@mneme-ai/core 2.106.0 → 2.108.0

package/dist/archaeology/archaeology.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"archaeology.test.js","sourceRoot":"","sources":["../../src/archaeology/archaeology.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEnI,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AAExB,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,GAAG,WAAW,CAAC,uDAAuD,EAAE,OAAO,CAAC,CAAC;QACxF,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAG,2BAA2B;IACxF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,MAAM,CAAC,GAAG,WAAW,CAAC,iEAAiE,EAAE,OAAO,CAAC,CAAC;QAClG,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QACpC,oBAAoB;QACpB,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,MAAM,KAAK,GAAG,OAAO,CAAC,+FAA+F,CAAC,CAAC;QACvH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC7C,gBAAgB;QAChB,MAAM,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC,CAAC;IACvG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,uBAAuB,EAAE,OAAO,EAAE,2DAA2D,EAAE,SAAS,EAAE,aAAa,EAAE,EAAE,aAAa,CAAC,CAAC;QAC7K,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;QACxB,MAAM,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,GAAG,GAAG,YAAY,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,sBAAsB,EAAE,OAAO,EAAE,oCAAoC,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC7H,KAAK,MAAM,GAAG,IAAI;YAChB,CAAC,CAA0B,EAAE,EAAE,GAAG,CAAC,CAAC,SAAS,GAAG,sBAAsB,CAAC,CAAC,CAAC;YACzE,CAAC,CAA0B,EAAE,EAAE,GAAG,CAAC,CAAC,SAAS,GAAG,kBAAkB,CAAC,CAAC,CAAC;YACrE,CAAC,CAA0B,EAAE,EAAE,GAAG,CAAC,CAAC,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC;YAC/D,CAAC,CAA0B,EAAE,EAAE,GAAG,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC;SACvD,EAAE,CAAC;YACF,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC3D,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,GAAG,mBAAmB,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QAChD,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACvD,MAAM,CAAC,aAAa,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,MAAM,CAAC,OAAO,CAAC,IAAa,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC3C,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,IAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,gBAAgB,CAAC,IAAa,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/archaeology/index.d.ts

@@ -0,0 +1,88 @@
+/**
+ * v2.107.0 — DATA ARCHAEOLOGY (Signed Provenance Ingest).
+ *
+ * The honest, world-class-engineering core of the "data archaeology" idea —
+ * WITHOUT the dark-web / aggressive-scraper / socket-sniffing theatre.
+ * Mneme's edge is NOT "access more data" (anyone can `curl`). It is: **every
+ * fact that enters your local brain carries a signed, verifiable PROVENANCE**
+ * — proof of WHERE it came from, WHEN it was fetched, and that it has not
+ * been tampered. Raw PUBLIC content is *distilled* into dense fact-shaped
+ * statements, each content-addressed + Ed25519-signed, then handed to the
+ * Cognitive Cortex (which dedups + quarantines contradictions). Knowledge
+ * alchemy done right: accountable, not hoarded.
+ *
+ * The fetching is the CALLER's job (an agent's WebFetch, or a local file) —
+ * this layer never crawls. It provides the *discipline* (a robots.txt +
+ * rate-limit policy you clear BEFORE fetching, so ingest stays legitimate)
+ * and the *cryptographic accountability* (signed provenance).
+ *
+ * Pure + total (108-error rule): deterministic, no network, never throws.
+ */
+import { type NotaryReceipt } from "../notary/receipt.js";
+export interface RobotsRules {
+    allow: string[];
+    disallow: string[];
+    crawlDelaySec: number | null;
+}
+/** Parse robots.txt for a user-agent (falls back to the `*` block). Total. */
+export declare function parseRobots(robotsTxt: string, userAgent?: string): RobotsRules;
+/** robots.txt longest-match: the most specific rule wins; ties → Allow. Total. */
+export declare function isPathAllowed(rules: RobotsRules, path: string): boolean;
+export interface RateState {
+    tokens: number;
+    lastMs: number;
+}
+export interface RateVerdict {
+    allowed: boolean;
+    state: RateState;
+    waitMs: number;
+}
+/** Pure token-bucket rate limiter (deterministic; the clock is an arg). Total. */
+export declare function rateAcquire(state: RateState | null, capacity: number, refillPerSec: number, nowMs: number): RateVerdict;
+/** Pull fact-shaped statements from raw text: sentences carrying a concrete
+ *  signal (a number, a Proper-Noun pair, a code token, or a fact keyword).
+ *  Deduped, capped, deterministic. Total. */
+export declare function distill(content: string, maxFacts?: number): string[];
+export interface SourceRef {
+    url: string;
+    content: string;
+    fetchedAt: number;
+}
+export interface ProvenanceFact {
+    statement: string;
+    /** cortex key (statement-hash) for dedup + contradiction-gating. */
+    key: string;
+    sourceUrl: string;
+    contentHash: string;
+    fetchedAt: number;
+    receipt: NotaryReceipt;
+}
+export interface IngestResult {
+    facts: ProvenanceFact[];
+    contentHash: string;
+    distilled: number;
+}
+/** Distill a fetched source into signed provenance-facts (ready for the
+ *  cortex). Total. `at` = issue timestamp (deterministic). */
+export declare function ingestSource(repoRoot: string, src: SourceRef, at: number, maxFacts?: number): IngestResult;
+export interface ProvenanceVerdict {
+    valid: boolean;
+    bound: boolean;
+    sourceUrl: string | null;
+    reason: string;
+}
+/** Verify a fact's provenance OFFLINE: signature valid AND the receipt binds
+ *  this exact statement + source + content hash. Catches a forged source. Total. */
+export declare function verifyProvenance(fact: ProvenanceFact): ProvenanceVerdict;
+export interface ArchaeologyGauntlet {
+    robotsRespected: boolean;
+    rateLimits: boolean;
+    distills: boolean;
+    signedProvenance: boolean;
+    forgeryCaught: boolean;
+    stable: boolean;
+    score: number;
+}
+/** Prove the archaeology engine. Total + deterministic. */
+export declare function archaeologyGauntlet(repoRoot: string, at: number): ArchaeologyGauntlet;
+//# sourceMappingURL=index.d.ts.map

package/dist/archaeology/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/archaeology/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,EAA+B,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAMvF,MAAM,WAAW,WAAW;IAAG,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE;AAElG,8EAA8E;AAC9E,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,SAAM,GAAG,WAAW,CA0B3E;AAED,kFAAkF;AAClF,wBAAgB,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CASvE;AAED,MAAM,WAAW,SAAS;IAAG,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE;AAC7D,MAAM,WAAW,WAAW;IAAG,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE;AAEnF,kFAAkF;AAClF,wBAAgB,WAAW,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,WAAW,CASvH;AAID;;6CAE6C;AAC7C,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,SAAK,GAAG,MAAM,EAAE,CAkBhE;AAID,MAAM,WAAW,SAAS;IAAG,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE;AAE9E,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAAG,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE;AAEjG;8DAC8D;AAC9D,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,SAAK,GAAG,YAAY,CAmBtG;AAED,MAAM,WAAW,iBAAiB;IAAG,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE;AAE/G;oFACoF;AACpF,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,cAAc,GAAG,iBAAiB,CAYxE;AAED,MAAM,WAAW,mBAAmB;IAClC,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,aAAa,EAAE,OAAO,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,2DAA2D;AAC3D,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,mBAAmB,CAiBrF"}

package/dist/archaeology/index.js

@@ -0,0 +1,216 @@
+/**
+ * v2.107.0 — DATA ARCHAEOLOGY (Signed Provenance Ingest).
+ *
+ * The honest, world-class-engineering core of the "data archaeology" idea —
+ * WITHOUT the dark-web / aggressive-scraper / socket-sniffing theatre.
+ * Mneme's edge is NOT "access more data" (anyone can `curl`). It is: **every
+ * fact that enters your local brain carries a signed, verifiable PROVENANCE**
+ * — proof of WHERE it came from, WHEN it was fetched, and that it has not
+ * been tampered. Raw PUBLIC content is *distilled* into dense fact-shaped
+ * statements, each content-addressed + Ed25519-signed, then handed to the
+ * Cognitive Cortex (which dedups + quarantines contradictions). Knowledge
+ * alchemy done right: accountable, not hoarded.
+ *
+ * The fetching is the CALLER's job (an agent's WebFetch, or a local file) —
+ * this layer never crawls. It provides the *discipline* (a robots.txt +
+ * rate-limit policy you clear BEFORE fetching, so ingest stays legitimate)
+ * and the *cryptographic accountability* (signed provenance).
+ *
+ * Pure + total (108-error rule): deterministic, no network, never throws.
+ */
+import { createHash } from "node:crypto";
+import { issueReceipt, verifyReceipt } from "../notary/receipt.js";
+function sha256(s) { return createHash("sha256").update(typeof s === "string" ? s : "", "utf8").digest("hex"); }
+/** Parse robots.txt for a user-agent (falls back to the `*` block). Total. */
+export function parseRobots(robotsTxt, userAgent = "*") {
+    const out = { allow: [], disallow: [], crawlDelaySec: null };
+    try {
+        const lines = (typeof robotsTxt === "string" ? robotsTxt : "").split(/\r?\n/);
+        const uaLower = userAgent.toLowerCase();
+        let active = false;
+        let starRules = null;
+        let cur = out;
+        for (const raw of lines) {
+            const line = raw.replace(/#.*$/, "").trim();
+            if (!line)
+                continue;
+            const m = line.match(/^([a-zA-Z-]+)\s*:\s*(.*)$/);
+            if (!m)
+                continue;
+            const field = m[1].toLowerCase();
+            const val = m[2].trim();
+            if (field === "user-agent") {
+                const ua = val.toLowerCase();
+                active = ua === uaLower;
+                if (active)
+                    cur = out;
+                else if (ua === "*") {
+                    starRules = starRules ?? { allow: [], disallow: [], crawlDelaySec: null };
+                    cur = starRules;
+                }
+                else
+                    cur = { allow: [], disallow: [], crawlDelaySec: null };
+            }
+            else if (field === "disallow" && val)
+                cur.disallow.push(val);
+            else if (field === "allow" && val)
+                cur.allow.push(val);
+            else if (field === "crawl-delay") {
+                const n = parseFloat(val);
+                if (Number.isFinite(n))
+                    cur.crawlDelaySec = n;
+            }
+        }
+        if (out.allow.length === 0 && out.disallow.length === 0 && out.crawlDelaySec === null && starRules)
+            return starRules;
+        if (out.crawlDelaySec === null && starRules?.crawlDelaySec != null)
+            out.crawlDelaySec = starRules.crawlDelaySec;
+        return out;
+    }
+    catch {
+        return out;
+    }
+}
+/** robots.txt longest-match: the most specific rule wins; ties → Allow. Total. */
+export function isPathAllowed(rules, path) {
+    try {
+        const p = typeof path === "string" ? path : "/";
+        const r = rules && Array.isArray(rules.disallow) ? rules : { allow: [], disallow: [], crawlDelaySec: null };
+        let best = null;
+        for (const d of r.disallow)
+            if (d && p.startsWith(d))
+                if (!best || d.length > best.len)
+                    best = { len: d.length, allow: false };
+        for (const a of (r.allow ?? []))
+            if (a && p.startsWith(a))
+                if (!best || a.length >= best.len)
+                    best = { len: a.length, allow: true };
+        return best ? best.allow : true;
+    }
+    catch {
+        return true;
+    }
+}
+/** Pure token-bucket rate limiter (deterministic; the clock is an arg). Total. */
+export function rateAcquire(state, capacity, refillPerSec, nowMs) {
+    const cap = capacity > 0 ? capacity : 1;
+    const rate = refillPerSec > 0 ? refillPerSec : 1;
+    const now = Number.isFinite(nowMs) ? nowMs : 0;
+    const s = state && Number.isFinite(state.tokens) ? state : { tokens: cap, lastMs: now };
+    const elapsed = Math.max(0, now - s.lastMs) / 1000;
+    const tokens = Math.min(cap, s.tokens + elapsed * rate);
+    if (tokens >= 1)
+        return { allowed: true, state: { tokens: tokens - 1, lastMs: now }, waitMs: 0 };
+    return { allowed: false, state: { tokens, lastMs: now }, waitMs: Math.ceil(((1 - tokens) / rate) * 1000) };
+}
+// ── DISTILL — raw content → dense, fact-shaped statements (deterministic) ──
+/** Pull fact-shaped statements from raw text: sentences carrying a concrete
+ *  signal (a number, a Proper-Noun pair, a code token, or a fact keyword).
+ *  Deduped, capped, deterministic. Total. */
+export function distill(content, maxFacts = 50) {
+    try {
+        const text = typeof content === "string" ? content : "";
+        const chunks = text.split(/(?<=[.!?])\s+|\n+/).map((s) => s.replace(/\s+/g, " ").trim());
+        const seen = new Set();
+        const out = [];
+        for (const s of chunks) {
+            if (s.length < 12 || s.length > 400)
+                continue;
+            const signal = /\d/.test(s) || /[A-Z][a-z]+ [A-Z][a-z]+/.test(s) || /[\w-]+[:=(){}/][\w-]/.test(s) || /\b(is|are|was|were|has|have|equals|returns|requires|supports|released|version|rate|ratio|percent)\b/i.test(s);
+            if (!signal)
+                continue;
+            const norm = s.toLowerCase().replace(/[^a-z0-9]+/g, " ").trim();
+            if (seen.has(norm))
+                continue;
+            seen.add(norm);
+            out.push(s);
+            if (out.length >= Math.max(1, maxFacts))
+                break;
+        }
+        return out;
+    }
+    catch {
+        return [];
+    }
+}
+/** Distill a fetched source into signed provenance-facts (ready for the
+ *  cortex). Total. `at` = issue timestamp (deterministic). */
+export function ingestSource(repoRoot, src, at, maxFacts = 50) {
+    try {
+        const url = typeof src?.url === "string" ? src.url.slice(0, 2000) : "";
+        const content = typeof src?.content === "string" ? src.content : "";
+        const fetchedAt = Number.isFinite(src?.fetchedAt) ? src.fetchedAt : at;
+        const contentHash = sha256(content);
+        const facts = distill(content, maxFacts).map((statement) => {
+            const statementHash = sha256(statement);
+            const receipt = issueReceipt(repoRoot, {
+                kind: "memory-capsule",
+                subject: `archaeology:${contentHash.slice(0, 16)}`,
+                payload: { statementHash, statement, sourceUrl: url, contentHash, fetchedAt },
+                includePayload: true,
+                issuedAt: at,
+            });
+            return { statement, key: "ingest." + statementHash.slice(0, 24), sourceUrl: url, contentHash, fetchedAt, receipt };
+        });
+        return { facts, contentHash, distilled: facts.length };
+    }
+    catch {
+        return { facts: [], contentHash: "", distilled: 0 };
+    }
+}
+/** Verify a fact's provenance OFFLINE: signature valid AND the receipt binds
+ *  this exact statement + source + content hash. Catches a forged source. Total. */
+export function verifyProvenance(fact) {
+    try {
+        if (!fact || !fact.receipt)
+            return { valid: false, bound: false, sourceUrl: null, reason: "no fact/receipt" };
+        const v = verifyReceipt(fact.receipt);
+        if (!v.valid)
+            return { valid: false, bound: false, sourceUrl: null, reason: v.reason ?? "bad signature" };
+        const p = fact.receipt.payload;
+        const bound = !!p
+            && p.statementHash === sha256(fact.statement)
+            && p.statement === fact.statement && p.sourceUrl === fact.sourceUrl
+            && p.contentHash === fact.contentHash && p.fetchedAt === fact.fetchedAt;
+        return { valid: true, bound, sourceUrl: bound ? fact.sourceUrl : null, reason: bound ? "provenance verified: statement signed from this source" : "signature valid but fact does not match receipt (forged source/statement)" };
+    }
+    catch (e) {
+        return { valid: false, bound: false, sourceUrl: null, reason: `threw: ${e.message}` };
+    }
+}
+/** Prove the archaeology engine. Total + deterministic. */
+export function archaeologyGauntlet(repoRoot, at) {
+    try {
+        const rules = parseRobots("User-agent: *\nDisallow: /private\nAllow: /private/ok\nCrawl-delay: 2", "mneme");
+        const robotsRespected = isPathAllowed(rules, "/public/x") === true && isPathAllowed(rules, "/private/secret") === false && isPathAllowed(rules, "/private/ok/page") === true;
+        const r1 = rateAcquire(null, 2, 1, 1000);
+        const r2 = rateAcquire(r1.state, 2, 1, 1000);
+        const r3 = rateAcquire(r2.state, 2, 1, 1000);
+        const rateLimits = r1.allowed && r2.allowed && !r3.allowed && r3.waitMs > 0;
+        const content = "The render error rate is 3.2 percent. Mneme Cortex signs every fact. Random filler word here. Version 2.107 ships ingest.";
+        const ing = ingestSource(repoRoot, { url: "https://example.org/stats", content, fetchedAt: at }, at);
+        const distills = ing.distilled >= 2;
+        const signedProvenance = ing.facts.length > 0 && verifyProvenance(ing.facts[0]).bound;
+        const forged = JSON.parse(JSON.stringify(ing.facts[0]));
+        forged.sourceUrl = "https://evil.example";
+        const forgeryCaught = verifyProvenance(forged).bound === false;
+        let stable = true;
+        try {
+            parseRobots(null);
+            isPathAllowed(null, null);
+            distill(null);
+            ingestSource(repoRoot, null, at);
+            verifyProvenance(null);
+            rateAcquire(null, 0, 0, NaN);
+        }
+        catch {
+            stable = false;
+        }
+        const perfect = robotsRespected && rateLimits && distills && signedProvenance && forgeryCaught && stable;
+        return { robotsRespected, rateLimits, distills, signedProvenance, forgeryCaught, stable, score: perfect ? 100 : 0 };
+    }
+    catch {
+        return { robotsRespected: false, rateLimits: false, distills: false, signedProvenance: false, forgeryCaught: false, stable: false, score: 0 };
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/archaeology/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/archaeology/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,aAAa,EAAsB,MAAM,sBAAsB,CAAC;AAEvF,SAAS,MAAM,CAAC,CAAS,IAAY,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAMhI,8EAA8E;AAC9E,MAAM,UAAU,WAAW,CAAC,SAAiB,EAAE,SAAS,GAAG,GAAG;IAC5D,MAAM,GAAG,GAAgB,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IAC1E,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9E,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACxC,IAAI,MAAM,GAAG,KAAK,CAAC;QAAC,IAAI,SAAS,GAAuB,IAAI,CAAC;QAAC,IAAI,GAAG,GAAgB,GAAG,CAAC;QACzF,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAClD,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC;YAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC;YAC5D,IAAI,KAAK,KAAK,YAAY,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;gBAC7B,MAAM,GAAG,EAAE,KAAK,OAAO,CAAC;gBACxB,IAAI,MAAM;oBAAE,GAAG,GAAG,GAAG,CAAC;qBACjB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;oBAAC,SAAS,GAAG,SAAS,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;oBAAC,GAAG,GAAG,SAAS,CAAC;gBAAC,CAAC;;oBAC/G,GAAG,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;YAC9D,CAAC;iBAAM,IAAI,KAAK,KAAK,UAAU,IAAI,GAAG;gBAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAC1D,IAAI,KAAK,KAAK,OAAO,IAAI,GAAG;gBAAE,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;iBAClD,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;gBAAC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;gBAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAAE,GAAG,CAAC,aAAa,GAAG,CAAC,CAAC;YAAC,CAAC;QACjH,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QACrH,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,IAAI,SAAS,EAAE,aAAa,IAAI,IAAI;YAAE,GAAG,CAAC,aAAa,GAAG,SAAS,CAAC,aAAa,CAAC;QAChH,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,GAAG,CAAC;IAAC,CAAC;AACzB,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,aAAa,CAAC,KAAkB,EAAE,IAAY;IAC5D,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAChD,MAAM,CAAC,GAAG,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QAC5G,IAAI,IAAI,GAA2C,IAAI,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ;YAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;gBAAE,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG;oBAAE,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QAC/H,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAAE,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;gBAAE,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG;oBAAE,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACpI,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;AAC1B,CAAC;AAKD,kFAAkF;AAClF,MAAM,UAAU,WAAW,CAAC,KAAuB,EAAE,QAAgB,EAAE,YAAoB,EAAE,KAAa;IACxG,MAAM,GAAG,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAc,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;IACnG,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC;IACxD,IAAI,MAAM,IAAI,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACjG,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;AAC7G,CAAC;AAED,8EAA8E;AAE9E;;6CAE6C;AAC7C,MAAM,UAAU,OAAO,CAAC,OAAe,EAAE,QAAQ,GAAG,EAAE;IACpD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACzF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG;gBAAE,SAAS;YAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,sGAAsG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACrN,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,MAAM,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAChE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YAC7B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACf,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACZ,IAAI,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC;gBAAE,MAAM;QACjD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;AACxB,CAAC;AAkBD;8DAC8D;AAC9D,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,GAAc,EAAE,EAAU,EAAE,QAAQ,GAAG,EAAE;IACtF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO,GAAG,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,OAAO,GAAG,OAAO,GAAG,EAAE,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,KAAK,GAAqB,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;YAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE;gBACrC,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,eAAe,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;gBAClD,OAAO,EAAE,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE;gBAC7E,cAAc,EAAE,IAAI;gBACpB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;YACH,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;QACrH,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;IAAC,CAAC;AAClE,CAAC;AAID;oFACoF;AACpF,MAAM,UAAU,gBAAgB,CAAC,IAAoB;IACnD,IAAI,CAAC;QACH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QAC9G,MAAM,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,CAAC,CAAC,KAAK;YAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;QAC1G,MAAM,CAAC,GAAI,IAAI,CAAC,OAAiD,CAAC,OAAO,CAAC;QAC1E,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC;eACZ,CAAC,CAAC,aAAa,KAAK,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;eAC1C,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS;eAChE,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC;QAC1E,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,wDAAwD,CAAC,CAAC,CAAC,2EAA2E,EAAE,CAAC;IAClO,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAW,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;IAAC,CAAC;AACnH,CAAC;AAYD,2DAA2D;AAC3D,MAAM,UAAU,mBAAmB,CAAC,QAAgB,EAAE,EAAU;IAC9D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,WAAW,CAAC,uEAAuE,EAAE,OAAO,CAAC,CAAC;QAC5G,MAAM,eAAe,GAAG,aAAa,CAAC,KAAK,EAAE,WAAW,CAAC,KAAK,IAAI,IAAI,aAAa,CAAC,KAAK,EAAE,iBAAiB,CAAC,KAAK,KAAK,IAAI,aAAa,CAAC,KAAK,EAAE,kBAAkB,CAAC,KAAK,IAAI,CAAC;QAC7K,MAAM,EAAE,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;QAAC,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;QAAC,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;QACrI,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,2HAA2H,CAAC;QAC5I,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,2BAA2B,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACrG,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC;QACpC,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,KAAK,CAAC;QACvF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC;QAAC,MAAM,CAAC,SAAS,GAAG,sBAAsB,CAAC;QACpG,MAAM,aAAa,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC;QAC/D,IAAI,MAAM,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC;YAAC,WAAW,CAAC,IAAa,CAAC,CAAC;YAAC,aAAa,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC;YAAC,OAAO,CAAC,IAAa,CAAC,CAAC;YAAC,YAAY,CAAC,QAAQ,EAAE,IAAa,EAAE,EAAE,CAAC,CAAC;YAAC,gBAAgB,CAAC,IAAa,CAAC,CAAC;YAAC,WAAW,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,MAAM,GAAG,KAAK,CAAC;QAAC,CAAC;QAC5O,MAAM,OAAO,GAAG,eAAe,IAAI,UAAU,IAAI,QAAQ,IAAI,gBAAgB,IAAI,aAAa,IAAI,MAAM,CAAC;QACzG,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,QAAQ,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACtH,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAAC,CAAC;AAC5J,CAAC"}

package/dist/entropy/entropy.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=entropy.test.d.ts.map

package/dist/entropy/entropy.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy.test.d.ts","sourceRoot":"","sources":["../../src/entropy/entropy.test.ts"],"names":[],"mappings":""}

package/dist/entropy/entropy.test.js

@@ -0,0 +1,73 @@
+import { describe, it, expect } from "vitest";
+import { randomBytes } from "node:crypto";
+import { mixEntropy, healthCheck, generateSecret, verifySecretAttestation, entropyGauntlet } from "./index.js";
+const R = process.cwd();
+const A = { id: "a", data: "0123456789abcdef".repeat(8), encoding: "hex" };
+const B = { id: "b", data: "fedcba9876543210".repeat(8), encoding: "hex" };
+describe("v2.108 MNEME ENTROPY — audited multi-source entropy & secrets", () => {
+    it("mix is deterministic given the same sources, diverges on different sources", () => {
+        expect(mixEntropy([A, B], 32).toString("hex")).toBe(mixEntropy([A, B], 32).toString("hex"));
+        expect(mixEntropy([A, B], 32).toString("hex")).not.toBe(mixEntropy([A, { id: "b", data: "00".repeat(64), encoding: "hex" }], 32).toString("hex"));
+    });
+    it("DEFENSE IN DEPTH — a stuck (all-zero) source can't weaken the mix", () => {
+        const stuck = { id: "stuck", data: Buffer.alloc(64, 0) };
+        const out = mixEntropy([stuck, A, B], 256);
+        expect(healthCheck(out).passed).toBe(true); // still strong because A,B carry entropy
+        // and removing the stuck source changes nothing it contributed (it had none) — output differs only by the source set
+        expect(out.length).toBe(256);
+    });
+    it("health check FLAGS a stuck source + PASSES real OS randomness", () => {
+        expect(healthCheck(Buffer.alloc(512, 0)).passed).toBe(false); // all zeros
+        expect(healthCheck(Buffer.alloc(512, 0xff)).passed).toBe(false); // all ones
+        expect(healthCheck(randomBytes(512)).passed).toBe(true); // CSPRNG
+    });
+    it("min-entropy estimate is high for random, 0 for a constant (conservative estimator)", () => {
+        expect(healthCheck(randomBytes(4096)).minEntropyBitsPerByte).toBeGreaterThan(5); // estimator under-counts but stays high
+        expect(healthCheck(Buffer.alloc(256, 7)).minEntropyBitsPerByte).toBe(0);
+    });
+    it("generateSecret signs a provenance attestation that binds the secret — without containing it", () => {
+        const sec = generateSecret(R, [A, B, { id: "os", data: randomBytes(32) }], 32, 1700000000000);
+        expect(sec.secretHex).toHaveLength(64);
+        expect(sec.sourceIds).toEqual(["a", "b", "os"]);
+        // the attestation payload must NOT contain the secret, only its hash
+        expect(JSON.stringify(sec.attestation)).not.toContain(sec.secretHex);
+        expect(verifySecretAttestation(sec.attestation, sec.secretHex).bound).toBe(true);
+        expect(verifySecretAttestation(sec.attestation, "ab".repeat(32)).bound).toBe(false); // wrong secret caught
+    });
+    it("entropy gauntlet scores 100", () => {
+        const g = entropyGauntlet(R, 1700000000000);
+        expect(g.mixDeterministic).toBe(true);
+        expect(g.mixDiverges).toBe(true);
+        expect(g.defenseInDepth).toBe(true);
+        expect(g.healthDetectsStuck).toBe(true);
+        expect(g.attestationBinds).toBe(true);
+        expect(g.score).toBe(100);
+    });
+    it("REFUSES no-entropy input (v2.108 review): empty sources → usableEntropy false, no valid secret", () => {
+        const r = generateSecret(R, [], 32, 1700000000000);
+        expect(r.usableEntropy).toBe(false);
+        expect(r.secretHex).toBe("");
+        expect(r.outputHealth.passed).toBe(false);
+        // and its (refused) attestation must not bind anything
+        expect(verifySecretAttestation(r.attestation, "ab".repeat(32)).bound).toBe(false);
+    });
+    it("adaptive monobit tolerance REJECTS a biased small sample (v2.108 review)", () => {
+        const biased = Buffer.concat([Buffer.alloc(48, 0x00), Buffer.alloc(16, 0xff)]); // 64 bytes, monobit 0.25
+        expect(healthCheck(biased).passed).toBe(false);
+        // real randomness of the same size still passes
+        expect(healthCheck(randomBytes(64)).passed).toBe(true);
+    });
+    it("verify rejects an undefined / empty secret explicitly (v2.108 review)", () => {
+        const sec = generateSecret(R, [A, B], 32, 1700000000000);
+        expect(verifySecretAttestation(sec.attestation, undefined).bound).toBe(false);
+        expect(verifySecretAttestation(sec.attestation, "").bound).toBe(false);
+    });
+    it("STABILITY — total on garbage", () => {
+        expect(() => mixEntropy(null)).not.toThrow();
+        expect(mixEntropy(null).length).toBeGreaterThanOrEqual(0);
+        expect(healthCheck(null).passed).toBe(false);
+        expect(() => generateSecret(R, null, 0, 0)).not.toThrow();
+        expect(verifySecretAttestation(null, null).bound).toBe(false);
+    });
+});
+//# sourceMappingURL=entropy.test.js.map

package/dist/entropy/entropy.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy.test.js","sourceRoot":"","sources":["../../src/entropy/entropy.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,uBAAuB,EAAE,eAAe,EAAsB,MAAM,YAAY,CAAC;AAEnI,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AACxB,MAAM,CAAC,GAAkB,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAC1F,MAAM,CAAC,GAAkB,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;AAE1F,QAAQ,CAAC,+DAA+D,EAAE,GAAG,EAAE;IAC7E,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5F,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IACpJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,KAAK,GAAkB,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;QACxE,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC3C,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAG,yCAAyC;QACvF,qHAAqH;QACrH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAK,YAAY;QAC9E,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,WAAW;QAC7E,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAU,SAAS;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oFAAoF,EAAE,GAAG,EAAE;QAC5F,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAG,wCAAwC;QAC3H,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6FAA6F,EAAE,GAAG,EAAE;QACrG,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;QAC9F,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAChD,qEAAqE;QACrE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,CAAC,uBAAuB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjF,MAAM,CAAC,uBAAuB,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAG,sBAAsB;IAC/G,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QAC5C,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gGAAgG,EAAE,GAAG,EAAE;QACxG,MAAM,CAAC,GAAG,cAAc,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;QACnD,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7B,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,uDAAuD;QACvD,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAG,yBAAyB;QAC3G,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,gDAAgD;QAChD,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;QACzD,MAAM,CAAC,uBAAuB,CAAC,GAAG,CAAC,WAAW,EAAE,SAAkB,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvF,MAAM,CAAC,uBAAuB,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,IAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACtD,MAAM,CAAC,UAAU,CAAC,IAAa,CAAC,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;QACnE,MAAM,CAAC,WAAW,CAAC,IAAa,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,IAAa,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACnE,MAAM,CAAC,uBAAuB,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/entropy/index.d.ts

@@ -0,0 +1,104 @@
+/**
+ * v2.108.0 — MNEME ENTROPY (Audited Multi-Source Entropy & Secrets).
+ *
+ * The honest, world-class-crypto-engineering core of the "True Entropy
+ * Security" idea — WITHOUT the ocean-wave / quantum-vacuum mysticism.
+ *
+ * What it really does (and what it does NOT claim):
+ *   - It MIXES every entropy source you actually have — the OS CSPRNG, timing
+ *     jitter, any physical/external sample you feed it (a public randomness
+ *     beacon, a sensor reading) — through a standard cryptographic extractor
+ *     (HKDF / HMAC-SHA-512). This is DEFENSE IN DEPTH: the output is strong if
+ *     *any one* source has entropy, so a single backdoored/degraded source
+ *     can't weaken your key.
+ *   - It HEALTH-CHECKS sources (NIST-style monobit / runs / byte-uniformity)
+ *     and estimates min-entropy, so a stuck source is FLAGGED, not trusted.
+ *   - It SIGNS a provenance attestation (which sources, their health, the
+ *     min-entropy estimate, the secret's hash) so you can PROVE how a secret
+ *     was derived — WITHOUT revealing the secret (only its hash is signed).
+ *
+ * It does NOT claim to be "unhackable by quantum computers" — `crypto`'s
+ * CSPRNG is already secure; the value here is resilience + AUDITABILITY +
+ * fail-safe health checks, the things real key-management gets wrong.
+ *
+ * Pure + total (108-error rule): deterministic given its inputs, never throws.
+ */
+import { type NotaryReceipt } from "../notary/receipt.js";
+export interface EntropySource {
+    id: string;
+    /** raw entropy bytes (hex/base64/utf8 string or a Buffer). */
+    data: string | Buffer;
+    /** optional encoding of a string `data` (default utf8; "hex"/"base64"). */
+    encoding?: "hex" | "base64" | "utf8";
+}
+/**
+ * HKDF-style extractor over ALL sources (RFC-5869 shape). Each source is
+ * domain-separated by its id so a duplicate buffer can't cancel itself out.
+ * Extract = HMAC(salt, IKM); Expand = HMAC-chain to `outBytes`. Defense in
+ * depth: the result is uniform if any single source carries entropy. Total.
+ */
+export declare function mixEntropy(sources: EntropySource[], outBytes?: number): Buffer;
+export interface HealthReport {
+    /** fraction of 1-bits (ideal 0.5). */
+    monobit: number;
+    /** number of runs of consecutive equal bits. */
+    runs: number;
+    /** byte-frequency chi-square (lower ≈ more uniform; ideal ~255). */
+    chiSquare: number;
+    /** estimated min-entropy in bits/byte (0..8). */
+    minEntropyBitsPerByte: number;
+    /** true iff the sample passes the basic randomness checks. */
+    passed: boolean;
+}
+/**
+ * NIST-style health check (monobit + runs + byte-uniformity) + a min-entropy
+ * ESTIMATE (from the most-frequent byte). Detects a stuck/degraded source.
+ * For very short samples the thresholds are loosened. Total. */
+export declare function healthCheck(bytes: Buffer | string): HealthReport;
+export interface SecretResult {
+    /** the generated secret, hex-encoded. */
+    secretHex: string;
+    /** false when NO source carried any bytes — the "secret" would be a fixed
+     *  function of the empty input, so it is refused (empty + health failed). */
+    usableEntropy: boolean;
+    sourceIds: string[];
+    /** per-source health (a stuck source is flagged but still mixed in). */
+    sourceHealth: Array<{
+        id: string;
+        passed: boolean;
+        minEntropyBitsPerByte: number;
+    }>;
+    /** health of the FINAL mixed output. */
+    outputHealth: HealthReport;
+    /** signed provenance: proves the derivation WITHOUT revealing the secret. */
+    attestation: NotaryReceipt;
+}
+/**
+ * Generate a secret of `outBytes` from the given sources, with a SIGNED
+ * provenance attestation over (sourceIds, health, sha256(secret)). Total.
+ * `at` is the issue timestamp (deterministic). The OS CSPRNG source should be
+ * supplied by the caller (CLI/MCP) so this core stays pure.
+ */
+export declare function generateSecret(repoRoot: string, sources: EntropySource[], outBytes: number, at: number): SecretResult;
+export interface SecretVerify {
+    valid: boolean;
+    bound: boolean;
+    reason: string;
+}
+/** Verify a secret's provenance OFFLINE: the attestation signature is valid
+ *  AND sha256(secret) matches the signed outputHash — proving this exact
+ *  secret was derived from the attested sources, without the attestation ever
+ *  containing the secret. Total. */
+export declare function verifySecretAttestation(attestation: NotaryReceipt, secretHex: string): SecretVerify;
+export interface EntropyGauntlet {
+    mixDeterministic: boolean;
+    mixDiverges: boolean;
+    defenseInDepth: boolean;
+    healthDetectsStuck: boolean;
+    attestationBinds: boolean;
+    stable: boolean;
+    score: number;
+}
+/** Prove the entropy engine. Total + deterministic. */
+export declare function entropyGauntlet(repoRoot: string, at: number): EntropyGauntlet;
+//# sourceMappingURL=index.d.ts.map

package/dist/entropy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/entropy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,OAAO,EAA+B,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEvF,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,8DAA8D;IAC9D,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;CACtC;AAUD;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,aAAa,EAAE,EAAE,QAAQ,SAAK,GAAG,MAAM,CAuB1E;AAED,MAAM,WAAW,YAAY;IAC3B,sCAAsC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,IAAI,EAAE,MAAM,CAAC;IACb,oEAAoE;IACpE,SAAS,EAAE,MAAM,CAAC;IAClB,iDAAiD;IACjD,qBAAqB,EAAE,MAAM,CAAC;IAC9B,8DAA8D;IAC9D,MAAM,EAAE,OAAO,CAAC;CACjB;AAED;;;gEAGgE;AAChE,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,YAAY,CAsChE;AAED,MAAM,WAAW,YAAY;IAC3B,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB;iFAC6E;IAC7E,aAAa,EAAE,OAAO,CAAC;IACvB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,wEAAwE;IACxE,YAAY,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAC;QAAC,qBAAqB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpF,wCAAwC;IACxC,YAAY,EAAE,YAAY,CAAC;IAC3B,6EAA6E;IAC7E,WAAW,EAAE,aAAa,CAAC;CAC5B;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,YAAY,CAkCrH;AAED,MAAM,WAAW,YAAY;IAAG,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE;AAEhF;;;oCAGoC;AACpC,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,GAAG,YAAY,CAgBnG;AAED,MAAM,WAAW,eAAe;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,uDAAuD;AACvD,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,eAAe,CAsB7E"}