@mneme-ai/core 3.89.0 → 3.90.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/arch_firewall/arch_firewall.test.js +56 -34
  2. package/dist/arch_firewall/arch_firewall.test.js.map +1 -1
  3. package/dist/arch_firewall/index.d.ts +67 -29
  4. package/dist/arch_firewall/index.d.ts.map +1 -1
  5. package/dist/arch_firewall/index.js +211 -103
  6. package/dist/arch_firewall/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/arch_firewall/arch_firewall.test.js CHANGED
@@ -1,59 +1,81 @@
1
1
  import { describe, it, expect } from "vitest";
2
- import { firewall, parsePolicy, severityFromAge, firewallReport, archFirewallGauntlet } from "./index.js";
2
+ import { firewall, parsePolicy, loadPolicy, scoreSeverity, firewallReport, archFirewallGauntlet, DEFAULT_POLICY } from "./index.js";
3
3
  const baseline = [
4
4
  { path: "schema.prisma", content: "model Wallet { id Int @id }\nmodel Note { id Int @id }" },
5
5
  { path: "a.ts", content: "export function charge(){ return prisma.wallet.create({data:{}}); }\nexport function readNote(){ return prisma.note.findMany(); }" },
6
6
  ];
7
7
  const broke = [...baseline, { path: "refund.ts", content: "export function refundHandler(){ return prisma.wallet.update({where:{}}); }" }];
8
+ const oldAge = () => ({ ageDays: 875, establishedAt: "a1b2c3", heldThroughCommits: 312 });
9
+ const youngAge = () => ({ ageDays: 3 });
8
10
  describe("arch_firewall", () => {
9
11
  it("gauntlet is 100", () => expect(archFirewallGauntlet().score).toBe(100));
10
- it("BLOCKS a broken old contract, names the offending writer + history", () => {
11
- const v = firewall(baseline, broke, { ageResolver: () => ({ ageDays: 426, establishedAt: "a1b2c3", heldThroughCommits: 312 }) });
12
+ it("BLOCKS an old contract (base high +2 ⇒ critical), names the writer + history", () => {
13
+ const v = firewall(baseline, broke, DEFAULT_POLICY, { ageResolver: oldAge });
12
14
  expect(v.verdict).toBe("BLOCK");
13
- expect(v.critical).toBe(1);
14
- expect(v.violations[0].counterexample).toMatch(/refundHandler/);
15
- expect(v.violations[0].heldThroughCommits).toBe(312);
15
+ expect(v.findings[0].finalSeverity).toBe("critical");
16
+ expect(v.findings[0].counterexample).toMatch(/refundHandler/);
17
+ expect(v.findings[0].heldThroughCommits).toBe(312);
16
18
  expect(firewallReport(v)).toMatch(/BLOCKED/);
17
19
  });
18
- it("treats a broken YOUNG contract as evolution (info, not blocked)", () => {
19
- const v = firewall(baseline, broke, { ageResolver: () => ({ ageDays: 3 }) });
20
+ it("WARNs (not BLOCK) for a young contract (base high +0 ⇒ high)", () => {
21
+ const v = firewall(baseline, broke, DEFAULT_POLICY, { ageResolver: youngAge });
22
+ expect(v.verdict).toBe("WARN");
23
+ expect(v.findings[0].finalSeverity).toBe("high");
24
+ });
25
+ it("a waiver suppresses the block", () => {
26
+ const pol = parsePolicy("waive table wallet single-writer :: dual-writer approved in RFC-42");
27
+ const v = firewall(baseline, broke, pol, { ageResolver: oldAge, today: "2026-06-11" });
20
28
  expect(v.verdict).not.toBe("BLOCK");
21
- expect(v.violations[0].severity).toBe("info");
29
+ expect(v.findings[0].waived).toBe(true);
30
+ expect(v.findings[0].waiverReason).toMatch(/RFC-42/);
22
31
  });
23
- it("a declared-critical policy overrides age and forces BLOCK", () => {
24
- const v = firewall(baseline, broke, { policies: parsePolicy("critical table wallet single-writer"), ageResolver: () => ({ ageDays: 3 }) });
32
+ it("an EXPIRED waiver is NOT honoured block stands + surfaced", () => {
33
+ const pol = parsePolicy("waive until=2025-01-01 table wallet single-writer :: temporary");
34
+ const v = firewall(baseline, broke, pol, { ageResolver: oldAge, today: "2026-06-11" });
25
35
  expect(v.verdict).toBe("BLOCK");
26
- expect(v.violations[0].severity).toBe("critical");
36
+ expect(v.findings[0].waiverExpired).toBe(true);
37
+ expect(v.expiredWaivers.length).toBe(1);
27
38
  });
28
39
  it("PASSES when nothing regressed", () => {
29
- const v = firewall(baseline, baseline, { ageResolver: () => ({ ageDays: 999 }) });
40
+ const v = firewall(baseline, baseline, DEFAULT_POLICY, { ageResolver: oldAge });
30
41
  expect(v.verdict).toBe("PASS");
31
- expect(v.violations.length).toBe(0);
32
- });
33
- it("parsePolicy: severity prefix + default warn + comments", () => {
34
- const p = parsePolicy("# header\ncritical table wallet single-writer\nwarn endpoint POST /x exists\ntable note private\n \n");
35
- expect(p.length).toBe(3);
36
- expect(p[0].severity).toBe("critical");
37
- expect(p[1].severity).toBe("warn");
38
- expect(p[2].severity).toBe("warn"); // default
39
- expect(p[2].rule).toBe("table note private");
40
- });
41
- it("severityFromAge thresholds", () => {
42
- expect(severityFromAge(400)).toBe("critical");
43
- expect(severityFromAge(120)).toBe("warn");
44
- expect(severityFromAge(5)).toBe("info");
45
- expect(severityFromAge(null)).toBe("warn");
46
- expect(severityFromAge(undefined)).toBe("warn");
47
- });
48
- it("verdict is the worst severity present (critical > warn > info)", () => {
49
- // declare wallet warn (so the regression is warn, not age-critical) → WARN verdict
50
- const v = firewall(baseline, broke, { policies: parsePolicy("warn table wallet single-writer"), ageResolver: () => ({ ageDays: 999 }) });
51
- expect(v.verdict).toBe("WARN");
42
+ expect(v.clean).toBe(true);
43
+ });
44
+ it("scoreSeverity: age bump, flicker cap, UNKNOWN penalty", () => {
45
+ expect(scoreSeverity({ base: "high", status: "VIOLATED", ageDays: 800, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }).final).toBe("critical"); // +2
46
+ expect(scoreSeverity({ base: "medium", status: "VIOLATED", ageDays: 800, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }).final).toBe("critical"); // medium +2
47
+ expect(scoreSeverity({ base: "medium", status: "VIOLATED", ageDays: 800, flickered: true, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }).final).toBe("high"); // flicker caps +2→+1
48
+ expect(scoreSeverity({ base: "high", status: "UNKNOWN", ageDays: 3, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }).final).toBe("medium"); // +0 −1
49
+ expect(scoreSeverity({ base: "medium", status: "VIOLATED", ageDays: 200, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }).final).toBe("high"); // +1
50
+ });
51
+ it("parsePolicy: directives + enforce + waiver(+until)", () => {
52
+ const p = parsePolicy("# header\nname payments\nblockon high\ndefault single-writer critical\nagetier 30 1\ncritical table x single-writer\nwaive until=2030-01-01 table y private :: ok");
53
+ expect(p.name).toBe("payments");
54
+ expect(p.blockOn).toBe("high");
55
+ expect(p.defaults["single-writer"]).toBe("critical");
56
+ expect(p.enforce.length).toBe(1);
57
+ expect(p.enforce[0].severity).toBe("critical");
58
+ expect(p.waivers[0].until).toBe("2030-01-01");
59
+ expect(p.ageTiers.some((t) => t.minDays === 30 && t.bump === 1)).toBe(true);
60
+ });
61
+ it("an enforce override changes the base severity", () => {
62
+ // pin wallet single-writer to 'critical' base → even at 3 days it blocks (critical ≥ blockOn critical)
63
+ const pol = parsePolicy("critical table wallet single-writer");
64
+ const v = firewall(baseline, broke, pol, { ageResolver: youngAge });
65
+ expect(v.verdict).toBe("BLOCK");
66
+ });
67
+ it("loadPolicy parses JSON and falls back to DSL", () => {
68
+ const j = loadPolicy(JSON.stringify({ name: "j", blockOn: "high", waivers: [{ rule: "table wallet single-writer", reason: "x" }] }));
69
+ expect(j.name).toBe("j");
70
+ expect(j.blockOn).toBe("high");
71
+ expect(j.waivers.length).toBe(1);
72
+ expect(loadPolicy("critical table z private").enforce.length).toBe(1);
52
73
  });
53
74
  it("never throws on garbage", () => {
54
75
  expect(() => firewall(null, null)).not.toThrow();
55
76
  expect(firewall(null, null).verdict).toBe("PASS");
56
77
  expect(() => parsePolicy(null)).not.toThrow();
78
+ expect(() => loadPolicy("{bad json")).not.toThrow();
57
79
  });
58
80
  });
59
81
  //# sourceMappingURL=arch_firewall.test.js.map
package/dist/arch_firewall/arch_firewall.test.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"arch_firewall.test.js","sourceRoot":"","sources":["../../src/arch_firewall/arch_firewall.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAG1G,MAAM,QAAQ,GAAiB;IAC7B,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,wDAAwD,EAAE;IAC5F,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mIAAmI,EAAE;CAC/J,CAAC;AACF,MAAM,KAAK,GAAiB,CAAC,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,6EAA6E,EAAE,CAAC,CAAC;AAEzJ,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5E,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;QAC5E,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACjI,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrD,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,WAAW,CAAC,qCAAqC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3I,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,GAAG,WAAW,CAAC,wGAAwG,CAAC,CAAC;QAChI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAG,UAAU;QAChD,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,mFAAmF;QACnF,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,WAAW,CAAC,iCAAiC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACzI,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACnE,MAAM,CAAC,QAAQ,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
1
+ {"version":3,"file":"arch_firewall.test.js","sourceRoot":"","sources":["../../src/arch_firewall/arch_firewall.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,oBAAoB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAIpI,MAAM,QAAQ,GAAiB;IAC7B,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,wDAAwD,EAAE;IAC5F,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mIAAmI,EAAE;CAC/J,CAAC;AACF,MAAM,KAAK,GAAiB,CAAC,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,6EAA6E,EAAE,CAAC,CAAC;AACzJ,MAAM,MAAM,GAAG,GAAY,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;AACnG,MAAM,QAAQ,GAAG,GAAY,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;AAEjD,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5E,EAAE,CAAC,8EAA8E,EAAE,GAAG,EAAE;QACtF,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QAC7E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrD,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC9D,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC/E,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,GAAG,GAAG,WAAW,CAAC,oEAAoE,CAAC,CAAC;QAC9F,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,GAAG,GAAG,WAAW,CAAC,gEAAgE,CAAC,CAAC;QAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;QAChF,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK;QAC7K,MAAM,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY;QACtL,MAAM,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,qBAAqB;QAC1L,MAAM,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;QAC3K,MAAM,CAAC,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK;IAC7K,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,CAAC,GAAG,WAAW,CAAC,mKAAmK,CAAC,CAAC;QAC3L,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACrD,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,uGAAuG;QACvG,MAAM,GAAG,GAAG,WAAW,CAAC,qCAAqC,CAAC,CAAC;QAC/D,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,4BAA4B,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACrI,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,UAAU,CAAC,0BAA0B,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACnE,MAAM,CAAC,QAAQ,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,IAAa,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACvD,MAAM,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
package/dist/arch_firewall/index.d.ts CHANGED
@@ -1,51 +1,89 @@
1
1
  import { type SourceFile } from "../cross_layer_graph/index.js";
2
- export type Severity = "critical" | "warn" | "info";
3
- export interface Policy {
2
+ export type Severity = "info" | "low" | "medium" | "high" | "critical";
3
+ export interface AgeTier {
4
+ minDays: number;
5
+ bump: number;
6
+ }
7
+ export interface Waiver {
4
8
  rule: string;
5
- severity: Severity;
6
- raw: string;
7
- }
8
- /**
9
- * Parse a policy file. Each non-comment line is `[critical|warn|info] <invariant-rule>`; the severity
10
- * prefix is optional (defaults to `warn`). e.g. `critical table wallet single-writer`.
11
- */
12
- export declare function parsePolicy(text: string): Policy[];
13
- /** Severity weighted by how long a contract has stood. Old contract broken = crime; young = evolution. */
14
- export declare function severityFromAge(ageDays: number | null | undefined): Severity;
9
+ reason: string;
10
+ until?: string;
11
+ }
12
+ export interface FirewallPolicy {
13
+ name: string;
14
+ defaults: Record<string, Severity>;
15
+ enforce: Array<{
16
+ rule: string;
17
+ severity: Severity;
18
+ }>;
19
+ declared: string[];
20
+ waivers: Waiver[];
21
+ ageWeight: boolean;
22
+ ageTiers: AgeTier[];
23
+ blockOn: Severity;
24
+ }
25
+ export declare const DEFAULT_POLICY: FirewallPolicy;
26
+ /** Parse the line-DSL policy. Directives: `blockon <sev>`, `default <kind> <sev>`, `agetier <days> <bump>`,
27
+ * `waive [until=YYYY-MM-DD] <rule> :: <reason>`. Rule lines: `[<sev>] <invariant-rule>`. `#` comments. */
28
+ export declare function parsePolicy(text: string): FirewallPolicy;
29
+ /** Load a policy from JSON (full structured) or the line DSL, merged onto DEFAULT_POLICY. */
30
+ export declare function loadPolicy(raw: string): FirewallPolicy;
31
+ export interface ScoreInput {
32
+ base: Severity;
33
+ status: "VIOLATED" | "UNKNOWN";
34
+ ageDays: number | null;
35
+ flickered?: boolean;
36
+ ageWeight: boolean;
37
+ ageTiers: ReadonlyArray<AgeTier>;
38
+ }
39
+ /** final = base + age-tier bump − UNKNOWN penalty, with a flicker cap and a transparent rationale. */
40
+ export declare function scoreSeverity(s: ScoreInput): {
41
+ final: Severity;
42
+ rationale: string;
43
+ };
15
44
  export interface AgeInfo {
16
45
  ageDays: number;
17
46
  establishedAt?: string;
18
47
  heldThroughCommits?: number;
48
+ flickered?: boolean;
19
49
  }
20
- export interface FirewallViolation {
50
+ export interface FirewallFinding {
21
51
  rule: string;
22
- severity: Severity;
52
+ kind: string;
53
+ status: "VIOLATED" | "UNKNOWN";
23
54
  reason: string;
24
55
  counterexample?: string;
25
56
  source: "mined" | "declared";
26
- ageDays?: number | null;
57
+ baseSeverity: Severity;
58
+ finalSeverity: Severity;
59
+ rationale: string;
60
+ ageDays: number | null;
27
61
  establishedAt?: string;
28
62
  heldThroughCommits?: number;
63
+ waived: boolean;
64
+ waiverReason?: string;
65
+ waiverExpired: boolean;
66
+ blocking: boolean;
29
67
  }
30
68
  export interface FirewallVerdict {
31
69
  verdict: "PASS" | "WARN" | "BLOCK";
32
- violations: FirewallViolation[];
70
+ policyName: string;
71
+ baselineContracts: number;
72
+ findings: FirewallFinding[];
73
+ blocked: boolean;
74
+ blockedBy: FirewallFinding[];
75
+ expiredWaivers: FirewallFinding[];
76
+ waivedCount: number;
77
+ clean: boolean;
33
78
  critical: number;
34
- warn: number;
35
- info: number;
36
- checkedContracts: number;
37
- declaredChecked: number;
38
- }
39
- /**
40
- * Run the firewall: which baseline contracts (and which architect-declared policies) does the current
41
- * code violate, weighted into PASS / WARN / BLOCK. `ageResolver` (optional, git-backed in the caller)
42
- * supplies how long each violated contract has stood; in tests pass a stub.
43
- */
44
- export declare function firewall(baselineFiles: ReadonlyArray<SourceFile>, currentFiles: ReadonlyArray<SourceFile>, opts?: {
45
- policies?: ReadonlyArray<Policy>;
79
+ high: number;
80
+ blockOn: Severity;
81
+ }
82
+ export declare function firewall(baselineFiles: ReadonlyArray<SourceFile>, currentFiles: ReadonlyArray<SourceFile>, policy?: FirewallPolicy, opts?: {
46
83
  ageResolver?: (rule: string) => AgeInfo | null;
84
+ today?: string;
47
85
  }): FirewallVerdict;
48
- /** A human/PR-comment rendering of the verdict, with the killer line per violation. */
86
+ /** Plain-text verdict, ready for a terminal or a PR comment. */
49
87
  export declare function firewallReport(v: FirewallVerdict): string;
50
88
  export interface ArchFirewallGauntlet {
51
89
  score: 0 | 100;
package/dist/arch_firewall/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/arch_firewall/index.ts"],"names":[],"mappings":"AA2BA,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAEhE,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAEpD,MAAM,WAAW,MAAM;IAAG,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,QAAQ,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE;AAEzE;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAUlD;AAED,0GAA0G;AAC1G,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,QAAQ,CAK5E;AAED,MAAM,WAAW,OAAO;IAAG,OAAO,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAAE;AACjG,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAC1E,MAAM,EAAE,OAAO,GAAG,UAAU,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5G;AACD,MAAM,WAAW,eAAe;IAAG,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAAC,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE;AAQzM;;;;GAIG;AACH,wBAAgB,QAAQ,CACtB,aAAa,EAAE,aAAa,CAAC,UAAU,CAAC,EACxC,YAAY,EAAE,aAAa,CAAC,UAAU,CAAC,EACvC,IAAI,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAAC,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,GAAG,IAAI,CAAA;CAAE,GAC1F,eAAe,CAkCjB;AAED,uFAAuF;AACvF,wBAAgB,cAAc,CAAC,CAAC,EAAE,eAAe,GAAG,MAAM,CAUzD;AAGD,MAAM,WAAW,oBAAoB;IAAG,KAAK,EAAE,CAAC,GAAG,GAAG,CAAC;IAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE;AACxH,wBAAgB,oBAAoB,IAAI,oBAAoB,CAuC3D"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/arch_firewall/index.ts"],"names":[],"mappings":"AAkCA,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAEhE,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AASvE,MAAM,WAAW,OAAO;IAAG,OAAO,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE;AAC1D,MAAM,WAAW,MAAM;IAAG,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE;AACxE,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACnC,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAC;IACrD,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,OAAO,EAAE,QAAQ,CAAC;CACnB;AACD,eAAO,MAAM,cAAc,EAAE,cAG5B,CAAC;AAEF;2GAC2G;AAC3G,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,CA0BxD;AAED,6FAA6F;AAC7F,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAItD;AAQD,MAAM,WAAW,UAAU;IAAG,IAAI,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAAC;IAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;CAAE;AACjL,sGAAsG;AACtG,wBAAgB,aAAa,CAAC,CAAC,EAAE,UAAU,GAAG;IAAE,KAAK,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAanF;AAED,MAAM,WAAW,OAAO;IAAG,OAAO,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,OAAO,CAAA;CAAE;AACtH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,GAAG,UAAU,CAAC;IAClI,YAAY,EAAE,QAAQ,CAAC;IAAC,aAAa,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAChJ,MAAM,EAAE,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAC;CACnF;AACD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC/G,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,eAAe,EAAE,CAAC;IAAC,cAAc,EAAE,eAAe,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC;IACvH,QAAQ,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,QAAQ,CAAC;CACnD;AAED,wBAAgB,QAAQ,CACtB,aAAa,EAAE,aAAa,CAAC,UAAU,CAAC,EACxC,YAAY,EAAE,aAAa,CAAC,UAAU,CAAC,EACvC,MAAM,GAAE,cAA+B,EACvC,IAAI,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,GAAG,IAAI,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACxE,eAAe,CAsCjB;AAID,gEAAgE;AAChE,wBAAgB,cAAc,CAAC,CAAC,EAAE,eAAe,GAAG,MAAM,CAgBzD;AAGD,MAAM,WAAW,oBAAoB;IAAG,KAAK,EAAE,CAAC,GAAG,GAAG,CAAC;IAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE;AACxH,wBAAgB,oBAAoB,IAAI,oBAAoB,CAmD3D"}
package/dist/arch_firewall/index.js CHANGED
@@ -1,115 +1,211 @@
1
1
  /**
2
- * ARCHITECTURAL REGRESSION FIREWALL — the gatekeeper for AI-generated change.
2
+ * ARCHITECTURAL REGRESSION FIREWALL — the gate for AI-generated change.
3
3
  *
4
4
  * The thesis: when producing code costs nothing, the expensive thing is PROVING that the code an AI just
5
5
  * generated didn't silently break an architectural contract the system has stood on for years. Everyone
6
- * ships a code GENERATOR (Copilot, Cursor); nobody ships the GATE that remembers what contracts hold and
7
- * blocks the moment an AI is about to violate one. This is that gate.
6
+ * ships a code GENERATOR; nobody ships the GATE that remembers what contracts hold and blocks the moment
7
+ * one is about to be violated. This is that gate.
8
8
  *
9
9
  * It composes three Mneme primitives that already exist into one verdict:
10
10
  * • mineInvariants / analyzeRegressions — the contracts the repo upheld at a baseline, and which are
11
11
  * now VIOLATED (with the offending counterexample, pointing at the real symbol).
12
- * • arch_lineage — how long each contract has stood (its load-bearing strength).
13
- * • a POLICY layer (this module) — architect-DECLARED rules + severities, and severity-by-age, fused
14
- * into PASS / WARN / BLOCK with an enforcement-ready exit.
12
+ * • arch_lineage — how long each contract has stood (its load-bearing strength) + whether it flickered.
13
+ * • a POLICY layer (this module) — a severity ladder weighted by contract age, architect-DECLARED rules
14
+ * + overrides, and time-boxed WAIVERS, fused into PASS / WARN / BLOCK with an enforcement-ready exit.
15
15
  *
16
- * The verdict an AI agent or a CI gate reads: breaking a contract that has held for two years is a crime
17
- * (BLOCK); breaking one that is three days old is normal evolution (INFO). The age does the weighting.
16
+ * Severity model (5-rung ladder info<low<medium<high<critical):
17
+ * final = base(kind/override) + age-tier bump − (UNKNOWN ? 1 : 0)
18
+ * • base — a single-writer/private/guarded contract starts at `high`, an existence contract at `medium`;
19
+ * an architect can pin any rule's base via the policy.
20
+ * • age bump — breaking a contract that has stood for years escalates it (e.g. +2 ≥730d, +1 ≥180d); a
21
+ * contract that FLICKERED (held, broke, re-held) is less load-bearing, so its bump is capped at +1.
22
+ * • UNKNOWN penalty — a contract that became UNKNOWN (its table moved/renamed) is a weaker signal, −1.
23
+ * A WAIVER (rule + reason + optional `until` date) suppresses blocking — the architect's "ratified, I
24
+ * know" — but an EXPIRED waiver is NOT honoured and is surfaced loudly. blockOn (default `critical`) is
25
+ * the threshold a non-waived finding must reach to BLOCK.
18
26
  *
19
- * ★HONEST (DIAKRISIS): every violation here is a contract PROVEN to hold at the baseline and PROVEN
20
- * VIOLATED now (re-checkable, with the counterexample) — not a guess. Age is measured from git, not
21
- * predicted. A BLOCK is a strong signal a human/agent should heed, but a violation can still be an
22
- * intended evolution which is exactly why an architect can DECLARE a rule's severity (or ratify the
23
- * change by moving the baseline). The firewall decides + surfaces; it does not pretend the change is
24
- * malicious.
27
+ * ★HONEST (DIAKRISIS): every finding is a contract PROVEN to hold at the baseline and PROVEN VIOLATED /
28
+ * WEAKENED now (re-checkable, with the counterexample) — not a guess; age is measured from git, not
29
+ * predicted; the severity math is shown in `rationale` so the verdict is auditable, not magic. A BLOCK is
30
+ * a strong signal but a violation can still be an intended evolution which is exactly why the policy
31
+ * has overrides and time-boxed waivers, and why the baseline can be moved to ratify a change.
25
32
  */
26
33
  import { analyzeRegressions } from "../arch_regressions/index.js";
27
34
  import { checkInvariants, parseInvariants } from "../invariants/index.js";
28
- const SEV_RANK = { critical: 3, warn: 2, info: 1 };
29
- /**
30
- * Parse a policy file. Each non-comment line is `[critical|warn|info] <invariant-rule>`; the severity
31
- * prefix is optional (defaults to `warn`). e.g. `critical table wallet single-writer`.
32
- */
35
+ const LADDER = ["info", "low", "medium", "high", "critical"];
36
+ const ord = (s) => { const i = LADDER.indexOf(s); return i < 0 ? 2 : i; };
37
+ const fromOrd = (n) => LADDER[Math.max(0, Math.min(LADDER.length - 1, n))];
38
+ const atLeast = (a, b) => ord(a) >= ord(b);
39
+ const norm = (s) => String(s ?? "").toLowerCase().replace(/\s+/g, " ").trim();
40
+ /** Default base severity by invariant kind (an architect can override per rule in the policy). */
41
+ const BUILTIN_BASE = { "single-writer": "high", "private": "high", "guarded": "high", "exists": "medium" };
42
+ export const DEFAULT_POLICY = {
43
+ name: "default", defaults: {}, enforce: [], declared: [], waivers: [], ageWeight: true,
44
+ ageTiers: [{ minDays: 730, bump: 2 }, { minDays: 180, bump: 1 }, { minDays: 14, bump: 0 }], blockOn: "critical",
45
+ };
46
+ /** Parse the line-DSL policy. Directives: `blockon <sev>`, `default <kind> <sev>`, `agetier <days> <bump>`,
47
+ * `waive [until=YYYY-MM-DD] <rule> :: <reason>`. Rule lines: `[<sev>] <invariant-rule>`. `#` comments. */
33
48
  export function parsePolicy(text) {
34
- const out = [];
49
+ const p = { ...DEFAULT_POLICY, defaults: {}, enforce: [], declared: [], waivers: [], ageTiers: [...DEFAULT_POLICY.ageTiers] };
50
+ let nameSet = false;
35
51
  for (const line0 of String(text ?? "").split("\n")) {
36
52
  const line = line0.replace(/#.*$/, "").trim();
37
53
  if (!line)
38
54
  continue;
39
- const m = /^(critical|warn|info)\s+(.*)$/i.exec(line);
40
- const severity = (m ? m[1].toLowerCase() : "warn");
41
- const rule = (m ? m[2] : line).trim();
42
- if (rule)
43
- out.push({ rule, severity, raw: line });
55
+ const lc = line.toLowerCase();
56
+ if (lc.startsWith("name ")) {
57
+ p.name = line.slice(5).trim();
58
+ nameSet = true;
59
+ continue;
60
+ }
61
+ if (lc.startsWith("blockon ")) {
62
+ const s = lc.slice(8).trim();
63
+ if (LADDER.includes(s))
64
+ p.blockOn = s;
65
+ continue;
66
+ }
67
+ if (lc.startsWith("default ")) {
68
+ const m = /^default\s+(\S+)\s+(info|low|medium|high|critical)\s*$/i.exec(line);
69
+ if (m)
70
+ p.defaults[m[1].toLowerCase()] = m[2].toLowerCase();
71
+ continue;
72
+ }
73
+ if (lc.startsWith("agetier ")) {
74
+ const m = /^agetier\s+(\d+)\s+\+?(\d+)\s*$/i.exec(line);
75
+ if (m)
76
+ p.ageTiers.push({ minDays: parseInt(m[1], 10), bump: parseInt(m[2], 10) });
77
+ continue;
78
+ }
79
+ if (lc.startsWith("waive ")) {
80
+ const rest = line.slice(6).trim();
81
+ const um = /until=(\d{4}-\d{2}-\d{2})\s+/i.exec(rest);
82
+ const after = um ? rest.slice(um.index + um[0].length) : rest;
83
+ const [rulePart, ...reasonParts] = after.split("::");
84
+ const rule = rulePart.trim();
85
+ const reason = reasonParts.join("::").trim() || "(no reason given)";
86
+ if (rule)
87
+ p.waivers.push({ rule, reason, ...(um ? { until: um[1] } : {}) });
88
+ continue;
89
+ }
90
+ const sm = /^(critical|high|medium|low|info)\s+(.*)$/i.exec(line);
91
+ if (sm) {
92
+ const rule = sm[2].trim();
93
+ p.enforce.push({ rule, severity: sm[1].toLowerCase() });
94
+ p.declared.push(rule);
95
+ }
96
+ else
97
+ p.declared.push(line);
98
+ }
99
+ // de-dupe agetiers (keep the user's; DEFAULT already seeded) — sort handled at scoring time.
100
+ if (!nameSet && !p.name)
101
+ p.name = "default";
102
+ return p;
103
+ }
104
+ /** Load a policy from JSON (full structured) or the line DSL, merged onto DEFAULT_POLICY. */
105
+ export function loadPolicy(raw) {
106
+ const t = String(raw ?? "").trim();
107
+ if (t.startsWith("{")) {
108
+ try {
109
+ const j = JSON.parse(t);
110
+ return { ...DEFAULT_POLICY, ...j, defaults: { ...j.defaults }, enforce: [...(j.enforce ?? [])], declared: [...(j.declared ?? [])], waivers: [...(j.waivers ?? [])], ageTiers: [...(j.ageTiers ?? DEFAULT_POLICY.ageTiers)] };
111
+ }
112
+ catch { /* fall through */ }
44
113
  }
45
- return out;
114
+ return parsePolicy(t);
46
115
  }
47
- /** Severity weighted by how long a contract has stood. Old contract broken = crime; young = evolution. */
48
- export function severityFromAge(ageDays) {
49
- if (ageDays == null)
50
- return "warn"; // unknown age → cautious default
51
- if (ageDays >= 365)
52
- return "critical"; // foundational — breaking it is high-risk
53
- if (ageDays >= 90)
54
- return "warn"; // established — flag loudly
55
- return "info"; // young — normal evolution
116
+ function baseSeverityFor(policy, rule, kind) {
117
+ const pin = (policy.enforce ?? []).find((e) => norm(e.rule) === norm(rule));
118
+ if (pin)
119
+ return pin.severity;
120
+ return policy.defaults?.[kind] ?? BUILTIN_BASE[kind] ?? "medium";
56
121
  }
57
- function declaredSeverity(policies, rule) {
58
- const norm = (s) => s.toLowerCase().replace(/\s+/g, " ").trim();
59
- const hit = (policies ?? []).find((p) => norm(p.rule) === norm(rule));
60
- return hit ? hit.severity : null;
122
+ /** final = base + age-tier bump − UNKNOWN penalty, with a flicker cap and a transparent rationale. */
123
+ export function scoreSeverity(s) {
124
+ let bump = 0, tier = null;
125
+ if (s.ageWeight && s.ageDays != null) {
126
+ for (const t of [...(s.ageTiers ?? [])].sort((a, b) => b.minDays - a.minDays))
127
+ if (s.ageDays >= t.minDays) {
128
+ bump = t.bump;
129
+ tier = t.minDays;
130
+ break;
131
+ }
132
+ if (s.flickered)
133
+ bump = Math.min(bump, 1);
134
+ }
135
+ const penalty = s.status === "UNKNOWN" ? 1 : 0;
136
+ const final = fromOrd(ord(s.base) + bump - penalty);
137
+ const why = [`base=${s.base}`];
138
+ if (bump)
139
+ why.push(`age≥${tier}d ⇒ +${bump}${s.flickered ? " (flicker-capped)" : ""}`);
140
+ else if (s.ageWeight && s.ageDays != null)
141
+ why.push(`age=${s.ageDays}d ⇒ +0`);
142
+ if (penalty)
143
+ why.push("UNKNOWN ⇒ −1");
144
+ return { final, rationale: `${why.join(", ")} ⇒ ${final}` };
61
145
  }
62
- /**
63
- * Run the firewall: which baseline contracts (and which architect-declared policies) does the current
64
- * code violate, weighted into PASS / WARN / BLOCK. `ageResolver` (optional, git-backed in the caller)
65
- * supplies how long each violated contract has stood; in tests pass a stub.
66
- */
67
- export function firewall(baselineFiles, currentFiles, opts) {
68
- const policies = opts?.policies ?? [];
69
- const violations = [];
146
+ export function firewall(baselineFiles, currentFiles, policy = DEFAULT_POLICY, opts) {
147
+ const pol = policy ?? DEFAULT_POLICY;
148
+ const a = analyzeRegressions(baselineFiles, currentFiles);
149
+ const findings = [];
70
150
  const seen = new Set();
71
- // 1. mined-baseline regressions contracts the repo upheld at baseline, now violated.
72
- const reg = analyzeRegressions(baselineFiles, currentFiles);
73
- for (const r of reg.regressed) {
151
+ const mk = (r, source) => {
152
+ const base = baseSeverityFor(pol, r.rule, r.kind);
74
153
  const age = opts?.ageResolver ? opts.ageResolver(r.rule) : null;
75
- const severity = declaredSeverity(policies, r.rule) ?? severityFromAge(age?.ageDays ?? null);
76
- violations.push({ rule: r.rule, severity, reason: r.reason, counterexample: r.counterexample, source: "mined", ageDays: age?.ageDays ?? null, establishedAt: age?.establishedAt, heldThroughCommits: age?.heldThroughCommits });
77
- seen.add(r.rule.toLowerCase().replace(/\s+/g, " ").trim());
78
- }
79
- // 2. architect-DECLARED policies the current code does not satisfy (even if never mined as a contract).
80
- if (policies.length) {
81
- const parsed = parseInvariants(policies.map((p) => p.rule).join("\n"));
154
+ const { final, rationale } = scoreSeverity({ base, status: r.status, ageDays: age?.ageDays ?? null, flickered: age?.flickered ?? false, ageWeight: pol.ageWeight, ageTiers: pol.ageTiers });
155
+ const waiver = (pol.waivers ?? []).find((w) => norm(w.rule) === norm(r.rule));
156
+ const waiverExpired = !!(waiver?.until && opts?.today && waiver.until < opts.today);
157
+ const waived = !!waiver && !waiverExpired;
158
+ const blocking = !waived && atLeast(final, pol.blockOn);
159
+ findings.push({ rule: r.rule, kind: r.kind, status: r.status, reason: r.reason, counterexample: r.counterexample, source, baseSeverity: base, finalSeverity: final, rationale, ageDays: age?.ageDays ?? null, establishedAt: age?.establishedAt, heldThroughCommits: age?.heldThroughCommits, waived, waiverReason: waiver?.reason, waiverExpired, blocking });
160
+ seen.add(norm(r.rule));
161
+ };
162
+ for (const r of a.regressed)
163
+ mk({ rule: r.rule, kind: r.kind, status: "VIOLATED", reason: r.reason, counterexample: r.counterexample }, "mined");
164
+ for (const r of a.weakened)
165
+ mk({ rule: r.rule, kind: r.kind, status: "UNKNOWN", reason: r.reason, counterexample: r.counterexample }, "mined");
166
+ // architect-DECLARED rules the current code does not satisfy (even if never mined as a contract).
167
+ if (pol.declared?.length) {
168
+ const parsed = parseInvariants(pol.declared.join("\n"));
82
169
  const res = checkInvariants(currentFiles, parsed);
83
170
  for (const c of res.results) {
84
- if (c.status !== "VIOLATED")
171
+ if (c.status === "HOLDS" || seen.has(norm(c.invariant.raw)))
85
172
  continue;
86
- const key = c.invariant.raw.toLowerCase().replace(/\s+/g, " ").trim();
87
- if (seen.has(key))
88
- continue; // already reported as a regression
89
- const sev = declaredSeverity(policies, c.invariant.raw) ?? "warn";
90
- violations.push({ rule: c.invariant.raw, severity: sev, reason: c.reason, counterexample: c.counterexample, source: "declared" });
91
- seen.add(key);
173
+ mk({ rule: c.invariant.raw, kind: c.invariant.kind, status: c.status, reason: c.reason, counterexample: c.counterexample }, "declared");
92
174
  }
93
175
  }
94
- violations.sort((a, b) => SEV_RANK[b.severity] - SEV_RANK[a.severity] || a.rule.localeCompare(b.rule));
95
- const critical = violations.filter((v) => v.severity === "critical").length;
96
- const warn = violations.filter((v) => v.severity === "warn").length;
97
- const info = violations.filter((v) => v.severity === "info").length;
98
- const verdict = critical > 0 ? "BLOCK" : warn > 0 ? "WARN" : "PASS";
99
- return { verdict, violations, critical, warn, info, checkedContracts: reg.baselineContracts, declaredChecked: policies.length };
176
+ findings.sort((x, y) => ord(y.finalSeverity) - ord(x.finalSeverity) || (Number(y.blocking) - Number(x.blocking)) || x.rule.localeCompare(y.rule));
177
+ const blockedBy = findings.filter((f) => f.blocking);
178
+ const verdict = blockedBy.length ? "BLOCK" : findings.some((f) => !f.waived) ? "WARN" : "PASS";
179
+ return {
180
+ verdict, policyName: pol.name, baselineContracts: a.baselineContracts, findings,
181
+ blocked: blockedBy.length > 0, blockedBy, expiredWaivers: findings.filter((f) => f.waiverExpired), waivedCount: findings.filter((f) => f.waived).length,
182
+ clean: a.clean && !a.weakened.length && findings.length === 0,
183
+ critical: findings.filter((f) => f.finalSeverity === "critical").length, high: findings.filter((f) => f.finalSeverity === "high").length, blockOn: pol.blockOn,
184
+ };
100
185
  }
101
- /** A human/PR-comment rendering of the verdict, with the killer line per violation. */
186
+ const ICON = { critical: "⛔", high: "🔴", medium: "🟠", low: "🟡", info: "⚪" };
187
+ const agePhrase = (d) => d == null ? "age unknown" : d >= 365 ? `held ${(d / 365).toFixed(1)} years` : `held ${d} days`;
188
+ /** Plain-text verdict, ready for a terminal or a PR comment. */
102
189
  export function firewallReport(v) {
103
- const ic = (s) => s === "critical" ? "🔴" : s === "warn" ? "🟠" : "🔵";
104
190
  const head = v.verdict === "BLOCK" ? "🛑 ARCHITECTURAL FIREWALL — BLOCKED" : v.verdict === "WARN" ? "🟠 ARCHITECTURAL FIREWALL — WARN" : "✅ ARCHITECTURAL FIREWALL — PASS";
105
- const lines = [head, `${v.violations.length} violation(s) · ${v.critical} critical · ${v.warn} warn · ${v.info} info · ${v.checkedContracts} contract(s) checked`];
106
- for (const x of v.violations) {
107
- const age = x.ageDays != null ? ` (held ${x.ageDays}d${x.heldThroughCommits ? `, through ${x.heldThroughCommits} commits` : ""}${x.establishedAt ? `, set at ${x.establishedAt}` : ""})` : "";
108
- lines.push(`${ic(x.severity)} ${x.severity.toUpperCase()} violated invariant "${x.rule}"${age}`);
109
- if (x.counterexample)
110
- lines.push(` ↳ ${x.counterexample}`);
191
+ const o = [head, `policy "${v.policyName}" · ${v.baselineContracts} contracts checked · ${v.findings.length} finding(s) · ${v.blockedBy.length} blocking · ${v.waivedCount} waived (block threshold: ${v.blockOn})`, ""];
192
+ if (v.clean)
193
+ return [head, `policy "${v.policyName}" · ${v.baselineContracts} contracts checked`, "", "✅ no architectural regressions every baseline contract still holds."].join("\n");
194
+ for (const f of v.findings) {
195
+ const tag = f.waived ? " (WAIVED)" : f.waiverExpired ? " (WAIVER EXPIRED — not honoured)" : f.blocking ? " (BLOCKING)" : "";
196
+ o.push(`${ICON[f.finalSeverity]} [${f.finalSeverity.toUpperCase()}] ${f.rule}${tag}`);
197
+ o.push(` ${f.reason}`);
198
+ if (f.counterexample)
199
+ o.push(` ↳ ${f.counterexample}`);
200
+ o.push(` contract ${agePhrase(f.ageDays)}${f.heldThroughCommits ? `, through ${f.heldThroughCommits} commits` : ""}${f.establishedAt ? `, set at ${f.establishedAt}` : ""} · ${f.rationale}`);
201
+ if (f.waived)
202
+ o.push(` waived: ${f.waiverReason}`);
111
203
  }
112
- return lines.join("\n");
204
+ if (v.expiredWaivers.length)
205
+ o.push(`\n⚠ ${v.expiredWaivers.length} waiver(s) expired — review or renew.`);
206
+ o.push("");
207
+ o.push(v.blocked ? `❌ BLOCKED: ${v.blockedBy.length} finding(s) ≥ ${v.blockOn}. Merge refused (exit 2).` : v.verdict === "WARN" ? "🟠 WARN: regressions found but none reached the block threshold (exit 0)." : "✅ PASS (exit 0).");
208
+ return o.join("\n");
113
209
  }
114
210
  export function archFirewallGauntlet() {
115
211
  const baseline = [
@@ -117,39 +213,51 @@ export function archFirewallGauntlet() {
117
213
  { path: "a.ts", content: "export function charge(){ return prisma.wallet.create({data:{}}); }\nexport function readNote(){ return prisma.note.findMany(); }" },
118
214
  ];
119
215
  const broke = [...baseline, { path: "refund.ts", content: "export function refundHandler(){ return prisma.wallet.update({where:{}}); }" }];
120
- // (a) old contract broken with no policy severity from age → critical → BLOCK + counterexample names refundHandler.
121
- const oldAge = firewall(baseline, broke, { ageResolver: () => ({ ageDays: 426, establishedAt: "a1b2c3", heldThroughCommits: 312 }) });
122
- const blocksOld = oldAge.verdict === "BLOCK" && oldAge.critical === 1 && oldAge.violations[0].severity === "critical"
123
- && /refundHandler/.test(oldAge.violations[0].counterexample || "") && oldAge.violations[0].heldThroughCommits === 312;
124
- // (b) same break but YOUNG contract info not blocked (normal evolution).
125
- const youngAge = firewall(baseline, broke, { ageResolver: () => ({ ageDays: 3 }) });
126
- const youngIsEvolution = youngAge.verdict !== "BLOCK" && youngAge.violations[0].severity === "info";
127
- // (c) declared-critical policy forces BLOCK regardless of (here, young) age.
128
- const declared = firewall(baseline, broke, { policies: parsePolicy("critical table wallet single-writer"), ageResolver: () => ({ ageDays: 3 }) });
129
- const declaredWins = declared.verdict === "BLOCK" && declared.violations[0].severity === "critical";
130
- // (d) no regression PASS.
131
- const clean = firewall(baseline, baseline, { ageResolver: () => ({ ageDays: 999 }) });
132
- // (e) parsing + age mapping.
133
- const p = parsePolicy("# comment\ncritical table wallet single-writer\nwarn endpoint POST /x exists\ntable note private");
134
- const parseOK = p.length === 3 && p[0].severity === "critical" && p[1].severity === "warn" && p[2].severity === "warn";
135
- const ageOK = severityFromAge(400) === "critical" && severityFromAge(120) === "warn" && severityFromAge(5) === "info" && severityFromAge(null) === "warn";
216
+ const oldAge = () => ({ ageDays: 875, establishedAt: "a1b2c3", heldThroughCommits: 312 });
217
+ const youngAge = () => ({ ageDays: 3 });
218
+ // (a) old contract (base high +2 ≥730d ⇒ critical) BLOCK, names refundHandler, heldThrough kept.
219
+ const a = firewall(baseline, broke, DEFAULT_POLICY, { ageResolver: oldAge });
220
+ const blocksOld = a.verdict === "BLOCK" && a.findings[0].finalSeverity === "critical" && /refundHandler/.test(a.findings[0].counterexample || "") && a.findings[0].heldThroughCommits === 312;
221
+ // (b) young (base high +0 high; blockOn critical) WARN not BLOCK.
222
+ const b = firewall(baseline, broke, DEFAULT_POLICY, { ageResolver: youngAge });
223
+ const youngIsWarn = b.verdict === "WARN" && b.findings[0].finalSeverity === "high";
224
+ // (c) waiver suppresses the block.
225
+ const wpol = parsePolicy("waive table wallet single-writer :: dual-writer approved in RFC-42");
226
+ const c = firewall(baseline, broke, wpol, { ageResolver: oldAge, today: "2026-06-11" });
227
+ const waiverSuppresses = c.verdict !== "BLOCK" && c.findings[0].waived === true;
228
+ // (d) EXPIRED waiver is NOT honoured → block stands + flagged.
229
+ const epol = parsePolicy("waive until=2025-01-01 table wallet single-writer :: temporary");
230
+ const d = firewall(baseline, broke, epol, { ageResolver: oldAge, today: "2026-06-11" });
231
+ const expiredBlocks = d.verdict === "BLOCK" && d.findings[0].waiverExpired === true && d.expiredWaivers.length === 1;
232
+ // (e) clean → PASS.
233
+ const e = firewall(baseline, baseline, DEFAULT_POLICY, { ageResolver: oldAge });
234
+ // (f) severity math + policy parse.
235
+ const sc = scoreSeverity({ base: "high", status: "VIOLATED", ageDays: 800, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers });
236
+ const flickNo = scoreSeverity({ base: "medium", status: "VIOLATED", ageDays: 800, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }); // medium +2 ⇒ critical
237
+ const flick = scoreSeverity({ base: "medium", status: "VIOLATED", ageDays: 800, flickered: true, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers }); // flicker caps +2→+1 ⇒ high
238
+ const unk = scoreSeverity({ base: "high", status: "UNKNOWN", ageDays: 3, flickered: false, ageWeight: true, ageTiers: DEFAULT_POLICY.ageTiers });
239
+ const scoreOK = sc.final === "critical" && flickNo.final === "critical" && flick.final === "high" && unk.final === "medium";
240
+ const pp = parsePolicy("# p\nname payments\nblockon high\ndefault single-writer critical\ncritical table x single-writer\nwaive until=2030-01-01 table y private :: ok");
241
+ const parseOK = pp.name === "payments" && pp.blockOn === "high" && pp.defaults["single-writer"] === "critical" && pp.enforce.length === 1 && pp.waivers[0]?.until === "2030-01-01";
136
242
  const total = (() => { try {
137
243
  firewall(null, null);
138
244
  parsePolicy(null);
139
- severityFromAge(undefined);
140
- firewallReport({ verdict: "PASS", violations: [], critical: 0, warn: 0, info: 0, checkedContracts: 0, declaredChecked: 0 });
245
+ loadPolicy("{bad json");
246
+ scoreSeverity({ base: "info", status: "VIOLATED", ageDays: null, ageWeight: true, ageTiers: [] });
247
+ firewallReport(firewall([], []));
141
248
  return true;
142
249
  }
143
250
  catch {
144
251
  return false;
145
252
  } })();
146
253
  const checks = [
147
- { name: "BLOCK-OLD-CONTRACT", pass: blocksOld, detail: "breaking a 426-day contract critical BLOCK; counterexample names the 2nd writer (refundHandler); heldThrough=312" },
148
- { name: "YOUNG-IS-EVOLUTION", pass: youngIsEvolution, detail: "breaking a 3-day contract info not blocked (normal evolution)" },
149
- { name: "DECLARED-OVERRIDES-AGE", pass: declaredWins, detail: "an architect-declared critical policy forces BLOCK regardless of age" },
150
- { name: "CLEAN-PASSES", pass: clean.verdict === "PASS" && !clean.violations.length, detail: "no regression PASS" },
151
- { name: "POLICY-PARSE+AGE", pass: parseOK && ageOK, detail: "policy DSL parses severity prefix (default warn); severity-by-age thresholds correct" },
152
- { name: "TOTAL", pass: total, detail: "null/garbage never throws" },
254
+ { name: "BLOCK-OLD(+2⇒critical)", pass: blocksOld, detail: "base high + age≥730d (+2) critical BLOCK; counterexample names the 2nd writer; heldThrough kept" },
255
+ { name: "YOUNG-IS-WARN", pass: youngIsWarn, detail: "base high + 3d (+0) high; below critical block threshold ⇒ WARN, not BLOCK" },
256
+ { name: "WAIVER-SUPPRESSES", pass: waiverSuppresses, detail: "an approved waiver suppresses the block" },
257
+ { name: "EXPIRED-WAIVER-FAILS-LOUD", pass: expiredBlocks, detail: "an expired waiver is NOT honoured block stands + surfaced" },
258
+ { name: "CLEAN-PASSES", pass: e.verdict === "PASS" && e.clean, detail: "no regression PASS" },
259
+ { name: "SEVERITY-MATH+PARSE", pass: scoreOK && parseOK, detail: "age bump / flicker cap / UNKNOWN penalty correct; DSL parses name/blockon/default/enforce/waiver+until" },
260
+ { name: "TOTAL", pass: total, detail: "null/garbage/bad-json never throws" },
153
261
  ];
154
262
  return { score: checks.every((c) => c.pass) ? 100 : 0, checks };
155
263
  }
package/dist/arch_firewall/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/arch_firewall/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAI1E,MAAM,QAAQ,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AAG7E;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAAC,IAAI,CAAC,IAAI;YAAE,SAAS;QACnE,MAAM,CAAC,GAAG,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAa,CAAC;QAC/D,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,IAAI,IAAI;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,0GAA0G;AAC1G,MAAM,UAAU,eAAe,CAAC,OAAkC;IAChE,IAAI,OAAO,IAAI,IAAI;QAAE,OAAO,MAAM,CAAC,CAAU,iCAAiC;IAC9E,IAAI,OAAO,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC,CAAQ,0CAA0C;IACxF,IAAI,OAAO,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC,CAAa,4BAA4B;IAC1E,OAAO,MAAM,CAAC,CAAgC,2BAA2B;AAC3E,CAAC;AASD,SAAS,gBAAgB,CAAC,QAA+B,EAAE,IAAY;IACrE,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACxE,MAAM,GAAG,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CACtB,aAAwC,EACxC,YAAuC,EACvC,IAA2F;IAE3F,MAAM,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;IACtC,MAAM,UAAU,GAAwB,EAAE,CAAC;IAC3C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,uFAAuF;IACvF,MAAM,GAAG,GAAG,kBAAkB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC5D,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAChE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,GAAG,EAAE,OAAO,IAAI,IAAI,CAAC,CAAC;QAC7F,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,aAAa,EAAE,kBAAkB,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAChO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,wGAAwG;IACxG,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACvE,MAAM,GAAG,GAAG,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAClD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU;gBAAE,SAAS;YACtC,MAAM,GAAG,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACtE,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS,CAAuB,mCAAmC;YACtF,MAAM,GAAG,GAAG,gBAAgB,CAAC,QAAQ,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC;YAClE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YAClI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IAED,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACvG,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAC5E,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACpE,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACpE,MAAM,OAAO,GAA+B,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAChG,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,CAAC,iBAAiB,EAAE,eAAe,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;AAClI,CAAC;AAED,uFAAuF;AACvF,MAAM,UAAU,cAAc,CAAC,CAAkB;IAC/C,MAAM,EAAE,GAAG,CAAC,CAAW,EAAE,EAAE,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACjF,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,iCAAiC,CAAC;IAC3K,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,mBAAmB,CAAC,CAAC,QAAQ,eAAe,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,gBAAgB,sBAAsB,CAAC,CAAC;IACnK,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,kBAAkB,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9L,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;QACnG,IAAI,CAAC,CAAC,cAAc;YAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAID,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAiB;QAC7B,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,wDAAwD,EAAE;QAC5F,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mIAAmI,EAAE;KAC/J,CAAC;IACF,MAAM,KAAK,GAAiB,CAAC,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,6EAA6E,EAAE,CAAC,CAAC;IAEzJ,sHAAsH;IACtH,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IACtI,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU;WAChH,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kBAAkB,KAAK,GAAG,CAAC;IAExH,6EAA6E;IAC7E,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACpF,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,KAAK,OAAO,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;IAEpG,6EAA6E;IAC7E,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,WAAW,CAAC,qCAAqC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IAClJ,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,KAAK,OAAO,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;IAEpG,4BAA4B;IAC5B,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IAEtF,6BAA6B;IAC7B,MAAM,CAAC,GAAG,WAAW,CAAC,kGAAkG,CAAC,CAAC;IAC1H,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;IACvH,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,UAAU,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,MAAM,IAAI,eAAe,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC;IAE1J,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAC,QAAQ,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC;QAAC,WAAW,CAAC,IAAa,CAAC,CAAC;QAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAAC,cAAc,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,gBAAgB,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEtS,MAAM,MAAM,GAAG;QACb,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,sHAAsH,EAAE;QAC/K,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,mEAAmE,EAAE;QACnI,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,sEAAsE,EAAE;QACtI,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,sBAAsB,EAAE;QACpH,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,EAAE,sFAAsF,EAAE;QACpJ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE;KACpE,CAAC;IACF,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;AAClE,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/arch_firewall/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAI1E,MAAM,MAAM,GAAe,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;AACzE,MAAM,GAAG,GAAG,CAAC,CAAW,EAAU,EAAE,GAAG,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5F,MAAM,OAAO,GAAG,CAAC,CAAS,EAAY,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,OAAO,GAAG,CAAC,CAAW,EAAE,CAAW,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;AAC/D,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACtF,kGAAkG;AAClG,MAAM,YAAY,GAA6B,EAAE,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAcrI,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI;IACtF,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,UAAU;CAChH,CAAC;AAEF;2GAC2G;AAC3G,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,CAAC,GAAmB,EAAE,GAAG,cAAc,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,GAAG,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC9I,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAAC,IAAI,CAAC,IAAI;YAAE,SAAS;QACnE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAC9B,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAAC,OAAO,GAAG,IAAI,CAAC;YAAC,SAAS;QAAC,CAAC;QACxF,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAAC,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAc,CAAC;YAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC;YAAC,SAAS;QAAC,CAAC;QAC7H,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAAC,MAAM,CAAC,GAAG,yDAAyD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAAC,IAAI,CAAC;gBAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAc,CAAC;YAAC,SAAS;QAAC,CAAC;QACpM,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAAC,MAAM,CAAC,GAAG,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAAC,IAAI,CAAC;gBAAE,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;YAAC,SAAS;QAAC,CAAC;QACxL,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,EAAE,GAAG,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9D,MAAM,CAAC,QAAQ,EAAE,GAAG,WAAW,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;YAAC,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,mBAAmB,CAAC;YAClG,IAAI,IAAI;gBAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAC5E,SAAS;QACX,CAAC;QACD,MAAM,EAAE,GAAG,2CAA2C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClE,IAAI,EAAE,EAAE,CAAC;YAAC,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAc,EAAE,CAAC,CAAC;YAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAAC,CAAC;;YAC7H,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IACD,6FAA6F;IAC7F,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI;QAAE,CAAC,CAAC,IAAI,GAAG,SAAS,CAAC;IAC5C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,6FAA6F;AAC7F,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAAC,IAAI,CAAC;YAAC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAC,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAAC,CAAC;IACtT,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,MAAsB,EAAE,IAAY,EAAE,IAAY;IACzE,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5E,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC;IAC7B,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC;AACnE,CAAC;AAGD,sGAAsG;AACtG,MAAM,UAAU,aAAa,CAAC,CAAa;IACzC,IAAI,IAAI,GAAG,CAAC,EAAE,IAAI,GAAkB,IAAI,CAAC;IACzC,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,IAAI,IAAI,EAAE,CAAC;QACrC,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;YAAE,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;gBAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;gBAAC,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC;gBAAC,MAAM;YAAC,CAAC;QACtJ,IAAI,CAAC,CAAC,SAAS;YAAE,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/B,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,QAAQ,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAClF,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,OAAO,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,QAAQ,CAAC,CAAC;IAC9E,IAAI,OAAO;QAAE,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;AAC9D,CAAC;AAcD,MAAM,UAAU,QAAQ,CACtB,aAAwC,EACxC,YAAuC,EACvC,SAAyB,cAAc,EACvC,IAAyE;IAEzE,MAAM,GAAG,GAAG,MAAM,IAAI,cAAc,CAAC;IACrC,MAAM,CAAC,GAAG,kBAAkB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,EAAE,GAAG,CAAC,CAA0G,EAAE,MAA4B,EAAE,EAAE;QACtJ,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAChE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,IAAI,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5L,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9E,MAAM,aAAa,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,IAAI,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC;QAC1C,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,aAAa,EAAE,kBAAkB,EAAE,GAAG,EAAE,kBAAkB,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC/V,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACzB,CAAC,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS;QAAE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,EAAE,OAAO,CAAC,CAAC;IAC3J,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ;QAAE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAc,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,EAAE,OAAO,CAAC,CAAC;IAEzJ,kGAAkG;IAClG,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACxD,MAAM,GAAG,GAAG,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAClD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBAAE,SAAS;YACtE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,IAAc,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,EAAE,UAAU,CAAC,CAAC;QACpJ,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAClJ,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,OAAO,GAA+B,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IAC3H,OAAO;QACL,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC,iBAAiB,EAAE,QAAQ;QAC/E,OAAO,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM;QACvJ,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAC7D,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,UAAU,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,MAAM,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO;KAC/J,CAAC;AACJ,CAAC;AAED,MAAM,IAAI,GAA6B,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACzG,MAAM,SAAS,GAAG,CAAC,CAA4B,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;AACnJ,gEAAgE;AAChE,MAAM,UAAU,cAAc,CAAC,CAAkB;IAC/C,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,iCAAiC,CAAC;IAC3K,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,UAAU,OAAO,CAAC,CAAC,iBAAiB,wBAAwB,CAAC,CAAC,QAAQ,CAAC,MAAM,iBAAiB,CAAC,CAAC,SAAS,CAAC,MAAM,eAAe,CAAC,CAAC,WAAW,6BAA6B,CAAC,CAAC,OAAO,GAAG,EAAE,EAAE,CAAC,CAAC;IACzN,IAAI,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,UAAU,OAAO,CAAC,CAAC,iBAAiB,oBAAoB,EAAE,EAAE,EAAE,uEAAuE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1L,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,mCAAmC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/H,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC,CAAC;QACtF,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1B,IAAI,CAAC,CAAC,cAAc;YAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;QAC1D,CAAC,CAAC,IAAI,CAAC,gBAAgB,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,kBAAkB,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QACjM,IAAI,CAAC,CAAC,MAAM;YAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM;QAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,MAAM,uCAAuC,CAAC,CAAC;IAC3G,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAiB,CAAC,CAAC,OAAO,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,2EAA2E,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;IACpO,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAID,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAiB;QAC7B,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,wDAAwD,EAAE;QAC5F,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mIAAmI,EAAE;KAC/J,CAAC;IACF,MAAM,KAAK,GAAiB,CAAC,GAAG,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,6EAA6E,EAAE,CAAC,CAAC;IACzJ,MAAM,MAAM,GAAG,GAAY,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;IACnG,MAAM,QAAQ,GAAG,GAAY,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAEjD,mGAAmG;IACnG,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,CAAC,CAAC,OAAO,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,KAAK,UAAU,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,kBAAkB,KAAK,GAAG,CAAC;IAE9L,sEAAsE;IACtE,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC/E,MAAM,WAAW,GAAG,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,KAAK,MAAM,CAAC;IAEnF,mCAAmC;IACnC,MAAM,IAAI,GAAG,WAAW,CAAC,oEAAoE,CAAC,CAAC;IAC/F,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;IACxF,MAAM,gBAAgB,GAAG,CAAC,CAAC,OAAO,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC;IAEhF,+DAA+D;IAC/D,MAAM,IAAI,GAAG,WAAW,CAAC,gEAAgE,CAAC,CAAC;IAC3F,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;IACxF,MAAM,aAAa,GAAG,CAAC,CAAC,OAAO,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,KAAK,IAAI,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC;IAErH,oBAAoB;IACpB,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC;IAEhF,oCAAoC;IACpC,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnJ,MAAM,OAAO,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,uBAAuB;IAClL,MAAM,KAAK,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAG,4BAA4B;IACtL,MAAM,GAAG,GAAG,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IACjJ,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,KAAK,UAAU,IAAI,OAAO,CAAC,KAAK,KAAK,UAAU,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,IAAI,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC;IAC5H,MAAM,EAAE,GAAG,WAAW,CAAC,gJAAgJ,CAAC,CAAC;IACzK,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,OAAO,KAAK,MAAM,IAAI,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,KAAK,UAAU,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,KAAK,YAAY,CAAC;IAEnL,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAC,QAAQ,CAAC,IAAa,EAAE,IAAa,CAAC,CAAC;QAAC,WAAW,CAAC,IAAa,CAAC,CAAC;QAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAAC,aAAa,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3S,MAAM,MAAM,GAAG;QACb,EAAE,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,qGAAqG,EAAE;QAClK,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,8EAA8E,EAAE;QACpI,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,gBAAgB,EAAE,MAAM,EAAE,yCAAyC,EAAE;QACxG,EAAE,IAAI,EAAE,2BAA2B,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,6DAA6D,EAAE;QACjI,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE;QAC/F,EAAE,IAAI,EAAE,qBAAqB,EAAE,IAAI,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,EAAE,wGAAwG,EAAE;QAC3K,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,EAAE;KAC7E,CAAC;IACF,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;AAClE,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mneme-ai/core",
3
- "version": "3.89.0",
3
+ "version": "3.90.0",
4
4
  "description": "Core indexing, retrieval, and graph engine for Mneme",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",