@mneme-ai/core 2.70.0 → 2.72.0

package/dist/protoplasm/super_quan/homograph_guard.js

@@ -0,0 +1,210 @@
+/**
+ * 🛡 HOMOGRAPH GUARD — Unicode normalization + confusable detection
+ *
+ * Closes the v2.70 vuln: "٢.70.0" (Arabic-Indic digit) passed as MIXED
+ * instead of REFUTED → attacker bypassed version check by spelling the
+ * digit in a non-ASCII script.
+ *
+ * Solution stacks 4 lenses:
+ *   1. NFKC normalize     → canonicalizes compatibility forms
+ *   2. Digit transliterate → maps all Unicode digits → ASCII 0-9
+ *   3. Confusable scan     → flags homoglyph attempts (UTS #39 subset)
+ *   4. Pipeline annotation → caller knows input was canonicalized
+ *
+ * API:
+ *   canonicalize(input) → { canonical, original, flags, transformations }
+ *
+ * Output flags drive verdict:
+ *   "homograph_detected"    → version claim has non-ASCII digits
+ *   "mixed_script"          → claim mixes script families (suspicious)
+ *   "rtl_override"          → contains BIDI override (U+202E)
+ *   "control_char_injected" → contains null / BEL / BS / etc.
+ *   "zwsp_injected"         → zero-width space / joiner
+ *
+ * No external Unicode tables — uses Node's built-in normalize() + a
+ * small curated confusable map.
+ */
+/** Per UTS #39 — common confusables. Extend over time. */
+const CONFUSABLE_MAP = {
+    // Cyrillic → Latin (most common attack vector)
+    "а": "a", "е": "e", "о": "o", "р": "p", "с": "c", "у": "y", "х": "x",
+    "А": "A", "В": "B", "Е": "E", "К": "K", "М": "M", "Н": "H", "О": "O",
+    "Р": "P", "С": "C", "Т": "T", "У": "Y", "Х": "X",
+    // Greek → Latin
+    "α": "a", "β": "b", "ο": "o", "ρ": "p", "ν": "v", "Α": "A", "Β": "B",
+    // Cherokee letter A (very deceptive)
+    "Ꭺ": "A",
+    // Math alphanumerics
+    "𝟎": "0", "𝟏": "1", "𝟐": "2", "𝟑": "3", "𝟒": "4",
+    "𝟓": "5", "𝟔": "6", "𝟕": "7", "𝟖": "8", "𝟗": "9",
+};
+/** Map ALL Unicode digit code points to ASCII via Unicode digit value. */
+function transliterateDigits(s) {
+    let changed = 0;
+    const out = Array.from(s, (ch) => {
+        const cp = ch.codePointAt(0);
+        // Latin ASCII already
+        if (cp >= 0x30 && cp <= 0x39)
+            return ch;
+        // Arabic-Indic 0660-0669
+        if (cp >= 0x0660 && cp <= 0x0669) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x0660));
+        }
+        // Extended Arabic-Indic 06F0-06F9
+        if (cp >= 0x06F0 && cp <= 0x06F9) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x06F0));
+        }
+        // Bengali 09E6-09EF
+        if (cp >= 0x09E6 && cp <= 0x09EF) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x09E6));
+        }
+        // Devanagari 0966-096F
+        if (cp >= 0x0966 && cp <= 0x096F) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x0966));
+        }
+        // Thai 0E50-0E59
+        if (cp >= 0x0E50 && cp <= 0x0E59) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x0E50));
+        }
+        // Lao 0ED0-0ED9
+        if (cp >= 0x0ED0 && cp <= 0x0ED9) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x0ED0));
+        }
+        // Burmese 1040-1049
+        if (cp >= 0x1040 && cp <= 0x1049) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x1040));
+        }
+        // Khmer 17E0-17E9
+        if (cp >= 0x17E0 && cp <= 0x17E9) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0x17E0));
+        }
+        // Fullwidth FF10-FF19
+        if (cp >= 0xFF10 && cp <= 0xFF19) {
+            changed++;
+            return String.fromCharCode(0x30 + (cp - 0xFF10));
+        }
+        // Mathematical bold/italic digits 1D7CE-1D7FF
+        if (cp >= 0x1D7CE && cp <= 0x1D7FF) {
+            changed++;
+            return String.fromCharCode(0x30 + ((cp - 0x1D7CE) % 10));
+        }
+        return ch;
+    }).join("");
+    return { out, changedCount: changed };
+}
+function detectScripts(s) {
+    const scripts = new Set();
+    for (const ch of s) {
+        const cp = ch.codePointAt(0);
+        if (cp >= 0x0041 && cp <= 0x024F)
+            scripts.add("Latin");
+        else if (cp >= 0x0400 && cp <= 0x04FF)
+            scripts.add("Cyrillic");
+        else if (cp >= 0x0370 && cp <= 0x03FF)
+            scripts.add("Greek");
+        else if (cp >= 0x0590 && cp <= 0x05FF)
+            scripts.add("Hebrew");
+        else if (cp >= 0x0600 && cp <= 0x06FF)
+            scripts.add("Arabic");
+        else if (cp >= 0x0E00 && cp <= 0x0E7F)
+            scripts.add("Thai");
+        else if (cp >= 0x0900 && cp <= 0x097F)
+            scripts.add("Devanagari");
+        else if (cp >= 0x4E00 && cp <= 0x9FFF)
+            scripts.add("CJK");
+    }
+    return scripts;
+}
+const RTL_OVERRIDE_RE = /[‪-‮⁦-⁩]/g;
+const ZWSP_RE = /[​-‍]/g;
+const CONTROL_RE = /[\x00-\x08\x0B-\x0C\x0E-\x1F]/g;
+const NON_ASCII_DIGIT_RE = /[٠-٩۰-۹߀-߉०-९০-৯੦-੯૦-૯୦-୯௦-௯౦-౯೦-೯൦-൯෦-෯๐-๙໐-໙༠-༩၀-၉႐-႙០-៩᠐-᠙᥆-᥏᧐-᧙᪀-᪉᪐-᪙᭐-᭙᮰-᮹᱀-᱉᱐-᱙꘠-꘩꣐-꣙꤀-꤉꧐-꧙꧰-꧹꩐-꩙꯰-꯹０-９]/g;
+export function canonicalize(input) {
+    const flags = [];
+    const transformations = [];
+    let working = input;
+    // Pre-detect: did the input contain ANY non-ASCII Unicode digit?
+    // (Catches fullwidth ２ which NFKC normalizes BEFORE our transliterator runs.)
+    const preNonAsciiDigitMatches = input.match(NON_ASCII_DIGIT_RE);
+    const preNonAsciiDigitCount = preNonAsciiDigitMatches ? preNonAsciiDigitMatches.length : 0;
+    // Stage 0: detect control chars BEFORE stripping (alert + strip)
+    if (CONTROL_RE.test(working)) {
+        flags.push("control_char_injected");
+        working = working.replace(CONTROL_RE, "");
+        transformations.push("stripped control chars (0x00-0x1F except tab/LF/CR)");
+    }
+    if (RTL_OVERRIDE_RE.test(working)) {
+        flags.push("rtl_override");
+        working = working.replace(RTL_OVERRIDE_RE, "");
+        transformations.push("stripped BIDI override (U+202A-202E + 2066-2069)");
+    }
+    if (ZWSP_RE.test(working)) {
+        flags.push("zwsp_injected");
+        working = working.replace(ZWSP_RE, "");
+        transformations.push("stripped zero-width chars (U+200B-200D + FEFF)");
+    }
+    // Stage 1: NFKC — canonicalize compatibility forms
+    const beforeNfkc = working;
+    working = working.normalize("NFKC");
+    if (beforeNfkc !== working) {
+        transformations.push("NFKC normalize");
+    }
+    // Stage 2: Digit transliteration (Arabic-Indic / Bengali / Thai / fullwidth / math)
+    const dt = transliterateDigits(working);
+    working = dt.out;
+    // Count: explicit transliteration + NFKC-induced non-ASCII digit changes
+    const totalDigitsChanged = dt.changedCount + Math.max(0, preNonAsciiDigitCount - dt.changedCount);
+    if (totalDigitsChanged > 0) {
+        flags.push("homograph_detected");
+        transformations.push(`transliterated ${totalDigitsChanged} non-Latin digit(s) to ASCII (NFKC + direct map)`);
+    }
+    // Stage 3: Confusable letter replacement
+    let confusables = 0;
+    working = Array.from(working, (ch) => {
+        if (CONFUSABLE_MAP[ch] !== undefined) {
+            confusables++;
+            return CONFUSABLE_MAP[ch];
+        }
+        return ch;
+    }).join("");
+    if (confusables > 0) {
+        flags.push("homograph_detected");
+        transformations.push(`replaced ${confusables} confusable letter(s) with ASCII equivalent`);
+    }
+    // Stage 4: mixed-script detection (only flag if NOT already Latin-only after canonicalization)
+    const scripts = detectScripts(working);
+    if (scripts.size > 1 && scripts.has("Latin")) {
+        flags.push("mixed_script");
+        transformations.push(`mixed scripts detected: ${[...scripts].join("+")}`);
+    }
+    return {
+        original: input,
+        canonical: working,
+        flags: [...new Set(flags)],
+        transformations,
+        confusablesReplaced: confusables,
+        digitsTransliterated: totalDigitsChanged,
+    };
+}
+/**
+ * Convenience: given a claim, return whether it's safe to verify as-is
+ * or needs caller to re-verify on the canonical form.
+ *
+ * Caller should:
+ *   const c = canonicalize(input);
+ *   if (c.flags.includes("homograph_detected")) {
+ *     // verify on c.canonical instead — annotate verdict with c.flags
+ *   }
+ */
+export function shouldReVerify(result) {
+    return result.flags.length > 0 && result.original !== result.canonical;
+}
+//# sourceMappingURL=homograph_guard.js.map

package/dist/protoplasm/super_quan/homograph_guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"homograph_guard.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/homograph_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,0DAA0D;AAC1D,MAAM,cAAc,GAA2B;IAC7C,+CAA+C;IAC/C,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IACpE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IACpE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAChD,gBAAgB;IAChB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IACpE,qCAAqC;IACrC,GAAG,EAAE,GAAG;IACR,qBAAqB;IACrB,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IACrD,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;CACtD,CAAC;AAEF,0EAA0E;AAC1E,SAAS,mBAAmB,CAAC,CAAS;IACpC,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE;QAC/B,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAC9B,sBAAsB;QACtB,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI;YAAE,OAAO,EAAE,CAAC;QACxC,yBAAyB;QACzB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,kCAAkC;QAClC,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,oBAAoB;QACpB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,uBAAuB;QACvB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,iBAAiB;QACjB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,gBAAgB;QAChB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,oBAAoB;QACpB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,kBAAkB;QAClB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,sBAAsB;QACtB,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;QAAC,CAAC;QAClG,8CAA8C;QAC9C,IAAI,EAAE,IAAI,OAAO,IAAI,EAAE,IAAI,OAAO,EAAE,CAAC;YAAC,OAAO,EAAE,CAAC;YAAC,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAAC,CAAC;QAC5G,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,OAAO,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,EAAE,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAC9B,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aAClD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;aAC1D,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aACvD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;aACxD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;aACxD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;aACtD,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;aAC5D,IAAI,EAAE,IAAI,MAAM,IAAI,EAAE,IAAI,MAAM;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,eAAe,GAAG,WAAW,CAAC;AACpC,MAAM,OAAO,GAAG,SAAS,CAAC;AAC1B,MAAM,UAAU,GAAG,gCAAgC,CAAC;AACpD,MAAM,kBAAkB,GAAG,iHAAiH,CAAC;AAW7I,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,iEAAiE;IACjE,8EAA8E;IAC9E,MAAM,uBAAuB,GAAG,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAChE,MAAM,qBAAqB,GAAG,uBAAuB,CAAC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3F,iEAAiE;IACjE,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC1C,eAAe,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAC/C,eAAe,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5B,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACvC,eAAe,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;IACzE,CAAC;IAED,mDAAmD;IACnD,MAAM,UAAU,GAAG,OAAO,CAAC;IAC3B,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAED,oFAAoF;IACpF,MAAM,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACxC,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC;IACjB,yEAAyE;IACzE,MAAM,kBAAkB,GAAG,EAAE,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,qBAAqB,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC;IAClG,IAAI,kBAAkB,GAAG,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,kBAAkB,kBAAkB,kDAAkD,CAAC,CAAC;IAC/G,CAAC;IAED,yCAAyC;IACzC,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE;QACnC,IAAI,cAAc,CAAC,EAAE,CAAC,KAAK,SAAS,EAAE,CAAC;YAAC,WAAW,EAAE,CAAC;YAAC,OAAO,cAAc,CAAC,EAAE,CAAC,CAAC;QAAC,CAAC;QACnF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACZ,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,YAAY,WAAW,6CAA6C,CAAC,CAAC;IAC7F,CAAC;IAED,+FAA+F;IAC/F,MAAM,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,eAAe,CAAC,IAAI,CAAC,2BAA2B,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,OAAO;QAClB,KAAK,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1B,eAAe;QACf,mBAAmB,EAAE,WAAW;QAChC,oBAAoB,EAAE,kBAAkB;KACzC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,MAA0B;IACvD,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,SAAS,CAAC;AACzE,CAAC"}

package/dist/protoplasm/super_quan/index.d.ts

@@ -17,4 +17,14 @@ export { computeChshWitness, defaultScoreExtractor, instantiateProbes, probeSeed
 export type { ProbeKind, ProbeQuestion, ProbeResponse, ChshWitnessVerdict, ChshInput, } from "./chsh_witness.js";
 export { runStrs, strsBadgeUrl, STRS_PROBE_SET_V1 } from "./strs.js";
 export type { StrsProbe, StrsRunResult, StrsReport, StrsRunOptions, VerifyFn } from "./strs.js";
+export { canonicalize, shouldReVerify } from "./homograph_guard.js";
+export type { CanonicalizeResult } from "./homograph_guard.js";
+export { checkInputSize, emitEnvelope, detectInputSource } from "./input_size_guard.js";
+export type { SizeCheckResult, InputSource, CheckInputSizeOptions } from "./input_size_guard.js";
+export { runPrism, lensFakeAuthority, lensFakeCommit, lensStatisticalReality, lensMagicNumber, lensNullInformation, } from "./prism.js";
+export type { PrismResult, PrismVerdict, LensResult, FakeCommitOptions } from "./prism.js";
+export { TideGuard, DEFAULT_TIDE } from "./tide_guard.js";
+export type { TideGuardConfig, TideRequest, TideDecision } from "./tide_guard.js";
+export { Cull, DEFAULT_CULL } from "./cull.js";
+export type { CullConfig, CullHeartbeat, CullReport, CullPolicy } from "./cull.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/protoplasm/super_quan/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EACL,kBAAkB,EAAE,cAAc,EAAE,cAAc,GACnD,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,kBAAkB,EAAE,cAAc,EAAE,UAAU,GAC/C,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGnF,OAAO,EACL,kBAAkB,EAAE,qBAAqB,EAAE,iBAAiB,EAC5D,SAAS,EAAE,gBAAgB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,kBAAkB,EAAE,SAAS,GACvE,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACrE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EACL,kBAAkB,EAAE,cAAc,EAAE,cAAc,GACnD,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,kBAAkB,EAAE,cAAc,EAAE,UAAU,GAC/C,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAGnF,OAAO,EACL,kBAAkB,EAAE,qBAAqB,EAAE,iBAAiB,EAC5D,SAAS,EAAE,gBAAgB,GAC5B,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,SAAS,EAAE,aAAa,EAAE,aAAa,EAAE,kBAAkB,EAAE,SAAS,GACvE,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACrE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAGhG,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAG/D,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AACxF,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAGjG,OAAO,EACL,QAAQ,EAAE,iBAAiB,EAAE,cAAc,EAAE,sBAAsB,EACnE,eAAe,EAAE,mBAAmB,GACrC,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAG3F,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAGlF,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAC/C,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC"}

package/dist/protoplasm/super_quan/index.js

@@ -17,4 +17,14 @@ export { Negspace } from "./negspace.js";
 export { computeChshWitness, defaultScoreExtractor, instantiateProbes, probeSeed, CANONICAL_PROBES, } from "./chsh_witness.js";
 // 4. STRS
 export { runStrs, strsBadgeUrl, STRS_PROBE_SET_V1 } from "./strs.js";
+// 5. HOMOGRAPH GUARD — closes v2.70 vuln #1 (Unicode bypass)
+export { canonicalize, shouldReVerify } from "./homograph_guard.js";
+// 6. INPUT SIZE GUARD — closes v2.70 vuln #2 (silent 28K reject)
+export { checkInputSize, emitEnvelope, detectInputSource } from "./input_size_guard.js";
+// 7. PRISM — closes v2.70 vuln #3 (multi-lens scope narrow → 86% claims got 0 lenses)
+export { runPrism, lensFakeAuthority, lensFakeCommit, lensStatisticalReality, lensMagicNumber, lensNullInformation, } from "./prism.js";
+// 8. TIDE GUARD — closes v2.70 vuln #1 (rate limit removed regression)
+export { TideGuard, DEFAULT_TIDE } from "./tide_guard.js";
+// 9. CULL — closes v2.70 vuln #4 (process leak — 6 procs per session)
+export { Cull, DEFAULT_CULL } from "./cull.js";
 //# sourceMappingURL=index.js.map

package/dist/protoplasm/super_quan/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,iBAAiB;AACjB,OAAO,EACL,kBAAkB,EAAE,cAAc,EAAE,cAAc,GACnD,MAAM,kBAAkB,CAAC;AAK1B,cAAc;AACd,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,gCAAgC;AAChC,OAAO,EACL,kBAAkB,EAAE,qBAAqB,EAAE,iBAAiB,EAC5D,SAAS,EAAE,gBAAgB,GAC5B,MAAM,mBAAmB,CAAC;AAK3B,UAAU;AACV,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,iBAAiB;AACjB,OAAO,EACL,kBAAkB,EAAE,cAAc,EAAE,cAAc,GACnD,MAAM,kBAAkB,CAAC;AAK1B,cAAc;AACd,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,gCAAgC;AAChC,OAAO,EACL,kBAAkB,EAAE,qBAAqB,EAAE,iBAAiB,EAC5D,SAAS,EAAE,gBAAgB,GAC5B,MAAM,mBAAmB,CAAC;AAK3B,UAAU;AACV,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAGrE,6DAA6D;AAC7D,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGpE,iEAAiE;AACjE,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAGxF,sFAAsF;AACtF,OAAO,EACL,QAAQ,EAAE,iBAAiB,EAAE,cAAc,EAAE,sBAAsB,EACnE,eAAe,EAAE,mBAAmB,GACrC,MAAM,YAAY,CAAC;AAGpB,uEAAuE;AACvE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG1D,sEAAsE;AACtE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC"}

package/dist/protoplasm/super_quan/input_size_guard.d.ts

@@ -0,0 +1,58 @@
+/**
+ * 🛡 INPUT SIZE GUARD — fail-loud envelope + truncation receipt
+ *
+ * Closes the v2.70 vuln: 28K char input → exit 1, 0 bytes, no warning.
+ *
+ * Strategy stacks 3 lenses:
+ *   1. Fail-loud: never silent. Every reject emits JSON envelope.
+ *   2. Truncation receipt: when allowTruncate=true, accept first N + flag
+ *      "INPUT_TRUNCATED" so verdict consumer sees the caveat.
+ *   3. Auto-detect: if input came via argv and is too large, suggest stdin.
+ *
+ * Cross-platform argv limits (real-world safe values):
+ *   Windows cmd.exe   : ~8K   (legacy)
+ *   Windows powershell: ~32K  (varies)
+ *   Linux execve()    : ~128K-2M
+ *   macOS execve()    : ~256K
+ *
+ * Hard limit chosen: 24K = safely below Windows cmd while still allowing
+ * substantial claims. For larger input, pipe via stdin.
+ */
+export type InputSource = "argv" | "stdin" | "file" | "unknown";
+export interface SizeCheckResult {
+    ok: boolean;
+    inputSize: number;
+    limit: number;
+    source: InputSource;
+    truncated: boolean;
+    truncatedAt?: number;
+    receipt: string;
+    reason?: string;
+    suggestion?: string;
+    envelope: {
+        ok: boolean;
+        error?: string;
+        sizeReceived: number;
+        sizeLimit: number;
+        source: InputSource;
+        hint?: string;
+    };
+}
+export interface CheckInputSizeOptions {
+    source: InputSource;
+    allowTruncate?: boolean;
+    customLimit?: number;
+}
+export declare function checkInputSize(input: string, opts: CheckInputSizeOptions): SizeCheckResult;
+/**
+ * Emit JSON envelope to stdout. Caller in CLI should call this on EVERY
+ * exit path so the user never gets silent 0-byte exit.
+ *
+ * Returns suggested process exit code:
+ *   0 if ok
+ *   2 if input rejected (distinct from generic crash exit 1)
+ */
+export declare function emitEnvelope(result: SizeCheckResult, write?: (s: string) => void): number;
+/** Detect input source heuristically from argv/stdin state. */
+export declare function detectInputSource(): InputSource;
+//# sourceMappingURL=input_size_guard.d.ts.map

package/dist/protoplasm/super_quan/input_size_guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"input_size_guard.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/input_size_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAEhE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,OAAO,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,WAAW,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE;QACR,EAAE,EAAE,OAAO,CAAC;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,WAAW,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AASD,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,WAAW,CAAC;IACpB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAWD,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,GAAG,eAAe,CAkD1F;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,eAAe,EAAE,KAAK,GAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAqC,GAAG,MAAM,CAGzH;AAED,+DAA+D;AAC/D,wBAAgB,iBAAiB,IAAI,WAAW,CAI/C"}

package/dist/protoplasm/super_quan/input_size_guard.js

@@ -0,0 +1,102 @@
+/**
+ * 🛡 INPUT SIZE GUARD — fail-loud envelope + truncation receipt
+ *
+ * Closes the v2.70 vuln: 28K char input → exit 1, 0 bytes, no warning.
+ *
+ * Strategy stacks 3 lenses:
+ *   1. Fail-loud: never silent. Every reject emits JSON envelope.
+ *   2. Truncation receipt: when allowTruncate=true, accept first N + flag
+ *      "INPUT_TRUNCATED" so verdict consumer sees the caveat.
+ *   3. Auto-detect: if input came via argv and is too large, suggest stdin.
+ *
+ * Cross-platform argv limits (real-world safe values):
+ *   Windows cmd.exe   : ~8K   (legacy)
+ *   Windows powershell: ~32K  (varies)
+ *   Linux execve()    : ~128K-2M
+ *   macOS execve()    : ~256K
+ *
+ * Hard limit chosen: 24K = safely below Windows cmd while still allowing
+ * substantial claims. For larger input, pipe via stdin.
+ */
+const DEFAULT_LIMITS = {
+    argv: 24_000,
+    stdin: 10_000_000, // 10MB
+    file: 100_000_000, // 100MB
+    unknown: 24_000,
+};
+function makeReceipt(input, source) {
+    // Lightweight non-crypto receipt — caller can verify they sent X bytes
+    // without needing HMAC key
+    const size = input.length;
+    const head = input.slice(0, 24).replace(/\s/g, "·");
+    const tail = input.slice(-24).replace(/\s/g, "·");
+    return `[mneme-rcpt ${source}:${size}B head="${head}" tail="${tail}"]`;
+}
+export function checkInputSize(input, opts) {
+    const limit = opts.customLimit ?? DEFAULT_LIMITS[opts.source];
+    const inputSize = input.length;
+    const receipt = makeReceipt(input, opts.source);
+    if (inputSize <= limit) {
+        return {
+            ok: true, inputSize, limit, source: opts.source,
+            truncated: false, receipt,
+            envelope: { ok: true, sizeReceived: inputSize, sizeLimit: limit, source: opts.source },
+        };
+    }
+    // Over limit. Truncate or reject?
+    if (opts.allowTruncate) {
+        return {
+            ok: true, inputSize, limit, source: opts.source,
+            truncated: true, truncatedAt: limit,
+            reason: `input ${inputSize}B > limit ${limit}B; --allow-truncate accepted first ${limit}B`,
+            receipt,
+            envelope: {
+                ok: true,
+                sizeReceived: inputSize,
+                sizeLimit: limit,
+                source: opts.source,
+                hint: `Verdict computed on first ${limit}B only — re-run via stdin for full input.`,
+            },
+        };
+    }
+    // Hard reject — but LOUD. Caller MUST get JSON envelope.
+    const suggestion = opts.source === "argv"
+        ? "Input too large for command-line args. Pipe via stdin: `echo $CLAIM | mneme verify --stdin` (limit then becomes 10MB)."
+        : `Input ${inputSize}B exceeds ${opts.source} limit of ${limit}B. Use --allow-truncate or split into chunks.`;
+    return {
+        ok: false, inputSize, limit, source: opts.source,
+        truncated: false,
+        reason: `input ${inputSize}B exceeds ${opts.source} limit of ${limit}B`,
+        suggestion,
+        receipt,
+        envelope: {
+            ok: false,
+            error: "INPUT_TOO_LARGE",
+            sizeReceived: inputSize,
+            sizeLimit: limit,
+            source: opts.source,
+            hint: suggestion,
+        },
+    };
+}
+/**
+ * Emit JSON envelope to stdout. Caller in CLI should call this on EVERY
+ * exit path so the user never gets silent 0-byte exit.
+ *
+ * Returns suggested process exit code:
+ *   0 if ok
+ *   2 if input rejected (distinct from generic crash exit 1)
+ */
+export function emitEnvelope(result, write = (s) => process.stdout.write(s)) {
+    write(JSON.stringify(result.envelope) + "\n");
+    return result.ok ? 0 : 2;
+}
+/** Detect input source heuristically from argv/stdin state. */
+export function detectInputSource() {
+    if (!process.stdin.isTTY)
+        return "stdin";
+    if (process.argv.length > 2)
+        return "argv";
+    return "unknown";
+}
+//# sourceMappingURL=input_size_guard.js.map

package/dist/protoplasm/super_quan/input_size_guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"input_size_guard.js","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/input_size_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAwBH,MAAM,cAAc,GAAgC;IAClD,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,UAAU,EAAS,OAAO;IACjC,IAAI,EAAE,WAAW,EAAU,QAAQ;IACnC,OAAO,EAAE,MAAM;CAChB,CAAC;AAQF,SAAS,WAAW,CAAC,KAAa,EAAE,MAAmB;IACrD,uEAAuE;IACvE,2BAA2B;IAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,eAAe,MAAM,IAAI,IAAI,WAAW,IAAI,WAAW,IAAI,IAAI,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAa,EAAE,IAA2B;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;IAC/B,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhD,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;QACvB,OAAO;YACL,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM;YAC/C,SAAS,EAAE,KAAK,EAAE,OAAO;YACzB,QAAQ,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;SACvF,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,OAAO;YACL,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM;YAC/C,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK;YACnC,MAAM,EAAE,SAAS,SAAS,aAAa,KAAK,sCAAsC,KAAK,GAAG;YAC1F,OAAO;YACP,QAAQ,EAAE;gBACR,EAAE,EAAE,IAAI;gBACR,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,IAAI,EAAE,6BAA6B,KAAK,2CAA2C;aACpF;SACF,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,KAAK,MAAM;QACvC,CAAC,CAAC,wHAAwH;QAC1H,CAAC,CAAC,SAAS,SAAS,aAAa,IAAI,CAAC,MAAM,aAAa,KAAK,+CAA+C,CAAC;IAEhH,OAAO;QACL,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM;QAChD,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,SAAS,SAAS,aAAa,IAAI,CAAC,MAAM,aAAa,KAAK,GAAG;QACvE,UAAU;QACV,OAAO;QACP,QAAQ,EAAE;YACR,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,iBAAiB;YACxB,YAAY,EAAE,SAAS;YACvB,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,UAAU;SACjB;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,MAAuB,EAAE,QAA6B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/G,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC;IACzC,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IAC3C,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/protoplasm/super_quan/prism.d.ts

@@ -0,0 +1,50 @@
+/**
+ * 🔮 PRISM — Universal Multi-Lens Verification Engine
+ *
+ * Closes v2.70 Vuln #3: multi-lens engine activated only on Mneme-self
+ * claims (6/7 generic test claims → 0 lenses → unknown). PRISM extends
+ * the lens engine to fire on ANY claim by adding 5 universal lenses
+ * that need no Mneme-specific entity to activate.
+ *
+ * 5 UNIVERSAL LENSES:
+ *   1. FAKE_AUTHORITY      — "According to MIT, X" without verifiable cite
+ *   2. FAKE_COMMIT          — "commit deadbeef" / "PR #N" that doesn't exist
+ *   3. STATISTICAL_REALITY  — "all X are Y" / "every X is Y" absolutes
+ *   4. MAGIC_NUMBER         — implausible numeric claim vs reality table
+ *   5. NULL_INFORMATION     — TODO / AAAAAA / empty / noise → honest refusal
+ *
+ * Each lens emits {triggered, verdict, evidence, confidence}.
+ * Caller combines with Mneme-self lenses for unified verdict.
+ *
+ * Design principle: NO lens should produce false positives on legitimate
+ * factual claims. Each lens has narrow trigger pattern. If no pattern
+ * matches, lens returns {triggered: false} — caller stacks lenses freely.
+ */
+export type PrismVerdict = "REFUTED" | "SUSPICIOUS" | "INSUFFICIENT_DATA" | "PASSTHROUGH";
+export interface LensResult {
+    lens: string;
+    triggered: boolean;
+    verdict?: PrismVerdict;
+    evidence?: string;
+    confidence?: number;
+}
+export interface PrismResult {
+    claim: string;
+    lensesActivated: number;
+    lensesAvailable: number;
+    results: LensResult[];
+    combinedVerdict: PrismVerdict;
+    combinedConfidence: number;
+    rationale: string;
+}
+export declare function lensFakeAuthority(claim: string): LensResult;
+export interface FakeCommitOptions {
+    validateSha?: (sha: string) => boolean;
+    validatePR?: (n: number) => boolean;
+}
+export declare function lensFakeCommit(claim: string, opts?: FakeCommitOptions): LensResult;
+export declare function lensStatisticalReality(claim: string): LensResult;
+export declare function lensMagicNumber(claim: string): LensResult;
+export declare function lensNullInformation(claim: string): LensResult;
+export declare function runPrism(claim: string, opts?: FakeCommitOptions): PrismResult;
+//# sourceMappingURL=prism.d.ts.map

package/dist/protoplasm/super_quan/prism.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prism.d.ts","sourceRoot":"","sources":["../../../src/protoplasm/super_quan/prism.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,YAAY,GAAG,mBAAmB,GAAG,aAAa,CAAC;AAE1F,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,YAAY,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,eAAe,EAAE,YAAY,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAaD,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAmB3D;AAOD,MAAM,WAAW,iBAAiB;IAChC,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;IACvC,UAAU,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;CACrC;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,iBAAsB,GAAG,UAAU,CAwCtF;AASD,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAchE;AAoBD,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CA2BzD;AAWD,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CA0B7D;AAGD,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,iBAAsB,GAAG,WAAW,CAyCjF"}