;
   hasWarnedSaveError = false;
   constructor() {
     this.registryPath = "";
+    this.usagePath = "";
     if (typeof process !== "undefined" && process.versions && process.versions.node) {
       try {
         fs = __require("fs");
         path = __require("path");
         this.registryPath = path.join(process.cwd(), ".ik-adapter", "registry.json");
+        this.usagePath = path.join(process.cwd(), ".ik-adapter", "usage.json");
         this.ensureDirectory();
       } catch (e) {
         if (!this.hasWarnedNoFs) {
@@ -59,8 +62,13 @@ var Registry = class _Registry {
     if (!fs || !this.registryPath) return {};
     try {
       if (fs.existsSync(this.registryPath)) {
-        const data = fs.readFileSync(this.registryPath, "utf8");
-        return JSON.parse(data);
+        const rawData = fs.readFileSync(this.registryPath, "utf8");
+        try {
+          const decoded = Buffer.from(rawData, "base64").toString("utf8");
+          return JSON.parse(decoded);
+        } catch (e) {
+          return JSON.parse(rawData);
+        }
       }
     } catch (error) {
       console.error("[IK_REGISTRY] Load error:", error);
@@ -80,7 +88,9 @@ var Registry = class _Registry {
     }
     try {
       this.ensureDirectory();
-      fs.writeFileSync(this.registryPath, JSON.stringify(data, null, 2), "utf8");
+      const jsonStr = JSON.stringify(data, null, 2);
+      const obfuscated = Buffer.from(jsonStr).toString("base64");
+      fs.writeFileSync(this.registryPath, obfuscated, "utf8");
     } catch (error) {
       if (!this.hasWarnedSaveError) {
         console.error("\n[IK_REGISTRY] \u{1F6A8} ERROR saving registry.json. Your environment likely has a read-only filesystem (e.g. Vercel Serverless).");
@@ -111,17 +121,76 @@ var Registry = class _Registry {
     delete all[instanceId];
     this.save(all);
   }
+  getUsageFilePath() {
+    return this.usagePath;
+  }
+  exists(filePath) {
+    return fs && fs.existsSync(filePath);
+  }
+  loadUsage() {
+    if (!fs || !this.usagePath || !fs.existsSync(this.usagePath)) return [];
+    try {
+      const raw = fs.readFileSync(this.usagePath, "utf8");
+      return JSON.parse(raw);
+    } catch (e) {
+      return [];
+    }
+  }
+  saveUsage(data) {
+    if (!fs || !this.usagePath) return;
+    try {
+      fs.writeFileSync(this.usagePath, JSON.stringify(data, null, 2), "utf8");
+    } catch (e) {
+      console.error("[IK_REGISTRY] Failed to save usage:", e);
+    }
+  }
+  clearUsage() {
+    if (!fs || !this.usagePath) return;
+    try {
+      if (fs.existsSync(this.usagePath)) {
+        fs.unlinkSync(this.usagePath);
+      }
+    } catch (e) {
+    }
+  }
+};
+// src/lib/hmac.ts
+import crypto from "crypto";
+var IKHmac = class {
+  secret;
+  constructor(secret) {
+    this.secret = secret;
+  }
+  /**
+   * Verifies that a response from the IK-Firewall server is authentic.
+   */
+  verify(data) {
+    if (!data || !data.signature) return false;
+    const { signature, ...rest } = data;
+    const payload = JSON.stringify(rest);
+    const expectedSignature = crypto.createHmac("sha256", this.secret).update(payload).digest("hex");
+    return signature === expectedSignature;
+  }
 };
 // src/ConfigManager.ts
 var ConfigManager = class {
   config;
   registry;
-  constructor(initialConfig) {
+  hooks;
+  constructor(initialConfig, hooks) {
     this.config = initialConfig;
+    this.hooks = hooks;
     this.registry = Registry.getInstance();
     this.loadFromRegistry();
   }
+  getRegistry() {
+    return this.registry;
+  }
+  setHooks(hooks) {
+    this.hooks = hooks;
+  }
   loadFromRegistry() {
     const instanceConfigs = this.registry.load();
     this.config.instanceConfigs = {
@@ -129,6 +198,76 @@ var ConfigManager = class {
       ...instanceConfigs
     };
   }
+  /**
+   * Syncs remote configuration (pricing, license status) from the Vercel API.
+   * Runs once every 24 hours (Heartbeat).
+   */
+  async syncRemoteConfig(instanceId) {
+    const now = /* @__PURE__ */ new Date();
+    const instanceConfig = this.config.instanceConfigs?.[instanceId];
+    if (instanceConfig?.lastSyncDate) {
+      const lastSync = new Date(instanceConfig.lastSyncDate);
+      const hoursSinceSync = (now.getTime() - lastSync.getTime()) / (1e3 * 60 * 60);
+      if (hoursSinceSync < 24) {
+        return;
+      }
+    }
+    try {
+      const endpoint = this.config.centralReportEndpoint || "https://ik-firewall.vercel.app/api/v1/sync";
+      const instanceConfig2 = this.config.instanceConfigs?.[instanceId];
+      const registrationEmail = instanceConfig2?.ownerEmail || this.config.ownerEmail;
+      if ((!instanceConfig2?.licenseKey || instanceConfig2.licenseKey.startsWith("TRIAL-")) && registrationEmail) {
+        const success = await this.registerInstance(instanceId, registrationEmail);
+        if (success) {
+          this.hooks?.onStatus?.("\u2728 IK_SYNC: Zero-Config registration successful. License issued.");
+          return;
+        } else {
+          this.hooks?.onStatus?.("\u26A0\uFE0F IK_SYNC: Auto-registration failed. Continuing with local trial.");
+        }
+      }
+      this.hooks?.onStatus?.(`\u{1F4E1} IK_SYNC: Heartbeat to ${endpoint}...`);
+      const response = await fetch(`${endpoint}?licenseKey=${instanceConfig2?.licenseKey || ""}&instanceId=${instanceId}&version=2.2.0`);
+      if (response.ok) {
+        const data = await response.json();
+        if (this.config.hmacSecret) {
+          const verifier = new IKHmac(this.config.hmacSecret);
+          if (!verifier.verify(data)) {
+            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+            return;
+          }
+        }
+        this.setInstanceConfig(instanceId, {
+          billingStatus: data.billingStatus,
+          isVerified: data.isVerified,
+          pricing: data.pricing,
+          lastSyncDate: now.toISOString()
+        });
+        this.hooks?.onStatus?.("\u2705 IK_SYNC: Remote configuration updated and verified.");
+      } else {
+        throw new Error(`Server responded with ${response.status}`);
+      }
+      if (!instanceConfig2?.firstUseDate) {
+        this.setInstanceConfig(instanceId, { firstUseDate: now.toISOString() });
+      }
+    } catch (error) {
+      console.error(`[IK_CONFIG] Remote sync failed (${error.message}). Falling open (Fail-Open mode).`);
+      this.setInstanceConfig(instanceId, {
+        isVerified: true,
+        lastSyncDate: now.toISOString()
+      });
+    }
+    try {
+      const registry = this.registry;
+      if (registry.exists(registry.getUsageFilePath())) {
+        const aggregatedUsage = registry.loadUsage();
+        if (aggregatedUsage.length > 0) {
+          this.hooks?.onStatus?.(`\u{1F4CA} IK_SYNC: Found ${aggregatedUsage.length} pending usage reports. Preparation for Daily Flush...`);
+          this._pendingUsage = aggregatedUsage;
+        }
+      }
+    } catch (e) {
+    }
+  }
   getConfig() {
     return { ...this.config };
   }
@@ -168,6 +307,40 @@ var ConfigManager = class {
     }
     this.updateConfig({ plugins });
   }
+  async registerInstance(instanceId, email) {
+    try {
+      const endpoint = (this.config.centralReportEndpoint || "https://ik-firewall.vercel.app/api/v1").replace(/\/sync$/, "") + "/register";
+      this.hooks?.onStatus?.(`\u{1F680} IK_REGISTRY: Registering new instance for ${email}...`);
+      const response = await fetch(endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email, instanceId })
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (this.config.hmacSecret) {
+          const verifier = new IKHmac(this.config.hmacSecret);
+          if (!verifier.verify(data)) {
+            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+            return false;
+          }
+        }
+        this.setInstanceConfig(instanceId, {
+          licenseKey: data.licenseKey,
+          billingStatus: data.status.toLowerCase(),
+          isVerified: true,
+          firstUseDate: (/* @__PURE__ */ new Date()).toISOString(),
+          pricing: data.pricing
+        });
+        this.hooks?.onStatus?.("\u2728 IK_REGISTRY: Instance registered successfully and license issued.");
+        return true;
+      }
+      return false;
+    } catch (error) {
+      console.error("[IK_REGISTRY] Registration failed:", error);
+      return false;
+    }
+  }
   ensureInstanceConfig(instanceId) {
     const all = this.registry.load();
     if (!all[instanceId]) {
@@ -175,7 +348,9 @@ var ConfigManager = class {
         balance: this.config.balance || 0.5,
         aggressiveness: this.config.aggressiveness || 0.5,
         isEnabled: true,
-        contextMode: "FIRST_MESSAGE"
+        contextMode: "FIRST_MESSAGE",
+        ownerEmail: this.config.ownerEmail
+        // Inherit from global if not specific
       });
       this.loadFromRegistry();
     }
@@ -1248,18 +1423,12 @@ var Orchestrator = class {
 };
 // src/UsageTracker.ts
-var UsageTracker = class _UsageTracker {
+var UsageTracker = class {
   buffer = [];
   MAX_BUFFER_SIZE = 1;
   // Immediate reporting for Edge/Stateless environments
   hooks;
   config;
-  // Static pricing benchmarks (cost per 1k tokens in USD)
-  static PRICING = {
-    "gpt-4o": { input: 5e-3, output: 0.015 },
-    "gpt-4o-mini": { input: 15e-5, output: 6e-4 },
-    "local": { input: 0, output: 0 }
-  };
   constructor(config, hooks) {
     this.config = config;
     this.hooks = hooks;
@@ -1270,8 +1439,10 @@ var UsageTracker = class _UsageTracker {
   async logInteraction(params) {
     const { instanceId, model, inputTokens, outputTokens, optimizedTokens = 0, cqScore, routingPath, clientOrigin, trace } = params;
     const tokensSaved = optimizedTokens > 0 ? inputTokens - optimizedTokens : 0;
-    const modelPricing = _UsageTracker.PRICING[model] || _UsageTracker.PRICING["gpt-4o-mini"];
-    const costSaved = tokensSaved / 1e3 * modelPricing.input;
+    const instanceConfig = this.config.getConfig().instanceConfigs?.[instanceId];
+    const remotePricing = instanceConfig?.pricing?.[model] || { input: 5e-3, output: 0.015 };
+    const costSaved = tokensSaved / 1e3 * remotePricing.input;
+    const commissionDue = costSaved * 0.2;
     const data = {
       instanceId,
       model_used: model,
@@ -1281,6 +1452,7 @@ var UsageTracker = class _UsageTracker {
       optimized_tokens: optimizedTokens,
       tokens_saved: tokensSaved,
       cost_saved: Number(costSaved.toFixed(6)),
+      commission_due: Number(commissionDue.toFixed(6)),
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       is_local: model === "local",
       cq_score: cqScore,
@@ -1289,40 +1461,71 @@ var UsageTracker = class _UsageTracker {
     };
     this.buffer.push(data);
     this.hooks?.onUsageReported?.(data);
-    if (this.buffer.length >= this.MAX_BUFFER_SIZE) {
-      await this.flush();
+    await this.persistToLocalBuffer(data);
+  }
+  /**
+   * Appends usage data to the local .ik-adapter/usage.json file
+   */
+  async persistToLocalBuffer(data) {
+    try {
+      const registry = this.config.getRegistry();
+      const usageFile = registry.getUsageFilePath();
+      let existingUsage = [];
+      if (registry.exists(usageFile)) {
+        existingUsage = registry.loadUsage();
+      }
+      existingUsage.push(data);
+      registry.saveUsage(existingUsage);
+    } catch (e) {
+      console.error("[IK_TRACKER] Failed to persist usage to local buffer:", e);
     }
   }
   /**
    * Send buffered usage data to the central IK billing service
    */
-  async flush() {
-    if (this.buffer.length === 0) return;
-    const endpoint = this.config.get("centralReportEndpoint");
-    if (!endpoint) {
-      console.warn("[IK_TRACKER] No centralReportEndpoint defined. Clearing buffer to prevent memory leak.");
-      this.buffer = [];
-      return;
-    }
+  async flush(aggregatedData) {
+    const usageToFlush = aggregatedData || this.buffer;
+    if (usageToFlush.length === 0) return;
+    const endpoint = this.config.get("centralReportEndpoint") || "https://ik-firewall.vercel.app/api/v1/report";
+    const hmacSecret = this.config.get("hmacSecret");
     try {
-      for (const report of this.buffer) {
-        await fetch(endpoint, {
+      this.hooks?.onStatus?.(`\u{1F4E4} IK_TRACKER: Flushing ${usageToFlush.length} interactions to ${endpoint}...`);
+      const reportsByInstance = {};
+      for (const report of usageToFlush) {
+        if (!reportsByInstance[report.instanceId]) reportsByInstance[report.instanceId] = [];
+        reportsByInstance[report.instanceId].push(report);
+      }
+      for (const [instanceId, reports] of Object.entries(reportsByInstance)) {
+        const instanceConfig = this.config.getConfig().instanceConfigs?.[instanceId];
+        const payload = {
+          licenseKey: instanceConfig?.licenseKey || "",
+          instanceId,
+          reports: reports.map((r) => ({
+            modelName: r.model_used,
+            tokensIn: r.input_tokens,
+            tokensOut: r.output_tokens,
+            tokensSaved: r.tokens_saved,
+            date: r.timestamp
+          }))
+        };
+        if (hmacSecret) {
+          const jsonStr = JSON.stringify(payload);
+          const crypto2 = await import("crypto");
+          payload.signature = crypto2.createHmac("sha256", hmacSecret).update(jsonStr).digest("hex");
+        }
+        const response = await fetch(endpoint, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({
-            instanceId: report.instanceId,
-            model: report.model_used,
-            inputTokens: report.input_tokens,
-            outputTokens: report.output_tokens,
-            optimizedTokens: report.optimized_tokens,
-            cqScore: report.cq_score,
-            routingPath: report.routingPath,
-            clientOrigin: report.clientOrigin,
-            trace: report.trace
-          })
+          body: JSON.stringify(payload)
         });
+        if (!response.ok) {
+          console.error(`[IK_TRACKER] Failed to send aggregate for ${instanceId}: ${response.statusText}`);
+        }
       }
       this.buffer = [];
+      if (aggregatedData) {
+        this.config.getRegistry().clearUsage();
+      }
     } catch (error) {
       console.error("[IK_TRACKER] Failed to flush usage data:", error);
     }
@@ -1332,6 +1535,49 @@ var UsageTracker = class _UsageTracker {
   }
 };
+// src/CognitiveEngine.ts
+var CognitiveEngine = class {
+  /**
+   * Sniff Cognitive DNA (CQ Score: 0-100)
+   * Higher score = higher quality, human-like, structured content.
+   */
+  static sniffDNA(input) {
+    if (!input || input.trim().length === 0) return 0;
+    const length = input.length;
+    const words = input.split(/\s+/).filter((w) => w.length > 0);
+    const wordCount = words.length;
+    const sentences = input.split(/[.!?]+/).filter((s) => s.trim().length > 0);
+    const avgSentenceLength = sentences.length > 0 ? wordCount / sentences.length : 0;
+    const sentenceVariety = sentences.length > 1 ? 10 : 0;
+    const uniqueWords = new Set(words.map((w) => w.toLowerCase())).size;
+    const lexicalBreadth = wordCount > 0 ? uniqueWords / wordCount * 40 : 0;
+    const markers = (input.match(/[,;:"'()\[\]]/g) || []).length;
+    const structuralHealth = Math.min(markers / wordCount * 100, 20);
+    const repetitivePenalty = this.calculateRepetitivePenalty(input);
+    let score = lexicalBreadth + structuralHealth + sentenceVariety + (avgSentenceLength > 5 ? 20 : 0);
+    score -= repetitivePenalty;
+    return Math.max(0, Math.min(100, score));
+  }
+  /**
+   * Calculate Crystallization Threshold
+   * Logic:
+   * Low CQ (Noise) -> Aggressive optimization (Lower threshold, e.g. 0.6)
+   * High CQ (Quality) -> Conservative optimization (Higher threshold, e.g. 0.9)
+   */
+  static calculateThreshold(cqScore) {
+    if (cqScore < 30) return 0.65;
+    if (cqScore < 60) return 0.78;
+    if (cqScore < 85) return 0.88;
+    return 0.95;
+  }
+  static calculateRepetitivePenalty(input) {
+    const chunks = input.match(/.{1,10}/g) || [];
+    const uniqueChunks = new Set(chunks).size;
+    const ratio = chunks.length > 10 ? uniqueChunks / chunks.length : 1;
+    return ratio < 0.5 ? (1 - ratio) * 50 : 0;
+  }
+};
 // src/core.ts
 var IKFirewallCore = class _IKFirewallCore {
   static instance;
@@ -1386,55 +1632,75 @@ var IKFirewallCore = class _IKFirewallCore {
       FLUID_THRESHOLD: 4
     }
   };
-  gatekeeper = new HeuristicGatekeeper();
+  gatekeeper;
   configManager;
   sessionDNA = 0;
-  hooks;
   cloudProvider;
   localProvider;
   orchestrator;
   usageTracker;
+  _hooks;
+  defaultConfig;
   constructor(config, hooks, cloudProvider) {
-    const defaultConfig = {
+    this.defaultConfig = {
       aggressiveness: 0.15,
       forcedEfficiency: false,
       precisionBias: _IKFirewallCore.CONSTANTS.PRECISION.BIAS_DEFAULT,
       balance: _IKFirewallCore.CONSTANTS.TONE.STABLE_VAL,
       gatekeeperEnabled: true,
       locale: "en",
-      providerMode: "hybrid",
+      providerMode: process.env.IK_FIREWALL_MODE || "hybrid",
       runtimeStrategy: "internal",
-      localAuditEndpoint: "http://127.0.0.1:8085/v1/chat/completions",
-      fallbackToCloudAudit: false,
+      localAuditEndpoint: process.env.IK_FIREWALL_LOCAL_ENDPOINT || "http://127.0.0.1:8085/v1/chat/completions",
+      centralReportEndpoint: process.env.IK_FIREWALL_CENTRAL_ENDPOINT || "https://ik-firewall.vercel.app/api/v1/sync",
+      ownerEmail: process.env.IK_FIREWALL_EMAIL,
+      hmacSecret: process.env.IK_FIREWALL_SECRET,
+      fallbackToCloudAudit: process.env.IK_FIREWALL_FALLBACK === "true" || false,
       modelConfig: {
         modelType: "1b"
       },
       plugins: []
     };
-    this.configManager = new ConfigManager({ ...defaultConfig, ...config });
-    if (hooks) this.hooks = hooks;
+    this._hooks = hooks;
+    this.configManager = new ConfigManager({ ...this.defaultConfig, ...config }, hooks);
+    this.gatekeeper = new HeuristicGatekeeper();
+    this.sessionDNA = _IKFirewallCore.CONSTANTS.DNA.MIN;
     const activeConfig = this.configManager.getConfig();
     this.localProvider = new LocalProvider(activeConfig.localAuditEndpoint);
     if (cloudProvider) {
-      if (cloudProvider instanceof BaseProvider) {
-        this.cloudProvider = cloudProvider;
-      } else {
-        const mode = activeConfig.providerMode;
-        if (mode === "anthropic") {
-          this.cloudProvider = new AnthropicProvider(cloudProvider);
-        } else if (mode === "deepseek") {
-          this.cloudProvider = new DeepSeekProvider(cloudProvider);
-        } else if (mode === "gemini") {
-          this.cloudProvider = new GeminiProvider(cloudProvider);
-        } else if (mode === "perplexity") {
-          this.cloudProvider = new PerplexityProvider(cloudProvider);
-        } else {
-          this.cloudProvider = new OpenAIProvider(cloudProvider);
-        }
-      }
+      this.cloudProvider = cloudProvider instanceof BaseProvider ? cloudProvider : new OpenAIProvider(cloudProvider);
+    } else if (process.env.OPENAI_API_KEY) {
+      this.cloudProvider = new OpenAIProvider(async (prompt, role) => {
+        const response = await fetch("https://api.openai.com/v1/chat/completions", {
+          method: "POST",
+          headers: {
+            "Authorization": `Bearer ${process.env.OPENAI_API_KEY}`,
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            model: role === "audit_layer" ? "gpt-4o-mini" : "gpt-4o",
+            messages: [{ role: "user", content: prompt }],
+            temperature: 0.1
+          })
+        });
+        if (!response.ok) throw new Error(`OpenAI API Error: ${response.statusText}`);
+        const data = await response.json();
+        return {
+          content: data.choices[0].message.content,
+          usage: data.usage
+        };
+      });
     }
     this.orchestrator = new Orchestrator(this.configManager);
-    this.usageTracker = new UsageTracker(this.configManager, this.hooks);
+    this.usageTracker = new UsageTracker(this.configManager, this._hooks);
+  }
+  get hooks() {
+    return this._hooks;
+  }
+  set hooks(newHooks) {
+    this._hooks = newHooks;
+    this.configManager.setHooks(newHooks);
+    this.usageTracker.hooks = newHooks;
   }
   static getInstance(config, hooks) {
     if (!_IKFirewallCore.instance) {
@@ -1546,6 +1812,21 @@ var IKFirewallCore = class _IKFirewallCore {
   async analyze(input, provider, personaName = "professional", locale, instanceId) {
     if (instanceId) {
       this.configManager.ensureInstanceConfig(instanceId);
+      const syncPromise = this.configManager.syncRemoteConfig(instanceId).then(async () => {
+        const pendingUsage = this.configManager._pendingUsage;
+        if (pendingUsage && pendingUsage.length > 0) {
+          await this.usageTracker.flush(pendingUsage);
+          this.configManager._pendingUsage = null;
+        }
+      });
+      await syncPromise;
+    }
+    const mergedConfig = this.configManager.getMergedConfig(instanceId);
+    if (instanceId && mergedConfig?.isVerified === false) {
+      if (mergedConfig?.billingStatus === "blocked") {
+        this.hooks?.onStatus?.("\u26A0\uFE0F [IK_FIREWALL] Subscription inactive. Optimization bypassed (Fail-Safe mode).");
+        return this.getEmptyMetrics();
+      }
     }
     let auditProvider = this.localProvider;
     let overrideProvider = null;
@@ -1580,18 +1861,20 @@ var IKFirewallCore = class _IKFirewallCore {
     const ei = (input.match(/[,;.:-]/g) || []).length / (input.split(" ").length || 1);
     let requiresAuditOverride = false;
     let boundaryMetrics = { boundaryScore: 0, requiresHumanIntervention: false };
-    if (this.getConfig().safeMode) {
-      boundaryMetrics = this.gatekeeper.evaluateBoundaryCommunication(input, this.getConfig().customBoundaryKeywords);
-      if (boundaryMetrics.requiresHumanIntervention) {
+    if (this.getConfig()?.safeMode) {
+      boundaryMetrics = this.gatekeeper.evaluateBoundaryCommunication(input, this.getConfig()?.customBoundaryKeywords);
+      if (boundaryMetrics?.requiresHumanIntervention) {
         requiresAuditOverride = true;
       }
     }
     const skipAudit = !requiresAuditOverride && this.getConfig().gatekeeperEnabled && localInsight.complexityScore < _IKFirewallCore.CONSTANTS.HEURISTICS.COMPLEXITY_SKIP_THRESHOLD;
     if (skipAudit) {
       this.hooks?.onStatus?.("\u26A1 IK_GATEKEEPER: Simple request detected. Skipping Deep Audit.");
-      const metrics2 = this.createHeuristicMetrics(input, dm, ei, uniqueWords, localInsight.intentMode);
-      metrics2.semanticInsights.boundaryScore = boundaryMetrics.boundaryScore;
-      metrics2.semanticInsights.requiresHumanIntervention = boundaryMetrics.requiresHumanIntervention;
+      const metrics2 = this.createHeuristicMetrics(input, dm, ei, uniqueWords, localInsight?.intentMode);
+      if (metrics2.semanticInsights) {
+        metrics2.semanticInsights.boundaryScore = boundaryMetrics.boundaryScore;
+        metrics2.semanticInsights.requiresHumanIntervention = boundaryMetrics.requiresHumanIntervention;
+      }
       this.hooks?.onAuditComplete?.(metrics2);
       return metrics2;
     }
@@ -1606,10 +1889,17 @@ var IKFirewallCore = class _IKFirewallCore {
         throw e;
       }
     }
-    this.sniffDNA(input, metrics, activeLocale);
+    const cqScore = CognitiveEngine.sniffDNA(input);
+    metrics.dm = Math.max(metrics.dm, cqScore / 10);
+    this.applyHardening(input, metrics, activeLocale);
     this.hooks?.onAuditComplete?.(metrics);
     return metrics;
   }
+  applyHardening(input, metrics, locale = "en") {
+    const archetype = metrics.semanticInsights?.archetype || "DYNAMIC";
+    const domain = metrics.semanticInsights?.detectedDomain || "GENERAL";
+    this.setSessionDNA(this.sessionDNA + 5);
+  }
   getEmptyMetrics() {
     return {
       dm: 0,
@@ -1661,39 +1951,17 @@ var IKFirewallCore = class _IKFirewallCore {
       inputLength: input.length
     };
   }
-  sniffDNA(input, metrics, locale = "en") {
-    const archetype = metrics.semanticInsights?.archetype || "DYNAMIC";
-    const domain = metrics.semanticInsights?.detectedDomain || "GENERAL";
-    const meta = Dictionaries.meta[locale] || Dictionaries.meta.en;
-    const patterns = (meta.system_prompt_patterns || "").split(",").map((p) => p.trim()).filter((p) => p.length > 0);
-    const isSystemPrompt = patterns.some((kw) => input.toLowerCase().includes(kw));
-    let dnaShift = 0;
-    if (archetype === "CRYSTAL") {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_MODERATE;
-    } else if (archetype === "FLUID") {
-      dnaShift -= _IKFirewallCore.CONSTANTS.DNA.SOFTENING_STEP;
-    } else if (archetype === "NEURAL") {
-      dnaShift -= _IKFirewallCore.CONSTANTS.DNA.SOFTENING_STEP / 2;
-    }
-    if (["LEGAL", "MEDICAL", "FINANCE", "CONSTRUCTION", "ENGINEERING"].includes(domain)) {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_DOMAIN;
-    }
-    if (isSystemPrompt) {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_MODERATE;
-    }
-    this.setSessionDNA(this.sessionDNA + dnaShift);
-  }
   async analyzeAIAssisted(input, provider, personaName = "professional", instanceId, configOverride) {
     if (instanceId) {
       this.configManager.ensureInstanceConfig(instanceId);
     }
     const activeConfig = this.configManager.getMergedConfig(instanceId, configOverride);
-    const locale = activeConfig.locale || "en";
+    const locale = activeConfig?.locale || "en";
     const cqScore = this.orchestrator.calculateCQ(input);
     let isAuditTask = false;
-    if (activeConfig.safeMode) {
-      const boundaryResult = this.gatekeeper.evaluateBoundaryCommunication(input, activeConfig.customBoundaryKeywords);
-      if (boundaryResult.requiresHumanIntervention) {
+    if (activeConfig?.safeMode) {
+      const boundaryResult = this.gatekeeper.evaluateBoundaryCommunication(input, activeConfig?.customBoundaryKeywords);
+      if (boundaryResult?.requiresHumanIntervention) {
         isAuditTask = true;
       }
     }
@@ -1915,7 +2183,11 @@ Any action outside this scope MUST be rejected and flagged as a boundary violati
       inputLength
     };
   }
-  crystallize(input, metrics, locale = "en") {
+  crystallize(input, metrics, locale = "en", instanceId) {
+    const mergedConfig = this.configManager.getMergedConfig(instanceId);
+    if (instanceId && mergedConfig?.isVerified === false) {
+      return input;
+    }
     const archetype = metrics?.semanticInsights?.archetype || "DYNAMIC";
     const tolerance = metrics?.semanticInsights?.ambiguityTolerance || 0.5;
     const blueprint = metrics?.semanticInsights?.conceptualBlueprint;
@@ -1929,11 +2201,13 @@ Any action outside this scope MUST be rejected and flagged as a boundary violati
       this.hooks?.onStatus?.(`\u{1F6E1}\uFE0F IK_CRYSTALLIZE: Precision domain detected (${domain}). Relaxing noise reduction...`);
       archetypeModifier = -0.3;
     }
+    const cqScore = CognitiveEngine.sniffDNA(input);
+    const cognitiveThreshold = CognitiveEngine.calculateThreshold(cqScore);
     const threshold = Math.min(
       _IKFirewallCore.CONSTANTS.AI.THRESHOLD_MAX,
       Math.max(
         _IKFirewallCore.CONSTANTS.AI.THRESHOLD_MIN,
-        dm / _IKFirewallCore.CONSTANTS.AI.DM_THRESHOLD_DIVISOR + basePreference - aggModifier + archetypeModifier - tolerance * 0.1
+        cognitiveThreshold + archetypeModifier - tolerance * 0.1
       )
     );
     const lengthRatio = blueprint ? blueprint.length / input.length : 1;