@letterblack/lbe-core 1.3.4 → 1.3.5

package/lbe.audit.jsonl

@@ -0,0 +1,46 @@
+{"kind":"local_policy","timestamp":"2026-06-19T23:35:11.147Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"GENESIS","hash":"4fa59031cd7aefdda2eaa673582431436e61b29cc52b1df44dcec64ff9500156"}
+{"kind":"local_policy","timestamp":"2026-06-19T23:35:11.287Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"4fa59031cd7aefdda2eaa673582431436e61b29cc52b1df44dcec64ff9500156","hash":"ebe9a6effd202c1bfc7c744e34b9a4594fb87fbb9fcf9008fcb879d07b9e2e83"}
+{"kind":"local_policy","timestamp":"2026-06-19T23:37:07.027Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"ebe9a6effd202c1bfc7c744e34b9a4594fb87fbb9fcf9008fcb879d07b9e2e83","hash":"09837b4ecbfea59315450838934da8dacff3e4606be177a9f2374ea3a7a17b7b"}
+{"kind":"local_policy","timestamp":"2026-06-19T23:37:07.162Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"09837b4ecbfea59315450838934da8dacff3e4606be177a9f2374ea3a7a17b7b","hash":"55b48900a3fe9129aa3c5d6ca56b987b13b9519567ccdcf87111ee8fcf9d0c65"}
+{"kind":"local_policy","timestamp":"2026-06-20T00:00:57.479Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"55b48900a3fe9129aa3c5d6ca56b987b13b9519567ccdcf87111ee8fcf9d0c65","hash":"43b7db12e0fb2a5c78b0cde6219e1899d0c153b06332304f5ffb588184f9a546"}
+{"kind":"local_policy","timestamp":"2026-06-20T00:00:57.597Z","action":"write_file","actor":"agent:gpt","target":"Y:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"43b7db12e0fb2a5c78b0cde6219e1899d0c153b06332304f5ffb588184f9a546","hash":"ad3bff0b0d87f8d7cdd89c81d4feccf5ecb2b1ba6c6c87f4e1941b9f7602682a"}
+{"kind":"local_policy","timestamp":"2026-06-20T00:01:37.683Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"ad3bff0b0d87f8d7cdd89c81d4feccf5ecb2b1ba6c6c87f4e1941b9f7602682a","hash":"0cd624477f29707d50fb51ed129cfcc4b1492fff6f764851818d85007de9d8a2"}
+{"kind":"local_policy","timestamp":"2026-06-20T00:01:37.800Z","action":"write_file","actor":"agent:gpt","target":"Y:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"0cd624477f29707d50fb51ed129cfcc4b1492fff6f764851818d85007de9d8a2","hash":"60849f57f26cb478d16dfacbd890285c86039b353dd32b610781f2bd1ead37e2"}
+{"kind":"local_policy","timestamp":"2026-06-20T07:38:16.456Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"60849f57f26cb478d16dfacbd890285c86039b353dd32b610781f2bd1ead37e2","hash":"14893cfb196d22710a42277d90e2f25210965842732cc9f945bb96ce8f9f4fcb"}
+{"kind":"local_policy","timestamp":"2026-06-20T07:38:16.579Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"14893cfb196d22710a42277d90e2f25210965842732cc9f945bb96ce8f9f4fcb","hash":"882079452527f032349a2e7a60dd12d135198e22497d3f4b68b60f800f468e9e"}
+{"kind":"local_policy","timestamp":"2026-06-20T08:26:18.715Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"882079452527f032349a2e7a60dd12d135198e22497d3f4b68b60f800f468e9e","hash":"5ebd63b1800100e757fd313bc9533e317595e3f387246403e583d7e47ae182dd"}
+{"kind":"local_policy","timestamp":"2026-06-20T08:26:18.895Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"5ebd63b1800100e757fd313bc9533e317595e3f387246403e583d7e47ae182dd","hash":"2d8c2e634df7bea55d1086da89b9b2cba39385b8f8f4c93fe5f00e2861af4ebb"}
+{"kind":"local_policy","timestamp":"2026-06-20T08:47:49.677Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"2d8c2e634df7bea55d1086da89b9b2cba39385b8f8f4c93fe5f00e2861af4ebb","hash":"58705eea240aca0a89a23848d8e217bfc66a20754d26d4d5e1c873a5d7f26243"}
+{"kind":"local_policy","timestamp":"2026-06-20T08:47:49.835Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"58705eea240aca0a89a23848d8e217bfc66a20754d26d4d5e1c873a5d7f26243","hash":"f7e59903f44ed0ef649dd51d1ac0f9c65928f7ac9e1d05d3ed647ccfd439043e"}
+{"kind":"local_policy","timestamp":"2026-06-20T09:16:18.272Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"f7e59903f44ed0ef649dd51d1ac0f9c65928f7ac9e1d05d3ed647ccfd439043e","hash":"9b46fff5248d53c6e6a3d0292306e72f72107717d720bbb8110f1c9bbe4aba98"}
+{"kind":"local_policy","timestamp":"2026-06-20T09:16:18.415Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"9b46fff5248d53c6e6a3d0292306e72f72107717d720bbb8110f1c9bbe4aba98","hash":"3ce47f5511666be6bcd556a20b3f67fe98e30835036a7f8da0c98af0d2bb6eed"}
+{"kind":"local_policy","timestamp":"2026-06-20T09:47:26.292Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"3ce47f5511666be6bcd556a20b3f67fe98e30835036a7f8da0c98af0d2bb6eed","hash":"6bec570ee7f1ccfb93ab08d3668e50f787318fece9461dc06c9a2b1a62c53727"}
+{"kind":"local_policy","timestamp":"2026-06-20T09:47:26.439Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"6bec570ee7f1ccfb93ab08d3668e50f787318fece9461dc06c9a2b1a62c53727","hash":"d25f758c9d834280d62aecdd50bee074a910bb5a16876c834f3df3ef7dd90a9f"}
+{"kind":"local_policy","timestamp":"2026-06-20T10:02:37.628Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"d25f758c9d834280d62aecdd50bee074a910bb5a16876c834f3df3ef7dd90a9f","hash":"b076f0c558e069a876135b52f197fe4eb265dd44efd9b74b68cf74eaf199c8ae"}
+{"kind":"local_policy","timestamp":"2026-06-20T10:02:37.771Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"b076f0c558e069a876135b52f197fe4eb265dd44efd9b74b68cf74eaf199c8ae","hash":"b915c35fe9d842f42399bc83e5ed8bbf4c9ac0cf1d592fe72f51ec4d539b7fdb"}
+{"kind":"local_policy","timestamp":"2026-06-20T11:47:47.851Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"b915c35fe9d842f42399bc83e5ed8bbf4c9ac0cf1d592fe72f51ec4d539b7fdb","hash":"817368eab148ac1bc57ecfa22f06124164b1e6176c4051b050b5e3b23f9152a1"}
+{"kind":"local_policy","timestamp":"2026-06-20T11:47:48.023Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"817368eab148ac1bc57ecfa22f06124164b1e6176c4051b050b5e3b23f9152a1","hash":"060d71f2c54bb153628220eb1258231940a06ff16a6d7024201052d84176606d"}
+{"kind":"local_policy","timestamp":"2026-06-20T11:56:56.022Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"060d71f2c54bb153628220eb1258231940a06ff16a6d7024201052d84176606d","hash":"6aed9fdcb3a3bec3530a0d89c06f7ac3fc1f3119ca91da4f1b056d813710a30a"}
+{"kind":"local_policy","timestamp":"2026-06-20T11:56:56.171Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"6aed9fdcb3a3bec3530a0d89c06f7ac3fc1f3119ca91da4f1b056d813710a30a","hash":"91f2c57d924a21815ad3ef0abf0a4e8c05060380fe2c36ae104c4a8a67cebdbe"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:03:02.759Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"91f2c57d924a21815ad3ef0abf0a4e8c05060380fe2c36ae104c4a8a67cebdbe","hash":"d889e17676f042abfa4200d7834aa2a53bfabde2d339b81b8e6db8c365e83e28"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:03:02.916Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"d889e17676f042abfa4200d7834aa2a53bfabde2d339b81b8e6db8c365e83e28","hash":"f76eb13e259464f177968a80df07c737ad414ea324a2eeadc1f22afef29cf3ea"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:06:17.815Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"f76eb13e259464f177968a80df07c737ad414ea324a2eeadc1f22afef29cf3ea","hash":"b2710860f37999d3365ef9c3702e0d619e80138d45d086054fad169d98f9e212"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:06:17.957Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"b2710860f37999d3365ef9c3702e0d619e80138d45d086054fad169d98f9e212","hash":"4346d148ce5d4f090f2f1f574eeb6d748e641b30aadfdac27e41aae59d48ba35"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:07:08.214Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"4346d148ce5d4f090f2f1f574eeb6d748e641b30aadfdac27e41aae59d48ba35","hash":"a30c9b09a33473fc27fa0fb7b0d8900ad662be4a07486ffdb15a9a2f715e9a7e"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:07:08.344Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"a30c9b09a33473fc27fa0fb7b0d8900ad662be4a07486ffdb15a9a2f715e9a7e","hash":"83f2c7d56d26415e6d4b6fdc4111e5e979e32485f6d994cb433622a96dd70aca"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:08:25.892Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"83f2c7d56d26415e6d4b6fdc4111e5e979e32485f6d994cb433622a96dd70aca","hash":"1f649193b5fb02d0c83f36b7ff7648342da42d10b2b0589a884f2979a4518940"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:08:26.076Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"1f649193b5fb02d0c83f36b7ff7648342da42d10b2b0589a884f2979a4518940","hash":"939f5ceaa938d0a6e7dc520b607375cbd8bda9e6bce672db2adddc08ebe5167e"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:14:43.895Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"939f5ceaa938d0a6e7dc520b607375cbd8bda9e6bce672db2adddc08ebe5167e","hash":"88409073a33f89a8e29b5c9188816d8de460f23bfe92647f89cefba5029ccaa4"}
+{"kind":"local_policy","timestamp":"2026-06-20T12:14:44.042Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"88409073a33f89a8e29b5c9188816d8de460f23bfe92647f89cefba5029ccaa4","hash":"cf477d692f3888269d9243b450d9c000e630c4bba5be1f223b4baba16b70db8d"}
+{"kind":"local_policy","timestamp":"2026-06-20T13:23:45.701Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"cf477d692f3888269d9243b450d9c000e630c4bba5be1f223b4baba16b70db8d","hash":"baa3e917baa568c84ee8172d913a5744356dda663db1a6b6403f1e7380ccba3d"}
+{"kind":"local_policy","timestamp":"2026-06-20T13:23:46.038Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"baa3e917baa568c84ee8172d913a5744356dda663db1a6b6403f1e7380ccba3d","hash":"8a347b48752b01af461624d9b62a0d626a7d0c16c61930ac5765a41c5146f41c"}
+{"kind":"local_policy","timestamp":"2026-06-20T13:53:06.494Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"8a347b48752b01af461624d9b62a0d626a7d0c16c61930ac5765a41c5146f41c","hash":"0f40141f3d9d3f865a01aa684e5e6e36bcf04b037c0fa566b6ab78650f68c8c3"}
+{"kind":"local_policy","timestamp":"2026-06-20T13:53:06.939Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"0f40141f3d9d3f865a01aa684e5e6e36bcf04b037c0fa566b6ab78650f68c8c3","hash":"af45bc8c55e6682f81a14869d1b3ba0acc40107bf4e007e6b7b89786dc4cf226"}
+{"kind":"local_policy","timestamp":"2026-06-20T14:58:33.144Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"af45bc8c55e6682f81a14869d1b3ba0acc40107bf4e007e6b7b89786dc4cf226","hash":"c4984421fa1863224c6fc12af043894aba767eb351b7934f0e351f594888825e"}
+{"kind":"local_policy","timestamp":"2026-06-20T14:58:33.291Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"c4984421fa1863224c6fc12af043894aba767eb351b7934f0e351f594888825e","hash":"cfccb5a4c4877491f8e3d06e84f43af20eeea5ab447fcb57412e71e9ff4691be"}
+{"kind":"local_policy","timestamp":"2026-06-20T14:59:22.384Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"cfccb5a4c4877491f8e3d06e84f43af20eeea5ab447fcb57412e71e9ff4691be","hash":"fc67b954900c2b704ac3b33c17837de0bd021d64f5607f4add942815e8463008"}
+{"kind":"local_policy","timestamp":"2026-06-20T14:59:22.517Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"fc67b954900c2b704ac3b33c17837de0bd021d64f5607f4add942815e8463008","hash":"f93630b6208fe6b3e135f63e935343fb633a20d9a4a129cc11ae88bdadec1794"}
+{"kind":"local_policy","timestamp":"2026-06-20T15:00:10.434Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"f93630b6208fe6b3e135f63e935343fb633a20d9a4a129cc11ae88bdadec1794","hash":"84640c42c4213b5a6e5f995ff36c12e036faabaecb2bb6bd1675e69206425e15"}
+{"kind":"local_policy","timestamp":"2026-06-20T15:00:10.578Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"84640c42c4213b5a6e5f995ff36c12e036faabaecb2bb6bd1675e69206425e15","hash":"b3669fa5f3bb23eb8964ce1b414efb1cad3e9879708e6186c1ebf15f33685362"}
+{"kind":"local_policy","timestamp":"2026-06-20T15:00:59.854Z","action":"echo","actor":"agent:x","target":null,"command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"b3669fa5f3bb23eb8964ce1b414efb1cad3e9879708e6186c1ebf15f33685362","hash":"70ca3430dc4b2e0af375aa4bbe864f362f9f05e67d59e1ba4d2d8941b11c7a01"}
+{"kind":"local_policy","timestamp":"2026-06-20T15:00:59.974Z","action":"write_file","actor":"agent:gpt","target":"Z:\\Core_Control\\letterblack-sentinel\\data\\backup-test-target.txt","command":null,"mode":"observe","decision":"allow","wouldDeny":false,"ruleIds":[],"prevHash":"70ca3430dc4b2e0af375aa4bbe864f362f9f05e67d59e1ba4d2d8941b11c7a01","hash":"5aa409b72bc1b26cef4e2ecefa7441805006096bb5b8e11d0e80c56b18b949a9"}

package/package.json

@@ -1,30 +1,52 @@
 {
   "name": "@letterblack/lbe-core",
-  "version": "1.3.4",
-  "description": "Local-first execution governance SDK for AI agents.",
+  "version": "1.3.5",
+  "description": "Local-first execution governance SDK for AI agents. Agents propose → Controller validates → Adapters execute.",
   "type": "module",
-  "main": "dist/index.js",
+  "main": "index.js",
   "types": "types.d.ts",
   "exports": {
     ".": {
       "types": "./types.d.ts",
-      "default": "./dist/index.js"
+      "default": "./index.js"
     },
-    "./cli": "./dist/cli.js"
+    "./engine": "./runtime/engine.js",
+    "./adapters": "./src/adapters/index.js",
+    "./exec": "./exec/index.js",
+    "./hooks/register.cjs": "./dist/hooks/register.cjs"
   },
   "bin": {
-    "lbe": "dist/cli.js"
+    "lbe": "bin/lbe.js"
   },
-  "files": [
-    "dist/",
-    "assets/",
-    "types.d.ts",
-    "README.md",
-    "LICENSE"
-  ],
   "scripts": {
-    "pack": "npm pack",
-    "pack:check": "npm pack --dry-run"
+    "test": "node --test",
+    "lint": "eslint src/ bin/",
+    "init": "node bin/lbe.js init",
+    "verify": "node bin/lbe.js verify",
+    "dryrun": "node bin/lbe.js dryrun",
+    "run": "node bin/lbe.js run",
+    "policy:sign": "node bin/lbe.js policy-sign",
+    "health": "node bin/lbe.js health --json true",
+    "integrity:generate": "node bin/lbe.js integrity-generate",
+    "integrity:check": "node bin/lbe.js integrity-check",
+    "build:engine": "node scripts/build-engine.js",
+    "build:public-sdk": "node scripts/build-public-sdk.mjs",
+    "build:public-exec": "node scripts/build-public-exec.mjs",
+    "build:package-runtime": "node scripts/build-package-runtime.mjs",
+    "proof": "node _proof.mjs",
+    "audit:public-docs": "node scripts/audit-public-docs.mjs",
+    "verify:package-runtime": "node scripts/verify-package-runtime.mjs",
+    "assert-consumer": "node bin/lbe.js assert-consumer",
+    "verify:public-exec": "npm run proof && npm run build:public-exec && node scripts/check-public-exec.mjs && cd release-exec && npm pack --dry-run",
+    "verify:public-sdk": "npm run build:public-sdk && node scripts/check-public-artifact.mjs && cd release-public && npm pack --dry-run",
+    "engine:check": "node scripts/check-engine.js",
+    "pack:check": "npm pack --dry-run",
+    "audit:verify": "node bin/lbe.js audit-verify",
+    "guard:mainhead": "node scripts/mainhead-guard.mjs",
+    "hooks:install": "node scripts/install-git-hooks.mjs",
+    "prepack": "npm run build:package-runtime",
+    "validate:all": "npm run guard:mainhead && npm run engine:check && npm run lint && npm run test",
+    "publish:release": "node scripts/publish.mjs"
   },
   "keywords": [
     "ai-governance",
@@ -38,8 +60,18 @@
   ],
   "author": "LetterBlack",
   "license": "SEE LICENSE IN LICENSE",
-  "dependencies": {},
+  "dependencies": {
+    "tweetnacl": "^1.0.3",
+    "json-canonicalize": "^1.0.4"
+  },
+  "devDependencies": {
+    "esbuild": "^0.25.11",
+    "eslint": "^8.52.0"
+  },
   "engines": {
     "node": ">=20.9.0"
+  },
+  "directories": {
+    "doc": "docs"
   }
 }

package/release/README.md

@@ -0,0 +1,216 @@
+# {{PACKAGE_NAME}}
+
+LBE is local execution control for AI agents. It evaluates file and shell
+actions routed through its execution boundary and records local evidence.
+It is not an AI model, IDE, full OS sandbox, or cloud monitor.
+
+## Setup
+
+```bash
+npm install {{PACKAGE_NAME}}
+npx lbe init
+npx lbe status
+npx lbe logs
+npx lbe proof --public
+npx lbe open-state
+```
+
+State is stored locally in a central per-user folder, keyed by workspace ID.
+In v1.3, `.lbe/events.jsonl` remains local fallback truth and is imported once
+without changing the original file. Proof uses intent, target, file index, LBE
+events, and `proof/latest.json`; `--public` redacts sensitive proof details.
+
+LBE controls only actions routed through its execution boundary. Central writes
+are best-effort, logs remain local, and non-inspectable targets may produce
+`WEAK_PROOF`.
+
+---
+
+LBE puts a local policy gate between what an AI agent proposes and what the system actually executes. Every action — file write, shell command, anything — is validated locally before it runs. No cloud service. No daemon.
+
+> **Used in production:** LBE is the safety engine inside [Letterblack for After Effects](https://letterblack.net) — every AI-generated script and automation command passes through it before touching a live project.
+
+---
+
+## Which package do you need?
+
+| I want… | Package |
+|---|---|
+| LBE to handle file writes and shell commands for me (full controller) | `@letterblack/lbe-exec` |
+| Just the allow/deny decision — I'll execute it myself | `@letterblack/lbe-sdk` ← you are here |
+
+---
+
+## Install
+
+```bash
+npm install {{PACKAGE_NAME}}
+```
+
+Requires Node.js ≥ 20.9.0.
+
+---
+
+## Quick start
+
+```js
+import { execute } from '{{PACKAGE_NAME}}';
+
+const request = {
+  version: '1.0',
+  request_id: 'req-001',
+  timestamp: Math.floor(Date.now() / 1000),
+  actor: { id: 'agent:local', role: 'agent' },
+  intent: { type: 'command', name: 'write_file', payload: { target: 'out.txt' } },
+  context: { workspace: process.cwd(), env: {}, history: [] },
+  constraints: { policy_mode: 'strict', timeout_ms: 5000 },
+  auth: { signature: '<host-signed>', nonce: '<unique-per-request>' }
+};
+
+const result = JSON.parse(execute(JSON.stringify(request)));
+// Approved:  { ok: true,  decision: 'allow', ... }
+// Blocked:   { ok: false, decision: 'deny',  error: { stage, message } }
+```
+
+`execute(input: string): string` — accepts JSON, returns JSON. The runtime validates and returns a decision. The host acts on the decision.
+
+### Request fields
+
+| Field | Required | Description |
+|---|---:|---|
+| `version` | Yes | `"1.0"` |
+| `request_id` | Yes | Caller-supplied unique identifier |
+| `timestamp` | Yes | Unix timestamp in seconds |
+| `actor` | Yes | `{ id, role }` — identity of the requesting agent |
+| `intent` | Yes | `{ type, name, payload }` — what the agent wants to do |
+| `context` | Yes | Workspace path and caller context |
+| `constraints` | Yes | `policy_mode` and `timeout_ms` |
+| `auth` | Yes | Host-supplied `signature` and `nonce` |
+
+---
+
+## Observer mode — start here
+
+Not ready to block? Start in observer mode. Every request is fully validated and logged exactly as it would be in enforcement — but nothing is blocked. Watch what the agent is doing before you decide what to deny.
+
+```bash
+npx lbe init      # create lbe.policy.json in observer mode
+npx lbe enforce   # switch to blocking
+npx lbe observe   # switch back to advisory
+```
+
+---
+
+## CLI reference
+
+| Command | Purpose |
+|---|---|
+| `npx lbe init` | Create project-local policy and key state in observer mode |
+| `npx lbe policy-add` | Add a rule to the active policy |
+| `npx lbe observe` | Set advisory (log-only) mode |
+| `npx lbe enforce` | Set blocking mode |
+| `npx lbe run` | Validate and execute a proposal from `--in <file>` |
+| `npx lbe verify` | Validate a proposal without executing |
+| `npx lbe dryrun` | Validate and simulate without executing |
+| `npx lbe health` | Check all required files are present and readable |
+| `npx lbe audit-verify` | Verify the audit log hash chain |
+
+---
+
+## How the gate pipeline works
+
+![LBE gate sequence — Request flows through Policy, Identity, and Scope gates before reaching Action. A rejected request is routed to denial before it reaches execution.](https://unpkg.com/@letterblack/lbe-exec/assets/lbe-gates.jpg)
+
+Every request enters a 7-gate pipeline. A failure at any gate returns a structured denial — the remaining gates are not evaluated.
+
+```
+[1] Schema         required fields and structural validity
+        ↓
+[2] Timestamp      permitted clock-skew window (±10 minutes)
+        ↓
+[3] Key lifecycle  trusted key, active, not expired
+        ↓
+[4] Signature      Ed25519 request authenticity
+        ↓
+[5] Rate limit     per-requester sliding-window limit
+        ↓
+[6] Nonce          single-use replay protection
+        ↓
+[7] Policy         configured authorization (deny-wins)
+        ↓
+  allow / deny / error — structured result returned to host
+```
+
+The WASM runtime owns all gate decisions. Your host receives the decision and acts on it. Nothing executes inside the runtime.
+
+---
+
+## When a request is approved
+
+![Happy path — agent proposes action, identity confirmed, policy approved, governed write executed, audit chain extended, result returned to app.](https://unpkg.com/@letterblack/lbe-exec/assets/story-allow.jpg)
+
+1. The agent produces a signed action proposal.
+2. Identity is confirmed against a locally held key — no network call required.
+3. The project policy is evaluated. The action is approved.
+4. The host executes the write or command inside the allowed workspace.
+5. The audit chain is extended — every approved action appends a hash-linked entry to the local log, permanently verifiable, impossible to silently remove.
+6. A structured result returns: whether it succeeded, which rules matched, and the audit entry identifier.
+
+The application stays in control. {{PACKAGE_NAME}} decides whether the action was permitted and hands the answer back. It does not execute for you.
+
+---
+
+## When a request is blocked
+
+![Deny path — policy rejection before a governed action, shell untouched, filesystem unchanged, audit entry written, final state clean.](https://unpkg.com/@letterblack/lbe-exec/assets/story-deny.jpg)
+
+1. The agent proposes an action that is outside the permitted policy.
+2. The policy gate closes immediately. The WASM runtime stamps the request denied before any adapter is reached.
+3. The shell is untouched. The filesystem is unchanged.
+4. The denial is written to the immutable audit log — chain sealed, evidence preserved.
+
+No partial execution. No silent failures. Denial is a first-class outcome, not an error.
+
+---
+
+## What this covers
+
+| Threat | Gate |
+|---|---|
+| Malformed or incomplete request | Schema |
+| Stale or replayed request | Timestamp + Nonce |
+| Tampered or expired key | Key lifecycle + Signature |
+| Excessive requests from one actor | Rate limit |
+| Action not permitted by project policy | Policy — deny-wins |
+| Agent writing outside project root | Scope check in host after decision |
+
+---
+
+## What ships
+
+```
+dist/index.js               WebAssembly runtime loader and execute()
+dist/cli.js                 Local CLI (npx lbe)
+dist/lbe_engine.wasm        Verified runtime binary
+dist/wasm.lock.json         Runtime integrity lock (SHA-256 of wasm binary)
+assets/lbe-gates.jpg        Gate sequence diagram
+assets/story-allow.jpg      Approved-request storyboard
+assets/story-deny.jpg       Blocked-request storyboard
+assets/runtime-boundary.svg Runtime boundary diagram
+assets/lbe-gates.png        Gate sequence diagram (full resolution)
+assets/story-allow.png      Approved-request storyboard (full resolution)
+assets/story-deny.png       Blocked-request storyboard (full resolution)
+types.d.ts                  TypeScript declarations
+```
+
+At load time the runtime verifies `lbe_engine.wasm` against `wasm.lock.json`. A missing, modified, or swapped binary fails before any request is processed.
+
+Source code, controller implementation, adapters, tests, keys, and runtime state are not included.
+
+---
+
+## Limits
+
+This package validates requests routed through its runtime. It does not provide kernel-level process isolation, network-egress control, multi-tenant separation, or a hosted control plane.
+
+For an in-process controller with file operations, shell, and policy management built in, see `@letterblack/lbe-exec`.

package/release/TRUST.md

@@ -0,0 +1,90 @@
+# Trust Model
+
+This document states plainly what you can and cannot verify about `@letterblack/lbe-exec` and `@letterblack/lbe-sdk`. It is written for agents and developers who want to reason about the trust surface before depending on this package.
+
+---
+
+## What this package does
+
+LBE intercepts Node.js file system and shell operations at the process level via a CJS preload hook (`--require`). Every intercepted action is evaluated against a local policy file and appended to an audit log. The governance engine runs inside a compiled WASM binary shipped with the package.
+
+---
+
+## What you can verify independently
+
+### 1. Hook behavior (fully verifiable)
+
+The preload hook (`hooks/register.cjs`) is client-side JavaScript. You can read it, run it in isolation, and confirm it patches the APIs it claims to patch. The minified form is smaller but not protected — it can be formatted and read.
+
+```bash
+# Confirm hook patches fs and child_process
+node --require ./node_modules/@letterblack/lbe-exec/hooks/register.cjs \
+  -e "require('fs').writeFileSync('test.txt','x')"
+cat .lbe/events.jsonl
+```
+
+### 2. Audit log integrity (partially verifiable)
+
+`audit.jsonl` is append-only JSONL in `.lbe/`. You can read every entry. The format is stable and human-readable. There is no cryptographic hash chain on the events.jsonl written by the hook — entries can be deleted without detection at the file level.
+
+### 3. WASM hash lock (tamper-detection, not supply-chain proof)
+
+`dist/wasm.lock.json` contains a SHA-256 hash of `dist/lbe_engine.wasm`. The CLI verifies this at runtime.
+
+**What this protects against:** post-install tampering — if someone modifies the WASM binary on your machine after installation, the hash check fails and the CLI refuses to run.
+
+**What this does not protect against:** the initial install. If the package on npm is compromised before you install it, the hash in `wasm.lock.json` will match the compromised binary. This is standard supply-chain trust, not an additional guarantee.
+
+### 4. Commit signatures (verifiable from 2026-06-21 forward)
+
+Commits to this repository are GPG-signed with key `B902B3111F7D01BA` (Ed25519, expires 2028-06-20). You can verify:
+
+```bash
+git log --show-signature
+```
+
+This confirms that commits were made by the key holder. It does not make the code open source.
+
+---
+
+## What you cannot verify
+
+### The WASM runtime is closed source
+
+`dist/lbe_engine.wasm` is a compiled binary. Its source is not published. You cannot audit the governance engine logic — policy evaluation, signature verification, rate limiting, nonce replay protection — from the shipped artifact.
+
+The trust chain for the runtime is: **you trust the binary or you don't.** There is no open-source alternative at this time.
+
+### Minified JS is not hidden
+
+`hooks/register.cjs` and `dist/cli.js` are minified. Minified means smaller and harder to read — not protected, not encrypted, not obfuscated beyond whitespace and name compression. A motivated reader can format and read the full implementation.
+
+---
+
+## What the hook does and does not govern
+
+**Governed:** Node.js processes that load the hook via `--require` or `NODE_OPTIONS`.
+
+**Not governed:** Python, Go, Rust, native binaries, PowerShell scripts, subprocess spawns outside `child_process`, or any process that runs outside the hooked Node.js environment.
+
+The hook is a best-effort governance layer for Node.js agents, not a sandbox or kernel-level enforcement mechanism.
+
+---
+
+## Verification surface summary
+
+| Claim | Verifiable? | How |
+|---|---|---|
+| Hook patches fs and child_process | Yes | Run it, read the audit log |
+| Audit log captures intercepted actions | Yes | Read `.lbe/events.jsonl` |
+| WASM binary not tampered post-install | Yes | Hash in `wasm.lock.json` |
+| WASM binary not tampered at publish time | No | Closed source, standard npm trust |
+| Governance engine logic is correct | No | WASM is not open source |
+| Commits are from the stated author | Yes | GPG signatures on git history |
+| Hook controls every Node.js action | No | JS is not a sandbox |
+
+---
+
+## Reporting
+
+If you find behaviour that contradicts this document — the hook not logging, the hash check not failing on a modified binary, or audit entries missing — open an issue on the public repository.