npm - @irisrun/audit - Versions diffs - 0.1.0 → 0.2.0 - Mend

@irisrun/audit 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,27 @@
+# @irisrun/audit
+**Compliance-grade audit, straight from the journal.** Because every effect,
+marker, and approval is recorded in a deterministic, event-sourced journal, "what
+happened" isn't a log you hope is complete — it's a **replay-verifiable record**.
+No separate audit log to fall out of sync.
+## What it is
+A read-only projection over the existing journal (**zero kernel change**).
+`auditSession` produces a whole-session, compliance-grade trail over the *full*
+retained journal with a completeness check; `verifyReplay` / `verifySession`
+re-derive the session from its journal and assert structural integrity +
+in-process replay-determinism + totality; `renderAudit` formats the trail. This
+verifies **faithful record-replay** of captured effects — it does not make the
+model deterministic. Depends on `@irisrun/core` + `@irisrun/auth` only.
+## Use it
+```sh
+iris audit s1 --db /tmp/s1.sqlite    # a replay-verified, compliance-grade trail for session s1
+```
+See **[docs/Audit & reproducible evals](../../docs/audit-and-evals.md)**.
+---
+Part of [Iris](../../README.md) — own, portable, verifiable state.

package/dist/audit.js CHANGED Viewed

@@ -1,4 +1,4 @@
-// auditSession (roadmap P2-8): a whole-session, compliance-grade audit. UNLIKE
+// auditSession: a whole-session, compliance-grade audit. UNLIKE
 // `inspectSession` (which reads only the POST-snapshot tail), this reads the FULL
 // retained journal from seq 0 — every effect intent/result, every marker — plus the
 // governed approval trail (via @irisrun/auth's `auditApprovals`, also full-journal).

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 export declare const PACKAGE = "@irisrun/audit";
 export { auditSession, renderAudit } from "./audit.js";
 export type { AuditEntry, SessionAudit } from "./audit.js";
-export { verifyReplay, verifySession } from "./verify.js";
+export { verifyReplay, verifySession, verifyStructure } from "./verify.js";
 export type { VerifyResult } from "./verify.js";
 export { fnv1a32hex } from "./fnv.js";

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
-// @irisrun/audit — the audit & reproducible-eval product surface (roadmap P2-8).
+// @irisrun/audit — the audit & reproducible-eval product surface.
 // Pure read-only projections over the existing journal; zero kernel change.
 export const PACKAGE = "@irisrun/audit";
 export { auditSession, renderAudit } from "./audit.js";
-export { verifyReplay, verifySession } from "./verify.js";
+export { verifyReplay, verifySession, verifyStructure } from "./verify.js";
 export { fnv1a32hex } from "./fnv.js";

package/dist/verify.d.ts CHANGED Viewed

@@ -12,6 +12,19 @@ export type VerifyResult = {
     complete: boolean;
     issues: string[];
 };
+/** The reducer-FREE structural core (guarantee #1). Checks dense/monotonic seq,
+ *  self-seq vs store row position, ≤1 result per effectId, and — only when
+ *  `complete` — that every result joins a prior intent (an orphan result in a
+ *  truncated window is legitimate and NOT flagged). Pure; no reducer, no replay.
+ *  Reused by @irisrun/journal-export's file-only (Tier 1) verification. */
+export declare function verifyStructure(records: JournalRecord[], opts?: {
+    complete?: boolean;
+    rowSeqs?: number[];
+}): {
+    ok: boolean;
+    complete: boolean;
+    issues: string[];
+};
 /** Pure verification of a fold over `startState`. `records` is the retained tail to
  *  fold; `reducer` MUST match how the session was recorded (caller's responsibility).
  *  `opts.rowSeqs` are the store row positions for the self-seq integrity check. */

package/dist/verify.js CHANGED Viewed

@@ -1,4 +1,4 @@
-// verifyReplay/verifySession (roadmap P2-8): offline, compliance-grade verification
+// verifyReplay/verifySession: offline, compliance-grade verification
 // of a recorded session. THREE SOUND GUARANTEES (and no more — honesty matters):
 //  1. structural integrity (reducer-free, the strongest claim): dense monotonic seq;
 //     each record's self-reported seq matches its store row position (corruption/
@@ -15,13 +15,14 @@
 // which is not journaled for no-snapshot sessions — see the initiative decisions).
 import { replay, canonicalize, canonicalEqual, decode } from "@irisrun/core";
 import { fnv1a32hex } from "./fnv.js";
-/** Pure verification of a fold over `startState`. `records` is the retained tail to
- *  fold; `reducer` MUST match how the session was recorded (caller's responsibility).
- *  `opts.rowSeqs` are the store row positions for the self-seq integrity check. */
-export function verifyReplay(reducer, records, startState, opts = {}) {
+/** The reducer-FREE structural core (guarantee #1). Checks dense/monotonic seq,
+ *  self-seq vs store row position, ≤1 result per effectId, and — only when
+ *  `complete` — that every result joins a prior intent (an orphan result in a
+ *  truncated window is legitimate and NOT flagged). Pure; no reducer, no replay.
+ *  Reused by @irisrun/journal-export's file-only (Tier 1) verification. */
+export function verifyStructure(records, opts = {}) {
     const complete = opts.complete ?? true;
     const structural = [];
-    const retainedRange = records.length ? { from: records[0].seq, to: records[records.length - 1].seq } : null;
     // (a) dense, monotonic seq within the retained range
     for (let i = 1; i < records.length; i++) {
         if (records[i].seq !== records[i - 1].seq + 1) {
@@ -53,8 +54,18 @@ export function verifyReplay(reducer, records, startState, opts = {}) {
             }
         }
     }
-    const wellFormed = structural.length === 0;
-    const issues = [...structural];
+    return { ok: structural.length === 0, complete, issues: structural };
+}
+/** Pure verification of a fold over `startState`. `records` is the retained tail to
+ *  fold; `reducer` MUST match how the session was recorded (caller's responsibility).
+ *  `opts.rowSeqs` are the store row positions for the self-seq integrity check. */
+export function verifyReplay(reducer, records, startState, opts = {}) {
+    const retainedRange = records.length ? { from: records[0].seq, to: records[records.length - 1].seq } : null;
+    // structural integrity (guarantee #1) — delegated to the reducer-free core.
+    const struct = verifyStructure(records, { complete: opts.complete, rowSeqs: opts.rowSeqs });
+    const complete = struct.complete;
+    const wellFormed = struct.ok;
+    const issues = [...struct.issues];
     // replay: in-process determinism (fold twice) + totality
     let total = true;
     let replayDeterministic = false;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@irisrun/audit",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "type": "module",
   "description": "Iris audit & reproducible-eval product surface — whole-session, compliance-grade audit over the FULL retained journal (every effect/marker/approval, with completeness) plus offline replay-verification (structural integrity + in-process replay-determinism + totality). Pure: a read-only projection over the existing journal, zero kernel change. Deps @irisrun/core + @irisrun/auth only.",
   "exports": {
@@ -11,8 +11,8 @@
     }
   },
   "dependencies": {
-    "@irisrun/core": "^0.1.0",
-    "@irisrun/auth": "^0.1.0"
+    "@irisrun/core": "^0.2.0",
+    "@irisrun/auth": "^0.2.0"
   },
   "license": "MIT",
   "engines": {