@letterblack/lbe-core 1.3.3 → 1.3.4

package/assets/runtime-boundary.svg

@@ -1,36 +1,36 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="960" height="440" viewBox="0 0 960 440" role="img" aria-labelledby="title desc">
-  <title id="title">LetterBlack LBE runtime boundary</title>
-  <desc id="desc">An application sends a serialized request to the local LBE WASM validation runtime, which returns a structured allow, deny, or error decision to the application.</desc>
-  <defs>
-    <linearGradient id="panel" x1="0" x2="1"><stop stop-color="#172033"/><stop offset="1" stop-color="#202d47"/></linearGradient>
-    <linearGradient id="runtime" x1="0" x2="1"><stop stop-color="#3756d6"/><stop offset="1" stop-color="#7356d6"/></linearGradient>
-    <marker id="arrow" viewBox="0 0 10 10" refX="9" refY="5" markerWidth="7" markerHeight="7" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" fill="#8fa3c9"/></marker>
-  </defs>
-  <rect width="960" height="440" rx="24" fill="#0e1524"/>
-  <text x="56" y="65" fill="#f5f8ff" font-family="Arial, sans-serif" font-size="28" font-weight="700">Local validation boundary</text>
-  <text x="56" y="98" fill="#aab9d4" font-family="Arial, sans-serif" font-size="17">The host owns execution. LBE returns a deterministic decision before the host accepts an action.</text>
-
-  <rect x="55" y="165" width="220" height="170" rx="16" fill="url(#panel)" stroke="#405273"/>
-  <text x="165" y="220" text-anchor="middle" fill="#fff" font-family="Arial, sans-serif" font-size="21" font-weight="700">Host application</text>
-  <text x="165" y="254" text-anchor="middle" fill="#b9c7df" font-family="Arial, sans-serif" font-size="15">agent, tool, or service</text>
-  <text x="165" y="286" text-anchor="middle" fill="#7fe1c3" font-family="Arial, sans-serif" font-size="15">serializes request</text>
-
-  <line x1="285" y1="250" x2="402" y2="250" stroke="#8fa3c9" stroke-width="4" marker-end="url(#arrow)"/>
-  <text x="343" y="229" text-anchor="middle" fill="#aab9d4" font-family="Arial, sans-serif" font-size="14">JSON request</text>
-
-  <rect x="415" y="132" width="290" height="236" rx="18" fill="url(#runtime)" stroke="#9a8cff" stroke-width="2"/>
-  <text x="560" y="183" text-anchor="middle" fill="#fff" font-family="Arial, sans-serif" font-size="23" font-weight="700">LBE WASM runtime</text>
-  <line x1="453" y1="205" x2="667" y2="205" stroke="#bfc8ff" opacity=".55"/>
-  <text x="560" y="242" text-anchor="middle" fill="#f0efff" font-family="Arial, sans-serif" font-size="16">schema · timestamp · key lifecycle</text>
-  <text x="560" y="271" text-anchor="middle" fill="#f0efff" font-family="Arial, sans-serif" font-size="16">signature · rate limit · nonce · policy</text>
-  <text x="560" y="319" text-anchor="middle" fill="#d7d1ff" font-family="Arial, sans-serif" font-size="14">local, deterministic validation</text>
-
-  <line x1="718" y1="250" x2="825" y2="250" stroke="#8fa3c9" stroke-width="4" marker-end="url(#arrow)"/>
-  <text x="770" y="229" text-anchor="middle" fill="#aab9d4" font-family="Arial, sans-serif" font-size="14">structured result</text>
-
-  <rect x="838" y="165" width="80" height="170" rx="16" fill="url(#panel)" stroke="#405273"/>
-  <text x="878" y="215" text-anchor="middle" fill="#fff" font-family="Arial, sans-serif" font-size="16" font-weight="700">Host</text>
-  <text x="878" y="249" text-anchor="middle" fill="#7fe1c3" font-family="Arial, sans-serif" font-size="14">allow</text>
-  <text x="878" y="275" text-anchor="middle" fill="#ffadad" font-family="Arial, sans-serif" font-size="14">deny</text>
-  <text x="878" y="301" text-anchor="middle" fill="#ffd28a" font-family="Arial, sans-serif" font-size="14">error</text>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="960" height="440" viewBox="0 0 960 440" role="img" aria-labelledby="title desc">
+  <title id="title">LetterBlack LBE runtime boundary</title>
+  <desc id="desc">An application sends a serialized request to the local LBE WASM validation runtime, which returns a structured allow, deny, or error decision to the application.</desc>
+  <defs>
+    <linearGradient id="panel" x1="0" x2="1"><stop stop-color="#172033"/><stop offset="1" stop-color="#202d47"/></linearGradient>
+    <linearGradient id="runtime" x1="0" x2="1"><stop stop-color="#3756d6"/><stop offset="1" stop-color="#7356d6"/></linearGradient>
+    <marker id="arrow" viewBox="0 0 10 10" refX="9" refY="5" markerWidth="7" markerHeight="7" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" fill="#8fa3c9"/></marker>
+  </defs>
+  <rect width="960" height="440" rx="24" fill="#0e1524"/>
+  <text x="56" y="65" fill="#f5f8ff" font-family="Arial, sans-serif" font-size="28" font-weight="700">Local validation boundary</text>
+  <text x="56" y="98" fill="#aab9d4" font-family="Arial, sans-serif" font-size="17">The host owns execution. LBE returns a deterministic decision before the host accepts an action.</text>
+
+  <rect x="55" y="165" width="220" height="170" rx="16" fill="url(#panel)" stroke="#405273"/>
+  <text x="165" y="220" text-anchor="middle" fill="#fff" font-family="Arial, sans-serif" font-size="21" font-weight="700">Host application</text>
+  <text x="165" y="254" text-anchor="middle" fill="#b9c7df" font-family="Arial, sans-serif" font-size="15">agent, tool, or service</text>
+  <text x="165" y="286" text-anchor="middle" fill="#7fe1c3" font-family="Arial, sans-serif" font-size="15">serializes request</text>
+
+  <line x1="285" y1="250" x2="402" y2="250" stroke="#8fa3c9" stroke-width="4" marker-end="url(#arrow)"/>
+  <text x="343" y="229" text-anchor="middle" fill="#aab9d4" font-family="Arial, sans-serif" font-size="14">JSON request</text>
+
+  <rect x="415" y="132" width="290" height="236" rx="18" fill="url(#runtime)" stroke="#9a8cff" stroke-width="2"/>
+  <text x="560" y="183" text-anchor="middle" fill="#fff" font-family="Arial, sans-serif" font-size="23" font-weight="700">LBE WASM runtime</text>
+  <line x1="453" y1="205" x2="667" y2="205" stroke="#bfc8ff" opacity=".55"/>
+  <text x="560" y="242" text-anchor="middle" fill="#f0efff" font-family="Arial, sans-serif" font-size="16">schema · timestamp · key lifecycle</text>
+  <text x="560" y="271" text-anchor="middle" fill="#f0efff" font-family="Arial, sans-serif" font-size="16">signature · rate limit · nonce · policy</text>
+  <text x="560" y="319" text-anchor="middle" fill="#d7d1ff" font-family="Arial, sans-serif" font-size="14">local, deterministic validation</text>
+
+  <line x1="718" y1="250" x2="825" y2="250" stroke="#8fa3c9" stroke-width="4" marker-end="url(#arrow)"/>
+  <text x="770" y="229" text-anchor="middle" fill="#aab9d4" font-family="Arial, sans-serif" font-size="14">structured result</text>
+
+  <rect x="838" y="165" width="80" height="170" rx="16" fill="url(#panel)" stroke="#405273"/>
+  <text x="878" y="215" text-anchor="middle" fill="#fff" font-family="Arial, sans-serif" font-size="16" font-weight="700">Host</text>
+  <text x="878" y="249" text-anchor="middle" fill="#7fe1c3" font-family="Arial, sans-serif" font-size="14">allow</text>
+  <text x="878" y="275" text-anchor="middle" fill="#ffadad" font-family="Arial, sans-serif" font-size="14">deny</text>
+  <text x="878" y="301" text-anchor="middle" fill="#ffd28a" font-family="Arial, sans-serif" font-size="14">error</text>
+</svg>

package/dist/cli.js

@@ -0,0 +1,141 @@
+#!/usr/bin/env node
+// @letterblack/lbe-sdk v1.3.3
+import fs from 'node:fs';
+import path from 'node:path';
+import { execute } from './index.js';
+
+const cmd = process.argv[2];
+const cwd = process.cwd();
+const policyFile = path.join(cwd, 'lbe.policy.json');
+const lbeDir = path.join(cwd, '.lbe');
+
+function readPolicy() {
+  if (!fs.existsSync(policyFile)) return null;
+  return JSON.parse(fs.readFileSync(policyFile, 'utf8'));
+}
+
+function writePolicy(p) {
+  fs.writeFileSync(policyFile, JSON.stringify(p, null, 2) + '\n', 'utf8');
+}
+
+function ensurePolicy() {
+  if (fs.existsSync(policyFile)) return readPolicy();
+  const p = { version: 1, mode: 'observe', workspace: cwd, rules: [] };
+  writePolicy(p);
+  return p;
+}
+
+// ── lbe init ──────────────────────────────────────────────────────────────
+if (cmd === 'init') {
+  fs.mkdirSync(lbeDir, { recursive: true });
+  const policy = ensurePolicy();
+  const isNew = policy.rules.length === 0 && policy.mode === 'observe';
+
+  process.stdout.write('\n  LBE initialised.\n\n');
+  process.stdout.write('  mode:      ' + policy.mode + '\n');
+  process.stdout.write('  policy:    lbe.policy.json\n');
+  process.stdout.write('  audit log: .lbe/audit.jsonl\n\n');
+  if (isNew) {
+    process.stdout.write('  Observer mode is on — LBE is watching but not blocking.\n');
+    process.stdout.write('  Run \'npx lbe enforce\' when you are ready to block actions.\n\n');
+  }
+  process.exit(0);
+}
+
+// ── lbe observe ───────────────────────────────────────────────────────────
+if (cmd === 'observe') {
+  const policy = ensurePolicy();
+  policy.mode = 'observe';
+  writePolicy(policy);
+  process.stdout.write('Observer mode on — LBE is watching silently. Nothing is blocked.\n');
+  process.exit(0);
+}
+
+// ── lbe enforce ───────────────────────────────────────────────────────────
+if (cmd === 'enforce') {
+  const policy = ensurePolicy();
+  policy.mode = 'enforce';
+  writePolicy(policy);
+  process.stdout.write('Enforcement on — LBE will now block actions that violate policy.\n');
+  process.exit(0);
+}
+
+// ── lbe policy ────────────────────────────────────────────────────────────
+if (cmd === 'policy') {
+  const policy = readPolicy();
+  if (!policy) {
+    process.stdout.write('No policy yet. Run \'npx lbe init\' first.\n');
+    process.exit(0);
+  }
+  process.stdout.write('\n  mode: ' + policy.mode + '\n');
+  process.stdout.write('  rules (' + policy.rules.length + '):\n\n');
+  if (policy.rules.length === 0) {
+    process.stdout.write('  No rules yet. LBE learns from your conversation.\n');
+  }
+  for (const r of policy.rules) {
+    const label = r.effect === 'deny' ? '  block' : '  allow';
+    process.stdout.write(label + '  ' + r.pattern + '\n');
+    process.stdout.write('         from: ' + r.from + '\n\n');
+  }
+  process.exit(0);
+}
+
+// ── lbe status ────────────────────────────────────────────────────────────
+if (cmd === 'status') {
+  const policy = readPolicy();
+  process.stdout.write('runtime:  ok\n');
+  process.stdout.write('mode:     ' + (policy?.mode ?? 'not initialised') + '\n');
+  process.stdout.write('rules:    ' + (policy?.rules?.length ?? 0) + '\n');
+  const auditLog = path.join(lbeDir, 'audit.jsonl');
+  if (fs.existsSync(auditLog)) {
+    const lines = fs.readFileSync(auditLog, 'utf8').trim().split('\n').filter(Boolean);
+    process.stdout.write('audit:    ' + lines.length + ' entries\n');
+  } else {
+    process.stdout.write('audit:    no entries yet\n');
+  }
+  process.exit(0);
+}
+
+// ── lbe execute ───────────────────────────────────────────────────────────
+if (cmd === 'execute') {
+  async function readStdin() {
+    const chunks = [];
+    for await (const chunk of process.stdin) chunks.push(chunk);
+    return Buffer.concat(chunks).toString('utf8');
+  }
+  let input = '';
+  const inputFlag = process.argv.indexOf('--input');
+  if (inputFlag >= 0) {
+    const file = process.argv[inputFlag + 1];
+    if (!file) { process.stderr.write('--input requires a file path\n'); process.exit(2); }
+    input = fs.readFileSync(file, 'utf8');
+  } else {
+    input = await readStdin();
+  }
+  try {
+    const output = execute(input);
+    process.stdout.write(output + '\n');
+    const parsed = JSON.parse(output);
+    if (parsed?.result?.type === 'allowed') process.exit(0);
+    if (parsed?.result?.type === 'denied') process.exit(1);
+    process.exit(2);
+  } catch (err) {
+    process.stderr.write(String(err?.message || err) + '\n');
+    process.exit(2);
+  }
+}
+
+// ── usage ─────────────────────────────────────────────────────────────────
+if (!cmd) {
+  process.stdout.write('\nUsage:\n');
+  process.stdout.write('  npx lbe init       Set up LBE in this project\n');
+  process.stdout.write('  npx lbe status     Show current mode and rule count\n');
+  process.stdout.write('  npx lbe policy     List all rules\n');
+  process.stdout.write('  npx lbe observe    Switch to observer mode (watch, never block)\n');
+  process.stdout.write('  npx lbe enforce    Switch to enforcement mode (block violations)\n');
+  process.stdout.write('  npx lbe execute    Run a raw JSON request (advanced)\n\n');
+  process.exit(0);
+}
+
+process.stderr.write('Unknown command: ' + cmd + '\nRun \'npx lbe\' for usage.\n');
+process.exit(2);

package/dist/index.js

@@ -0,0 +1,52 @@
+// @letterblack/lbe-sdk v1.3.3
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import { fileURLToPath } from 'node:url';
+
+const here = path.dirname(fileURLToPath(import.meta.url));
+const wasmPath = path.join(here, 'lbe_engine.wasm');
+const lockPath = path.join(here, 'wasm.lock.json');
+let instance;
+
+function hashFile(file) {
+  return crypto.createHash('sha256').update(fs.readFileSync(file)).digest('hex');
+}
+
+function load() {
+  if (instance) return instance;
+  const lock = JSON.parse(fs.readFileSync(lockPath, 'utf8'));
+  const actual = hashFile(wasmPath);
+  if (actual !== lock.wasm_sha256) throw new Error('LBE WASM integrity check failed');
+  const wasm = new WebAssembly.Instance(new WebAssembly.Module(fs.readFileSync(wasmPath)), {});
+  if (typeof wasm.exports.lbe_execute !== 'function') throw new Error('LBE WASM missing execute entrypoint');
+  instance = wasm;
+  return instance;
+}
+
+function memory(wasm) {
+  return new Uint8Array(wasm.exports.memory.buffer);
+}
+
+function readOut(wasm) {
+  const mem = memory(wasm);
+  const ptr = wasm.exports.lbe_out_ptr();
+  const max = wasm.exports.lbe_buf_size();
+  let end = ptr;
+  while (mem[end] !== 0 && end - ptr < max) end++;
+  return new TextDecoder().decode(mem.slice(ptr, end));
+}
+
+export function execute(input) {
+  if (typeof input !== 'string') throw new TypeError('execute input must be a string');
+  const wasm = load();
+  const bytes = new TextEncoder().encode(input);
+  const max = wasm.exports.lbe_buf_size();
+  if (bytes.length + 1 > max) throw new Error('execute input exceeds WASM buffer');
+  const mem = memory(wasm);
+  const ptr = wasm.exports.lbe_in_ptr();
+  mem.set(bytes, ptr);
+  mem[ptr + bytes.length] = 0;
+  wasm.exports.lbe_execute();
+  return readOut(wasm);
+}

package/{release-exec/dist → dist}/wasm.lock.json

@@ -1,4 +1,5 @@
-{
-  "wasm_sha256": "feb93a2ea76a02584048a588305ba0a192683fd58c1da8f539aeb49b41d0a254",
-  "entrypoint": "lbe_execute"
-}
+{
+  "wasm_sha256": "feb93a2ea76a02584048a588305ba0a192683fd58c1da8f539aeb49b41d0a254",
+  "entrypoint": "lbe_execute",
+  "contract": "execute(input:string)->string"
+}

package/package.json

@@ -1,52 +1,31 @@
 {
-  "name": "@letterblack/lbe-core",
-  "version": "1.3.3",
-  "description": "Local-first execution governance SDK for AI agents. Agents propose → Controller validates → Adapters execute.",
+  "name": "@letterblack/lbe-core",
+  "version": "1.3.4",
+  "description": "Local-first execution governance SDK for AI agents.",
   "type": "module",
-  "main": "index.js",
+  "main": "dist/index.js",
   "types": "types.d.ts",
-  "exports": {
-    ".": {
-      "types": "./types.d.ts",
-      "default": "./index.js"
-    },
-    "./engine": "./runtime/engine.js",
-    "./adapters": "./src/adapters/index.js",
-    "./exec": "./exec/index.js",
-    "./hooks/register.cjs": "./dist/hooks/register.cjs"
-  },
+  "exports": {
+    ".": {
+      "types": "./types.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./cli": "./dist/cli.js"
+  },
   "bin": {
-    "lbe": "bin/lbe.js"
+    "lbe": "dist/cli.js"
   },
+  "files": [
+    "dist/",
+    "assets/",
+    "types.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
   "scripts": {
-    "test": "node --test",
-    "lint": "eslint src/ bin/",
-    "init": "node bin/lbe.js init",
-    "verify": "node bin/lbe.js verify",
-    "dryrun": "node bin/lbe.js dryrun",
-    "run": "node bin/lbe.js run",
-    "policy:sign": "node bin/lbe.js policy-sign",
-    "health": "node bin/lbe.js health --json true",
-    "integrity:generate": "node bin/lbe.js integrity-generate",
-    "integrity:check": "node bin/lbe.js integrity-check",
-    "build:engine": "node scripts/build-engine.js",
-    "build:public-sdk": "node scripts/build-public-sdk.mjs",
-    "build:public-exec": "node scripts/build-public-exec.mjs",
-    "build:package-runtime": "node scripts/build-package-runtime.mjs",
-    "proof": "node _proof.mjs",
-    "audit:public-docs": "node scripts/audit-public-docs.mjs",
-    "verify:package-runtime": "node scripts/verify-package-runtime.mjs",
-    "verify:public-exec": "npm run proof && npm run build:public-exec && node scripts/check-public-exec.mjs && cd release-exec && npm pack --dry-run",
-    "verify:public-sdk": "npm run build:public-sdk && node scripts/check-public-artifact.mjs && cd release-public && npm pack --dry-run",
-    "engine:check": "node scripts/check-engine.js",
-    "pack:check": "npm pack --dry-run",
-    "audit:verify": "node bin/lbe.js audit-verify",
-    "guard:mainhead": "node scripts/mainhead-guard.mjs",
-    "hooks:install": "node scripts/install-git-hooks.mjs",
-    "prepack": "npm run build:package-runtime",
-    "validate:all": "npm run guard:mainhead && npm run engine:check && npm run lint && npm run test",
-    "publish:release": "node scripts/publish.mjs"
-  },
+    "pack": "npm pack",
+    "pack:check": "npm pack --dry-run"
+  },
   "keywords": [
     "ai-governance",
     "execution-governance",
@@ -59,18 +38,8 @@
   ],
   "author": "LetterBlack",
   "license": "SEE LICENSE IN LICENSE",
-  "dependencies": {
-    "tweetnacl": "^1.0.3",
-    "json-canonicalize": "^1.0.4"
-  },
-  "devDependencies": {
-    "esbuild": "^0.25.11",
-    "eslint": "^8.52.0"
-  },
+  "dependencies": {},
   "engines": {
     "node": ">=20.9.0"
-  },
-  "directories": {
-    "doc": "docs"
   }
 }

package/types.d.ts

@@ -1,175 +1,2 @@
-export interface LBEActor {
-  id: string;
-  role: 'user' | 'system' | 'agent';
-}
-
-export interface LBEIntent {
-  type: 'command' | 'query' | 'task';
-  name: string;
-  payload: Record<string, unknown>;
-}
-
-export interface LBEExecuteInput {
-  version: '1.0';
-  request_id: string;
-  timestamp: number;
-  actor: LBEActor;
-  intent: LBEIntent;
-  context: {
-    workspace: string;
-    env: Record<string, unknown>;
-    history: unknown[];
-  };
-  constraints: {
-    policy_mode: 'strict' | 'permissive';
-    timeout_ms: number;
-  };
-  auth: {
-    signature: string;
-    nonce: string;
-  };
-}
-
-export interface LBEExecuteOutput {
-  ok: boolean;
-  result: {
-    type: 'allowed' | 'denied' | 'error';
-    action: string;
-    data: Record<string, unknown>;
-  };
-  policy: {
-    decision: 'allow' | 'deny' | 'escalate';
-    reason: string;
-    rules: string[];
-  };
-  trace: {
-    id: string;
-    steps: unknown[];
-    hash: string;
-  };
-  error: null | {
-    code: string;
-    message: string;
-  };
-}
-
-export function execute(input: string): string;
-
-export type LBEExecutionIntent = 'read_file' | 'write_file' | 'patch_file' | 'delete_file' | 'run_shell';
-
-export interface LBERequest {
-  id?: string;
-  actor?: string;
-  intent: LBEExecutionIntent;
-  target?: string;
-  content?: string;
-  patch?: unknown;
-  command?: { cmd: string; args: string[]; cwd?: string; timeoutMs?: number; maxOutputBytes?: number };
-  reason?: string;
-}
-
-export interface LBEResult {
-  ok: boolean;
-  decision: 'allow' | 'deny' | 'observe';
-  executed: boolean;
-  dryRun: boolean;
-  error?: { code: string; message: string; recoverable: boolean };
-  matchedRules?: string[];
-  auditId?: string;
-  rollback?: { available: boolean; performed: boolean; backupId?: string };
-}
-
-// ── Policy file types ─────────────────────────────────────────────────────
-
-export type LBEMode = 'observe' | 'enforce';
-export type LBERuleEffect = 'deny' | 'allow';
-export type LBERuleType = 'path' | 'command';
-
-export interface LBEPolicyRule {
-  id: string;
-  effect: LBERuleEffect;
-  type: LBERuleType;
-  pattern: string;
-  from: string;
-  at: string;
-}
-
-export interface LBEPolicy {
-  version: number;
-  mode: LBEMode;
-  workspace: string;
-  rules: LBEPolicyRule[];
-}
-
-// ── High-level ergonomic API ──────────────────────────────────────────────
-
-export interface LBEResult {
-  ok: boolean;
-  denied: boolean;
-  reason: string | null;
-  commandId: string | null;
-  stage?: string;
-  risk?: string | null;
-  output?: unknown;
-  error: string | null;
-}
-
-export interface LBEObservedResult {
-  ok: true;
-  observed: true;
-  intent: string;
-  actor: string;
-  commandId: string | null;
-}
-
-export interface LBEToolDef {
-  name: string;
-  description?: string;
-  parameters?: Record<string, unknown>;
-  [key: string]: unknown;
-}
-
-export interface LBEDispatchContext {
-  agentId?: string;
-  actor?: string;
-}
-
-export interface LBEWrappedTools {
-  definitions: LBEToolDef[];
-  dispatch(
-    toolName: string,
-    args?: Record<string, unknown>,
-    context?: LBEDispatchContext,
-  ): Promise<LBEResult | LBEObservedResult>;
-}
-
-export interface LBEAddedRule {
-  id: string;
-  added: true;
-}
-
-export interface LBEInstance {
-  mode: LBEMode;
-  rootDir: string;
-  execute(opts: { actor?: string; intent: string; [key: string]: unknown }): Promise<LBEResult | LBEObservedResult>;
-  wrapTools(toolDefs: LBEToolDef[]): LBEWrappedTools;
-  /** Advisory only; never writes lbe.policy.json. */
-  proposePolicyRule(rule: { effect: LBERuleEffect; type: LBERuleType; pattern: string; from: string }): { proposed: true; at: string };
-  /**
-   * Detect if a user message expresses a permanent block instruction.
-   * Returns a rule object to pass to addRule(), or null if not a policy intent.
-   * llmCall receives a ready-made prompt and must return the LLM's text response.
-   */
-  detectPolicyIntent(
-    userMessage: string,
-    llmCall: (prompt: string) => Promise<string>,
-  ): Promise<{ effect: LBERuleEffect; type: LBERuleType; pattern: string } | null>;
-}
-
-export interface LBEOptions {
-  rootDir?: string;
-  actor?: string;
-  mode?: LBEMode;
-}
-
-export function createLBE(opts?: LBEOptions): LBEInstance;
+// @letterblack/lbe-sdk v1.3.3
+export function execute(input: string): string;

package/.githooks/pre-commit

@@ -1,2 +0,0 @@
-#!/bin/sh
-node letterblack-sentinel/scripts/mainhead-guard.mjs

package/.githooks/pre-push

@@ -1,2 +0,0 @@
-#!/bin/sh
-node letterblack-sentinel/scripts/mainhead-guard.mjs

package/CHANGELOG.md

@@ -1,75 +0,0 @@
-# Changelog
-
-## 1.3.3 — 2026-06-23
-
-### Fixed
-- Rebuilt the docs-aligned release from a committed tree so the npm artifact
-  gitHead matches the release commit.
-
-## 1.3.2 — 2026-06-23
-
-### Fixed
-- Aligned the public README surfaces and release docs with the shipped
-  `@letterblack/lbe-core` package and current CLI commands.
-
-## 1.3.1 — 2026-06-23
-
-### Fixed
-- Re-aligned the release branch and published package lineage after the 1.3.0
-  tag/artifact mismatch was detected.
-
-## 1.3.0 — 2026-06-23
-
-### Added
-- Central local workspace state, proof summaries, and one-time import of legacy
-  `.lbe/events.jsonl` entries while preserving the original local log.
-
-## 1.2.0 — 2026-06-20
-
-### Added
-- **Real JS governance engine** — `createLBE()` now uses the full 7-gate validation pipeline (schema → key lifecycle → timestamp skew → rate limit → nonce replay → policy) with backup, rollback, and audit. Previously backed by a thin WASM wrapper.
-- **Observer mode** — `createLBE({ mode: 'observe' })` or `npx lbe observe`. All gates run silently, audit log is written, nothing is blocked. Default for new and half-built projects.
-- **Policy file** (`lbe.policy.json`) — human-readable rule store per project. Records `effect`, `type`, `pattern`, the original user message (`from`), and timestamp (`at`). Deny always wins over allow.
-- **New CLI commands:**
-  - `npx lbe observe` — switch to observer mode
-  - `npx lbe enforce` — switch to enforcement mode
-  - `npx lbe policy` — list all rules with source context
-- **Universal CLI interface** — non-JS projects (Python, Rust, Go, any language) can pipe JSON to `npx lbe execute`. Exit 0 = allowed, exit 1 = denied, exit 2 = error.
-- **Language-agnostic design** — WASM runtime path documented as the path to non-JS bindings. JS engine is the current production runtime.
-
-### Changed
-- `LBEResult` now includes `commandId`, `stage`, `risk`, `output` fields.
-- `LBEOptions` removes `policy_mode` / `timeout_ms` — these are managed by the governance engine internally.
-- `wrapTools().dispatch()` now returns `Promise<LBEResult>` (async) to match the real engine contract.
-- Types updated throughout to reflect observer mode result shape (`LBEObservedResult`).
-
----
-
-## 1.0.4 — 2026-06-19
-
-### Removed
-- MCP execution surface — `lbe-mcp` command, MCP adapter, and configuration examples removed.  
-  An MCP server only offers LBE as one optional tool; agent hosts with native tools can act outside that boundary, so it cannot enforce the governance boundary. See `docs/decisions/ADR-001-remove-mcp-execution-surface.md`.
-- HTTP server surface — `lbe-serve` command and HTTP adapter removed.  
-  An HTTP endpoint replicates governance in a separate process and creates a second attack surface without guaranteeing the calling agent routes through it. See `docs/decisions/ADR-002-remove-http-server-surface.md`.
-
-### Changed
-- Established SDK-only product boundary: LBE ships as one local SDK and CLI embedded in the caller's application. No daemon, host platform, Docker deployment, or companion system. See `docs/decisions/ADR-003-sdk-only-product-boundary.md`.
-- Workspace pruned to SDK-only source; all optional execution surfaces removed from `src/`, `bin/`, and CI config.
-- Public package identity (`LBE_PUBLIC_PACKAGE_NAME`, `LBE_PUBLIC_PACKAGE_VERSION`) is now parameterised via environment variables in the build script.
-- Test command made portable across Node.js versions (no `--experimental-vm-modules` flag needed).
-
-### Public surface
-The public package (`@letterblack/lbe-sdk`) exports exactly one function:
-
-```ts
-export function execute(input: string): string;
-```
-
-No server, daemon, MCP surface, or optional execution layer ships in the public package.
-
----
-
-## 1.0.3 and earlier
-
-Pre-release development. No public changelog maintained.