@ik-firewall/core 2.2.0 → 2.3.1

package/dist/index.cjs

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -48,15 +58,18 @@ if (typeof window === "undefined") {
 var Registry = class _Registry {
   static instance;
   registryPath;
+  usagePath;
   hasWarnedNoFs = false;
   hasWarnedSaveError = false;
   constructor() {
     this.registryPath = "";
+    this.usagePath = "";
     if (typeof process !== "undefined" && process.versions && process.versions.node) {
       try {
         fs = require("fs");
         path = require("path");
         this.registryPath = path.join(process.cwd(), ".ik-adapter", "registry.json");
+        this.usagePath = path.join(process.cwd(), ".ik-adapter", "usage.json");
         this.ensureDirectory();
       } catch (e) {
         if (!this.hasWarnedNoFs) {
@@ -91,8 +104,13 @@ var Registry = class _Registry {
     if (!fs || !this.registryPath) return {};
     try {
       if (fs.existsSync(this.registryPath)) {
-        const data = fs.readFileSync(this.registryPath, "utf8");
-        return JSON.parse(data);
+        const rawData = fs.readFileSync(this.registryPath, "utf8");
+        try {
+          const decoded = Buffer.from(rawData, "base64").toString("utf8");
+          return JSON.parse(decoded);
+        } catch (e) {
+          return JSON.parse(rawData);
+        }
       }
     } catch (error) {
       console.error("[IK_REGISTRY] Load error:", error);
@@ -112,7 +130,9 @@ var Registry = class _Registry {
     }
     try {
       this.ensureDirectory();
-      fs.writeFileSync(this.registryPath, JSON.stringify(data, null, 2), "utf8");
+      const jsonStr = JSON.stringify(data, null, 2);
+      const obfuscated = Buffer.from(jsonStr).toString("base64");
+      fs.writeFileSync(this.registryPath, obfuscated, "utf8");
     } catch (error) {
       if (!this.hasWarnedSaveError) {
         console.error("\n[IK_REGISTRY] \u{1F6A8} ERROR saving registry.json. Your environment likely has a read-only filesystem (e.g. Vercel Serverless).");
@@ -143,17 +163,76 @@ var Registry = class _Registry {
     delete all[instanceId];
     this.save(all);
   }
+  getUsageFilePath() {
+    return this.usagePath;
+  }
+  exists(filePath) {
+    return fs && fs.existsSync(filePath);
+  }
+  loadUsage() {
+    if (!fs || !this.usagePath || !fs.existsSync(this.usagePath)) return [];
+    try {
+      const raw = fs.readFileSync(this.usagePath, "utf8");
+      return JSON.parse(raw);
+    } catch (e) {
+      return [];
+    }
+  }
+  saveUsage(data) {
+    if (!fs || !this.usagePath) return;
+    try {
+      fs.writeFileSync(this.usagePath, JSON.stringify(data, null, 2), "utf8");
+    } catch (e) {
+      console.error("[IK_REGISTRY] Failed to save usage:", e);
+    }
+  }
+  clearUsage() {
+    if (!fs || !this.usagePath) return;
+    try {
+      if (fs.existsSync(this.usagePath)) {
+        fs.unlinkSync(this.usagePath);
+      }
+    } catch (e) {
+    }
+  }
+};
+
+// src/lib/hmac.ts
+var import_node_crypto = __toESM(require("crypto"), 1);
+var IKHmac = class {
+  secret;
+  constructor(secret) {
+    this.secret = secret;
+  }
+  /**
+   * Verifies that a response from the IK-Firewall server is authentic.
+   */
+  verify(data) {
+    if (!data || !data.signature) return false;
+    const { signature, ...rest } = data;
+    const payload = JSON.stringify(rest);
+    const expectedSignature = import_node_crypto.default.createHmac("sha256", this.secret).update(payload).digest("hex");
+    return signature === expectedSignature;
+  }
 };
 
 // src/ConfigManager.ts
 var ConfigManager = class {
   config;
   registry;
-  constructor(initialConfig) {
+  hooks;
+  constructor(initialConfig, hooks) {
     this.config = initialConfig;
+    this.hooks = hooks;
     this.registry = Registry.getInstance();
     this.loadFromRegistry();
   }
+  getRegistry() {
+    return this.registry;
+  }
+  setHooks(hooks) {
+    this.hooks = hooks;
+  }
   loadFromRegistry() {
     const instanceConfigs = this.registry.load();
     this.config.instanceConfigs = {
@@ -176,32 +255,61 @@ var ConfigManager = class {
       }
     }
     try {
-      const endpoint = this.config.centralReportEndpoint || "https://ik-firewall-backend.vercel.app/api/v1/sync";
-      const data = {
-        billingStatus: "trial",
-        isVerified: true,
-        pricing: {
-          "gpt-4o": { input: 5e-3, output: 0.015 },
-          "gpt-4o-mini": { input: 15e-5, output: 6e-4 }
-        },
-        latestVersion: "2.2.0"
-      };
-      this.setInstanceConfig(instanceId, {
-        billingStatus: data.billingStatus,
-        isVerified: data.isVerified,
-        pricing: data.pricing,
-        lastSyncDate: now.toISOString()
-      });
-      if (!instanceConfig?.firstUseDate) {
+      const baseUrl = this.config.centralReportEndpoint || "https://ik-firewall.vercel.app";
+      const endpoint = `${baseUrl.replace(/\/$/, "")}/api/v1/sync`;
+      const instanceConfig2 = this.config.instanceConfigs?.[instanceId];
+      const registrationEmail = instanceConfig2?.ownerEmail || this.config.ownerEmail;
+      if ((!instanceConfig2?.licenseKey || instanceConfig2.licenseKey.startsWith("TRIAL-")) && registrationEmail) {
+        const success = await this.registerInstance(instanceId, registrationEmail);
+        if (success) {
+          this.hooks?.onStatus?.("\u2728 IK_SYNC: Zero-Config registration successful. License issued.");
+          return;
+        } else {
+          this.hooks?.onStatus?.("\u26A0\uFE0F IK_SYNC: Auto-registration failed. Continuing with local trial.");
+        }
+      }
+      this.hooks?.onStatus?.(`\u{1F4E1} IK_SYNC: Heartbeat to ${endpoint}...`);
+      const response = await fetch(`${endpoint}?licenseKey=${instanceConfig2?.licenseKey || ""}&instanceId=${instanceId}&version=2.2.0`);
+      if (response.ok) {
+        const data = await response.json();
+        if (this.config.hmacSecret) {
+          const verifier = new IKHmac(this.config.hmacSecret);
+          if (!verifier.verify(data)) {
+            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+            return;
+          }
+        }
+        this.setInstanceConfig(instanceId, {
+          billingStatus: data.billingStatus,
+          isVerified: data.isVerified,
+          pricing: data.pricing,
+          lastSyncDate: now.toISOString()
+        });
+        this.hooks?.onStatus?.("\u2705 IK_SYNC: Remote configuration updated and verified.");
+      } else {
+        throw new Error(`Server responded with ${response.status}`);
+      }
+      if (!instanceConfig2?.firstUseDate) {
         this.setInstanceConfig(instanceId, { firstUseDate: now.toISOString() });
       }
     } catch (error) {
-      console.error("[IK_CONFIG] Remote sync failed. Falling open (Fail-Open mode).");
+      console.error(`[IK_CONFIG] Remote sync failed (${error.message}). Falling open (Fail-Open mode).`);
       this.setInstanceConfig(instanceId, {
         isVerified: true,
         lastSyncDate: now.toISOString()
       });
     }
+    try {
+      const registry = this.registry;
+      if (registry.exists(registry.getUsageFilePath())) {
+        const aggregatedUsage = registry.loadUsage();
+        if (aggregatedUsage.length > 0) {
+          this.hooks?.onStatus?.(`\u{1F4CA} IK_SYNC: Found ${aggregatedUsage.length} pending usage reports. Preparation for Daily Flush...`);
+          this._pendingUsage = aggregatedUsage;
+        }
+      }
+    } catch (e) {
+    }
   }
   getConfig() {
     return { ...this.config };
@@ -242,6 +350,40 @@ var ConfigManager = class {
     }
     this.updateConfig({ plugins });
   }
+  async registerInstance(instanceId, email) {
+    try {
+      const endpoint = (this.config.centralReportEndpoint || "https://ik-firewall.vercel.app/api/v1").replace(/\/sync$/, "") + "/register";
+      this.hooks?.onStatus?.(`\u{1F680} IK_REGISTRY: Registering new instance for ${email}...`);
+      const response = await fetch(endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email, instanceId })
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (this.config.hmacSecret) {
+          const verifier = new IKHmac(this.config.hmacSecret);
+          if (!verifier.verify(data)) {
+            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+            return false;
+          }
+        }
+        this.setInstanceConfig(instanceId, {
+          licenseKey: data.licenseKey,
+          billingStatus: data.status.toLowerCase(),
+          isVerified: true,
+          firstUseDate: (/* @__PURE__ */ new Date()).toISOString(),
+          pricing: data.pricing
+        });
+        this.hooks?.onStatus?.("\u2728 IK_REGISTRY: Instance registered successfully and license issued.");
+        return true;
+      }
+      return false;
+    } catch (error) {
+      console.error("[IK_REGISTRY] Registration failed:", error);
+      return false;
+    }
+  }
   ensureInstanceConfig(instanceId) {
     const all = this.registry.load();
     if (!all[instanceId]) {
@@ -249,7 +391,9 @@ var ConfigManager = class {
         balance: this.config.balance || 0.5,
         aggressiveness: this.config.aggressiveness || 0.5,
         isEnabled: true,
-        contextMode: "FIRST_MESSAGE"
+        contextMode: "FIRST_MESSAGE",
+        ownerEmail: this.config.ownerEmail
+        // Inherit from global if not specific
       });
       this.loadFromRegistry();
     }
@@ -1328,12 +1472,6 @@ var UsageTracker = class {
   // Immediate reporting for Edge/Stateless environments
   hooks;
   config;
-  // Static pricing benchmarks (cost per 1k tokens in USD)
-  static PRICING = {
-    "gpt-4o": { input: 5e-3, output: 0.015 },
-    "gpt-4o-mini": { input: 15e-5, output: 6e-4 },
-    "local": { input: 0, output: 0 }
-  };
   constructor(config, hooks) {
     this.config = config;
     this.hooks = hooks;
@@ -1366,42 +1504,72 @@ var UsageTracker = class {
     };
     this.buffer.push(data);
     this.hooks?.onUsageReported?.(data);
-    if (this.buffer.length >= this.MAX_BUFFER_SIZE) {
-      await this.flush();
+    await this.persistToLocalBuffer(data);
+  }
+  /**
+   * Appends usage data to the local .ik-adapter/usage.json file
+   */
+  async persistToLocalBuffer(data) {
+    try {
+      const registry = this.config.getRegistry();
+      const usageFile = registry.getUsageFilePath();
+      let existingUsage = [];
+      if (registry.exists(usageFile)) {
+        existingUsage = registry.loadUsage();
+      }
+      existingUsage.push(data);
+      registry.saveUsage(existingUsage);
+    } catch (e) {
+      console.error("[IK_TRACKER] Failed to persist usage to local buffer:", e);
     }
   }
   /**
    * Send buffered usage data to the central IK billing service
    */
-  async flush() {
-    if (this.buffer.length === 0) return;
-    const endpoint = this.config.get("centralReportEndpoint");
-    if (!endpoint) {
-      this.buffer = [];
-      return;
-    }
+  async flush(aggregatedData) {
+    const usageToFlush = aggregatedData || this.buffer;
+    if (usageToFlush.length === 0) return;
+    const baseUrl = this.config.get("centralReportEndpoint") || "https://ik-firewall.vercel.app";
+    const endpoint = `${baseUrl.replace(/\/$/, "")}/api/v1/report`;
+    const hmacSecret = this.config.get("hmacSecret");
     try {
-      for (const report of this.buffer) {
-        await fetch(endpoint, {
+      this.hooks?.onStatus?.(`\u{1F4E4} IK_TRACKER: Flushing ${usageToFlush.length} interactions to ${endpoint}...`);
+      const reportsByInstance = {};
+      for (const report of usageToFlush) {
+        if (!reportsByInstance[report.instanceId]) reportsByInstance[report.instanceId] = [];
+        reportsByInstance[report.instanceId].push(report);
+      }
+      for (const [instanceId, reports] of Object.entries(reportsByInstance)) {
+        const instanceConfig = this.config.getConfig().instanceConfigs?.[instanceId];
+        const payload = {
+          licenseKey: instanceConfig?.licenseKey || "",
+          instanceId,
+          reports: reports.map((r) => ({
+            modelName: r.model_used,
+            tokensIn: r.input_tokens,
+            tokensOut: r.output_tokens,
+            tokensSaved: r.tokens_saved,
+            date: r.timestamp
+          }))
+        };
+        if (hmacSecret) {
+          const jsonStr = JSON.stringify(payload);
+          const crypto2 = await import("crypto");
+          payload.signature = crypto2.createHmac("sha256", hmacSecret).update(jsonStr).digest("hex");
+        }
+        const response = await fetch(endpoint, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({
-            instanceId: report.instanceId,
-            model: report.model_used,
-            inputTokens: report.input_tokens,
-            outputTokens: report.output_tokens,
-            optimizedTokens: report.optimized_tokens,
-            tokensSaved: report.tokens_saved,
-            costSaved: report.cost_saved,
-            commissionDue: report.commission_due,
-            cqScore: report.cq_score,
-            routingPath: report.routingPath,
-            clientOrigin: report.clientOrigin,
-            timestamp: report.timestamp
-          })
+          body: JSON.stringify(payload)
         });
+        if (!response.ok) {
+          console.error(`[IK_TRACKER] Failed to send aggregate for ${instanceId}: ${response.statusText}`);
+        }
       }
       this.buffer = [];
+      if (aggregatedData) {
+        this.config.getRegistry().clearUsage();
+      }
     } catch (error) {
       console.error("[IK_TRACKER] Failed to flush usage data:", error);
     }
@@ -1411,6 +1579,49 @@ var UsageTracker = class {
   }
 };
 
+// src/CognitiveEngine.ts
+var CognitiveEngine = class {
+  /**
+   * Sniff Cognitive DNA (CQ Score: 0-100)
+   * Higher score = higher quality, human-like, structured content.
+   */
+  static sniffDNA(input) {
+    if (!input || input.trim().length === 0) return 0;
+    const length = input.length;
+    const words = input.split(/\s+/).filter((w) => w.length > 0);
+    const wordCount = words.length;
+    const sentences = input.split(/[.!?]+/).filter((s) => s.trim().length > 0);
+    const avgSentenceLength = sentences.length > 0 ? wordCount / sentences.length : 0;
+    const sentenceVariety = sentences.length > 1 ? 10 : 0;
+    const uniqueWords = new Set(words.map((w) => w.toLowerCase())).size;
+    const lexicalBreadth = wordCount > 0 ? uniqueWords / wordCount * 40 : 0;
+    const markers = (input.match(/[,;:"'()\[\]]/g) || []).length;
+    const structuralHealth = Math.min(markers / wordCount * 100, 20);
+    const repetitivePenalty = this.calculateRepetitivePenalty(input);
+    let score = lexicalBreadth + structuralHealth + sentenceVariety + (avgSentenceLength > 5 ? 20 : 0);
+    score -= repetitivePenalty;
+    return Math.max(0, Math.min(100, score));
+  }
+  /**
+   * Calculate Crystallization Threshold
+   * Logic: 
+   * Low CQ (Noise) -> Aggressive optimization (Lower threshold, e.g. 0.6)
+   * High CQ (Quality) -> Conservative optimization (Higher threshold, e.g. 0.9)
+   */
+  static calculateThreshold(cqScore) {
+    if (cqScore < 30) return 0.65;
+    if (cqScore < 60) return 0.78;
+    if (cqScore < 85) return 0.88;
+    return 0.95;
+  }
+  static calculateRepetitivePenalty(input) {
+    const chunks = input.match(/.{1,10}/g) || [];
+    const uniqueChunks = new Set(chunks).size;
+    const ratio = chunks.length > 10 ? uniqueChunks / chunks.length : 1;
+    return ratio < 0.5 ? (1 - ratio) * 50 : 0;
+  }
+};
+
 // src/core.ts
 var IKFirewallCore = class _IKFirewallCore {
   static instance;
@@ -1465,55 +1676,75 @@ var IKFirewallCore = class _IKFirewallCore {
       FLUID_THRESHOLD: 4
     }
   };
-  gatekeeper = new HeuristicGatekeeper();
+  gatekeeper;
   configManager;
   sessionDNA = 0;
-  hooks;
   cloudProvider;
   localProvider;
   orchestrator;
   usageTracker;
+  _hooks;
+  defaultConfig;
   constructor(config, hooks, cloudProvider) {
-    const defaultConfig = {
+    this.defaultConfig = {
       aggressiveness: 0.15,
       forcedEfficiency: false,
       precisionBias: _IKFirewallCore.CONSTANTS.PRECISION.BIAS_DEFAULT,
       balance: _IKFirewallCore.CONSTANTS.TONE.STABLE_VAL,
       gatekeeperEnabled: true,
       locale: "en",
-      providerMode: "hybrid",
+      providerMode: process.env.IK_FIREWALL_MODE || "hybrid",
       runtimeStrategy: "internal",
-      localAuditEndpoint: "http://127.0.0.1:8085/v1/chat/completions",
-      fallbackToCloudAudit: false,
+      localAuditEndpoint: process.env.IK_FIREWALL_LOCAL_ENDPOINT || "http://127.0.0.1:8085/v1/chat/completions",
+      centralReportEndpoint: (process.env.IK_FIREWALL_CENTRAL_ENDPOINT || "https://ik-firewall.vercel.app").replace(/\/$/, ""),
+      ownerEmail: process.env.IK_FIREWALL_EMAIL,
+      hmacSecret: process.env.IK_FIREWALL_SECRET,
+      fallbackToCloudAudit: process.env.IK_FIREWALL_FALLBACK === "true" || false,
       modelConfig: {
         modelType: "1b"
       },
       plugins: []
     };
-    this.configManager = new ConfigManager({ ...defaultConfig, ...config });
-    if (hooks) this.hooks = hooks;
+    this._hooks = hooks;
+    this.configManager = new ConfigManager({ ...this.defaultConfig, ...config }, hooks);
+    this.gatekeeper = new HeuristicGatekeeper();
+    this.sessionDNA = _IKFirewallCore.CONSTANTS.DNA.MIN;
     const activeConfig = this.configManager.getConfig();
     this.localProvider = new LocalProvider(activeConfig.localAuditEndpoint);
     if (cloudProvider) {
-      if (cloudProvider instanceof BaseProvider) {
-        this.cloudProvider = cloudProvider;
-      } else {
-        const mode = activeConfig.providerMode;
-        if (mode === "anthropic") {
-          this.cloudProvider = new AnthropicProvider(cloudProvider);
-        } else if (mode === "deepseek") {
-          this.cloudProvider = new DeepSeekProvider(cloudProvider);
-        } else if (mode === "gemini") {
-          this.cloudProvider = new GeminiProvider(cloudProvider);
-        } else if (mode === "perplexity") {
-          this.cloudProvider = new PerplexityProvider(cloudProvider);
-        } else {
-          this.cloudProvider = new OpenAIProvider(cloudProvider);
-        }
-      }
+      this.cloudProvider = cloudProvider instanceof BaseProvider ? cloudProvider : new OpenAIProvider(cloudProvider);
+    } else if (process.env.OPENAI_API_KEY) {
+      this.cloudProvider = new OpenAIProvider(async (prompt, role) => {
+        const response = await fetch("https://api.openai.com/v1/chat/completions", {
+          method: "POST",
+          headers: {
+            "Authorization": `Bearer ${process.env.OPENAI_API_KEY}`,
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            model: role === "audit_layer" ? "gpt-4o-mini" : "gpt-4o",
+            messages: [{ role: "user", content: prompt }],
+            temperature: 0.1
+          })
+        });
+        if (!response.ok) throw new Error(`OpenAI API Error: ${response.statusText}`);
+        const data = await response.json();
+        return {
+          content: data.choices[0].message.content,
+          usage: data.usage
+        };
+      });
     }
     this.orchestrator = new Orchestrator(this.configManager);
-    this.usageTracker = new UsageTracker(this.configManager, this.hooks);
+    this.usageTracker = new UsageTracker(this.configManager, this._hooks);
+  }
+  get hooks() {
+    return this._hooks;
+  }
+  set hooks(newHooks) {
+    this._hooks = newHooks;
+    this.configManager.setHooks(newHooks);
+    this.usageTracker.hooks = newHooks;
   }
   static getInstance(config, hooks) {
     if (!_IKFirewallCore.instance) {
@@ -1625,7 +1856,14 @@ var IKFirewallCore = class _IKFirewallCore {
   async analyze(input, provider, personaName = "professional", locale, instanceId) {
     if (instanceId) {
       this.configManager.ensureInstanceConfig(instanceId);
-      await this.configManager.syncRemoteConfig(instanceId);
+      const syncPromise = this.configManager.syncRemoteConfig(instanceId).then(async () => {
+        const pendingUsage = this.configManager._pendingUsage;
+        if (pendingUsage && pendingUsage.length > 0) {
+          await this.usageTracker.flush(pendingUsage);
+          this.configManager._pendingUsage = null;
+        }
+      });
+      await syncPromise;
     }
     const mergedConfig = this.configManager.getMergedConfig(instanceId);
     if (instanceId && mergedConfig?.isVerified === false) {
@@ -1695,10 +1933,17 @@ var IKFirewallCore = class _IKFirewallCore {
         throw e;
       }
     }
-    this.sniffDNA(input, metrics, activeLocale);
+    const cqScore = CognitiveEngine.sniffDNA(input);
+    metrics.dm = Math.max(metrics.dm, cqScore / 10);
+    this.applyHardening(input, metrics, activeLocale);
     this.hooks?.onAuditComplete?.(metrics);
     return metrics;
   }
+  applyHardening(input, metrics, locale = "en") {
+    const archetype = metrics.semanticInsights?.archetype || "DYNAMIC";
+    const domain = metrics.semanticInsights?.detectedDomain || "GENERAL";
+    this.setSessionDNA(this.sessionDNA + 5);
+  }
   getEmptyMetrics() {
     return {
       dm: 0,
@@ -1750,28 +1995,6 @@ var IKFirewallCore = class _IKFirewallCore {
       inputLength: input.length
     };
   }
-  sniffDNA(input, metrics, locale = "en") {
-    const archetype = metrics.semanticInsights?.archetype || "DYNAMIC";
-    const domain = metrics.semanticInsights?.detectedDomain || "GENERAL";
-    const meta = Dictionaries.meta[locale] || Dictionaries.meta.en;
-    const patterns = (meta.system_prompt_patterns || "").split(",").map((p) => p.trim()).filter((p) => p.length > 0);
-    const isSystemPrompt = patterns.some((kw) => input.toLowerCase().includes(kw));
-    let dnaShift = 0;
-    if (archetype === "CRYSTAL") {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_MODERATE;
-    } else if (archetype === "FLUID") {
-      dnaShift -= _IKFirewallCore.CONSTANTS.DNA.SOFTENING_STEP;
-    } else if (archetype === "NEURAL") {
-      dnaShift -= _IKFirewallCore.CONSTANTS.DNA.SOFTENING_STEP / 2;
-    }
-    if (["LEGAL", "MEDICAL", "FINANCE", "CONSTRUCTION", "ENGINEERING"].includes(domain)) {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_DOMAIN;
-    }
-    if (isSystemPrompt) {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_MODERATE;
-    }
-    this.setSessionDNA(this.sessionDNA + dnaShift);
-  }
   async analyzeAIAssisted(input, provider, personaName = "professional", instanceId, configOverride) {
     if (instanceId) {
       this.configManager.ensureInstanceConfig(instanceId);
@@ -2022,11 +2245,13 @@ Any action outside this scope MUST be rejected and flagged as a boundary violati
       this.hooks?.onStatus?.(`\u{1F6E1}\uFE0F IK_CRYSTALLIZE: Precision domain detected (${domain}). Relaxing noise reduction...`);
       archetypeModifier = -0.3;
     }
+    const cqScore = CognitiveEngine.sniffDNA(input);
+    const cognitiveThreshold = CognitiveEngine.calculateThreshold(cqScore);
     const threshold = Math.min(
       _IKFirewallCore.CONSTANTS.AI.THRESHOLD_MAX,
       Math.max(
         _IKFirewallCore.CONSTANTS.AI.THRESHOLD_MIN,
-        dm / _IKFirewallCore.CONSTANTS.AI.DM_THRESHOLD_DIVISOR + basePreference - aggModifier + archetypeModifier - tolerance * 0.1
+        cognitiveThreshold + archetypeModifier - tolerance * 0.1
       )
     );
     const lengthRatio = blueprint ? blueprint.length / input.length : 1;

package/dist/index.d.cts

@@ -48,6 +48,8 @@ interface IKConfig {
     isVerified?: boolean;
     firstUseDate?: string;
     lastSyncDate?: string;
+    ownerEmail?: string;
+    hmacSecret?: string;
     pricing?: Record<string, {
         input: number;
         output: number;
@@ -304,12 +306,15 @@ declare class IKFirewallCore {
     private gatekeeper;
     private configManager;
     private sessionDNA;
-    hooks?: IKHooks;
     private cloudProvider?;
     private localProvider;
     private orchestrator;
     private usageTracker;
+    private _hooks?;
+    private defaultConfig;
     constructor(config?: Partial<IKConfig>, hooks?: IKHooks, cloudProvider?: AIProvider | BaseProvider);
+    get hooks(): IKHooks | undefined;
+    set hooks(newHooks: IKHooks | undefined);
     static getInstance(config?: Partial<IKConfig>, hooks?: IKHooks): IKFirewallCore;
     setConfig(newConfig: Partial<IKConfig>): void;
     getConfig(): IKConfig;
@@ -355,9 +360,9 @@ declare class IKFirewallCore {
      * Primary Analysis Entry Point
      */
     analyze(input: string, provider?: AIProvider | BaseProvider, personaName?: string, locale?: string, instanceId?: string): Promise<IKMetrics>;
+    private applyHardening;
     private getEmptyMetrics;
     private createHeuristicMetrics;
-    private sniffDNA;
     analyzeAIAssisted(input: string, provider?: AIProvider | BaseProvider, personaName?: string, instanceId?: string, configOverride?: Partial<IKConfig>): Promise<IKMetrics>;
     private calculateDNARank;
     private constructAuditPrompt;

package/dist/index.d.ts

@@ -48,6 +48,8 @@ interface IKConfig {
     isVerified?: boolean;
     firstUseDate?: string;
     lastSyncDate?: string;
+    ownerEmail?: string;
+    hmacSecret?: string;
     pricing?: Record<string, {
         input: number;
         output: number;
@@ -304,12 +306,15 @@ declare class IKFirewallCore {
     private gatekeeper;
     private configManager;
     private sessionDNA;
-    hooks?: IKHooks;
     private cloudProvider?;
     private localProvider;
     private orchestrator;
     private usageTracker;
+    private _hooks?;
+    private defaultConfig;
     constructor(config?: Partial<IKConfig>, hooks?: IKHooks, cloudProvider?: AIProvider | BaseProvider);
+    get hooks(): IKHooks | undefined;
+    set hooks(newHooks: IKHooks | undefined);
     static getInstance(config?: Partial<IKConfig>, hooks?: IKHooks): IKFirewallCore;
     setConfig(newConfig: Partial<IKConfig>): void;
     getConfig(): IKConfig;
@@ -355,9 +360,9 @@ declare class IKFirewallCore {
      * Primary Analysis Entry Point
      */
     analyze(input: string, provider?: AIProvider | BaseProvider, personaName?: string, locale?: string, instanceId?: string): Promise<IKMetrics>;
+    private applyHardening;
     private getEmptyMetrics;
     private createHeuristicMetrics;
-    private sniffDNA;
     analyzeAIAssisted(input: string, provider?: AIProvider | BaseProvider, personaName?: string, instanceId?: string, configOverride?: Partial<IKConfig>): Promise<IKMetrics>;
     private calculateDNARank;
     private constructAuditPrompt;

package/dist/index.js

@@ -16,15 +16,18 @@ if (typeof window === "undefined") {
 var Registry = class _Registry {
   static instance;
   registryPath;
+  usagePath;
   hasWarnedNoFs = false;
   hasWarnedSaveError = false;
   constructor() {
     this.registryPath = "";
+    this.usagePath = "";
     if (typeof process !== "undefined" && process.versions && process.versions.node) {
       try {
         fs = __require("fs");
         path = __require("path");
         this.registryPath = path.join(process.cwd(), ".ik-adapter", "registry.json");
+        this.usagePath = path.join(process.cwd(), ".ik-adapter", "usage.json");
         this.ensureDirectory();
       } catch (e) {
         if (!this.hasWarnedNoFs) {
@@ -59,8 +62,13 @@ var Registry = class _Registry {
     if (!fs || !this.registryPath) return {};
     try {
       if (fs.existsSync(this.registryPath)) {
-        const data = fs.readFileSync(this.registryPath, "utf8");
-        return JSON.parse(data);
+        const rawData = fs.readFileSync(this.registryPath, "utf8");
+        try {
+          const decoded = Buffer.from(rawData, "base64").toString("utf8");
+          return JSON.parse(decoded);
+        } catch (e) {
+          return JSON.parse(rawData);
+        }
       }
     } catch (error) {
       console.error("[IK_REGISTRY] Load error:", error);
@@ -80,7 +88,9 @@ var Registry = class _Registry {
     }
     try {
       this.ensureDirectory();
-      fs.writeFileSync(this.registryPath, JSON.stringify(data, null, 2), "utf8");
+      const jsonStr = JSON.stringify(data, null, 2);
+      const obfuscated = Buffer.from(jsonStr).toString("base64");
+      fs.writeFileSync(this.registryPath, obfuscated, "utf8");
     } catch (error) {
       if (!this.hasWarnedSaveError) {
         console.error("\n[IK_REGISTRY] \u{1F6A8} ERROR saving registry.json. Your environment likely has a read-only filesystem (e.g. Vercel Serverless).");
@@ -111,17 +121,76 @@ var Registry = class _Registry {
     delete all[instanceId];
     this.save(all);
   }
+  getUsageFilePath() {
+    return this.usagePath;
+  }
+  exists(filePath) {
+    return fs && fs.existsSync(filePath);
+  }
+  loadUsage() {
+    if (!fs || !this.usagePath || !fs.existsSync(this.usagePath)) return [];
+    try {
+      const raw = fs.readFileSync(this.usagePath, "utf8");
+      return JSON.parse(raw);
+    } catch (e) {
+      return [];
+    }
+  }
+  saveUsage(data) {
+    if (!fs || !this.usagePath) return;
+    try {
+      fs.writeFileSync(this.usagePath, JSON.stringify(data, null, 2), "utf8");
+    } catch (e) {
+      console.error("[IK_REGISTRY] Failed to save usage:", e);
+    }
+  }
+  clearUsage() {
+    if (!fs || !this.usagePath) return;
+    try {
+      if (fs.existsSync(this.usagePath)) {
+        fs.unlinkSync(this.usagePath);
+      }
+    } catch (e) {
+    }
+  }
+};
+
+// src/lib/hmac.ts
+import crypto from "crypto";
+var IKHmac = class {
+  secret;
+  constructor(secret) {
+    this.secret = secret;
+  }
+  /**
+   * Verifies that a response from the IK-Firewall server is authentic.
+   */
+  verify(data) {
+    if (!data || !data.signature) return false;
+    const { signature, ...rest } = data;
+    const payload = JSON.stringify(rest);
+    const expectedSignature = crypto.createHmac("sha256", this.secret).update(payload).digest("hex");
+    return signature === expectedSignature;
+  }
 };
 
 // src/ConfigManager.ts
 var ConfigManager = class {
   config;
   registry;
-  constructor(initialConfig) {
+  hooks;
+  constructor(initialConfig, hooks) {
     this.config = initialConfig;
+    this.hooks = hooks;
     this.registry = Registry.getInstance();
     this.loadFromRegistry();
   }
+  getRegistry() {
+    return this.registry;
+  }
+  setHooks(hooks) {
+    this.hooks = hooks;
+  }
   loadFromRegistry() {
     const instanceConfigs = this.registry.load();
     this.config.instanceConfigs = {
@@ -144,32 +213,61 @@ var ConfigManager = class {
       }
     }
     try {
-      const endpoint = this.config.centralReportEndpoint || "https://ik-firewall-backend.vercel.app/api/v1/sync";
-      const data = {
-        billingStatus: "trial",
-        isVerified: true,
-        pricing: {
-          "gpt-4o": { input: 5e-3, output: 0.015 },
-          "gpt-4o-mini": { input: 15e-5, output: 6e-4 }
-        },
-        latestVersion: "2.2.0"
-      };
-      this.setInstanceConfig(instanceId, {
-        billingStatus: data.billingStatus,
-        isVerified: data.isVerified,
-        pricing: data.pricing,
-        lastSyncDate: now.toISOString()
-      });
-      if (!instanceConfig?.firstUseDate) {
+      const baseUrl = this.config.centralReportEndpoint || "https://ik-firewall.vercel.app";
+      const endpoint = `${baseUrl.replace(/\/$/, "")}/api/v1/sync`;
+      const instanceConfig2 = this.config.instanceConfigs?.[instanceId];
+      const registrationEmail = instanceConfig2?.ownerEmail || this.config.ownerEmail;
+      if ((!instanceConfig2?.licenseKey || instanceConfig2.licenseKey.startsWith("TRIAL-")) && registrationEmail) {
+        const success = await this.registerInstance(instanceId, registrationEmail);
+        if (success) {
+          this.hooks?.onStatus?.("\u2728 IK_SYNC: Zero-Config registration successful. License issued.");
+          return;
+        } else {
+          this.hooks?.onStatus?.("\u26A0\uFE0F IK_SYNC: Auto-registration failed. Continuing with local trial.");
+        }
+      }
+      this.hooks?.onStatus?.(`\u{1F4E1} IK_SYNC: Heartbeat to ${endpoint}...`);
+      const response = await fetch(`${endpoint}?licenseKey=${instanceConfig2?.licenseKey || ""}&instanceId=${instanceId}&version=2.2.0`);
+      if (response.ok) {
+        const data = await response.json();
+        if (this.config.hmacSecret) {
+          const verifier = new IKHmac(this.config.hmacSecret);
+          if (!verifier.verify(data)) {
+            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+            return;
+          }
+        }
+        this.setInstanceConfig(instanceId, {
+          billingStatus: data.billingStatus,
+          isVerified: data.isVerified,
+          pricing: data.pricing,
+          lastSyncDate: now.toISOString()
+        });
+        this.hooks?.onStatus?.("\u2705 IK_SYNC: Remote configuration updated and verified.");
+      } else {
+        throw new Error(`Server responded with ${response.status}`);
+      }
+      if (!instanceConfig2?.firstUseDate) {
         this.setInstanceConfig(instanceId, { firstUseDate: now.toISOString() });
       }
     } catch (error) {
-      console.error("[IK_CONFIG] Remote sync failed. Falling open (Fail-Open mode).");
+      console.error(`[IK_CONFIG] Remote sync failed (${error.message}). Falling open (Fail-Open mode).`);
       this.setInstanceConfig(instanceId, {
         isVerified: true,
         lastSyncDate: now.toISOString()
       });
     }
+    try {
+      const registry = this.registry;
+      if (registry.exists(registry.getUsageFilePath())) {
+        const aggregatedUsage = registry.loadUsage();
+        if (aggregatedUsage.length > 0) {
+          this.hooks?.onStatus?.(`\u{1F4CA} IK_SYNC: Found ${aggregatedUsage.length} pending usage reports. Preparation for Daily Flush...`);
+          this._pendingUsage = aggregatedUsage;
+        }
+      }
+    } catch (e) {
+    }
   }
   getConfig() {
     return { ...this.config };
@@ -210,6 +308,40 @@ var ConfigManager = class {
     }
     this.updateConfig({ plugins });
   }
+  async registerInstance(instanceId, email) {
+    try {
+      const endpoint = (this.config.centralReportEndpoint || "https://ik-firewall.vercel.app/api/v1").replace(/\/sync$/, "") + "/register";
+      this.hooks?.onStatus?.(`\u{1F680} IK_REGISTRY: Registering new instance for ${email}...`);
+      const response = await fetch(endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email, instanceId })
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (this.config.hmacSecret) {
+          const verifier = new IKHmac(this.config.hmacSecret);
+          if (!verifier.verify(data)) {
+            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+            return false;
+          }
+        }
+        this.setInstanceConfig(instanceId, {
+          licenseKey: data.licenseKey,
+          billingStatus: data.status.toLowerCase(),
+          isVerified: true,
+          firstUseDate: (/* @__PURE__ */ new Date()).toISOString(),
+          pricing: data.pricing
+        });
+        this.hooks?.onStatus?.("\u2728 IK_REGISTRY: Instance registered successfully and license issued.");
+        return true;
+      }
+      return false;
+    } catch (error) {
+      console.error("[IK_REGISTRY] Registration failed:", error);
+      return false;
+    }
+  }
   ensureInstanceConfig(instanceId) {
     const all = this.registry.load();
     if (!all[instanceId]) {
@@ -217,7 +349,9 @@ var ConfigManager = class {
         balance: this.config.balance || 0.5,
         aggressiveness: this.config.aggressiveness || 0.5,
         isEnabled: true,
-        contextMode: "FIRST_MESSAGE"
+        contextMode: "FIRST_MESSAGE",
+        ownerEmail: this.config.ownerEmail
+        // Inherit from global if not specific
       });
       this.loadFromRegistry();
     }
@@ -1296,12 +1430,6 @@ var UsageTracker = class {
   // Immediate reporting for Edge/Stateless environments
   hooks;
   config;
-  // Static pricing benchmarks (cost per 1k tokens in USD)
-  static PRICING = {
-    "gpt-4o": { input: 5e-3, output: 0.015 },
-    "gpt-4o-mini": { input: 15e-5, output: 6e-4 },
-    "local": { input: 0, output: 0 }
-  };
   constructor(config, hooks) {
     this.config = config;
     this.hooks = hooks;
@@ -1334,42 +1462,72 @@ var UsageTracker = class {
     };
     this.buffer.push(data);
     this.hooks?.onUsageReported?.(data);
-    if (this.buffer.length >= this.MAX_BUFFER_SIZE) {
-      await this.flush();
+    await this.persistToLocalBuffer(data);
+  }
+  /**
+   * Appends usage data to the local .ik-adapter/usage.json file
+   */
+  async persistToLocalBuffer(data) {
+    try {
+      const registry = this.config.getRegistry();
+      const usageFile = registry.getUsageFilePath();
+      let existingUsage = [];
+      if (registry.exists(usageFile)) {
+        existingUsage = registry.loadUsage();
+      }
+      existingUsage.push(data);
+      registry.saveUsage(existingUsage);
+    } catch (e) {
+      console.error("[IK_TRACKER] Failed to persist usage to local buffer:", e);
     }
   }
   /**
    * Send buffered usage data to the central IK billing service
    */
-  async flush() {
-    if (this.buffer.length === 0) return;
-    const endpoint = this.config.get("centralReportEndpoint");
-    if (!endpoint) {
-      this.buffer = [];
-      return;
-    }
+  async flush(aggregatedData) {
+    const usageToFlush = aggregatedData || this.buffer;
+    if (usageToFlush.length === 0) return;
+    const baseUrl = this.config.get("centralReportEndpoint") || "https://ik-firewall.vercel.app";
+    const endpoint = `${baseUrl.replace(/\/$/, "")}/api/v1/report`;
+    const hmacSecret = this.config.get("hmacSecret");
     try {
-      for (const report of this.buffer) {
-        await fetch(endpoint, {
+      this.hooks?.onStatus?.(`\u{1F4E4} IK_TRACKER: Flushing ${usageToFlush.length} interactions to ${endpoint}...`);
+      const reportsByInstance = {};
+      for (const report of usageToFlush) {
+        if (!reportsByInstance[report.instanceId]) reportsByInstance[report.instanceId] = [];
+        reportsByInstance[report.instanceId].push(report);
+      }
+      for (const [instanceId, reports] of Object.entries(reportsByInstance)) {
+        const instanceConfig = this.config.getConfig().instanceConfigs?.[instanceId];
+        const payload = {
+          licenseKey: instanceConfig?.licenseKey || "",
+          instanceId,
+          reports: reports.map((r) => ({
+            modelName: r.model_used,
+            tokensIn: r.input_tokens,
+            tokensOut: r.output_tokens,
+            tokensSaved: r.tokens_saved,
+            date: r.timestamp
+          }))
+        };
+        if (hmacSecret) {
+          const jsonStr = JSON.stringify(payload);
+          const crypto2 = await import("crypto");
+          payload.signature = crypto2.createHmac("sha256", hmacSecret).update(jsonStr).digest("hex");
+        }
+        const response = await fetch(endpoint, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({
-            instanceId: report.instanceId,
-            model: report.model_used,
-            inputTokens: report.input_tokens,
-            outputTokens: report.output_tokens,
-            optimizedTokens: report.optimized_tokens,
-            tokensSaved: report.tokens_saved,
-            costSaved: report.cost_saved,
-            commissionDue: report.commission_due,
-            cqScore: report.cq_score,
-            routingPath: report.routingPath,
-            clientOrigin: report.clientOrigin,
-            timestamp: report.timestamp
-          })
+          body: JSON.stringify(payload)
         });
+        if (!response.ok) {
+          console.error(`[IK_TRACKER] Failed to send aggregate for ${instanceId}: ${response.statusText}`);
+        }
       }
       this.buffer = [];
+      if (aggregatedData) {
+        this.config.getRegistry().clearUsage();
+      }
     } catch (error) {
       console.error("[IK_TRACKER] Failed to flush usage data:", error);
     }
@@ -1379,6 +1537,49 @@ var UsageTracker = class {
   }
 };
 
+// src/CognitiveEngine.ts
+var CognitiveEngine = class {
+  /**
+   * Sniff Cognitive DNA (CQ Score: 0-100)
+   * Higher score = higher quality, human-like, structured content.
+   */
+  static sniffDNA(input) {
+    if (!input || input.trim().length === 0) return 0;
+    const length = input.length;
+    const words = input.split(/\s+/).filter((w) => w.length > 0);
+    const wordCount = words.length;
+    const sentences = input.split(/[.!?]+/).filter((s) => s.trim().length > 0);
+    const avgSentenceLength = sentences.length > 0 ? wordCount / sentences.length : 0;
+    const sentenceVariety = sentences.length > 1 ? 10 : 0;
+    const uniqueWords = new Set(words.map((w) => w.toLowerCase())).size;
+    const lexicalBreadth = wordCount > 0 ? uniqueWords / wordCount * 40 : 0;
+    const markers = (input.match(/[,;:"'()\[\]]/g) || []).length;
+    const structuralHealth = Math.min(markers / wordCount * 100, 20);
+    const repetitivePenalty = this.calculateRepetitivePenalty(input);
+    let score = lexicalBreadth + structuralHealth + sentenceVariety + (avgSentenceLength > 5 ? 20 : 0);
+    score -= repetitivePenalty;
+    return Math.max(0, Math.min(100, score));
+  }
+  /**
+   * Calculate Crystallization Threshold
+   * Logic: 
+   * Low CQ (Noise) -> Aggressive optimization (Lower threshold, e.g. 0.6)
+   * High CQ (Quality) -> Conservative optimization (Higher threshold, e.g. 0.9)
+   */
+  static calculateThreshold(cqScore) {
+    if (cqScore < 30) return 0.65;
+    if (cqScore < 60) return 0.78;
+    if (cqScore < 85) return 0.88;
+    return 0.95;
+  }
+  static calculateRepetitivePenalty(input) {
+    const chunks = input.match(/.{1,10}/g) || [];
+    const uniqueChunks = new Set(chunks).size;
+    const ratio = chunks.length > 10 ? uniqueChunks / chunks.length : 1;
+    return ratio < 0.5 ? (1 - ratio) * 50 : 0;
+  }
+};
+
 // src/core.ts
 var IKFirewallCore = class _IKFirewallCore {
   static instance;
@@ -1433,55 +1634,75 @@ var IKFirewallCore = class _IKFirewallCore {
       FLUID_THRESHOLD: 4
     }
   };
-  gatekeeper = new HeuristicGatekeeper();
+  gatekeeper;
   configManager;
   sessionDNA = 0;
-  hooks;
   cloudProvider;
   localProvider;
   orchestrator;
   usageTracker;
+  _hooks;
+  defaultConfig;
   constructor(config, hooks, cloudProvider) {
-    const defaultConfig = {
+    this.defaultConfig = {
       aggressiveness: 0.15,
       forcedEfficiency: false,
       precisionBias: _IKFirewallCore.CONSTANTS.PRECISION.BIAS_DEFAULT,
       balance: _IKFirewallCore.CONSTANTS.TONE.STABLE_VAL,
       gatekeeperEnabled: true,
       locale: "en",
-      providerMode: "hybrid",
+      providerMode: process.env.IK_FIREWALL_MODE || "hybrid",
       runtimeStrategy: "internal",
-      localAuditEndpoint: "http://127.0.0.1:8085/v1/chat/completions",
-      fallbackToCloudAudit: false,
+      localAuditEndpoint: process.env.IK_FIREWALL_LOCAL_ENDPOINT || "http://127.0.0.1:8085/v1/chat/completions",
+      centralReportEndpoint: (process.env.IK_FIREWALL_CENTRAL_ENDPOINT || "https://ik-firewall.vercel.app").replace(/\/$/, ""),
+      ownerEmail: process.env.IK_FIREWALL_EMAIL,
+      hmacSecret: process.env.IK_FIREWALL_SECRET,
+      fallbackToCloudAudit: process.env.IK_FIREWALL_FALLBACK === "true" || false,
       modelConfig: {
         modelType: "1b"
       },
       plugins: []
     };
-    this.configManager = new ConfigManager({ ...defaultConfig, ...config });
-    if (hooks) this.hooks = hooks;
+    this._hooks = hooks;
+    this.configManager = new ConfigManager({ ...this.defaultConfig, ...config }, hooks);
+    this.gatekeeper = new HeuristicGatekeeper();
+    this.sessionDNA = _IKFirewallCore.CONSTANTS.DNA.MIN;
     const activeConfig = this.configManager.getConfig();
     this.localProvider = new LocalProvider(activeConfig.localAuditEndpoint);
     if (cloudProvider) {
-      if (cloudProvider instanceof BaseProvider) {
-        this.cloudProvider = cloudProvider;
-      } else {
-        const mode = activeConfig.providerMode;
-        if (mode === "anthropic") {
-          this.cloudProvider = new AnthropicProvider(cloudProvider);
-        } else if (mode === "deepseek") {
-          this.cloudProvider = new DeepSeekProvider(cloudProvider);
-        } else if (mode === "gemini") {
-          this.cloudProvider = new GeminiProvider(cloudProvider);
-        } else if (mode === "perplexity") {
-          this.cloudProvider = new PerplexityProvider(cloudProvider);
-        } else {
-          this.cloudProvider = new OpenAIProvider(cloudProvider);
-        }
-      }
+      this.cloudProvider = cloudProvider instanceof BaseProvider ? cloudProvider : new OpenAIProvider(cloudProvider);
+    } else if (process.env.OPENAI_API_KEY) {
+      this.cloudProvider = new OpenAIProvider(async (prompt, role) => {
+        const response = await fetch("https://api.openai.com/v1/chat/completions", {
+          method: "POST",
+          headers: {
+            "Authorization": `Bearer ${process.env.OPENAI_API_KEY}`,
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            model: role === "audit_layer" ? "gpt-4o-mini" : "gpt-4o",
+            messages: [{ role: "user", content: prompt }],
+            temperature: 0.1
+          })
+        });
+        if (!response.ok) throw new Error(`OpenAI API Error: ${response.statusText}`);
+        const data = await response.json();
+        return {
+          content: data.choices[0].message.content,
+          usage: data.usage
+        };
+      });
     }
     this.orchestrator = new Orchestrator(this.configManager);
-    this.usageTracker = new UsageTracker(this.configManager, this.hooks);
+    this.usageTracker = new UsageTracker(this.configManager, this._hooks);
+  }
+  get hooks() {
+    return this._hooks;
+  }
+  set hooks(newHooks) {
+    this._hooks = newHooks;
+    this.configManager.setHooks(newHooks);
+    this.usageTracker.hooks = newHooks;
   }
   static getInstance(config, hooks) {
     if (!_IKFirewallCore.instance) {
@@ -1593,7 +1814,14 @@ var IKFirewallCore = class _IKFirewallCore {
   async analyze(input, provider, personaName = "professional", locale, instanceId) {
     if (instanceId) {
       this.configManager.ensureInstanceConfig(instanceId);
-      await this.configManager.syncRemoteConfig(instanceId);
+      const syncPromise = this.configManager.syncRemoteConfig(instanceId).then(async () => {
+        const pendingUsage = this.configManager._pendingUsage;
+        if (pendingUsage && pendingUsage.length > 0) {
+          await this.usageTracker.flush(pendingUsage);
+          this.configManager._pendingUsage = null;
+        }
+      });
+      await syncPromise;
     }
     const mergedConfig = this.configManager.getMergedConfig(instanceId);
     if (instanceId && mergedConfig?.isVerified === false) {
@@ -1663,10 +1891,17 @@ var IKFirewallCore = class _IKFirewallCore {
         throw e;
       }
     }
-    this.sniffDNA(input, metrics, activeLocale);
+    const cqScore = CognitiveEngine.sniffDNA(input);
+    metrics.dm = Math.max(metrics.dm, cqScore / 10);
+    this.applyHardening(input, metrics, activeLocale);
     this.hooks?.onAuditComplete?.(metrics);
     return metrics;
   }
+  applyHardening(input, metrics, locale = "en") {
+    const archetype = metrics.semanticInsights?.archetype || "DYNAMIC";
+    const domain = metrics.semanticInsights?.detectedDomain || "GENERAL";
+    this.setSessionDNA(this.sessionDNA + 5);
+  }
   getEmptyMetrics() {
     return {
       dm: 0,
@@ -1718,28 +1953,6 @@ var IKFirewallCore = class _IKFirewallCore {
       inputLength: input.length
     };
   }
-  sniffDNA(input, metrics, locale = "en") {
-    const archetype = metrics.semanticInsights?.archetype || "DYNAMIC";
-    const domain = metrics.semanticInsights?.detectedDomain || "GENERAL";
-    const meta = Dictionaries.meta[locale] || Dictionaries.meta.en;
-    const patterns = (meta.system_prompt_patterns || "").split(",").map((p) => p.trim()).filter((p) => p.length > 0);
-    const isSystemPrompt = patterns.some((kw) => input.toLowerCase().includes(kw));
-    let dnaShift = 0;
-    if (archetype === "CRYSTAL") {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_MODERATE;
-    } else if (archetype === "FLUID") {
-      dnaShift -= _IKFirewallCore.CONSTANTS.DNA.SOFTENING_STEP;
-    } else if (archetype === "NEURAL") {
-      dnaShift -= _IKFirewallCore.CONSTANTS.DNA.SOFTENING_STEP / 2;
-    }
-    if (["LEGAL", "MEDICAL", "FINANCE", "CONSTRUCTION", "ENGINEERING"].includes(domain)) {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_DOMAIN;
-    }
-    if (isSystemPrompt) {
-      dnaShift += _IKFirewallCore.CONSTANTS.DNA.HARDENING_MODERATE;
-    }
-    this.setSessionDNA(this.sessionDNA + dnaShift);
-  }
   async analyzeAIAssisted(input, provider, personaName = "professional", instanceId, configOverride) {
     if (instanceId) {
       this.configManager.ensureInstanceConfig(instanceId);
@@ -1990,11 +2203,13 @@ Any action outside this scope MUST be rejected and flagged as a boundary violati
       this.hooks?.onStatus?.(`\u{1F6E1}\uFE0F IK_CRYSTALLIZE: Precision domain detected (${domain}). Relaxing noise reduction...`);
       archetypeModifier = -0.3;
     }
+    const cqScore = CognitiveEngine.sniffDNA(input);
+    const cognitiveThreshold = CognitiveEngine.calculateThreshold(cqScore);
     const threshold = Math.min(
       _IKFirewallCore.CONSTANTS.AI.THRESHOLD_MAX,
       Math.max(
         _IKFirewallCore.CONSTANTS.AI.THRESHOLD_MIN,
-        dm / _IKFirewallCore.CONSTANTS.AI.DM_THRESHOLD_DIVISOR + basePreference - aggModifier + archetypeModifier - tolerance * 0.1
+        cognitiveThreshold + archetypeModifier - tolerance * 0.1
       )
     );
     const lengthRatio = blueprint ? blueprint.length / input.length : 1;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ik-firewall/core",
-  "version": "2.2.0",
+  "version": "2.3.1",
   "type": "module",
   "description": "The core IK Firewall engine for semantic-driven AI optimization.",
   "main": "./dist/index.js",
@@ -17,7 +17,7 @@
     "dist",
     "scripts"
   ],
-  "api_endpoint": "https://ik-firewall-backend.vercel.app/api/v1",
+  "api_endpoint": "https://ik-firewall.vercel.app/api/v1",
   "scripts": {
     "prepare": "npm run build",
     "build": "tsup src/index.ts --format cjs,esm --dts --clean",

package/scripts/setup-runtime.js

@@ -61,7 +61,9 @@ async function setup() {
                 "isEnabled": true
             }
         };
-        fs.writeFileSync(REGISTRY_FILE, JSON.stringify(initialRegistry, null, 2));
+        const jsonStr = JSON.stringify(initialRegistry, null, 2);
+        const obfuscated = Buffer.from(jsonStr).toString('base64');
+        fs.writeFileSync(REGISTRY_FILE, obfuscated, 'utf8');
         console.log(`✨ Trial activated for: ${email}`);
     }