@llm-dev-ops/agentics-cli 1.4.6 → 1.4.8

package/dist/enterprise/lineage.js

@@ -0,0 +1,218 @@
+/**
+ * Lineage Tracking Module (ADR-004, Domain 2)
+ *
+ * PURPOSE: Track parent-child relationships between simulation artifacts.
+ * Ruvector stores lineage as first-class data, not inferred from timestamps.
+ *
+ * INVARIANTS ENFORCED:
+ * - Invariant 1: Every simulation has a memory footprint
+ * - Invariant 2: Every integration/ERP mapping derives from a simulation
+ * - Invariant 3: No integration proposal without traceability
+ * - Invariant 7: CLI is only path for artifact creation
+ *
+ * FORBIDDEN:
+ * - Creating lineage without a simulation parent
+ * - Querying live enterprise systems
+ * - Storing credentials or tokens
+ * - Business logic (lineage is structural, not behavioral)
+ */
+import * as crypto from 'node:crypto';
+// ============================================================================
+// Lineage Record Construction
+// ============================================================================
+/**
+ * Create a lineage record for an artifact.
+ * Every artifact persisted in Ruvector must have a corresponding lineage record.
+ *
+ * @param artifactId - The artifact this lineage entry describes
+ * @param category - The type of artifact
+ * @param simulationId - The parent simulation (Invariant 2)
+ * @param decisionContext - The natural language input that seeded synthesis
+ * @param attribution - Identity attribution (user_id, org_id)
+ * @param planId - The plan this artifact belongs to (optional)
+ */
+export function createLineageRecord(artifactId, category, simulationId, decisionContext, attribution, planId) {
+    return {
+        id: `lin-${crypto.randomUUID()}`,
+        artifact_id: artifactId,
+        artifact_category: category,
+        simulation_id: simulationId,
+        plan_id: planId,
+        decision_context: decisionContext,
+        attribution,
+        governance: {
+            gate_pipeline_version: '1.0.0',
+            synthesis_classification: classifySynthesis(category),
+        },
+        created_at: new Date().toISOString(),
+    };
+}
+/**
+ * Determine the synthesis classification for an artifact category.
+ * Mirrors ADR-001 classifications.
+ */
+function classifySynthesis(category) {
+    switch (category) {
+        case 'simulation':
+        case 'plan':
+        case 'integration_mapping':
+        case 'erp_proposal':
+        case 'cost_projection':
+        case 'risk_assessment':
+            return 'SYNTHESIS_REQUIRED';
+        case 'deployment':
+        case 'decision':
+            return 'COMMITMENT_GRADE';
+        default:
+            return 'SYNTHESIS_REQUIRED';
+    }
+}
+// ============================================================================
+// Simulation Memory Record Construction
+// ============================================================================
+/**
+ * Create a simulation memory record for Ruvector persistence (Invariant 1).
+ * Called when a simulation is initiated through the CLI.
+ */
+export function createSimulationMemoryRecord(id, intent, attribution) {
+    const now = new Date().toISOString();
+    return {
+        id,
+        type: 'simulation',
+        intent,
+        status: 'created',
+        attribution,
+        artifact_ids: [],
+        created_at: now,
+        updated_at: now,
+        checksum: computeChecksum({ id, intent, created_at: now }),
+    };
+}
+/**
+ * Update a simulation memory record with completion data.
+ */
+export function completeSimulationMemoryRecord(record, result, artifactIds) {
+    const now = new Date().toISOString();
+    return {
+        ...record,
+        status: 'completed',
+        result,
+        artifact_ids: [...record.artifact_ids, ...artifactIds],
+        updated_at: now,
+        checksum: computeChecksum({ ...record, result, updated_at: now }),
+    };
+}
+/**
+ * Mark a simulation memory record as failed.
+ */
+export function failSimulationMemoryRecord(record, error) {
+    const now = new Date().toISOString();
+    return {
+        ...record,
+        status: 'failed',
+        result: { error },
+        updated_at: now,
+        checksum: computeChecksum({ ...record, error, updated_at: now }),
+    };
+}
+// ============================================================================
+// Integration Proposal Construction
+// ============================================================================
+/**
+ * Create an integration proposal derived from a simulation (Invariant 2).
+ * Proposals describe what would change, not what has changed.
+ */
+export function createIntegrationProposal(integrationName, proposedChanges, risks, dependencies, simulationId, attribution, planId) {
+    return {
+        id: `intprop-${crypto.randomUUID()}`,
+        type: 'integration_proposal',
+        integration_name: integrationName,
+        proposed_changes: proposedChanges,
+        risks,
+        dependencies,
+        simulation_id: simulationId,
+        plan_id: planId,
+        attribution,
+        created_at: new Date().toISOString(),
+    };
+}
+// ============================================================================
+// ERP Surface Mapping Construction
+// ============================================================================
+/**
+ * Create an ERP Surface mapping derived from a simulation (Invariant 6).
+ * ERP Surface never initiates — it receives proposed implementations.
+ */
+export function createErpSurfaceMapping(erpType, entityType, proposedImplementation, simulationId, integrationProposalIds, attribution) {
+    return {
+        id: `erpmap-${crypto.randomUUID()}`,
+        type: 'erp_mapping',
+        erp_type: erpType,
+        entity_type: entityType,
+        proposed_implementation: proposedImplementation,
+        simulation_id: simulationId,
+        integration_proposal_ids: integrationProposalIds,
+        attribution,
+        created_at: new Date().toISOString(),
+    };
+}
+// ============================================================================
+// Traceability Validation
+// ============================================================================
+/**
+ * Validate that an artifact has a valid simulation parent.
+ * Returns a validation result with specific error messaging.
+ *
+ * ADR-004, Invariant 3: No integration proposal exists without traceability.
+ */
+export function validateTraceability(simulationId, artifactType) {
+    if (!simulationId) {
+        return {
+            valid: false,
+            message: `${artifactType} requires a simulation_id. ` +
+                `All enterprise artifacts must trace to a governed simulation ` +
+                `(ADR-004, Invariant 2).`,
+        };
+    }
+    if (typeof simulationId !== 'string' || simulationId.trim() === '') {
+        return {
+            valid: false,
+            message: `${artifactType} simulation_id must be a non-empty string. ` +
+                `Received: ${String(simulationId)}`,
+        };
+    }
+    return { valid: true, message: '' };
+}
+/**
+ * Validate that a lineage chain is complete.
+ * Checks that simulation → plan → artifact chain is traceable.
+ */
+export function validateLineageChain(records) {
+    const missing = [];
+    for (const record of records) {
+        if (!record.simulation_id) {
+            missing.push(`Lineage ${record.id}: missing simulation_id`);
+        }
+        if (!record.attribution.created_by) {
+            missing.push(`Lineage ${record.id}: missing attribution.created_by`);
+        }
+        if (!record.attribution.org_id) {
+            missing.push(`Lineage ${record.id}: missing attribution.org_id`);
+        }
+        if (!record.decision_context) {
+            missing.push(`Lineage ${record.id}: missing decision_context`);
+        }
+    }
+    return {
+        complete: missing.length === 0,
+        missing,
+    };
+}
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+function computeChecksum(data) {
+    const canonical = JSON.stringify(data);
+    return crypto.createHash('sha256').update(canonical).digest('hex');
+}
+//# sourceMappingURL=lineage.js.map

package/dist/enterprise/lineage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lineage.js","sourceRoot":"","sources":["../../src/enterprise/lineage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAUtC,+EAA+E;AAC/E,8BAA8B;AAC9B,+EAA+E;AAE/E;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAkB,EAClB,QAA0B,EAC1B,YAAoB,EACpB,eAAuB,EACvB,WAAwB,EACxB,MAAe;IAEf,OAAO;QACL,EAAE,EAAE,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE;QAChC,WAAW,EAAE,UAAU;QACvB,iBAAiB,EAAE,QAAQ;QAC3B,aAAa,EAAE,YAAY;QAC3B,OAAO,EAAE,MAAM;QACf,gBAAgB,EAAE,eAAe;QACjC,WAAW;QACX,UAAU,EAAE;YACV,qBAAqB,EAAE,OAAO;YAC9B,wBAAwB,EAAE,iBAAiB,CAAC,QAAQ,CAAC;SACtD;QACD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,QAA0B;IACnD,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,YAAY,CAAC;QAClB,KAAK,MAAM,CAAC;QACZ,KAAK,qBAAqB,CAAC;QAC3B,KAAK,cAAc,CAAC;QACpB,KAAK,iBAAiB,CAAC;QACvB,KAAK,iBAAiB;YACpB,OAAO,oBAAoB,CAAC;QAC9B,KAAK,YAAY,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,kBAAkB,CAAC;QAC5B;YACE,OAAO,oBAAoB,CAAC;IAChC,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,wCAAwC;AACxC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAC1C,EAAU,EACV,MAAc,EACd,WAAwB;IAExB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO;QACL,EAAE;QACF,IAAI,EAAE,YAAY;QAClB,MAAM;QACN,MAAM,EAAE,SAAS;QACjB,WAAW;QACX,YAAY,EAAE,EAAE;QAChB,UAAU,EAAE,GAAG;QACf,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE,eAAe,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;KAC3D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAA8B,EAC9B,MAAe,EACf,WAAqB;IAErB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO;QACL,GAAG,MAAM;QACT,MAAM,EAAE,WAAW;QACnB,MAAM;QACN,YAAY,EAAE,CAAC,GAAG,MAAM,CAAC,YAAY,EAAE,GAAG,WAAW,CAAC;QACtD,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE,eAAe,CAAC,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;KAClE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,MAA8B,EAC9B,KAAa;IAEb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO;QACL,GAAG,MAAM;QACT,MAAM,EAAE,QAAQ;QAChB,MAAM,EAAE,EAAE,KAAK,EAAE;QACjB,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE,eAAe,CAAC,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;KACjE,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,oCAAoC;AACpC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,eAAuB,EACvB,eAAuB,EACvB,KAAe,EACf,YAAsB,EACtB,YAAoB,EACpB,WAAwB,EACxB,MAAe;IAEf,OAAO;QACL,EAAE,EAAE,WAAW,MAAM,CAAC,UAAU,EAAE,EAAE;QACpC,IAAI,EAAE,sBAAsB;QAC5B,gBAAgB,EAAE,eAAe;QACjC,gBAAgB,EAAE,eAAe;QACjC,KAAK;QACL,YAAY;QACZ,aAAa,EAAE,YAAY;QAC3B,OAAO,EAAE,MAAM;QACf,WAAW;QACX,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,mCAAmC;AACnC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAe,EACf,UAAkB,EAClB,sBAA+B,EAC/B,YAAoB,EACpB,sBAAgC,EAChC,WAAwB;IAExB,OAAO;QACL,EAAE,EAAE,UAAU,MAAM,CAAC,UAAU,EAAE,EAAE;QACnC,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,UAAU;QACvB,uBAAuB,EAAE,sBAAsB;QAC/C,aAAa,EAAE,YAAY;QAC3B,wBAAwB,EAAE,sBAAsB;QAChD,WAAW;QACX,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,YAAgC,EAChC,YAAoB;IAEpB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,GAAG,YAAY,6BAA6B;gBACnD,+DAA+D;gBAC/D,yBAAyB;SAC5B,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnE,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,GAAG,YAAY,6CAA6C;gBACnE,aAAa,MAAM,CAAC,YAAY,CAAC,EAAE;SACtC,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAwB;IAI3D,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,EAAE,yBAAyB,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,EAAE,kCAAkC,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,EAAE,8BAA8B,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,EAAE,4BAA4B,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC9B,OAAO;KACR,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,eAAe,CAAC,IAAa;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC"}

package/dist/gates/argument-guard.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Argument Guard Gate (Gate 5)
+ *
+ * Runtime validation middleware derived from ADR-001 (Command Argument Semantics).
+ * This gate enforces:
+ *
+ * 1. ID vs Natural Language argument rules
+ * 2. Required argument presence
+ * 3. Synthesis allow/deny per command
+ * 4. Confirmation enforcement for irreversible commands
+ * 5. Deterministic, instructional error messages
+ *
+ * The ADR (adr-command-semantics.ts) is the authoritative policy.
+ * This gate is mechanically derived from it.
+ */
+import type { CommandObject } from '../types/index.js';
+import { type CommandSpec } from '../contracts/adr-command-semantics.js';
+export interface ArgumentGuardResult {
+    allowed: boolean;
+    exitCode?: number;
+    message?: string;
+    spec?: CommandSpec;
+}
+/**
+ * Check if the given command object passes argument validation.
+ * Returns a result indicating whether the command may proceed.
+ */
+export declare function checkArgumentGuard(cmd: CommandObject): ArgumentGuardResult;
+/**
+ * Enforce the argument guard. Exits the process on failure.
+ * Follows the same pattern as other gates (execution-gate, auth-session-gate).
+ */
+export declare function enforceArgumentGuard(cmd: CommandObject): void;
+/**
+ * Check if a command requires argument validation.
+ * Built-in commands (help, version) are exempt.
+ */
+export declare function requiresArgumentValidation(command: string): boolean;
+//# sourceMappingURL=argument-guard.d.ts.map

package/dist/gates/argument-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"argument-guard.d.ts","sourceRoot":"","sources":["../../src/gates/argument-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAIL,KAAK,WAAW,EAEjB,MAAM,uCAAuC,CAAC;AAO/C,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,WAAW,CAAC;CACpB;AAMD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,aAAa,GAAG,mBAAmB,CA6B1E;AA6HD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,aAAa,GAAG,IAAI,CAO7D;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAGnE"}

package/dist/gates/argument-guard.js

@@ -0,0 +1,180 @@
+/**
+ * Argument Guard Gate (Gate 5)
+ *
+ * Runtime validation middleware derived from ADR-001 (Command Argument Semantics).
+ * This gate enforces:
+ *
+ * 1. ID vs Natural Language argument rules
+ * 2. Required argument presence
+ * 3. Synthesis allow/deny per command
+ * 4. Confirmation enforcement for irreversible commands
+ * 5. Deterministic, instructional error messages
+ *
+ * The ADR (adr-command-semantics.ts) is the authoritative policy.
+ * This gate is mechanically derived from it.
+ */
+import { lookupCommand, classifyArgument, validateArgument, } from '../contracts/adr-command-semantics.js';
+import { EXIT_CODES } from '../types/index.js';
+// ============================================================================
+// Guard Implementation
+// ============================================================================
+/**
+ * Check if the given command object passes argument validation.
+ * Returns a result indicating whether the command may proceed.
+ */
+export function checkArgumentGuard(cmd) {
+    const { command, subcommand, positionalArgs } = cmd;
+    // Step 1: Look up command spec in ADR registry
+    const spec = lookupCommand(command, subcommand);
+    if (!spec) {
+        // Command not in registry. Commands like 'help', 'version' may have
+        // no subcommand spec. Allow unregistered commands to pass through
+        // (other gates handle unknown commands).
+        const primarySpec = lookupCommand(command);
+        if (!primarySpec && subcommand) {
+            // Try: maybe the subcommand is actually a positional arg
+            // for the primary command (e.g., "plan <manifestQuery>")
+            const parentSpec = lookupCommand(command);
+            if (parentSpec) {
+                const modifiedCmd = {
+                    ...cmd,
+                    positionalArgs: [subcommand, ...positionalArgs],
+                };
+                return validateArgs(parentSpec, modifiedCmd);
+            }
+        }
+        // No spec found — allow through (other gates will catch truly invalid commands)
+        return { allowed: true };
+    }
+    // Step 2: Validate argument count, types, and confirmation requirements
+    return validateArgs(spec, cmd);
+}
+/**
+ * Validate positional arguments against the command spec.
+ * Accepts the full CommandObject to access flags for confirmation checks.
+ */
+function validateArgs(spec, cmd) {
+    const positionalArgs = cmd.positionalArgs;
+    const requiredArgs = spec.args.filter(a => a.required);
+    // Case A: Missing required arguments
+    if (requiredArgs.length > 0 && positionalArgs.length < requiredArgs.length) {
+        const missing = requiredArgs.slice(positionalArgs.length);
+        const missingNames = missing.map(a => `<${a.name}>`).join(' ');
+        const examples = missing.map(a => `  ${a.example}  — ${a.description}`).join('\n');
+        return {
+            allowed: false,
+            exitCode: EXIT_CODES.ARG_VALIDATION_ERROR,
+            message: `Error: Missing required argument${missing.length > 1 ? 's' : ''}: ${missingNames}\n` +
+                `\n` +
+                `Usage: agentics ${spec.command} ${spec.args.map(a => a.required ? `<${a.name}>` : `[${a.name}]`).join(' ')}\n` +
+                `\n` +
+                `Expected:\n` +
+                `${examples}\n` +
+                `\n` +
+                formatArgumentTypeHint(missing[0].type),
+            spec,
+        };
+    }
+    // Case B/C: Wrong argument type
+    for (let i = 0; i < spec.args.length && i < positionalArgs.length; i++) {
+        const argSpec = spec.args[i];
+        const argValue = positionalArgs[i];
+        const error = validateArgument(argValue, argSpec);
+        if (error) {
+            return {
+                allowed: false,
+                exitCode: EXIT_CODES.ARG_VALIDATION_ERROR,
+                message: `Error: Invalid argument for '${spec.command}'\n` +
+                    `\n` +
+                    `${error}\n` +
+                    `\n` +
+                    `Usage: agentics ${spec.command} ${spec.args.map(a => a.required ? `<${a.name}>` : `[${a.name}]`).join(' ')}`,
+                spec,
+            };
+        }
+    }
+    // Case D: Synthesis attempted on forbidden command
+    // (Checked at the command level — if NL detected on SYNTHESIS_FORBIDDEN)
+    if (spec.synthesis === 'SYNTHESIS_FORBIDDEN') {
+        for (let i = 0; i < spec.args.length && i < positionalArgs.length; i++) {
+            const argSpec = spec.args[i];
+            if (argSpec.type === 'ID') {
+                const detected = classifyArgument(positionalArgs[i]);
+                if (detected === 'NATURAL_LANGUAGE') {
+                    return {
+                        allowed: false,
+                        exitCode: EXIT_CODES.ARG_VALIDATION_ERROR,
+                        message: `Error: Synthesis is not allowed on '${spec.command}'.\n` +
+                            `\n` +
+                            `This command requires an ID, not a description.\n` +
+                            `Natural language input triggers synthesis, which is forbidden for this command.\n` +
+                            `\n` +
+                            `Usage: agentics ${spec.command} <${argSpec.name}>\n` +
+                            `Example: agentics ${spec.command} ${argSpec.example}`,
+                        spec,
+                    };
+                }
+            }
+        }
+    }
+    // Case E: Irreversible command without explicit confirmation (ADR-002 Decision 2, Rule 4)
+    if (spec.requiresConfirmation) {
+        const hasForceFlag = cmd.flags['force'] === true;
+        if (!hasForceFlag) {
+            const argsUsage = spec.args.map(a => a.required ? `<${a.name}>` : `[${a.name}]`).join(' ');
+            return {
+                allowed: false,
+                exitCode: EXIT_CODES.ARG_VALIDATION_ERROR,
+                message: `Error: Command '${spec.command}' requires explicit confirmation.\n` +
+                    `\n` +
+                    (spec.irreversible
+                        ? `This command performs an irreversible operation and cannot be undone.\n`
+                        : `This command requires confirmation before proceeding.\n`) +
+                    `You must provide the --force flag to confirm.\n` +
+                    `\n` +
+                    `Usage: agentics ${spec.command} ${argsUsage} --force`,
+                spec,
+            };
+        }
+    }
+    return { allowed: true, spec };
+}
+/**
+ * Generate a hint string for the expected argument type.
+ */
+function formatArgumentTypeHint(type) {
+    switch (type) {
+        case 'ID':
+            return 'Hint: IDs are lowercase, hyphenated identifiers or UUIDs.\n' +
+                '      They resolve to persisted objects. Never use quoted text here.';
+        case 'NATURAL_LANGUAGE':
+            return 'Hint: Descriptions must be quoted natural language strings.\n' +
+                '      They seed synthesis to create new resources.';
+        case 'SELECTOR':
+            return 'Hint: Selectors are keywords like "latest" or UUIDs.\n' +
+                '      They select existing resources without triggering synthesis.';
+    }
+}
+// ============================================================================
+// Gate Enforcement
+// ============================================================================
+/**
+ * Enforce the argument guard. Exits the process on failure.
+ * Follows the same pattern as other gates (execution-gate, auth-session-gate).
+ */
+export function enforceArgumentGuard(cmd) {
+    const result = checkArgumentGuard(cmd);
+    if (!result.allowed) {
+        console.error(result.message);
+        process.exit(result.exitCode ?? EXIT_CODES.ARG_VALIDATION_ERROR);
+    }
+}
+/**
+ * Check if a command requires argument validation.
+ * Built-in commands (help, version) are exempt.
+ */
+export function requiresArgumentValidation(command) {
+    const exempt = ['help', 'version'];
+    return !exempt.includes(command);
+}
+//# sourceMappingURL=argument-guard.js.map

package/dist/gates/argument-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"argument-guard.js","sourceRoot":"","sources":["../../src/gates/argument-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,gBAAgB,GAGjB,MAAM,uCAAuC,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAa/C,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAkB;IACnD,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,GAAG,CAAC;IAEpD,+CAA+C;IAC/C,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAEhD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,oEAAoE;QACpE,kEAAkE;QAClE,yCAAyC;QACzC,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,IAAI,UAAU,EAAE,CAAC;YAC/B,yDAAyD;YACzD,yDAAyD;YACzD,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,WAAW,GAAkB;oBACjC,GAAG,GAAG;oBACN,cAAc,EAAE,CAAC,UAAU,EAAE,GAAG,cAAc,CAAC;iBAChD,CAAC;gBACF,OAAO,YAAY,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,gFAAgF;QAChF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,wEAAwE;IACxE,OAAO,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AACjC,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,IAAiB,EAAE,GAAkB;IACzD,MAAM,cAAc,GAAG,GAAG,CAAC,cAAc,CAAC;IAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAEvD,qCAAqC;IACrC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;QAC3E,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,OAAO,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEnF,OAAO;YACL,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,UAAU,CAAC,oBAAoB;YACzC,OAAO,EACL,mCAAmC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,YAAY,IAAI;gBACrF,IAAI;gBACJ,mBAAmB,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI;gBAC/G,IAAI;gBACJ,aAAa;gBACb,GAAG,QAAQ,IAAI;gBACf,IAAI;gBACJ,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,IAAI,CAAC;YAC1C,IAAI;SACL,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAE,CAAC;QACpC,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAElD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,UAAU,CAAC,oBAAoB;gBACzC,OAAO,EACL,gCAAgC,IAAI,CAAC,OAAO,KAAK;oBACjD,IAAI;oBACJ,GAAG,KAAK,IAAI;oBACZ,IAAI;oBACJ,mBAAmB,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBAC/G,IAAI;aACL,CAAC;QACJ,CAAC;IACH,CAAC;IAED,mDAAmD;IACnD,yEAAyE;IACzE,IAAI,IAAI,CAAC,SAAS,KAAK,qBAAqB,EAAE,CAAC;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBAC1B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC,CAAE,CAAC,CAAC;gBACtD,IAAI,QAAQ,KAAK,kBAAkB,EAAE,CAAC;oBACpC,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,UAAU,CAAC,oBAAoB;wBACzC,OAAO,EACL,uCAAuC,IAAI,CAAC,OAAO,MAAM;4BACzD,IAAI;4BACJ,mDAAmD;4BACnD,mFAAmF;4BACnF,IAAI;4BACJ,mBAAmB,IAAI,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,KAAK;4BACrD,qBAAqB,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE;wBACxD,IAAI;qBACL,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,0FAA0F;IAC1F,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC9B,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;QACjD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC3F,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,UAAU,CAAC,oBAAoB;gBACzC,OAAO,EACL,mBAAmB,IAAI,CAAC,OAAO,qCAAqC;oBACpE,IAAI;oBACJ,CAAC,IAAI,CAAC,YAAY;wBAChB,CAAC,CAAC,yEAAyE;wBAC3E,CAAC,CAAC,yDAAyD,CAAC;oBAC9D,iDAAiD;oBACjD,IAAI;oBACJ,mBAAmB,IAAI,CAAC,OAAO,IAAI,SAAS,UAAU;gBACxD,IAAI;aACL,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,IAAkB;IAChD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,IAAI;YACP,OAAO,6DAA6D;gBAC7D,sEAAsE,CAAC;QAChF,KAAK,kBAAkB;YACrB,OAAO,+DAA+D;gBAC/D,oDAAoD,CAAC;QAC9D,KAAK,UAAU;YACb,OAAO,wDAAwD;gBACxD,oEAAoE,CAAC;IAChF,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAkB;IACrD,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAEvC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAe;IACxD,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACnC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC"}

package/dist/gates/index.d.ts

@@ -9,6 +9,8 @@
  * 2. Auth Session Gate - Requires authenticated session
  * 3. Service Health Gate - Validates Ruvector-backed service availability
  * 4. Output Format Gate - Enforces strict JSON output
+ * 5. Argument Guard Gate - Validates argument types per ADR-001
+ * 6. Lineage Gate - Enforces simulation traceability per ADR-004
  *
  * CRITICAL REQUIREMENTS MET:
  * - CLI requires Ruvector-backed services (Service Health Gate)
@@ -18,9 +20,12 @@
  * - Validates target service availability (Service Health Gate)
  * - Enforces strict JSON outputs (Output Format Gate)
  * - Never allows narrative output (Output Format Gate)
+ * - Enterprise artifacts trace to governed simulations (Lineage Gate)
  */
 export { checkExecutionGate, enforceExecutionGate, isExecutionEnabled, getAllowedCommands, resolveEntitlement, EXECUTION_BLOCKED_EXIT_CODE, type ExecutionGateResult, type Entitlement, } from './execution-gate.js';
 export { enforceAuthSessionGate, checkAuthSessionGate, requiresAuthentication, AUTH_REQUIRED_EXIT_CODE, AuthSessionRequiredError, type AuthSessionGateResult, } from './auth-session-gate.js';
 export { enforceServiceHealthGate, checkServiceHealthGate, requiresHealthCheck, SERVICE_UNAVAILABLE_EXIT_CODE, ServiceHealthError, type ServiceHealthResult, type ServiceHealthGateResult, } from './service-health-gate.js';
 export { enforceOutputFormatGate, checkOutputFormatGate, requiresStructuredOutput, getDefaultFormat, INVALID_FORMAT_EXIT_CODE, InvalidOutputFormatError, type OutputFormatGateResult, } from './output-format-gate.js';
+export { checkArgumentGuard, enforceArgumentGuard, requiresArgumentValidation, type ArgumentGuardResult, } from './argument-guard.js';
+export { checkLineageGate, enforceLineageGate, requiresLineageValidation, LINEAGE_VIOLATION_EXIT_CODE, type LineageGateResult, } from './lineage-gate.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/gates/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,2BAA2B,EAC3B,KAAK,mBAAmB,EACxB,KAAK,WAAW,GACjB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,wBAAwB,EACxB,sBAAsB,EACtB,mBAAmB,EACnB,6BAA6B,EAC7B,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,EACxB,KAAK,sBAAsB,GAC5B,MAAM,yBAAyB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,2BAA2B,EAC3B,KAAK,mBAAmB,EACxB,KAAK,WAAW,GACjB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,wBAAwB,EACxB,sBAAsB,EACtB,mBAAmB,EACnB,6BAA6B,EAC7B,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,GAC7B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,EACxB,KAAK,sBAAsB,GAC5B,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,0BAA0B,EAC1B,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,yBAAyB,EACzB,2BAA2B,EAC3B,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC"}

package/dist/gates/index.js

@@ -9,6 +9,8 @@
  * 2. Auth Session Gate - Requires authenticated session
  * 3. Service Health Gate - Validates Ruvector-backed service availability
  * 4. Output Format Gate - Enforces strict JSON output
+ * 5. Argument Guard Gate - Validates argument types per ADR-001
+ * 6. Lineage Gate - Enforces simulation traceability per ADR-004
  *
  * CRITICAL REQUIREMENTS MET:
  * - CLI requires Ruvector-backed services (Service Health Gate)
@@ -18,6 +20,7 @@
  * - Validates target service availability (Service Health Gate)
  * - Enforces strict JSON outputs (Output Format Gate)
  * - Never allows narrative output (Output Format Gate)
+ * - Enterprise artifacts trace to governed simulations (Lineage Gate)
  */
 // Execution Gate - Hard kill-switch
 export { checkExecutionGate, enforceExecutionGate, isExecutionEnabled, getAllowedCommands, resolveEntitlement, EXECUTION_BLOCKED_EXIT_CODE, } from './execution-gate.js';
@@ -27,4 +30,8 @@ export { enforceAuthSessionGate, checkAuthSessionGate, requiresAuthentication, A
 export { enforceServiceHealthGate, checkServiceHealthGate, requiresHealthCheck, SERVICE_UNAVAILABLE_EXIT_CODE, ServiceHealthError, } from './service-health-gate.js';
 // Output Format Gate - Enforces strict JSON output
 export { enforceOutputFormatGate, checkOutputFormatGate, requiresStructuredOutput, getDefaultFormat, INVALID_FORMAT_EXIT_CODE, InvalidOutputFormatError, } from './output-format-gate.js';
+// Argument Guard Gate - Validates argument types per ADR-001
+export { checkArgumentGuard, enforceArgumentGuard, requiresArgumentValidation, } from './argument-guard.js';
+// Lineage Gate - Enforces simulation traceability per ADR-004
+export { checkLineageGate, enforceLineageGate, requiresLineageValidation, LINEAGE_VIOLATION_EXIT_CODE, } from './lineage-gate.js';
 //# sourceMappingURL=index.js.map

package/dist/gates/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,oCAAoC;AACpC,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,2BAA2B,GAG5B,MAAM,qBAAqB,CAAC;AAE7B,qDAAqD;AACrD,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,GAEzB,MAAM,wBAAwB,CAAC;AAEhC,2DAA2D;AAC3D,OAAO,EACL,wBAAwB,EACxB,sBAAsB,EACtB,mBAAmB,EACnB,6BAA6B,EAC7B,kBAAkB,GAGnB,MAAM,0BAA0B,CAAC;AAElC,mDAAmD;AACnD,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GAEzB,MAAM,yBAAyB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,oCAAoC;AACpC,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,2BAA2B,GAG5B,MAAM,qBAAqB,CAAC;AAE7B,qDAAqD;AACrD,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,GAEzB,MAAM,wBAAwB,CAAC;AAEhC,2DAA2D;AAC3D,OAAO,EACL,wBAAwB,EACxB,sBAAsB,EACtB,mBAAmB,EACnB,6BAA6B,EAC7B,kBAAkB,GAGnB,MAAM,0BAA0B,CAAC;AAElC,mDAAmD;AACnD,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GAEzB,MAAM,yBAAyB,CAAC;AAEjC,6DAA6D;AAC7D,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,0BAA0B,GAE3B,MAAM,qBAAqB,CAAC;AAE7B,8DAA8D;AAC9D,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,yBAAyB,EACzB,2BAA2B,GAE5B,MAAM,mBAAmB,CAAC"}

package/dist/gates/lineage-gate.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Lineage Gate — Gate 6 (ADR-004 Enforcement)
+ *
+ * PURPOSE: Enforce that artifact-producing commands reference a valid
+ * simulation parent. No integration proposal or ERP mapping may
+ * exist without traceability to a governed simulation.
+ *
+ * INVARIANTS ENFORCED:
+ * - ADR-004 Invariant 2: Every integration/ERP mapping derives from a simulation
+ * - ADR-004 Invariant 3: No integration proposal without traceability
+ * - ADR-004 Invariant 7: CLI is only path for artifact creation
+ *
+ * EXIT CODE: 110 (LINEAGE_VIOLATION)
+ *
+ * BEHAVIOR:
+ * - Commands that produce enterprise artifacts (erp surface, erp map,
+ *   erp export) must pass a simulation_id in their positional args
+ *   or flags when the lineage gate is enabled.
+ * - Commands that do not produce artifacts (list, inspect, help)
+ *   are exempt from lineage validation.
+ * - The gate validates that simulation_id is present and non-empty.
+ *   Whether the simulation exists in Ruvector is validated at the
+ *   command level, not at the gate level (gate is synchronous).
+ */
+import type { CommandObject } from '../types/index.js';
+export declare const LINEAGE_VIOLATION_EXIT_CODE = 110;
+export interface LineageGateResult {
+    /** Whether the command passed lineage validation */
+    allowed: boolean;
+    /** Error message if validation failed */
+    message: string;
+    /** Exit code if validation failed */
+    exitCode: number;
+    /** Whether this command requires lineage */
+    lineageRequired: boolean;
+}
+/**
+ * Check whether a command passes lineage validation.
+ * Returns a result indicating whether the command is allowed.
+ *
+ * Lineage is required when:
+ * 1. The command is in LINEAGE_REQUIRED_COMMANDS
+ * 2. The command is not in LINEAGE_EXEMPT_COMMANDS
+ * 3. The command produces enterprise artifacts
+ */
+export declare function checkLineageGate(cmd: CommandObject): LineageGateResult;
+/**
+ * Enforce lineage gate — exits the process if validation fails.
+ */
+export declare function enforceLineageGate(cmd: CommandObject): void;
+/**
+ * Check if a command requires lineage validation.
+ */
+export declare function requiresLineageValidation(primary: string, sub?: string): boolean;
+//# sourceMappingURL=lineage-gate.d.ts.map

package/dist/gates/lineage-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lineage-gate.d.ts","sourceRoot":"","sources":["../../src/gates/lineage-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAOvD,eAAO,MAAM,2BAA2B,MAAM,CAAC;AA2B/C,MAAM,WAAW,iBAAiB;IAChC,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAC;IACjB,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,eAAe,EAAE,OAAO,CAAC;CAC1B;AAMD;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,aAAa,GAAG,iBAAiB,CAyCtE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,aAAa,GAAG,IAAI,CAc3D;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAMhF"}