@longarc/mdash 3.1.2 → 3.1.3

package/README.md

@@ -1,39 +1,37 @@
-# mdash v3.1
+# mdash v3.0
 
 > **"The best defense is the fastest seal."**
 
-Accountability infrastructure for autonomous AI agents. Three-layer cryptographic attestation at execution speed.
-
-mdash proves. Kiwi runs. Eclair reveals. Roux holds. Orin reasons.
+Accountability infrastructure for autonomous AI agents. Cryptographic attestation + warrant evaluation in a single protocol — from sub-millisecond commitments to zero-knowledge proofs.
 
 ## Architecture
 
 ```
 ┌─────────────────────────────────────────────────────────────────────────┐
-│                         APPLICATION LAYER                              │
-│            Kiwi Runtime │ Eclair Control Plane │ Enterprise            │
+│                         APPLICATION LAYER                                │
+│                            Kiwi │ Enterprise                            │
 ├─────────────────────────────────────────────────────────────────────────┤
-│                        mdash v3.1 PROTOCOL                             │
-│    Warrants │ Physics │ Checkpoints │ Context Module │ MCCA            │
+│                          mdash v3.0 PROTOCOL                             │
+│       Warrants │ Physics │ Checkpoints │ SCA │ MCCA │ Recovery          │
 ├─────────────────────────────────────────────────────────────────────────┤
-│                      THREE-LAYER ATTESTATION                           │
-│  L1: Commitment (<1ms) │ L2: TEE (<10ms) │ L3: ZK Proofs (async)     │
+│                      THREE-LAYER ATTESTATION                             │
+│  L1: Commitment (<1ms) │ L2: TEE (<10ms) │ L3: ZK Proofs (async)        │
 ├─────────────────────────────────────────────────────────────────────────┤
-│                        CRYPTOGRAPHIC CORE                              │
-│              SHA-256 │ HMAC-SHA256 │ HKDF │ Web Crypto API            │
+│                        CRYPTOGRAPHIC CORE                                │
+│              SHA-256 │ HMAC-SHA256 │ HKDF │ Web Crypto API              │
 └─────────────────────────────────────────────────────────────────────────┘
 ```
 
 ## Installation
 
 ```bash
-npm install @longarc/mdash
+npm install @longarcstudios/mdash
 ```
 
 ## Quick Start
 
 ```typescript
-import { createMdash } from '@longarc/mdash';
+import { createMdash } from '@longarcstudios/mdash';
 
 // Initialize protocol with all layers
 const mdash = createMdash({
@@ -62,13 +60,52 @@ const result = await mdash.execute({
   execute: async () => {
     return { success: true, txId: 'tx-abc123' };
   },
-  generateZKProof: true,
+  generateZKProof: true, // For accountability proofs
 });
 
 console.log(result.attestation.platform); // 'simulated' | 'nitro' | 'sgx'
 console.log(result.zkProof?.status);       // 'queued' -> 'verified'
 ```
 
+## Full Accountability Lifecycle
+
+The `AccountabilityEngine` is the simplest way to add accountability to any agent. One class: authorize before execution, attest after.
+
+```typescript
+import { AccountabilityEngine } from '@longarc/mdash';
+
+const engine = new AccountabilityEngine();
+await engine.initialize('your-seal-key-minimum-32-characters');
+
+// Issue a warrant — define what the agent is authorized to do
+await engine.issueWarrant('data-agent', {
+  allowedActions: ['query-database', 'read-file', 'summarize'],
+  forbiddenActions: ['delete-database', 'execute-shell'],
+  ttlMs: 60000
+});
+
+// Authorized action → executes and gets cryptographic attestation
+const result = await engine.executeAction('data-agent', 'query-database', {
+  table: 'users', limit: 100
+});
+console.log(result.executed);  // true
+console.log(result.verified);  // true — seal is cryptographically valid
+
+// Unauthorized action → denied before execution
+const denied = await engine.executeAction('data-agent', 'delete-database', {
+  target: 'users'
+});
+console.log(denied.executed);   // false
+console.log(denied.violation);  // { type: 'FORBIDDEN_ACTION', ... }
+
+// Full audit trail
+const audit = engine.getAuditSummary();
+console.log(audit.authorized);  // 1
+console.log(audit.denied);      // 1
+```
+
+For advanced use cases (speculative warrants, TEE attestation, ZK proofs), use `MdashProtocol` directly.
+
 ## Three-Layer Attestation Model
 
 ### L1: Commitment Layer (<1ms)
@@ -98,9 +135,9 @@ const result = await verifier.verifyRemote(attestation);
 **Supported Platforms:**
 | Platform | Memory Encryption | Remote Attestation | Key Sealing |
 |----------|------------------|-------------------|-------------|
-| AWS Nitro | Yes | Yes (PCR) | Yes |
-| Intel SGX | Yes | Yes (Quote) | Yes |
-| Simulated | No | Yes | HMAC |
+| AWS Nitro | ✓ | ✓ (PCR) | ✓ |
+| Intel SGX | ✓ | ✓ (Quote) | ✓ |
+| Simulated | ✗ | ✓ | HMAC |
 
 ### L3: ZK Proofs (async)
 Mathematically bulletproof attestation for disputes and accountability.
@@ -131,6 +168,8 @@ const completed = await mdash.zk.waitForProof(zkDoc.id, 30000);
 
 ## MCCA v3 (Manifold-Constrained Context Architecture)
 
+Based on DeepSeek's research on constrained context windows.
+
 ```typescript
 // Add context with influence tracking
 const fragment = await mdash.mcca.addFragment({
@@ -168,6 +207,30 @@ const proof = await mdash.mcca.generateCommitmentProof();
 | Checkpoint Creation | <0.5ms | <1ms | Log warning |
 | ZK Proof | 100ms-20s | async | Queue with priority |
 
+## Accountability Proofs
+
+Generate accountability-grade proofs:
+
+```typescript
+import { InsuranceClaimProof } from '@longarcstudios/mdash';
+
+const helper = new InsuranceClaimProof(mdash.zk);
+
+const claimProof = await helper.generateClaim({
+  claimId: 'CLM-2026-001',
+  policyId: 'POL-ENTERPRISE-001',
+  incidentDescription: 'Unauthorized transaction',
+  warrantId: 'w-12345678',
+  checkpointIds: ['cp-001', 'cp-002'],
+  actionDetails: { type: 'transfer', amount: 50000 },
+  amount: 50000,
+  currency: 'USD',
+});
+
+// Wait for proof generation
+const verified = await mdash.zk.waitForProof(claimProof.id, 60000);
+```
+
 ## Warrant System
 
 Three-tier warrant hierarchy with speculative issuance:
@@ -234,13 +297,13 @@ npm run test:coverage # Coverage report
 ## Version
 
 ```typescript
-import { VERSION } from '@longarc/mdash';
+import { VERSION } from '@longarcstudios/mdash';
 
 console.log(VERSION);
 // {
-//   protocol: '3.1.0',
-//   codename: 'Context Unification',
-//   releaseDate: '2026-03',
+//   protocol: '3.0.0',
+//   codename: 'Sealed Execution',
+//   releaseDate: '2026-01',
 //   features: [...]
 // }
 ```
@@ -251,4 +314,4 @@ MIT © Long Arc Studios
 
 ---
 
-*Governance without control. Proof over panic.*
+*Governance without control. Complexity without chaos.* 🫡

package/SECURITY.md

@@ -0,0 +1,254 @@
+# mdash v3.0 Security Specification
+
+> "LLM at the edges, cryptography at the core."
+
+**Version:** 3.0.0  
+**Last Audit:** 2026-01-26  
+**Tests:** 251 passing (including 33 security-specific)
+
+---
+
+## Security Model
+
+mdash implements defense-in-depth through three cryptographic layers:
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    TRUST BOUNDARY                            │
+├─────────────────────────────────────────────────────────────┤
+│  L3: ZK Proofs (async)      │ Mathematical verification     │
+│  L2: TEE Attestation (<10ms)│ Hardware-rooted trust         │
+│  L1: Commitment (<1ms)      │ Cryptographic sealing         │
+├─────────────────────────────────────────────────────────────┤
+│                 UNTRUSTED: Agent Actions                     │
+└─────────────────────────────────────────────────────────────┘
+```
+
+**Core Principle:** Every agent action is untrusted until sealed, attested, and (for high-value operations) proven.
+
+---
+
+## Security Invariants
+
+### Cryptographic Core
+
+| ID | Invariant | Enforcement |
+|----|-----------|-------------|
+| `CRYPTO-INV-001` | Seal keys must be ≥32 characters | `deriveKey()` throws on violation |
+| `CRYPTO-INV-002` | All comparisons are constant-time | `constantTimeEqual()` for seals/hashes |
+| `CRYPTO-INV-003` | Keys are non-extractable | Web Crypto API with `extractable: false` |
+| `CRYPTO-INV-004` | Deterministic serialization | Sorted keys via `deterministicStringify()` |
+
+### Warrant System
+
+| ID | Invariant | Enforcement |
+|----|-----------|-------------|
+| `WARRANT-INV-001` | Speculative warrants expire in 60s | Cache TTL + `speculative_expires_at` |
+| `WARRANT-INV-002` | Revocation propagates in <100ms | Immediate cache invalidation |
+| `WARRANT-INV-003` | Activated warrants immediately sealed | L1 commitment on activation |
+| `WARRANT-INV-004` | Re-validate before execution | TOCTOU check in `execute()` flow |
+| `WARRANT-INV-005` | Creation rate limited per issuer | 100/minute default |
+
+### TEE Attestation
+
+| ID | Invariant | Enforcement |
+|----|-----------|-------------|
+| `TEE-INV-001` | No silent simulated mode in production | Hard fail unless `MDASH_ALLOW_SIMULATED_TEE` |
+| `TEE-INV-002` | Attestations expire | `expires_at` checked on verify |
+| `TEE-INV-003` | Cross-layer reference integrity | `commitment_id` must match L1 |
+
+### Physics Engine
+
+| ID | Invariant | Enforcement |
+|----|-----------|-------------|
+| `PHYSICS-INV-001` | Explicit constraint presence checks | `hasOwnProperty` not nullish coalescing |
+| `PHYSICS-INV-002` | Fail-closed on unknown policy | Scope violation if policy not found |
+| `PHYSICS-INV-003` | Rate limits enforced per agent | Windowed counter per `agent_id:action` |
+
+---
+
+## Attack Surface & Mitigations
+
+### 1. TOCTOU (Time-of-Check Time-of-Use)
+
+**Vector:** Warrant revoked between authorization check and action execution.
+
+**Mitigation:** 
+- Re-validate `isRevoked()` immediately before `execute()` callback
+- Attestation sealed before execution begins
+
+**Test:** `security.test.ts` → "Concurrent Access Testing"
+
+### 2. Cache Poisoning
+
+**Vector:** Memory corruption or shared-memory attack injects modified warrant.
+
+**Mitigation:**
+- `getVerified()` method checks HMAC seal on retrieval
+- Verification key set at engine initialization
+- Failed verification deletes entry and logs `SECURITY:` prefix
+
+**Test:** `security.test.ts` → "Replay Attack Resistance"
+
+### 3. Prototype Pollution
+
+**Vector:** `__proto__` or `constructor` injection in action params/constraints.
+
+**Mitigation:**
+- `sanitizeObject()` recursively strips dangerous keys
+- Applied before physics validation
+- Blocked keys: `__proto__`, `constructor`, `prototype`
+
+**Test:** `security.test.ts` → "Prototype Pollution Resistance"
+
+### 4. Information Leakage
+
+**Vector:** Error messages reveal internal state (agent IDs, warrant existence).
+
+**Mitigation:**
+- All authorization failures return generic `"Authorization denied"`
+- Details logged server-side with `console.warn('[AUTH]...')`
+- No warrant ID, agent ID, or state in thrown errors
+
+**Test:** `security.test.ts` → "should propagate physics validation failure"
+
+### 5. Resource Exhaustion (DoS)
+
+**Vector:** Flood speculative warrant creation to exhaust memory.
+
+**Mitigation:**
+- Per-issuer rate limiting: 100 warrants/minute
+- Speculative warrant TTL: 60 seconds max
+- Cache cleanup on TTL expiry
+
+**Test:** `security.test.ts` → "should handle warrant rate limiting under burst"
+
+### 6. Constraint Bypass
+
+**Vector:** Pass `maxAmount: undefined` explicitly to bypass policy defaults.
+
+**Mitigation:**
+- Explicit presence check: `hasOwnProperty.call()` + `!== undefined`
+- Policy defaults only apply when constraint truly absent
+
+**Test:** `security.test.ts` → "Boundary Value Fuzzing"
+
+### 7. Replay Attacks
+
+**Vector:** Re-present old attestation documents.
+
+**Mitigation:**
+- Attestation `expires_at` checked on verify
+- Unique ID per attestation (UUID)
+- L1 commitment reference must exist
+- Seal verification detects tampering
+
+**Test:** `security.test.ts` → "Replay Attack Resistance"
+
+### 8. Weak Key Material
+
+**Vector:** Empty or short seal keys produce weak HMACs.
+
+**Mitigation:**
+- `deriveKey()` requires minimum 32 characters
+- Throws before any crypto operations
+
+**Test:** `security.test.ts` → "should reject empty/short seal key"
+
+---
+
+## Boundary Trust Model
+
+```
+TRUSTED (server-side):
+├── Seal key (environment variable)
+├── Policy definitions
+├── TEE platform configuration
+└── Rate limit settings
+
+UNTRUSTED (must validate):
+├── Agent ID (any string)
+├── Action parameters (sanitized)
+├── Constraint values (bounds checked)
+├── Timestamps (compared against server time)
+└── Warrant requests (rate limited, sealed)
+```
+
+---
+
+## Error Handling Philosophy
+
+1. **Fail closed** — Deny by default, require explicit authorization
+2. **Log internally** — Full context for debugging
+3. **Generic externally** — No information leakage to callers
+4. **Audit trail** — Checkpoints created even on failure
+
+```typescript
+// Pattern used throughout:
+if (!authorized) {
+  console.warn(`[AUTH] Denied: ${internalDetails}`);
+  await checkpoint.onError({ ...fullContext });
+  throw new Error('Authorization denied');  // Generic
+}
+```
+
+---
+
+## Test Coverage
+
+| Category | Tests | Coverage |
+|----------|-------|----------|
+| Cryptographic primitives | 15 | SHA-256, HMAC, constant-time |
+| Commitment layer | 20 | Merkle tree, proofs, sealing |
+| Warrant system | 35 | Lifecycle, cache, revocation |
+| Checkpoint surety | 30 | Events, lattice, blast radius |
+| TEE attestation | 20 | Platforms, verification, bridge |
+| ZK proofs | 15 | Circuits, queue, claims |
+| MCCA | 12 | Fragments, influence, drift |
+| **Security (adversarial)** | **33** | **Fuzzing, TOCTOU, replay, injection** |
+| **Total** | **251** | |
+
+---
+
+## Incident Response
+
+If a security issue is discovered:
+
+1. **Immediate:** Revoke affected warrants via `warrant.revoke()`
+2. **Contain:** Rate limits will slow ongoing attacks
+3. **Audit:** ZK proofs provide mathematical verification of historical actions
+4. **Recover:** Checkpoint lattice identifies blast radius
+
+---
+
+## Known Behaviors (Documented, Not Vulnerabilities)
+
+| Behavior | Status | Notes |
+|----------|--------|-------|
+| NaN passes constraint checks | Documented | `NaN > X` is always `false` |
+| Negative amounts allowed | Documented | No `minAmount` in default policies |
+| Unicode not normalized | Documented | Same visual string may hash differently |
+| Warrant expiry mid-execution | Documented | Action completes if started before expiry |
+
+These are tested and documented in `security.test.ts` with explicit comments.
+
+---
+
+## Audit History
+
+| Date | Auditor | Findings | Resolution |
+|------|---------|----------|------------|
+| 2026-01-26 | Kai (security-reasoning skill) | 7 issues (P1-P5) | All patched, 33 tests added |
+| 2026-01-28 | Kai (security-reasoning-v2-tob-enhanced) | 0 new issues | Verified all patches, production ready |
+
+---
+
+## References
+
+- `security.test.ts` — Adversarial test suite
+- `SECURITY-PATCHES.md` — Detailed patch notes from 2026-01-26 audit
+- `security-reasoning-v2-tob-enhanced` — Enhanced reasoning skill (Trail of Bits inspired, upgraded 2026-01-28)
+
+---
+
+*Governance without control. Complexity without chaos.* 🫡

package/dist/accountability/engine.d.ts

@@ -0,0 +1,27 @@
+/**
+ * mdash v3.1 — AccountabilityEngine
+ *
+ * Unified consumer API: warrants + commitments in one class.
+ * Composes CommitmentEngine (attestation) and WarrantEngine (warrant lifecycle).
+ *
+ * Consumer story: import { AccountabilityEngine } from '@longarc/mdash'
+ * One class, full accountability lifecycle.
+ */
+import type { Commitment } from '../core/commitment.js';
+import type { WarrantPermissions, ActionResult, AuditSummary } from './types.js';
+export declare class AccountabilityEngine {
+    private commitmentEngine;
+    private warrantEngine;
+    private managedWarrants;
+    private auditLog;
+    private actionCounters;
+    constructor();
+    initialize(sealKey: string): Promise<void>;
+    issueWarrant(agentId: string, permissions: WarrantPermissions): Promise<void>;
+    revokeWarrant(agentId: string): void;
+    executeAction(agentId: string, action: string, params: unknown): Promise<ActionResult>;
+    getAuditSummary(): AuditSummary;
+    verifyCommitment(commitment: Commitment): Promise<boolean>;
+    private deny;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/accountability/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/accountability/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGxD,OAAO,KAAK,EACV,kBAAkB,EAGlB,YAAY,EAEZ,YAAY,EACb,MAAM,YAAY,CAAC;AAWpB,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,gBAAgB,CAAmB;IAC3C,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,eAAe,CAA0C;IACjE,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,cAAc,CAAkC;;IAOlD,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK1C,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BnF,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAiB9B,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO,GACd,OAAO,CAAC,YAAY,CAAC;IA2FxB,eAAe,IAAI,YAAY;IAWzB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAIhE,OAAO,CAAC,IAAI;CA2Bb"}

package/dist/accountability/engine.js

@@ -0,0 +1,148 @@
+/**
+ * mdash v3.1 — AccountabilityEngine
+ *
+ * Unified consumer API: warrants + commitments in one class.
+ * Composes CommitmentEngine (attestation) and WarrantEngine (warrant lifecycle).
+ *
+ * Consumer story: import { AccountabilityEngine } from '@longarc/mdash'
+ * One class, full accountability lifecycle.
+ */
+import { CommitmentEngine } from '../core/commitment.js';
+import { WarrantEngine } from '../warrant/engine.js';
+export class AccountabilityEngine {
+    commitmentEngine;
+    warrantEngine;
+    managedWarrants = new Map();
+    auditLog = [];
+    actionCounters = new Map();
+    constructor() {
+        this.commitmentEngine = new CommitmentEngine();
+        this.warrantEngine = new WarrantEngine(this.commitmentEngine);
+    }
+    async initialize(sealKey) {
+        await this.commitmentEngine.initialize(sealKey);
+        await this.warrantEngine.initialize(sealKey);
+    }
+    async issueWarrant(agentId, permissions) {
+        // Create a crypto-sealed infrastructure warrant via WarrantEngine
+        const speculative = await this.warrantEngine.createSpeculative({
+            agent_id: agentId,
+            policy_id: 'accountability-default',
+            tier: 'T1',
+            constraints: {
+                maxCalls: permissions.maxExecutions,
+            },
+            duration_ms: permissions.ttlMs,
+            issued_by: 'accountability-engine',
+        });
+        // Activate immediately — consumer warrants are active on issuance
+        const activated = await this.warrantEngine.activate(speculative.id);
+        this.managedWarrants.set(agentId, {
+            agentId,
+            permissions,
+            issuedAt: Date.now(),
+            status: 'ACTIVE',
+            executionCount: 0,
+            infraWarrantId: activated.id,
+        });
+    }
+    revokeWarrant(agentId) {
+        const managed = this.managedWarrants.get(agentId);
+        if (!managed)
+            return;
+        managed.status = 'REVOKED';
+        // Best-effort infrastructure-level revocation (fire-and-forget)
+        this.warrantEngine
+            .revoke(managed.infraWarrantId, 'Consumer API revocation', {
+            type: 'system',
+            id: 'accountability-engine',
+        })
+            .catch(() => {
+            // Infra warrant may have already expired from cache — local state is authoritative
+        });
+    }
+    async executeAction(agentId, action, params) {
+        const managed = this.managedWarrants.get(agentId);
+        // No warrant issued for this agent
+        if (!managed) {
+            return this.deny(agentId, action, 'NO_WARRANT', `No warrant found for agent '${agentId}'`);
+        }
+        // Check infrastructure-level revocation (propagates across caches)
+        if (this.warrantEngine.isRevoked(managed.infraWarrantId)) {
+            managed.status = 'REVOKED';
+        }
+        // Revoked
+        if (managed.status === 'REVOKED') {
+            return this.deny(agentId, action, 'WARRANT_REVOKED', `Warrant for agent '${agentId}' has been revoked`, managed.infraWarrantId);
+        }
+        // Expired
+        if (Date.now() - managed.issuedAt > managed.permissions.ttlMs) {
+            managed.status = 'EXPIRED';
+            return this.deny(agentId, action, 'WARRANT_EXPIRED', `Warrant for agent '${agentId}' has expired`, managed.infraWarrantId);
+        }
+        // Execution limit
+        if (managed.permissions.maxExecutions !== undefined &&
+            managed.executionCount >= managed.permissions.maxExecutions) {
+            return this.deny(agentId, action, 'EXECUTION_LIMIT_REACHED', `Agent '${agentId}' has reached execution limit of ${managed.permissions.maxExecutions}`, managed.infraWarrantId);
+        }
+        // Forbidden action (explicit deny takes precedence)
+        if (managed.permissions.forbiddenActions.includes(action)) {
+            return this.deny(agentId, action, 'FORBIDDEN_ACTION', `Action '${action}' is explicitly forbidden for agent '${agentId}'`, managed.infraWarrantId);
+        }
+        // Not in allowed list
+        if (!managed.permissions.allowedActions.includes(action)) {
+            return this.deny(agentId, action, 'UNAUTHORIZED_ACTION', `Action '${action}' is not in the allowed list for agent '${agentId}'`, managed.infraWarrantId);
+        }
+        // ── AUTHORIZED — commit attestation ──
+        managed.executionCount++;
+        const count = (this.actionCounters.get(agentId) || 0) + 1;
+        this.actionCounters.set(agentId, count);
+        const commitId = `${agentId}-action-${count}`;
+        const commitment = await this.commitmentEngine.commit({ agentId, action, params, timestamp: Date.now() }, commitId);
+        const verified = await this.commitmentEngine.verify(commitment);
+        this.auditLog.push({
+            type: 'ATTESTED_ACTION',
+            agentId,
+            action,
+            timestamp: Date.now(),
+            commitId,
+            contentHash: commitment.content_hash,
+            verified,
+            warrantId: managed.infraWarrantId,
+        });
+        return { executed: true, commitment, verified };
+    }
+    getAuditSummary() {
+        const authorized = this.auditLog.filter(r => r.type === 'ATTESTED_ACTION').length;
+        const denied = this.auditLog.filter(r => r.type !== 'ATTESTED_ACTION').length;
+        return {
+            total: this.auditLog.length,
+            authorized,
+            denied,
+            log: [...this.auditLog],
+        };
+    }
+    async verifyCommitment(commitment) {
+        return this.commitmentEngine.verify(commitment);
+    }
+    deny(agentId, action, type, detail, warrantId) {
+        const violation = {
+            type,
+            agentId,
+            action,
+            timestamp: Date.now(),
+            detail,
+            warrantId,
+        };
+        this.auditLog.push({
+            type,
+            agentId,
+            action,
+            timestamp: Date.now(),
+            detail,
+            warrantId,
+        });
+        return { executed: false, violation };
+    }
+}
+//# sourceMappingURL=engine.js.map

package/dist/accountability/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/accountability/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAoBrD,MAAM,OAAO,oBAAoB;IACvB,gBAAgB,CAAmB;IACnC,aAAa,CAAgB;IAC7B,eAAe,GAAgC,IAAI,GAAG,EAAE,CAAC;IACzD,QAAQ,GAAkB,EAAE,CAAC;IAC7B,cAAc,GAAwB,IAAI,GAAG,EAAE,CAAC;IAExD;QACE,IAAI,CAAC,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAAe;QAC9B,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAe,EAAE,WAA+B;QACjE,kEAAkE;QAClE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;YAC7D,QAAQ,EAAE,OAAO;YACjB,SAAS,EAAE,wBAAwB;YACnC,IAAI,EAAE,IAAI;YACV,WAAW,EAAE;gBACX,QAAQ,EAAE,WAAW,CAAC,aAAa;aACpC;YACD,WAAW,EAAE,WAAW,CAAC,KAAK;YAC9B,SAAS,EAAE,uBAAuB;SACnC,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE;YAChC,OAAO;YACP,WAAW;YACX,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;YACpB,MAAM,EAAE,QAAQ;YAChB,cAAc,EAAE,CAAC;YACjB,cAAc,EAAE,SAAS,CAAC,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CAAC,OAAe;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;QAE3B,gEAAgE;QAChE,IAAI,CAAC,aAAa;aACf,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,yBAAyB,EAAE;YACzD,IAAI,EAAE,QAAQ;YACd,EAAE,EAAE,uBAAuB;SAC5B,CAAC;aACD,KAAK,CAAC,GAAG,EAAE;YACV,mFAAmF;QACrF,CAAC,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAAe,EACf,MAAc,EACd,MAAe;QAEf,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAElD,mCAAmC;QACnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,+BAA+B,OAAO,GAAG,CAAC,CAAC;QAC7F,CAAC;QAED,mEAAmE;QACnE,IAAI,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;QAC7B,CAAC;QAED,UAAU;QACV,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAClC,sBAAsB,OAAO,oBAAoB,EACjD,OAAO,CAAC,cAAc,CACvB,CAAC;QACJ,CAAC;QAED,UAAU;QACV,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;YAC9D,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;YAC3B,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAClC,sBAAsB,OAAO,eAAe,EAC5C,OAAO,CAAC,cAAc,CACvB,CAAC;QACJ,CAAC;QAED,kBAAkB;QAClB,IACE,OAAO,CAAC,WAAW,CAAC,aAAa,KAAK,SAAS;YAC/C,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC,aAAa,EAC3D,CAAC;YACD,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,EAAE,MAAM,EAAE,yBAAyB,EAC1C,UAAU,OAAO,oCAAoC,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,EACxF,OAAO,CAAC,cAAc,CACvB,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,IAAI,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,EAAE,MAAM,EAAE,kBAAkB,EACnC,WAAW,MAAM,wCAAwC,OAAO,GAAG,EACnE,OAAO,CAAC,cAAc,CACvB,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC,IAAI,CACd,OAAO,EAAE,MAAM,EAAE,qBAAqB,EACtC,WAAW,MAAM,2CAA2C,OAAO,GAAG,EACtE,OAAO,CAAC,cAAc,CACvB,CAAC;QACJ,CAAC;QAED,wCAAwC;QAExC,OAAO,CAAC,cAAc,EAAE,CAAC;QAEzB,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC1D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,GAAG,OAAO,WAAW,KAAK,EAAE,CAAC;QAE9C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CACnD,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,EAClD,QAAQ,CACT,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEhE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YACjB,IAAI,EAAE,iBAAiB;YACvB,OAAO;YACP,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,QAAQ;YACR,WAAW,EAAE,UAAU,CAAC,YAAY;YACpC,QAAQ;YACR,SAAS,EAAE,OAAO,CAAC,cAAc;SAClC,CAAC,CAAC;QAEH,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;IAClD,CAAC;IAED,eAAe;QACb,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,CAAC,MAAM,CAAC;QAClF,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,CAAC,MAAM,CAAC;QAC9E,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,MAAM;YAC3B,UAAU;YACV,MAAM;YACN,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,UAAsB;QAC3C,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClD,CAAC;IAEO,IAAI,CACV,OAAe,EACf,MAAc,EACd,IAAmB,EACnB,MAAc,EACd,SAAqB;QAErB,MAAM,SAAS,GAAc;YAC3B,IAAI;YACJ,OAAO;YACP,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM;YACN,SAAS;SACV,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YACjB,IAAI;YACJ,OAAO;YACP,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM;YACN,SAAS;SACV,CAAC,CAAC;QAEH,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACxC,CAAC;CACF"}

package/dist/accountability/types.d.ts

@@ -0,0 +1,46 @@
+/**
+ * mdash v3.1 — Accountability Engine Types
+ *
+ * Consumer-facing types for the unified accountability API.
+ * Warrants + Commitments in a single lifecycle.
+ */
+import type { Commitment } from '../core/commitment.js';
+export interface WarrantPermissions {
+    allowedActions: string[];
+    forbiddenActions: string[];
+    ttlMs: number;
+    maxExecutions?: number;
+}
+export type ViolationType = 'FORBIDDEN_ACTION' | 'UNAUTHORIZED_ACTION' | 'WARRANT_EXPIRED' | 'WARRANT_REVOKED' | 'EXECUTION_LIMIT_REACHED' | 'NO_WARRANT';
+export interface Violation {
+    type: ViolationType;
+    agentId: string;
+    action: string;
+    timestamp: number;
+    detail: string;
+    warrantId?: string;
+}
+export interface ActionResult {
+    executed: boolean;
+    commitment?: Commitment;
+    verified?: boolean;
+    violation?: Violation;
+}
+export interface AuditRecord {
+    type: 'ATTESTED_ACTION' | ViolationType;
+    agentId: string;
+    action: string;
+    timestamp: number;
+    commitId?: string;
+    contentHash?: string;
+    verified?: boolean;
+    detail?: string;
+    warrantId?: string;
+}
+export interface AuditSummary {
+    total: number;
+    authorized: number;
+    denied: number;
+    log: AuditRecord[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/accountability/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/accountability/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAExD,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,MAAM,aAAa,GACrB,kBAAkB,GAClB,qBAAqB,GACrB,iBAAiB,GACjB,iBAAiB,GACjB,yBAAyB,GACzB,YAAY,CAAC;AAEjB,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,aAAa,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,iBAAiB,GAAG,aAAa,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,WAAW,EAAE,CAAC;CACpB"}