@mneme-ai/core 1.70.0 → 1.72.0

package/dist/precog/multi_voice_council.d.ts

@@ -0,0 +1,50 @@
+/**
+ * v1.71.0 -- PRECOG +C1: MULTI-VOICE COUNCIL.
+ *
+ * Push PRECOG catch rate from 92.9% toward 98%+. Instead of a single
+ * verifier-pass, run the claim through FIVE distinct voices, each
+ * with a different cognitive bias:
+ *
+ *   V1 PACKAGE-PEDANT      extra strict on package names + versions
+ *   V2 TEMPORAL-PARANOID    extra strict on time claims
+ *   V3 HUMILITY-ZEALOT      extra strict on absolute speech
+ *   V4 CITATION-NIGGLE       requires every entity to have a citation
+ *   V5 NOVELTY-SUSPICION     flags shapes not seen in repo history
+ *
+ * Majority vote -> hedge if 3+/5 voices say "suspect". Breaks the
+ * "PRECOG missed because one regex didn't fire" failure mode by
+ * needing redundant agreement.
+ *
+ * The wild bit: voices use DIFFERENT THRESHOLDS for the same
+ * underlying checker. V1 might flag "X@1.0.0" at 0.4 confidence
+ * while the default PRECOG only flags at 0.6. The council compares
+ * how many voices agree at THEIR individual threshold.
+ */
+export type VoiceId = "V1-package-pedant" | "V2-temporal-paranoid" | "V3-humility-zealot" | "V4-citation-niggle" | "V5-novelty-suspicion";
+export interface VoiceVote {
+    voice: VoiceId;
+    /** This voice's verdict: "hedge" / "pass" / "abstain". */
+    vote: "hedge" | "pass" | "abstain";
+    /** Confidence in this vote 0..1. */
+    confidence: number;
+    /** Plain-English why. */
+    reason: string;
+}
+export interface CouncilVerdict {
+    votes: VoiceVote[];
+    hedgeVotes: number;
+    passVotes: number;
+    abstainVotes: number;
+    /** Final verdict: HEDGE if hedge >= majorityThreshold (default 3). */
+    verdict: "HEDGE" | "PASS" | "TIE";
+    /** Plain-English headline. */
+    headline: string;
+}
+export interface CouncilOptions {
+    /** Majority threshold (default 3 of 5). */
+    majority?: number;
+    /** Skip specific voices. */
+    skipVoices?: VoiceId[];
+}
+export declare function runCouncil(repoRoot: string, claim: string, opts?: CouncilOptions): CouncilVerdict;
+//# sourceMappingURL=multi_voice_council.d.ts.map

package/dist/precog/multi_voice_council.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi_voice_council.d.ts","sourceRoot":"","sources":["../../src/precog/multi_voice_council.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAOH,MAAM,MAAM,OAAO,GAAG,mBAAmB,GAAG,sBAAsB,GAAG,oBAAoB,GAAG,oBAAoB,GAAG,sBAAsB,CAAC;AAE1I,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,OAAO,CAAC;IACf,0DAA0D;IAC1D,IAAI,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IACnC,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,sEAAsE;IACtE,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IAClC,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAiDD,MAAM,WAAW,cAAc;IAC7B,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;CACxB;AAED,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,cAAc,GAAG,cAAc,CAsBjG"}

package/dist/precog/multi_voice_council.js

@@ -0,0 +1,105 @@
+/**
+ * v1.71.0 -- PRECOG +C1: MULTI-VOICE COUNCIL.
+ *
+ * Push PRECOG catch rate from 92.9% toward 98%+. Instead of a single
+ * verifier-pass, run the claim through FIVE distinct voices, each
+ * with a different cognitive bias:
+ *
+ *   V1 PACKAGE-PEDANT      extra strict on package names + versions
+ *   V2 TEMPORAL-PARANOID    extra strict on time claims
+ *   V3 HUMILITY-ZEALOT      extra strict on absolute speech
+ *   V4 CITATION-NIGGLE       requires every entity to have a citation
+ *   V5 NOVELTY-SUSPICION     flags shapes not seen in repo history
+ *
+ * Majority vote -> hedge if 3+/5 voices say "suspect". Breaks the
+ * "PRECOG missed because one regex didn't fire" failure mode by
+ * needing redundant agreement.
+ *
+ * The wild bit: voices use DIFFERENT THRESHOLDS for the same
+ * underlying checker. V1 might flag "X@1.0.0" at 0.4 confidence
+ * while the default PRECOG only flags at 0.6. The council compares
+ * how many voices agree at THEIR individual threshold.
+ */
+import { verifyPackages } from "./package_verifier.js";
+import { verifyFacts } from "./sha_version_verifier.js";
+import { verifyTemporal } from "./temporal_verifier.js";
+import { priorFor } from "./bayesian_priors.js";
+const ABSOLUTES = ["always", "never", "guaranteed", "100%", "absolutely", "perfect", "flawless", "every", "all", "none"];
+function v1_packagePedant(repoRoot, claim) {
+    const r = verifyPackages(repoRoot, claim);
+    // Pedant lowers threshold: even single suspect package = hedge.
+    if (r.suspects.length === 0)
+        return { voice: "V1-package-pedant", vote: "abstain", confidence: 1, reason: "no package refs found" };
+    return { voice: "V1-package-pedant", vote: "hedge", confidence: 0.95, reason: `pedant: ${r.suspects.length} suspect package(s)` };
+}
+function v2_temporalParanoid(repoRoot, claim) {
+    const r = verifyTemporal(repoRoot, claim);
+    if (r.refs.length === 0)
+        return { voice: "V2-temporal-paranoid", vote: "abstain", confidence: 1, reason: "no temporal claims" };
+    // Paranoid: ANY un-corroborated temporal claim hedges, even if just 1 of N.
+    if (r.suspects.length >= 1)
+        return { voice: "V2-temporal-paranoid", vote: "hedge", confidence: 0.9, reason: `paranoid: ${r.suspects.length} un-corroborated temporal claim(s)` };
+    return { voice: "V2-temporal-paranoid", vote: "pass", confidence: 0.85, reason: "all temporal claims corroborated by git log" };
+}
+function v3_humilityZealot(_repoRoot, claim) {
+    let absCount = 0;
+    const lower = claim.toLowerCase();
+    for (const a of ABSOLUTES) {
+        const re = new RegExp(`\\b${a}\\b`, "g");
+        const m = lower.match(re);
+        if (m)
+            absCount += m.length;
+    }
+    if (absCount >= 2)
+        return { voice: "V3-humility-zealot", vote: "hedge", confidence: 0.9, reason: `zealot: ${absCount} absolute terms` };
+    if (absCount === 1)
+        return { voice: "V3-humility-zealot", vote: "hedge", confidence: 0.6, reason: `zealot: 1 absolute term` };
+    return { voice: "V3-humility-zealot", vote: "pass", confidence: 0.8, reason: "no absolutes" };
+}
+function v4_citationNiggle(repoRoot, claim) {
+    // Use the fact-verifier as the citation proxy: any unverifiable
+    // entity = niggle hedges.
+    const r = verifyFacts(repoRoot, claim);
+    if (r.refs.length === 0)
+        return { voice: "V4-citation-niggle", vote: "abstain", confidence: 1, reason: "no fact refs to cite" };
+    if (r.suspects.length > 0)
+        return { voice: "V4-citation-niggle", vote: "hedge", confidence: 0.85, reason: `niggle: ${r.suspects.length} uncited fact(s)` };
+    return { voice: "V4-citation-niggle", vote: "pass", confidence: 0.85, reason: "all facts cited" };
+}
+function v5_noveltySuspicion(repoRoot, claim) {
+    const p = priorFor(repoRoot, claim);
+    // Novelty: claims whose simhash matches PAST FAILURES are suspect.
+    if (p.posterior >= 0.3)
+        return { voice: "V5-novelty-suspicion", vote: "hedge", confidence: 0.8, reason: `novelty: posterior ${p.posterior.toFixed(2)} matches past failures` };
+    if (p.topNeighbors.length === 0)
+        return { voice: "V5-novelty-suspicion", vote: "abstain", confidence: 0.6, reason: "no failure history" };
+    return { voice: "V5-novelty-suspicion", vote: "pass", confidence: 0.7, reason: "no near-neighbor failures" };
+}
+export function runCouncil(repoRoot, claim, opts) {
+    const majority = opts?.majority ?? 3;
+    const skip = new Set(opts?.skipVoices ?? []);
+    const votes = [];
+    if (!skip.has("V1-package-pedant"))
+        votes.push(v1_packagePedant(repoRoot, claim));
+    if (!skip.has("V2-temporal-paranoid"))
+        votes.push(v2_temporalParanoid(repoRoot, claim));
+    if (!skip.has("V3-humility-zealot"))
+        votes.push(v3_humilityZealot(repoRoot, claim));
+    if (!skip.has("V4-citation-niggle"))
+        votes.push(v4_citationNiggle(repoRoot, claim));
+    if (!skip.has("V5-novelty-suspicion"))
+        votes.push(v5_noveltySuspicion(repoRoot, claim));
+    const hedge = votes.filter((v) => v.vote === "hedge").length;
+    const pass = votes.filter((v) => v.vote === "pass").length;
+    const abst = votes.filter((v) => v.vote === "abstain").length;
+    let verdict;
+    if (hedge >= majority)
+        verdict = "HEDGE";
+    else if (pass >= majority)
+        verdict = "PASS";
+    else
+        verdict = "TIE";
+    const headline = `Council: ${hedge} hedge / ${pass} pass / ${abst} abstain -> ${verdict}.`;
+    return { votes, hedgeVotes: hedge, passVotes: pass, abstainVotes: abst, verdict, headline };
+}
+//# sourceMappingURL=multi_voice_council.js.map

package/dist/precog/multi_voice_council.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"multi_voice_council.js","sourceRoot":"","sources":["../../src/precog/multi_voice_council.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAyBhD,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;AAEzH,SAAS,gBAAgB,CAAC,QAAgB,EAAE,KAAa;IACvD,MAAM,CAAC,GAAG,cAAc,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC1C,gEAAgE;IAChE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IACpI,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,qBAAqB,EAAE,CAAC;AACpI,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB,EAAE,KAAa;IAC1D,MAAM,CAAC,GAAG,cAAc,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAChI,4EAA4E;IAC5E,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,oCAAoC,EAAE,CAAC;IACjL,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAC;AAClI,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAiB,EAAE,KAAa;IACzD,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC1B,IAAI,CAAC;YAAE,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC;IAC9B,CAAC;IACD,IAAI,QAAQ,IAAI,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,QAAQ,iBAAiB,EAAE,CAAC;IACxI,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC9H,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;AAChG,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB,EAAE,KAAa;IACxD,gEAAgE;IAChE,0BAA0B;IAC1B,MAAM,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAChI,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,kBAAkB,EAAE,CAAC;IAC3J,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;AACpG,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB,EAAE,KAAa;IAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACpC,mEAAmE;IACnE,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG;QAAE,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB,EAAE,CAAC;IAC/K,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC1I,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;AAC/G,CAAC;AASD,MAAM,UAAU,UAAU,CAAC,QAAgB,EAAE,KAAa,EAAE,IAAqB;IAC/E,MAAM,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAClF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IACxF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IACpF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IACpF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAExF,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAC3D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAE9D,IAAI,OAAkC,CAAC;IACvC,IAAI,KAAK,IAAI,QAAQ;QAAE,OAAO,GAAG,OAAO,CAAC;SACpC,IAAI,IAAI,IAAI,QAAQ;QAAE,OAAO,GAAG,MAAM,CAAC;;QACvC,OAAO,GAAG,KAAK,CAAC;IAErB,MAAM,QAAQ,GAAG,YAAY,KAAK,YAAY,IAAI,WAAW,IAAI,eAAe,OAAO,GAAG,CAAC;IAE3F,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AAC9F,CAAC"}

package/dist/sentinel/audit_ledger.d.ts

@@ -0,0 +1,46 @@
+/**
+ * v1.71.0 -- SENTINEL S4: HMAC AUDIT LEDGER.
+ *
+ * Every detected dangerous command is logged with HMAC signature so
+ * the audit trail is tamper-evident. The "black box" of AI actions:
+ * if an AI ever does something irreversibly bad, the ledger shows
+ * exactly which command + when + risk score.
+ *
+ * Storage: .mneme/sentinel/audit.jsonl
+ * Secret:  .mneme/sentinel/secret  (random 32 bytes, per-repo)
+ */
+import type { RecommendedAction, RiskScoreReport } from "./risk_scorer.js";
+export interface AuditEntry {
+    id: string;
+    ts: string;
+    command: string;
+    score: number;
+    action: RecommendedAction;
+    /** Class labels that fired. */
+    classes: string[];
+    /** Vendor (AI agent) that proposed the command. */
+    vendor: string;
+    /** Whether the command actually ran (caller flips this AFTER decision). */
+    executed: boolean;
+    /** HMAC over canonical payload. */
+    hmac: string;
+}
+export interface AuditOptions {
+    vendor?: string;
+    executed?: boolean;
+}
+export declare function appendAudit(repoRoot: string, command: string, report: RiskScoreReport, opts?: AuditOptions): AuditEntry;
+export type VerifyVerdict = "VALID" | "INVALID_HMAC" | "NOT_FOUND";
+export declare function verifyAuditEntry(repoRoot: string, entry: AuditEntry): VerifyVerdict;
+export declare function readAuditLog(repoRoot: string): AuditEntry[];
+export interface AuditSummary {
+    total: number;
+    byAction: Record<RecommendedAction, number>;
+    byClass: Record<string, number>;
+    byVendor: Record<string, number>;
+    tamperedCount: number;
+    lastEntry: AuditEntry | null;
+    headline: string;
+}
+export declare function summarizeAudit(repoRoot: string): AuditSummary;
+//# sourceMappingURL=audit_ledger.d.ts.map

package/dist/sentinel/audit_ledger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit_ledger.d.ts","sourceRoot":"","sources":["../../src/sentinel/audit_ledger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAM3E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,iBAAiB,CAAC;IAC1B,+BAA+B;IAC/B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,QAAQ,EAAE,OAAO,CAAC;IAClB,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;CACd;AAwBD,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,EAAE,YAAY,GAAG,UAAU,CAsBvH;AAED,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,cAAc,GAAG,WAAW,CAAC;AAEnE,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,GAAG,aAAa,CAKnF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE,CAW3D;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;IAC5C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,UAAU,GAAG,IAAI,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CAmB7D"}

package/dist/sentinel/audit_ledger.js

@@ -0,0 +1,115 @@
+/**
+ * v1.71.0 -- SENTINEL S4: HMAC AUDIT LEDGER.
+ *
+ * Every detected dangerous command is logged with HMAC signature so
+ * the audit trail is tamper-evident. The "black box" of AI actions:
+ * if an AI ever does something irreversibly bad, the ledger shows
+ * exactly which command + when + risk score.
+ *
+ * Storage: .mneme/sentinel/audit.jsonl
+ * Secret:  .mneme/sentinel/secret  (random 32 bytes, per-repo)
+ */
+import { existsSync, readFileSync, writeFileSync, mkdirSync, appendFileSync } from "node:fs";
+import { createHash, createHmac, randomBytes } from "node:crypto";
+import { join } from "node:path";
+const SENTINEL_DIR = ".mneme/sentinel";
+const AUDIT_LOG = ".mneme/sentinel/audit.jsonl";
+const SECRET_FILE = ".mneme/sentinel/secret";
+function ensureSecret(repoRoot) {
+    const p = join(repoRoot, SECRET_FILE);
+    if (existsSync(p))
+        return readFileSync(p, "utf8").trim();
+    const dir = join(repoRoot, SENTINEL_DIR);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const s = randomBytes(32).toString("hex");
+    try {
+        writeFileSync(p, s, "utf8");
+    }
+    catch { /* */ }
+    return s;
+}
+function canonical(payload) {
+    return JSON.stringify({
+        ts: payload.ts,
+        command: payload.command,
+        score: payload.score,
+        action: payload.action,
+        classes: [...payload.classes].sort(),
+        vendor: payload.vendor,
+        executed: payload.executed,
+    });
+}
+export function appendAudit(repoRoot, command, report, opts) {
+    const secret = ensureSecret(repoRoot);
+    const ts = new Date().toISOString();
+    const payload = {
+        ts,
+        command: command.slice(0, 500),
+        score: report.score,
+        action: report.recommendedAction,
+        classes: report.detection.classes,
+        vendor: opts?.vendor ?? "unknown",
+        executed: opts?.executed ?? false,
+    };
+    const canon = canonical(payload);
+    const hmac = createHmac("sha256", secret).update(canon).digest("hex");
+    const id = createHash("sha256").update(canon).digest("hex").slice(0, 16);
+    const entry = { ...payload, id, hmac };
+    try {
+        const dir = join(repoRoot, SENTINEL_DIR);
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        appendFileSync(join(repoRoot, AUDIT_LOG), JSON.stringify(entry) + "\n", "utf8");
+    }
+    catch { /* */ }
+    return entry;
+}
+export function verifyAuditEntry(repoRoot, entry) {
+    const secret = ensureSecret(repoRoot);
+    const expected = createHmac("sha256", secret).update(canonical(entry)).digest("hex");
+    if (expected !== entry.hmac)
+        return "INVALID_HMAC";
+    return "VALID";
+}
+export function readAuditLog(repoRoot) {
+    const p = join(repoRoot, AUDIT_LOG);
+    if (!existsSync(p))
+        return [];
+    const out = [];
+    try {
+        for (const line of readFileSync(p, "utf8").split("\n")) {
+            if (!line.trim())
+                continue;
+            try {
+                out.push(JSON.parse(line));
+            }
+            catch { /* */ }
+        }
+    }
+    catch { /* */ }
+    return out;
+}
+export function summarizeAudit(repoRoot) {
+    const entries = readAuditLog(repoRoot);
+    const byAction = { ALLOW: 0, AUDIT: 0, WARN: 0, BLOCK: 0 };
+    const byClass = {};
+    const byVendor = {};
+    let tampered = 0;
+    for (const e of entries) {
+        byAction[e.action] = (byAction[e.action] ?? 0) + 1;
+        for (const c of e.classes)
+            byClass[c] = (byClass[c] ?? 0) + 1;
+        byVendor[e.vendor] = (byVendor[e.vendor] ?? 0) + 1;
+        if (verifyAuditEntry(repoRoot, e) === "INVALID_HMAC")
+            tampered += 1;
+    }
+    return {
+        total: entries.length,
+        byAction, byClass, byVendor,
+        tamperedCount: tampered,
+        lastEntry: entries[entries.length - 1] ?? null,
+        headline: `${entries.length} audit entry/ies (${tampered} tampered). BLOCK=${byAction.BLOCK}, WARN=${byAction.WARN}, AUDIT=${byAction.AUDIT}.`,
+    };
+}
+//# sourceMappingURL=audit_ledger.js.map

package/dist/sentinel/audit_ledger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit_ledger.js","sourceRoot":"","sources":["../../src/sentinel/audit_ledger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAC7F,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAIjC,MAAM,YAAY,GAAG,iBAAiB,CAAC;AACvC,MAAM,SAAS,GAAG,6BAA6B,CAAC;AAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAkB7C,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IACtC,IAAI,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IACzD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,CAAC,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1C,IAAI,CAAC;QAAC,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACpD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,SAAS,CAAC,OAAwC;IACzD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE;QACpC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC,CAAC;AACL,CAAC;AAOD,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,OAAe,EAAE,MAAuB,EAAE,IAAmB;IACzG,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,OAAO,GAAoC;QAC/C,EAAE;QACF,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QAC9B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,iBAAiB;QAChC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO;QACjC,MAAM,EAAE,IAAI,EAAE,MAAM,IAAI,SAAS;QACjC,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,KAAK;KAClC,CAAC;IACF,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtE,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzE,MAAM,KAAK,GAAe,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACnD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACzC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;IAClF,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,KAAK,CAAC;AACf,CAAC;AAID,MAAM,UAAU,gBAAgB,CAAC,QAAgB,EAAE,KAAiB;IAClE,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrF,IAAI,QAAQ,KAAK,KAAK,CAAC,IAAI;QAAE,OAAO,cAAc,CAAC;IACnD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IACpC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAC3B,IAAI,CAAC;gBAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC;AACb,CAAC;AAYD,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAsC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC9F,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC9D,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnD,IAAI,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,cAAc;YAAE,QAAQ,IAAI,CAAC,CAAC;IACtE,CAAC;IACD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,QAAQ,EAAE,OAAO,EAAE,QAAQ;QAC3B,aAAa,EAAE,QAAQ;QACvB,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,IAAI;QAC9C,QAAQ,EAAE,GAAG,OAAO,CAAC,MAAM,qBAAqB,QAAQ,qBAAqB,QAAQ,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAI,WAAW,QAAQ,CAAC,KAAK,GAAG;KAC/I,CAAC;AACJ,CAAC"}

package/dist/sentinel/command_detector.d.ts

@@ -0,0 +1,59 @@
+/**
+ * v1.71.0 -- SENTINEL S1: DANGEROUS COMMAND DETECTOR.
+ *
+ * PRECOG was about CLAIMS (hallucinated facts). SENTINEL is about
+ * ACTIONS (dangerous commands). The same intercept pattern, applied
+ * to the MCP boundary: every shell command the AI proposes passes
+ * through SENTINEL before execution.
+ *
+ * Catalog of 30+ dangerous patterns, organized into 8 risk classes:
+ *   - mass-delete       rm -rf /, find -delete on / | $HOME
+ *   - pipe-to-shell     curl URL | sh, wget URL | bash
+ *   - fork-bomb         :(){:|:&};:
+ *   - disk-wipe         dd if=... of=/dev/sda
+ *   - permission-bomb   chmod 777 /, chown nobody /
+ *   - exfiltration      tar ... | nc, scp to unknown
+ *   - net-scan          nmap, masscan, nikto, sqlmap
+ *   - credential-leak   cat .env | curl, .ssh access
+ *
+ * Each detection carries a RISK LEVEL (low/medium/high/critical) so
+ * the orchestrator can decide block vs warn vs allow-with-audit.
+ */
+export type RiskClass = "mass-delete" | "pipe-to-shell" | "fork-bomb" | "disk-wipe" | "permission-bomb" | "exfiltration" | "net-scan" | "credential-leak" | "privilege-escalation" | "process-kill" | "history-tamper";
+export type RiskLevel = "low" | "medium" | "high" | "critical";
+export interface DangerSignature {
+    id: string;
+    /** Regex on the full command. */
+    pattern: RegExp;
+    risk: RiskLevel;
+    class: RiskClass;
+    /** Plain-English why this is dangerous. */
+    rationale: string;
+    /** Optional safe-context override -- if this regex ALSO matches, the
+     *  command is LIKELY safe even though the main pattern fired. */
+    safeContext?: RegExp;
+}
+export declare const DANGER_CATALOG: DangerSignature[];
+export interface DetectionMatch {
+    signature: DangerSignature;
+    /** What part of the command actually matched. */
+    matchedText: string;
+    /** Offset in the input. */
+    offset: number;
+}
+export interface CommandDetectionReport {
+    command: string;
+    matches: DetectionMatch[];
+    /** Highest risk-level among matches. */
+    highestRisk: RiskLevel | null;
+    /** All matched classes. */
+    classes: RiskClass[];
+    /** Plain-English headline. */
+    headline: string;
+    /** ms. */
+    ms: number;
+}
+export declare function detectDangerous(command: string): CommandDetectionReport;
+/** Return only the catalog entries for a class, for inspection. */
+export declare function listByClass(cls: RiskClass): DangerSignature[];
+//# sourceMappingURL=command_detector.d.ts.map

package/dist/sentinel/command_detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command_detector.d.ts","sourceRoot":"","sources":["../../src/sentinel/command_detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,MAAM,MAAM,SAAS,GACjB,aAAa,GACb,eAAe,GACf,WAAW,GACX,WAAW,GACX,iBAAiB,GACjB,cAAc,GACd,UAAU,GACV,iBAAiB,GACjB,sBAAsB,GACtB,cAAc,GACd,gBAAgB,CAAC;AAErB,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/D,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,SAAS,CAAC;IACjB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB;qEACiE;IACjE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,cAAc,EAAE,eAAe,EAmO3C,CAAC;AAEF,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,eAAe,CAAC;IAC3B,iDAAiD;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,2BAA2B;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,wCAAwC;IACxC,WAAW,EAAE,SAAS,GAAG,IAAI,CAAC;IAC9B,2BAA2B;IAC3B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU;IACV,EAAE,EAAE,MAAM,CAAC;CACZ;AAID,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,sBAAsB,CAiBvE;AAED,mEAAmE;AACnE,wBAAgB,WAAW,CAAC,GAAG,EAAE,SAAS,GAAG,eAAe,EAAE,CAE7D"}