npm - @mneme-ai/core - Versions diffs - 1.69.0 → 1.70.0 - Mend

@mneme-ai/core 1.69.0 → 1.70.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +13 -0
package/dist/index.js.map +1 -1
package/dist/precog/bayesian_priors.d.ts +49 -0
package/dist/precog/bayesian_priors.d.ts.map +1 -0
package/dist/precog/bayesian_priors.js +135 -0
package/dist/precog/bayesian_priors.js.map +1 -0
package/dist/precog/firewall.d.ts +72 -0
package/dist/precog/firewall.d.ts.map +1 -0
package/dist/precog/firewall.js +141 -0
package/dist/precog/firewall.js.map +1 -0
package/dist/precog/index.d.ts +54 -0
package/dist/precog/index.d.ts.map +1 -0
package/dist/precog/index.js +94 -0
package/dist/precog/index.js.map +1 -0
package/dist/precog/package_verifier.d.ts +45 -0
package/dist/precog/package_verifier.d.ts.map +1 -0
package/dist/precog/package_verifier.js +139 -0
package/dist/precog/package_verifier.js.map +1 -0
package/dist/precog/precog.test.d.ts +5 -0
package/dist/precog/precog.test.d.ts.map +1 -0
package/dist/precog/precog.test.js +224 -0
package/dist/precog/precog.test.js.map +1 -0
package/dist/precog/sha_version_verifier.d.ts +34 -0
package/dist/precog/sha_version_verifier.d.ts.map +1 -0
package/dist/precog/sha_version_verifier.js +131 -0
package/dist/precog/sha_version_verifier.js.map +1 -0
package/dist/precog/temporal_verifier.d.ts +45 -0
package/dist/precog/temporal_verifier.d.ts.map +1 -0
package/dist/precog/temporal_verifier.js +139 -0
package/dist/precog/temporal_verifier.js.map +1 -0
package/dist/precog/trust_certificate.d.ts +44 -0
package/dist/precog/trust_certificate.d.ts.map +1 -0
package/dist/precog/trust_certificate.js +103 -0
package/dist/precog/trust_certificate.js.map +1 -0
package/package.json +1 -1

package/dist/precog/sha_version_verifier.js ADDED Viewed

@@ -0,0 +1,131 @@
+/**
+ * v1.70.0 -- PRECOG P2: SHA / VERSION / EMAIL VERIFIER.
+ *
+ * Common AI fabrications:
+ *   - "in commit abc1234" (commit doesn't exist)
+ *   - "we shipped v9.99.0 last quarter" (no such tag)
+ *   - "Alice <alice@example.com> wrote this" (no such git author)
+ *
+ * Each fact verifier shells out to git/CHANGELOG/git-log respectively:
+ *   - SHA  -> git rev-list / git cat-file -e
+ *   - Version -> git tags + CHANGELOG.md
+ *   - Email -> distinct authors from git log --format=%ae
+ *
+ * Pure read; no side effects.
+ */
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { execSync } from "node:child_process";
+const SHA_RE = /\b([0-9a-f]{7,40})\b/gi;
+const VERSION_RE = /\bv?(\d+\.\d+\.\d+(?:-[\w.-]+)?)\b/g;
+const EMAIL_RE = /\b([\w.+-]+)@([\w-]+(?:\.[\w-]+)+)\b/g;
+function gitCheckSha(repoRoot, sha) {
+    try {
+        execSync(`git -C "${repoRoot}" cat-file -e ${sha}`, { stdio: "ignore", timeout: 2000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function gitListTags(repoRoot) {
+    try {
+        const r = execSync(`git -C "${repoRoot}" tag --list`, { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 2000 });
+        return new Set(r.split("\n").map((t) => t.trim()).filter(Boolean));
+    }
+    catch {
+        return new Set();
+    }
+}
+function gitListAuthorEmails(repoRoot) {
+    try {
+        const r = execSync(`git -C "${repoRoot}" log --format=%ae --max-count=2000`, { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 3000 });
+        const out = new Set();
+        for (const line of r.split("\n")) {
+            const v = line.trim().toLowerCase();
+            if (v)
+                out.add(v);
+        }
+        return out;
+    }
+    catch {
+        return new Set();
+    }
+}
+function changelogVersions(repoRoot) {
+    const p = join(repoRoot, "CHANGELOG.md");
+    if (!existsSync(p))
+        return new Set();
+    const out = new Set();
+    try {
+        const content = readFileSync(p, "utf8");
+        // Match `## [1.2.3]` / `# v1.2.3` lines.
+        for (const m of content.matchAll(/^\s*#+\s*\[?v?(\d+\.\d+\.\d+(?:-[\w.-]+)?)\]?/gm)) {
+            out.add(m[1]);
+        }
+    }
+    catch { /* */ }
+    return out;
+}
+export function extractFactRefs(text) {
+    const out = [];
+    const seen = new Set();
+    const push = (ref) => {
+        const key = `${ref.kind}|${ref.value}`;
+        if (seen.has(key))
+            return;
+        seen.add(key);
+        out.push(ref);
+    };
+    for (const m of text.matchAll(SHA_RE)) {
+        const v = m[1];
+        if (v.length < 7)
+            continue;
+        if (!/[a-f]/.test(v))
+            continue; // pure-digit -> probably a number, not SHA
+        push({ kind: "sha", value: v.toLowerCase(), offset: m.index ?? 0 });
+    }
+    for (const m of text.matchAll(VERSION_RE)) {
+        // Use the FULL match (incl. optional "v") as the surface so hedging
+        // spans correctly; the verifier strips "v" for lookup.
+        push({ kind: "version", value: m[0], offset: m.index ?? 0 });
+    }
+    for (const m of text.matchAll(EMAIL_RE)) {
+        push({ kind: "email", value: m[0].toLowerCase(), offset: m.index ?? 0 });
+    }
+    return out;
+}
+export function verifyFacts(repoRoot, text) {
+    const refs = extractFactRefs(text);
+    const tags = gitListTags(repoRoot);
+    const changelog = changelogVersions(repoRoot);
+    const authors = gitListAuthorEmails(repoRoot);
+    const confirmed = [];
+    const suspects = [];
+    for (const ref of refs) {
+        if (ref.kind === "sha") {
+            if (gitCheckSha(repoRoot, ref.value))
+                confirmed.push(ref);
+            else
+                suspects.push({ ref, reason: `SHA ${ref.value} not found in git object database.`, confidence: 0.95 });
+        }
+        else if (ref.kind === "version") {
+            const numeric = ref.value.replace(/^v/i, "");
+            const inTags = tags.has(numeric) || tags.has(`v${numeric}`);
+            const inChangelog = changelog.has(numeric);
+            if (inTags || inChangelog)
+                confirmed.push(ref);
+            else
+                suspects.push({ ref, reason: `Version ${ref.value} not in git tags or CHANGELOG.md.`, confidence: 0.85 });
+        }
+        else {
+            if (authors.has(ref.value))
+                confirmed.push(ref);
+            else
+                suspects.push({ ref, reason: `Author email ${ref.value} not in git log authors.`, confidence: 0.8 });
+        }
+    }
+    const headline = `${refs.length} fact ref(s); ${confirmed.length} confirmed, ${suspects.length} suspect.`;
+    return { refs, confirmed, suspects, headline };
+}
+//# sourceMappingURL=sha_version_verifier.js.map

package/dist/precog/sha_version_verifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sha_version_verifier.js","sourceRoot":"","sources":["../../src/precog/sha_version_verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,MAAM,MAAM,GAAG,wBAAwB,CAAC;AACxC,MAAM,UAAU,GAAG,qCAAqC,CAAC;AACzD,MAAM,QAAQ,GAAG,uCAAuC,CAAC;AAqBzD,SAAS,WAAW,CAAC,QAAgB,EAAE,GAAW;IAChD,IAAI,CAAC;QACH,QAAQ,CAAC,WAAW,QAAQ,iBAAiB,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACxF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AAC3B,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,QAAQ,cAAc,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAChI,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,GAAG,EAAE,CAAC;IAAC,CAAC;AAC/B,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,QAAQ,qCAAqC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACvJ,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACpC,IAAI,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,GAAG,EAAE,CAAC;IAAC,CAAC;AAC/B,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACzC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,GAAG,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACxC,yCAAyC;QACzC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,iDAAiD,CAAC,EAAE,CAAC;YACpF,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,GAAG,GAAc,EAAE,CAAC;IAC1B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,IAAI,GAAG,CAAC,GAAY,EAAE,EAAE;QAC5B,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QAChB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAC3B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,SAAS,CAAC,2CAA2C;QAC3E,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,oEAAoE;QACpE,uDAAuD;QACvD,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,IAAY;IACxD,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAc,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACvB,IAAI,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;;gBACrD,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,GAAG,CAAC,KAAK,oCAAoC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9G,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;YAC5D,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,MAAM,IAAI,WAAW;gBAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;;gBAC1C,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,GAAG,CAAC,KAAK,mCAAmC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACjH,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;;gBAC3C,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,gBAAgB,GAAG,CAAC,KAAK,0BAA0B,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,iBAAiB,SAAS,CAAC,MAAM,eAAe,QAAQ,CAAC,MAAM,WAAW,CAAC;IAC1G,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AACjD,CAAC"}

package/dist/precog/temporal_verifier.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * v1.70.0 -- PRECOG P3: TEMPORAL VERIFIER.
+ *
+ * Catches "we deleted X last week" / "yesterday Y was added" / "3
+ * days ago we shipped Z" -- temporal claims that need to be
+ * corroborated by `git log` within the bounded window.
+ *
+ *   "last week"      -> window [now-14d, now-1d]
+ *   "yesterday"      -> window [now-2d, now-1d]
+ *   "today"          -> window [now-1d, now]
+ *   "3 days ago"     -> window [now-4d, now-2d]
+ *   "last month"     -> window [now-45d, now-15d]
+ *   "X days ago"     -> window [now-X-1d, now-X+1d]
+ *
+ * Verifier checks:
+ *   1. Were there ANY commits in the window? (sanity)
+ *   2. If claim mentions a verb (add/delete/fix/ship), is there a
+ *      commit with that verb root in subject within the window?
+ *   3. If claim names a file, does git log -- <file> show commits in window?
+ *
+ * Honest "INSUFFICIENT_EVIDENCE" verdict when window is empty.
+ */
+export interface TemporalReference {
+    /** The phrase that triggered the match. */
+    phrase: string;
+    /** Window start (ms since epoch). */
+    fromMs: number;
+    /** Window end (ms since epoch). */
+    toMs: number;
+    offset: number;
+}
+export interface TemporalSuspect {
+    ref: TemporalReference;
+    reason: string;
+    confidence: number;
+}
+export interface TemporalReport {
+    refs: TemporalReference[];
+    suspects: TemporalSuspect[];
+    corroborated: TemporalReference[];
+    headline: string;
+}
+export declare function extractTemporalRefs(text: string): TemporalReference[];
+export declare function verifyTemporal(repoRoot: string, text: string): TemporalReport;
+//# sourceMappingURL=temporal_verifier.d.ts.map

package/dist/precog/temporal_verifier.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"temporal_verifier.d.ts","sourceRoot":"","sources":["../../src/precog/temporal_verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAIH,MAAM,WAAW,iBAAiB;IAChC,2CAA2C;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,iBAAiB,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,iBAAiB,EAAE,CAAC;IAC1B,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,YAAY,EAAE,iBAAiB,EAAE,CAAC;IAClC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAkBD,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,EAAE,CA6BrE;AAmCD,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,cAAc,CA0C7E"}

package/dist/precog/temporal_verifier.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * v1.70.0 -- PRECOG P3: TEMPORAL VERIFIER.
+ *
+ * Catches "we deleted X last week" / "yesterday Y was added" / "3
+ * days ago we shipped Z" -- temporal claims that need to be
+ * corroborated by `git log` within the bounded window.
+ *
+ *   "last week"      -> window [now-14d, now-1d]
+ *   "yesterday"      -> window [now-2d, now-1d]
+ *   "today"          -> window [now-1d, now]
+ *   "3 days ago"     -> window [now-4d, now-2d]
+ *   "last month"     -> window [now-45d, now-15d]
+ *   "X days ago"     -> window [now-X-1d, now-X+1d]
+ *
+ * Verifier checks:
+ *   1. Were there ANY commits in the window? (sanity)
+ *   2. If claim mentions a verb (add/delete/fix/ship), is there a
+ *      commit with that verb root in subject within the window?
+ *   3. If claim names a file, does git log -- <file> show commits in window?
+ *
+ * Honest "INSUFFICIENT_EVIDENCE" verdict when window is empty.
+ */
+import { execSync } from "node:child_process";
+const PHRASE_RES = [
+    { pattern: /\b(today)\b/gi, days: { from: 1, to: 0 } },
+    { pattern: /\b(yesterday)\b/gi, days: { from: 2, to: 1 } },
+    { pattern: /\b(last\s+week)\b/gi, days: { from: 14, to: 1 } },
+    { pattern: /\b(last\s+month)\b/gi, days: { from: 45, to: 15 } },
+    { pattern: /\b(last\s+quarter)\b/gi, days: { from: 120, to: 45 } },
+    { pattern: /\b(this\s+week)\b/gi, days: { from: 7, to: 0 } },
+];
+const N_DAYS_AGO = /\b(\d+)\s+days?\s+ago\b/gi;
+const VERB_PATTERN = /\b(added?|deleted?|removed?|shipped?|fixed?|merged?|reverted?|deployed?|released?|refactored?)\b/gi;
+const FILE_PATTERN = /([\w./_-]+\.(?:ts|tsx|js|mjs|cjs|jsx|json|md|sql|yml|yaml|py|rs|go))/g;
+const DAY_MS = 86400 * 1000;
+export function extractTemporalRefs(text) {
+    const out = [];
+    const seen = new Set();
+    const now = Date.now();
+    for (const { pattern, days } of PHRASE_RES) {
+        for (const m of text.matchAll(pattern)) {
+            const phrase = m[1].toLowerCase();
+            const key = `${phrase}|${m.index}`;
+            if (seen.has(key))
+                continue;
+            seen.add(key);
+            out.push({
+                phrase,
+                fromMs: now - days.from * DAY_MS,
+                toMs: now - days.to * DAY_MS,
+                offset: m.index ?? 0,
+            });
+        }
+    }
+    for (const m of text.matchAll(N_DAYS_AGO)) {
+        const n = Number(m[1]);
+        if (!Number.isFinite(n) || n < 0)
+            continue;
+        out.push({
+            phrase: m[0].toLowerCase(),
+            fromMs: now - (n + 1) * DAY_MS,
+            toMs: now - Math.max(0, n - 1) * DAY_MS,
+            offset: m.index ?? 0,
+        });
+    }
+    return out;
+}
+function queryGitWindow(repoRoot, ref, verbs, files) {
+    const since = new Date(ref.fromMs).toISOString();
+    const until = new Date(ref.toMs).toISOString();
+    let totalCommits = 0;
+    let subjects = "";
+    try {
+        const r = execSync(`git -C "${repoRoot}" log --since="${since}" --until="${until}" --pretty=format:%s`, { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 3000 });
+        subjects = r;
+        totalCommits = r.split("\n").filter(Boolean).length;
+    }
+    catch { /* */ }
+    let verbMatches = 0;
+    for (const v of verbs) {
+        const re = new RegExp(`\\b${v.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`, "i");
+        if (re.test(subjects))
+            verbMatches += 1;
+    }
+    let fileTouches = 0;
+    for (const f of files.slice(0, 3)) {
+        try {
+            const r = execSync(`git -C "${repoRoot}" log --since="${since}" --until="${until}" --format=%H -- "${f}"`, { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 3000 });
+            if (r.trim().split("\n").filter(Boolean).length > 0)
+                fileTouches += 1;
+        }
+        catch { /* */ }
+    }
+    return { totalCommits, verbMatches, fileTouches };
+}
+export function verifyTemporal(repoRoot, text) {
+    const refs = extractTemporalRefs(text);
+    if (refs.length === 0) {
+        return { refs, suspects: [], corroborated: [], headline: "No temporal claims in text." };
+    }
+    // Extract verbs + files ONCE for the whole text -- conservative: any temporal
+    // ref in the text takes context from all verbs/files in the same text.
+    const verbs = [...new Set([...text.matchAll(VERB_PATTERN)].map((m) => m[1].toLowerCase()))];
+    const files = [...new Set([...text.matchAll(FILE_PATTERN)].map((m) => m[1]))];
+    const suspects = [];
+    const corroborated = [];
+    for (const ref of refs) {
+        const result = queryGitWindow(repoRoot, ref, verbs, files);
+        if (result.totalCommits === 0) {
+            suspects.push({
+                ref,
+                reason: `No git commits in window [${new Date(ref.fromMs).toISOString().slice(0, 10)} .. ${new Date(ref.toMs).toISOString().slice(0, 10)}] for "${ref.phrase}".`,
+                confidence: 0.85,
+            });
+            continue;
+        }
+        // If claim names verbs or files, require corroboration.
+        if (verbs.length > 0 && result.verbMatches === 0 && files.length === 0) {
+            suspects.push({
+                ref,
+                reason: `${result.totalCommits} commit(s) in window but none match the claimed verbs (${verbs.slice(0, 3).join(", ")}).`,
+                confidence: 0.7,
+            });
+            continue;
+        }
+        if (files.length > 0 && result.fileTouches === 0) {
+            suspects.push({
+                ref,
+                reason: `${result.totalCommits} commit(s) in window but none touched the named file(s).`,
+                confidence: 0.8,
+            });
+            continue;
+        }
+        corroborated.push(ref);
+    }
+    const headline = `${refs.length} temporal claim(s); ${corroborated.length} corroborated, ${suspects.length} suspect.`;
+    return { refs, suspects, corroborated, headline };
+}
+//# sourceMappingURL=temporal_verifier.js.map

package/dist/precog/temporal_verifier.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"temporal_verifier.js","sourceRoot":"","sources":["../../src/precog/temporal_verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAyB9C,MAAM,UAAU,GAAmE;IACjF,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE;IACtD,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE;IAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE;IAC7D,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IAC/D,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IAClE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE;CAC7D,CAAC;AAEF,MAAM,UAAU,GAAG,2BAA2B,CAAC;AAE/C,MAAM,YAAY,GAAG,oGAAoG,CAAC;AAC1H,MAAM,YAAY,GAAG,uEAAuE,CAAC;AAE7F,MAAM,MAAM,GAAG,KAAK,GAAG,IAAI,CAAC;AAE5B,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,UAAU,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,GAAG,CAAC,IAAI,CAAC;gBACP,MAAM;gBACN,MAAM,EAAE,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,MAAM;gBAChC,IAAI,EAAE,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,MAAM;gBAC5B,MAAM,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC;aACrB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,SAAS;QAC3C,GAAG,CAAC,IAAI,CAAC;YACP,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;YAC1B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM;YAC9B,IAAI,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM;YACvC,MAAM,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC;SACrB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAQD,SAAS,cAAc,CAAC,QAAgB,EAAE,GAAsB,EAAE,KAAe,EAAE,KAAe;IAChG,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/C,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,QAAQ,kBAAkB,KAAK,cAAc,KAAK,sBAAsB,EACpG,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5E,QAAQ,GAAG,CAAC,CAAC;QACb,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAChF,IAAI,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,WAAW,IAAI,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,QAAQ,CAAC,WAAW,QAAQ,kBAAkB,KAAK,cAAc,KAAK,qBAAqB,CAAC,GAAG,EACvG,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5E,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC;gBAAE,WAAW,IAAI,CAAC,CAAC;QACxE,CAAC;QAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY;IAC3D,MAAM,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,6BAA6B,EAAE,CAAC;IAC3F,CAAC;IACD,8EAA8E;IAC9E,uEAAuE;IACvE,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;IAC7F,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC;IAC/E,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,YAAY,GAAwB,EAAE,CAAC;IAC7C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC3D,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG;gBACH,MAAM,EAAE,6BAA6B,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,GAAG,CAAC,MAAM,IAAI;gBAChK,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,wDAAwD;QACxD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,WAAW,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvE,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG;gBACH,MAAM,EAAE,GAAG,MAAM,CAAC,YAAY,0DAA0D,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gBACxH,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,WAAW,KAAK,CAAC,EAAE,CAAC;YACjD,QAAQ,CAAC,IAAI,CAAC;gBACZ,GAAG;gBACH,MAAM,EAAE,GAAG,MAAM,CAAC,YAAY,0DAA0D;gBACxF,UAAU,EAAE,GAAG;aAChB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,uBAAuB,YAAY,CAAC,MAAM,kBAAkB,QAAQ,CAAC,MAAM,WAAW,CAAC;IACtH,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AACpD,CAAC"}

package/dist/precog/trust_certificate.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * v1.70.0 -- PRECOG P5: TRUST CERTIFICATE.
+ *
+ * After a claim passes verification, mint an HMAC-signed certificate.
+ * Downstream consumers (apps, the user's UI, mesh peers) can verify
+ * the certificate without re-running every checker.
+ *
+ *   issueCertificate(claim, verifierResults) -> { cert, signers, ts }
+ *   verifyCertificate(cert) -> boolean
+ *
+ * The "SSL for AI claims" the user described.
+ */
+export interface VerifierResult {
+    name: string;
+    passed: boolean;
+    detail?: string;
+}
+export interface TrustCertificate {
+    /** Stable id = sha256(claim || payload). */
+    id: string;
+    /** Original claim (truncated to 500 chars). */
+    claim: string;
+    /** Verifier names that passed. */
+    signers: string[];
+    /** Verifier names that flagged. */
+    flaggedBy: string[];
+    /** Verdict band. */
+    verdict: "CERTIFIED" | "CONDITIONAL" | "REVOKED";
+    /** ISO ts. */
+    issuedAt: string;
+    /** Expiry (ISO). */
+    expiresAt: string;
+    /** HMAC over canonical payload. */
+    hmac: string;
+}
+export interface IssueOptions {
+    /** Window during which the cert is valid (ms). Default 24h. */
+    ttlMs?: number;
+}
+export declare function issueCertificate(repoRoot: string, claim: string, verifierResults: VerifierResult[], opts?: IssueOptions): TrustCertificate;
+export type VerifyVerdict = "VALID" | "INVALID_HMAC" | "EXPIRED" | "NOT_CERTIFIED";
+export declare function verifyCertificate(repoRoot: string, cert: TrustCertificate): VerifyVerdict;
+export declare function readCertLedger(repoRoot: string): TrustCertificate[];
+//# sourceMappingURL=trust_certificate.d.ts.map

package/dist/precog/trust_certificate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trust_certificate.d.ts","sourceRoot":"","sources":["../../src/precog/trust_certificate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAUH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,4CAA4C;IAC5C,EAAE,EAAE,MAAM,CAAC;IACX,+CAA+C;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,mCAAmC;IACnC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,oBAAoB;IACpB,OAAO,EAAE,WAAW,GAAG,aAAa,GAAG,SAAS,CAAC;IACjD,cAAc;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;CACd;AAuBD,MAAM,WAAW,YAAY;IAC3B,+DAA+D;IAC/D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,eAAe,EAAE,cAAc,EAAE,EACjC,IAAI,CAAC,EAAE,YAAY,GAClB,gBAAgB,CA2BlB;AAED,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,cAAc,GAAG,SAAS,GAAG,eAAe,CAAC;AAEnF,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,aAAa,CAQzF;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,EAAE,CAWnE"}

package/dist/precog/trust_certificate.js ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * v1.70.0 -- PRECOG P5: TRUST CERTIFICATE.
+ *
+ * After a claim passes verification, mint an HMAC-signed certificate.
+ * Downstream consumers (apps, the user's UI, mesh peers) can verify
+ * the certificate without re-running every checker.
+ *
+ *   issueCertificate(claim, verifierResults) -> { cert, signers, ts }
+ *   verifyCertificate(cert) -> boolean
+ *
+ * The "SSL for AI claims" the user described.
+ */
+import { existsSync, readFileSync, writeFileSync, mkdirSync, appendFileSync } from "node:fs";
+import { createHash, createHmac, randomBytes } from "node:crypto";
+import { join } from "node:path";
+const PRECOG_DIR = ".mneme/precog";
+const CERT_LEDGER = ".mneme/precog/certificates.jsonl";
+const SECRET_FILE = ".mneme/precog/cert-secret";
+function ensureSecret(repoRoot) {
+    const path = join(repoRoot, SECRET_FILE);
+    if (existsSync(path))
+        return readFileSync(path, "utf8").trim();
+    const dir = join(repoRoot, PRECOG_DIR);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const s = randomBytes(32).toString("hex");
+    try {
+        writeFileSync(path, s, "utf8");
+    }
+    catch { /* */ }
+    return s;
+}
+function canonical(payload) {
+    return JSON.stringify({
+        claim: payload.claim,
+        signers: [...payload.signers].sort(),
+        flaggedBy: [...payload.flaggedBy].sort(),
+        verdict: payload.verdict,
+        issuedAt: payload.issuedAt,
+        expiresAt: payload.expiresAt,
+    });
+}
+export function issueCertificate(repoRoot, claim, verifierResults, opts) {
+    const secret = ensureSecret(repoRoot);
+    const issuedAt = new Date().toISOString();
+    const ttlMs = opts?.ttlMs ?? 24 * 3600 * 1000;
+    const expiresAt = new Date(Date.now() + ttlMs).toISOString();
+    const signers = verifierResults.filter((v) => v.passed).map((v) => v.name);
+    const flaggedBy = verifierResults.filter((v) => !v.passed).map((v) => v.name);
+    const verdict = flaggedBy.length === 0
+        ? "CERTIFIED"
+        : signers.length > flaggedBy.length
+            ? "CONDITIONAL"
+            : "REVOKED";
+    const payload = {
+        claim: claim.slice(0, 500),
+        signers, flaggedBy, verdict, issuedAt, expiresAt,
+    };
+    const canon = canonical(payload);
+    const hmac = createHmac("sha256", secret).update(canon).digest("hex");
+    const id = createHash("sha256").update(canon).digest("hex").slice(0, 16);
+    const cert = { ...payload, id, hmac };
+    // Persist to ledger.
+    try {
+        const dir = join(repoRoot, PRECOG_DIR);
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        appendFileSync(join(repoRoot, CERT_LEDGER), JSON.stringify(cert) + "\n", "utf8");
+    }
+    catch { /* */ }
+    return cert;
+}
+export function verifyCertificate(repoRoot, cert) {
+    if (Date.parse(cert.expiresAt) < Date.now())
+        return "EXPIRED";
+    const secret = ensureSecret(repoRoot);
+    const canon = canonical(cert);
+    const expected = createHmac("sha256", secret).update(canon).digest("hex");
+    if (expected !== cert.hmac)
+        return "INVALID_HMAC";
+    if (cert.verdict === "REVOKED")
+        return "NOT_CERTIFIED";
+    return "VALID";
+}
+export function readCertLedger(repoRoot) {
+    const p = join(repoRoot, CERT_LEDGER);
+    if (!existsSync(p))
+        return [];
+    const out = [];
+    try {
+        for (const line of readFileSync(p, "utf8").split("\n")) {
+            if (!line.trim())
+                continue;
+            try {
+                out.push(JSON.parse(line));
+            }
+            catch { /* */ }
+        }
+    }
+    catch { /* */ }
+    return out;
+}
+//# sourceMappingURL=trust_certificate.js.map

package/dist/precog/trust_certificate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"trust_certificate.js","sourceRoot":"","sources":["../../src/precog/trust_certificate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC7F,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,UAAU,GAAG,eAAe,CAAC;AACnC,MAAM,WAAW,GAAG,kCAAkC,CAAC;AACvD,MAAM,WAAW,GAAG,2BAA2B,CAAC;AA2BhD,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACvC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,CAAC,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC;QAAC,aAAa,CAAC,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACvD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,SAAS,CAAC,OAA8C;IAC/D,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE;QACpC,SAAS,EAAE,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE;QACxC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;KAC7B,CAAC,CAAC;AACL,CAAC;AAOD,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,KAAa,EACb,eAAiC,EACjC,IAAmB;IAEnB,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IAC7D,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC3E,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC9E,MAAM,OAAO,GAAgC,SAAS,CAAC,MAAM,KAAK,CAAC;QACjE,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM;YACjC,CAAC,CAAC,aAAa;YACf,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,OAAO,GAA0C;QACrD,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QAC1B,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS;KACjD,CAAC;IACF,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtE,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzE,MAAM,IAAI,GAAqB,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACxD,qBAAqB;IACrB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;IACnF,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,IAAI,CAAC;AACd,CAAC;AAID,MAAM,UAAU,iBAAiB,CAAC,QAAgB,EAAE,IAAsB;IACxE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,SAAS,CAAC;IAC9D,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1E,IAAI,QAAQ,KAAK,IAAI,CAAC,IAAI;QAAE,OAAO,cAAc,CAAC;IAClD,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,eAAe,CAAC;IACvD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACtC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAuB,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,IAAI,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAqB,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mneme-ai/core",
-  "version": "1.69.0",
+  "version": "1.70.0",
   "description": "Core indexing, retrieval, and graph engine for Mneme",
   "type": "module",
   "main": "./dist/index.js",