npm - @jinn-network/client - Versions diffs - 0.1.2 → 0.1.3-canary.262e5cda - Mend

@jinn-network/client 0.1.2 → 0.1.3-canary.262e5cda

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (812) hide show

package/CHANGELOG.md +20 -0
package/CONTRIBUTING.md +8 -2
package/README.md +38 -14
package/deployments/deployment-jinn-mvi-l1-sepolia-fast.json +36 -0
package/deployments/deployment-jinn-mvi-l1-sepolia.json +36 -0
package/deployments/deployment-jinn-mvi-l2-baseSepolia.json +12 -0
package/deployments/deployment-phase1b-mech-baseSepolia-fast.json +3 -3
package/deployments/deployment-stolas-l2-baseSepolia-fast.json +1 -1
package/dist/adapters/adapter.d.ts +2 -2
package/dist/adapters/claim-registry/client.d.ts +9 -0
package/dist/adapters/claim-registry/client.js +22 -2
package/dist/adapters/claim-registry/client.js.map +1 -1
package/dist/adapters/local/adapter.d.ts +2 -2
package/dist/adapters/local/adapter.js +8 -8
package/dist/adapters/local/adapter.js.map +1 -1
package/dist/adapters/mech/adapter.d.ts +3 -4
package/dist/adapters/mech/adapter.js +86 -50
package/dist/adapters/mech/adapter.js.map +1 -1
package/dist/adapters/mech/contracts.d.ts +6 -4
package/dist/adapters/mech/contracts.js +118 -14
package/dist/adapters/mech/contracts.js.map +1 -1
package/dist/adapters/mech/ipfs.d.ts +61 -6
package/dist/adapters/mech/ipfs.js +159 -26
package/dist/adapters/mech/ipfs.js.map +1 -1
package/dist/adapters/mech/safe-revert.d.ts +39 -0
package/dist/adapters/mech/safe-revert.js +130 -0
package/dist/adapters/mech/safe-revert.js.map +1 -0
package/dist/adapters/mech/safe.js +47 -21
package/dist/adapters/mech/safe.js.map +1 -1
package/dist/adapters/mech/types.d.ts +8 -0
package/dist/adapters/mech/types.js.map +1 -1
package/dist/agent/agent-ws.d.ts +55 -0
package/dist/agent/agent-ws.js +288 -0
package/dist/agent/agent-ws.js.map +1 -0
package/dist/agent/auto-mode-detect.d.ts +6 -0
package/dist/agent/auto-mode-detect.js +44 -0
package/dist/agent/auto-mode-detect.js.map +1 -0
package/dist/agent/operator-claude.d.ts +22 -0
package/dist/agent/operator-claude.js +130 -0
package/dist/agent/operator-claude.js.map +1 -0
package/dist/api/admin-endpoint.d.ts +12 -0
package/dist/api/admin-endpoint.js +71 -0
package/dist/api/admin-endpoint.js.map +1 -0
package/dist/api/bootstrap-endpoint.d.ts +16 -0
package/dist/api/bootstrap-endpoint.js +78 -0
package/dist/api/bootstrap-endpoint.js.map +1 -0
package/dist/api/events-endpoint.d.ts +9 -0
package/dist/api/events-endpoint.js +46 -0
package/dist/api/events-endpoint.js.map +1 -0
package/dist/api/fleet-build.d.ts +1 -1
package/dist/api/fleet-build.js +17 -8
package/dist/api/fleet-build.js.map +1 -1
package/dist/api/gather-status.js +5 -1
package/dist/api/gather-status.js.map +1 -1
package/dist/api/handshake.d.ts +17 -0
package/dist/api/handshake.js +28 -0
package/dist/api/handshake.js.map +1 -0
package/dist/api/peers.js +20 -5
package/dist/api/peers.js.map +1 -1
package/dist/api/portfolio-v0-build.d.ts +6 -0
package/dist/api/portfolio-v0-build.js +6 -1
package/dist/api/portfolio-v0-build.js.map +1 -1
package/dist/api/rewards-build.js +3 -8
package/dist/api/rewards-build.js.map +1 -1
package/dist/api/server.d.ts +54 -0
package/dist/api/server.js +239 -13
package/dist/api/server.js.map +1 -1
package/dist/api/setup-endpoints.d.ts +34 -0
package/dist/api/setup-endpoints.js +188 -0
package/dist/api/setup-endpoints.js.map +1 -0
package/dist/api/status-build.d.ts +9 -1
package/dist/api/status-build.js +44 -9
package/dist/api/status-build.js.map +1 -1
package/dist/api/status-rollup-build.d.ts +46 -1
package/dist/api/status-rollup-build.js +168 -5
package/dist/api/status-rollup-build.js.map +1 -1
package/dist/api/ui-token.d.ts +5 -0
package/dist/api/ui-token.js +36 -0
package/dist/api/ui-token.js.map +1 -0
package/dist/build-info.d.ts +32 -0
package/dist/build-info.js +69 -0
package/dist/build-info.js.map +1 -0
package/dist/build-info.json +6 -0
package/dist/build-meta.json +1 -1
package/dist/cli/command.d.ts +9 -0
package/dist/cli/commands/balance.d.ts +7 -0
package/dist/cli/commands/balance.js +38 -32
package/dist/cli/commands/balance.js.map +1 -1
package/dist/cli/commands/bootstrap.d.ts +13 -1
package/dist/cli/commands/bootstrap.js +150 -132
package/dist/cli/commands/bootstrap.js.map +1 -1
package/dist/cli/commands/claim-rewards.js +14 -2
package/dist/cli/commands/claim-rewards.js.map +1 -1
package/dist/cli/commands/conformance.d.ts +12 -0
package/dist/cli/commands/conformance.js +140 -0
package/dist/cli/commands/conformance.js.map +1 -0
package/dist/cli/commands/create.d.ts +36 -0
package/dist/cli/commands/create.js +374 -0
package/dist/cli/commands/create.js.map +1 -0
package/dist/cli/commands/doctor.d.ts +34 -1
package/dist/cli/commands/doctor.js +136 -121
package/dist/cli/commands/doctor.js.map +1 -1
package/dist/cli/commands/fleet-scale.d.ts +19 -1
package/dist/cli/commands/fleet-scale.js +379 -361
package/dist/cli/commands/fleet-scale.js.map +1 -1
package/dist/cli/commands/fleet.d.ts +7 -0
package/dist/cli/commands/fleet.js +39 -33
package/dist/cli/commands/fleet.js.map +1 -1
package/dist/cli/commands/fund-requirements.d.ts +14 -1
package/dist/cli/commands/fund-requirements.js +183 -174
package/dist/cli/commands/fund-requirements.js.map +1 -1
package/dist/cli/commands/history.d.ts +10 -1
package/dist/cli/commands/history.js +66 -57
package/dist/cli/commands/history.js.map +1 -1
package/dist/cli/commands/impls.d.ts +18 -0
package/dist/cli/commands/impls.js +208 -0
package/dist/cli/commands/impls.js.map +1 -0
package/dist/cli/commands/init.js +4 -1
package/dist/cli/commands/init.js.map +1 -1
package/dist/cli/commands/intents.js +13 -9
package/dist/cli/commands/intents.js.map +1 -1
package/dist/cli/commands/logs.d.ts +6 -1
package/dist/cli/commands/logs.js +77 -70
package/dist/cli/commands/logs.js.map +1 -1
package/dist/cli/commands/migrate-agent-id.d.ts +26 -0
package/dist/cli/commands/migrate-agent-id.js +165 -0
package/dist/cli/commands/migrate-agent-id.js.map +1 -0
package/dist/cli/commands/plug-ins.d.ts +34 -0
package/dist/cli/commands/plug-ins.js +282 -0
package/dist/cli/commands/plug-ins.js.map +1 -0
package/dist/cli/commands/plugin-install.d.ts +10 -0
package/dist/cli/commands/plugin-install.js +226 -14
package/dist/cli/commands/plugin-install.js.map +1 -1
package/dist/cli/commands/rewards.d.ts +7 -0
package/dist/cli/commands/rewards.js +46 -40
package/dist/cli/commands/rewards.js.map +1 -1
package/dist/cli/commands/run.d.ts +14 -1
package/dist/cli/commands/run.js +232 -90
package/dist/cli/commands/run.js.map +1 -1
package/dist/cli/commands/status.d.ts +10 -0
package/dist/cli/commands/status.js +97 -34
package/dist/cli/commands/status.js.map +1 -1
package/dist/cli/commands/submit-intent.js +33 -6
package/dist/cli/commands/submit-intent.js.map +1 -1
package/dist/cli/commands/ui.js +45 -0
package/dist/cli/commands/ui.js.map +1 -0
package/dist/cli/commands/update.d.ts +5 -0
package/dist/cli/commands/update.js +102 -97
package/dist/cli/commands/update.js.map +1 -1
package/dist/cli/commands/version.js +3 -1
package/dist/cli/commands/version.js.map +1 -1
package/dist/cli/commands/withdraw.d.ts +21 -1
package/dist/cli/commands/withdraw.js +175 -159
package/dist/cli/commands/withdraw.js.map +1 -1
package/dist/cli/execution-context.d.ts +1 -1
package/dist/cli/execution-context.js +2 -1
package/dist/cli/execution-context.js.map +1 -1
package/dist/cli/help.js +7 -0
package/dist/cli/help.js.map +1 -1
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.js +18 -2
package/dist/cli/index.js.map +1 -1
package/dist/cli/intent-registry-access.d.ts +33 -1
package/dist/cli/intent-registry-access.js +40 -2
package/dist/cli/intent-registry-access.js.map +1 -1
package/dist/cli/open-browser.d.ts +1 -0
package/dist/cli/open-browser.js +18 -0
package/dist/cli/open-browser.js.map +1 -0
package/dist/cli/password.d.ts +3 -3
package/dist/cli/password.js +5 -5
package/dist/cli/password.js.map +1 -1
package/dist/config.d.ts +883 -11
package/dist/config.js +435 -4
package/dist/config.js.map +1 -1
package/dist/conformance/checks/artifacts.d.ts +37 -0
package/dist/conformance/checks/artifacts.js +110 -0
package/dist/conformance/checks/artifacts.js.map +1 -0
package/dist/conformance/checks/envelope-schema.d.ts +17 -0
package/dist/conformance/checks/envelope-schema.js +36 -0
package/dist/conformance/checks/envelope-schema.js.map +1 -0
package/dist/conformance/checks/hash-signature.d.ts +26 -0
package/dist/conformance/checks/hash-signature.js +70 -0
package/dist/conformance/checks/hash-signature.js.map +1 -0
package/dist/conformance/checks/payload.d.ts +19 -0
package/dist/conformance/checks/payload.js +52 -0
package/dist/conformance/checks/payload.js.map +1 -0
package/dist/conformance/checks/secret-scrub.d.ts +33 -0
package/dist/conformance/checks/secret-scrub.js +118 -0
package/dist/conformance/checks/secret-scrub.js.map +1 -0
package/dist/conformance/checks/source-runtime.d.ts +43 -0
package/dist/conformance/checks/source-runtime.js +68 -0
package/dist/conformance/checks/source-runtime.js.map +1 -0
package/dist/conformance/checks/source-static.d.ts +61 -0
package/dist/conformance/checks/source-static.js +311 -0
package/dist/conformance/checks/source-static.js.map +1 -0
package/dist/conformance/checks/trajectory-chain.d.ts +18 -0
package/dist/conformance/checks/trajectory-chain.js +51 -0
package/dist/conformance/checks/trajectory-chain.js.map +1 -0
package/dist/conformance/checks/trajectory-profile.d.ts +17 -0
package/dist/conformance/checks/trajectory-profile.js +51 -0
package/dist/conformance/checks/trajectory-profile.js.map +1 -0
package/dist/conformance/checks/trajectory-schema.d.ts +20 -0
package/dist/conformance/checks/trajectory-schema.js +40 -0
package/dist/conformance/checks/trajectory-schema.js.map +1 -0
package/dist/conformance/checks/verdict.d.ts +44 -0
package/dist/conformance/checks/verdict.js +122 -0
package/dist/conformance/checks/verdict.js.map +1 -0
package/dist/conformance/harness.d.ts +32 -0
package/dist/conformance/harness.js +228 -0
package/dist/conformance/harness.js.map +1 -0
package/dist/conformance/types.d.ts +88 -0
package/dist/conformance/types.js +31 -0
package/dist/conformance/types.js.map +1 -0
package/dist/corpus/acquire.d.ts +37 -0
package/dist/corpus/acquire.js +155 -0
package/dist/corpus/acquire.js.map +1 -0
package/dist/corpus/cache.d.ts +14 -0
package/dist/corpus/cache.js +18 -0
package/dist/corpus/cache.js.map +1 -0
package/dist/corpus/fetch.d.ts +9 -0
package/dist/corpus/fetch.js +24 -0
package/dist/corpus/fetch.js.map +1 -0
package/dist/corpus/index.d.ts +16 -0
package/dist/corpus/index.js +78 -0
package/dist/corpus/index.js.map +1 -0
package/dist/corpus/query.d.ts +17 -0
package/dist/corpus/query.js +108 -0
package/dist/corpus/query.js.map +1 -0
package/dist/corpus/route-resolver.d.ts +16 -0
package/dist/corpus/route-resolver.js +20 -0
package/dist/corpus/route-resolver.js.map +1 -0
package/dist/corpus/types.d.ts +107 -0
package/dist/corpus/types.js +50 -0
package/dist/corpus/types.js.map +1 -0
package/dist/daemon/balance-topup-loop.js +2 -1
package/dist/daemon/balance-topup-loop.js.map +1 -1
package/dist/daemon/creator.d.ts +2 -2
package/dist/daemon/creator.js +2 -2
package/dist/daemon/creator.js.map +1 -1
package/dist/daemon/daemon.d.ts +70 -15
package/dist/daemon/daemon.js +159 -41
package/dist/daemon/daemon.js.map +1 -1
package/dist/daemon/delivery-watcher.js +31 -1
package/dist/daemon/delivery-watcher.js.map +1 -1
package/dist/daemon/jinn-claim-loop-canonical.d.ts +207 -0
package/dist/daemon/jinn-claim-loop-canonical.js +296 -0
package/dist/daemon/jinn-claim-loop-canonical.js.map +1 -0
package/dist/daemon/jinn-claim-loop-mock.d.ts +61 -0
package/dist/daemon/jinn-claim-loop-mock.js +122 -0
package/dist/daemon/jinn-claim-loop-mock.js.map +1 -0
package/dist/daemon/jinn-claim-loop.d.ts +123 -0
package/dist/daemon/jinn-claim-loop.js +256 -0
package/dist/daemon/jinn-claim-loop.js.map +1 -0
package/dist/daemon/reward-claim-loop.d.ts +2 -0
package/dist/daemon/reward-claim-loop.js +32 -27
package/dist/daemon/reward-claim-loop.js.map +1 -1
package/dist/dashboard/assets/index-Bxlk5qpa.js +68 -0
package/dist/dashboard/assets/index-DQ3u_vP5.css +32 -0
package/dist/dashboard/index.html +18 -74
package/dist/earning/agent-wallet-binding.d.ts +133 -0
package/dist/earning/agent-wallet-binding.js +202 -0
package/dist/earning/agent-wallet-binding.js.map +1 -0
package/dist/earning/bootstrap.d.ts +64 -0
package/dist/earning/bootstrap.js +325 -32
package/dist/earning/bootstrap.js.map +1 -1
package/dist/earning/contracts.d.ts +323 -0
package/dist/earning/contracts.js +276 -0
package/dist/earning/contracts.js.map +1 -1
package/dist/earning/funding-plan.d.ts +90 -0
package/dist/earning/funding-plan.js +203 -0
package/dist/earning/funding-plan.js.map +1 -0
package/dist/earning/migrate-agent-id.d.ts +130 -0
package/dist/earning/migrate-agent-id.js +257 -0
package/dist/earning/migrate-agent-id.js.map +1 -0
package/dist/earning/orphan-sweep.d.ts +14 -0
package/dist/earning/orphan-sweep.js +63 -2
package/dist/earning/orphan-sweep.js.map +1 -1
package/dist/earning/reconcile.d.ts +2 -0
package/dist/earning/reconcile.js +30 -0
package/dist/earning/reconcile.js.map +1 -1
package/dist/earning/stolas-claim.d.ts +86 -6
package/dist/earning/stolas-claim.js +123 -9
package/dist/earning/stolas-claim.js.map +1 -1
package/dist/earning/store.d.ts +39 -0
package/dist/earning/store.js +72 -1
package/dist/earning/store.js.map +1 -1
package/dist/earning/testnet-setup-migration.d.ts +32 -0
package/dist/earning/testnet-setup-migration.js +214 -0
package/dist/earning/testnet-setup-migration.js.map +1 -0
package/dist/earning/types.d.ts +53 -9
package/dist/earning/types.js +51 -2
package/dist/earning/types.js.map +1 -1
package/dist/earning/viem-clients.d.ts +20 -0
package/dist/earning/viem-clients.js +32 -1
package/dist/earning/viem-clients.js.map +1 -1
package/dist/erc8004/abis.d.ts +381 -0
package/dist/erc8004/abis.js +238 -0
package/dist/erc8004/abis.js.map +1 -0
package/dist/erc8004/addresses.d.ts +40 -0
package/dist/erc8004/addresses.js +64 -0
package/dist/erc8004/addresses.js.map +1 -0
package/dist/erc8004/identity.d.ts +202 -0
package/dist/erc8004/identity.js +305 -0
package/dist/erc8004/identity.js.map +1 -0
package/dist/erc8004/index.d.ts +13 -0
package/dist/erc8004/index.js +20 -0
package/dist/erc8004/index.js.map +1 -0
package/dist/erc8004/reputation.d.ts +349 -0
package/dist/erc8004/reputation.js +464 -0
package/dist/erc8004/reputation.js.map +1 -0
package/dist/erc8004/subgraph.d.ts +46 -0
package/dist/erc8004/subgraph.js +37 -0
package/dist/erc8004/subgraph.js.map +1 -0
package/dist/erc8004/validation.d.ts +145 -0
package/dist/erc8004/validation.js +219 -0
package/dist/erc8004/validation.js.map +1 -0
package/dist/errors/persisted-bootstrap-error.d.ts +4 -0
package/dist/errors/persisted-bootstrap-error.js +50 -0
package/dist/errors/persisted-bootstrap-error.js.map +1 -0
package/dist/events/emitter.d.ts +12 -0
package/dist/events/emitter.js +23 -0
package/dist/events/emitter.js.map +1 -0
package/dist/events/ring-buffer.d.ts +25 -0
package/dist/events/ring-buffer.js +46 -0
package/dist/events/ring-buffer.js.map +1 -0
package/dist/events/types.d.ts +42 -0
package/dist/events/types.js +28 -0
package/dist/events/types.js.map +1 -0
package/dist/index.d.ts +1 -1
package/dist/intents/kinds/index.d.ts +10 -0
package/dist/intents/kinds/index.js +7 -0
package/dist/intents/kinds/index.js.map +1 -1
package/dist/intents/kinds/learner-loop-test.d.ts +2 -0
package/dist/intents/kinds/learner-loop-test.js +39 -0
package/dist/intents/kinds/learner-loop-test.js.map +1 -0
package/dist/intents/kinds/prediction-apy-v0.js +5 -1
package/dist/intents/kinds/prediction-apy-v0.js.map +1 -1
package/dist/intents/kinds/prediction-v0.js +5 -0
package/dist/intents/kinds/prediction-v0.js.map +1 -1
package/dist/intents/kinds/spec-kind.d.ts +18 -1
package/dist/intents/posting-service.d.ts +3 -5
package/dist/intents/posting-service.js +16 -50
package/dist/intents/posting-service.js.map +1 -1
package/dist/intents/prediction-apy-v0-auto.d.ts +12 -2
package/dist/intents/prediction-apy-v0-auto.js +27 -2
package/dist/intents/prediction-apy-v0-auto.js.map +1 -1
package/dist/intents/prediction-v0-auto.d.ts +14 -4
package/dist/intents/prediction-v0-auto.js +29 -5
package/dist/intents/prediction-v0-auto.js.map +1 -1
package/dist/intents/signing.d.ts +13 -0
package/dist/intents/signing.js +27 -0
package/dist/intents/signing.js.map +1 -0
package/dist/intents/sources.d.ts +12 -5
package/dist/intents/sources.js +11 -11
package/dist/intents/sources.js.map +1 -1
package/dist/main.d.ts +5 -2
package/dist/main.js +792 -66
package/dist/main.js.map +1 -1
package/dist/mcp/acquire-artifact.d.ts +39 -0
package/dist/mcp/acquire-artifact.js +163 -0
package/dist/mcp/acquire-artifact.js.map +1 -0
package/dist/mcp/operator-server.d.ts +20 -3
package/dist/mcp/operator-server.js +500 -25
package/dist/mcp/operator-server.js.map +1 -1
package/dist/mcp/search-artifacts.d.ts +31 -0
package/dist/mcp/search-artifacts.js +40 -0
package/dist/mcp/search-artifacts.js.map +1 -0
package/dist/mcp/server.js +103 -58
package/dist/mcp/server.js.map +1 -1
package/dist/observability/emit-event.d.ts +1 -1
package/dist/observability/emit-event.js.map +1 -1
package/dist/operator-errors.js +4 -5
package/dist/operator-errors.js.map +1 -1
package/dist/preflight/claude-auth.d.ts +11 -11
package/dist/preflight/claude-auth.js +18 -32
package/dist/preflight/claude-auth.js.map +1 -1
package/dist/restorer/capability/index.d.ts +82 -0
package/dist/restorer/capability/index.js +12 -0
package/dist/restorer/capability/index.js.map +1 -0
package/dist/restorer/capability/scoped-rpc.d.ts +12 -0
package/dist/restorer/capability/scoped-rpc.js +34 -0
package/dist/restorer/capability/scoped-rpc.js.map +1 -0
package/dist/restorer/capability/scoped-secrets.d.ts +8 -0
package/dist/restorer/capability/scoped-secrets.js +10 -0
package/dist/restorer/capability/scoped-secrets.js.map +1 -0
package/dist/restorer/capability/scoped-signer.d.ts +46 -0
package/dist/restorer/capability/scoped-signer.js +73 -0
package/dist/restorer/capability/scoped-signer.js.map +1 -0
package/dist/restorer/engine/canonical-json.d.ts +0 -17
package/dist/restorer/engine/canonical-json.js +56 -49
package/dist/restorer/engine/canonical-json.js.map +1 -1
package/dist/restorer/engine/claim.js +8 -1
package/dist/restorer/engine/claim.js.map +1 -1
package/dist/restorer/engine/delivery.d.ts +2 -0
package/dist/restorer/engine/delivery.js +2 -2
package/dist/restorer/engine/delivery.js.map +1 -1
package/dist/restorer/engine/engine.d.ts +143 -26
package/dist/restorer/engine/engine.js +485 -104
package/dist/restorer/engine/engine.js.map +1 -1
package/dist/restorer/engine/envelope-assembly.d.ts +65 -0
package/dist/restorer/engine/envelope-assembly.js +60 -0
package/dist/restorer/engine/envelope-assembly.js.map +1 -0
package/dist/restorer/engine/packaging.d.ts +30 -30
package/dist/restorer/engine/packaging.js +73 -47
package/dist/restorer/engine/packaging.js.map +1 -1
package/dist/restorer/engine/persistence.d.ts +7 -7
package/dist/restorer/engine/persistence.js +4 -4
package/dist/restorer/engine/persistence.js.map +1 -1
package/dist/restorer/engine/registry.d.ts +24 -13
package/dist/restorer/engine/registry.js +16 -13
package/dist/restorer/engine/registry.js.map +1 -1
package/dist/restorer/engine/validate-manifest.d.ts +23 -0
package/dist/restorer/engine/validate-manifest.js +49 -0
package/dist/restorer/engine/validate-manifest.js.map +1 -0
package/dist/restorer/engine/verification-stub.d.ts +18 -0
package/dist/restorer/engine/verification-stub.js +18 -0
package/dist/restorer/engine/verification-stub.js.map +1 -0
package/dist/restorer/external-impls/index.d.ts +3 -0
package/dist/restorer/external-impls/index.js +2 -0
package/dist/restorer/external-impls/index.js.map +1 -0
package/dist/restorer/external-impls/loader.d.ts +49 -0
package/dist/restorer/external-impls/loader.js +138 -0
package/dist/restorer/external-impls/loader.js.map +1 -0
package/dist/restorer/external-impls/package-hash.d.ts +26 -0
package/dist/restorer/external-impls/package-hash.js +102 -0
package/dist/restorer/external-impls/package-hash.js.map +1 -0
package/dist/restorer/external-impls/types.d.ts +42 -0
package/dist/restorer/external-impls/types.js +10 -0
package/dist/restorer/external-impls/types.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/adapters/claude-code.d.ts +38 -0
package/dist/restorer/impls/claude-code-learner/adapters/claude-code.js +200 -0
package/dist/restorer/impls/claude-code-learner/adapters/claude-code.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/harvest.d.ts +19 -0
package/dist/restorer/impls/claude-code-learner/harvest.js +146 -0
package/dist/restorer/impls/claude-code-learner/harvest.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/index.d.ts +15 -0
package/dist/restorer/impls/claude-code-learner/index.js +14 -0
package/dist/restorer/impls/claude-code-learner/index.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/mcp-config.d.ts +48 -0
package/dist/restorer/impls/claude-code-learner/mcp-config.js +52 -0
package/dist/restorer/impls/claude-code-learner/mcp-config.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/plugin-path.d.ts +14 -0
package/dist/restorer/impls/claude-code-learner/plugin-path.js +30 -0
package/dist/restorer/impls/claude-code-learner/plugin-path.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/restorer.d.ts +38 -0
package/dist/restorer/impls/claude-code-learner/restorer.js +73 -0
package/dist/restorer/impls/claude-code-learner/restorer.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/test-utils/fake-plugin-outputs.d.ts +19 -0
package/dist/restorer/impls/claude-code-learner/test-utils/fake-plugin-outputs.js +111 -0
package/dist/restorer/impls/claude-code-learner/test-utils/fake-plugin-outputs.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/test-utils/noop-adapter.d.ts +22 -0
package/dist/restorer/impls/claude-code-learner/test-utils/noop-adapter.js +35 -0
package/dist/restorer/impls/claude-code-learner/test-utils/noop-adapter.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/test-utils/synthetic-session.d.ts +20 -0
package/dist/restorer/impls/claude-code-learner/test-utils/synthetic-session.js +34 -0
package/dist/restorer/impls/claude-code-learner/test-utils/synthetic-session.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/types.d.ts +99 -0
package/dist/restorer/impls/claude-code-learner/types.js +2 -0
package/dist/restorer/impls/claude-code-learner/types.js.map +1 -0
package/dist/restorer/impls/claude-code-learner/wrapper.d.ts +49 -0
package/dist/restorer/impls/claude-code-learner/wrapper.js +144 -0
package/dist/restorer/impls/claude-code-learner/wrapper.js.map +1 -0
package/dist/restorer/impls/claude-mcp-hyperliquid/index.d.ts +2 -2
package/dist/restorer/impls/claude-mcp-hyperliquid/index.js +2 -2
package/dist/restorer/impls/claude-mcp-hyperliquid/index.js.map +1 -1
package/dist/restorer/impls/claude-mcp-hyperliquid/session-orchestrator.d.ts +7 -0
package/dist/restorer/impls/claude-mcp-hyperliquid/session-orchestrator.js +38 -0
package/dist/restorer/impls/claude-mcp-hyperliquid/session-orchestrator.js.map +1 -1
package/dist/restorer/impls/claude-mcp-prediction/index.d.ts +2 -2
package/dist/restorer/impls/claude-mcp-prediction/index.js +12 -2
package/dist/restorer/impls/claude-mcp-prediction/index.js.map +1 -1
package/dist/restorer/impls/claude-mcp-prediction/session-orchestrator.d.ts +9 -2
package/dist/restorer/impls/claude-mcp-prediction/session-orchestrator.js +9 -125
package/dist/restorer/impls/claude-mcp-prediction/session-orchestrator.js.map +1 -1
package/dist/restorer/impls/claude-mcp-prediction-apy/index.d.ts +2 -2
package/dist/restorer/impls/claude-mcp-prediction-apy/index.js +9 -2
package/dist/restorer/impls/claude-mcp-prediction-apy/index.js.map +1 -1
package/dist/restorer/impls/claude-mcp-prediction-apy/session-orchestrator.d.ts +10 -0
package/dist/restorer/impls/claude-mcp-prediction-apy/session-orchestrator.js +10 -119
package/dist/restorer/impls/claude-mcp-prediction-apy/session-orchestrator.js.map +1 -1
package/dist/restorer/impls/claude-mcp-shared/single-session-orchestrator.d.ts +84 -0
package/dist/restorer/impls/claude-mcp-shared/single-session-orchestrator.js +206 -0
package/dist/restorer/impls/claude-mcp-shared/single-session-orchestrator.js.map +1 -0
package/dist/restorer/impls/evaluation-context.d.ts +11 -4
package/dist/restorer/impls/evaluation-context.js +9 -2
package/dist/restorer/impls/evaluation-context.js.map +1 -1
package/dist/restorer/impls/index.d.ts +46 -1
package/dist/restorer/impls/index.js +38 -0
package/dist/restorer/impls/index.js.map +1 -1
package/dist/restorer/impls/legacy-claude/index.d.ts +13 -1
package/dist/restorer/impls/legacy-claude/index.js +2 -0
package/dist/restorer/impls/legacy-claude/index.js.map +1 -1
package/dist/restorer/impls/portfolio-v0-evaluator/index.d.ts +4 -4
package/dist/restorer/impls/portfolio-v0-evaluator/index.js +184 -55
package/dist/restorer/impls/portfolio-v0-evaluator/index.js.map +1 -1
package/dist/restorer/impls/prediction-apy-v0-baseline/index.d.ts +1 -1
package/dist/restorer/impls/prediction-apy-v0-baseline/index.js +8 -1
package/dist/restorer/impls/prediction-apy-v0-baseline/index.js.map +1 -1
package/dist/restorer/impls/prediction-apy-v0-evaluator/index.d.ts +3 -3
package/dist/restorer/impls/prediction-apy-v0-evaluator/index.js +153 -15
package/dist/restorer/impls/prediction-apy-v0-evaluator/index.js.map +1 -1
package/dist/restorer/impls/prediction-apy-v0-evaluator/parse-submission.d.ts +14 -5
package/dist/restorer/impls/prediction-apy-v0-evaluator/parse-submission.js +16 -23
package/dist/restorer/impls/prediction-apy-v0-evaluator/parse-submission.js.map +1 -1
package/dist/restorer/impls/prediction-v0-baseline/index.d.ts +1 -1
package/dist/restorer/impls/prediction-v0-baseline/index.js +16 -7
package/dist/restorer/impls/prediction-v0-baseline/index.js.map +1 -1
package/dist/restorer/impls/prediction-v0-evaluator/checks/integrity.d.ts +5 -3
package/dist/restorer/impls/prediction-v0-evaluator/checks/integrity.js.map +1 -1
package/dist/restorer/impls/prediction-v0-evaluator/index.d.ts +2 -2
package/dist/restorer/impls/prediction-v0-evaluator/index.js +175 -67
package/dist/restorer/impls/prediction-v0-evaluator/index.js.map +1 -1
package/dist/restorer/manifest/index.d.ts +3 -0
package/dist/restorer/manifest/index.js +3 -0
package/dist/restorer/manifest/index.js.map +1 -0
package/dist/restorer/manifest/load.d.ts +7 -0
package/dist/restorer/manifest/load.js +49 -0
package/dist/restorer/manifest/load.js.map +1 -0
package/dist/restorer/manifest/types.d.ts +75 -0
package/dist/restorer/manifest/types.js +8 -0
package/dist/restorer/manifest/types.js.map +1 -0
package/dist/restorer/manifest/verify.d.ts +15 -0
package/dist/restorer/manifest/verify.js +53 -0
package/dist/restorer/manifest/verify.js.map +1 -0
package/dist/restorer/plug-ins/index.d.ts +14 -0
package/dist/restorer/plug-ins/index.js +11 -0
package/dist/restorer/plug-ins/index.js.map +1 -0
package/dist/restorer/plug-ins/loader.d.ts +27 -0
package/dist/restorer/plug-ins/loader.js +101 -0
package/dist/restorer/plug-ins/loader.js.map +1 -0
package/dist/restorer/plug-ins/manifest.d.ts +7 -0
package/dist/restorer/plug-ins/manifest.js +97 -0
package/dist/restorer/plug-ins/manifest.js.map +1 -0
package/dist/restorer/plug-ins/registry.d.ts +24 -0
package/dist/restorer/plug-ins/registry.js +17 -0
package/dist/restorer/plug-ins/registry.js.map +1 -0
package/dist/restorer/plug-ins/serialise.d.ts +29 -0
package/dist/restorer/plug-ins/serialise.js +29 -0
package/dist/restorer/plug-ins/serialise.js.map +1 -0
package/dist/restorer/plug-ins/types.d.ts +77 -0
package/dist/restorer/plug-ins/types.js +10 -0
package/dist/restorer/plug-ins/types.js.map +1 -0
package/dist/restorer/types.d.ts +66 -11
package/dist/restorer/types.js.map +1 -1
package/dist/runner/claude.d.ts +3 -3
package/dist/runner/claude.js +57 -21
package/dist/runner/claude.js.map +1 -1
package/dist/runner/runner.d.ts +29 -2
package/dist/runner/simple.d.ts +2 -2
package/dist/runner/simple.js +2 -2
package/dist/runner/simple.js.map +1 -1
package/dist/scripts/fix-node-pty.mjs +62 -0
package/dist/setup-mode.d.ts +34 -0
package/dist/setup-mode.js +49 -0
package/dist/setup-mode.js.map +1 -0
package/dist/store/store.d.ts +79 -3
package/dist/store/store.js +189 -6
package/dist/store/store.js.map +1 -1
package/dist/templates/plug-in/hook/README.md.tmpl +24 -0
package/dist/templates/plug-in/hook/gitignore.tmpl +3 -0
package/dist/templates/plug-in/hook/hooks/event.sh.tmpl +15 -0
package/dist/templates/plug-in/hook/jinn-plugin.json.tmpl +16 -0
package/dist/templates/plug-in/hook/package.json.tmpl +14 -0
package/dist/templates/plug-in/hook/test/manifest.test.ts.tmpl +21 -0
package/dist/templates/plug-in/mcp-tool/README.md.tmpl +26 -0
package/dist/templates/plug-in/mcp-tool/gitignore.tmpl +4 -0
package/dist/templates/plug-in/mcp-tool/jinn-plugin.json.tmpl +16 -0
package/dist/templates/plug-in/mcp-tool/package.json.tmpl +19 -0
package/dist/templates/plug-in/mcp-tool/src/server.ts.tmpl +17 -0
package/dist/templates/plug-in/mcp-tool/test/server.test.ts.tmpl +18 -0
package/dist/templates/plug-in/memory-backend/README.md.tmpl +33 -0
package/dist/templates/plug-in/memory-backend/gitignore.tmpl +4 -0
package/dist/templates/plug-in/memory-backend/jinn-plugin.json.tmpl +16 -0
package/dist/templates/plug-in/memory-backend/package.json.tmpl +19 -0
package/dist/templates/plug-in/memory-backend/src/server.ts.tmpl +23 -0
package/dist/templates/plug-in/memory-backend/test/server.test.ts.tmpl +17 -0
package/dist/templates/plug-in/phase-agent-override/README.md.tmpl +30 -0
package/dist/templates/plug-in/phase-agent-override/agents/agent.md.tmpl +26 -0
package/dist/templates/plug-in/phase-agent-override/gitignore.tmpl +3 -0
package/dist/templates/plug-in/phase-agent-override/jinn-plugin.json.tmpl +17 -0
package/dist/templates/plug-in/phase-agent-override/package.json.tmpl +14 -0
package/dist/templates/plug-in/phase-agent-override/test/manifest.test.ts.tmpl +24 -0
package/dist/templates/plug-in/skill-bundle/.claude-plugin/plugin.json.tmpl +5 -0
package/dist/templates/plug-in/skill-bundle/README.md.tmpl +28 -0
package/dist/templates/plug-in/skill-bundle/gitignore.tmpl +3 -0
package/dist/templates/plug-in/skill-bundle/jinn-plugin.json.tmpl +15 -0
package/dist/templates/plug-in/skill-bundle/package.json.tmpl +14 -0
package/dist/templates/plug-in/skill-bundle/skills/example/SKILL.md.tmpl +14 -0
package/dist/templates/plug-in/skill-bundle/test/manifest.test.ts.tmpl +21 -0
package/dist/templates/plug-in/topic-explorer/README.md.tmpl +24 -0
package/dist/templates/plug-in/topic-explorer/agents/explorer.md.tmpl +26 -0
package/dist/templates/plug-in/topic-explorer/gitignore.tmpl +3 -0
package/dist/templates/plug-in/topic-explorer/jinn-plugin.json.tmpl +17 -0
package/dist/templates/plug-in/topic-explorer/package.json.tmpl +14 -0
package/dist/templates/plug-in/topic-explorer/test/manifest.test.ts.tmpl +22 -0
package/dist/templates/restorer/alternative-harness/README.md.tmpl +44 -0
package/dist/templates/restorer/alternative-harness/gitignore.tmpl +3 -0
package/dist/templates/restorer/alternative-harness/jinn.manifest.json.tmpl +22 -0
package/dist/templates/restorer/alternative-harness/package.json.tmpl +26 -0
package/dist/templates/restorer/alternative-harness/src/coordinator.ts.tmpl +50 -0
package/dist/templates/restorer/alternative-harness/src/harness.ts.tmpl +31 -0
package/dist/templates/restorer/alternative-harness/src/index.ts.tmpl +44 -0
package/dist/templates/restorer/alternative-harness/src/mock-harness.ts.tmpl +41 -0
package/dist/templates/restorer/alternative-harness/src/phases/debrief.ts.tmpl +28 -0
package/dist/templates/restorer/alternative-harness/src/phases/execute.ts.tmpl +33 -0
package/dist/templates/restorer/alternative-harness/src/phases/improve.ts.tmpl +31 -0
package/dist/templates/restorer/alternative-harness/src/phases/memory.ts.tmpl +31 -0
package/dist/templates/restorer/alternative-harness/src/phases/orient.ts.tmpl +21 -0
package/dist/templates/restorer/alternative-harness/src/phases/plan.ts.tmpl +25 -0
package/dist/templates/restorer/alternative-harness/src/phases/strategize.ts.tmpl +29 -0
package/dist/templates/restorer/alternative-harness/test/coordinator.test.ts.tmpl +52 -0
package/dist/templates/restorer/alternative-harness/test/unit.test.ts.tmpl +54 -0
package/dist/templates/restorer/alternative-harness/tsconfig.json.tmpl +16 -0
package/dist/templates/restorer/evaluator/README.md.tmpl +36 -0
package/dist/templates/restorer/evaluator/gitignore.tmpl +3 -0
package/dist/templates/restorer/evaluator/jinn.manifest.json.tmpl +22 -0
package/dist/templates/restorer/evaluator/package.json.tmpl +26 -0
package/dist/templates/restorer/evaluator/src/index.ts.tmpl +35 -0
package/dist/templates/restorer/evaluator/test/unit.test.ts.tmpl +48 -0
package/dist/templates/restorer/evaluator/tsconfig.json.tmpl +16 -0
package/dist/templates/restorer/forecaster/README.md.tmpl +25 -0
package/dist/templates/restorer/forecaster/gitignore.tmpl +5 -0
package/dist/templates/restorer/forecaster/jinn.manifest.json.tmpl +22 -0
package/dist/templates/restorer/forecaster/package.json.tmpl +26 -0
package/dist/templates/restorer/forecaster/src/index.ts.tmpl +33 -0
package/dist/templates/restorer/forecaster/test/unit.test.ts.tmpl +41 -0
package/dist/templates/restorer/forecaster/tsconfig.json.tmpl +16 -0
package/dist/trajectory/collector.d.ts +49 -0
package/dist/trajectory/collector.js +86 -0
package/dist/trajectory/collector.js.map +1 -0
package/dist/trajectory/emit.d.ts +27 -0
package/dist/trajectory/emit.js +40 -0
package/dist/trajectory/emit.js.map +1 -0
package/dist/trajectory/hash-chain.d.ts +18 -0
package/dist/trajectory/hash-chain.js +23 -0
package/dist/trajectory/hash-chain.js.map +1 -0
package/dist/trajectory/index.d.ts +22 -0
package/dist/trajectory/index.js +23 -0
package/dist/trajectory/index.js.map +1 -0
package/dist/trajectory/schema.d.ts +14 -14
package/dist/trajectory/secret-scrub.d.ts +32 -0
package/dist/trajectory/secret-scrub.js +51 -0
package/dist/trajectory/secret-scrub.js.map +1 -0
package/dist/trajectory/span-profile.d.ts +27 -0
package/dist/trajectory/span-profile.js +51 -0
package/dist/trajectory/span-profile.js.map +1 -0
package/dist/trajectory/wrappers/http.d.ts +37 -0
package/dist/trajectory/wrappers/http.js +85 -0
package/dist/trajectory/wrappers/http.js.map +1 -0
package/dist/trajectory/wrappers/mcp.d.ts +17 -0
package/dist/trajectory/wrappers/mcp.js +58 -0
package/dist/trajectory/wrappers/mcp.js.map +1 -0
package/dist/trajectory/wrappers/subprocess.d.ts +32 -0
package/dist/trajectory/wrappers/subprocess.js +70 -0
package/dist/trajectory/wrappers/subprocess.js.map +1 -0
package/dist/tx-retry.js +23 -9
package/dist/tx-retry.js.map +1 -1
package/dist/types/desired-state.d.ts +211 -21
package/dist/types/desired-state.js +26 -15
package/dist/types/desired-state.js.map +1 -1
package/dist/types/envelope.d.ts +1473 -0
package/dist/types/envelope.js +114 -0
package/dist/types/envelope.js.map +1 -0
package/dist/types/index.d.ts +4 -4
package/dist/types/index.js +4 -4
package/dist/types/index.js.map +1 -1
package/dist/types/intent.d.ts +276 -0
package/dist/types/intent.js +74 -0
package/dist/types/intent.js.map +1 -0
package/dist/types/payloads/index.d.ts +11 -0
package/dist/types/payloads/index.js +46 -0
package/dist/types/payloads/index.js.map +1 -0
package/dist/types/payloads/portfolio-v0.d.ts +481 -0
package/dist/types/payloads/portfolio-v0.js +94 -0
package/dist/types/payloads/portfolio-v0.js.map +1 -0
package/dist/types/payloads/prediction-apy-v0.d.ts +231 -0
package/dist/types/payloads/prediction-apy-v0.js +63 -0
package/dist/types/payloads/prediction-apy-v0.js.map +1 -0
package/dist/types/payloads/prediction-v0.d.ts +262 -0
package/dist/types/payloads/prediction-v0.js +73 -0
package/dist/types/payloads/prediction-v0.js.map +1 -0
package/dist/types/portfolio.d.ts +23 -685
package/dist/types/portfolio.js +16 -106
package/dist/types/portfolio.js.map +1 -1
package/dist/types/prediction-apy.d.ts +9 -344
package/dist/types/prediction-apy.js +9 -65
package/dist/types/prediction-apy.js.map +1 -1
package/dist/types/prediction.d.ts +25 -396
package/dist/types/prediction.js +5 -79
package/dist/types/prediction.js.map +1 -1
package/dist/types/window.d.ts +12 -0
package/dist/types/window.js +6 -0
package/dist/types/window.js.map +1 -0
package/dist/util/path-safety.d.ts +22 -0
package/dist/util/path-safety.js +29 -0
package/dist/util/path-safety.js.map +1 -0
package/dist/util/redact-rpc-urls.d.ts +5 -0
package/dist/util/redact-rpc-urls.js +9 -0
package/dist/util/redact-rpc-urls.js.map +1 -0
package/dist/x402/acquire.d.ts +14 -3
package/dist/x402/acquire.js +28 -11
package/dist/x402/acquire.js.map +1 -1
package/dist/x402/handler.d.ts +15 -3
package/dist/x402/handler.js +67 -24
package/dist/x402/handler.js.map +1 -1
package/package.json +36 -11
package/plugins/claude-code-learner/.claude-plugin/plugin.json +9 -0
package/plugins/claude-code-learner/AGENTS.md +30 -0
package/plugins/claude-code-learner/CLAUDE.md +31 -0
package/plugins/claude-code-learner/README.md +58 -0
package/plugins/claude-code-learner/agents/analyst.md +69 -0
package/plugins/claude-code-learner/agents/consolidator.md +95 -0
package/plugins/claude-code-learner/agents/explorer.md +54 -0
package/plugins/claude-code-learner/agents/planner.md +88 -0
package/plugins/claude-code-learner/agents/promoter.md +114 -0
package/plugins/claude-code-learner/agents/step-worker.md +48 -0
package/plugins/claude-code-learner/agents/strategist.md +86 -0
package/plugins/claude-code-learner/hooks/hooks.json +16 -0
package/plugins/claude-code-learner/hooks/session-start +49 -0
package/plugins/claude-code-learner/skills/coordinator/SKILL.md +131 -0
package/plugins/claude-code-learner/skills/debrief/SKILL.md +71 -0
package/plugins/claude-code-learner/skills/execute/SKILL.md +91 -0
package/plugins/claude-code-learner/skills/improve/SKILL.md +57 -0
package/plugins/claude-code-learner/skills/memory-consolidation/SKILL.md +57 -0
package/plugins/claude-code-learner/skills/orient/SKILL.md +82 -0
package/plugins/claude-code-learner/skills/plan/SKILL.md +54 -0
package/plugins/claude-code-learner/skills/strategize/SKILL.md +63 -0
package/skills/jinn-operator/SKILL.md +84 -35
package/templates/plug-in/hook/README.md.tmpl +24 -0
package/templates/plug-in/hook/gitignore.tmpl +3 -0
package/templates/plug-in/hook/hooks/event.sh.tmpl +15 -0
package/templates/plug-in/hook/jinn-plugin.json.tmpl +16 -0
package/templates/plug-in/hook/package.json.tmpl +14 -0
package/templates/plug-in/hook/test/manifest.test.ts.tmpl +21 -0
package/templates/plug-in/mcp-tool/README.md.tmpl +26 -0
package/templates/plug-in/mcp-tool/gitignore.tmpl +4 -0
package/templates/plug-in/mcp-tool/jinn-plugin.json.tmpl +16 -0
package/templates/plug-in/mcp-tool/package.json.tmpl +19 -0
package/templates/plug-in/mcp-tool/src/server.ts.tmpl +17 -0
package/templates/plug-in/mcp-tool/test/server.test.ts.tmpl +18 -0
package/templates/plug-in/memory-backend/README.md.tmpl +33 -0
package/templates/plug-in/memory-backend/gitignore.tmpl +4 -0
package/templates/plug-in/memory-backend/jinn-plugin.json.tmpl +16 -0
package/templates/plug-in/memory-backend/package.json.tmpl +19 -0
package/templates/plug-in/memory-backend/src/server.ts.tmpl +23 -0
package/templates/plug-in/memory-backend/test/server.test.ts.tmpl +17 -0
package/templates/plug-in/phase-agent-override/README.md.tmpl +30 -0
package/templates/plug-in/phase-agent-override/agents/agent.md.tmpl +26 -0
package/templates/plug-in/phase-agent-override/gitignore.tmpl +3 -0
package/templates/plug-in/phase-agent-override/jinn-plugin.json.tmpl +17 -0
package/templates/plug-in/phase-agent-override/package.json.tmpl +14 -0
package/templates/plug-in/phase-agent-override/test/manifest.test.ts.tmpl +24 -0
package/templates/plug-in/skill-bundle/.claude-plugin/plugin.json.tmpl +5 -0
package/templates/plug-in/skill-bundle/README.md.tmpl +28 -0
package/templates/plug-in/skill-bundle/gitignore.tmpl +3 -0
package/templates/plug-in/skill-bundle/jinn-plugin.json.tmpl +15 -0
package/templates/plug-in/skill-bundle/package.json.tmpl +14 -0
package/templates/plug-in/skill-bundle/skills/example/SKILL.md.tmpl +14 -0
package/templates/plug-in/skill-bundle/test/manifest.test.ts.tmpl +21 -0
package/templates/plug-in/topic-explorer/README.md.tmpl +24 -0
package/templates/plug-in/topic-explorer/agents/explorer.md.tmpl +26 -0
package/templates/plug-in/topic-explorer/gitignore.tmpl +3 -0
package/templates/plug-in/topic-explorer/jinn-plugin.json.tmpl +17 -0
package/templates/plug-in/topic-explorer/package.json.tmpl +14 -0
package/templates/plug-in/topic-explorer/test/manifest.test.ts.tmpl +22 -0
package/templates/restorer/alternative-harness/README.md.tmpl +44 -0
package/templates/restorer/alternative-harness/gitignore.tmpl +3 -0
package/templates/restorer/alternative-harness/jinn.manifest.json.tmpl +22 -0
package/templates/restorer/alternative-harness/package.json.tmpl +26 -0
package/templates/restorer/alternative-harness/src/coordinator.ts.tmpl +50 -0
package/templates/restorer/alternative-harness/src/harness.ts.tmpl +31 -0
package/templates/restorer/alternative-harness/src/index.ts.tmpl +44 -0
package/templates/restorer/alternative-harness/src/mock-harness.ts.tmpl +41 -0
package/templates/restorer/alternative-harness/src/phases/debrief.ts.tmpl +28 -0
package/templates/restorer/alternative-harness/src/phases/execute.ts.tmpl +33 -0
package/templates/restorer/alternative-harness/src/phases/improve.ts.tmpl +31 -0
package/templates/restorer/alternative-harness/src/phases/memory.ts.tmpl +31 -0
package/templates/restorer/alternative-harness/src/phases/orient.ts.tmpl +21 -0
package/templates/restorer/alternative-harness/src/phases/plan.ts.tmpl +25 -0
package/templates/restorer/alternative-harness/src/phases/strategize.ts.tmpl +29 -0
package/templates/restorer/alternative-harness/test/coordinator.test.ts.tmpl +52 -0
package/templates/restorer/alternative-harness/test/unit.test.ts.tmpl +54 -0
package/templates/restorer/alternative-harness/tsconfig.json.tmpl +16 -0
package/templates/restorer/evaluator/README.md.tmpl +36 -0
package/templates/restorer/evaluator/gitignore.tmpl +3 -0
package/templates/restorer/evaluator/jinn.manifest.json.tmpl +22 -0
package/templates/restorer/evaluator/package.json.tmpl +26 -0
package/templates/restorer/evaluator/src/index.ts.tmpl +35 -0
package/templates/restorer/evaluator/test/unit.test.ts.tmpl +48 -0
package/templates/restorer/evaluator/tsconfig.json.tmpl +16 -0
package/templates/restorer/forecaster/README.md.tmpl +25 -0
package/templates/restorer/forecaster/gitignore.tmpl +5 -0
package/templates/restorer/forecaster/jinn.manifest.json.tmpl +22 -0
package/templates/restorer/forecaster/package.json.tmpl +26 -0
package/templates/restorer/forecaster/src/index.ts.tmpl +33 -0
package/templates/restorer/forecaster/test/unit.test.ts.tmpl +41 -0
package/templates/restorer/forecaster/tsconfig.json.tmpl +16 -0
package/dist/bin/jinn-mcp.d.ts +0 -2
package/dist/bin/jinn-mcp.js +0 -10
package/dist/bin/jinn-mcp.js.map +0 -1
package/dist/cli/commands/quickstart.js +0 -330
package/dist/cli/commands/quickstart.js.map +0 -1
package/dist/discovery/registry.d.ts +0 -97
package/dist/discovery/registry.js +0 -177
package/dist/discovery/registry.js.map +0 -1
package/dist/discovery/subgraph.d.ts +0 -37
package/dist/discovery/subgraph.js +0 -87
package/dist/discovery/subgraph.js.map +0 -1
package/dist/restorer/engine/manifest-assembly.d.ts +0 -67
package/dist/restorer/engine/manifest-assembly.js +0 -79
package/dist/restorer/engine/manifest-assembly.js.map +0 -1
/package/dist/cli/commands/{quickstart.d.ts → ui.d.ts} +0 -0

package/dist/conformance/checks/artifacts.js ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * Layer 1 artifact vocabulary + trajectory↔artifact linkage checks.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md
+ * §3.1 K9 (artifactType vocabulary) + K5 (trajectory↔artifact bidirectional linkage).
+ *
+ * Two checks:
+ *   checkArtifactVocabulary  — required artifactType values present
+ *   checkArtifactLinkage     — bidirectional span↔artifact linkage
+ */
+// ─── Vocabulary check ─────────────────────────────────────────────────────────
+/**
+ * Check id: `artifacts.vocabulary`
+ * Layer: 1
+ *
+ * Required artifact types per scope §3.1 K9:
+ *   - `output.<kind>` — always required for restoration role
+ *   - `system_snapshot` — always required for restoration role
+ *   - `trajectory` — required when envelope.trajectory is non-null
+ *
+ * Custom artifact types are permitted (vocabulary is extensible).
+ * Verdict-role envelopes are skipped — no output artifact is expected.
+ */
+export function checkArtifactVocabulary(ctx) {
+    const id = 'artifacts.vocabulary';
+    const layer = 1;
+    const env = ctx.envelope;
+    if (!env)
+        return { id, layer, passed: false, detail: 'envelope not loaded' };
+    // Verdict envelopes have no output artifacts — skip vocabulary check.
+    if (env.role === 'verdict') {
+        return { id, layer, passed: true, skipped: true, detail: 'verdict role — no output artifacts required' };
+    }
+    const types = new Set(env.artifacts.map((a) => a.artifactType));
+    const missing = [];
+    // output.<kind> is always required for restoration
+    const outputType = `output.${env.kind}`;
+    if (!types.has(outputType))
+        missing.push(outputType);
+    // system_snapshot required for restoration
+    if (!types.has('system_snapshot'))
+        missing.push('system_snapshot');
+    // trajectory required when envelope.trajectory is non-null
+    if (env.trajectory != null && !types.has('trajectory'))
+        missing.push('trajectory');
+    if (missing.length > 0) {
+        return {
+            id,
+            layer,
+            passed: false,
+            detail: `missing required artifactTypes: ${missing.join(', ')}`,
+        };
+    }
+    return { id, layer, passed: true };
+}
+/**
+ * Check id: `artifacts.linkage`
+ * Layer: 1
+ *
+ * Bidirectional linkage per scope §3.1 K5:
+ *   1. Every artifact with `metadata.producedBy.spanId` must reference a
+ *      span id that exists in the trajectory.
+ *   2. Every `jinn.artifact.emit` span's `jinn.artifact.sha256` attribute must
+ *      reference a sha256 that is present in `envelope.artifacts[]`.
+ *
+ * Skipped when no trajectory is present.
+ */
+export function checkArtifactLinkage(ctx) {
+    const id = 'artifacts.linkage';
+    const layer = 1;
+    const env = ctx.envelope;
+    const traj = ctx.trajectory;
+    if (!env)
+        return { id, layer, passed: false, detail: 'envelope not loaded' };
+    if (!traj) {
+        return { id, layer, passed: true, skipped: true, detail: 'trajectory not present' };
+    }
+    const spanIds = new Set(traj.spans.map((s) => s.spanId));
+    const artifactSha256s = new Set(env.artifacts.map((a) => a.sha256));
+    const failures = [];
+    // 1. Every artifact with producedBy.spanId must reference a real span.
+    for (const art of env.artifacts) {
+        const producedBy = art.metadata
+            ?.producedBy;
+        if (producedBy?.spanId && !spanIds.has(producedBy.spanId)) {
+            failures.push(`artifact ${art.sha256} references nonexistent spanId=${producedBy.spanId}`);
+        }
+    }
+    // 2. Every jinn.artifact.emit span must reference a real artifact sha256.
+    for (const span of traj.spans) {
+        if (span.attributes['jinn.span.kind'] === 'jinn.artifact.emit') {
+            const sha256 = span.attributes['jinn.artifact.sha256'];
+            if (!sha256) {
+                failures.push(`span ${span.spanId} (jinn.artifact.emit) has no jinn.artifact.sha256 attribute`);
+            }
+            else if (!artifactSha256s.has(sha256)) {
+                failures.push(`span ${span.spanId} references artifact sha256 ${sha256} not in envelope.artifacts`);
+            }
+        }
+    }
+    if (failures.length === 0)
+        return { id, layer, passed: true };
+    return {
+        id,
+        layer,
+        passed: false,
+        detail: failures.slice(0, 5).join('; '),
+    };
+}
+//# sourceMappingURL=artifacts.js.map

package/dist/conformance/checks/artifacts.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"artifacts.js","sourceRoot":"","sources":["../../../src/conformance/checks/artifacts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,iFAAiF;AAEjF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAuB;IAC7D,MAAM,EAAE,GAAG,sBAAsB,CAAC;IAClC,MAAM,KAAK,GAAG,CAAU,CAAC;IACzB,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC;IAEzB,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAE7E,sEAAsE;IACtE,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAC;IAC3G,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAW,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,mDAAmD;IACnD,MAAM,UAAU,GAAG,UAAU,GAAG,CAAC,IAAI,EAAE,CAAC;IACxC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAErD,2CAA2C;IAC3C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAEnE,2DAA2D;IAC3D,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEnF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,EAAE;YACF,KAAK;YACL,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,mCAAmC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAChE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACrC,CAAC;AAOD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAuB;IAC1D,MAAM,EAAE,GAAG,mBAAmB,CAAC;IAC/B,MAAM,KAAK,GAAG,CAAU,CAAC;IACzB,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC;IACzB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAyC,CAAC;IAE3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC7E,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;IACtF,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IACzD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAW,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,uEAAuE;IACvE,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,UAAU,GAAI,GAA2D,CAAC,QAAQ;YACtF,EAAE,UAAU,CAAC;QACf,IAAI,UAAU,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,QAAQ,CAAC,IAAI,CACX,YAAY,GAAG,CAAC,MAAM,kCAAkC,UAAU,CAAC,MAAM,EAAE,CAC5E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,KAAK,oBAAoB,EAAE,CAAC;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAuB,CAAC;YAC7E,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CACX,QAAQ,IAAI,CAAC,MAAM,6DAA6D,CACjF,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxC,QAAQ,CAAC,IAAI,CACX,QAAQ,IAAI,CAAC,MAAM,+BAA+B,MAAM,4BAA4B,CACrF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAE9D,OAAO;QACL,EAAE;QACF,KAAK;QACL,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;KACxC,CAAC;AACJ,CAAC"}

package/dist/conformance/checks/envelope-schema.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Layer 1 envelope check: schema conformance.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.10.
+ *
+ * Validates the full envelope against `SignedEnvelopeSchema`. Runs at every
+ * evidence tier — it is the first structural gate.
+ */
+import type { CheckResult, ConformanceContext } from '../types.js';
+/**
+ * Check id: `envelope.schema`
+ * Layer: 1
+ *
+ * Runs `SignedEnvelopeSchema.safeParse(ctx.envelope)`. Returns pass if valid,
+ * fail with a human-readable Zod issue summary on error.
+ */
+export declare function checkEnvelopeSchema(ctx: ConformanceContext): CheckResult;

package/dist/conformance/checks/envelope-schema.js ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Layer 1 envelope check: schema conformance.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.10.
+ *
+ * Validates the full envelope against `SignedEnvelopeSchema`. Runs at every
+ * evidence tier — it is the first structural gate.
+ */
+import { SignedEnvelopeSchema } from '../../types/envelope.js';
+/**
+ * Check id: `envelope.schema`
+ * Layer: 1
+ *
+ * Runs `SignedEnvelopeSchema.safeParse(ctx.envelope)`. Returns pass if valid,
+ * fail with a human-readable Zod issue summary on error.
+ */
+export function checkEnvelopeSchema(ctx) {
+    const id = 'envelope.schema';
+    const layer = 1;
+    if (!ctx.envelope) {
+        return { id, layer, passed: false, detail: 'envelope not loaded' };
+    }
+    const result = SignedEnvelopeSchema.safeParse(ctx.envelope);
+    if (result.success) {
+        return { id, layer, passed: true };
+    }
+    return {
+        id,
+        layer,
+        passed: false,
+        detail: result.error.issues
+            .map((i) => `${i.path.join('.')}: ${i.message}`)
+            .join('; '),
+    };
+}
+//# sourceMappingURL=envelope-schema.js.map

package/dist/conformance/checks/envelope-schema.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"envelope-schema.js","sourceRoot":"","sources":["../../../src/conformance/checks/envelope-schema.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAG/D;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAuB;IACzD,MAAM,EAAE,GAAG,iBAAiB,CAAC;IAC7B,MAAM,KAAK,GAAG,CAAU,CAAC;IAEzB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACrE,CAAC;IAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC5D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,EAAE;QACF,KAAK;QACL,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;aACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC/C,IAAI,CAAC,IAAI,CAAC;KACd,CAAC;AACJ,CAAC"}

package/dist/conformance/checks/hash-signature.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Layer 1 envelope check: canonical hash + signature validity.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.10.
+ *
+ * Two assertions combined into one check:
+ *   1. Hash integrity — recompute keccak256(JCS(envelope minus signature)) and
+ *      verify it matches envelope.signature.hash.
+ *   2. Signature validity — recover the signer from (hash, sig) via secp256k1
+ *      ECDSA and verify it matches envelope.signature.signer.
+ *
+ * Both must pass for the check to pass.
+ */
+import type { CheckResult, ConformanceContext } from '../types.js';
+/**
+ * Check id: `envelope.hash-signature`
+ * Layer: 1
+ *
+ * Steps:
+ *   1. Strip `signature` from the envelope object.
+ *   2. Compute `keccak256(toBytes(canonicalJson(envelopeMinusSignature)))`.
+ *   3. Compare to `envelope.signature.hash` — fail if mismatch.
+ *   4. Call `recoverAddress({ hash, signature: sig })` — fail if throws or
+ *      recovered address does not match `envelope.signature.signer`.
+ */
+export declare function checkHashAndSignature(ctx: ConformanceContext): Promise<CheckResult>;

package/dist/conformance/checks/hash-signature.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Layer 1 envelope check: canonical hash + signature validity.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.10.
+ *
+ * Two assertions combined into one check:
+ *   1. Hash integrity — recompute keccak256(JCS(envelope minus signature)) and
+ *      verify it matches envelope.signature.hash.
+ *   2. Signature validity — recover the signer from (hash, sig) via secp256k1
+ *      ECDSA and verify it matches envelope.signature.signer.
+ *
+ * Both must pass for the check to pass.
+ */
+import { keccak256, toBytes, recoverAddress } from 'viem';
+import { canonicalJson } from '../../restorer/engine/canonical-json.js';
+/**
+ * Check id: `envelope.hash-signature`
+ * Layer: 1
+ *
+ * Steps:
+ *   1. Strip `signature` from the envelope object.
+ *   2. Compute `keccak256(toBytes(canonicalJson(envelopeMinusSignature)))`.
+ *   3. Compare to `envelope.signature.hash` — fail if mismatch.
+ *   4. Call `recoverAddress({ hash, signature: sig })` — fail if throws or
+ *      recovered address does not match `envelope.signature.signer`.
+ */
+export async function checkHashAndSignature(ctx) {
+    const id = 'envelope.hash-signature';
+    const layer = 1;
+    if (!ctx.envelope) {
+        return { id, layer, passed: false, detail: 'envelope not loaded' };
+    }
+    const { signature, ...unsigned } = ctx.envelope;
+    // Step 1: Recompute hash over the unsigned fields (JCS → keccak256).
+    const recomputed = keccak256(toBytes(canonicalJson(unsigned)));
+    // Step 2: Verify the stored hash matches the recomputed hash.
+    if (recomputed.toLowerCase() !== signature.hash.toLowerCase()) {
+        return {
+            id,
+            layer,
+            passed: false,
+            detail: `signature.hash ${signature.hash} does not match keccak256(JCS(envelope-signature))=${recomputed}`,
+        };
+    }
+    // Step 3: Recover signer from (hash, sig) and compare to declared signer.
+    try {
+        const recovered = await recoverAddress({
+            hash: signature.hash,
+            signature: signature.sig,
+        });
+        if (recovered.toLowerCase() !== signature.signer.toLowerCase()) {
+            return {
+                id,
+                layer,
+                passed: false,
+                detail: `recovered signer ${recovered} does not match declared signer ${signature.signer}`,
+            };
+        }
+    }
+    catch (err) {
+        return {
+            id,
+            layer,
+            passed: false,
+            detail: `signature recovery failed: ${err.message}`,
+        };
+    }
+    return { id, layer, passed: true };
+}
+//# sourceMappingURL=hash-signature.js.map

package/dist/conformance/checks/hash-signature.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hash-signature.js","sourceRoot":"","sources":["../../../src/conformance/checks/hash-signature.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAY,MAAM,MAAM,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AAGxE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAuB;IACjE,MAAM,EAAE,GAAG,yBAAyB,CAAC;IACrC,MAAM,KAAK,GAAG,CAAU,CAAC;IAEzB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACrE,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC;IAEhD,qEAAqE;IACrE,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAE/D,8DAA8D;IAC9D,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QAC9D,OAAO;YACL,EAAE;YACF,KAAK;YACL,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,kBAAkB,SAAS,CAAC,IAAI,sDAAsD,UAAU,EAAE;SAC3G,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC;YACrC,IAAI,EAAE,SAAS,CAAC,IAAW;YAC3B,SAAS,EAAE,SAAS,CAAC,GAAU;SAChC,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;YAC/D,OAAO;gBACL,EAAE;gBACF,KAAK;gBACL,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,oBAAoB,SAAS,mCAAmC,SAAS,CAAC,MAAM,EAAE;aAC3F,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE;YACF,KAAK;YACL,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,8BAA+B,GAAa,CAAC,OAAO,EAAE;SAC/D,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACrC,CAAC"}

package/dist/conformance/checks/payload.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Layer 1 envelope check: payload validity.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.10.
+ *
+ * Validates the envelope payload against the KIND_PAYLOADS registry using
+ * `validatePayload(kind, role, payload)`. The payload must conform to the
+ * schema registered for the (kind, role) pair in the payload registry.
+ */
+import type { CheckResult, ConformanceContext } from '../types.js';
+/**
+ * Check id: `envelope.payload`
+ * Layer: 1
+ *
+ * Uses `KIND_PAYLOADS[kind][role].safeParse(envelope.payload)`.
+ * Returns pass if valid, fail with a human-readable issue summary on error.
+ * Fails immediately if kind is not in the registry or role has no schema.
+ */
+export declare function checkPayload(ctx: ConformanceContext): CheckResult;

package/dist/conformance/checks/payload.js ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Layer 1 envelope check: payload validity.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.10.
+ *
+ * Validates the envelope payload against the KIND_PAYLOADS registry using
+ * `validatePayload(kind, role, payload)`. The payload must conform to the
+ * schema registered for the (kind, role) pair in the payload registry.
+ */
+import { KIND_PAYLOADS } from '../../types/payloads/index.js';
+/**
+ * Check id: `envelope.payload`
+ * Layer: 1
+ *
+ * Uses `KIND_PAYLOADS[kind][role].safeParse(envelope.payload)`.
+ * Returns pass if valid, fail with a human-readable issue summary on error.
+ * Fails immediately if kind is not in the registry or role has no schema.
+ */
+export function checkPayload(ctx) {
+    const id = 'envelope.payload';
+    const layer = 1;
+    if (!ctx.envelope) {
+        return { id, layer, passed: false, detail: 'envelope not loaded' };
+    }
+    const env = ctx.envelope;
+    const bucket = KIND_PAYLOADS[env.kind];
+    if (!bucket) {
+        return { id, layer, passed: false, detail: `unknown kind: ${env.kind}` };
+    }
+    const schema = bucket[env.role];
+    if (!schema) {
+        return {
+            id,
+            layer,
+            passed: false,
+            detail: `no payload schema for (${env.kind}, ${env.role})`,
+        };
+    }
+    const result = schema.safeParse(env.payload);
+    if (result.success) {
+        return { id, layer, passed: true };
+    }
+    return {
+        id,
+        layer,
+        passed: false,
+        detail: result.error.issues
+            .map((i) => `${i.path.join('.')}: ${i.message}`)
+            .join('; '),
+    };
+}
+//# sourceMappingURL=payload.js.map

package/dist/conformance/checks/payload.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payload.js","sourceRoot":"","sources":["../../../src/conformance/checks/payload.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAG9D;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,GAAuB;IAClD,MAAM,EAAE,GAAG,kBAAkB,CAAC;IAC9B,MAAM,KAAK,GAAG,CAAU,CAAC;IAEzB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACrE,CAAC;IAED,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC;IACzB,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;IAC3E,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,EAAE;YACF,KAAK;YACL,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,0BAA0B,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG;SAC3D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,EAAE;QACF,KAAK;QACL,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;aACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aAC/C,IAAI,CAAC,IAAI,CAAC;KACd,CAAC;AACJ,CAAC"}

package/dist/conformance/checks/secret-scrub.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Layer 1 V1 minimum secret-scrub compliance.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.3.
+ *
+ * For every span attribute (and event attribute) whose NAME matches a sensitive
+ * pattern (*.authorization, *.apiKey, *.bearer, *.password, *.secret, *.token,
+ * *.privateKey), the VALUE must NOT match well-known raw credential patterns:
+ *   - Bearer/JWT tokens (eyJ... or "Bearer ..." headers)
+ *   - Anthropic API keys (sk-ant-...)
+ *   - OpenAI API keys (sk-...)
+ *   - Raw 64-hex private keys (0x[0-9a-f]{64}) — gated to *.privateKey attrs only
+ *
+ * Properly scrubbed values (<redacted:name> markers) and empty strings pass.
+ * This is a V1-minimum safety net, not a full IP-protection gating layer.
+ *
+ * Skipped when no trajectory is present.
+ */
+import type { CheckResult, ConformanceContext } from '../types.js';
+/**
+ * Check id: `secret-scrub.compliance`
+ * Layer: 1
+ *
+ * Walks every span's attributes AND every span event's attributes. For keys
+ * whose name matches a sensitive pattern (via `isSecretKey`), verifies that
+ * the value is either:
+ *   - a redaction marker (<redacted:...>), or
+ *   - an empty string, or
+ *   - does NOT match any well-known raw credential pattern.
+ *
+ * Reports up to 5 failures per run to bound message length.
+ */
+export declare function checkSecretScrub(ctx: ConformanceContext): CheckResult;

package/dist/conformance/checks/secret-scrub.js ADDED Viewed

@@ -0,0 +1,118 @@
+/**
+ * Layer 1 V1 minimum secret-scrub compliance.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md §4.3.
+ *
+ * For every span attribute (and event attribute) whose NAME matches a sensitive
+ * pattern (*.authorization, *.apiKey, *.bearer, *.password, *.secret, *.token,
+ * *.privateKey), the VALUE must NOT match well-known raw credential patterns:
+ *   - Bearer/JWT tokens (eyJ... or "Bearer ..." headers)
+ *   - Anthropic API keys (sk-ant-...)
+ *   - OpenAI API keys (sk-...)
+ *   - Raw 64-hex private keys (0x[0-9a-f]{64}) — gated to *.privateKey attrs only
+ *
+ * Properly scrubbed values (<redacted:name> markers) and empty strings pass.
+ * This is a V1-minimum safety net, not a full IP-protection gating layer.
+ *
+ * Skipped when no trajectory is present.
+ */
+import { isSecretKey } from '../../trajectory/secret-scrub.js';
+// ─── Credential pattern matchers ──────────────────────────────────────────────
+const REDACTED_MARKER = /^<redacted:[A-Za-z0-9_.-]+>$/;
+/**
+ * Patterns that indicate a raw credential leaked through.
+ * The privateKey-only pattern is tagged so we can gate it per attribute.
+ */
+const CREDENTIAL_PATTERNS = [
+    { pattern: /^Bearer\s+[A-Za-z0-9._\-]{10,}/i, privateKeyOnly: false },
+    { pattern: /^sk-ant-[A-Za-z0-9_\-]{20,}/, privateKeyOnly: false },
+    { pattern: /^sk-[A-Za-z0-9]{20,}/, privateKeyOnly: false },
+    { pattern: /^eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+$/, privateKeyOnly: false }, // JWT
+    { pattern: /^0x[0-9a-fA-F]{64}$/, privateKeyOnly: true }, // raw hex private key
+];
+function looksLikeRawCredential(attrName, value) {
+    if (value === '' || value == null)
+        return false;
+    if (REDACTED_MARKER.test(value))
+        return false;
+    const lowerKey = attrName.toLowerCase();
+    const isPrivateKey = lowerKey.endsWith('.privatekey') ||
+        lowerKey.endsWith('.private_key') ||
+        lowerKey.endsWith('.private-key') ||
+        lowerKey === 'privatekey' ||
+        lowerKey === 'private_key' ||
+        lowerKey === 'private-key';
+    for (const { pattern, privateKeyOnly } of CREDENTIAL_PATTERNS) {
+        if (privateKeyOnly && !isPrivateKey)
+            continue;
+        if (pattern.test(value))
+            return true;
+    }
+    return false;
+}
+/**
+ * Check id: `secret-scrub.compliance`
+ * Layer: 1
+ *
+ * Walks every span's attributes AND every span event's attributes. For keys
+ * whose name matches a sensitive pattern (via `isSecretKey`), verifies that
+ * the value is either:
+ *   - a redaction marker (<redacted:...>), or
+ *   - an empty string, or
+ *   - does NOT match any well-known raw credential pattern.
+ *
+ * Reports up to 5 failures per run to bound message length.
+ */
+export function checkSecretScrub(ctx) {
+    const id = 'secret-scrub.compliance';
+    const layer = 1;
+    const traj = ctx.trajectory;
+    if (!traj) {
+        return { id, layer, passed: true, skipped: true };
+    }
+    const failures = [];
+    for (const span of traj.spans) {
+        // Walk span attributes
+        for (const [key, value] of Object.entries(span.attributes)) {
+            if (!isSecretKey(key))
+                continue;
+            if (typeof value !== 'string')
+                continue;
+            if (looksLikeRawCredential(key, value)) {
+                failures.push(`span ${span.spanId} attr "${key}" appears to contain a raw credential`);
+                if (failures.length >= 5)
+                    break;
+            }
+        }
+        if (failures.length >= 5)
+            break;
+        // Walk event attributes — span events can carry secret-keyed attributes
+        // (e.g. an MCP event with an authorization field).
+        for (const event of span.events ?? []) {
+            for (const [key, value] of Object.entries(event.attributes ?? {})) {
+                if (!isSecretKey(key))
+                    continue;
+                if (typeof value !== 'string')
+                    continue;
+                if (looksLikeRawCredential(key, value)) {
+                    failures.push(`span ${span.spanId} event attr "${key}" appears to contain a raw credential`);
+                    if (failures.length >= 5)
+                        break;
+                }
+            }
+            if (failures.length >= 5)
+                break;
+        }
+        if (failures.length >= 5)
+            break;
+    }
+    if (failures.length === 0)
+        return { id, layer, passed: true };
+    return {
+        id,
+        layer,
+        passed: false,
+        detail: failures.join('; '),
+    };
+}
+//# sourceMappingURL=secret-scrub.js.map

package/dist/conformance/checks/secret-scrub.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secret-scrub.js","sourceRoot":"","sources":["../../../src/conformance/checks/secret-scrub.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAE/D,iFAAiF;AAEjF,MAAM,eAAe,GAAG,8BAA8B,CAAC;AAEvD;;;GAGG;AACH,MAAM,mBAAmB,GAAwD;IAC/E,EAAE,OAAO,EAAE,iCAAiC,EAAE,cAAc,EAAE,KAAK,EAAE;IACrE,EAAE,OAAO,EAAE,6BAA6B,EAAE,cAAc,EAAE,KAAK,EAAE;IACjE,EAAE,OAAO,EAAE,sBAAsB,EAAE,cAAc,EAAE,KAAK,EAAE;IAC1D,EAAE,OAAO,EAAE,wDAAwD,EAAE,cAAc,EAAE,KAAK,EAAE,EAAE,MAAM;IACpG,EAAE,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,IAAI,EAAE,EAAE,sBAAsB;CACjF,CAAC;AAEF,SAAS,sBAAsB,CAAC,QAAgB,EAAE,KAAa;IAC7D,IAAI,KAAK,KAAK,EAAE,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9C,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,YAAY,GAChB,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;QAChC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC;QACjC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC;QACjC,QAAQ,KAAK,YAAY;QACzB,QAAQ,KAAK,aAAa;QAC1B,QAAQ,KAAK,aAAa,CAAC;IAE7B,KAAK,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,mBAAmB,EAAE,CAAC;QAC9D,IAAI,cAAc,IAAI,CAAC,YAAY;YAAE,SAAS;QAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;IACvC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAQD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAuB;IACtD,MAAM,EAAE,GAAG,yBAAyB,CAAC;IACrC,MAAM,KAAK,GAAG,CAAU,CAAC;IAEzB,MAAM,IAAI,GAAG,GAAG,CAAC,UAAyC,CAAC;IAC3D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,uBAAuB;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;gBAAE,SAAS;YAChC,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,SAAS;YACxC,IAAI,sBAAsB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;gBACvC,QAAQ,CAAC,IAAI,CACX,QAAQ,IAAI,CAAC,MAAM,UAAU,GAAG,uCAAuC,CACxE,CAAC;gBACF,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;oBAAE,MAAM;YAClC,CAAC;QACH,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;YAAE,MAAM;QAEhC,wEAAwE;QACxE,mDAAmD;QACnD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,EAAE,CAAC;gBAClE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAChC,IAAI,OAAO,KAAK,KAAK,QAAQ;oBAAE,SAAS;gBACxC,IAAI,sBAAsB,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,CAAC;oBACvC,QAAQ,CAAC,IAAI,CACX,QAAQ,IAAI,CAAC,MAAM,gBAAgB,GAAG,uCAAuC,CAC9E,CAAC;oBACF,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;wBAAE,MAAM;gBAClC,CAAC;YACH,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;gBAAE,MAAM;QAClC,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC;YAAE,MAAM;IAClC,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IAE9D,OAAO;QACL,EAAE;QACF,KAAK;QACL,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;KAC5B,CAAC;AACJ,CAAC"}

package/dist/conformance/checks/source-runtime.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Layer 2 — runtime conformance stubs.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md
+ * §3.2 traced-I/O boundary + §4.10 (V2 TEE integration plug-in points).
+ *
+ * V1 does not implement runtime enforcement (that requires a TEE sandbox with
+ * seccomp-bpf, Linux namespaces, and TLS transcript capture). These stubs
+ * return `skipped: true` in V1 so operators can see the full attested-tier
+ * picture in the ConformanceReport without needing a V2 runtime.
+ *
+ * When V2 ships, replace each stub body with a real implementation that reads
+ * the executor runtime manifest, queries the TEE attestation quote, and
+ * verifies the captured TLS transcripts. See Plan V2 for the full spec.
+ */
+import type { CheckResult, ConformanceContext } from '../types.js';
+/**
+ * Check id: `runtime.seccomp`
+ * Layer: 2
+ *
+ * V1 stub — always skipped. V2 will verify that the executor's seccomp-bpf
+ * policy matches the reference policy in the TEE attestation manifest,
+ * confirming that only the declared system-call surface is available.
+ */
+export declare function checkSeccompPolicy(_ctx: ConformanceContext): CheckResult;
+/**
+ * Check id: `runtime.namespace`
+ * Layer: 2
+ *
+ * V1 stub — always skipped. V2 will verify that the executor runs inside a
+ * Linux user namespace / network namespace policy that matches the declared
+ * TEE isolation profile (no unexpected network interfaces, bind-mounts, etc.).
+ */
+export declare function checkNamespacePolicy(_ctx: ConformanceContext): CheckResult;
+/**
+ * Check id: `runtime.tls-transcript`
+ * Layer: 2
+ *
+ * V1 stub — always skipped. V2 will verify that the captured TLS transcripts
+ * (BoringSSL SSLKEYLOGFILE or eBPF tap) cover all outbound connections and
+ * that every connection's SNI appears in the declared egress allowlist.
+ */
+export declare function checkTlsTranscriptCapture(_ctx: ConformanceContext): CheckResult;

package/dist/conformance/checks/source-runtime.js ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Layer 2 — runtime conformance stubs.
+ *
+ * Scope: docs/superpowers/specs/2026-04-23-jinn-execution-envelope-tee-scope.md
+ * §3.2 traced-I/O boundary + §4.10 (V2 TEE integration plug-in points).
+ *
+ * V1 does not implement runtime enforcement (that requires a TEE sandbox with
+ * seccomp-bpf, Linux namespaces, and TLS transcript capture). These stubs
+ * return `skipped: true` in V1 so operators can see the full attested-tier
+ * picture in the ConformanceReport without needing a V2 runtime.
+ *
+ * When V2 ships, replace each stub body with a real implementation that reads
+ * the executor runtime manifest, queries the TEE attestation quote, and
+ * verifies the captured TLS transcripts. See Plan V2 for the full spec.
+ */
+const V2_NOTE = 'V2 TEE integration plug-in point — see Plan V2';
+/**
+ * Check id: `runtime.seccomp`
+ * Layer: 2
+ *
+ * V1 stub — always skipped. V2 will verify that the executor's seccomp-bpf
+ * policy matches the reference policy in the TEE attestation manifest,
+ * confirming that only the declared system-call surface is available.
+ */
+export function checkSeccompPolicy(_ctx) {
+    return {
+        id: 'runtime.seccomp',
+        layer: 2,
+        passed: true,
+        skipped: true,
+        detail: V2_NOTE,
+    };
+}
+/**
+ * Check id: `runtime.namespace`
+ * Layer: 2
+ *
+ * V1 stub — always skipped. V2 will verify that the executor runs inside a
+ * Linux user namespace / network namespace policy that matches the declared
+ * TEE isolation profile (no unexpected network interfaces, bind-mounts, etc.).
+ */
+export function checkNamespacePolicy(_ctx) {
+    return {
+        id: 'runtime.namespace',
+        layer: 2,
+        passed: true,
+        skipped: true,
+        detail: V2_NOTE,
+    };
+}
+/**
+ * Check id: `runtime.tls-transcript`
+ * Layer: 2
+ *
+ * V1 stub — always skipped. V2 will verify that the captured TLS transcripts
+ * (BoringSSL SSLKEYLOGFILE or eBPF tap) cover all outbound connections and
+ * that every connection's SNI appears in the declared egress allowlist.
+ */
+export function checkTlsTranscriptCapture(_ctx) {
+    return {
+        id: 'runtime.tls-transcript',
+        layer: 2,
+        passed: true,
+        skipped: true,
+        detail: V2_NOTE,
+    };
+}
+//# sourceMappingURL=source-runtime.js.map

package/dist/conformance/checks/source-runtime.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"source-runtime.js","sourceRoot":"","sources":["../../../src/conformance/checks/source-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,MAAM,OAAO,GAAG,gDAAgD,CAAC;AAEjE;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAwB;IACzD,OAAO;QACL,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,CAAC;QACR,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,OAAO;KAChB,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAwB;IAC3D,OAAO;QACL,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,CAAC;QACR,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,OAAO;KAChB,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAwB;IAChE,OAAO;QACL,EAAE,EAAE,wBAAwB;QAC5B,KAAK,EAAE,CAAC;QACR,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,OAAO;KAChB,CAAC;AACJ,CAAC"}